software/!RELEASES/ircservices/achurch.org/services/lists/ircservices-coding/2003/001954.html

   1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
   2 <HTML>
   3  <HEAD>
   4    <TITLE> [IRCServices Coding] Notice regarding v5.0.12 (fwd)
   5    </TITLE>
   6    <LINK REL="Index" HREF="index.html" >
   7    <LINK REL="made" HREF="mailto:ircservices-coding%40ircservices.za.net?Subject=%5BIRCServices%20Coding%5D%20Notice%20regarding%20v5.0.12%20%28fwd%29&In-Reply-To=3e5deaa1.04371%40mail.achurch.org">
   8    <META NAME="robots" CONTENT="index,nofollow">
   9    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
  10    <LINK REL="Previous"  HREF="001953.html">
  11    <LINK REL="Next"  HREF="001955.html">
  12  </HEAD>
  13  <BODY BGCOLOR="#ffffff">
  14    <H1>[IRCServices Coding] Notice regarding v5.0.12 (fwd)</H1>
  15     <B>Elijah</B>
  16     <A HREF="mailto:ircservices-coding%40ircservices.za.net?Subject=%5BIRCServices%20Coding%5D%20Notice%20regarding%20v5.0.12%20%28fwd%29&In-Reply-To=3e5deaa1.04371%40mail.achurch.org"
  17        TITLE="[IRCServices Coding] Notice regarding v5.0.12 (fwd)">admin at nevernet.net
  18        </A><BR>
  19     <I>Thu Feb 27 02:41:50 PST 2003</I>
  20     <P><UL>
  21         <LI>Previous message: <A HREF="001953.html">[IRCServices Coding] Notice regarding v5.0.12 (fwd)
  22 </A></li>
  23         <LI>Next message: <A HREF="001955.html">[IRCServices Coding] mistake in http module
  24 </A></li>
  25          <LI> <B>Messages sorted by:</B>
  26               <a href="date.html#1954">[ date ]</a>
  27               <a href="thread.html#1954">[ thread ]</a>
  28               <a href="subject.html#1954">[ subject ]</a>
  29               <a href="author.html#1954">[ author ]</a>
  30          </LI>
  31        </UL>
  32     <HR>
  33 <!--beginarticle-->
  34 <PRE>I think it's forgivable just this once :P
  35
  36 -----Original Message-----
  37 From: <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">ircservices-coding-bounces at ircservices.za.net</A>
  38 [mailto:<A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">ircservices-coding-bounces at ircservices.za.net</A>] On Behalf Of Andrew
  39 Church
  40 Sent: Thursday, February 27, 2003 5:37 AM
  41 To: <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">ircservices-coding at ircservices.za.net</A>
  42 Subject: [IRCServices Coding] Notice regarding v5.0.12 (fwd)
  43
  44
  45      I broke my own rules by posting detailed technical info to the
  46 general-use list.  Oops.  Anyway, if you missed it there, here's the post:
  47
  48      I should have mentioned it explicitly in the release notes, but one of
  49 the fixes in version 5.0.12 is a workaround for a bug, possibly a security
  50 hole, which can crash Services, and anyone using version 5.0.0 through 11
  51 should upgrade to 5.0.12 immediately.  (4.5 and earlier versions may be
  52 affected as well, though I have not heard any reports of 4.5.x crashing due
  53 to this particular problem.)
  54
  55      The reason I say &quot;possibly&quot; a security hole is because the direct cause
  56 of the crash is a case which should not be able to occur in the first place,
  57 which probably means I screwed up somewhere and haven't found it yet, and in
  58 any case means that I can't say for certain whether the bug is limited to
  59 crashing Services or can be abused in other ways.
  60
  61      For the curious, it seems to be possible to get a nickname's language,
  62 NickGroupInfo.language, set to 12 (which is the value of NUM_LANGS, the
  63 constant defining the number of languages Services supports, though I don't
  64 know whether this is related to the problem); since this value is used to
  65 index an array of size NUM_LANGS (12), it should never be outside the range
  66 0 through NUM_LANGS-1 (11), and when the 12 is used to index the language
  67 text array, Services tries to read through a NULL pointer and crashes. There
  68 was supposed to be a check on the language value at database load time, to
  69 make certain that both the value is in range and that the language selected
  70 is actually available, but this check was only being applied to the language
  71 value in the version 4.5 compatibility data, and not to the value stored in
  72 the 5.0-specific data area.  This oversight was corrected in version 5.0.12,
  73 and the language value is now properly checked on database load; invalid
  74 values will be set to LANG_DEFAULT (-1), which means &quot;use the value of
  75 DEF_LANGUAGE in defs.h&quot;.
  76
  77      If anyone can pinpoint how NickGroupInfo.language can get set out of
  78 range, you'll have my gratitude.
  79
  80   --Andrew Church
  81     <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">achurch at achurch.org</A>
  82     <A HREF="http://achurch.org/">http://achurch.org/</A>
  83 ------------------------------------------------------------------
  84 To unsubscribe or change your subscription options, visit:
  85 <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices-coding">http://www.ircservices.za.net/mailman/listinfo/ircservices-coding</A>
  86
  87
  88 </PRE>
  89
  90 <!--endarticle-->
  91     <HR>
  92     <P><UL>
  93         <!--threads-->
  94         <LI>Previous message: <A HREF="001953.html">[IRCServices Coding] Notice regarding v5.0.12 (fwd)
  95 </A></li>
  96         <LI>Next message: <A HREF="001955.html">[IRCServices Coding] mistake in http module
  97 </A></li>
  98          <LI> <B>Messages sorted by:</B>
  99               <a href="date.html#1954">[ date ]</a>
 100               <a href="thread.html#1954">[ thread ]</a>
 101               <a href="subject.html#1954">[ subject ]</a>
 102               <a href="author.html#1954">[ author ]</a>
 103          </LI>
 104        </UL>
 105
 106 </body></html>