Subscribe!

INN 1.5.1 Software Action Items


These are for 1.5.1 branches, including inn1.5.1corr/1.7 and 1.5.1sec2.
Note that INN 1.4xxxx probably has similar problems and even more defects.

See Also
Defect lists for INN versions 1.5.1 and later
For an overview comparison of 1.5.1, 1.5.1sec2, 1.5.2pre1, 1.6b3, and 1.5.1corr, see inn1.5.1corr/1.7
To inspect the code which changed. See Unified Sources (1.5.2pre1 is not included)

Each item is tagged with a severity. See About Severity tags for Software Action Items
for a description.




Critical: Arbitrary command execution as user news via control messages,
regardless of control.ctl settings.



Critical: 1060 character Path header crashes innd.


Critical: Rare sequence of history file entries causes invalid history file entry.


Critical: INN hangs when processing ctlinnd addhist with massively crossposted articles
ctlinnd addhist is used by some "third-party" utilities, such as nocem.


Critical: Uses memcpy(). Argument could copy more bytes than necessary, possibly causing a segfault.


Critical: Make sure newsfeeds has exactly one ME entry. (innd needs this
to run correctly, or may crash when reloading various files.)


Critical: Handling of error return from ARTclean()


Critical: Added test to Write to history file only if Data.MessageID.


Critical: Certain newgroup control messages can crash INN.


Critical: INN corrupts the active file if ctlinnd rmgroup/ctlinnd newgroup when throttled.
See INN FAQ 6.3


Critical: String buffer overrun possibility when reporting invalid control message.


Critical: String buffer overrun possibility when reporting invalid distribution


Critical: String buffer overrun possibility when reporting invalid newsgroups


Critical: String buffer overrun possibility when copying "from" header. This is the string buffer overrun which opens a security hole.


Critical: String buffer overrun possibility when copying message ID


Critical: String buffer overrun possibility when copying message ID


Critical: String buffer overrun possibility when processing NCstat for message ID's > 249 characters in length. Crashes innd.


Critical: INN internal buffer copy of backlogged channel fails, leading to crashes


Critical: INN can crash when processing ctlinnd feedinfo when a site is sleeping.


Critical: The CheckIncludedText() routines in frontends/inews.c and nnrpd/post.c
can walk past the end of the article buffer (sometimes resulting in a core
dump) when CHECK_INCLUDED_TEXT is DO


Defect:Response to HEAD, BODY, and ARTICLE, when requesting by Message ID don't comply with RFC977


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing crosspost dependencies: (all)
Missing actsync dependency: include/mydir.h


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing makehistory dependencies inndcomm.h, mydir.h


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing clientactive.o dependencies: macros.h nntp.h
Missing clientlib.o dependency: paths.h
Extra clientlib.o dependency: macros.h
Missing getmodaddr.o dependency: nntp.h
Missing perl.o dependencies


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing perl.o dependency: post.h
Missing post.o dependency: post.h


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing art.o dependency: art.h
Missing his.o dependency: dbz.h
Missing nc.o dependency: dbz.h
Missing perl.o dependency: art.h


Defect: make depend: rule does not include dbz.c


Defect: make depend: rule does not include decode.c encode.c getlist innconfval


Defect: make depend: rule does not include inndstart.c



Defect: strncpy and strcat use, but no null terminator or limit guaranteed. This is in code that is disabled.


Defect: expireover small memory leak when there are empty headers (very rare case)


Defect: Posting to moderated newsgroup through inews leaves temp file.


Defect: pstat() (for setproctitle) called incorrectly on HPUX systems.


Defect: inews imposes an undocumented limit on header lines. (Approximately 50)
and inaccurately reports exceeding the limit.



Defect: LIKE_PULLERS DONT code does not work.


Defect: nnrpd crashes with long lines in corrupt overview files


Defect: actsync -I does not work properly in many cases.
Reported to inn-bugs by pmb1@york.ac.uk, 6 Nov 1997.


Defect: .pl scripts fail when newsmaster e-mail address contains a '@'


Defect:A "hard-coded" path instead of ${UUSPOOL} is used for uucp.
Reported by Philippe Charnier <charnier@xp11.frmug.org> to inn-bugs 9 Nov 1997.


Defect: Incorrect sequencing of I/O channel operations, can cause failure to send output.



Defect: Compile time problem due to use of DO_USE_UNION_WAIT instead of !defined(DONT_USE_UNION_WAIT)


Defect: Casts to ensure long.


Defect: Code could try to MakeDir("")


Defect: Code to handle batch files of 0 length


Defect: Prevent the use of function call DDend() within DISPOSE(), in case your DISPOSE macro was something fancier than a single function call.


Defect: Prevent the use of function call DDend() within DISPOSE(), in case your DISPOSE macro was something fancier than a single function call.


Defect: Compile time. __NetBSD__ added to exclusions on conditional section



Defect: Some year 2038 fixes



Defect: Some year 2038 fixes


Defect: if a header is duplicated, the first one should be used to generate overview data.


Defect: Channel feeds (such as the one to overchan) sometimes backlog due to not being written often enough.


Defect: INN can't receive multiple XBATCH batches on the same connection.


Defect: backends/batcher.c can enter an infinite loop if a signal is received during a
read loop.


Defect: nnrpd does not check permissions when listing newsgroups with the XGTITLE command


Defect: nnrpd does not always check permissions when listing newsgroups with the LIST ACTIVE command


Defect: nnrpd does not check IP address when checking USER/PASS combinations.



Defect: Compile time. Compile conditional test is now DO_HAVE_SETBUFFER, instead of HAVE_SETBUFFER.


Defect: Compile time. Ownership of man pages is not set to news when run make install as root. This can prevent later updates.


Defect: Clear IP_OPTIONS, including source routing on the socket.


Defect: initialization of the streaming flag in structure filled by reading hosts.nntp


Defect: year 2038 fix.


Defect: compile time. Inclusion of <unistd.h>, <errno.h>


Defect: compile time. Inclusion of <sys/resource.h> regardless of NOFILE_LIMIT


Defect: String buffer overrun.



Defect: Compile-time, O/S dependent. Fixes ENOTSOCK and ENOTTY compile time tests after SetNonBlocking() fails.


Defect: Handling of case when header line starts with ': ', Not sure if this is a security issue.


Defect: Year 2000 fix.


Defect: strncpy was used without storing null terminator


Defect: smarter handling of creating symlinks when directory had not already existed...


Defect: optimization if client asks for !* as groups happened too late.


Defect: Logs reporting pgp errors when processing control messages were going to the wrong place. Reported to inn-bugs by Mike Brudenell <pmb1@york.ac.uk>, 6 Nov 1997.



Annoyance: Inefficient handling of creating symlinks when directory had not already existed...


Annoyance: fastrm.c Formating of Error message if unlink fails in fastrm


Annoyance:Error handling after 10 attempts of actsync fail.
actsyncd.sh does not properly write an error message after 10 failed attempts (6 minutes apart) of actsync. Reported to inn-bugs by pmb1@york.ac.uk, 13 Nov 1997.


Annoyance: "Duplicate" message was not getting trailing newline.


Annoyance: actsync does not report group names correctly when ctlinnd fails.
(Can leave out a space.)


Annoyance: Cancelled articles causing "437 Duplicate article" log entries and history records


Annoyance: skip lines containing only spaces and tabs as comments.


Annoyance: Don't append the same path twice


Annoyance: History DB entries for Cancelled articles are tagged with inappropriate arrival date


Annoyance: printf needs %% to print a single %


Annoyance: No usage error when number of args was 3


Annoyance: Compile time. getrusage() is available but not declared in header files on Solaris < v2.6


Maintenance: ARTmakeoverview does not initialize the .Size member of a BUFFER. This is a benign bug: it could never cause invalid operation, but does violate BUFFER handling assumptions.


Maintenance: removal of bogus width field to %ld printf argument. not needed and doesn't do any good anyway.


Maintenance: Two changes to static declarations of functions...


Maintenance: Dummy function for fchmod() in buffchan should return 0.



RKT Rapid-Links:[Search] [RKT Tips] Path: / Usenet RKT / For Providers / INN Patches / 0041.htm
You can find a summary and links related to this topic
as part of the Mib Software Usenet RKT.