On Mon, Sep 29, 2008 at 12:10:12PM +0200, Christian Schlittchen wrote: > Package: perdition > Version: 1.17.1-2 > Severity: normal > > > Perdition exits with a signal 11 (segmentation fault) when ssl_mode is > not set and it recieves a starttls command on an imap connection. The > problem may exist for pop too, but I've not tested that. It can > be reporoduced easily by unsetting ssl_mode, then telnet to the > imap port and typing 'a001 starttls'. > > The segfault occurs in username_mangle -> username_strip -> strrchr > because the username-parameter is null. The reason is likely in > the somewhat obfuscated main loop of perdition, particularly in > lines 628 to 652. The starttls command means that the status > variable is 2, but when ssl_mode is not set the if-condition > is false and the username_mangle function in line 652 is called > next, which is probably not what is intended in this situation.
Hi Christian, thanks for bringing this to my attention. I believe that the following patch, which I have committed, resolves the problem. diff -r 0c73e2fc2bd0 -r b03df4603e78 perdition/imap4_in.c --- a/perdition/imap4_in.c Thu Aug 13 21:22:40 2009 +1000 +++ b/perdition/imap4_in.c Thu Aug 13 21:47:12 2009 +1000 @@ -447,6 +447,9 @@ ! strncasecmp((char *)token_buf(t), IMAP4_CMD_STARTTLS, token_len(t))) { __IMAP4_IN_CHECK_NO_ARG(IMAP4_CMD_STARTTLS); + if(!(opt.ssl_mode & SSL_MODE_TLS_OUTGOING)) { + __IMAP4_IN_BAD("STARTTLS disabled, mate"); + } if(io_get_type(io) != io_type_ssl){ if(imap4_write(io, NULL_FLAG, tag, IMAP4_OK, 0, "Begin TLS negotiation now")<0){ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org