Closed Bug 75973 Opened 23 years ago Closed 23 years ago

crash [@ nsMsgNewsFolder::GetNntpServer()] when trying to load bogus NNTP server URIs

Categories

(SeaMonkey :: MailNews: Message Display, defect, P1)

Product:
SeaMonkey
Component:
MailNews: Message Display
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: stephend, Assigned: sspitzer)

References

Details

(Keywords: crash, Whiteboard: [nsbeta1+])

Crash Data

Attachments

(7 files)

Stack, obviously, something in our JS code doesn't parse this character correctly.
1.44 KB, text/plain
Details
Better stack trace this time.
6.32 KB, text/plain
Details
Stephend's stacktraces to this bug are bogus. Attaching a good one.
5.83 KB, text/plain
Details
initial patch
1.82 KB, patch
Details | Diff | Splinter Review
updated fix.
2.04 KB, patch
Details | Diff | Splinter Review
new patch
2.36 KB, patch
Details | Diff | Splinter Review
patch
2.36 KB, patch
Details | Diff | Splinter Review 
Build ID: 4-13 (all OSs)

Summary: Crash in Account Wizard, with "secnews/netscape.communicator" as an 
NNTP server.

Steps to Reproduce:

1.  Spawn the Account Wizard, create an NNTP account.
2.  In the server window, enter "secnews/netscape.communicator" as your NNTP 
server.
3.  Click Finish.

Expected:

A non-existant news server is created in the Folder Pane, which is not 
subscribable)

Actual:

We crash.  Stack coming.

Note: The correct name for this server is "secnews.netscape.com".  In the above 
example, the user *might* be thinking they can put a newsgroup name in here, 
after the name of the server.  I highly doubt it, but in any case, we should 
either escape the "/". - string.replace("/", ""); Would that work?  I'm sure 
there's a better solution though.
Talkback is down, I'll step into a debug build and grab a stack.
Keywords: crash, nsbeta1
QA Contact: esther → stephend
Priority: -- → P3
Whiteboard: [nsbeta1+]
Target Milestone: --- → mozilla0.9.1
Blocks: 75976
We should show an alert saying that we couldn't connect to the specified server.
I misunderstood, ignore my above comments. When I tried this I crashed 
immediately upon OKing the Account Wizard as noted.

I am investigating now...
*** Bug 75976 has been marked as a duplicate of this bug. ***
So, this bug is really about bullet-proofing and making it so we don't load
corrupt server URIs. I will try my hand at it.
Assignee: sspitzer → hwaara
Fixing summary. Adding jpatel for possible talkback info.
Summary: Crash in Account Wizard, with "secnews/netscape.communicator" as an NNTP server. → crash [@ nsMsgNewsFolder::GetNntpServer()] when trying to load bogus NNTP server URIs
Priority: P3 → P1
I sent a patch/workaround and a description of it to Seth this past week. Still
waiting for info on how to proceed on this...
*** Bug 80091 has been marked as a duplicate of this bug. ***
taking back, working on the fix for this.

need to fix some news code and some account wizard stuff.
Assignee: hwaara → sspitzer
No longer depends on: 80519
What!?  What about the patch I sent you two weeks ago that you still hasn't
commented?
calm down.  I just sent you private about your patch.

summary:  the first thing to do is to fix the account wizard.  working on that now.
Status: NEW → ASSIGNED
for the account wizard problem, we are blocked bug 80519.

if that were fixed, we could land the attached patch.  

todo for this patch is to extend hostnameIsIllegal() to cover more than "/".

I think rfc 952 covers all the rules.  see 
http://www.netsys.com/sunmgr/1998-08/msg00178.html

of course, IP address would also be legal for server hostnames.

some form of hostname checking may already live in mozilla, so we should look 
for it first.

there still may be more crashers lurking after this patch.  for example, a 
bogus news://host/message-id or news://host or news://host/group url does not 
go through the account manager.  I'll have to try those cases out to see if 
more work needs to be done.

but in any case, I'm going to wait until #80519 is fixed.
moving to 0.9.2

this can wait.
Target Milestone: mozilla0.9.1 → mozilla0.9.2
new patch coming... (my old patch was the wild goose that was causing the 
invalid bugs that I logged.)
this patch can land (to prevent the crash) but I'll log a new bug on finishing 
hostnameIsIllegal()

racham, can you review?
+  if (hostname == "") return true;
+
+  // make sure hostname is valid.
+  // XXX TODO do a complete check.  see rfc 952
+  if (hostname.indexOf("/") != -1) return true;

Maybe you could combine those checks, in a single if()?

+    if (!server) return NS_ERROR_FAILURE;

I think you should return NS_ERROR_NULL_POINTER if server turns out to be null.

Were there no callers you need to fix up to validate()?

r=hwaara
Seth,

you may want to say 

if (!hostname) return true;

instead of 

if (hostname == "") return true;

r=racham.
thanks for the feedback, I'll create a new patch.
here's a new patch, with more robust but not complete hostname checking.

it will prevent empty hostnames, or hostnames with any illegal characters.

but some illegal hostnames will still get through.  (see my comment in the 
patch.)

once this lands, I'll log a new bug to track that issue.
Before you commit, can you just change:

+ // bug hostname like "...." and "_" and ".111" will get by

into:

+ //but hostnames like "...." and "_" and ".111" will get by

Just for clarity, when/if others work on the code. (Sorry to nit-pick)
no no, thanks for catching my spelling / grammar mistakes.

I just wish I had you to proof read my bugzilla comments, news postings, email,
comments, code, etc.

there is a disconnect between my brain and my hands, I swear!

new patch on the way.
sr=bienvenu

#80855 logged for the remaining issue.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified FIXED on:
Mac OS 9.1 Build ID: 2001051508
RedHat 7.0 Build ID: 2001051508
Windows 2K Build ID: 2001051504

Entering an invalid news server name such as secnews/netscape.communicator
throws up an alert, "Please enter a valid hostname.", instead of crashing.
Status: RESOLVED → VERIFIED
Severity: major → critical
Product: Browser → Seamonkey
Crash Signature: [@ nsMsgNewsFolder::GetNntpServer()]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: