Streaming NNTP bug (redux)

River Tarnell river at RT.UK.EU.ORG
Wed Jan 11 23:13:48 UTC 2012 

Hi,

Some time ago I posted about a strange behaviour from INN on my own 
server:
 <https://lists.isc.org/pipermail/inn-workers/2011-March/017392.html>

Julien wasn't able to reproduce the bug and I never saw that behaviour 
from any other server, so I never got around to investigating it 
further (or proving that it wasn't something about my system 
specifically).

However, I've now run across it again, from several of my peers.  For 
example:

Jan 11 22:58:39 INFO:     feeder: enfer-du-nord[87.98.157.95]:119: invalid response from command [.438 <jektk2$7ja$1 at dont-email.me>]
Jan 11 23:04:17 INFO:     feeder: tomockey[220.157.151.83]:119: invalid response from command [y438 <DkM4jRgkX7fAHPAXlidGc.0.gpbBcspOKKMq7MNTw.AHtQ at spot.net>]

For the second example I captured a packet trace, which can be seen 
here:
  <http://www.rt.uk.eu.org/~river/files/inn_bug.txt>

The relevant part is:

23:04:17.699596 IP s151083.ppp.asahi-net.or.jp.nntp > news-transit.rt.uk.eu.org.59499: . 36663:38065(1402) ack 49772 win 1281 <nop,nop, timestamp 4256181521 8>
[...]
        0x01a0:  6c2e 6d65 3e0d 0a34 3338 203c 6a67 6372  l.me>..438.<jgcr
        0x01b0:  6737 6433 6976 7531 376a 7469 6d65 6735  g7d3ivu17jtimeg5
        0x01c0:  6564 3130 6674 3267 3466 3962 3261 4034  ed10ft2g4f9b2a at 4
        0x01d0:  6178 2e63 6f6d 3e0d 0a79 3433 3820 3c44  ax.com>..y438.<D
        0x01e0:  6b4d 346a 5267 6b58 3766 4148 5041 586c  kM4jRgkX7fAHPAXl
        0x01f0:  6964 4763 2e30 2e67 7062 4263 7370 4f4b  idGc.0.gpbBcspOK
        0x0200:  4b4d 7137 4d4e 5477 2e41 4874 5140 7370  KMq7MNTw.AHtQ at sp
        0x0210:  6f74 2e6e 6574 3e0d 0a34 3338 203c 6239  ot.net>..438.<b9
        0x0220:  3362 3834 3264 2d31 6361 312d 3464 6431  3b842d-1ca1-4dd1
        0x0230:  2d61 3230 392d 6662 3331 6561 3664 6165  -a209-fb31ea6dae
        0x0240:  6333 4077 3467 3230 3030 7662 632e 676f  c3 at w4g2000vbc.go
        0x0250:  6f67 6c65 6772 6f75 7073 2e63 6f6d 3e0d  oglegroups.com>.

At 0x01d0 you can clearly see the extra byte.  So, I'm now certain this 
is an INN bug somewhere.

I don't have any more details, but if I can reproduce it on my own 
INN server again I'll investigate.

Regards,
-- 
        -- river.                      | Free Usenet: http://news.rt.uk.eu.org/
Non-Reciprocal Laws of Expectations:   | PGP: 2B9CE6F2
    Negative expectations yield negative results.
    Positive expectations yield negative results.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4184 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20120111/84af3a93/attachment.bin>

More information about the inn-workers mailing list