[severe] Failure to complete whois query

Question

[severe] Failure to complete whois query

theunkn0wn1 opened this issue 6 years ago · comments

There appears to be a severe bug in Client.whois that causes the pydle bot to lock up when .whois is awaited.

** Severity ** Breaking. This bug can be used to induce denial of service events on any pydle implementations that utilize a whois.

Minimum test case

Pydle Client setup

import pydle

class MyOwnBot(pydle.Client):
    async def on_connect(self):
        await self.join('#unkn0wndev')
        await super().on_connect()

    async def on_message(self, source, target, message):
        print(f"[{source}] <{target}>: {message}")

        if message == "whoami":
            subject = await self.whois(source)
            await self.message(source, f"{subject}")


if __name__ == "__main__":
    print("making a bot instance...")
    # create an instance of our bot
    client = MyOwnBot('Pydlebot-unknown', realname='Pydle on python 3.7')

    client.run(hostname='localhost', port=6667, tls=False, tls_verify=False)

Test run (irc invocation)

whoami

Client logs (verbose)

[#unkn0wndev] <unknown>: whoami
<2019-01-13 16:10:12,488 MyOwnBot:localhost> [DEBUG] << :unknown!unknown@FAD02BA2.6E5BC772.BF52DB44.IP PRIVMSG #unkn0wndev :whoami
<2019-01-13 16:10:12,488 MyOwnBot:localhost> [DEBUG] >> WHOIS #unkn0wndev

I did a wireshark capture on the conversation and the Server is correctly responding with a whois reply.
Investigation is required to determine where Pydle is blocking.

Joshua Salzedo · Answer 1 · Mon Jan 14 2019 09:17:20 GMT+0800 (China Standard Time)

Root cause is a deadlock, working on a fix now...