>Number:         608
>Category:       bin
>Synopsis:       lpd/recvjob.c:frecverr() causes coredump (fix included)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnats-admin (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec  3 17:35:07 1994
>Originator:     Jarle F. Greipsland
>Organization:
"Sleepy Hackers 'R' Us"
>Release:        1.0
>Environment:
	
System: NetBSD hood.ed.unit.no 1.0 NetBSD 1.0 (HOOD) #4: Sun Nov 20 15:26:57 MET 1994 jarle@hood.ed.unit.no:/usr/src/sys/arch/i386/compile/HOOD i386


>Description:
If a misconfigured remote host attempts to spool printer jobs, and any error 
occurs at the printer server, the server's lpd will dump core.  This is due
to an incorrect type declaration of an external variable: fromb.  
In recvjob.c it's declared as 'extern char *' while in lpd.c its defined as
'char []'.  When fromb is passed as a parameter to syslog() (part of) the 
contents of the array is sent instead of the address to the array.
	
>How-To-Repeat:
Write a correct, except for a bogus :rp: entry, /etc/printcap file at a 
client host. Then, at the client, try and spool a job to the
(nonexistant) remote printer. The server's lpd will dump core.
	
>Fix:
	
Apply diff.

*** recvjob.c.orig	Sun Dec  4 01:36:48 1994
--- recvjob.c	Sun Dec  4 01:37:17 1994
***************
*** 343,347 ****
  #endif
  {
! 	extern char *fromb;
  	va_list ap;
  #if __STDC__
--- 343,347 ----
  #endif
  {
! 	extern char fromb[];
  	va_list ap;
  #if __STDC__

						-jarle
----
"The entire software industry runs on coffee just as much as it runs
 on electricity."
				-- Dan Sorenson
>Audit-Trail:
>Unformatted:

incorrect type declaration of external variable (array vs. pointer)