[Bug 861299] [NEW] phyton class IMAP4_SSL(IMAP4): may induce a life lock/ memory leak and stalls compete system

Wed, 28 Sep 2011 03:41:05 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

Description:    Ubuntu 10.04.3 LTS
Release:        10.04

Call Stack:
getmail,  line 737, in <module>
  main()
getmail,  line 703, in main
  go(configs)
getmail,  line 149, in go
  msg = retriever.getmsg(msgid)
_retrieverbases.py,  line 437, in getmsg
  return self._getmsgbyid(msgid)
_retrieverbases.py,  line 896, in _getmsgbyid
  return self._getmsgpartbyid(msgid, '(RFC822)')
_retrieverbases.py,  line 861, in _getmsgpartbyid
  response = self._parse_imapuidcmdresponse('FETCH', uid, part)
_retrieverbases.py,  line 738, in _parse_imapuidcmdresponse
  result, resplist = self.conn.uid(cmd, *args)
imaplib.py,  line 753, in uid
  typ, dat = self._simple_command(name, command, *args)
imaplib.py,  line 1060, in _simple_command
  return self._command_complete(name, self._command(name, *args))
imaplib.py,  line 888, in _command_complete
  typ, data = self._get_tagged_response(tag)
imaplib.py,  line 989, in _get_tagged_response
  self._get_response()
imaplib.py,  line 951, in _get_response
  data = self.read(size)
imaplib.py,  line 1161, in read
  chunks.append(data)


Please check code below!

Problem is that len(data) might return 0 since data can be "", thus the 
read variable never exceeds size and the while read < size: runs forever!
This produces 100 percent CPU usage and consumes memory (chunks.append(data) ) 
till the machine dies.


        def read(self, size):
            """Read 'size' bytes from remote."""
            # sslobj.read() sometimes returns < size bytes
            chunks = []
            read = 0
            while read < size:
                data = self.sslobj.read(min(size-read, 16384))
                read += len(data)
                chunks.append(data)

            return ''.join(chunks)

** Affects: getmail4 (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** Summary changed:

- phyton class IMAP4_SSL(IMAP4): may induce a memory leak and stalls compete 
system
+ phyton class IMAP4_SSL(IMAP4): may induce a life lock/ memory leak and stalls 
compete system

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/861299

Title:
  phyton class IMAP4_SSL(IMAP4): may induce a life lock/ memory leak and
  stalls compete system

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/getmail4/+bug/861299/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to