[eggheads-patches] PATCH: killsock.patch

Fabian Knittel fknittel at gmx.de
Mon Oct 4 16:10:45 CST 1999


[ killsock.patch ]

This patch uses approach II, described in Beige's mail.


Fabian

On Sun, Aug 15, 1999 at 09:32:39PM +0300, Beige wrote:
> Dear Eggdev,
> 
> One issue which has been on my mind for a while is the safety of the
> mechanism through which sockets are killed (and more specifically, how the
> socket table is resetted in killsock() of src/net.c. My hunch on the matter
> is, that there is at least some theoretical potential for memory leaks with
> the current implementation.
> 
> Here is the current killsock() implementation of src/net.c:
> 
[...]
> 
> What specifically caught my attention was, that the only criteria by which
> the existing socket is matched is the socklist[i].sock member variable. No
> check is made whether it is !( socklist[i].flags & SOCK_UNUSED ), which
> might, given a "polluted" and fragmented socklist on a bot (imagine a DCC
> bot on a busy ..ermm.. public domain software request channel :-) ),
> actually contain an earlier SOCK_UNUSED entry which previously held the same
> socket number. Whereas this in itself is not a catastrophy (the correct
> socket number is still closed), the inbuf/outbuf's of the real socklist
> entry would be left unfreed, and thus memory leaks would be probable.
> 
> Proposed "fixes" are:
> 
> i) Reset socklist[i].sock after the socket close();
> ii) Change line 269 (per 1.3.28) to read: 
>     if (socklist[i].sock == sock && !( socklist[i].flags & SOCK_UNUSED ) ) {
> 
[...]

-------------- next part --------------
diff -urN eggdrop1.3~/doc/UPDATES1.3 eggdrop1.3/doc/UPDATES1.3
--- eggdrop1.3~/doc/UPDATES1.3	Mon Oct  4 21:55:46 1999
+++ eggdrop1.3/doc/UPDATES1.3	Mon Oct  4 22:13:39 1999
@@ -4,6 +4,7 @@
 
 1.3.29
 Foundby   Fixedby   What....
+Beige	  Fabian    killsock() could accidently free unused socket entries
 	  Fabian/   Changed RFC_COMPLIANT flag to dynamic setting attached to
 	  drummer   net-type. Reloading the irc module resets the rfc_ funcs.
           dw        it said 'JOIN flood from @%s!  Banning.'
diff -urN eggdrop1.3~/src/net.c eggdrop1.3/src/net.c
--- eggdrop1.3~/src/net.c	Mon Oct  4 13:39:21 1999
+++ eggdrop1.3/src/net.c	Mon Oct  4 22:10:29 1999
@@ -266,7 +266,7 @@
   int i;
 
   for (i = 0; i < MAXSOCKS; i++) {
-    if (socklist[i].sock == sock) {
+    if ((socklist[i].sock == sock) && !(socklist[i].flags & SOCK_UNUSED)) {
       close(socklist[i].sock);
       if (socklist[i].inbuf != NULL) {
 	nfree(socklist[i].inbuf);


More information about the Patches mailing list