On 19/10/14 01:12, Andrew Hanushevsky wrote: > Hi Ulf, > > OK, after remapping the addresses in your stack trace to get the exact > code path, I did indeed discover where the stack corruption came from. > It is not caused by any user data so it cannot be used to compromise a > server. It's simply that a too small buffer was passed to an internal > function. Additionally, the problem would only manifest itself at log > file rotation time (usually midnight). This is now fixed in git head. > > Since you have compiled 4.0.3 from source, you can apply the following > source fix: > > XrdSysLogger.cc:418: char tbuff[24]; > should be changed to > XrdSysLogger.cc:418: char tbuff[32]; > > I will check with Lukasz whether we will back port this. Thank you for > bringing this to our attention. Finally wake enough to check the code: Wouldn't it be sensible to use a constant #defined for this? Having magic numbers spread around the code is just begging for disaster. Grepping for "buff" in the code turns up more problems: XrdSysError.cc contains this gem: char ebuff[16], etbuff[80], *etxt = 0; if (!(etxt = ec2text(ecode))) {snprintf(ebuff, sizeof(ebuff), "reason unknown (%d)", ecode); etxt = ebuff; } else if (isupper(static_cast<int>(*etxt))) {strlcpy(etbuff, etxt, sizeof(etbuff)); *etbuff = static_cast<char>(tolower(static_cast<int>(*etxt))); etxt = etbuff; } that snprintf won't ever create anything else than "reason unknown ", so why do it the complicated way at all? const char ebuff[]="reason unknown"; would do just as well for this, just as useful. We removed the logrotate until we get a new release.. -- Ulf Tigerstedt || CSC Oy || NDGF Computing Environments group (NGI_FI and NGI_NDGF) deputy manager GSM +358503818558 || +35894572279 Keilaranta 14 || Espoo || Finland ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1