[imp] Imp 3.1 - session related nasty bug and apache segfault

[Viljo Viitanen]

First the session bug (it is unrelated to the segfault):

User logs in on 'top' of another session. There may be many possible reasons
for this, the easy way to reproduce is to load up to login screens in
different window which share the session cookie. Then login in the first,
and after that, login with different username on the other. The login
attempt fails, as imp notices the usernames are different, but it doesn't do
enough. The problem lies with the following code in redirect.php:

        /* Disable the old session. */
        $imp = false;
        session_unregister('imp');

Old login information is destroyed, but other information isn't, like
identities from prefs_cache.

The fix is to use session_destroy(), and not just session_unregister('imp').

This bug also seems to be in CVS RELENG_3, at least the same code is there too.

We had a really strange case of user reporting that a mail was sent with
completely wrong From address some time ago. While I confirmed it (a copy
was in the user's Sent folder), I could not understand how that could
happen, until now.

Anyway, I understood the above problem when I was investigating a completely
different and unrelated problem, where apache segfaults when an user had
~2000 mails in a folder with ~200 of them deleted and using hide deleted.

Anyone else seen this, btw? I can reproduce this, but it is very unclear
which conditions exactly causes apache to segfault, it somehow depends on
which messages are deleted, and not the total amount. And I don't even know
where apache segfaults, inside php or imap c-client. I should do a trace on
a coredump, but... I'm using php 4.2.3 and pretty old imap c-client 4.7.

-- 
Viljo Viitanen