Debian Bug report logs - #526646
tin crashes if server doesn't support either CAPABILITIES or MODE READER

version graph

Package: tin; Maintainer for tin is Marco d'Itri <md@linux.it>; Source for tin is src:tin.

Reported by: Antti-Juhani Kaijanaho <ajk@debian.org>

Date: Sat, 2 May 2009 13:36:02 UTC

Severity: minor

Found in version tin/1:1.9.4-1

Fixed in version tin/1:1.9.5~20090720-1

Done: Marco d'Itri <md@linux.it>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#526646; Package tin. (Sat, 02 May 2009 13:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Antti-Juhani Kaijanaho <ajk@debian.org>:
New Bug report received and forwarded. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 02 May 2009 13:36:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Antti-Juhani Kaijanaho <ajk@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: tin crashes if server doesn't support either CAPABILITIES or MODE READER
Date: Sat, 02 May 2009 16:34:01 +0300
Package: tin
Version: 1:1.9.4-1
Severity: minor

If tin receives 500 for both CAPABILITIES and MODE READER, it loops trying both
and eventually crashes.

The cause of the crash seems to be on line 1148 of src/nntplib.c, where
the check_extensions function is called recursively if both CAPABILITIES and
MODE READER fail, eventually exhausting the stack space.  The comment says that
this is for a second attempt, but there is no check that we aren't already in
the second (or the five hundreth) attempt.


(Minor because this was uncovered in testing an incomplete server - I do not
know how widespread servers that trigger this are in the wild.  However, I do
not believe a client should crash however broken the server is.)

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29.2-ibid-1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages tin depends on:
ii  debconf [debconf-2.0]     1.5.26         Debian configuration management sy
ii  libc6                     2.9-9          GNU C Library: Shared libraries
ii  libcanlock2               2b-5           library for creating and verifying
ii  libidn11                  1.14-3         GNU Libidn library, implementation
ii  libncursesw5              5.7+20090411-1 shared libraries for terminal hand
ii  libpcre3                  7.8-2          Perl 5 Compatible Regular Expressi
ii  libuu0                    0.5.20-3.1     Library for decoding/encoding seve

Versions of packages tin recommends:
ii  postfix [mail-transport-agent 2.5.5-1.1  High-performance mail transport ag

Versions of packages tin suggests:
ii  gnupg                       1.4.9-4      GNU privacy guard - a free PGP rep
ii  ispell                      3.1.20.0-4.4 International Ispell (an interacti
ii  metamail                    2.7-54       implementation of MIME

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#526646; Package tin. (Sat, 02 May 2009 14:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Urs Janßen <urs@tin.org>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 02 May 2009 14:57:03 GMT) Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Urs Janßen <urs@tin.org>
To: Antti-Juhani Kaijanaho <ajk@debian.org>, 526646@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#526646: tin crashes if server doesn't support either CAPABILITIES or MODE READER
Date: Sat, 2 May 2009 16:56:22 +0200
On Sat, May 02, 2009 at 04:34:01PM +0300, Antti-Juhani Kaijanaho wrote:
> Package: tin
> Version: 1:1.9.4-1
> Severity: minor
> 
> If tin receives 500 for both CAPABILITIES and MODE READER, it loops trying
> both and eventually crashes.
> 
> The cause of the crash seems to be on line 1148 of src/nntplib.c, where
> the check_extensions function is called recursively if both CAPABILITIES and
> MODE READER fail, eventually exhausting the stack space.  The comment says that
> this is for a second attempt, but there is no check that we aren't already in
> the second (or the five hundreth) attempt.
> 
> (Minor because this was uncovered in testing an incomplete server - I do not
> know how widespread servers that trigger this are in the wild.  However, I do
> not believe a client should crash however broken the server is.)

this is already fixed upstream in the lastest snapshot

urs
-- 
"Only whimps use tape backup: _real_ men just upload their important stuff
 on ftp, and let the rest of the world mirror it ;)" - Linus





Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#526646; Package tin. (Sat, 02 May 2009 14:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Urs Janßen <urs@tin.org>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 02 May 2009 14:57:04 GMT) Full text and rfc822 format available.

Reply sent to Marco d'Itri <md@linux.it>:
You have taken responsibility. (Mon, 10 Aug 2009 14:30:06 GMT) Full text and rfc822 format available.

Notification sent to Antti-Juhani Kaijanaho <ajk@debian.org>:
Bug acknowledged by developer. (Mon, 10 Aug 2009 14:30:07 GMT) Full text and rfc822 format available.

Message #20 received at 526646-close@bugs.debian.org (full text, mbox):

From: Marco d'Itri <md@linux.it>
To: 526646-close@bugs.debian.org
Subject: Bug#526646: fixed in tin 1:1.9.5~20090720-1
Date: Mon, 10 Aug 2009 13:58:33 +0000
Source: tin
Source-Version: 1:1.9.5~20090720-1

We believe that the bug you reported is fixed in the latest version of
tin, which is due to be installed in the Debian FTP archive:

tin_1.9.5~20090720-1.diff.gz
  to pool/main/t/tin/tin_1.9.5~20090720-1.diff.gz
tin_1.9.5~20090720-1.dsc
  to pool/main/t/tin/tin_1.9.5~20090720-1.dsc
tin_1.9.5~20090720-1_i386.deb
  to pool/main/t/tin/tin_1.9.5~20090720-1_i386.deb
tin_1.9.5~20090720.orig.tar.gz
  to pool/main/t/tin/tin_1.9.5~20090720.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 526646@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco d'Itri <md@linux.it> (supplier of updated tin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Aug 2009 15:33:49 +0200
Source: tin
Binary: tin
Architecture: source i386
Version: 1:1.9.5~20090720-1
Distribution: unstable
Urgency: low
Maintainer: Marco d'Itri <md@linux.it>
Changed-By: Marco d'Itri <md@linux.it>
Description: 
 tin        - A full-screen easy to use Usenet newsreader
Closes: 525917 526646
Changes: 
 tin (1:1.9.5~20090720-1) unstable; urgency=low
 .
   * New upstream snapshot. Fixes:
     + CAPABILITIES errors handling. (Closes: #525917, #526646)
Checksums-Sha1: 
 e2812a04ae1ceccf498b42b2239b85a2616358d8 1078 tin_1.9.5~20090720-1.dsc
 6cf3303a77de730f051fb4a2e0c9d50f4c7bf0af 2251593 tin_1.9.5~20090720.orig.tar.gz
 b97d95da0fc99552c4b57e3b8cf1a77d943ebc07 11368 tin_1.9.5~20090720-1.diff.gz
 d26863ab29376241fb6c0f14d90eaf16b67e1ec9 465674 tin_1.9.5~20090720-1_i386.deb
Checksums-Sha256: 
 de45efd610f11c3a3d95ac133c48ff9a04d32c2d91be8b3bee6049f6e9f8ae71 1078 tin_1.9.5~20090720-1.dsc
 c1bfa1d2783d60f965f949a7154046eeaf875e373e315238d6c7d871b3a1bffd 2251593 tin_1.9.5~20090720.orig.tar.gz
 82eb650af9734051fad74391cb3a6e4d020b6ddc8d2d23e585aa7947daa339bd 11368 tin_1.9.5~20090720-1.diff.gz
 59a70a55288399b7461d1435426b4cdccdc5c8137c7a2f87f7bc5b2796639ed8 465674 tin_1.9.5~20090720-1_i386.deb
Files: 
 0225579c22ef254c4caa258a769fa2e0 1078 news optional tin_1.9.5~20090720-1.dsc
 7052cfaad8d5129e64bea0427e5a5d27 2251593 news optional tin_1.9.5~20090720.orig.tar.gz
 2c0d0c85cffb6d7839426f0b693e0b6d 11368 news optional tin_1.9.5~20090720-1.diff.gz
 914c455f2847446465435298c4878cbe 465674 news optional tin_1.9.5~20090720-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqAI4UACgkQFGfw2OHuP7EnhQCePtU4WvIMLEdSwIf65XVyYl2Q
3XQAnjxOIt4J5OB2/b9FDkfLQ/w1SYxd
=yE2q
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 18 Sep 2009 07:36:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 21:38:44 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.