Date: Fri, 19 Nov 1999 00:41:16 +0900 (JST) From: Tatsuya Kudoh <cdr@cosmonet.org> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/14978: problem of lprm(1) Message-ID: <199911181538.AAA20763@planar.cosmonet.org>
next in thread | raw e-mail | index | archive | help
>Number: 14978 >Category: bin >Synopsis: lprm(1) does not kill active daemon if hostname is too long >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 18 07:50:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Tatsuya Kudoh >Release: FreeBSD 2.2.8-RELEASE i386 >Organization: University of Electro-Communications(UEC) >Environment: >Description: When hostname is too long, lprm(1) fails to judge if the job is active or inactive. As a result, active daemon and filter process executed by daemon are not terminated. The cause is that a spool file that has over 39 characters-length filename causes buffer-overflow. >How-To-Repeat: Use long and long hostname. (I use 35 characters length hostname.) >Fix: At easy way, /usr/src/usr.sbin/lpr/common_source/rmjob.c, line 66: static char current[40]; /* active control file name */ Make this array more big. I changed this size to 256. ( In FreeBSD 3.2, this array is at line 72. But I don't know if this problem happens in FreeBSD 3.x.) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911181538.AAA20763>