[pkg-fetchmail-maint] Bug#212484: marked as done (fetchmail: Hangs downloading messages using IMAP/Wrong message size)

Debian Bug Tracking System owner at bugs.debian.org
Wed Jul 20 13:33:32 UTC 2005 

Your message dated Wed, 20 Jul 2005 15:21:24 +0200
with message-id <20050720132124.GA29890 at ngolde.de>
and subject line (no subject)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Sep 2003 22:51:12 +0000
>From kinetik at orcon.net.nz Tue Sep 23 17:51:07 2003
Return-path: <kinetik at orcon.net.nz>
Received: from loadbalancer-vip.orcon.net.nz (dbmail-mx2.orcon.co.nz) [219.88.242.2] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1A1vzu-0004Ta-00; Tue, 23 Sep 2003 17:51:07 -0500
Received: from brak (port-219-88-249-174.jet.net.nz [219.88.249.174])
	by dbmail-mx2.orcon.co.nz (8.12.6/8.12.6/Debian-7) with ESMTP id h8NMnRUK000800;
	Wed, 24 Sep 2003 10:49:28 +1200
Received: from kinetik by brak with local (Exim 3.36 #1 (Debian))
	id 1A1vzq-00011g-00; Wed, 24 Sep 2003 10:51:02 +1200
Content-Type: multipart/mixed; boundary="===============0311125439=="
MIME-Version: 1.0
From: Matthew Gregan <kinetik at orcon.net.nz>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: fetchmail: Hangs downloading messages using IMAP/Wrong message size
X-Mailer: reportbug 2.20
Date: Wed, 24 Sep 2003 10:51:02 +1200
Message-Id: <E1A1vzq-00011g-00 at brak>
X-Spam-Score: -0.5 () PATCH_UNIFIED_DIFF
X-Scanned-By: MIMEDefang 2.32 (www . roaringpenguin . com / mimedefang)
Delivered-To: submit at bugs.debian.org
X-Spam-Status: No, hits=-12.3 required=4.0
	tests=BAYES_30,HAS_PACKAGE,PATCH_UNIFIED_DIFF
	autolearn=ham version=2.53-bugs.debian.org_2003_9_21
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_9_21 (1.174.2.15-2003-03-30-exp)

This is a multi-part MIME message sent by reportbug.

--===============0311125439==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: fetchmail
Version: 6.2.4-1
Severity: normal
Tags: patch

Using the IMAP protocol to connect to an IMAPv4r1 server running
dbmail's IMAP daemon version 0.9, fetchmail hangs downloading mail
sometimes.  When this occurs, fetchmail has recorded the message size as
being some impossibly large number of bytes.

A log transcript follows, with '[...]' inserted anywhere that
repeated/irrelevant lines have been removed.

fetchmail: 6.2.4 querying mail.example.test (protocol IMAP) at Wed Sep 24 10:31:40 2003: poll started
fetchmail: IMAP< * OK dbmail imap (protocol version 4r1) server 0.9 ready to run
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4 IMAP4rev1 AUTH=LOGIN
fetchmail: IMAP< A0001 OK CAPABILITY completed
fetchmail: Protocol identified as IMAP4 rev 1
fetchmail: IMAP> A0002 LOGIN "jrhacker" *
fetchmail: IMAP< A0002 OK LOGIN completed
fetchmail: selecting or re-polling default folder
fetchmail: IMAP> A0003 SELECT "INBOX"
fetchmail: IMAP< * 115 EXISTS
fetchmail: IMAP< * 115 RECENT
fetchmail: IMAP< * FLAGS (\Seen \Answered \Deleted \Flagged \Draft \Recent )
fetchmail: IMAP< * OK [PERMANENTFLAGS (\Seen \Answered \Deleted \Flagged \Draft \Recent )]
fetchmail: IMAP< * OK [UIDVALIDITY 49447] UID value
fetchmail: IMAP< * OK [UNSEEN 1] first unseen message
fetchmail: IMAP< A0003 OK [READ-WRITE] SELECT completed
fetchmail: 115 messages waiting after first poll
fetchmail: IMAP> A0004 EXPUNGE
fetchmail: IMAP< A0004 OK EXPUNGE completed
fetchmail: 115 messages waiting after expunge
fetchmail: IMAP> A0005 SEARCH UNSEEN
fetchmail: IMAP< * SEARCH 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
fetchmail: 1 is unseen
[...]
fetchmail: 115 is unseen
fetchmail: IMAP< A0005 OK SEARCH completed
fetchmail: 1 is first unseen
115 messages for jrhacker at mail.example.test.
fetchmail: IMAP> A0006 FETCH 1:115 RFC822.SIZE
fetchmail: IMAP< * 1 FETCH (RFC822.SIZE 1651)
[...]
fetchmail: IMAP< * 115 FETCH (RFC822.SIZE 2475)
fetchmail: IMAP< A0006 OK FETCH completed
fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER
fetchmail: IMAP< * 1 FETCH (RFC822.HEADER {1649}
reading message jrhacker at mail.example.test:1 of 115 (1649 header octets)
About to rewrite Sender: owner-bugs at openbsd.org
Rewritten version is Sender: owner-bugs at openbsd.org

About to rewrite To: bugs at openbsd.org
Rewritten version is To: bugs at openbsd.org

About to rewrite From: Molly Salazar <molly_salazarsh at e-sense.dk>
Rewritten version is From: Molly Salazar <molly_salazarsh at e-sense.dk>

About to rewrite Return-Path: <owner-bugs+M4054=kinetik=orcon.net.nz at openbsd.org>
Rewritten version is Return-Path: <owner-bugs+M4054=kinetik=orcon.net.nz at openbsd.org>

fetchmail: SMTP< 220 brak ESMTP Exim 3.36 #1 Wed, 24 Sep 2003 10:31:42 +1200
fetchmail: SMTP> EHLO localhost
fetchmail: SMTP< 250-brak Hello jrhacker at brak [127.0.0.1]
fetchmail: SMTP< 250-SIZE
fetchmail: SMTP< 250-PIPELINING
fetchmail: SMTP< 250 HELP
fetchmail: forwarding to localhost
fetchmail: SMTP> MAIL FROM:<owner-bugs+M4054=kinetik=orcon.net.nz at openbsd.org> SIZE=1651
fetchmail: SMTP< 250 <owner-bugs+M4054=kinetik=orcon.net.nz at openbsd.org> is syntactically correct
fetchmail: SMTP> RCPT TO:<jrhacker at localhost>
fetchmail: SMTP< 250 <jrhacker at localhost> verified
fetchmail: SMTP> DATA
fetchmail: SMTP< 354 Enter message, ending with "." on a line by itself
#fetchmail: IMAP< )
fetchmail: IMAP< A0007 OK FETCH completed
fetchmail: IMAP> A0008 FETCH 1 BODY.PEEK[TEXT]
fetchmail: IMAP< * 1 FETCH (BODY[TEXT] {18446744073709551615}
 (2147483647 body octets) **********.*****...**

At this point fetchmail hangs, presumably waiting for additional data
that will never come.

The root cause of this is a buggy IMAP implementation in the dbmail IMAP
daemon 0.9.  I have tested the version 1.1 release of dbmail and found
that this problem has been fixed.  However, fetchmail does not correctly
handle these large message sizes, which is what causes the hang.

I have reproduced this problem on another machine using OpenBSD 2.9 and
fetchmail 6.2.4.

fetchmail does not correctly handle cases where conversion of a number
from a string to an integer using atoi() causes an integer overflow.  I
have attached a patch that fixes this inside the IMAP code.  It appears
that the same problem exists in a couple of other places within
fetchmail.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux brak 2.6.0-test1-ac1 #4 Sat Jul 26 20:20:11 NZST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages fetchmail depends on:
ii  adduser                       3.51       Add and remove users and groups
ii  base-files                    3.0.10     Debian base system miscellaneous f
ii  debconf                       1.3.8      Debian configuration management sy
ii  debianutils                   2.5.4      Miscellaneous utilities specific t
ii  libc6                         2.3.1-16   GNU C Library: Shared libraries an
ii  libssl0.9.7                   0.9.7b-2   SSL shared libraries

-- debconf information:
* fetchmail/initdefaultswarn: 
* fetchmail/runasroot: false
* fetchmail/confwarn: 
  fetchmail/fetchidswarn: 
* fetchmail/systemwide: true


--===============0311125439==
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="fetchmail-6.2.4-imap-strtol.patch"

--- imap.c.old	Thu Jul 17 13:03:20 2003
+++ imap.c	Sun Aug  3 13:42:57 2003
@@ -12,6 +12,7 @@
 #if defined(STDC_HEADERS)
 #include  <stdlib.h>
 #include  <limits.h>
+#include  <errno.h>
 #endif
 #include  "fetchmail.h"
 #include  "socket.h"
@@ -964,8 +965,12 @@
      * it to be present, but at least one IMAP server (Novell GroupWise)
      * botches this.
      */
-    if ((cp = strchr(buf, '{')))
-	*lenp = atoi(cp + 1);
+    if ((cp = strchr(buf, '{'))) {
+        errno = 0;
+	*lenp = (int)strtol(cp + 1, (char **)NULL, 10);
+        if (errno == ERANGE && (*lenp == LONG_MAX || *lenp == LONG_MIN))
+            *lenp = -1;    /* length is too big/small for us to handle */
+    }
     else
 	*lenp = -1;	/* missing length part in FETCH reponse */
 

--===============0311125439==--

---------------------------------------
Received: (at 212484-done) by bugs.debian.org; 20 Jul 2005 13:21:28 +0000
>From nico at ngolde.de Wed Jul 20 06:21:28 2005
Return-path: <nico at ngolde.de>
Received: from modprobe.de (h4447.serverkompetenz.net) [81.169.172.197] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1DvEVs-00081V-00; Wed, 20 Jul 2005 06:21:28 -0700
Received: by h4447.serverkompetenz.net (Postfix, from userid 1003)
	id 36486434060; Wed, 20 Jul 2005 15:21:24 +0200 (CEST)
Date: Wed, 20 Jul 2005 15:21:24 +0200
From: Nico Golde <nico at ngolde.de>
To: 212484-done at bugs.debian.org
Message-ID: <20050720132124.GA29890 at ngolde.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Editor: VIM - Vi IMproved 6.3 (2004 June 7, compiled Apr 24 2005 15:44:11)
X-Mailer: Mutt-ng http://www.muttng.org
X-Operating-System: Debian GNU/Linux sid
X-My-Homepage: http://www.ngolde.de
User-Agent: mutt-ng devel-r316 (Debian)
Delivered-To: 212484-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-1.5 required=4.0 tests=BAYES_00,NOSUBJECT 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Hi,
see Matthias explanation for details.
Regards Nico

-- 
Nico Golde - JAB: nion at jabber.ccc.de | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org 
VIM has two modes - the one in which it beeps 
and the one in which it doesn't -- encrypted mail preferred

More information about the pkg-fetchmail-maint mailing list