[Tickets #13067] Re: PHP Error to view emails IMP (Interger overflow)

noreply at bugs.horde.org noreply at bugs.horde.org
Tue Apr 1 23:53:27 UTC 2014


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/13067
------------------------------------------------------------------------------
  Ticket             | 13067
  Updated By         | Michael Slusarz <slusarz at horde.org>
  Summary            | PHP Error to view emails IMP (Interger overflow)
  Queue              | IMP
  Version            | 6.1.6
  Type               | Bug
-State              | Feedback
+State              | Not A Bug
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             | Michael Slusarz
------------------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2014-04-01 17:53) wrote:

Your IMAP server is irreparably broken.

In this FETCH response:

* 1 FETCH (UID 13 FLAGS (\Seen $forwarded) RFC822.SIZE 434935 ENVELOPE  
("Tue, 11 Mar 2014 20:13:26 +0000" "SV3 PK/PD EASL poster: pre-layout  
version" (("BI HCV Pubs" NIL "bihcvpubs" "choicehs.com")) (("BI HCV  
Pubs" NIL "bihcvpubs" "choicehs.com")) (("BI HCV Pubs" NIL "bihcvpubs"  
"choicehs.com")) (("ASSELAH Tarik" NIL "tarik.asselah"  
"bjn.aphp.fr")({184467440737 NIL "Dr.Elmar-Zehnter-Dortmund"  
"t-online.de")("Agarwal, Kaushik" NIL "kosh.agarwal"  
"kcl.ac.uk")("????" NIL "sakai429" "hyo-med.ac.jp")("Hiroshi  
Yatsuhashi" NIL "yatsuhashi"  
"nmc.hosp.go.jp")("bernard.willems at umontreal.ca" NIL "bernard.willems"  
"umontreal.ca")("Wright, David" NIL "DWright"  
"seton.org")("calinas.hospital at gmail.com" NIL "calinas.hospital"  
"gmail.com")("joseluis.calleja at dom.es" NIL "joseluis.calleja"  
"dom.es")("NEGRO Francesco" NIL "Francesco.Negro"  
"hcuge.ch")("anne-marie.quinson at boehringer-ingelheim.com" NIL  
"anne-marie.quinson"  
"boehringer-ingelheim.com")("nanshi.sha at boehringer-ingelheim.com" NIL  
"nanshi.sha"  
"boehringer-ingelheim.com")("nicolas.dorleacq at boehringer-ingelheim.com" NIL  
"nicolas.dorleacq"  
"boehringer-ingelheim.com")("mike.schobelock at boehringer-ingelheim.com"  
NIL "mike.schobelock" "boehringer-ingelheim.com")("Ira M. Jacobson"  
NIL "imj2001" "med.cornell.edu")) (("BI HCV Pubs" NIL "bihcvpubs"  
"choicehs.com")("james.emmerson at boehringer-ingelheim.com" NIL  
"james.emmerson"  
"boehringer-ingelheim.com")("jerry.stern at boehringer-ingelheim.com" NIL  
"jerry.stern" "boehringer-ingelheim.com")) NIL NIL  
"<A839FF5570AA3B4794A27523E57B2961C850140298 at western06.westernoriental.local>") BODY[HEADER.FIELDS (IMPORTANCE LIST-POST X-PRIORITY)]  
{2}

Appears this:

({184467440737 NIL "Dr. [...]

Numbers within {} in IMAP indicate the length of literal string data.   
Brackets can NEVER appear ever in non-literal data, since they have  
only one meaning ... once the parser/tokenizer sees an opening  
bracket, it must take the value within the bracket as the length of  
literal data to read.

Here, not only is there a giant number defined, but the bracket is  
left open for hundreds of characters so PHP is converting this whole  
string to an integer.  I'm guessing that's why 2^63-1 is chosen ...  
that's likely the largest internal
integer value PHP supports.  (Suspiciously like a 64-bit C signed integer.)

There's just no practical way of recovering from this data.  And I  
really see no reason to do sanity checking for this beyond rare  
occurrence - hitting the PHP memory limit is sufficient sanity  
checking for me.

You need to report this issue to the upstream IMAP server provider for  
them to fix.





More information about the bugs mailing list