summaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorkcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>2004-10-19 21:37:10 +0800
committerkcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>2004-10-19 21:37:10 +0800
commit8b1485ad2959d64ab841656ca235059f52c13e45 (patch)
tree46e59a31180f394d9640cd644bcd2848f52fa6b5 /util
parent8b2e2b6fbe1ad9360d624bd0f4f95a19f00cc629 (diff)
downloadpttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar
pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.gz
pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.bz2
pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.lz
pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.xz
pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.zst
pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.zip
fix utmpfix that corrupt SHM
make utmpfix more sensitive on bad userid and friend number git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@2266 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
Diffstat (limited to 'util')
-rw-r--r--util/shmctl.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/util/shmctl.c b/util/shmctl.c
index f3067fc2..b6819c8b 100644
--- a/util/shmctl.c
+++ b/util/shmctl.c
@@ -1,6 +1,7 @@
/* $Id$ */
#include "bbs.h"
#include <sys/wait.h>
+#include <string.h>
extern SHM_t *SHM;
@@ -21,7 +22,9 @@ int logout_friend_online(userinfo_t *utmp)
utmp->friend_online[i]=0;
ui = &SHM->uinfo[j];
if(ui->pid && ui!=utmp){
- for(k=0; k<ui->friendtotal &&
+ if(ui->friendtotal > MAX_FRIEND)
+ printf("\tfriend(%d) has too many(%d) friends\n", j, ui->friendtotal);
+ for(k=0; k<ui->friendtotal && k<MAX_FRIEND &&
(int)(ui->friend_online[k] & 0xFFFFFF) !=offset; k++);
if( k < ui->friendtotal && k < MAX_FRIEND ){
ui->friendtotal--;
@@ -133,6 +136,10 @@ int utmpfix(int argc, char **argv)
clean = NULL;
if( !isalpha(SHM->uinfo[which].userid[0]) )
clean = "userid error";
+ else if( memchr(SHM->uinfo[which].userid, '\0', IDLEN+1)==NULL)
+ clean = "userid without z";
+ else if( SHM->uinfo[which].friendtotal > MAX_FRIEND)
+ clean = "too many friend";
else if( kill(SHM->uinfo[which].pid, 0) < 0 ){
clean = "process error";
purge_utmp(&SHM->uinfo[which]);