From owner-freebsd-bugs Mon Jun 5 12: 0: 9 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0EFEC37B8DA for ; Mon, 5 Jun 2000 12:00:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id MAA76034; Mon, 5 Jun 2000 12:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id A3E0937B7BD; Mon, 5 Jun 2000 11:56:27 -0700 (PDT) Message-Id: <20000605185627.A3E0937B7BD@hub.freebsd.org> Date: Mon, 5 Jun 2000 11:56:27 -0700 (PDT) From: agifford@infowest.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/19038: The qpopper port accepts empty X-UIDL: headers in some cases, making retrieving email impossible in some cases Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 19038 >Category: misc >Synopsis: The qpopper port accepts empty X-UIDL: headers in some cases, making retrieving email impossible in some cases >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 05 12:00:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Aaron Gifford >Release: FreeBSD 4.0-STABLE >Organization: >Environment: FreeBSD jardan.infowest.com 4.0-STABLE FreeBSD 4.0-STABLE #0: Mon Jun 5 08:24:54 MDT 2000 adg@jardan.infowest.com:/usr/src/sys/compile/JARDAN.INFOWEST.COM i386 >Description: There's a bug in the current version of qpopper in the ports collection such that an email message containing a header "X-UIDL: " with ONLY the header name followed by a single space can cause a mailbox to be unreadable by some clients (Microsoft Outlook in particular) because client then chokes on the output of the XUIDL POP command. >How-To-Repeat: Hand edit a mailbox file and add an X-UIDL: header that ONLY includes the header name followed by a single white space (or send yourself such a message), then connect to the qpopper port, issue the USER and PASS command, then send the UIDL command. Notice that when it lists the message with the faulty header, you see something like this (assuming the bad header is part of message #25): ... 24 e9939c998575720193ef864e906609ee 25 26 064976f286d27c205936a1d8ab8d832a 27 c7ba3d53f66c62b4a3bc5bb8f6c1e4a4 ... At least one email client is known to choke at this point (MS Outlook) and abort the POP session (there are most likely many more). I discovered it when a coworker's email client (Outlook) started freaking out so he couldn't retrieve his email. >Fix: The fix is simple. Edit the patched ports version of pop_dropcopy.c and delete the following line (line 757): } else if (!strncasecmp("X-UIDL:", buffer, 7)) { if (!uidl_found) { int len; char *cp; uidl_found++; <<<< MIN_UIDL_LENGTH && len < MAX_UIDL_LENGTH ) { uidl_found++; That one line change will force qpopper to generate a new X-UIDL: header when the X-UIDL: header is empty. I strongly suspect that this is a case where someone editing things just forgot to delete that line while adding functionality. In other cases, the code correctly checks for an X-UIDL: header whose length is > MIN_UIDL_LENGTH and < MAX_UIDL_LENGTH. This single case (zero length after the header and single space) slips through. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message