Closed Bug 481506 Opened 15 years ago Closed 15 years ago

The latest email address filtering changes causes a DoS problem when comments have certain text in them

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
3.3.3
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.4

People

(Reporter: dkl, Assigned: LpSolit)

References

Details

(Keywords: perf)

Attachments

(4 files)

Test script that illustrates issue with certain text and Email::Address
2.37 KB, text/plain
Details
Hack for Email::Address->parse
1.08 KB, patch
Details | Diff | Splinter Review
Workaround, v1
785 bytes, patch
glob
: review+
Details | Diff | Splinter Review
Workaround part 2, v1
817 bytes, patch
mkanat
: review+
Details | Diff | Splinter Review 
The latest email address filtering changes in cvs causes a DoS problem when comments have certain text in them.

Since bug comments are now filtered using Bugzilla::Util::email_filter,
Email::Address is not able to handle some blocks of text properly and consumes
massive amounts of CPU and also denies access to the bug itself for others.

I am attaching a simple script that has the text from out site that causes the
issue.
I can reproduce the problem. Hard blocker!
Depends on: 219021
Flags: blocking3.4+
Keywords: perf
OS: Linux → All
Target Milestone: --- → Bugzilla 3.4
Version: unspecified → 3.3.3
The code "freezes" at Email::Address->parse().
rjbs: could you investigate? There is a serious problem with ->parse().
Huh? I added "print 1" right after |return unless $line;| in Email/Address.pm, and this line is never reached?!
From what I can see, the problem comes from:

  my (@mailboxes) = ($line =~ /$mailbox/go);

in parse().
$mailbox    = qr/(?:$name_addr|$addr_spec)$comment*/;

is the line which makes everything slow. If I split it as:

$mailbox1   = qr/$name_addr$comment*/;
$mailbox2   = qr/$addr_spec$comment*/;

it's fast again. But I don't know if this hack has the exact same effect as the original code or not (e.g. could it find the same mailbox twice?).
Attached patch Workaround, v1Splinter Review 
Workaround: don't filter email addresses in comments. As said in bug 219021 comment 54, filtering email addresses in bug comments is only a bonus.
Attachment #365557 - Flags: review?
Comment on attachment 365557 [details] [diff] [review]
Workaround, v1

r=glob
Attachment #365557 - Flags: review? → review+
mkanat: do you agree to take this fix for now? We can revert it for Bugzilla 3.6 if the bug in Email::Address->parse is fixed meanwhile.
Flags: approval?
Yeah, I agree for now. :-)
Status: NEW → ASSIGNED
Flags: approval? → approval+
Checking in template/en/default/bug/comments.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/comments.html.tmpl,v  <--  comments.html.tmpl
new revision: 1.41; previous revision: 1.40
done
Assignee: general → LpSolit
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
This change needs to be in template/en/default/bug/show.xml.tmpl as well. That is where we first noticed it.

Dave
Okay, we should also fix anywhere that comments are shown, as dkl points out.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I checked, and that's the single other place where comments are filtered.
Attachment #365580 - Flags: review?(dkl)
Attachment #365580 - Flags: review?(dkl) → review+
Comment on attachment 365580 [details] [diff] [review]
Workaround part 2, v1

Okay, sounds fine to me.
Checking in template/en/default/bug/show.xml.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/show.xml.tmpl,v  <--  show.xml.tmpl
new revision: 1.28; previous revision: 1.27
done
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: