search

wwivbbs / wwiv

WWIV BBS Software v5
http://www.wwivbbs.org
Other
186 stars 71 forks source link

BBS crashes in readmail with Networks::at: 5>= size: 5 #1634

Open ericpareja opened 3 weeks ago

ericpareja commented 3 weeks ago

The BBS crashes when trying to read mail from deleted networks. All else works.

OS: Debian 12 WWIV version commit: 5d9bef30e0772f3ce0349b78b3245c8aad9306f6

Crash screen:


You have mail from:
-------------------------------------------------------------------------------
  1 Xenos #1                                     | Re: Green light from Crai
  2 Xenos #1                                     | Re: Green light from Crai
2024-10-30 13:12:42,453 FATAL Out of bounds at Networks::at: 5>= size: 5

                                                                        Program received signal SIGABRT, Aborted.
                                 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, 
    no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.

GDB backtrace:

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, 
    signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1  0x00007ffff7aa9e9f in __pthread_kill_internal (signo=6, 
    threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2  0x00007ffff7a5afb2 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/posix/raise.c:26
#3  0x00007ffff7a45472 in __GI_abort () at ./stdlib/abort.c:79
#4  0x0000555555a9e08a in wwiv::core::Logger::~Logger (this=0x7fffffff6880, 
    __in_chrg=<optimized out>)
    at /home/xenos/wwv/github/wwiv-stock/core/log.cpp:131
#5  0x0000555555a65536 in wwiv::sdk::Networks::at (this=0x55555602c250, num=5)
    at /home/xenos/wwv/github/wwiv-stock/sdk/net/networks.cpp:113
#6  0x0000555555639f1e in wwiv::sdk::Networks::operator[] (
    this=0x55555602c250, num=5)
    at /home/xenos/wwv/github/wwiv-stock/sdk/net/networks.h:50
#7  0x0000555555671f1d in network_and_num (m=...)
    at /home/xenos/wwv/github/wwiv-stock/bbs/readmail.cpp:350
#8  0x00005555556726cf in readmail (newmail_only=false)
    at /home/xenos/wwv/github/wwiv-stock/bbs/readmail.cpp:417
#9  0x00005555556ef10f in wwiv::bbs::WFC::doWFCEvents (this=0x7fffffffa050)
    at /home/xenos/wwv/github/wwiv-stock/bbs/wfc.cpp:415
#10 0x000055555559e29d in Application::GetCaller (this=0x555555f66970)
    at /home/xenos/wwv/github/wwiv-stock/bbs/application.cpp:758
#11 0x00005555555a1f67 in Application::Run (this=0x555555f66970, argc=1, 
    argv=0x7fffffffdd08)
    at /home/xenos/wwv/github/wwiv-stock/bbs/application.cpp:1134
#12 0x00005555555975d5 in bbsmain (argc=1, argv=0x7fffffffdd08)
    at /home/xenos/wwv/github/wwiv-stock/bbs/bbs.cpp:76
#13 0x00005555555973d9 in main (argc=1, argv=0x7fffffffdd08)
    at /home/xenos/wwv/github/wwiv-stock/bbs/bbs_main.cpp:22
(gdb)
ericpareja commented 3 weeks ago

More info:

Here's the output from wwivutil email dump| grep ^From: | head -5 to see the From headers of the 1st five email. The BBS crashes on email number 3, which lists network no. 5.

From: #1 (Xenos #1)
From: #1 (Xenos #1)
From: #1 (Xenos #1)@11 at network #5
From: #1131 ()@1 at network #5
From: #1 (Xenos #1)@1 at network #5

There were a couple of lines that listed network 8.

From: #0 ()@32765 at network #8
From: #1 (Xenos #1)@60 at network #8
From: #0 ()@32765 at network #8

No other networks had email from them.

Here's the output from wwivconfig N)etwork

▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒┌────────────── Select Network ┐▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ @60    WWIVnet          [.0] │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ @1     fidonet          [.1] │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ @7     RUSHnet          [.2] │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ @1     fsxNet           [.3] │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ @1     aliens.ph        [.4] │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒└──────────────────────────────┘▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒

I attached my networks.dat and networks.json which both contain network 0 - 4.

networks.json networks.zip

ericpareja commented 3 weeks ago

Not sure if this is the correct fix:

diff --git a/bbs/readmail.cpp b/bbs/readmail.cpp
index 0d9de8c14..40f2ca272 100644
--- a/bbs/readmail.cpp
+++ b/bbs/readmail.cpp
@@ -346,7 +346,7 @@ static std::string from_name(const mailrec& m, const Network& net, const slrec&
 static std::tuple<Network, int> network_and_num(const mailrec& m) {
   Network net{};
   auto nn = network_number_from(&m);
-  if (nn <= a()->nets().size()) {
+  if (nn < a()->nets().size()) {
     net = a()->nets()[nn];
   } else {
     net.sysnum = static_cast<uint16_t>(-1);
ericpareja commented 2 weeks ago

Hypothesis: data/email.dat structure EmailData contains a from_network_number int that points to a network in the currently configured networks.dat / networks.json. If networks.{dat,json} is updated and number of networks is less than the network number stored in email.dat, this results in a crash.

Patch above merely avoids trying to access the deleted network's info. It could still point to the wrong info about source of the email if the number of networks still meets the criteria of the stored value.

Bug was exposed because we are able to delete/modified networks without checking if email.dat references the network to be deleted/modified and we don't update email.dat or any message bases that might point to the network we delete/modify. Too much work, so the patch above just side-steps the problem by not causing the error.