diff options
author | kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2004-10-19 21:37:10 +0800 |
---|---|---|
committer | kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2004-10-19 21:37:10 +0800 |
commit | 8b1485ad2959d64ab841656ca235059f52c13e45 (patch) | |
tree | 46e59a31180f394d9640cd644bcd2848f52fa6b5 /util | |
parent | 8b2e2b6fbe1ad9360d624bd0f4f95a19f00cc629 (diff) | |
download | pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.gz pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.bz2 pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.lz pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.xz pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.tar.zst pttbbs-8b1485ad2959d64ab841656ca235059f52c13e45.zip |
fix utmpfix that corrupt SHM
make utmpfix more sensitive on bad userid and friend number
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@2266 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
Diffstat (limited to 'util')
-rw-r--r-- | util/shmctl.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/util/shmctl.c b/util/shmctl.c index f3067fc2..b6819c8b 100644 --- a/util/shmctl.c +++ b/util/shmctl.c @@ -1,6 +1,7 @@ /* $Id$ */ #include "bbs.h" #include <sys/wait.h> +#include <string.h> extern SHM_t *SHM; @@ -21,7 +22,9 @@ int logout_friend_online(userinfo_t *utmp) utmp->friend_online[i]=0; ui = &SHM->uinfo[j]; if(ui->pid && ui!=utmp){ - for(k=0; k<ui->friendtotal && + if(ui->friendtotal > MAX_FRIEND) + printf("\tfriend(%d) has too many(%d) friends\n", j, ui->friendtotal); + for(k=0; k<ui->friendtotal && k<MAX_FRIEND && (int)(ui->friend_online[k] & 0xFFFFFF) !=offset; k++); if( k < ui->friendtotal && k < MAX_FRIEND ){ ui->friendtotal--; @@ -133,6 +136,10 @@ int utmpfix(int argc, char **argv) clean = NULL; if( !isalpha(SHM->uinfo[which].userid[0]) ) clean = "userid error"; + else if( memchr(SHM->uinfo[which].userid, '\0', IDLEN+1)==NULL) + clean = "userid without z"; + else if( SHM->uinfo[which].friendtotal > MAX_FRIEND) + clean = "too many friend"; else if( kill(SHM->uinfo[which].pid, 0) < 0 ){ clean = "process error"; purge_utmp(&SHM->uinfo[which]); |