Control: reassign -1 src:uw-imap Control: found -1 7:2002edebian1-13.1 Dear Maintainer of uw-imap,
This orphaned bug is quite old, but it contains a patch that might be
valuable. Because of this I'm reassigning it for you to handle as you
see fit. Full quote below for your convenience.
Kind regards,
Andrei
On Ma, 21 oct 08, 17:24:08, moog wrote:
> Subject: libc-client2002edebian: Segfaults if IMAP server sends more than 30
> user flags
> Package: libc-client2002edebian
> Version: 7:2002edebian1-13.1
> Severity: important
> Tags: patch
>
> *** Please type your report below this line ***
>
> After starting a connection to an IMAP server and selecting a folder, the
> c-client
> reads the FLAGS response from the server into a buffer "stream->user_flags"
> whose
> size is NUSERFLAGS (30). However, it doesn't check that it hasn't overrun
> this
> buffer, so if the server returns more than 30 user-defined flags, c-client
> segfaults.
>
> Here is a patch which fixes the problem:
>
> diff -Nur uw-imap-2002edebian1/src/c-client/imap4r1.c
> uw-imap-2002edebian1-patched/src/c-client/imap4r1.c
> --- uw-imap-2002edebian1/src/c-client/imap4r1.c 2003-07-11 01:09:36.000000000
> +0100
> +++ uw-imap-2002edebian1-patched/src/c-client/imap4r1.c 2008-10-07
> 14:51:42.000000000 +0100
> @@ -3330,7 +3330,15 @@
> fs_give ((void **) &stream->user_flags[i++]);
> i = 0; /* add flags */
> if (reply->text && (s = (char *) strtok (reply->text+1," )"))) do
> - if (*s != '\\') stream->user_flags[i++] = cpystr (s);
> + if (*s != '\\') {
> + if (i < NUSERFLAGS) {
> + stream->user_flags[i++] = cpystr (s);
> + }
> + else {
> + sprintf (LOCAL->tmp,"No room to add user flag: %.80s",s);
> + mm_log (LOCAL->tmp,WARN);
> + }
> + }
> while (s = (char *) strtok (NIL," )"));
> }
> else if (!strcmp (reply->key,"SEARCH")) {
>
>
>
>
>
> -- System Information:
> Debian Release: 4.0
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: i386 (i686)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-6-686
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
>
> Versions of packages libc-client2002edebian depends on:
> ii deb 1.5.11etch2 Debian configuration management
> sy
> ii lib 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
> ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
> ii lib 1.4.4-7etch6 MIT Kerberos runtime libraries
> ii lib 0.79-5 Pluggable Authentication Modules
> f
> ii lib 0.79-5 Pluggable Authentication Modules
> l
> ii lib 0.9.8c-4etch3 SSL shared libraries
> ii mlo 7:2002edebian1-13.1 Mailbox locking program from UW
>
> libc-client2002edebian recommends no packages.
>
> -- debconf information excluded
>
>
>
signature.asc
Description: Digital signature
