From: Andre Noll Date: Mon, 23 Mar 2020 20:19:14 +0000 (+0100) Subject: Merge branch 'refs/heads/t/stale-pointer-fix' X-Git-Tag: v0.6.3~21 X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=57a338b4f7a8346708636de18780eaec52750e96;hp=92c6b27d3a3fb01cf516be2fa8885d07ca92c9c7 Merge branch 'refs/heads/t/stale-pointer-fix' This bug only triggered if the kernel changes the address of the memory mapping of the audio file table after a file was added, and a subsequent operation would access the then stale pointer. Cooking for a week. * refs/heads/t/stale-pointer-fix: Don't use strdup() to copy hash. aft: Avoid stale pointer pointer reference. --- diff --git a/.gitignore b/.gitignore index 10d2572d..bd5e0480 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,6 @@ Makefile TODO paraslash-*.tar.bz2 paraslash-*.tar.xz -web/dia/overview.pdf *.swp *.rej *~ diff --git a/NEWS.md b/NEWS.md index 15496bd2..34aad072 100644 --- a/NEWS.md +++ b/NEWS.md @@ -26,6 +26,8 @@ NEWS the correct duration also if ogg pages are missing in the file. This affects ogg/vorbis ogg/speex and ogg/opus. - Robustness improvements for para_mixer. +- A fix for an old bug that could cause the server to crash or report + garbage in its status output. -------------------------------------- 0.6.2 (2018-06-30) "elastic diversity" diff --git a/command.c b/command.c index 63f0f165..8ea725de 100644 --- a/command.c +++ b/command.c @@ -870,19 +870,19 @@ static int run_command(struct command_context *cc, struct iovec *iov) * Whenever para_server accepts an incoming tcp connection on the port it * listens on, it forks and the resulting child calls this function. * - * An RSA-based challenge/response is used to authenticate the peer. It that + * An RSA-based challenge/response is used to authenticate the peer. If the * authentication succeeds, a random session key is generated and sent back to * the peer, encrypted with its RSA public key. From this point on, all - * transfers are crypted with this session key. + * transfers are encrypted with this session key using a stream cipher. * * Next it is checked if the peer supplied a valid server command or a command * for the audio file selector. If yes, and if the user has sufficient - * permissions to execute that command, the function calls the corresponding - * command handler which does argument checking and further processing. + * permissions to execute this command, the function calls the corresponding + * command handler which performs argument checking and further processing. * - * In order to cope with DOS attacks, a timeout is set up which terminates - * the function if the connection was not authenticated when the timeout - * expires. + * To cope with DOS attacks, a timer is set up right after the fork. If the + * connection was still not authenticated when the timeout expires, the child + * process is terminated. * * \return Standard. *