Hi, The rlinetd 0.6-2 contains fix for a quite important unreported bug, namely a segmentation fault which had occurred for some RPC services (like rusersd) for which the getaddrinfo() function had returned two or more addrinfos. Also, like other inet servers, the package will now provide inet-supreserver & conflicts with other inet-superservers. Thus I'd like to ask you for approving the package for etch. The changes of grammar.y are rather small, nevertheless they may be difficult to understand. So below is some explanation of the grammar.y code: The most important fragments of the old version of grammar.y: ret = getaddrinfo(addr, port, &hints, &results); // line 1112 ai = results; // line 1122 do { // check if current_service is a RPC service if(current_service->rpcnum) { // line 1225 struct numlist *vers = current_service->rpcvers; // line 1226 (*) do { pmap_set(current_service->rpcnum, vers->num, ....); // line 1236 } while((vers = vers->next)); // line 1243 // save rpcvers into rlc_unrpc structure ((struct rlc_unrpc *)p->data)->vers = current_service->rpcvers; // line 1252 // set it to NULL since the memory will be destroyed, when the object p is freed current_service->rpcvers = NULL; // line 1254 (**) } // line 1256 } while((ai = ai->ai_next)); // line 1286 If getaddrinfo returns two addresses into the results variable, the will be two iterations of the main do-while loop. In the first iteration the current_service->rpcvers will be nulled in line marked (**), but in the second we will get segmentation fault in line (*) because vers pointer will be set to NULL. And the new version is: ret = getaddrinfo(addr, port, &hints, &results); // line 1112 ai = results; // line 1122 do { // check if current_service is a RPC service if(current_service->rpcnum) { // line 1225 struct numlist *vers = current_service->rpcvers; // line 1226 (*) do { pmap_set(current_service->rpcnum, vers->num, ....); // line 1236 } while((vers = vers->next)); // line 1243 // save rpcvers into rlc_unrpc structure, the numlist_copy will allocate memory, // which will be freed when the p object is freed numlist_copy(&(((struct rlc_unrpc *)p->data)->vers), current_service->rpcvers); // line 1252 (!) // set it to NULL since the memory will be destroyed, when rlc_unrpc is freed } // line 1256 } while((ai = ai->ai_next)); // line 1284 // free the memory used by current_service->rpcvers numlist_free(current_service->rpcvers); // line 1295 (!) current_service->rpcvers = NULL; // line 1296 (!) rlinetd (0.6-2) unstable; urgency=low * grammar.y: fix segmentation fault on RPC services for which getaddrinfo() returns more then one addrinfo result. * Initial Portuguese debconf templates translation (closes: #383839). * debian/control: + exclude GNU/kFreeBSD architectures from libcap-dev build depends (closes: #375033). + provide inet-superserver, conflict with inet-superserver and netkit-inetd + add dependency on netbase for files like /etc/services or /etc/rpc * debian/init.d: Fix typo in the Short-Description tag name (lintian). -- Robert Luberda <robert@debian.org> Tue, 2 Jan 2007 23:32:14 +0100 Best Regards, robert
Attachment:
signature.asc
Description: Digital signature