Audit of INN against draft-ietf-nntpext-base-13.txt complete
Russ Allbery
rra at stanford.edu
Sun Jul 8 13:08:05 UTC 2001
[ Note that this message is addressed to inn-workers and ietf-nntp, both
of which restrict posting to members only, and which cover divergent
topics. When replying to this message, please seriously consider
replying only on the mailing list where you read it unless your reply is
on-topic for both mailing lists and you're already on both lists. ]
I've finished an audit of INN against draft-ietf-nntpext-base-13.txt, the
current draft of the new NNTP standard. Due to the nature of this sort of
work, I'm sure that I've missed a few things, but I tried to be fairly
comprehensive. The results of this audit are available both from my web
site at:
<http://www.eyrie.org/~eagle/nntp/inn-audit.txt>
and has also been added to INN as ~/doc/compliance-nntp. The latter
document will be modified over time to remove issues that have been fixed
in the current source base.
Many of the identified issues are minor; some in fact took longer to
document than they would have to fix. I haven't fixed any yet, however,
and took the route of pure documentation because I think the full list of
issues will be of interest to the NNTP working group as a reasonable check
of how compliant one of the more widely-deployed servers is.
This audit was only done against the CURRENT tree, but as one can see from
the Versions header in each identified issue, most of these issues are
very long-standing (the majority date from INN 1.0). Each issue has a
note about impact and a suggested fix.
Here are the one-line summaries of the issues I found:
Summary: innd doesn't require whitespace between commands and arguments
Summary: INN doesn't check argument length
Summary: Initial activity timer is shorter than three minutes
Summary: Inactivity timer configuration isn't checked
Summary: nnrpd sends a final message on inactivity timeout
Summary: Reply codes other than x9x used for private extensions
Summary: innd may return 480 instead of 500 for unrecognized commands
Summary: INN rejects invalid LIST and MODE commands with 500, not 501
Summary: innd rejects reader commands with 500, not 502
Summary: innd always sends 200 for an accepted connection
Summary: innd sends 504 or 505 on connection failures sometimes
Summary: innd doesn't support LIST EXTENSIONS
Summary: Xref slaving causes problems with article numbers
Summary: nnrpd can respond with 423 to a NEXT or LAST command
Summary: nnrpd improperly handles zero-argument ARTICLE w/missing articles
Summary: nnrpd fails on articles without Message-ID headers
Summary: innd's response to HEAD isn't correct
Summary: innd's response to STAT isn't correct
Summary: nnrpd rejects articles with lines over 998 octets
Summary: nnrpd responds with 480 to IHAVE
Summary: nnrpd doesn't handle zero-argument LISTGROUP
Summary: nnrpd doesn't return 420 errors when there is no overview info
Summary: innd doesn't generate overview correctly for non-printing chars
Summary: HDR can return message IDs rather than article numbers
Summary: NEWGROUPS and NEWNEWS support the UTC keyword
Summary: NEWGROUPS supports the obsolete distribution argument
Summary: NEWNEWS supports the obsolete distribution argument
Summary: innd improperly caches DNS returns
The full text is available from the locations mentioned above.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list