Follow me on twitter

Ticket #226 (closed defect: fixed)

Opened 4 years ago

Last modified 2 years ago

buffer overflow over partyline

Reported by: sknake Owned by: bryan
Priority: blocker Milestone: 1.2.16
Component: partyline Version: 1.2.9
Keywords: Cc:

Description (last modified by bryan) (diff)

Tickets#94

once again i telnetted in to my hub and pasted a large large buffer and hub3 had a segf. i telnetted in to hub1 and hub3 faulted. last time i did this it was the hub that i was on that died. 

[02:11] <disc> [07:11] (hub3) [07:11] !*! SEGMENT VIOLATION -- CRASHING!
[02:11] <disc> [07:11] Lost bot: hub3 (lost 26 bots and 1 user).

Change History

Changed 4 years ago by bryan

  • status changed from new to assigned
  • description modified (diff)

Changed 4 years ago by bryan

  • priority changed from critical to blocker
  • component changed from core to partyline

Changed 4 years ago by bryan

  • description modified (diff)

Changed 4 years ago by bryan

Happens in this scenario: Login to Hub1.

Login to Hub2.

Paste large buffer on Hub1.

Hub2 segfaults in dprintf() trying to echo the buffer to the telnet connection on it.

Changed 4 years ago by bryan

This also appears to be fixed in the trunk. Probably from the mass buffer overflow protection patch :)

Changed 4 years ago by bryan

  • status changed from assigned to closed
  • resolution set to fixed
  • milestone changed from 1.2.10 to 1.3

Ok, this is fixed for 1.3.0. It's the best I can do, the patches to fix this problem are too large to commit to 1.2.10.

Fixed in: [2532] [2546] [2544] [2135] [1992] [1990]

Changed 4 years ago by bryan

(In [2768]) * Fixed countless buffer overflows. (fixes #226)

Changed 4 years ago by bryan

  • summary changed from telnet bug still exists to buffer overflow over partyline

Changed 2 years ago by bryan

  • milestone changed from 1.3.0 to 1.2.16

This has been ported over to 1.2.16

Note: See TracTickets for help on using tickets.