Re: [bmd@mp3.com: Re: doublecheck patches .]

From: Duane Wessels <wessels@dont-contact.us>
Date: Tue, 5 Dec 2000 01:34:36 -0700 (MST)

On Mon, 13 Nov 2000, Duane Wessels wrote:

>
>
> On Mon, 13 Nov 2000, Adrian Chadd wrote:
>
> >
> > Here are a new set of patches which I remember being posted to squid-dev
> > a couple of months back, but nothing happened.
>
> > static void
> > parse_peer(peer ** head)
> > {
> > char *token = NULL;
> > peer *p;
> > int i;
> > sockaddr_in_list *s;
> > - const char *me = null_string; /* XXX */
> > + const char *me = getMyHostname();
> > p = memAllocate(MEM_PEER);
> > p->http_port = CACHE_HTTP_PORT;
> > p->icp.port = CACHE_ICP_PORT;
> > p->weight = 1;
> > p->stats.logged_state = PEER_ALIVE;
> > if ((token = strtok(NULL, w_space)) == NULL)
> > self_destruct();

That patch can now cause a NULL pointer read.

getMyHostname() tries to use Config.Sockaddr.http.

If there is no 'http_port' line, then Config.Sockaddr.http
is NULL until the entire config file gets parsed and
we call defaults_if_none().

I don't think "me" checking can be done at parse-time.
It has to be done in neighbors_open().
Received on Tue Dec 05 2000 - 01:34:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:02 MST