Hi,
Sorry for losing track of the issue.
I was getting corrupted headers where because one header had multiple
NULLs in it, when dovecot wrote the message back, it ended up dropping
that header and merging/corrupting another header. The example I came up
with was where the original message looked like so:
From te...@test3.com Tue Nov 28 11:29:34 2007
Date^@: Tue, 28 Nov 2007 11:29:34 +0100
^@From: ( Test User 4 <te...@test3.com>
To: Dovecot tester <dove...@test.com>
Sub^@ject: Test 3
Statu^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@s: R
Stop cracking!
(note that the ^@ are representations of NULL characters). Causing the
message to be written back in dovecot reults i the following:
From te...@test3.com Tue Nov 28 11:29:34 2007
Date^@: Tue, 28 Nov 2007 11:29:34 +0100
^@From: ( Test User 4 <te...@test3.com>
To: Dovecot tester <dove...@test.com>
Sub^@ject: Test X-IMAPbase: 1308694311 0000000001
X-UID: 1
Status: O
Stop cracking!
Note that the fake Subject line has the X-IMAPbase header merged into
it. I was not able to get more widespread corruption of the mailbox, but
didn't try very hard.
Anyway, dovecot in hardy is not affected by the original crashing issue,
and so I'm going to close this specific bug report.
Thanks, and sorry again for the delay in following up with this issue.
** Changed in: dovecot (Ubuntu)
Status: In Progress => Invalid
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/791758
Title:
CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/791758/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
