diff options
-rw-r--r-- | daemon/utmpd/Makefile | 2 | ||||
-rw-r--r-- | daemon/utmpd/friend.cpp | 26 | ||||
-rw-r--r-- | daemon/utmpd/utmpserver3.c | 13 |
3 files changed, 28 insertions, 13 deletions
diff --git a/daemon/utmpd/Makefile b/daemon/utmpd/Makefile index 97270836..65269c8d 100644 --- a/daemon/utmpd/Makefile +++ b/daemon/utmpd/Makefile @@ -5,7 +5,7 @@ SRCROOT= ../.. PROGRAMS= utmpserver utmpsync utmpserver2 utmpserver3 authserver UTILDIR= $(SRCROOT)/util -UTILOBJ= $(UTILDIR)/util_var.o $(UTILDIR)/util_passwd.o +UTILOBJ= $(UTILDIR)/util_var.o LDLIBS+=$(SRCROOT)/common/bbs/libcmbbs.a \ $(SRCROOT)/common/sys/libcmsys.a \ diff --git a/daemon/utmpd/friend.cpp b/daemon/utmpd/friend.cpp index e62a7198..5497ee2e 100644 --- a/daemon/utmpd/friend.cpp +++ b/daemon/utmpd/friend.cpp @@ -13,8 +13,8 @@ /* 除了 user 及 utmp 之外, 全部的 ref index 都是雙向的, 確保 insert & delete O(1) */ /* 當沒有人 refer 時則 resource recycle */ -typedef int Uid; -typedef int Idx; +typedef int Uid; /* 1 <= x <= MAX_USERS */ +typedef int Idx; /* 0 <= x < USHM_SIZE */ struct Relation { @@ -226,10 +226,20 @@ struct BBSUser { utmplist.append(utmpidx); online++; assert(online==utmplist.n); - for(int i=0; i<MAX_FRIEND && likehim[i]; i++) + for(int i=0; i<MAX_FRIEND && likehim[i]; i++) { + if (0 >= likehim[i] || likehim[i] > MAX_USERS) { + fprintf(stderr, "bad %d's likehim[%d]=%d\n", utmpidx, i, likehim[i]); + continue; + } like.add(me, likehim[i]); - for(int i=0; i<MAX_REJECT && hatehim[i]; i++) + } + for(int i=0; i<MAX_REJECT && hatehim[i]; i++) { + if (0 >= hatehim[i] || likehim[i] > MAX_USERS) { + fprintf(stderr, "bad %d's hatehim[%d]=%d\n", utmpidx, i, hatehim[i]); + continue; + } hate.add(me, hatehim[i]); + } } void logout(int utmpidx) { @@ -255,15 +265,15 @@ struct BBSUser { }; struct UserList { - BBSUser users[MAX_USERS]; + BBSUser users[MAX_USERS+1]; // [1~MAX_USERS] (0 is unused), UserList() { - for(int i=0; i<MAX_USERS; i++) + for(int i=0; i<=MAX_USERS; i++) users[i].me=i; } void login(Uid uid, Idx idx, const Uid likehim[MAX_FRIEND], const Uid hatehim[MAX_REJECT]) { - assert(uid<MAX_USERS); - assert(idx<USHM_SIZE); + assert(1 <= uid && uid<=MAX_USERS); + assert(0 < idx && idx<USHM_SIZE); /* 由於不會收到 logout event, 因此 logout 只發生在 utmp override */ if(utmp.utmp[idx]!=-1) users[utmp.utmp[idx]].logout(idx); users[uid].login(idx, likehim, hatehim); diff --git a/daemon/utmpd/utmpserver3.c b/daemon/utmpd/utmpserver3.c index 83fa6285..30894c5d 100644 --- a/daemon/utmpd/utmpserver3.c +++ b/daemon/utmpd/utmpserver3.c @@ -32,15 +32,15 @@ int action_frequently(int uid) unsigned short lastlogin; // truncated time_t unsigned char minute_count; unsigned char hour_count; - } flooding[MAX_USERS]; + } flooding[MAX_USERS+1]; if(minute!=flood_base_minute) { - for(i=0; i<MAX_USERS; i++) + for(i=0; i<=MAX_USERS; i++) flooding[i].minute_count=0; flood_base_minute=minute; } if(hour!=flood_base_hour) { - for(i=0; i<MAX_USERS; i++) + for(i=0; i<=MAX_USERS; i++) flooding[i].hour_count=0; flood_base_hour=hour; } @@ -242,11 +242,16 @@ void connection_client(int cfd, short event, void *arg) } evbuffer_remove(cs->evb, &index, sizeof(index)); evbuffer_remove(cs->evb, &uid, sizeof(uid)); - if (index >= USHM_SIZE) { + if (index >= USHM_SIZE || index < 0) { fprintf(stderr, "bad index=%d\n", index); cs->state = FSM_EXIT; break; } + if (uid > MAX_USERS || uid <= 0) { + fprintf(stderr, "bad uid=%d\n", uid); + cs->state = FSM_EXIT; + break; + } count_login++; processlogin(cs, uid, index); if (count_login >= 4000 || (time(NULL) - begin_time) > 30*60) |