[33572] in bugtraq
Re: Eggrop bug
daemon@ATHENA.MIT.EDU (Giuseppe)
Tue Feb 10 13:16:46 2004
Message-Id: <6.0.1.1.2.20040210185040.02ef7280@mail.nonsoloirc.com>
Date: Tue, 10 Feb 2004 19:00:24 +0100
To: bugtraq@securityfocus.com
From: Giuseppe <giusc@gbss.it>
In-Reply-To: <40285C07.6080806@techmonkeys.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
>Thankfully resync sharing is considered broken and most people do not
>use it. Indeed though, this is a bug and thank you for finding it.
that's not exactly true; yes, many people don't use resync, but..
char *share_start(Function *global_funcs)
{
....................
add_hook(HOOK_SHAREIN, (Function) sharein_mod);
add_hook(HOOK_MINUTELY, (Function) check_expired_tbufs);
^^^^^^^^^
add_hook(HOOK_READ_USERFILE, (Function) hook_read_userfile);
....................
}
the function, however, is called minutely, so the bug exists also if resync
is disabled.
As in previous mail has been already said, check_expired_tbufs() first
check for timed out resync buffers, then, "accomplish to handle userfile
requests in limbo (that haven't received yet any response from tandem bot)".
>Where did you notify eggheads? I seem to be blind while looking for it.
We've notified you at bugs@eggheads.org; in a private e-mail i''ve sent to
you the response we received.
With respect,
giuseppe
