oort gnus gets frozen.

Gnus development mailing list
 help / color / mirror / Atom feed

* oort gnus gets frozen.
@ 2001-02-06  0:36 Maciej Matysiak
  2001-02-06  3:33 ` Karl Kleinpaste
  0 siblings, 1 reply; 2+ messages in thread
From: Maciej Matysiak @ 2001-02-06  0:36 UTC (permalink / raw)


[-- Attachment #1: Type: text/plain, Size: 211 bytes --]


latest (one hour old or so) cvs oort gnus freezes when i try to read the
following message:
 (that's a msg from bugtraq, from Valentin Nechayev <netch@LUCKY.NET>,
 Message-ID: <20010205104036.A3465@lucky.net>)

[-- Attachment #2: bogus message --]
[-- Type: application/octet-stream, Size: 3883 bytes --]

Return-Path: <owner-bugtraq@SECURITYFOCUS.COM>
Delivered-To: phoner@mail.wsc.com.pl
Received: (qmail 32106 invoked by uid 504); 5 Feb 2001 19:37:56 -0000
Delivered-To: v-blah-phoner@BLAH.PL
Received: (qmail 32103 invoked by uid 0); 5 Feb 2001 19:37:56 -0000
Received: from lists.securityfocus.com (66.38.151.7)
  by ogryzek.wsc.pl with SMTP; 5 Feb 2001 19:37:56 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7])
	by lists.securityfocus.com (Postfix) with ESMTP
	id 5FAE224CFA5; Mon,  5 Feb 2001 10:53:36 -0700 (MST)
Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
          (LISTSERV-TCP/IP release 1.8d) with spool id 24852203 for
          BUGTRAQ@LISTS.SECURITYFOCUS.COM; Mon, 5 Feb 2001 10:53:19 -0700
Approved-By: beng@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Received: from securityfocus.com (mail.securityfocus.com [66.38.151.9]) by
          lists.securityfocus.com (Postfix) with SMTP id 5E95924C56F for
          <bugtraq@lists.securityfocus.com>; Mon,  5 Feb 2001 01:37:46 -0700
          (MST)
Received: (qmail 13463 invoked by alias); 5 Feb 2001 08:37:54 -0000
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
Received: (qmail 13460 invoked from network); 5 Feb 2001 08:37:53 -0000
Received: from burka.carrier.kiev.ua (193.193.193.107) by
          mail.securityfocus.com with SMTP; 5 Feb 2001 08:37:53 -0000
Received: from netch@localhost by burka.carrier.kiev.ua  id KPQ04940; Mon, 5
          Feb 2001 10:40:36 +0200 (EET) (envelope-from netch)
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mutt 1.0i
X-42: On
X-Gnus-Mail-Source: maildir:/mnt/3/phoner/Maildir/new
Message-ID:  <20010205104036.A3465@lucky.net>
Date:         Mon, 5 Feb 2001 10:40:36 +0200
Reply-To: netch@lucky.net
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Valentin Nechayev <netch@LUCKY.NET>
Subject:      Re: m4 format string vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM
Lines: 75
Xref: ogryzek bugtraq-l-2001-02:99

> > confirmed for red hat linux 7.0:
> > [kerouac:mg:~]m4 -G %x

All folks tests it with -G, but it is not really needed.

FreeBSD ports:

netch@iv:~>gm4 -G %x
gm4: bfbffb8c: No such file or directory
netch@iv:~>gm4 %x
gm4: bfbffb8c: No such file or directory
netch@iv:~>gm4 %d
gm4: -1077937268: No such file or directory
netch@iv:~>gm4 %s
gm4: o=FC=BF=BF=84=FC=BF=BF=9E=FC=BF=BF=B3=FC=BF=BF=CA=FC=BF=BF=E5=FC=BF=BF=
=F1=FC=BF=BF=FA=FC=BF=BF=FD=BF=BF=1C=FD=BF=BF6=FD=BF=BFK=FD=BF=BFe=FD=BF=BF=
s=FD=BF=BF{=FD=BF=BF=91=FD=BF=BF=AB=FD=BF=BF=B9=FD=BF=BF=CB=FD=BF
=BF=D8=FD=BF=BF=EE=FD=BF=BFe=FE=BF=BFx=FE=BF=BF=90=FE=BF=BF: No such file o=
r directory

(port is m4-1.4)

RH 7.0:

netch@yacc:~>m4 %x
m4: 80499d9: No such file or directory
netch@yacc:~>m4 %d
m4: 134519257: No such file or directory

RH 6.2:

netch@sleipnir:~>m4 %x
m4: 401081cc: No such file or directory
netch@sleipnir:~>rpm -q m4
m4-1.4-12

and so on. Possibly all GNU versions are vulnerable.

Patch against this (tabs are broken by cut-and-paste):

--- src/m4.c.orig   Wed Nov  2 05:14:28 1994
+++ src/m4.c        Mon Feb  5 10:36:17 2001
@@ -466,7 +466,7 @@
            fp =3D path_search (argv[optind]);
            if (fp =3D=3D NULL)
              {
-               error (0, errno, argv[optind]);
+               error (0, errno, "%s", argv[optind]);
                continue;
              }
            else

Another the only bad usage of error():

m4.c:372:         error (0, errno, optarg);

part of code:

=3D=3D=3D{{{
      case 'o':
        if (!debug_set_output (optarg))
          error (0, errno, optarg);
        break;
=3D=3D=3D}}}

patch is of the same idea.

> > m4: 80499d9: Datei oder Verzeichnis nicht gefunden
> > [kerouac:mg:~]cat /etc/redhat-release
> > Red Hat Linux release 7.0 (Guinness)
> > [kerouac:mg:~]rpm -q m4
> > m4-1.4.1-3


/netch

[-- Attachment #3: Type: text/plain, Size: 1795 bytes --]

the cpu load gets very high (well, on my p120), i just have to kill
xemacs. on my console, from which startx is run, i can find then:

,----
| current stat is :3
| 
| Lisp backtrace follows:
| 
|   mm-decode-coding-region(2049 3686 koi8-r)
|   # bind (coding-system)
|   # (unwind-protect ...)
|   # bind (type encoding charset)
|   mm-decode-body("koi8-r" quoted-printable "text/plain")
|   # (unwind-protect ...)
|   # (unwind-protect ...)
|   # bind (inhibit-point-motion-hooks case-fold-search buffer-read-only
|   # mail-parse-charset mail-parse-ignored-charsets ct cte ctl charset format
|   # prompt)
|   article-decode-charset()
|   run-hooks(article-decode-charset)
|   # bind (do-update-line sparse-header group article)
|   gnus-request-article-this-buffer(99 "nnml:bugtraq-l-2001-02")
|   # bind (buffer-read-only)
|   # (unwind-protect ...)
|   # bind (result group gnus-tmp-internal-hook summary-buffer gnus-article)
|   # (unwind-protect ...)
|   # bind (header all-headers article)
|   gnus-article-prepare(99 nil)
|   # bind (all-header article)
|   gnus-summary-display-article(99 nil)
|   # (unwind-protect ...)
|   # bind (article all-headers gnus-summary-display-article-function article
|   # pseudo force all-headers)
|   gnus-summary-select-article(nil nil pseudo)
|   # bind (lines)
|   gnus-summary-scroll-up(1)
|   # bind (command-debug-status)
|   call-interactively(gnus-summary-scroll-up)
|   # (condition-case ... . error)
|   # (catch top-level ...)
| 
| current stat is :1
| current stat is :2
| xinit:  connection to X server lost.
`----

the message has:
 Mime-Version: 1.0
 Content-Type: text/plain; charset=koi8-r
 Content-Transfer-Encoding: quoted-printable
but it looks like it should have charset=us-ascii.

waiting for fix,
 m.m.
-- 
 use gnus not guns!

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: oort gnus gets frozen.
  2001-02-06  0:36 oort gnus gets frozen Maciej Matysiak
@ 2001-02-06  3:33 ` Karl Kleinpaste
  0 siblings, 0 replies; 2+ messages in thread
From: Karl Kleinpaste @ 2001-02-06  3:33 UTC (permalink / raw)

Maciej Matysiak <phoner@blah.pl> writes:
> latest (one hour old or so) cvs oort gnus freezes when i try to read the
> following message:

For what it's worth, when I "view part as type" on the forwarded
message as message/rfc822, my XEmacs 21.2.43 + up-to-date CVS Oort,
Gnus simply displays it after a second or two worth of cogitation.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2001-02-06  3:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-02-06  0:36 oort gnus gets frozen Maciej Matysiak
2001-02-06  3:33 ` Karl Kleinpaste

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).