[Spread-cvs] cvs commit: spread/daemon Readme.txt configuration.h monitor.c sp.c spread.c spread_params.h

jonathan at spread.org jonathan at spread.org
Wed Jun 18 10:31:24 EDT 2003


jonathan    03/06/18 10:31:24

  Modified:    daemon   Readme.txt configuration.h monitor.c sp.c spread.c
                        spread_params.h
  Log:
  Fix AIX if_info compatibility.
  Fix security bug in C library with incorrect value checking.
  Update version numbers and date for release 3.17.1
  
  Revision  Changes    Path
  1.33      +6 -2      spread/daemon/Readme.txt
  
  Index: Readme.txt
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/Readme.txt,v
  retrieving revision 1.32
  retrieving revision 1.33
  diff -u -r1.32 -r1.33
  --- Readme.txt	17 Jun 2003 19:00:10 -0000	1.32
  +++ Readme.txt	18 Jun 2003 14:31:23 -0000	1.33
  @@ -46,10 +46,10 @@
   | WWW    : http://www.spread.org  and  http://www.cnds.jhu.edu              |
   | Contact: spread at spread.org                                                |
   |                                                                           |
  -| Version 3.17.1 Built XX/June/2003                                         |
  +| Version 3.17.1 Built 20/June/2003                                         |
   \===========================================================================/
   
  -June XX, 2003 Ver 3.17.1
  +June 20, 2003 Ver 3.17.1
   ----------------------------
   Bugfixes:
   *) Fix memory corruption and crash with groups of large size.
  @@ -71,6 +71,10 @@
      many, many hours tracking this down.
   *) Change order of build in Makefile so binaries are built before
      documentation.
  +*) Fix Java bug where connection objects cannot be disconnected and
  +   then reconnected, but must be created anew. They can now be reused.
  +*) Fix compile error on AIX for struct if_info.
  +*) Fix security issue with buffer checks in the C library. 
   
   September 25, 2002 Ver 3.17.0
   ----------------------
  
  
  
  1.5       +2 -2      spread/daemon/configuration.h
  
  Index: configuration.h
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/configuration.h,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- configuration.h	22 Sep 2002 02:56:52 -0000	1.4
  +++ configuration.h	18 Jun 2003 14:31:23 -0000	1.5
  @@ -51,7 +51,7 @@
   #define Is_IfType_Daemon( type )        ( type & IFTYPE_DAEMON )
   #define Is_IfType_Any( type )        ( type & IFTYPE_ANY )
   
  -struct if_info {
  +struct spread_if_info {
           int32u  ip;
           int16   port;
           int16   type;
  @@ -63,7 +63,7 @@
   	int16	index_in_seg;
   	int32u	id;
           int     num_if;
  -        struct if_info ifc[MAX_INTERFACES_PROC];
  +        struct spread_if_info ifc[MAX_INTERFACES_PROC];
   } proc;
   
   typedef struct dummy_segment{
  
  
  
  1.8       +1 -1      spread/daemon/monitor.c
  
  Index: monitor.c
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/monitor.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- monitor.c	22 Sep 2002 02:56:52 -0000	1.7
  +++ monitor.c	18 Jun 2003 14:31:23 -0000	1.8
  @@ -135,7 +135,7 @@
   	Alarm( PRINT, "| WWW:     www.spread.org     www.cnds.jhu.edu    www.spreadconcepts.com    |\n");
   	Alarm( PRINT, "| Contact: spread at spread.org                                                |\n");
   	Alarm( PRINT, "|                                                                           |\n");
  -	Alarm( PRINT, "| Version %d.%02d.%02d Built 02/Apr/2002                                         |\n", 
  +	Alarm( PRINT, "| Version %d.%02d.%02d Built 20/June/2003                                        |\n", 
   		(int)SP_MAJOR_VERSION, (int)SP_MINOR_VERSION, (int)SP_PATCH_VERSION);
   	Alarm( PRINT, "\\===========================================================================/\n");
   
  
  
  
  1.7       +14 -0     spread/daemon/sp.c
  
  Index: sp.c
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/sp.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- sp.c	22 Sep 2002 02:56:52 -0000	1.6
  +++ sp.c	18 Jun 2003 14:31:23 -0000	1.7
  @@ -1199,6 +1199,20 @@
                   }
   		max_mess_len += scat_mess->elements[i].len;
           }
  +        /* Validate num_groups and data_len */
  +        if (head_ptr->num_groups < 0) {
  +            /* reject this message since it has an impossible (negative) num_groups
  +             * This is likely to be caused by a malicious attack or memory corruption
  +             */
  +            return( ILLEGAL_MESSAGE );
  +        }
  +        if (head_ptr->data_len < 0) {
  +            /* reject this message since it has an impossible (negative) data_len
  +             * This is likely to be caused by a malicious attack or memory corruption
  +             */
  +            return( ILLEGAL_MESSAGE );
  +        }
  +
           /* Check if sufficient buffer space for groups and data */
           if (!drop_semantics) {
                   if ( (head_ptr->num_groups > max_groups) || (head_ptr->data_len > max_mess_len) ) {
  
  
  
  1.15      +1 -1      spread/daemon/spread.c
  
  Index: spread.c
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/spread.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- spread.c	1 Oct 2002 21:26:29 -0000	1.14
  +++ spread.c	18 Jun 2003 14:31:23 -0000	1.15
  @@ -130,7 +130,7 @@
   	Alarm( PRINT, "| WWW:     www.spread.org     www.cnds.jhu.edu    www.spreadconcepts.com    |\n");
   	Alarm( PRINT, "| Contact: spread at spread.org                                                |\n");
   	Alarm( PRINT, "|                                                                           |\n");
  -	Alarm( PRINT, "| Version %d.%02d.%02d Built 25/Sep/2002                                         |\n", 
  +	Alarm( PRINT, "| Version %d.%02d.%02d Built 20/June/2003                                        |\n", 
   		(int)SP_MAJOR_VERSION, (int)SP_MINOR_VERSION, (int)SP_PATCH_VERSION );
   	Alarm( PRINT, "\\===========================================================================/\n");
   
  
  
  
  1.7       +1 -1      spread/daemon/spread_params.h
  
  Index: spread_params.h
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/spread_params.h,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- spread_params.h	22 Sep 2002 02:56:52 -0000	1.6
  +++ spread_params.h	18 Jun 2003 14:31:23 -0000	1.7
  @@ -37,7 +37,7 @@
   
   #define		SP_MAJOR_VERSION	3
   #define         SP_MINOR_VERSION        17
  -#define         SP_PATCH_VERSION        0
  +#define         SP_PATCH_VERSION        1
   #define         SPREAD_PROTOCOL         3
   
   #define		DEFAULT_SPREAD_PORT	4803
  
  
  




More information about the Spread-cvs mailing list