search

InterLinked1 / lbbs

Lightweight BBS For Linux - Bulletin Board System server software
GNU General Public License v2.0
35 stars 4 forks source link

node.c: Invalid reads on node kicks from modules #6

Closed InterLinked1 closed 1 year ago

InterLinked1 commented 1 year ago

Invalid memory accesses can occur if a node is kicked from a module by using /reload.

No noticeable functionality errors occur but it's certainly best not to read from freed memory. This logic will need to be refined to avoid that:

/reload net_nntp
[2023-03-12 12:16:29.937]   DEBUG[1825104]: module.c:568 unload_resource_nolock: Module net_nntp.so has use count 1
[2023-03-12 12:16:29.940]   DEBUG[1825104]: node.c:445 node_shutdown: Terminating node 1
[2023-03-12 12:16:29.941]   DEBUG[1825122]: socket.c:669 bbs_std_poll: poll returned 1
[2023-03-12 12:16:29.941]   DEBUG[1825122]: utils.c:128 bbs_fd_readline: read returned 0
[2023-03-12 12:16:29.943]   DEBUG[1825122]: net_nntp.c:1338 __nnsp_handler: Node 1 has ended its NNSP session
[2023-03-12 12:16:29.946]   DEBUG[1825122]: node.c:529 node_free: Node 1 now freed
[2023-03-12 12:16:29.947]   == Node 1 has exited
==1825098== Thread 7:
==1825098== Invalid read of size 4
==1825098==    at 0x12C4A0: node_shutdown (node.c:496)
==1825098==    by 0x12CAF0: bbs_node_shutdown_mod (node.c:597)
==1825098==    by 0x12999A: unload_resource_nolock (module.c:581)
==1825098==    by 0x129CB1: unload_resource (module.c:634)
==1825098==    by 0x12A886: bbs_module_reload (module.c:864)
==1825098==    by 0x689089A: sysop_command (mod_sysop.c:95)
==1825098==    by 0x6891BC1: sysop_handler (mod_sysop.c:394)
==1825098==    by 0x13900E: thread_run (thread.c:269)
==1825098==    by 0x4FE7EA6: start_thread (pthread_create.c:477)
==1825098==    by 0x5100A2E: clone (clone.S:95)
==1825098==  Address 0x5ef8df0 is 240 bytes inside a block of size 296 free'd
==1825098==    at 0x48399AB: free (vg_replace_malloc.c:538)
==1825098==    by 0x12C711: node_free (node.c:533)
==1825098==    by 0x12F7DF: bbs_node_exit (node.c:1254)
==1825098==    by 0xA1C3595: __nnsp_handler (net_nntp.c:1339)
==1825098==    by 0x13900E: thread_run (thread.c:269)
==1825098==    by 0x4FE7EA6: start_thread (pthread_create.c:477)
==1825098==    by 0x5100A2E: clone (clone.S:95)
==1825098==  Block was alloc'd at
==1825098==    at 0x483AB65: calloc (vg_replace_malloc.c:760)
==1825098==    by 0x12B7D1: __bbs_node_request (node.c:227)
==1825098==    by 0x133107: __bbs_tcp_listener (socket.c:472)
==1825098==    by 0x13329C: bbs_tcp_listener (socket.c:494)
==1825098==    by 0xA1C3614: nnsp_listener (net_nntp.c:1354)
==1825098==    by 0x13900E: thread_run (thread.c:269)
==1825098==    by 0x4FE7EA6: start_thread (pthread_create.c:477)
==1825098==    by 0x5100A2E: clone (clone.S:95)