Bug: connecting as an empty callsign (all SPACES) crashes BBSD?
ke6jjj opened this issue · comments
Found a core on ke6jjj BBS wherein b_bbsd had crashed after it received the line
LOGIN TNC2
from another process.
#5 0x0804a0a6 in service_port (ap=0x28810600)
at /usr/home/jeremy/src/n0ary-bbs/src/bbs/bbsd/main.c:72
72 if((c = parse(ap, s)) == NULL)
(gdb) p s
$12 = 0xbfbfe694 "LOGIN TNC2"
This crashes eventually in the parser:
(gdb) bt
#0 0x281a9cca in strcpy () from /lib/libc.so.7
#1 0xbfbfe1c8 in ?? ()
#2 0x08052068 in stricmp (s1=0x2880c120 "TNC0", s2=0x0)
at /usr/home/jeremy/src/n0ary-bbs/src/tools/common.c:63
#3 0x0804c4f6 in locate_port (via=0x0)
at /usr/home/jeremy/src/n0ary-bbs/src/bbs/bbsd/lock.c:43
#4 0x0804ab5b in parse (ap=0x28810600, s=0xbfbfe69f "")
at /usr/home/jeremy/src/n0ary-bbs/src/bbs/bbsd/parse.c:242
#5 0x0804a0a6 in service_port (ap=0x28810600)
at /usr/home/jeremy/src/n0ary-bbs/src/bbs/bbsd/main.c:72
#6 0x08049a79 in main (argc=2, argv=0xbfbfec70)
at /usr/home/jeremy/src/n0ary-bbs/src/bbs/bbsd/main.c:367
The string LOGIN TNC2 looks malformed to me. The extra spaces hint that there perhaps should be a callsign word between LOGIN and TNC2. The fact that it is empty tells me that perhaps a TNCD process accepted a connection from a callsign of all spaces (0x20 ASCII). That would be interpreted as an empty string in most of the BBS, and could cause this crash when bbs attempts to note a new login, which it does by telling b_bbsd LOGIN <callsign> <port>.