ANU News Patch
Patch ID: 940629_nntp_server.c!vcooper@pimacc.pima.edu
Date: 29-Jun-1994
Author: Vanya Cooper  vcooper@pimacc.pima.edu
News Version: 6.1beta9
News Files: NNTP_Server.C
Description: Adds length checking of item subject strings to prevent buffer
overrun.  This is necessary when upgrading from version 6.0-3, which did not
insure that the subject fields of records in the item index file were null
terminated, but is not necessary once items added to the index file by 6.0-3
have all expired, since version 6.1b9 insures that these strings are null
terminated.
*** nntp_server.c;
--- nntp_server_new.c;
***************       
*** 219,221 ****
--- 219,225 ----
+ **	V6.1b9	28-Jun-1994 Vanya Cooper <vcooper@pimacc.pima.edu>
+ **	  - Add MAX length to sprintf's for itm_title for compatibility
+ **	    with old item files.  V6.0-3 did not necessarily terminate field
+ **	    with NUL.  Does not appear to be required with V6.1.
  **
  **--
  **/
***************
*** 3211,3217 ****
      if (newsitm.itm_grp != newsgrp.grp_num) break;
      if (newsitm.itm_recvdate < cxt[stm].cfilt_date) continue;
      if (!loc_id(newsitm.itm_id)) {
!       sprintf(sbuf,"%s %d %d %s\r\n",newsitm.itm_id,newsitm.itm_recvdate,newsitm.itm_lines,newsitm.itm_title);
        write_net(sbuf,stm);
        }
      }
--- 3215,3223 ----
      if (newsitm.itm_grp != newsgrp.grp_num) break;
      if (newsitm.itm_recvdate < cxt[stm].cfilt_date) continue;
      if (!loc_id(newsitm.itm_id)) {
!       sprintf(sbuf,"%s %d %d %0.*s\r\n",newsitm.itm_id,
!               newsitm.itm_recvdate,newsitm.itm_lines,
!               SUBJLEN,newsitm.itm_title);
        write_net(sbuf,stm);
        }
      }
***************
*** 3420,3426 ****
          sprintf(sbuf,"%s %s\r\n", argv[2], newsitm.itm_from);
        else if (*argv[1] == 'f') sl = 0;
        else if (*argv[1] == 's')
!         sprintf(sbuf,"%s %s\r\n", argv[2], newsitm.itm_title);
        else if (*argv[1] == 'm')
          sprintf(sbuf,"%s %s\r\n", argv[2], newsitm.itm_id);
        else if (*argv[1] == 'p')
--- 3426,3432 ----
          sprintf(sbuf,"%s %s\r\n", argv[2], newsitm.itm_from);
        else if (*argv[1] == 'f') sl = 0;
        else if (*argv[1] == 's')
!         sprintf(sbuf,"%s %0.*s\r\n", argv[2], SUBJLEN, newsitm.itm_title);
        else if (*argv[1] == 'm')
          sprintf(sbuf,"%s %s\r\n", argv[2], newsitm.itm_id);
        else if (*argv[1] == 'p')
***************
*** 3461,3467 ****
          sprintf(sbuf,"%d %s\r\n", low, newsitm.itm_from);
        else if (*argv[1] == 'f') isl = 0;
        else if (*argv[1] == 's')
!         sprintf(sbuf,"%d %s\r\n", low, newsitm.itm_title);
        else if (*argv[1] == 'm')
          sprintf(sbuf,"%d %s\r\n", low, newsitm.itm_id);
        else if (*argv[1] == 'p')
--- 3467,3473 ----
          sprintf(sbuf,"%d %s\r\n", low, newsitm.itm_from);
        else if (*argv[1] == 'f') isl = 0;
        else if (*argv[1] == 's')
!         sprintf(sbuf,"%d %0.*s\r\n", low, SUBJLEN, newsitm.itm_title);
        else if (*argv[1] == 'm')
          sprintf(sbuf,"%d %s\r\n", low, newsitm.itm_id);
        else if (*argv[1] == 'p')
*** patchlist.h;-1
--- patchlist.h
**************
*** 1,1
  =+=+= End =+=+=
--- 1,2 -----
+ 940629_nntp_server.c!vcooper@pimacc.pima.edu
  =+=+= End =+=+=