linux-avmb1:coredump in libcapi20-3 triggered by capidivert 0.0.2
Wolfgang Rohdewald
wolfgang at rohdewald.de
Sun Sep 19 14:50:02 CEST 2004
My setup: current debian unstable, kernel 2.4.27
Problem:
capidivert calls capi20_register with MaxB3Connection = 0
so, the libcapi internal alloc_buffers() allocates 0 buffers.
later, capidivert calls capi_get_cmsg which calls capi20_get_message
which calls get_buffer which returns the first buffer - which was never
allocated. So get_buffer returns NULL and capi20_get_message dereferences that.
libcapi20 should return some sort of error condition instead of dereferencing NULL.
The patch below fixes capidivert for me, but I don't really understand that code.
Note that changing MaxB3Connection to 1 does not suffice.
Is capidivert 0.0.2 really the latest release? I didn't find anything newer.
# diff -u yy/capidivert/cfctrl.c capidivert-0.0.2/capidivert/cfctrl.c
--- yy/capidivert/cfctrl.c 2000-11-10 18:15:43.000000000 +0100
+++ capidivert-0.0.2/capidivert/cfctrl.c 2004-09-19 14:34:53.000000000 +0200
@@ -236,7 +236,7 @@
return 1;
}
- err = capi20_register(0, 0, 2048, &ApplId);
+ err = capi20_register(2, 0, 2048, &ApplId);
if (err != CapiNoError) {
fprintf(stderr, "could not register - (%#x)\n", err);
return 1;
--
Wolfgang
More information about the linux-avmb1
mailing list