• Not a test

    From Digital Man@21:1/183 to apam on Saturday, March 02, 2024 13:38:34
    Re: Not a test
    By: apam to Accession on Sat Jan 20 2024 06:36 pm

    On 1/19/2024 8:21 PM, Aon -> Al -> All wrote:

    Hello all,

    Testing Jamnntpd on 64bit Linux. The From field is still wonky.

    Seems everything else works, except "Aon -> Al -> All" is also what appears in my From field now in Thunderbird.

    I only see "%s -> %s" at two locations in nntpserv.c. So I have no idea where that's coming from. ;(


    One thing I noticed when I was using some stuff that did something similar (Crashmail2 when I was working on Magicka) Is who ever wrote it made some assumptions about how the C library copied strings, which turned out not to be true anymore.

    The specific bug I think (and it was a long time ago) was something along the lines of

    strcpy(subject, &subject[4])

    It's illegal for the source and destination strings (arguments to strcpy) to overlap.

    It was to do with stripping the (Re: from the start of messages), it expected strcpy to copy one character at a time sequentially.

    The fix I used was to just:

    char *subj_copy = strdup(&subject[4]);

    strcpy(subject, subj_copy);

    free(subj_copy)


    I don't know it it will help you with JamNNTP but, I wouldn't be suprised if they used some "clever" tricks like that.

    Or use memmove() instead (where the source and destination may overlap).
    --
    digital man (rob)

    Sling Blade quote #16:
    Karl Childers (to Doyle, re: lawn mower blade): I aim to kill you with it. Mmm. Norco, CA WX: 56.6øF, 82.0% humidity, 9 mph SW wind, 0.05 inches rain/24hrs
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)
  • From Digital Man@21:1/183 to Accession on Saturday, March 02, 2024 13:41:02
    Re: Not a test
    By: Accession to apam on Sat Jan 20 2024 06:25 am

    There seems to be a lot of lines in Jamnntpd's code that looks similar to this. My first search for "strcpy" came up with:

    strcpy(addr,&originbuf[d+1]);

    Use of strcpy() in general is considered unsafe. But that's not the same issue that apam posted about (overlapping source and destination string). The example use of strcpy() above may be fine or may not, depending on the size of the 'addr' buffer and the length string at originbuf + d + 1.
    --
    digital man (rob)

    Steven Wright quote #6:
    A conscience is what hurts when all your other parts feel so good.
    Norco, CA WX: 56.6øF, 82.0% humidity, 9 mph SW wind, 0.05 inches rain/24hrs
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (21:1/183)
  • From Accession@21:1/200 to Digital Man on Saturday, March 02, 2024 17:35:08
    On Sat, 2 Mar 2024 19:41:02 -0800, Digital Man -> Accession wrote:

    Use of strcpy() in general is considered unsafe. But that's not the same issue that apam posted about (overlapping source and destination
    string). The example use of strcpy() above may be fine or may not, depending on the size of the 'addr' buffer and the length string at originbuf + d + 1.

    I believe we have changed those to memmove() like you stated in your
    previous post.

    Carlos has a fork available on github for Jamnntpd off the original
    master branch, and I will be working on one for Smapinntpd in the near
    future. Both of them will include all of these changes, as well as some
    others.

    Regards,
    Nick

    ... "Take my advice, I don't use it anyway."
    --- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:115.0) Gecko/20100101 Thunderb
    * Origin: _thePharcyde distribution system (Wisconsin) (21:1/200)