Last Comment Bug 527315 - Unsolicited capabilities in tagged IMAP responses not correctly parsed, last token not recognized
: Unsolicited capabilities in tagged IMAP responses not correctly parsed, last ...
Status: VERIFIED FIXED
[tb3ride-along][fixed RC1 build 3]
: fixed-seamonkey2.0.1, regression
Product: MailNews Core
Classification: Components
Component: Networking: IMAP (show other bugs)
: Trunk
: All All
: -- normal with 1 vote (vote)
: Thunderbird 3
Assigned To: rsx11m
:
Mentors:
Depends on:
Blocks: 470650
  Show dependency treegraph
 
Reported: 2009-11-08 05:22 PST by rsx11m
Modified: 2010-01-08 07:15 PST (History)
4 users (show)
standard8: blocking‑thunderbird3-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
.1-fixed


Attachments
Mitigating patch (too ugly) (5.12 KB, patch)
2009-11-08 05:50 PST, rsx11m
no flags Details | Diff | Splinter Review
Proposed fix (v2) (7.46 KB, patch)
2009-11-08 10:48 PST, rsx11m
no flags Details | Diff | Splinter Review
use modern string api (6.13 KB, patch)
2009-11-20 12:21 PST, David :Bienvenu
no flags Details | Diff | Splinter Review
Patch to reset parser for ']' (2.11 KB, patch)
2009-11-20 12:56 PST, rsx11m
no flags Details | Diff | Splinter Review
Patch using nsCString, better ']' handling (6.53 KB, patch)
2009-11-20 13:38 PST, rsx11m
standard8: review+
mozilla: superreview+
standard8: approval‑thunderbird3+
Details | Diff | Splinter Review

Description rsx11m 2009-11-08 05:22:46 PST
One of my IMAP servers reports quota in the Folder Properties with Thunderbird 2.0.0.23 but not with 3.0pre builds. Comparing the IMAP logs between those two versions shows the following differences during authentication:

3.0pre:
> CreateNewLineFromSocket: * OK [CAPABILITY ... AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN] greeting
> SendData: 1 authenticate plain
> CreateNewLineFromSocket: +
> SendData: Logging suppressed for this command (authentication information)
> CreateNewLineFromSocket: 1 OK [CAPABILITY ... QUOTA] success

2.0.0.23:
> CreateNewLineFromSocket: * OK [CAPABILITY ... AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN] greeting
> SendData: 1 capability
> CreateNewLineFromSocket: * CAPABILITY ... QUOTA ... AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN
> CreateNewLineFromSocket: 1 OK CAPABILITY completed
> SendData: 2 authenticate plain
> CreateNewLineFromSocket: + 
> SendData: Logging suppressed for this command (authentication information)
> CreateNewLineFromSocket: 2 OK [CAPABILITY ... QUOTA] success

The server provides CAPABILITY information with the initial greeting (but no QUOTA at that time), and then again in a tagged response to the authentication (with QUOTA). Due to bug 401293 not present in 2.0.0.23, Thunderbird requests an explicit CAPABILITY with the QUOTA response. This looks like bug 470650 and should be fixed. However, note that the QUOTA token comes right before the ']' end token, which is a difference to attachment 354142 [details].

Some debugging in nsImapServerResponseParser::capability_data() showed that
the last token of the untagged greeting is correctly read (AUTH=LOGIN), and then the parsing stops. In contrast, the tagged response delivers a token QUOTA] and continues parsing the notification of a successful authentication. Since "QUOTA" != "QUOTA]" that capability is not recorded, thus no quota information is available in the Folder Properties. It probably works in 2.0.0.23 due to the additional solicited CAPABILITY with a response containing a clear QUOTA token.
Comment 1 rsx11m 2009-11-08 05:50:57 PST
Created attachment 411045 [details] [diff] [review]
Mitigating patch (too ugly)

This is a very direct fix, extending the already long if/else-if chain by the variants with a trailing ']'. It also stops parsing if a ']' is present in the token. While this works and gives me the quota information again, there is probably a better way to parse the string correctly (ideally not passing the ']' and any trailing notifications down to capability_data in the first place, as done for the untagged responses already, I couldn't figure out though where this is done). Anyway, this may do as a safe short-term solution.
Comment 2 David :Bienvenu 2009-11-08 07:02:25 PST
oh my, how about making a copy of the token and stripping off any trailing ']' and changing the comparisons to use the copy?
Comment 3 rsx11m 2009-11-08 07:48:20 PST
Ok, that patch is ugly, but it was the quickest way to solve the issue. ;-)
I'll have a look into the NSPR string handling and see how to do it.
Comment 4 rsx11m 2009-11-08 10:48:01 PST
Created attachment 411065 [details] [diff] [review]
Proposed fix (v2)

This should be better and creates a temporary copy of the token now. It also covers the "token]other" and "token ] other" cases. PL_strndup() takes care of proper termination of the string.
Comment 5 David :Bienvenu 2009-11-20 10:09:48 PST
I wonder if we can just null terminate fNextToken, chopping off the ']', which would make the patch a ton smaller...I'll look at the code.
Comment 6 David :Bienvenu 2009-11-20 10:11:10 PST
I don't think I'd block on this w/o knowing how common this form of server response is, though I'd take a ride-along.
Comment 7 rsx11m 2009-11-20 10:18:16 PST
(In reply to comment #5)
> I wonder if we can just null terminate fNextToken, chopping off the ']'

It's defined as const char* in nsIMAPGenericParser.h and seems to point to a location within the line which is currently being parsed, thus I didn't dare to simply write into it.
Comment 8 Mark Banner (:standard8) 2009-11-20 10:33:52 PST
(In reply to comment #6)
> I don't think I'd block on this w/o knowing how common this form of server
> response is, though I'd take a ride-along.

Agreed.
Comment 9 David :Bienvenu 2009-11-20 12:21:52 PST
Created attachment 413680 [details] [diff] [review]
use modern string api
Comment 10 David :Bienvenu 2009-11-20 12:22:53 PST
Comment on attachment 413680 [details] [diff] [review]
use modern string api

Does this fix the issue for you? I'm thinking if we're going to change all this code, might as well use CStrings...
Comment 11 rsx11m 2009-11-20 12:56:21 PST
Created attachment 413685 [details] [diff] [review]
Patch to reset parser for ']'

I can do that, but have worked on a solution for comment #7 by now. After some analysis of what AdvanceToNextToken() is actually doing, the line to be parsed is a strdup()-ed version pointed to by fStartOfLineOfTokens; while parsing, fNextToken points to the begin of the token while NS_strtok() finds the next token. When a space is found, it is set to '\0' and fCurrentTokenPlaceHolder points to the next character for the next pass.

Thus, when a ']' character is found in fNextToken, this patch determined the number of characters to move back and resets fCurrentTokenPlaceHolder (which is ensured to point right after the ']' in the string). Then, the character just before that pointer can be set to '\0', resulting in the same situation as if the ']' had been a white-space character.

If you consider this safe, this would be the most compact solution.
Comment 12 David :Bienvenu 2009-11-20 13:15:58 PST
Comment on attachment 413685 [details] [diff] [review]
Patch to reset parser for ']'

I find that a little scary, to be honest, and I wouldn't take it for 3.0
Comment 13 rsx11m 2009-11-20 13:23:53 PST
Comment on attachment 413680 [details] [diff] [review]
use modern string api

While this works, it continues parsing beyond the ']' and wouldn't take care of the "token]other" case.

I'll have a modified version based on this patch in a minute with those issues resolved.
Comment 14 rsx11m 2009-11-20 13:38:13 PST
Created attachment 413692 [details] [diff] [review]
Patch using nsCString, better ']' handling

Ok, that's hopefully it. This is using now token.Find() to look up the index
of the ']' character, if present, end stores it in endToken, thus used as an indicator to stop parsing after this token. Then, token is truncated as before
to the position just before the ']', if at least another character is present. Since Find() returns -1 if the string is not found, this is used as condition
to carry on condition with the loop.
Comment 15 rsx11m 2009-11-20 13:41:02 PST
(In reply to comment #14)
> ... just before the ']', if at least another character is present.

Actually, I've just noticed that I changed (endToken > 0) to (endToken >= 0), thus a stand-alone "]" token would be reduced to an empty string. This should
be equivalent, as neither "" nor "]" are looked for in the if() statements.
Comment 16 David :Bienvenu 2009-11-20 13:52:33 PST
Comment on attachment 413692 [details] [diff] [review]
Patch using nsCString, better ']' handling

looks good, thx.
Comment 17 rsx11m 2009-11-20 14:39:55 PST
Comment on attachment 413680 [details] [diff] [review]
use modern string api

David, I'm canceling the requests as you approved attachment 413692 [details] [diff] [review], to avoid confusion.
Comment 18 Mark Banner (:standard8) 2009-11-20 14:56:30 PST
Comment on attachment 413692 [details] [diff] [review]
Patch using nsCString, better ']' handling

>+      nsCString token(fNextToken);
>+      endToken = token.Find("]");

nit: should be FindChar(']')

r+a=Standard8. As this is going in on the relbranch, I'll deal with all the checkins in a few mins.
Comment 20 rsx11m 2009-11-20 15:33:10 PST
(In reply to comment #18)
> nit: should be FindChar(']')

Works for me with that change, thanks for the quick review and check-in.
Comment 21 u363629 2009-11-24 01:00:36 PST
(In reply to comment #8)
> (In reply to comment #6)
> > I don't think I'd block on this w/o knowing how common this form of server
> > response is, though I'd take a ride-along.
> 
> Agreed.

Dovecot in Version >=1.2 does it. Timo Sirainen did write to another bug (which I cannot find) and stated that this is due to efficiency and RFC-compliant.
As more and more big installations are moving to dovecot this is really an issue.
When I find the old bug I'll post the bug-id.
Comment 22 u363629 2009-11-24 01:03:52 PST
(In reply to comment #21)
> When I find the old bug I'll post the bug-id.

Here is the comment:
https://bugzilla.mozilla.org/show_bug.cgi?id=401293#c35
Comment 23 rsx11m 2009-11-24 04:53:36 PST
The issue is hopefully fixed for that type of server as well, bug 401293 caused the regression fixed in bug 470650, which in turn was complemented here.
Comment 24 Ludovic Hirlimann [:Usul] 2010-01-08 04:59:00 PST
(In reply to comment #23)
> The issue is hopefully fixed for that type of server as well, bug 401293 caused
> the regression fixed in bug 470650, which in turn was complemented here.

Could you update the status of the bug to Fixed ? and do your testing using 3.0.1pre so we could add the verified-tb3 keyword ?
Comment 25 rsx11m 2010-01-08 05:03:47 PST
Err, the bug has already been set to FIXED during checkin, and works fine
for me in in the 3.0 release and current nightlies. Are you referring to
comment #21? In that case, only Christian can verify that it's fixed too.
Comment 26 Ludovic Hirlimann [:Usul] 2010-01-08 05:38:09 PST
Thanks rsx11m
Comment 27 u363629 2010-01-08 07:11:09 PST
(In reply to comment #25)
>Are you referring to comment #21? In that case, only Christian can verify that >it's fixed too.

I don't know about the insides of your CAPABILITY parser code or when it's accepting which capabilities. But now thunderbird-3 accepts the quota capability offered after login and correctly shows the quota. So concerning this bug -> verified-tb3
Comment 28 rsx11m 2010-01-08 07:15:06 PST
Thanks for confirming.

Note You need to log in before you can comment on or make changes to this bug.