Hi,
The rlinetd 0.6-2 contains fix for a quite important unreported bug,
namely a segmentation fault which had occurred for some RPC services (like
rusersd) for which the getaddrinfo() function had returned two or more
addrinfos. Also, like other inet servers, the package will now provide
inet-supreserver & conflicts with other inet-superservers. Thus I'd
like to ask you for approving the package for etch.
The changes of grammar.y are rather small, nevertheless they
may be difficult to understand. So below is some explanation of the
grammar.y code:
The most important fragments of the old version of grammar.y:
ret = getaddrinfo(addr, port, &hints, &results); // line 1112
ai = results; // line 1122
do {
// check if current_service is a RPC service
if(current_service->rpcnum) { // line 1225
struct numlist *vers = current_service->rpcvers; // line 1226 (*)
do {
pmap_set(current_service->rpcnum, vers->num, ....); // line 1236
} while((vers = vers->next)); // line 1243
// save rpcvers into rlc_unrpc structure
((struct rlc_unrpc *)p->data)->vers = current_service->rpcvers; // line 1252
// set it to NULL since the memory will be destroyed, when the object p is freed
current_service->rpcvers = NULL; // line 1254 (**)
} // line 1256
} while((ai = ai->ai_next)); // line 1286
If getaddrinfo returns two addresses into the results variable, the will
be two iterations of the main do-while loop. In the first iteration the
current_service->rpcvers will be nulled in line marked (**), but in the
second we will get segmentation fault in line (*) because vers pointer will
be set to NULL.
And the new version is:
ret = getaddrinfo(addr, port, &hints, &results); // line 1112
ai = results; // line 1122
do {
// check if current_service is a RPC service
if(current_service->rpcnum) { // line 1225
struct numlist *vers = current_service->rpcvers; // line 1226 (*)
do {
pmap_set(current_service->rpcnum, vers->num, ....); // line 1236
} while((vers = vers->next)); // line 1243
// save rpcvers into rlc_unrpc structure, the numlist_copy will allocate memory,
// which will be freed when the p object is freed
numlist_copy(&(((struct rlc_unrpc *)p->data)->vers), current_service->rpcvers); // line 1252 (!)
// set it to NULL since the memory will be destroyed, when rlc_unrpc is freed
} // line 1256
} while((ai = ai->ai_next)); // line 1284
// free the memory used by current_service->rpcvers
numlist_free(current_service->rpcvers); // line 1295 (!)
current_service->rpcvers = NULL; // line 1296 (!)
rlinetd (0.6-2) unstable; urgency=low
* grammar.y: fix segmentation fault on RPC services for which getaddrinfo()
returns more then one addrinfo result.
* Initial Portuguese debconf templates translation (closes: #383839).
* debian/control:
+ exclude GNU/kFreeBSD architectures from libcap-dev build depends
(closes: #375033).
+ provide inet-superserver, conflict with inet-superserver and netkit-inetd
+ add dependency on netbase for files like /etc/services or /etc/rpc
* debian/init.d: Fix typo in the Short-Description tag name (lintian).
-- Robert Luberda <robert@debian.org> Tue, 2 Jan 2007 23:32:14 +0100
Best Regards,
robert
Attachment:
signature.asc
Description: Digital signature