From d9f8d7fbc53dfef25f8a8b260274afcade86ed42 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Wed, 18 May 2016 18:58:04 +0000
Subject: nntpd: reject control characters entirely

There's no place for them in the commands and we don't take
messages; potentially printing them into a log opened in a
terminal is too dangerous.

Hoist out read_til_dot in the test while we're at it.
---
 t/nntpd.t | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

(limited to 't')

diff --git a/t/nntpd.t b/t/nntpd.t
index 60cf8938..837b9d46 100644
--- a/t/nntpd.t
+++ b/t/nntpd.t
@@ -118,6 +118,18 @@ EOF
 	is($buf, "201 server ready - post via email\r\n", 'got greeting');
 	$s->autoflush(1);
 
+	syswrite($s, "NEWGROUPS\t19990424 000000 \033GMT\007\r\n");
+	is(0, sysread($s, $buf, 4096), 'GOT EOF on cntrl');
+
+	$s = IO::Socket::INET->new(%opts);
+	sysread($s, $buf, 4096);
+	is($buf, "201 server ready - post via email\r\n", 'got greeting');
+	$s->autoflush(1);
+
+	syswrite($s, "NEWGROUPS 19990424 000000 GMT\r\n");
+	$buf = read_til_dot($s);
+	like($buf, qr/\A231 list of /, 'newgroups OK');
+
 	while (my ($k, $v) = each %xhdr) {
 		is_deeply($n->xhdr("$k $mid"), { $mid => $v },
 			  "XHDR $k by message-id works");
@@ -127,9 +139,7 @@ EOF
 			  "$k by article range works");
 		$buf = '';
 		syswrite($s, "HDR $k $mid\r\n");
-		do {
-			sysread($s, $buf, 4096, length($buf));
-		} until ($buf =~ /\r\n\.\r\n\z/);
+		$buf = read_til_dot($s);
 		my @r = split("\r\n", $buf);
 		like($r[0], qr/\A225 /, '225 response for HDR');
 		is($r[1], "0 $v", 'got expected response for HDR');
@@ -163,10 +173,7 @@ EOF
 
 	{
 		syswrite($s, "OVER $mid\r\n");
-		$buf = '';
-		do {
-			sysread($s, $buf, 4096, length($buf));
-		} until ($buf =~ /\r\n\.\r\n\z/);
+		$buf = read_til_dot($s);
 		my @r = split("\r\n", $buf);
 		like($r[0], qr/^224 /, 'got 224 response for OVER');
 		is($r[1], "0\tTesting for El\xc3\xa9anor\t" .
@@ -212,4 +219,13 @@ EOF
 
 done_testing();
 
+sub read_til_dot {
+	my ($s) = @_;
+	my $buf = '';
+	do {
+		sysread($s, $buf, 4096, length($buf));
+	} until ($buf =~ /\r\n\.\r\n\z/);
+	$buf;
+}
+
 1;
-- 
cgit v1.2.3-24-ge0c7