Bug#81033: queued bombs out with fatal error.
Package: queue
Version: 1.30.1-1
On running 'queue -i -- ls' from a terminal window, queued sends the
attached email.
The problem is the for loop at line 3226 of queued.c; an incorrect bound is
used in the for statement.
The enclosed patch cures the problem, by changing the loop bound from
RLIM_NLIMITS to the size of the appropriate array.
Ralph
--- Begin Message ---
QUEUED fatal error; queued terminating:
- 7: invalid integer rlimit value
--- End Message ---
--- queue-1.30.1.orig/queued.c
+++ queue-1.30.1/queued.c
@@ -92,6 +92,44 @@
#include "lex.h"
+#ifdef HAVE_GETRLIMIT
+/*
+ * Structure to match lex keywords to RLIMIT values and to small
+ * integers to index the q_rlimit array.
+ */
+static struct {
+ int r;
+ enum keyword kwd;
+} rtab[] = {
+#ifdef RLIMIT_CPU
+ RLIMIT_CPU, K_RLIMITCPU,
+#endif
+#ifdef RLIMIT_FSIZE
+ RLIMIT_FSIZE,K_RLIMITFSIZE,
+#endif
+#ifdef RLIMIT_DATA
+ RLIMIT_DATA, K_RLIMITDATA,
+#endif
+#ifdef RLIMIT_STACK
+ RLIMIT_STACK,K_RLIMITSTACK,
+#endif
+#ifdef RLIMIT_CORE
+ RLIMIT_CORE, K_RLIMITCORE,
+#endif
+#ifdef RLIMIT_RSS
+ RLIMIT_RSS, K_RLIMITRSS,
+#endif
+#ifdef RLIMIT_NOFILE
+ RLIMIT_NOFILE, K_RLIMITNOFILE,
+#endif
+#ifdef RLIMIT_VMEM
+ RLIMIT_VMEM, K_RLIMITVMEM,
+#endif
+};
+
+#define NUM_RLIMITS (sizeof (rtab) / sizeof (rtab[0]))
+
+#endif
/*
* Generic queue_b structure. The set of queues, jobs, and running
@@ -3223,7 +3261,7 @@
/*Eric Deal <[EMAIL PROTECTED]> found that this setrlimit
code breaks Solaris. Should test to see if it breaks other platforms
as well. GNU/Linux seems OK.*/
- for( i=0; iq_rlimit[i]);
if( rlp->rlim_cur >= 0 && rlp->rlim_max >= 0 )
(void) setrlimit( itorl(i), rlp );
@@ -3292,40 +3330,6 @@
}
#ifdef HAVE_GETRLIMIT
-/*
- * Structure to match lex keywords to RLIMIT values and to small
- * integers to index the q_rlimit array.
- */
-static struct {
- int r;
- enum keyword kwd;
-} rtab[] = {
-#ifdef RLIMIT_CPU
- RLIMIT_CPU, K_RLIMITCPU,
-#endif
-#ifdef RLIMIT_FSIZE
- RLIMIT_FSIZE,K_RLIMITFSIZE,
-#endif
-#ifdef RLIMIT_DATA
- RLIMIT_DATA, K_RLIMITDATA,
-#endif
-#ifdef RLIMIT_STACK
- RLIMIT_STACK,K_RLIMITSTACK,
-#endif
-#ifdef RLIMIT_CORE
- RLIMIT_CORE, K_RLIMITCORE,
-#endif
-#ifdef RLIMIT_RSS
- RLIMIT_RSS, K_RLIMITRSS,
-#endif
-#ifdef RLIMIT_NOFILE
- RLIMIT_NOFILE, K_RLIMITNOFILE,
-#endif
-#ifdef RLIMIT_VMEM
- RLIMIT_VMEM, K_RLIMITVMEM,
-#endif
-};
-
/* Turn RLIMIT manifest number into a small Integer 0 <= i < RLIM_NLIMITS
* used to index the q_rlimit array.
*/
@@ -3334,7 +3338,7 @@
{
register int i;
- for (i = 0; i < sizeof rtab/sizeof rtab[0]; i++)
+ for (i = 0; i < NUM_RLIMITS; i++)
if (rtab[i].r == rl)
return i;
error1("%d: invalid RLIMIT value\n", rl);
@@ -3348,7 +3352,7 @@
{
register int i;
- for (i = 0; i < sizeof rtab/sizeof rtab[0]; i++)
+ for (i = 0; i < NUM_RLIMITS; i++)
if (rtab[i].kwd == kwd)
return rtab[i].r;
error1("%d: invalid keyword value\n", (int)kwd);
@@ -3360,7 +3364,7 @@
int
itorl(int i)
{
- if ((unsigned)i < sizeof rtab/sizeof rtab[0])
+ if ((unsigned)i < NUM_RLIMITS)
return rtab[i].r;
error1("%d: invalid integer rlimit value\n", i);
/*NOTREACHED*/
Bug#81040: queued fails to allocate ptys.
Package: queue
Version: 1.30.1-1
queued fails to allocate ptys correctly; it attempts to do this by
readdir'ing /dev and trying to find a free pty.
The enclosed patch converts it to use the Unix98 getpt etc. functions. The
patch isn't pretty & I've made no attempt to preserve the cross-platform
(HP-UX/Solaris etc.) functionality.
There is also a problem with the deallocpty function in pty.c; it attempts
to use a global variable which is only set-up in a child process (duh!). I
haven't attempted to fix that one.
Ralph.
--- queue-1.30.1.orig/handle.c
+++ queue-1.30.1/handle.c
@@ -844,8 +844,8 @@
fclose(temp);
exit(2);
}
- fchown(pty1, 0, 0);
- fchmod(pty1, S_IRUSR|S_IWUSR);
+/*fchown(pty1, 0, 0); */
+/*fchmod(pty1, S_IRUSR|S_IWUSR); */
}
}
dead = 0;
--- queue-1.30.1.orig/pty.c
+++ queue-1.30.1/pty.c
@@ -57,6 +57,17 @@
struct dirent *temp;
char *file, c;
+ fd = getpt();
+
+ if (fd >= 0 && grantpt (fd) >= 0 && unlockpt (fd) >= 0) {
+ line = ptsname (fd);
+ return fd;
+ }
+
+ if (fd >= 0)
+ close (fd);
+
+#if 0
#ifdef HAVE__GETPTY
/*IRIX*/
@@ -118,6 +129,7 @@
return(fd);
}
#endif /*HAVE__GETPTY*/
+#endif
syslog(LOG_ERR, "ptyalloc: no more ptys");
return (-1);
}
@@ -139,14 +151,27 @@
mkutmp(char *name, int pty2, int uid, int gid)
{
char *line;
- char buf[255];
+ char * shortline;
+
+ memset (&myu, 0, sizeof (struct utmp));
+
line = mtos();
- strcpy(myu.ut_user, name);
-#ifdef linux
- strncpy(myu.ut_id,line+8,2);
-#else
- strncpy(myu.ut_id, line+12,2);
-#endif
+
+ if (strncmp (line, "/dev/", 5) == 0)
+ line += 5;
+
+ shortline = line;
+ if (strncmp (shortline, "pts", 3) == 0)
+ shortline += 3;
+
+ if (strlen (shortline) > sizeof (myu.ut_id))
+ shortline += strlen (shortline) - sizeof (myu.ut_id);
+
+ strncpy (myu.ut_user, name, sizeof (myu.ut_user));
+ strncpy (myu.ut_id, shortline, sizeof (myu.ut_id));
+ strncpy (myu.ut_line, line, sizeof (myu.ut_line));
+
+#if 0
strcpy(buf, "/dev/tty");
strcat(buf, myu.ut_id);
#ifdef linux
@@ -154,26 +179,20 @@
#else
strcpy(myu.ut_line, line+9);
#endif
+#endif
+
myu.ut_pid = getpid();
myu.ut_type = USER_PROCESS;
myu.ut_time = time(NULL);
#ifdef HAVE_UT_ADDR
- strcpy(myu.ut_host, "Queue process");
+ strncpy(myu.ut_host, "Queue process", sizeof (myu.ut_host));
myu.ut_addr = 0L;
#endif
+
setutent();
getutid(&myu);
pututline(&myu);
- fchown(pty2, uid, gid);
- fchmod(pty2, S_IRUSR|S_IWUSR);
-
- if(!strcmp(buf,"/dev/tty")) {
-syslog(LOG_ERR,"queue: pty.c: mkutmp: bug: buf equals /dev/tty.");
- }
- else {
- chown(buf, uid, gid);
- chmod(buf, S_IRUSR|S_IWUSR);
- }
+ endutent();
}
/*HP ptsname is buggy! So we write our own!*/
@@ -184,14 +203,13 @@
static char buf[16];
register int i;
-#ifdef HAVE__GETPTY
+//#ifdef HAVE__GETPTY
if(line) return(line);
syslog(LOG_ERR, "mtos: call allocpty first.");
return(NULL);
-#else
-
+#if 0
ptym = buf2;
for(i=0;ptym[i]!=0;++i) if(ptym[i]=='/') {
ptym = &ptym[i+1];
