[new] www/esniper

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

[new] www/esniper

Renaud Allard-2
Hello,

Here is a port of esniper 2.35.0.
esniper is a simple, lightweight tool for sniping ebay auctions

Any comments welcome.

Best Regards

esniper.tar.gz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2


On 1/31/19 10:51 AM, Renaud Allard wrote:
> Hello,
>
> Here is a port of esniper 2.35.0.
> esniper is a simple, lightweight tool for sniping ebay auctions
>

Solene suggested to add a WANTLIB variable, so here is the port with
that variable added



esniper.tar.gz (1K) Download Attachment
smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Sebastian Reitenbach
Hi,

Am Donnerstag, Januar 31, 2019 11:59 CET, Renaud Allard <[hidden email]> schrieb:

>
>
> On 1/31/19 10:51 AM, Renaud Allard wrote:
> > Hello,
> >
> > Here is a port of esniper 2.35.0.
> > esniper is a simple, lightweight tool for sniping ebay auctions
> >
>
> Solene suggested to add a WANTLIB variable, so here is the port with
> that variable added
>
>

Trying to list my watchlist, esniper -U ebayusername -m
it most of the time segfaults like this:

Program received signal SIGSEGV, Segmentation fault.
0x0a49db90 in _libc_strlen (str=0x6eb36800 '\337' <repeats 200 times>...) at /usr/src/lib/libc/string/strlen.c:39
39      /usr/src/lib/libc/string/strlen.c: No such file or directory.
(gdb) bt
#0  0x0a49db90 in _libc_strlen (str=0x6eb36800 '\337' <repeats 200 times>...) at /usr/src/lib/libc/string/strlen.c:39
#1  0x037898ae in Curl_pretransfer () from /usr/local/lib/libcurl.so.25.19
#2  0x03797a30 in multi_runsingle () from /usr/local/lib/libcurl.so.25.19
#3  0x0379713d in curl_multi_perform () from /usr/local/lib/libcurl.so.25.19
#4  0x0378c6ea in easy_transfer () from /usr/local/lib/libcurl.so.25.19
#5  0x0378b2ef in easy_perform () from /usr/local/lib/libcurl.so.25.19
#6  0x0378b0d8 in curl_easy_perform () from /usr/local/lib/libcurl.so.25.19
#7  0x1b83a381 in httpRequest (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0, data=0x3b82df06 "", logData=0x0,
    rt=GET) at http.c:177
#8  0x1b83a058 in httpGet (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0) at http.c:79
#9  0x1b82d356 in printMyItems () at auction.c:1217
#10 0x1b832b33 in main (argc=0, argv=0xcf7c5e14) at esniper.c:850

 If it doesn't segfault, it just doesn't show my watchlist.
With a different accout, it doesn't seem to crash on me, but also doesn't show me that watchlist.

happens on i386 as well as on amd64.

cheers,
Sebastian

Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Stuart Henderson
On 2019/01/31 12:34, Sebastian Reitenbach wrote:

> Hi,
>
> Am Donnerstag, Januar 31, 2019 11:59 CET, Renaud Allard <[hidden email]> schrieb:
>
> >
> >
> > On 1/31/19 10:51 AM, Renaud Allard wrote:
> > > Hello,
> > >
> > > Here is a port of esniper 2.35.0.
> > > esniper is a simple, lightweight tool for sniping ebay auctions
> > >
> >
> > Solene suggested to add a WANTLIB variable, so here is the port with
> > that variable added

Diff against your latest version:

- use make to fix up the DISTNAME rather than enter the version twice
- use standard sourceforge MASTER_SITES
- don't list as both BUILD_DEPENDS and LIB_DEPENDS

diff --git Makefile Makefile
index a0404ce..25815fe 100644
--- Makefile
+++ Makefile
@@ -2,7 +2,7 @@
 
 COMMENT = lightweight console application for sniping eBay auctions
 VERSION = 2.35.0
-DISTNAME = esniper-2-35-0
+DISTNAME = esniper-${VERSION:S/./-/g}
 PKGNAME =       esniper-${VERSION}
 EXTRACT_SUFX= .tgz
 
@@ -15,10 +15,10 @@ MAINTAINER =    Renaud Allard <[hidden email]>
 # GPLv2+
 PERMIT_PACKAGE_CDROM = Yes
 
-MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=esniper/}esniper/${VERSION}/
+MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=esniper/}
 
 WANTLIB += c crypto curl nghttp2 ssl z
-BUILD_DEPENDS = net/curl
+
 LIB_DEPENDS = net/curl
 
 CONFIGURE_STYLE = gnu


> >
>
> Trying to list my watchlist, esniper -U ebayusername -m
> it most of the time segfaults like this:

You might get some more clues from building curl with debug symbols.

> Program received signal SIGSEGV, Segmentation fault.
> 0x0a49db90 in _libc_strlen (str=0x6eb36800 '\337' <repeats 200 times>...) at /usr/src/lib/libc/string/strlen.c:39
> 39      /usr/src/lib/libc/string/strlen.c: No such file or directory.
> (gdb) bt
> #0  0x0a49db90 in _libc_strlen (str=0x6eb36800 '\337' <repeats 200 times>...) at /usr/src/lib/libc/string/strlen.c:39
> #1  0x037898ae in Curl_pretransfer () from /usr/local/lib/libcurl.so.25.19
> #2  0x03797a30 in multi_runsingle () from /usr/local/lib/libcurl.so.25.19
> #3  0x0379713d in curl_multi_perform () from /usr/local/lib/libcurl.so.25.19
> #4  0x0378c6ea in easy_transfer () from /usr/local/lib/libcurl.so.25.19
> #5  0x0378b2ef in easy_perform () from /usr/local/lib/libcurl.so.25.19
> #6  0x0378b0d8 in curl_easy_perform () from /usr/local/lib/libcurl.so.25.19
> #7  0x1b83a381 in httpRequest (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0, data=0x3b82df06 "", logData=0x0,
>     rt=GET) at http.c:177
> #8  0x1b83a058 in httpGet (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0) at http.c:79

http://? Are they nuts? Should be easy enough to fix that, but this is
not a good sign for software that expects you to trust it with your
ebay credentials.

> #9  0x1b82d356 in printMyItems () at auction.c:1217
> #10 0x1b832b33 in main (argc=0, argv=0xcf7c5e14) at esniper.c:850
>
>  If it doesn't segfault, it just doesn't show my watchlist.
> With a different accout, it doesn't seem to crash on me, but also doesn't show me that watchlist.
>
> happens on i386 as well as on amd64.
>
> cheers,
> Sebastian
>

Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
In reply to this post by Sebastian Reitenbach


On 1/31/19 12:34 PM, Sebastian Reitenbach wrote:

> Hi,
>
> Am Donnerstag, Januar 31, 2019 11:59 CET, Renaud Allard <[hidden email]> schrieb:
>
>>
>>
>> On 1/31/19 10:51 AM, Renaud Allard wrote:
>>> Hello,
>>>
>>> Here is a port of esniper 2.35.0.
>>> esniper is a simple, lightweight tool for sniping ebay auctions
>>>
>>
>> Solene suggested to add a WANTLIB variable, so here is the port with
>> that variable added
>>
>>
>
> Trying to list my watchlist, esniper -U ebayusername -m
> it most of the time segfaults like this:
Are you using a non default malloc.conf?


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Sebastian Reitenbach
In reply to this post by Stuart Henderson
Am Donnerstag, Januar 31, 2019 13:21 CET, Stuart Henderson <[hidden email]> schrieb:

> On 2019/01/31 12:34, Sebastian Reitenbach wrote:
> > Hi,
> >
> > Am Donnerstag, Januar 31, 2019 11:59 CET, Renaud Allard <[hidden email]> schrieb:
> >
> > >
> > >
> > > On 1/31/19 10:51 AM, Renaud Allard wrote:
> > > > Hello,
> > > >
> > > > Here is a port of esniper 2.35.0.
> > > > esniper is a simple, lightweight tool for sniping ebay auctions
> > > >
> > >
> > > Solene suggested to add a WANTLIB variable, so here is the port with
> > > that variable added
>
> Diff against your latest version:
>
> - use make to fix up the DISTNAME rather than enter the version twice
> - use standard sourceforge MASTER_SITES
> - don't list as both BUILD_DEPENDS and LIB_DEPENDS
>
> diff --git Makefile Makefile
> index a0404ce..25815fe 100644
> --- Makefile
> +++ Makefile
> @@ -2,7 +2,7 @@
>
>  COMMENT = lightweight console application for sniping eBay auctions
>  VERSION = 2.35.0
> -DISTNAME = esniper-2-35-0
> +DISTNAME = esniper-${VERSION:S/./-/g}
>  PKGNAME =       esniper-${VERSION}
>  EXTRACT_SUFX= .tgz
>
> @@ -15,10 +15,10 @@ MAINTAINER =    Renaud Allard <[hidden email]>
>  # GPLv2+
>  PERMIT_PACKAGE_CDROM = Yes
>
> -MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=esniper/}esniper/${VERSION}/
> +MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=esniper/}
>
>  WANTLIB += c crypto curl nghttp2 ssl z
> -BUILD_DEPENDS = net/curl
> +
>  LIB_DEPENDS = net/curl
>
>  CONFIGURE_STYLE = gnu
>
>
> > >
> >
> > Trying to list my watchlist, esniper -U ebayusername -m
> > it most of the time segfaults like this:
>
> You might get some more clues from building curl with debug symbols.

I have this in my /etc/.mk.conf:
DEBUG=-g -O0

which usually does the ticket.

Renaud no malloc.conf, just standard everything.

Sebastian

Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
In reply to this post by Stuart Henderson


On 1/31/19 1:21 PM, Stuart Henderson wrote:

>> #7  0x1b83a381 in httpRequest (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0, data=0x3b82df06 "", logData=0x0,
>>      rt=GET) at http.c:177
>> #8  0x1b83a058 in httpGet (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0) at http.c:79
>
> http://? Are they nuts? Should be easy enough to fix that, but this is
> not a good sign for software that expects you to trust it with your
> ebay credentials.

I am under the impression that those requests to http without ssl pages
come from ebay itself.


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2


On 1/31/19 2:16 PM, Renaud Allard wrote:

>
>
> On 1/31/19 1:21 PM, Stuart Henderson wrote:
>
>>> #7  0x1b83a381 in httpRequest (url=0x6de41680
>>> "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching",
>>> logUrl=0x0, data=0x3b82df06 "", logData=0x0,
>>>      rt=GET) at http.c:177
>>> #8  0x1b83a058 in httpGet (url=0x6de41680
>>> "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching",
>>> logUrl=0x0) at http.c:79
>>
>> http://? Are they nuts? Should be easy enough to fix that, but this is
>> not a good sign for software that expects you to trust it with your
>> ebay credentials.
>
> I am under the impression that those requests to http without ssl pages
> come from ebay itself.
>
Sorry, my bad
auction.c:static const char MYITEMS_URL[] =
"<a href="http://%s/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching">http://%s/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching";


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
In reply to this post by Sebastian Reitenbach


On 1/31/19 12:34 PM, Sebastian Reitenbach wrote:
> Hi,

> #6  0x0378b0d8 in curl_easy_perform () from /usr/local/lib/libcurl.so.25.19
> #7  0x1b83a381 in httpRequest (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0, data=0x3b82df06 "", logData=0x0,
>      rt=GET) at http.c:177
> #8  0x1b83a058 in httpGet (url=0x6de41680 "http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching", logUrl=0x0) at http.c:79
> #9  0x1b82d356 in printMyItems () at auction.c:1217
> #10 0x1b832b33 in main (argc=0, argv=0xcf7c5e14) at esniper.c:850
>  

I found a very old bug report about this:
https://sourceforge.net/p/esniper/bugs/294/

It was closed as "closed-works-for-me"....


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
In reply to this post by Stuart Henderson
I have changed the http requests to https ones and cleaned up the
Makefile, but this still needs some investigations about that segfault.
It seems that it's easier to reproduce when having a malloc.conf with SURF.

I had never tested the -m switch, so I don't know when it broke.


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
With the attachment, it might be better

On 1/31/19 3:08 PM, Renaud Allard wrote:
> I have changed the http requests to https ones and cleaned up the
> Makefile, but this still needs some investigations about that segfault.
> It seems that it's easier to reproduce when having a malloc.conf with SURF.
>
> I had never tested the -m switch, so I don't know when it broke.
>

esniper.tar.gz (2K) Download Attachment
smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Otto Moerbeek
On Thu, Jan 31, 2019 at 03:09:54PM +0100, Renaud Allard wrote:

> With the attachment, it might be better
>
> On 1/31/19 3:08 PM, Renaud Allard wrote:
> > I have changed the http requests to https ones and cleaned up the
> > Makefile, but this still needs some investigations about that segfault.
> > It seems that it's easier to reproduce when having a malloc.conf with
> > SURF.
> >
> > I had never tested the -m switch, so I don't know when it broke.
> >

\337 (octal) is 0xdf hex, that is the value malloc uses to fill
free'ed mem. So you're most likely looking at use-after-free,

        -Otto

BTW, S implies URF





Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Otto Moerbeek
On Thu, Jan 31, 2019 at 03:28:02PM +0100, Otto Moerbeek wrote:

> On Thu, Jan 31, 2019 at 03:09:54PM +0100, Renaud Allard wrote:
>
> > With the attachment, it might be better
> >
> > On 1/31/19 3:08 PM, Renaud Allard wrote:
> > > I have changed the http requests to https ones and cleaned up the
> > > Makefile, but this still needs some investigations about that segfault.
> > > It seems that it's easier to reproduce when having a malloc.conf with
> > > SURF.
> > >
> > > I had never tested the -m switch, so I don't know when it broke.
> > >
>
> \337 (octal) is 0xdf hex, that is the value malloc uses to fill
> free'ed mem. So you're most likely looking at use-after-free,
>
> -Otto
>
> BTW, S implies URF

And on -current you want to set sysctl vm.malloc_conf instead of creating a
malloc.conf symlink.

Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
In reply to this post by Sebastian Reitenbach


On 1/31/19 2:09 PM, Sebastian Reitenbach wrote:
>> You might get some more clues from building curl with debug symbols.
>
> I have this in my /etc/.mk.conf:
> DEBUG=-g -O0
>
> which usually does the ticket.
>
>
It seems that to get debug symbols in curl, you need to modify the
Makefile to add --enable-debug

(gdb) run
Starting program: /usr/ports/pobj/esniper-2.35.0/esniper-2-35-0/esniper -m

Program received signal SIGSEGV, Segmentation fault.
strlen () at /usr/src/lib/libc/arch/amd64/string/strlen.S:125
125     /usr/src/lib/libc/arch/amd64/string/strlen.S: No such file or
directory.
         in /usr/src/lib/libc/arch/amd64/string/strlen.S
Current language:  auto; currently asm
(gdb) bt
#0  strlen () at /usr/src/lib/libc/arch/amd64/string/strlen.S:125
#1  0x000004a2edf3e9e5 in Curl_pretransfer (data=0x4a270901008) at
transfer.c:1406
#2  0x000004a2edf4eb9a in multi_runsingle (multi=0x4a2b2eb7808,
now={tv_sec = 96041, tv_usec = 578763},
     data=0x4a270901008) at multi.c:1441
#3  0x000004a2edf4e3ca in curl_multi_perform (multi=0x4a2b2eb7808,
running_handles=0x7f7ffffdc48c) at multi.c:2214
#4  0x000004a2edf41d25 in easy_transfer (multi=0x4a2b2eb7808) at easy.c:686
#5  0x000004a2edf4074e in easy_perform (data=0x4a270901008,
events=false) at easy.c:780
#6  0x000004a2edf40563 in curl_easy_perform (data=0x4a270901008) at
easy.c:799
#7  0x000004a0606dae68 in httpRequest (
     url=0x4a343e38880
"https://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching",
logUrl=0x0,
     data=0x4a0606c9a49 "", logData=0x0, rt=GET) at http.c:177
#8  0x000004a0606dab7a in httpGet (
     url=0x4a343e38880
"https://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayWatching",
logUrl=0x0)
     at http.c:79
#9  0x000004a0606cfdec in printMyItems () at auction.c:1217
#10 0x000004a0606d4df2 in main (argc=0, argv=0x7f7ffffdc858) at
esniper.c:850



smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2

Hi,

I have made a change, in fact setting CURL_POSTFIELDSIZE to 0 when GET
needs to be used. This resolves the segfault, but the -m option doesn't
seem to be working yet, but I will report that to the dev.

I also made patches to initialize curl the right way with LONG, limit
the protocols to HTTP(S) and made it to prefer HTTPS.
Also, I have changed the useragent to be more modern, and less like the
default one in esniper.

Best Regards

esniper.tar.gz (3K) Download Attachment
smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2


On 2/1/19 3:38 PM, Renaud Allard wrote:

>
> Hi,
>
> I have made a change, in fact setting CURL_POSTFIELDSIZE to 0 when GET
> needs to be used. This resolves the segfault, but the -m option doesn't
> seem to be working yet, but I will report that to the dev.
>
> I also made patches to initialize curl the right way with LONG, limit
> the protocols to HTTP(S) and made it to prefer HTTPS.
> Also, I have changed the useragent to be more modern, and less like the
> default one in esniper.
>
> Best Regards
Any chances of getting it committed?


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2
In reply to this post by Renaud Allard-2


On 2/1/19 3:38 PM, Renaud Allard wrote:

>
> Hi,
>
> I have made a change, in fact setting CURL_POSTFIELDSIZE to 0 when GET
> needs to be used. This resolves the segfault, but the -m option doesn't
> seem to be working yet, but I will report that to the dev.
>
> I also made patches to initialize curl the right way with LONG, limit
> the protocols to HTTP(S) and made it to prefer HTTPS.
> Also, I have changed the useragent to be more modern, and less like the
> default one in esniper.
>
> Best Regards
I filed a bug with libcurl and they already made a patch for it.
https://github.com/curl/curl/issues/3548


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Stuart Henderson
In reply to this post by Renaud Allard-2
On 2019/02/05 12:55, Renaud Allard wrote:

>
>
> On 2/1/19 3:38 PM, Renaud Allard wrote:
> >
> > Hi,
> >
> > I have made a change, in fact setting CURL_POSTFIELDSIZE to 0 when GET
> > needs to be used. This resolves the segfault, but the -m option doesn't
> > seem to be working yet, but I will report that to the dev.
> >
> > I also made patches to initialize curl the right way with LONG, limit
> > the protocols to HTTP(S) and made it to prefer HTTPS.
> > Also, I have changed the useragent to be more modern, and less like the
> > default one in esniper.
> >
> > Best Regards
>
> Any chances of getting it committed?
>

I don't think we should be encouraging its use by having it in ports.

Complex string parsing of a frequently updated website, in C, and the
above bug isn't a good indication that they are getting things right
(why does it even set CURL_POSTFIELDSIZE at all when it's doing a
GET? why reuse a stale pointer?) - this is something I'd be wary of
even for a standard website. But for something which has your ebay
credentials?

My comment about https wasn't so much "ports should change this" but
more "the developers are insane if they think this is acceptable,
what else are they doing wrong".

Reply | Threaded
Open this post in threaded view
|

Re: [new] www/esniper

Renaud Allard-2


On 2/12/19 11:44 AM, Stuart Henderson wrote:

> On 2019/02/05 12:55, Renaud Allard wrote:
>>
>> Any chances of getting it committed?
>>
>
> I don't think we should be encouraging its use by having it in ports.
>
> Complex string parsing of a frequently updated website, in C, and the
> above bug isn't a good indication that they are getting things right
> (why does it even set CURL_POSTFIELDSIZE at all when it's doing a
> GET? why reuse a stale pointer?) - this is something I'd be wary of
> even for a standard website. But for something which has your ebay
> credentials?
>
> My comment about https wasn't so much "ports should change this" but
> more "the developers are insane if they think this is acceptable,
> what else are they doing wrong".
>
OK, agreed, on the positive side, this story has led to a patch in libcurl.


smime.p7s (5K) Download Attachment