* oort gnus gets frozen.
@ 2001-02-06 0:36 Maciej Matysiak
2001-02-06 3:33 ` Karl Kleinpaste
0 siblings, 1 reply; 2+ messages in thread
From: Maciej Matysiak @ 2001-02-06 0:36 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 211 bytes --]
latest (one hour old or so) cvs oort gnus freezes when i try to read the
following message:
(that's a msg from bugtraq, from Valentin Nechayev <netch@LUCKY.NET>,
Message-ID: <20010205104036.A3465@lucky.net>)
[-- Attachment #2: bogus message --]
[-- Type: application/octet-stream, Size: 3883 bytes --]
Return-Path: <owner-bugtraq@SECURITYFOCUS.COM>
Delivered-To: phoner@mail.wsc.com.pl
Received: (qmail 32106 invoked by uid 504); 5 Feb 2001 19:37:56 -0000
Delivered-To: v-blah-phoner@BLAH.PL
Received: (qmail 32103 invoked by uid 0); 5 Feb 2001 19:37:56 -0000
Received: from lists.securityfocus.com (66.38.151.7)
by ogryzek.wsc.pl with SMTP; 5 Feb 2001 19:37:56 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7])
by lists.securityfocus.com (Postfix) with ESMTP
id 5FAE224CFA5; Mon, 5 Feb 2001 10:53:36 -0700 (MST)
Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
(LISTSERV-TCP/IP release 1.8d) with spool id 24852203 for
BUGTRAQ@LISTS.SECURITYFOCUS.COM; Mon, 5 Feb 2001 10:53:19 -0700
Approved-By: beng@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Received: from securityfocus.com (mail.securityfocus.com [66.38.151.9]) by
lists.securityfocus.com (Postfix) with SMTP id 5E95924C56F for
<bugtraq@lists.securityfocus.com>; Mon, 5 Feb 2001 01:37:46 -0700
(MST)
Received: (qmail 13463 invoked by alias); 5 Feb 2001 08:37:54 -0000
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
Received: (qmail 13460 invoked from network); 5 Feb 2001 08:37:53 -0000
Received: from burka.carrier.kiev.ua (193.193.193.107) by
mail.securityfocus.com with SMTP; 5 Feb 2001 08:37:53 -0000
Received: from netch@localhost by burka.carrier.kiev.ua id KPQ04940; Mon, 5
Feb 2001 10:40:36 +0200 (EET) (envelope-from netch)
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mutt 1.0i
X-42: On
X-Gnus-Mail-Source: maildir:/mnt/3/phoner/Maildir/new
Message-ID: <20010205104036.A3465@lucky.net>
Date: Mon, 5 Feb 2001 10:40:36 +0200
Reply-To: netch@lucky.net
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Valentin Nechayev <netch@LUCKY.NET>
Subject: Re: m4 format string vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM
Lines: 75
Xref: ogryzek bugtraq-l-2001-02:99
> > confirmed for red hat linux 7.0:
> > [kerouac:mg:~]m4 -G %x
All folks tests it with -G, but it is not really needed.
FreeBSD ports:
netch@iv:~>gm4 -G %x
gm4: bfbffb8c: No such file or directory
netch@iv:~>gm4 %x
gm4: bfbffb8c: No such file or directory
netch@iv:~>gm4 %d
gm4: -1077937268: No such file or directory
netch@iv:~>gm4 %s
gm4: o=FC=BF=BF=84=FC=BF=BF=9E=FC=BF=BF=B3=FC=BF=BF=CA=FC=BF=BF=E5=FC=BF=BF=
=F1=FC=BF=BF=FA=FC=BF=BF=FD=BF=BF=1C=FD=BF=BF6=FD=BF=BFK=FD=BF=BFe=FD=BF=BF=
s=FD=BF=BF{=FD=BF=BF=91=FD=BF=BF=AB=FD=BF=BF=B9=FD=BF=BF=CB=FD=BF
=BF=D8=FD=BF=BF=EE=FD=BF=BFe=FE=BF=BFx=FE=BF=BF=90=FE=BF=BF: No such file o=
r directory
(port is m4-1.4)
RH 7.0:
netch@yacc:~>m4 %x
m4: 80499d9: No such file or directory
netch@yacc:~>m4 %d
m4: 134519257: No such file or directory
RH 6.2:
netch@sleipnir:~>m4 %x
m4: 401081cc: No such file or directory
netch@sleipnir:~>rpm -q m4
m4-1.4-12
and so on. Possibly all GNU versions are vulnerable.
Patch against this (tabs are broken by cut-and-paste):
--- src/m4.c.orig Wed Nov 2 05:14:28 1994
+++ src/m4.c Mon Feb 5 10:36:17 2001
@@ -466,7 +466,7 @@
fp =3D path_search (argv[optind]);
if (fp =3D=3D NULL)
{
- error (0, errno, argv[optind]);
+ error (0, errno, "%s", argv[optind]);
continue;
}
else
Another the only bad usage of error():
m4.c:372: error (0, errno, optarg);
part of code:
=3D=3D=3D{{{
case 'o':
if (!debug_set_output (optarg))
error (0, errno, optarg);
break;
=3D=3D=3D}}}
patch is of the same idea.
> > m4: 80499d9: Datei oder Verzeichnis nicht gefunden
> > [kerouac:mg:~]cat /etc/redhat-release
> > Red Hat Linux release 7.0 (Guinness)
> > [kerouac:mg:~]rpm -q m4
> > m4-1.4.1-3
/netch
[-- Attachment #3: Type: text/plain, Size: 1795 bytes --]
the cpu load gets very high (well, on my p120), i just have to kill
xemacs. on my console, from which startx is run, i can find then:
,----
| current stat is :3
|
| Lisp backtrace follows:
|
| mm-decode-coding-region(2049 3686 koi8-r)
| # bind (coding-system)
| # (unwind-protect ...)
| # bind (type encoding charset)
| mm-decode-body("koi8-r" quoted-printable "text/plain")
| # (unwind-protect ...)
| # (unwind-protect ...)
| # bind (inhibit-point-motion-hooks case-fold-search buffer-read-only
| # mail-parse-charset mail-parse-ignored-charsets ct cte ctl charset format
| # prompt)
| article-decode-charset()
| run-hooks(article-decode-charset)
| # bind (do-update-line sparse-header group article)
| gnus-request-article-this-buffer(99 "nnml:bugtraq-l-2001-02")
| # bind (buffer-read-only)
| # (unwind-protect ...)
| # bind (result group gnus-tmp-internal-hook summary-buffer gnus-article)
| # (unwind-protect ...)
| # bind (header all-headers article)
| gnus-article-prepare(99 nil)
| # bind (all-header article)
| gnus-summary-display-article(99 nil)
| # (unwind-protect ...)
| # bind (article all-headers gnus-summary-display-article-function article
| # pseudo force all-headers)
| gnus-summary-select-article(nil nil pseudo)
| # bind (lines)
| gnus-summary-scroll-up(1)
| # bind (command-debug-status)
| call-interactively(gnus-summary-scroll-up)
| # (condition-case ... . error)
| # (catch top-level ...)
|
| current stat is :1
| current stat is :2
| xinit: connection to X server lost.
`----
the message has:
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: quoted-printable
but it looks like it should have charset=us-ascii.
waiting for fix,
m.m.
--
use gnus not guns!
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: oort gnus gets frozen.
2001-02-06 0:36 oort gnus gets frozen Maciej Matysiak
@ 2001-02-06 3:33 ` Karl Kleinpaste
0 siblings, 0 replies; 2+ messages in thread
From: Karl Kleinpaste @ 2001-02-06 3:33 UTC (permalink / raw)
Maciej Matysiak <phoner@blah.pl> writes:
> latest (one hour old or so) cvs oort gnus freezes when i try to read the
> following message:
For what it's worth, when I "view part as type" on the forwarded
message as message/rfc822, my XEmacs 21.2.43 + up-to-date CVS Oort,
Gnus simply displays it after a second or two worth of cogitation.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-02-06 3:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-02-06 0:36 oort gnus gets frozen Maciej Matysiak
2001-02-06 3:33 ` Karl Kleinpaste
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).