I've been running OpenSLP 1.2.1 as packaged for Fedora 9 and RHEL 5.3, 
and I've hit a problem, so I've just downloaded the source for 1.2.1 
and compiled it myself to confirm this problem.

If I turn on message logging in slp.conf, i.e. net.slp.traceMsg = true,
running the command

  slptool findsrvtypes

with no authority string will crash slpd. It segfaults right after 
logging the standard message header and the actual message type:

MESSAGE - Trace message (IN)
Peer:
    IP address: 172.24.41.57
Header:
    version = 2
    functionid = 9
    length = 55
    flags = 8192
    extoffset = 0
    xid = 27812
    langtag = en
Message SRVTYPERQST:

Taking a look at slpd/slpd_log.c, I see that 
SLPDLogSrvTypeRqstMessage() will call

   SLPDLogBuffer("   namingauth = ", srvtyperqst->namingauthlen, 
srvtyperqst->namingauth);

unconditionally. However, if no authority is provided, namingauth is a 
null pointer and namingauthlen is 65535, the magic value that means 
"all naming authorities".

A quick test shows that namingauth will also be null if an empty naming 
authority is provided as well, and namingauthlen will be zero.

I've made a quick patch to slpd_log.c which appears to work. I don't 
know whether attachments are permitted here, so I'll forward it later 
if it is wanted.

-- 
Paul Flo Williams. Tel +44 1293 587253
Thales UK, Manor Royal, CRAWLEY RH10 9HA

------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Openslp-devel mailing list
Openslp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openslp-devel

Reply via email to