On Mon, Sep 29, 2008 at 12:10:12PM +0200, Christian Schlittchen wrote:
> Package: perdition
> Version: 1.17.1-2
> Severity: normal
>
>
> Perdition exits with a signal 11 (segmentation fault) when ssl_mode is
> not set and it recieves a starttls command on an imap connection. The
> problem may exist for pop too, but I've not tested that. It can
> be reporoduced easily by unsetting ssl_mode, then telnet to the
> imap port and typing 'a001 starttls'.
>
> The segfault occurs in username_mangle -> username_strip -> strrchr
> because the username-parameter is null. The reason is likely in
> the somewhat obfuscated main loop of perdition, particularly in
> lines 628 to 652. The starttls command means that the status
> variable is 2, but when ssl_mode is not set the if-condition
> is false and the username_mangle function in line 652 is called
> next, which is probably not what is intended in this situation.
Hi Christian,
thanks for bringing this to my attention.
I believe that the following patch, which I have committed,
resolves the problem.
diff -r 0c73e2fc2bd0 -r b03df4603e78 perdition/imap4_in.c
--- a/perdition/imap4_in.c Thu Aug 13 21:22:40 2009 +1000
+++ b/perdition/imap4_in.c Thu Aug 13 21:47:12 2009 +1000
@@ -447,6 +447,9 @@
! strncasecmp((char *)token_buf(t), IMAP4_CMD_STARTTLS,
token_len(t))) {
__IMAP4_IN_CHECK_NO_ARG(IMAP4_CMD_STARTTLS);
+ if(!(opt.ssl_mode & SSL_MODE_TLS_OUTGOING)) {
+ __IMAP4_IN_BAD("STARTTLS disabled, mate");
+ }
if(io_get_type(io) != io_type_ssl){
if(imap4_write(io, NULL_FLAG, tag, IMAP4_OK, 0,
"Begin TLS negotiation now")<0){
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
