Package: mailutils-imap4d
Version: 1:0.6.1-4sarge2
Severity: grave
Justification: renders package unusable
I use imap4d using a traditional /var/spool/mail source (and don't use
folders or any of that fancy stuff); I just use it as a POP replacement
with gnus running gssapi as the authentication.
If the mailbox contains a message with an ASCII NUL (000) character,
then the reply to a FETCH command (at least, those generated by gnus,
such as:
30 UID FETCH 27 BODY.PEEK[]
will print a correct message count in {} in the reply, but then in the
message itself, printing of the message will stop with the character
before the ASCII NUL, and then the terminating ) is printed, followed
by
30 OK UID FETCH Completed
The problem seems pretty obvious: the code that reads and prints the
message into the reply is fooled by NULs because it is using C strings
to hold the data.
I have marked this bug report grave because spam is extremely common in
this sad world, and spam often includes such NUL characters. This
prevents the use of imap4d with any such mail spool, rendering the
tool unusable.
In the message where I saw this, the NUL character was within a MIME
block, with type text/plain and encoding base64; the NUL occurred at the
end of the last line of the block, before the concluding boundary line.
The problem occurs as well if a "FETCH 27 BODY[TEXT]" command is used
(not surprisingly).
Clearly the bug is in fetch_io, in imap4d/fetch.c. We are called from
fetch_operation, where there is no partial offset, so start and end are
ULONG_MAX. The first main loop for fetch_io is the one chosen, and max
is set correctly (because the size printed between {} I know to be
correct). Then we read chunks of 512 bytes at a time, and use util_send
to output them. util_send cannot deal with chunks that have embedded
NULs.
pop3d is apparently able to handle the messages correctly.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages mailutils-imap4d depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libcomerr2 1.37-2sarge1 common error description library
ii libgcrypt11 1.2.0-11.1 LGPL Crypto library - runtime libr
ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime
ii libgnutls11 1.0.16-13.2 GNU TLS library - runtime library
ii libgpg-error0 1.0-1 library for common error values an
ii libgsasl7 0.2.5-1 GNU SASL library
ii libidn11 0.5.13-1.0 GNU libidn library, implementation
ii libkrb53 1.3.6-2sarge2 MIT Kerberos runtime libraries
ii libmailutils0 1:0.6.1-4sarge2 GNU Mail abstraction library
ii libmysqlclient12 4.0.24-10sarge1 mysql database client library
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libtasn1-2 0.2.10-3sarge1 Manage ASN.1 structures (runtime)
ii netbase 4.21 Basic TCP/IP networking system
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
