* nntpd: various bug fixes
@ 2016-05-19 8:24 7% Eric Wong
2016-05-19 8:24 6% ` [PATCH 1/2] nntpd: reject control characters entirely Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2016-05-19 8:24 UTC (permalink / raw)
To: meta
Control characters are pretty nasty, unsorted groups weren't
too bad.
Eric Wong (2):
nntpd: reject control characters entirely
nntpd: avoid uninitialized warning
lib/PublicInbox/NNTP.pm | 4 ++--
lib/PublicInbox/NNTPD.pm | 2 +-
t/nntpd.t | 30 +++++++++++++++++++++++-------
3 files changed, 26 insertions(+), 10 deletions(-)
^ permalink raw reply [relevance 7%]
* [PATCH 1/2] nntpd: reject control characters entirely
2016-05-19 8:24 7% nntpd: various bug fixes Eric Wong
@ 2016-05-19 8:24 6% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2016-05-19 8:24 UTC (permalink / raw)
To: meta
There's no place for them in the commands and we don't take
messages; potentially printing them into a log opened in a
terminal is too dangerous.
Hoist out read_til_dot in the test while we're at it.
---
lib/PublicInbox/NNTP.pm | 4 ++--
t/nntpd.t | 30 +++++++++++++++++++++++-------
2 files changed, 25 insertions(+), 9 deletions(-)
diff --git a/lib/PublicInbox/NNTP.pm b/lib/PublicInbox/NNTP.pm
index e77ccaa..ac536f7 100644
--- a/lib/PublicInbox/NNTP.pm
+++ b/lib/PublicInbox/NNTP.pm
@@ -12,7 +12,6 @@ use PublicInbox::Msgmap;
use PublicInbox::Git;
use PublicInbox::MID qw(mid2path);
use Email::Simple;
-use Data::Dumper qw(Dumper);
use POSIX qw(strftime);
use Time::HiRes qw(clock_gettime CLOCK_MONOTONIC);
use URI::Escape qw(uri_escape_utf8);
@@ -151,7 +150,7 @@ sub process_line ($$) {
my $res = eval { $req->($self, @args) };
my $err = $@;
if ($err && !$self->{closed}) {
- chomp($l = Dumper(\$l));
+ chomp($l);
err($self, 'error from: %s (%s)', $l, $err);
$res = '503 program fault - command not performed';
}
@@ -972,6 +971,7 @@ sub event_read {
$self->{rbuf} .= $$buf;
while ($r > 0 && $self->{rbuf} =~ s/\A\s*([^\r\n]+)\r?\n//) {
my $line = $1;
+ return $self->close if $line =~ /[[:cntrl:]]/s;
my $t0 = now();
my $fd = $self->{fd};
$r = eval { process_line($self, $line) };
diff --git a/t/nntpd.t b/t/nntpd.t
index 60cf893..837b9d4 100644
--- a/t/nntpd.t
+++ b/t/nntpd.t
@@ -118,6 +118,18 @@ EOF
is($buf, "201 server ready - post via email\r\n", 'got greeting');
$s->autoflush(1);
+ syswrite($s, "NEWGROUPS\t19990424 000000 \033GMT\007\r\n");
+ is(0, sysread($s, $buf, 4096), 'GOT EOF on cntrl');
+
+ $s = IO::Socket::INET->new(%opts);
+ sysread($s, $buf, 4096);
+ is($buf, "201 server ready - post via email\r\n", 'got greeting');
+ $s->autoflush(1);
+
+ syswrite($s, "NEWGROUPS 19990424 000000 GMT\r\n");
+ $buf = read_til_dot($s);
+ like($buf, qr/\A231 list of /, 'newgroups OK');
+
while (my ($k, $v) = each %xhdr) {
is_deeply($n->xhdr("$k $mid"), { $mid => $v },
"XHDR $k by message-id works");
@@ -127,9 +139,7 @@ EOF
"$k by article range works");
$buf = '';
syswrite($s, "HDR $k $mid\r\n");
- do {
- sysread($s, $buf, 4096, length($buf));
- } until ($buf =~ /\r\n\.\r\n\z/);
+ $buf = read_til_dot($s);
my @r = split("\r\n", $buf);
like($r[0], qr/\A225 /, '225 response for HDR');
is($r[1], "0 $v", 'got expected response for HDR');
@@ -163,10 +173,7 @@ EOF
{
syswrite($s, "OVER $mid\r\n");
- $buf = '';
- do {
- sysread($s, $buf, 4096, length($buf));
- } until ($buf =~ /\r\n\.\r\n\z/);
+ $buf = read_til_dot($s);
my @r = split("\r\n", $buf);
like($r[0], qr/^224 /, 'got 224 response for OVER');
is($r[1], "0\tTesting for El\xc3\xa9anor\t" .
@@ -212,4 +219,13 @@ EOF
done_testing();
+sub read_til_dot {
+ my ($s) = @_;
+ my $buf = '';
+ do {
+ sysread($s, $buf, 4096, length($buf));
+ } until ($buf =~ /\r\n\.\r\n\z/);
+ $buf;
+}
+
1;
^ permalink raw reply related [relevance 6%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-05-19 8:24 7% nntpd: various bug fixes Eric Wong
2016-05-19 8:24 6% ` [PATCH 1/2] nntpd: reject control characters entirely Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).