mail_fetch_body() may return empty string without updating len parameter
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
uw-imap (Debian) |
Fix Released
|
Unknown
|
|||
uw-imap (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
See Bug #617849 where this behavior crashes PHP.
In brief, when mail_fetch_body() is passed very long section (strlen(section) > 1004), mail_fetch_body() returns an empty string but does not set len parameter to zero. If the calling application has not set len to zero before calling mail_fetch_body(), it will likely to crash because len parameter will contain garbage.
$ lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
$ LC_ALL=C apt-cache policy libc-client2007e
libc-client2007e:
Installed: 8:2007e~dfsg-3.1
Candidate: 8:2007e~dfsg-3.1
Version table:
8:
500 http://
*** 8:2007e~dfsg-3.1 0
100 /var/lib/
Related branches
tags: | added: patch |
tags: |
added: patch-forwarded-debian removed: patch |
Changed in uw-imap (Debian): | |
status: | Unknown → New |
Changed in uw-imap (Debian): | |
status: | New → Fix Released |
Patch against src/c-client/mail.c that solves the problem.