For starters, a simple bug in vsfpd. It requires session reusing if using FTP over TLS, yet sessions can easily expire, so sessions cannot be reused even if a client wanted to.
Code: Select all
--- ssl.c.old 2009-08-08 03:50:52.000000000 +0200
+++ ssl.c 2009-10-08 18:56:55.488936000 +0200
@@ -143,6 +143,11 @@
SSL_CTX_set_session_id_context(p_ctx, (void*) p_ctx_id,
vsf_sysutil_strlen(p_ctx_id));
}
+ if (tunable_require_ssl_reuse)
+ {
+ /* Ensure cached session doesn't expire */
+ SSL_CTX_set_timeout(p_ctx, 2147483647);
+ }
p_sess->p_ssl_ctx = p_ctx;
ssl_inited = 1;
}
Next, a bug in PuTTY, the code that calculates SHA512 sums doesn't work if compiled on a 64bit system. Does arithmetic that assumes 32bit unsigned integers and their overflow behavior on 64bit integers.
Code: Select all
Index: sshsh512.c
===================================================================
--- sshsh512.c (revision 8690)
+++ sshsh512.c (working copy)
@@ -13,14 +13,14 @@
* overlap destination with one source, but the others can't.
*/
#define add(r,x,y) ( r.lo = y.lo + x.lo, \
- r.hi = y.hi + x.hi + (r.lo < y.lo) )
-#define rorB(r,x,y) ( r.lo = (x.hi >> ((y)-32)) | (x.lo << (64-(y))), \
- r.hi = (x.lo >> ((y)-32)) | (x.hi << (64-(y))) )
-#define rorL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \
- r.hi = (x.hi >> (y)) | (x.lo << (32-(y))) )
-#define shrB(r,x,y) ( r.lo = x.hi >> ((y)-32), r.hi = 0 )
-#define shrL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \
- r.hi = x.hi >> (y) )
+ r.hi = y.hi + x.hi + ((uint32)r.lo < (uint32)y.lo) )
+#define rorB(r,x,y) ( r.lo = ((uint32)x.hi >> ((y)-32)) | ((uint32)x.lo << (64-(y))), \
+ r.hi = ((uint32)x.lo >> ((y)-32)) | ((uint32)x.hi << (64-(y))) )
+#define rorL(r,x,y) ( r.lo = ((uint32)x.lo >> (y)) | ((uint32)x.hi << (32-(y))), \
+ r.hi = ((uint32)x.hi >> (y)) | ((uint32)x.lo << (32-(y))) )
+#define shrB(r,x,y) ( r.lo = (uint32)x.hi >> ((y)-32), r.hi = 0 )
+#define shrL(r,x,y) ( r.lo = ((uint32)x.lo >> (y)) | ((uint32)x.hi << (32-(y))), \
+ r.hi = (uint32)x.hi >> (y) )
#define and(r,x,y) ( r.lo = x.lo & y.lo, r.hi = x.hi & y.hi )
#define xor(r,x,y) ( r.lo = x.lo ^ y.lo, r.hi = x.hi ^ y.hi )
#define not(r,x) ( r.lo = ~x.lo, r.hi = ~x.hi )
Last but not least a bug in the timer code in wxWidgets, could happen that a previously deleted timer object gets accessed, leading to a segfault.
Code: Select all
--- wxWidgets/branches/WX_2_8_BRANCH/src/gtk/timer.cpp 2009/10/08 13:52:08 62332
+++ wxWidgets/branches/WX_2_8_BRANCH/src/gtk/timer.cpp 2009/10/08 13:56:30 62333
@@ -30,7 +30,8 @@
// Don't change the order of anything in this callback!
- if (timer->IsOneShot())
+ const bool oneshot = timer->IsOneShot();
+ if ( oneshot )
{
// This sets m_tag to -1
timer->Stop();
@@ -50,7 +51,7 @@
if (app)
app->WakeUpIdle();
- if (timer->IsOneShot())
+ if ( oneshot )
return FALSE;
return TRUE;
On a different front I've moved FileZilla's Trac to a new server courtesy of NDC Host. The result is a huge improvement in Trac performance and also some improvement for the other services still running on the previous server now that Trac is elsewhere.
Migrating Trac took me longer than expected, I forgot that I had made several custom modifications to the account manager plugin to get it into a useful shape. Nonetheless it works now after re-applying lots of patches mostly grabbed from Trac's Trac.
Another problem was the sheer size of the Trac database, almost a gigabyte of data. Many millions of old, unused sessions were stored in the database. Trac only purges those after 90 days, a far too long time I think. Also, registered users who didn't make any contributions weren't purged either. Many thousands of those as well, most likely all bots. I've written a few queries that get rid of these old sessions:
Code: Select all
DELETE FROM session WHERE session.last_visit < (select extract('epoch' from current_timestamp)) - 3600 * 24 * 7
and not exists (SELECT ticket.reporter FROM ticket WHERE ticket.reporter = session.sid)
and not exists (SELECT ticket_change.author FROM ticket_change WHERE ticket_change.author = session.sid)
and not exists (SELECT wiki.author FROM wiki WHERE wiki.author = session.sid)
;
DELETE FROM attachment WHERE attachment.type = 'ticket' and not exists (SELECT ticket.id FROM ticket WHERE cast(ticket.id as text) = attachment.id);
DELETE FROM session_attribute where not exists (SELECT * FROM session WHERE session.sid = session_attribute.sid);
DELETE FROM auth_cookie WHERE not exists (SELECT * FROM session WHERE session.sid = auth_cookie.name);
Of the things ahead, another service that will get moved to the new server is the nightly build service. One change I'll implement on the way is to get rid of the nightly aspect, in future development builds will be created after each commit. Gives users a much more timely chance to test my fixes in response to their bug reports.