Received: from poconos.net (root@poconos.net [206.96.121.1]) by pear.epix.net (8.8.5/8.8.5/970414Scott Paul) with ESMTP id JAA17589 for ; Fri, 31 Oct 1997 09:07:39 -0500 (EST) Received: from pear.epix.net (grape.epix.net [199.224.64.22]) by poconos.net (8.8.6/ATARI-2600-SENDMAIL_V2.0.0.1) with ESMTP id JAA27291 for ; Fri, 31 Oct 1997 09:07:19 -0500 Received: from mibsoft1 (bngr-77ppp220.epix.net [199.224.77.220]) by pear.epix.net (8.8.5/8.8.5/970414Scott Paul) with SMTP id JAA16729; Fri, 31 Oct 1997 09:06:20 -0500 (EST) Message-Id: <199710311406.JAA16729@pear.epix.net> Comments: Authenticated sender is From: "Forrest J. Cavalier III" To: corrbeta-l@mibsoftware.com Date: Fri, 31 Oct 1997 09:04:39 -0400 MIME-Version: 1.0 Subject: [Usenet RKT] (Fwd) INN-1.7 innd doesn't response HEAD correctly Reply-to: corrbeta-l@mibsoftware.com Priority: normal X-mailer: Pegasus Mail for Windows (v2.42a) Content-Type: Multipart/Mixed; boundary=Message-Boundary-7373 X-UIDL: 4214691224fdf6759eebb718fa15f48a X-PMFLAGS: 570949760 0 --Message-Boundary-7373 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body For Usenet RKT subscribers..... ....Additional non-critical defect in innd discovered..... Discovered by: Yoshiro YONEYA as reported by the message (excerpted below.) Defect in: the innd implementation of the "HEAD" command. innd/nc.c Versions: 1.5.1corr and derivatives, including 1.7 Symptoms: In the very rare case of a connection sending the "HEAD" command to innd, the connection may hang. This is not a security vulnerability. The "HEAD" command in nnrpd (readers) is not affected. Background: In the normal mechanism of feeding, the HEAD command is never used, as far as I am aware. So the defect would only be triggered by receiving a connection from a machine in hosts.nntp which was using very odd or experimental software, or telnet for debugging purposes. The NNTP "HEAD" command is described at: http://www.mibsoftware.com/userkt/nntp/0013.htm Recommendations: Since this is not a security threat, and is only triggered in rare combinations of software, you may patch at your leisure. An "enhanced" version of the patch is attached. It credits the author, and also fixes a similar defect in the NCarticle() command. (The NCarticle() command is normally permanently disabled, but fixing the defect at the same time is appropriate.) This message, including the patch, will also be available at: http://www.mibsoftware.com/userkt/inn/patches/nc971031.msg This message has been brought to you as a result of your quarterly subscription. Thank you. Forrest Cavalier, Mib Software, originator of INN 1.7 ------- Forwarded Message Follows. the patch included in the message was removed and an enhanced patch appears in the attachment. ------- To: inn-patches@isc.org Subject: INN-1.7 innd doesn't response HEAD correctly Date: Fri, 31 Oct 1997 19:51:17 +0900 From: Yoshiro YONEYA Dear INN workers I've just started using INN-1.7 and found a bug in innd. When I send innd `HEAD ', it responses only result code `221', and headers appear after next command. I made following patch to fix it. Is this correct? [patch removed, enhancement below....] -- Yoshiro YONEYA NTT Software Corporation --Message-Boundary-7373 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Text from file 'nc9710~1.dif' --- innd/nc.c.orig Tue Oct 07 07:18:04 1997 +++ innd/nc.c Fri Oct 31 08:36:52 1997 @@ -343,7 +343,7 @@ } /* Write the terminator. */ - WCHANappend(cp, NCdotterm, STRLEN(NCdotterm)); + NCwritereply(cp, NCdot); /* Was WCHANappend. fixed 1997/10/31 yone@pi.ntts.co.jp */ } #endif /* 0 */ @@ -381,7 +381,7 @@ } /* Write the terminator. */ - WCHANappend(cp, NCdotterm, STRLEN(NCdotterm)); + NCwritereply(cp, NCdot); /* Was WCHANappend. fixed 1997/10/31 yone@pi.ntts.co.jp */ } --Message-Boundary-7373-- -- End --