Bug 244618

Summary: net-im/prosody: Fix http files download
Product: Ports & Packages Reporter: rozhuk.im
Component: Individual Port(s)Assignee: Tobias C. Berner <tcberner>
Status: Closed FIXED    
Severity: Affects Some People CC: rozhuk.im, tcberner, thomas
Priority: --- Keywords: needs-qa
Version: LatestFlags: thomas: maintainer-feedback+
Hardware: Any   
OS: Any   
URL: https://issues.prosody.im/1498
Attachments:
Description Flags
patch
none
fix ETag creation thomas: maintainer-approval+

Description rozhuk.im 2020-03-05 22:47:05 UTC
Created attachment 212169 [details]
patch

http.server                          error	Traceback[httpserver]: /usr/local/lib/prosody/modules/mod_http_files.lua:115: bad argument #1 to 'format' (not a non-negative number in proper range)
stack traceback:
	[C]: in function 'format'
	/usr/local/lib/prosody/modules/mod_http_files.lua:115: in function </usr/local/lib/prosody/modules/mod_http_files.lua:96>
	(...tail calls...)
	/usr/local/lib/prosody/util/events.lua:79: in function </usr/local/lib/prosody/util/events.lua:75>
	(...tail calls...)
	/usr/local/lib/prosody/net/http/server.lua:248: in function </usr/local/lib/prosody/net/http/server.lua:176>
	[C]: in function 'xpcall'
	/usr/local/lib/prosody/net/http/server.lua:108: in function 'process_next'
	/usr/local/lib/prosody/net/http/server.lua:124: in function 'success_cb'
	/usr/local/lib/prosody/net/http/parser.lua:177: in function 'feed'
	/usr/local/lib/prosody/net/http/server.lua:155: in function </usr/local/lib/prosody/net/http/server.lua:154>
	(...tail calls...)
	/usr/local/lib/prosody/net/server_select.lua:915: in function </usr/local/lib/prosody/net/server_select.lua:899>
	[C]: in function 'xpcall'
	/usr/local/lib/prosody/../../bin/prosody:80: in function 'loop'
	/usr/local/lib/prosody/../../bin/prosody:90: in main chunk
	[C]: in ?
(a bit older release)

Actual code base: https://hg.prosody.im/trunk/file/tip/net/http/files.lua#l83
local etag = ('"%02x-%x-%x-%x"'):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0);

On FreeBSD stat.dev is uint64_t and looks like it is converted to int32_t somewhere in lua or prosody and result is negative.

Quick fix:
local etag = ('"%02x-%x-%x-%x"'):format(math.abs(attr.dev or 0), attr.ino or 0, attr.size or 0, attr.modification or 0);

produces ETag: "78ff00ff-12f9c-2b4548-5e6103f3"
Comment 1 Automation User 2020-03-20 01:05:39 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/127982349
Comment 2 Tobias C. Berner freebsd_committer 2020-04-04 20:07:32 UTC
Maintainer Timeout
Comment 3 Thomas Morper 2020-04-09 14:01:44 UTC
I'd recommend against including this patch in the port.

This is not a bug in Prosody per se but rather in luafilesystem which is conceptionally broken on 64-bit platforms. The stat call in lfs will return uint64 for things like device, inode, mtime, etc. But Lua (at least <=5.2) is unable to handle these correctly as it stores all numeric types as signed floats.

This really needs to be fixed upstream, either in Prosody by using a different approach to generate the etag, or in luafilesystem which should not return (negative) floats for uint64 values.
Comment 4 rozhuk.im 2020-04-09 22:03:38 UTC
I will happy if some one make more proper fix for this issue.
But now no other fixes available here.
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2020-04-11 01:02:54 UTC
^Triage: 

- MAINTAINER reset in ports r530944, reset assignee

@Thomas What are the actions necessary to progress/resolve this issue
Comment 6 Thomas Morper 2020-04-11 02:16:26 UTC
@Kubilay This bug is not unique to FreeBSD but affects other 64-bit platforms as well. It's been reported upstream to the Prosody developers by the submitter and we'll wait for their reply.

The proposed patch will prevent the exception in the reported case but doesn't consider the other failure modes (huge inode numbers, file date in the future) and the etag's general unpredictability due to the underlying issue.

A new patch will be welcome but it should be greenlighted by upstream.
Comment 7 Thomas Morper 2020-04-27 22:08:22 UTC
Created attachment 213871 [details]
fix ETag creation

net-im/prosody: fix ETag creation

* Include patch from upstream to fix crash in mod_http_files
  when encountering large device- or inode-numbers [1]

[1] https://issues.prosody.im/1498

QA:

portlint: OK (some warnings, not relevant)
testport: OK (poudriere: 113i386, 113amd64, 121i386, 121amd64)
Comment 8 Tobias C. Berner freebsd_committer 2020-04-29 19:10:07 UTC
Committed. Thanks.
Comment 9 commit-hook freebsd_committer 2020-04-29 19:10:44 UTC
A commit references this bug:

Author: tcberner
Date: Wed Apr 29 19:09:53 UTC 2020
New revision: 533389
URL: https://svnweb.freebsd.org/changeset/ports/533389

Log:
  net-im/prosody: Fix http files download

  net-im/prosody: fix ETag creation

  * Include patch from upstream to fix crash in mod_http_files
    when encountering large device- or inode-numbers [1]

  [1] https://issues.prosody.im/1498

  PR:		244618
  Submitted by:	Thomas Morper <thomas@beingboiled.info> (maintainer)
  Reported by:	rozhuk.im@gmail.com

Changes:
  head/net-im/prosody/Makefile
  head/net-im/prosody/files/patch-plugins_mod__http__files.lua