[Tickets #5657] Re: UID ( X-UID ) > 0x80000000 misinterpreted unsigned numbers
bugs at bugs.horde.org
bugs at bugs.horde.org
Wed Nov 21 01:45:22 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5657
-----------------------------------------------------------------------
Ticket | 5657
Updated By | horde at phroggy.com
Summary | UID ( X-UID ) > 0x80000000 misinterpreted unsigned numbers
Queue | IMP
Version | 4.1.4
Type | Bug
State | Not A Bug
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
horde at phroggy.com (2007-11-20 17:45) wrote:
Is there a way Horde could test for this problem, and report an error to
the user if PHP misbehaves? The current behavior is for messages with a
UID above 2^31 to just not show up (but the number of unread messages
displayed next to the folder name is correct).
Mozilla Thunderbird and Apple Mail both have the same bug. Mozilla is
working on fixing it (bug 223942). I reported it to Apple as bug 5608502;
they haven't responded yet.
(For the record: the reason you're likely to encounter this bug is, your
IMAP server stores mail folders in mbox format, using an X-UID header to
store the UID, and your MTA is not set up to strip X-UID headers from
incoming messages, so when a spammer sends you a message with a fake X-UID
header, the IMAP server has to trust it because it doesn't know better.
This is a huge problem even if this signed integer bug is fixed, because
someone could send you a message with an "X-UID: 4294967295" header; if
you're using the mbox format, you MUST set your MTA to strip these headers
on incoming messages: Status, X-Status, X-Keywords, X-UID, X-IMAP,
X-IMAPbase.)
More information about the bugs
mailing list