Hi, Sorry for losing track of the issue.
I was getting corrupted headers where because one header had multiple NULLs in it, when dovecot wrote the message back, it ended up dropping that header and merging/corrupting another header. The example I came up with was where the original message looked like so: From [email protected] Tue Nov 28 11:29:34 2007 Date^@: Tue, 28 Nov 2007 11:29:34 +0100 ^@From: ( Test User 4 <[email protected]> To: Dovecot tester <[email protected]> Sub^@ject: Test 3 Statu^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@s: R Stop cracking! (note that the ^@ are representations of NULL characters). Causing the message to be written back in dovecot reults i the following: From [email protected] Tue Nov 28 11:29:34 2007 Date^@: Tue, 28 Nov 2007 11:29:34 +0100 ^@From: ( Test User 4 <[email protected]> To: Dovecot tester <[email protected]> Sub^@ject: Test X-IMAPbase: 1308694311 0000000001 X-UID: 1 Status: O Stop cracking! Note that the fake Subject line has the X-IMAPbase header merged into it. I was not able to get more widespread corruption of the mailbox, but didn't try very hard. Anyway, dovecot in hardy is not affected by the original crashing issue, and so I'm going to close this specific bug report. Thanks, and sorry again for the delay in following up with this issue. ** Changed in: dovecot (Ubuntu) Status: In Progress => Invalid ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/791758 Title: CVE-2011-1929 and Dovecot 1.0.10-1ubuntu5.2 in Hardy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/791758/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
