Package: mailutils Version: 1:0.6.90-3 Severity: normal Tags: patch When trying to movemail on an mbox file which contains lines that are longer than 254 chars, i get errors like:
movemail: NO/Bad Tagged: NO Message contains NUL characters Cannot append message 1: Invalid argument i only get these errors when moving the mbox into an IMAP folder, not when moving it to another mbox. The IMAP folder i'm testing against is on a cyrus IMAPd v2.1.18 server. When i remove the long lines from the mbox, the message moves through into the IMAP folder successfully. A bit of digging turned up a bad buffer length check within imap_writeline() in mailbox/imap/folder.c, which is simply fixed with the supplied patch. i don't think there are any security implications. This bug appears to be present in CVS version 1.78 (HEAD as of this writing) of mailbox/imap/folder.c as well as in debian unstable. If i build mailutils with this patch, movemail can transfer from mbox to IMAP as expected. The relevant section of man vsnprintf pertaining to this fix is: [for the *nprintf() functions] ... a return value of size or more means that the output was truncated.
--- mailbox/imap/folder.c.orig 2005-10-31 00:35:31.000000000 -0500 +++ mailbox/imap/folder.c 2005-10-31 00:30:08.000000000 -0500 @@ -2044,7 +2044,7 @@ do { len = vsnprintf (f_imap->buffer, f_imap->buflen - 1, format, ap); - if (len < 0 || len >= (int)f_imap->buflen + if (len < 0 || len >= (int)(f_imap->buflen - 1) || !memchr (f_imap->buffer, '\0', len + 1)) { f_imap->buflen *= 2;
For debian, placing this patchfile in debian/patches/ seems to make the deb build correctly for me. Another way to fix this would be to drop the "-1" from vsnprintf's size parameter. But i don't know enough about how f_imap_t.buffer is used elsewhere to know if that's a safe choice. To reproduce the bug: --------------------- To help reproduce the bug, i've attached: - an example mbox file that was failing for me (fake0.mbox), and - two brief strace outputs showing the network traffic between me and the imap server: - once using libmu_imap.so without the patch applied (fake0.unpatched.trace), and - once with the patch applied (fake0.patched.trace). i started with an identical fake0.mbox for each strace. The traces were gathered with something like the following: strace -etrace=send,recv -s512 movemail file://home/dkg/src/mailutils/testing/fake0.mbox imap://[EMAIL PROTECTED]:9999/INBOX.ffff 2>../testing/fake0.patched.trace Thanks for developing these tools. --dkg -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (700, 'testing'), (700, 'stable'), (600, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages mailutils depends on: ii guile-1.6-libs 1.6.7-1 Main Guile libraries ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libcomerr2 1.38-2 common error description library ii libfribidi0 0.10.5-4 Free Implementation of the Unicode ii libgcrypt11 1.2.1-4 LGPL Crypto library - runtime libr ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library ii libgpg-error0 1.1-4 library for common error values an ii libgsasl7 0.2.5-1 GNU SASL library ii libguile-ltdl-1 1.6.7-1 Guile's patched version of libtool ii libidn11 0.5.18-1 GNU libidn library, implementation ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries ii libmailutils0 1:0.6.90-3 GNU Mail abstraction library ii libmysqlclient12 4.0.24-10sarge1 mysql database client library ii libncurses5 5.4-9 Shared libraries for terminal hand ii libpam0g 0.79-3 Pluggable Authentication Modules l ii libqthreads-12 1.6.7-1 QuickThreads library for Guile ii libreadline5 5.0-11 GNU readline and history libraries ii libtasn1-2 0.2.13-1 Manage ASN.1 structures (runtime) ii zlib1g 1:1.2.3-4 compression library - runtime mailutils recommends no packages. -- no debconf information
>From [EMAIL PROTECTED] Tue Sep 13 17:41:04 2005 X-VM-Bookmark: 4 X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil] ["9" "Tuesday" "13" "September" "2005" "17:41:04" "-0400" "Daniel Kahn Gillmor" "[EMAIL PROTECTED]" nil "1" "hello" "^From:" nil nil "9" nil nil (number " " mark " Daniel Kahn Gillm Sep 13 1/9 " thread-indent "\"hello\"\n") nil nil nil nil nil nil] nil) Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: by whatever.example.net (Postfix, from userid 1002) id 7CCED26EBB; Tue, 13 Sep 2005 17:41:04 -0400 (EDT) Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] (Daniel Kahn Gillmor) To: [EMAIL PROTECTED] Subject: hello Date: Tue, 13 Sep 2005 17:41:04 -0400 (EDT) hi there
recv(4, "* OK ignatz Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready\r\n", 8192, 0) = 67 send(4, "g0 CAPABILITY\r\n", 15, 0) = 15 recv(4, "* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 ANNOTATEMORE\r\ng0 OK Completed\r\n", 8192, 0) = 255 send(4, "g1 LOGIN \"dkg\" \"XXXXXXXXXX\"\r\n", 29, 0) = 29 recv(4, "g1 OK User logged in\r\n", 8192, 0) = 22 send(4, "g2 LIST \"\" \"INBOX.ffff\"\r\n", 25, 0) = 25 recv(4, "* LIST (\\HasNoChildren) \".\" \"INBOX.ffff\"\r\ng2 OK Completed (0.000 secs 2 calls)\r\n", 8192, 0) = 80 send(4, "g3 APPEND INBOX.ffff () {760}\r\n", 31, 0) = 31 recv(4, "+ go ahead\r\n", 8192, 0) = 12 send(4, "X-VM-Bookmark: 4\r\n", 18, 0) = 18 send(4, "X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil]\r\n", 54, 0) = 54 send(4, "\t[\"9\" \"Tuesday\" \"13\" \"September\" \"2005\" \"17:41:04\" \"-0400\" \"Daniel Kahn Gillmor\" \"[EMAIL PROTECTED]" nil \"1\" \"hello\" \"^From:\" nil nil \"9\" nil nil (number \" \" mark \" Daniel Kahn Gillm Sep 13 1/9 \" thread-indent \"\\\"hello\\\"\\n\") nil nil nil nil nil\0", 254, 0) = 254 send(4, "nil] \r\n", 7, 0) = 7 send(4, "\tnil)\r\n", 7, 0) = 7 send(4, "Return-Path: <[EMAIL PROTECTED]>\r\n", 32, 0) = 32 send(4, "Delivered-To: [EMAIL PROTECTED]", 48, 0) = 48 send(4, "Received: by whatever.example.net (Postfix, from userid 1002)\r\n", 63, 0) = 63 send(4, "\tid 7CCED26EBB; Tue, 13 Sep 2005 17:41:04 -0400 (EDT)\r\n", 55, 0) = 55 send(4, "Message-Id: <[EMAIL PROTECTED]>\r\n", 62, 0) = 62 send(4, "From: [EMAIL PROTECTED] (Daniel Kahn Gillmor)\r\n", 45, 0) = 45 send(4, "To: [EMAIL PROTECTED]", 42, 0) = 42 send(4, "Subject: hello\r\n", 16, 0) = 16 send(4, "Date: Tue, 13 Sep 2005 17:41:04 -0400 (EDT)\r\n", 45, 0) = 45 send(4, "\r\n", 2, 0) = 2 send(4, "hi there\r\n", 10, 0) = 10 send(4, "\n", 1, 0) = 1 recv(4, "g3 NO Message contains NUL characters\r\n", 8192, 0) = 39 movemail: NO/Bad Tagged: NO Message contains NUL characters Cannot append message 1: Invalid argumentsend(4, "g4 LOGOUT\r\n", 11, 0) = 11 recv(4, "* BYE LOGOUT received\r\ng4 OK Completed\r\n", 8192, 0) = 40
recv(4, "* OK ignatz Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-1 server ready\r\n", 8192, 0) = 67 send(4, "g0 CAPABILITY\r\n", 15, 0) = 15 recv(4, "* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 ANNOTATEMORE\r\ng0 OK Completed\r\n", 8192, 0) = 255 send(4, "g1 LOGIN \"dkg\" \"XXXXXXXXXX\"\r\n", 29, 0) = 29 recv(4, "g1 OK User logged in\r\n", 8192, 0) = 22 send(4, "g2 LIST \"\" \"INBOX.ffff\"\r\n", 25, 0) = 25 recv(4, "* LIST (\\HasNoChildren) \".\" \"INBOX.ffff\"\r\ng2 OK Completed (0.000 secs 2 calls)\r\n", 8192, 0) = 80 send(4, "g3 APPEND INBOX.ffff () {760}\r\n", 31, 0) = 31 recv(4, "+ go ahead\r\n", 8192, 0) = 12 send(4, "X-VM-Bookmark: 4\r\n", 18, 0) = 18 send(4, "X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil]\r\n", 54, 0) = 54 send(4, "\t[\"9\" \"Tuesday\" \"13\" \"September\" \"2005\" \"17:41:04\" \"-0400\" \"Daniel Kahn Gillmor\" \"[EMAIL PROTECTED]" nil \"1\" \"hello\" \"^From:\" nil nil \"9\" nil nil (number \" \" mark \" Daniel Kahn Gillm Sep 13 1/9 \" thread-indent \"\\\"hello\\\"\\n\") nil nil nil nil nil ", 254, 0) = 254 send(4, "nil] \r\n", 7, 0) = 7 send(4, "\tnil)\r\n", 7, 0) = 7 send(4, "Return-Path: <[EMAIL PROTECTED]>\r\n", 32, 0) = 32 send(4, "Delivered-To: [EMAIL PROTECTED]", 48, 0) = 48 send(4, "Received: by whatever.example.net (Postfix, from userid 1002)\r\n", 63, 0) = 63 send(4, "\tid 7CCED26EBB; Tue, 13 Sep 2005 17:41:04 -0400 (EDT)\r\n", 55, 0) = 55 send(4, "Message-Id: <[EMAIL PROTECTED]>\r\n", 62, 0) = 62 send(4, "From: [EMAIL PROTECTED] (Daniel Kahn Gillmor)\r\n", 45, 0) = 45 send(4, "To: [EMAIL PROTECTED]", 42, 0) = 42 send(4, "Subject: hello\r\n", 16, 0) = 16 send(4, "Date: Tue, 13 Sep 2005 17:41:04 -0400 (EDT)\r\n", 45, 0) = 45 send(4, "\r\n", 2, 0) = 2 send(4, "hi there\r\n", 10, 0) = 10 send(4, "\n", 1, 0) = 1 recv(4, "g3 OK [APPENDUID 1130719365 9] Completed\r\n", 8192, 0) = 42 send(4, "g4 LOGOUT\r\n", 11, 0) = 11 recv(4, "* BYE LOGOUT received\r\ng4 OK Completed\r\n", 8192, 0) = 40