On 2019.08.28. 15:10, Aki Tuomi via dovecot wrote:
Steps to reproduce:
This bug is best observed using valgrind to see the out of bounds read
with following snippet:
perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\"
\"\000".("x"x1020)."\\A\")\n"' | nc localhost 143
Hi!
Before I had 2.2.25 and returned result was:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a BAD Missing ')'
now I upgraded to 2.2.36.4 and the result is the same.
--
KSB
