Bugtraq mailing list archives
Re: UW c-client library vulnerability
From: Jakub Bogusz <qboosh () PRIORIS MINI PW EDU PL>
Date: Sat, 2 Sep 2000 22:41:17 +0200
On Fri, Sep 01, 2000 at 07:53:22PM +0300, Juhapekka Tolvanen wrote:
It seems, that c-client libraries by University of Washington have some bug(s), that makes some programs that depend upon those libraries go crazy. AFAIK affected programs include at least Pine (read "pain"), ipop3d and IMAPD. And those programs and libraries are commonly used in Unixes. I don't know, if any patch, fix, work-around etc. exist. * * * Problem was caused by my X-Keywords-header, that serves as so called spook line (Hello, NSA! :-) ): X-Keywords: kettutytöt, Sanna Sillanpää, IKL, Jammu Siltavuori, ryssä, somali, lesbo, homo, lesbian, anarchism, nazi, communism, CIA, bomb, nuclear, Semtex, satan, traitor, pedophile
[...]
I've been fighting this problem all day too. Pine blows up when you try to save the INBOX back out with any changes. (I'm using fetchmail and plain vanilla mail spool files.) It was driving me nuts. Thanks for posting. (I saved a copy of my mailbox and will pick through it with a fine-tooth comb later.)
pine crashes with "header size inconsistant" during saving mailbox if any message contains X-Keywords line split in 2 or more lines... Your post (maybe processed by MTA) contained 2-line X-Keywords so my pine crashed... and I could find why. (and had finally motivation to configure Mutt ;)) X-Keywords is processed in 2 functions: mail_filter() (in imap/src/c-client/mail.c) filters out X-Keywords line and seems to handle multi-line keywords correctly unix_parse() (in imap/src/osdep/unix/unix.c) probably doesn't handle multi-line keywords Different results (different header sizes) causes pine crash. The same may apply to X-UID, X-Status and Status header (I haven't test, so I'm not sure). imap uses the same c-client library, so the same condition may cause imap crash. -- Jakub Bogusz http://prioris.mini.pw.edu.pl/~qboosh/
Current thread:
- UW c-client library vulnerability Juhapekka Tolvanen (Sep 01)
- Re: UW c-client library vulnerability Jakub Bogusz (Sep 03)
- <Possible follow-ups>
- Re: UW c-client library vulnerability Josh Higham (Sep 02)