Closed
Bug 481506
Opened 15 years ago
Closed 15 years ago
The latest email address filtering changes causes a DoS problem when comments have certain text in them
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.4
People
(Reporter: dkl, Assigned: LpSolit)
References
Details
(Keywords: perf)
Attachments
(4 files)
2.37 KB,
text/plain
|
Details | |
1.08 KB,
patch
|
Details | Diff | Splinter Review | |
785 bytes,
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
817 bytes,
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
The latest email address filtering changes in cvs causes a DoS problem when comments have certain text in them. Since bug comments are now filtered using Bugzilla::Util::email_filter, Email::Address is not able to handle some blocks of text properly and consumes massive amounts of CPU and also denies access to the bug itself for others. I am attaching a simple script that has the text from out site that causes the issue.
Assignee | ||
Comment 1•15 years ago
|
||
I can reproduce the problem. Hard blocker!
Assignee | ||
Comment 2•15 years ago
|
||
The code "freezes" at Email::Address->parse().
Assignee | ||
Comment 3•15 years ago
|
||
rjbs: could you investigate? There is a serious problem with ->parse().
Assignee | ||
Comment 4•15 years ago
|
||
Huh? I added "print 1" right after |return unless $line;| in Email/Address.pm, and this line is never reached?!
Assignee | ||
Comment 5•15 years ago
|
||
From what I can see, the problem comes from: my (@mailboxes) = ($line =~ /$mailbox/go); in parse().
Assignee | ||
Comment 6•15 years ago
|
||
$mailbox = qr/(?:$name_addr|$addr_spec)$comment*/; is the line which makes everything slow. If I split it as: $mailbox1 = qr/$name_addr$comment*/; $mailbox2 = qr/$addr_spec$comment*/; it's fast again. But I don't know if this hack has the exact same effect as the original code or not (e.g. could it find the same mailbox twice?).
Assignee | ||
Comment 7•15 years ago
|
||
Workaround: don't filter email addresses in comments. As said in bug 219021 comment 54, filtering email addresses in bug comments is only a bonus.
Attachment #365557 -
Flags: review?
Comment on attachment 365557 [details] [diff] [review] Workaround, v1 r=glob
Attachment #365557 -
Flags: review? → review+
Assignee | ||
Comment 9•15 years ago
|
||
mkanat: do you agree to take this fix for now? We can revert it for Bugzilla 3.6 if the bug in Email::Address->parse is fixed meanwhile.
Flags: approval?
Comment 10•15 years ago
|
||
Yeah, I agree for now. :-)
Status: NEW → ASSIGNED
Flags: approval? → approval+
Assignee | ||
Comment 11•15 years ago
|
||
Checking in template/en/default/bug/comments.html.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/comments.html.tmpl,v <-- comments.html.tmpl new revision: 1.41; previous revision: 1.40 done
Assignee: general → LpSolit
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 12•15 years ago
|
||
This change needs to be in template/en/default/bug/show.xml.tmpl as well. That is where we first noticed it. Dave
Comment 13•15 years ago
|
||
Okay, we should also fix anywhere that comments are shown, as dkl points out.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 14•15 years ago
|
||
I checked, and that's the single other place where comments are filtered.
Attachment #365580 -
Flags: review?(dkl)
Updated•15 years ago
|
Attachment #365580 -
Flags: review?(dkl) → review+
Comment 15•15 years ago
|
||
Comment on attachment 365580 [details] [diff] [review] Workaround part 2, v1 Okay, sounds fine to me.
Assignee | ||
Comment 16•15 years ago
|
||
Checking in template/en/default/bug/show.xml.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/show.xml.tmpl,v <-- show.xml.tmpl new revision: 1.28; previous revision: 1.27 done
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•