GNU bug report logs -
#37344
rcirc: nil gets interpreted as a nickname
Previous Next
Reported by: Naïm Favier <n.emacs <at> monade.li>
Date: Sun, 8 Sep 2019 19:06:01 UTC
Severity: normal
Tags: patch
Fixed in version 26.4
Done: Leo Liu <sdl.web <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 37344 in the body.
You can then email your comments to 37344 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#37344; Package
emacs.
(Sun, 08 Sep 2019 19:06:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Naïm Favier <n.emacs <at> monade.li>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Sun, 08 Sep 2019 19:06:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Severity: normal
Ever since I changed my nickname to "nil" on Freenode, I've been
getting occasional private messages from unknown users consisting of a
single empty CTCP ACTION. After a bit of investigating, it turned out
they all used rcirc. The situation was clear at that point: somewhere
in rcirc's source code, a nil value is being implicitly converted to a
string and used as the target of a PRIVMSG command.
The bug seems to be reproducible by issuing "/me" (without arguments)
inside a server buffer: the "nil" user on that server gets sent an
empty ACTION.
Suggested fix: in rcirc-send-privmsg, fail if target is nil. It might
be useful to check other places where the "%s" format is used, to
discover similar bugs.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#37344; Package
emacs.
(Mon, 09 Sep 2019 01:25:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 37344 <at> debbugs.gnu.org (full text, mbox):
On 2019-09-08 20:58 +0200, Naïm Favier wrote:
> Severity: normal
>
> Ever since I changed my nickname to "nil" on Freenode, I've been
> getting occasional private messages from unknown users consisting of a
> single empty CTCP ACTION. After a bit of investigating, it turned out
> they all used rcirc. The situation was clear at that point: somewhere
> in rcirc's source code, a nil value is being implicitly converted to a
> string and used as the target of a PRIVMSG command.
>
> The bug seems to be reproducible by issuing "/me" (without arguments)
> inside a server buffer: the "nil" user on that server gets sent an
> empty ACTION.
>
> Suggested fix: in rcirc-send-privmsg, fail if target is nil. It might
> be useful to check other places where the "%s" format is used, to
> discover similar bugs.
Thanks. Does the following patch fix the issue?
diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
index de524d9e..d95db26c 100644
--- a/lisp/net/rcirc.el
+++ b/lisp/net/rcirc.el
@@ -825,6 +825,7 @@ Function is called with PROCESS, COMMAND, SENDER, ARGS and LINE.")
(process-send-string process string)))
(defun rcirc-send-privmsg (process target string)
+ (cl-check-type target string)
(rcirc-send-string process (format "PRIVMSG %s :%s" target string)))
(defun rcirc-send-ctcp (process target request &optional args)
@@ -2337,8 +2338,8 @@ With a prefix arg, prompt for new topic."
(let ((timestamp (format-time-string "%s")))
(rcirc-send-ctcp process target "PING" timestamp)))
-(defun rcirc-cmd-me (args &optional process target)
- (rcirc-send-ctcp process target "ACTION" args))
+(defun rcirc-cmd-me (args process target)
+ (when target (rcirc-send-ctcp process target "ACTION" args)))
(defun rcirc-add-or-remove (set &rest elements)
(dolist (elt elements)
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#37344; Package
emacs.
(Mon, 09 Sep 2019 14:38:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 37344 <at> debbugs.gnu.org (full text, mbox):
Yes, it does.
On Mon, 9 Sep 2019 at 03:24, Leo Liu <sdl.web <at> gmail.com> wrote:
>
> On 2019-09-08 20:58 +0200, Naïm Favier wrote:
> > Severity: normal
> >
> > Ever since I changed my nickname to "nil" on Freenode, I've been
> > getting occasional private messages from unknown users consisting of a
> > single empty CTCP ACTION. After a bit of investigating, it turned out
> > they all used rcirc. The situation was clear at that point: somewhere
> > in rcirc's source code, a nil value is being implicitly converted to a
> > string and used as the target of a PRIVMSG command.
> >
> > The bug seems to be reproducible by issuing "/me" (without arguments)
> > inside a server buffer: the "nil" user on that server gets sent an
> > empty ACTION.
> >
> > Suggested fix: in rcirc-send-privmsg, fail if target is nil. It might
> > be useful to check other places where the "%s" format is used, to
> > discover similar bugs.
>
> Thanks. Does the following patch fix the issue?
>
> diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
> index de524d9e..d95db26c 100644
> --- a/lisp/net/rcirc.el
> +++ b/lisp/net/rcirc.el
> @@ -825,6 +825,7 @@ Function is called with PROCESS, COMMAND, SENDER, ARGS and LINE.")
> (process-send-string process string)))
>
> (defun rcirc-send-privmsg (process target string)
> + (cl-check-type target string)
> (rcirc-send-string process (format "PRIVMSG %s :%s" target string)))
>
> (defun rcirc-send-ctcp (process target request &optional args)
> @@ -2337,8 +2338,8 @@ With a prefix arg, prompt for new topic."
> (let ((timestamp (format-time-string "%s")))
> (rcirc-send-ctcp process target "PING" timestamp)))
>
> -(defun rcirc-cmd-me (args &optional process target)
> - (rcirc-send-ctcp process target "ACTION" args))
> +(defun rcirc-cmd-me (args process target)
> + (when target (rcirc-send-ctcp process target "ACTION" args)))
>
> (defun rcirc-add-or-remove (set &rest elements)
> (dolist (elt elements)
Added tag(s) patch.
Request was from
Naïm Favier <n.emacs <at> monade.li>
to
control <at> debbugs.gnu.org.
(Wed, 11 Sep 2019 17:56:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#37344; Package
emacs.
(Fri, 20 Sep 2019 18:34:01 GMT)
Full text and
rfc822 format available.
Message #16 received at 37344 <at> debbugs.gnu.org (full text, mbox):
Leo Liu <sdl.web <at> gmail.com> writes:
> Thanks. Does the following patch fix the issue?
It was confirmed that it does, so I guess you should just apply the
patch, but:
[...]
> -(defun rcirc-cmd-me (args &optional process target)
> - (rcirc-send-ctcp process target "ACTION" args))
> +(defun rcirc-cmd-me (args process target)
> + (when target (rcirc-send-ctcp process target "ACTION" args)))
Perhaps you should keep the &optional there to avoid changing the call
signature? Somebody else may have code that calls the function with
that calling convention.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#37344; Package
emacs.
(Sat, 21 Sep 2019 05:22:01 GMT)
Full text and
rfc822 format available.
Message #19 received at 37344 <at> debbugs.gnu.org (full text, mbox):
On 2019-09-20 20:33 +0200, Lars Ingebrigtsen wrote:
>> Thanks. Does the following patch fix the issue?
>
> It was confirmed that it does, so I guess you should just apply the
> patch, but:
Will do.
>> -(defun rcirc-cmd-me (args &optional process target)
>> - (rcirc-send-ctcp process target "ACTION" args))
>> +(defun rcirc-cmd-me (args process target)
>> + (when target (rcirc-send-ctcp process target "ACTION" args)))
>
> Perhaps you should keep the &optional there to avoid changing the call
> signature? Somebody else may have code that calls the function with
> that calling convention.
The signature is wrong from the start. Directly call them without
providing these optional (mandatory-in-disguise) arguments throws an
error, unlike commands defined by defun-rcirc-command which correctly
handle &optional arguments. I'll commit the patch as is if no
objections. Thanks for raising the issue.
Leo
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#37344; Package
emacs.
(Mon, 07 Oct 2019 04:56:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 37344 <at> debbugs.gnu.org (full text, mbox):
Leo Liu <sdl.web <at> gmail.com> writes:
> The signature is wrong from the start. Directly call them without
> providing these optional (mandatory-in-disguise) arguments throws an
> error, unlike commands defined by defun-rcirc-command which correctly
> handle &optional arguments. I'll commit the patch as is if no
> objections. Thanks for raising the issue.
I have no objections; please go ahead.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Reply sent
to
Leo Liu <sdl.web <at> gmail.com>:
You have taken responsibility.
(Mon, 07 Oct 2019 11:02:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Naïm Favier <n.emacs <at> monade.li>:
bug acknowledged by developer.
(Mon, 07 Oct 2019 11:02:03 GMT)
Full text and
rfc822 format available.
Message #27 received at 37344-done <at> debbugs.gnu.org (full text, mbox):
Version: 26.4
On 2019-10-07 06:55 +0200, Lars Ingebrigtsen wrote:
> I have no objections; please go ahead.
I have committed the change to emacs-26. Thanks.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 04 Nov 2019 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 168 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.