[455] in Moira
reg_svr can dereference null pointer
daemon@ATHENA.MIT.EDU (Jim Haynes)
Tue Sep 15 15:04:23 1992
From: haynes@cats.UCSC.EDU (Jim Haynes)
Date: Tue, 15 Sep 92 12:03:45 -0700
To: bug-moira@Athena.MIT.EDU
In the source file .../reg_svr/requests.c:
get_request() calls respond(status, (char *)NULL);
respond(status, text) calls format_pkt(bunch of args including text)
format_pkt(bunch of args, message) does a few things and then does
if (len < strlen(message) + 1) /* Room for null terminator */
strlen( passed (char *)NULL) is upset and core dumps.
I can probably wait a few days to see how you fix this before I fix it
myself, so as not to get our respective sources even further out of sync.
Please let me know what you do.
