[16849] in Athena Bugs
Do you know about this bug in zephyr?
daemon@ATHENA.MIT.EDU (gschmidt@pinball-wizard.mit.edu)
Mon May 17 21:07:29 1999
From: gschmidt@pinball-wizard.mit.edu
Message-Id: <199905180108.VAA21262@pinball-wizard.mit.edu>
To: bugs@MIT.EDU
Date: Mon, 17 May 1999 21:08:48 EDT
------- Forwarded Message
Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by po7.MIT.EDU (5.61/4.7) id AA05557; Mon, 17 May 99 11:15:23 EDT
Received: from BANNING.MIT.EDU by MIT.EDU with SMTP
id AA03578; Mon, 17 May 99 11:15:33 EDT
From: pipa@MIT.EDU
Received: by banning (8.8.8+Sun/4.7) id LAA07759; Mon, 17 May 1999 11:15:20 -0400 (EDT)
Date: Mon, 17 May 1999 11:15:20 -0400 (EDT)
Message-Id: <199905171515.LAA07759@banning>
To: "geoff schmidt" <gschmidt@MIT.EDU>
Reply-To: olc@MIT.EDU
Subject: Your OLC question about "zephyr"
- --------
Hi there. I am sorry that we were unable to answer your question before
you logged out. You asked olc>
>> It is possible to crash an arbitrary user's zwgc by sending a zephyr with a body between 32768
>> and 65535 bytes, ie
>>
>> zwrite username -m `head -c 32768 /dev/zero | tr '\0' a`
>>
>> If you replace username with, say, -i foo, you can also crash the zwgc's of everyone subscribed
>> to instance foo.
>>
>> This bug is a result of the zephyr's length being temporarily assigned from an int to a short int
>> and back. The declaration of the len field of the desctype structure in formatter.h should be
>> changed from short int to int. I haven't read enough zwgc source to know if other changes are
>> needed.
>>
>> Or, it might be better to just truncate incoming zephyrs to 32k, or impose a length restriction
>> on the server end.
>>
>> Not that it really matters..
It seems a little unclear to what you are asking about zephyr. Do you
need help possibly limiting the size of zephyrs you are willing to
accept? If you were mostly just telling us of the problem with zephyr
that you have noticed, you might want to email bugs@mit.edu. Especially
since there will be a new Athena release coming out soon.
I hope that this helps. Since I believe that we need more clarification
on your question, I am going to leave your log open in the olc> queue so
that other consultants can help you. Please type send at the olc>
prompt to give us an update on your question. Otherwise type done to
resolve your question in the queue. Thanks for using olc>
Heather D Drake
Athena Consultant
------- End of Forwarded Message
