On Fri, 2011-05-20 at 18:44 +0200, Moritz Muehlenhoff wrote: > | Fixed potential crashes and other problems when parsing > | header names that contained NUL characters. > > Could you contact upstream wrt the exact impact? What is > being crashed here, can someone only crash a delivery > thread or can the whole IMAP server be crashed through > malformed mail messages? In the latter case we should > release a DSA.
It doesn't necessarily crash, just output some garbage, because the basic problem is that it's reading a buffer past its used size. The problematic parts are: 1) With mbox format it looks like it could be crashing/corrupting output whenever reading/saving mails. 2) With non-mbox format there are only IMAP SEARCH and FETCH HEADER[FIELDS...] commands that can cause crash/corruption. 3) Except with v2.0 if using external dbox attachment storage it can also cause some crash/corruption. Originally I was also hoping SMTP servers to drop any NULs in header names, but looks like at least Postfix happily preserves them. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
