1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2//EN">
4 <TITLE> [IRCServices Coding] Notice regarding v5.0
.12 (fwd)
6 <LINK REL=
"Index" HREF=
"index.html" >
7 <LINK REL=
"made" HREF=
"mailto:ircservices-coding%40ircservices.za.net?Subject=%5BIRCServices%20Coding%5D%20Notice%20regarding%20v5.0.12%20%28fwd%29&In-Reply-To=">
8 <META NAME=
"robots" CONTENT=
"index,nofollow">
9 <META http-equiv=
"Content-Type" content=
"text/html; charset=us-ascii">
10 <LINK REL=
"Previous" HREF=
"001951.html">
11 <LINK REL=
"Next" HREF=
"001954.html">
13 <BODY BGCOLOR=
"#ffffff">
14 <H1>[IRCServices Coding] Notice regarding v5.0
.12 (fwd)
</H1>
16 <A HREF=
"mailto:ircservices-coding%40ircservices.za.net?Subject=%5BIRCServices%20Coding%5D%20Notice%20regarding%20v5.0.12%20%28fwd%29&In-Reply-To="
17 TITLE=
"[IRCServices Coding] Notice regarding v5.0.12 (fwd)">achurch at achurch.org
19 <I>Thu Feb
27 19:
36:
52 PST
2003</I>
21 <LI>Previous message:
<A HREF=
"001951.html">[IRCServices Coding] global notice
23 <LI>Next message:
<A HREF=
"001954.html">[IRCServices Coding] Notice regarding v5.0
.12 (fwd)
25 <LI> <B>Messages sorted by:
</B>
26 <a href=
"date.html#1953">[ date ]
</a>
27 <a href=
"thread.html#1953">[ thread ]
</a>
28 <a href=
"subject.html#1953">[ subject ]
</a>
29 <a href=
"author.html#1953">[ author ]
</a>
34 <PRE> I broke my own rules by posting detailed technical info to the
35 general-use list. Oops. Anyway, if you missed it there, here's the post:
37 I should have mentioned it explicitly in the release notes, but one of
38 the fixes in version
5.0.12 is a workaround for a bug, possibly a security
39 hole, which can crash Services, and anyone using version
5.0.0 through
11
40 should upgrade to
5.0.12 immediately. (
4.5 and earlier versions may be
41 affected as well, though I have not heard any reports of
4.5.x crashing due
42 to this particular problem.)
44 The reason I say
"possibly
" a security hole is because the direct
45 cause of the crash is a case which should not be able to occur in the first
46 place, which probably means I screwed up somewhere and haven't found it
47 yet, and in any case means that I can't say for certain whether the bug is
48 limited to crashing Services or can be abused in other ways.
50 For the curious, it seems to be possible to get a nickname's language,
51 NickGroupInfo.language, set to
12 (which is the value of NUM_LANGS, the
52 constant defining the number of languages Services supports, though I don't
53 know whether this is related to the problem); since this value is used to
54 index an array of size NUM_LANGS (
12), it should never be outside the range
55 0 through NUM_LANGS-
1 (
11), and when the
12 is used to index the language
56 text array, Services tries to read through a NULL pointer and crashes.
57 There was supposed to be a check on the language value at database load
58 time, to make certain that both the value is in range and that the language
59 selected is actually available, but this check was only being applied to
60 the language value in the version
4.5 compatibility data, and not to the
61 value stored in the
5.0-specific data area. This oversight was corrected
62 in version
5.0.12, and the language value is now properly checked on
63 database load; invalid values will be set to LANG_DEFAULT (-
1), which means
64 "use the value of DEF_LANGUAGE in defs.h
".
66 If anyone can pinpoint how NickGroupInfo.language can get set out of
67 range, you'll have my gratitude.
70 <A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">achurch at achurch.org
</A>
71 <A HREF=
"http://achurch.org/">http://achurch.org/
</A>
78 <LI>Previous message:
<A HREF=
"001951.html">[IRCServices Coding] global notice
80 <LI>Next message:
<A HREF=
"001954.html">[IRCServices Coding] Notice regarding v5.0
.12 (fwd)
82 <LI> <B>Messages sorted by:
</B>
83 <a href=
"date.html#1953">[ date ]
</a>
84 <a href=
"thread.html#1953">[ thread ]
</a>
85 <a href=
"subject.html#1953">[ subject ]
</a>
86 <a href=
"author.html#1953">[ author ]
</a>
projects / irc.git / blob