rnoe@urbana.mcd.mot.com (Roger Noe) (08/04/90)
We are running B news 2.11, patchlevel 14. Several days ago we received the following article: |Path: udc!mcdphx!asuvax!noao!rutgers!uwm.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!decwrl!amdcad!usenet |From: thu@janus.berkeley.edu (Timothy Hu) |Newsgroups: alt.test |Subject: ignore me, I'm just bored to death |Message-ID: <1990Jul28.005202.10398@amd.com> |Date: 28 Jul 90 00:52:02 GMT |Expires: <1990July27.190346.27682@ucbvax.berkeley.edu> |References: <12078@ucbvax.berkeley.edu> |Sender: usenet@agate.berkeley.edu |Followup-To: <12078@ucbvax.berkeley.edu> |Organization: University of California, Berkeley |Lines: 1 | |Nothing to do. I would have been very happy to follow the poster's suggestion and ignore the article, but our daily expire was core dumping shortly after logging the error message "Unparsable date" followed by the contents of the Expires header line in the above article. From looking at the core dump and the source code, I think I see the mechanism for failure. In expire.c, there is the following: |#ifdef SCCSID |static char *SccsId = "@(#)expire.c 2.57 11/30/87"; |#endif /* SCCSID */ | |long rectime, exptime; |struct timeb Now; |time_t cgtdate(), time(); |struct hbuf h; And within function expire() in that file: | if (h.expdate[0]) { | Now.time = rectime; | exptime = cgtdate(h.expdate); | } In funcs2.c, there is the following: |#ifdef SCCSID |static char *SccsId = "@(#)funcs2.c 1.24 11/30/87"; |#endif /* SCCSID */ | |extern struct timeb Now; And function cgtdate() in that file begins: |time_t |cgtdate(datestr) |char *datestr; |{ | char junk[40],month[40],day[30],tod[60],year[50]; | static time_t lasttime; | static char lastdatestr[BUFLEN] = ""; | | if ( lastdatestr[0] && STRCMP(datestr, lastdatestr) == 0) | return lasttime; | lasttime = getdate(datestr, &Now); | if (lasttime < 0) { | logerr("Unparsable date \"%s\"", datestr); | if (sscanf(datestr, "%s %s %s %s %s", junk, month, day, tod, | year) == 5) { I think this is the point where the bug occurs. Note that the cited news article's Expires field contains 45 characters, with no whitespace. Since the junk array is only 40 characters long, what is apparently happening on my machine is that the stack frame gets garbaged up by the sscanf call. Deleting the Expires field from the article above resulted in a successful expire run. If this has in fact been fixed in some patch after 14, I'd appreciate a pointer to that patch. We have patches through 19 and I did see places where cgtdate() has been modified by those later patches. But it also looks like none of those changes would have had any effect on this problem. I do not have any patches after 19. -- Roger Noe Motorola Microcomputer Division, Urbana Design Center Phone: 217 384-8536 1101 East University Avenue, Urbana, IL 61801 USA Internet: rnoe@urbana.mcd.mot.com UUCPnet: uiucuxc!udc!rnoe Latitude/Longitude: 40:06:55 N./88:11:40 W.