[Tickets #12282] Handling IMAP server errors can lead to DoS

noreply at bugs.horde.org noreply at bugs.horde.org
Wed May 29 15:46:15 UTC 2013 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12282
------------------------------------------------------------------------------
  Ticket             | 12282
  Created By         | bra at fsn.hu
  Summary            | Handling IMAP server errors can lead to DoS
  Queue              | IMP
  Version            | 6.0.4
  Type               | Bug
  State              | Unconfirmed
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


bra at fsn.hu (2013-05-29 15:46) wrote:

I've selected IMP as the category, because that's where it occurs, and  
I'm not sure where it should be fixed.
The problem happens when I do some IMAP operations and the server  
gives back an error, like here:
* 11 FETCH (UID 19 FLAGS (\Seen) RFC822.SIZE 2418 ENVELOPE ("Fri, 28  
Nov 2008 19:20:40 +0100" {102}
A Magyar =?iso-8859-1?Q?Di=E1ksport_Sz=F6v?=  
=?iso-8859-1?Q?ets=E9g_H=EDrei_2008=2E_november_28-=E1n?=  
(("Diaksporthir" NIL "diaksporthir" "mdsz.hu")) (("Diaksporthir" NIL  
"diaksporthir" "mdsz.hu")) ((NIL NIL "diaksporthir" "mdsz.hu")) ((NIL  
NIL "bra" "fsn.hu")) NIL NIL NIL "<20081128182040.GA20477 at mdsz.hu>")  
BODY[HEADER.FIELDS (IMPORTANCE LIST-POST X-PRIORITY)] {2}

)
* 12 FETCH (UID 20 FLAGS (\Seen Junk))
* BYE Internal error occurred. Refer to server log for more  
information. [2013-05-29 17:30:25]

After this, the PHP process goes berserk by logging these lines (I use  
syslog, so syslog also gets some heavy times):
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: fgets() expects  
parameter 1 to be resource, null given [pid 1474 on line 4203 of  
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: feof() expects parameter  
1 to be resource, null given [pid 1474 on line 4190 of  
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: fgets() expects  
parameter 1 to be resource, null given [pid 1474 on line 4203 of  
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]

This goes in an infinite loop (until max execution time is reached),  
logging into syslog as fast as it can. Repeating this some more times  
on the web UI makes the whole system unusable, even denying logging in  
via sshd (syslogd is so overwhelmed that it blocks it).

I think it would be nice to prepare for IMAP errors other than logging  
more than 2000 lines per second, effectively causing a DoS to the  
system. :)

More information about the bugs mailing list