Merge branch 'refs/heads/t/stale-pointer-fix'

This bug only triggered if the kernel changes the address of the memory
mapping of the audio file table after a file was added, and a subsequent
operation would access the then stale pointer.

Cooking for a week.

* refs/heads/t/stale-pointer-fix:
  Don't use strdup() to copy hash.
  aft: Avoid stale pointer pointer reference.

diff --git a/.gitignore b/.gitignore
index 10d2572d926ab11ec8de95fa32649aa00f4bf1c6..bd5e04801c4bec2714dd515810296f1bc89cbab0 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -16,7 +16,6 @@ Makefile
 TODO
 paraslash-*.tar.bz2
 paraslash-*.tar.xz
-web/dia/overview.pdf
 *.swp
 *.rej
 *~

diff --git a/NEWS.md b/NEWS.md
index 15496bd274a64b8127ae16c47fc90d7ea3140d4c..34aad072bfd0d5743c2177bf042f2e919f20a676 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -26,6 +26,8 @@ NEWS
   the correct duration also if ogg pages are missing in the file. This
   affects ogg/vorbis ogg/speex and ogg/opus.
 - Robustness improvements for para_mixer.
+- A fix for an old bug that could cause the server to crash or report
+  garbage in its status output.
 
 --------------------------------------
 0.6.2 (2018-06-30) "elastic diversity"

diff --git a/command.c b/command.c
index 63f0f1659f64aa60cd8b2c1bf399aed97993af18..8ea725de7898ef817a62c0ba2755c73a0f744572 100644 (file)
--- a/command.c
+++ b/command.c
@@ -870,19 +870,19 @@ static int run_command(struct command_context *cc, struct iovec *iov)
  * Whenever para_server accepts an incoming tcp connection on the port it
  * listens on, it forks and the resulting child calls this function.
  *
- * An RSA-based challenge/response is used to authenticate the peer. It that
+ * An RSA-based challenge/response is used to authenticate the peer. If the
  * authentication succeeds, a random session key is generated and sent back to
  * the peer, encrypted with its RSA public key. From this point on, all
- * transfers are crypted with this session key.
+ * transfers are encrypted with this session key using a stream cipher.
  *
  * Next it is checked if the peer supplied a valid server command or a command
  * for the audio file selector. If yes, and if the user has sufficient
- * permissions to execute that command, the function calls the corresponding
- * command handler which does argument checking and further processing.
+ * permissions to execute this command, the function calls the corresponding
+ * command handler which performs argument checking and further processing.
  *
- * In order to cope with DOS attacks, a timeout is set up which terminates
- * the function if the connection was not authenticated when the timeout
- * expires.
+ * To cope with DOS attacks, a timer is set up right after the fork. If the
+ * connection was still not authenticated when the timeout expires, the child
+ * process is terminated.
  *
  * \return Standard.
  *