218253 – knode hangs on XOVER error

Bug 218253 - knode hangs on XOVER error

Summary: knode hangs on XOVER error

Status:	RESOLVED FIXED

Alias:	None

Product:	knode
Classification:	Unmaintained
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Unspecified

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-12-11 10:39 UTC by Arkadiusz Miskiewicz
Modified:	2009-12-14 23:18 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
fix from problem 1 (516 bytes, patch) 2009-12-11 23:44 UTC, Arkadiusz Miskiewicz	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Arkadiusz Miskiewicz 2009-12-11 10:39:47 UTC

Version:            (using KDE 4.3.4)
Installed from:    Unlisted Binary Package

knode queues it network jobs. Unfortunately it's able to hang for ever on XOVER error. Tracking network traffic shows for example:

XOVER 29-
224 No articles in 29-

and this error causes no problem BUT

XOVER 18446744073709541624-
501 Syntax error in range

and knode hangs here - it isn't able do get past there unless I cancel job via knode GUI.

Actually it looks like there are two bugs:
1) some overflow
2) lack of 501 error handling causing hang

Comment 1 Arkadiusz Miskiewicz 2009-12-11 11:19:05 UTC

add to 1)

GROUP alt.pl.edonkey2000
211 0 8 7 alt.pl.edonkey2000

group reply is correct and is correctly parsed as far as I can see, so it looks like the problem lives in the "first" parameter.

grpinfo for that group was:

UseDefaultExpConf=true
count=0
crosspostIDBuffer=
defaultChSet=
description=
doExpire=true
dynDataFormat=1
expInterval=5
firstMsg=4
groupname=alt.pl.edonkey2000
lastExpire=2005,3,6,0,0,0
lastMsg=0
name=
read=0
readDays=10
removeUnavailable=true
saveThreads=true
status=postingAllowed
unreadDays=15
useCharset=false

Comment 2 Arkadiusz Miskiewicz 2009-12-11 23:43:58 UTC

  first = qMax( first, firstSerNum );
  if ( max > 0 && lastSerNum - first > max ) {
    DBG << "first = " << lastSerNum << " - " << max << " + 1";
    first = lastSerNum - max + 1;
  }
in kdepimlibs-4.3.4/kioslave/nntp/nntp.cpp ends up doing this:

 first =  514  -  1000  + 1

where first is unsigned long... thus we end up which crappy value.

Comment 3 Arkadiusz Miskiewicz 2009-12-11 23:44:28 UTC

Created attachment 39003 [details]
fix from problem 1

Comment 4 Olivier Trichet 2009-12-14 23:18:01 UTC

SVN commit 1062490 by otrichet:

kio_nntp could send a broken XOVER request to the server and hang on an error answer.
This corrects the broken request.

Thanks to Arkadiusz Miskiewicz for the analysis.

Arkadiusz, I change your patch because the real integer overflow is in the
test "lastSerNum - first > max". Because lastSerNum and first are
"unsigned long", when "lastSerNum" is inferior to "first", the
computation of "lastSerNum - first" overflow and give a big long and as
a consequence the test succeeds.

CCBUG: 218253

 M  +5 -0      nntp.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1062490

Comment 5 Olivier Trichet 2009-12-14 23:18:04 UTC

SVN commit 1062491 by otrichet:

Report error when the result of an XOVER command is an error

BUG: 218253

 M  +3 -1      nntp.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1062491