Bug 41917
| Summary: | POP3 server crashes on command "STLS". | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Gerald Gutierrez <pozix> |
| Component: | imap | Assignee: | Mike A. Harris <mharris> |
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-06-12 18:15:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The problem exists in imap-2000c also: #/usr/sbin/ipop3d +OK POP3 imap1.gromco.com v2000.70rh server ready STLS +OK STLS completed Aborted (core dumped) # You need to have valid SSL certificates configured before STLS will function. The new packages will migrate an stunnel.pem file automatically if one exists, or will create a self signed cert otherwise. This minimizes admin overhead, even though I do not consider this a bug per se. imap-2000c-10 generates certs by default in ssl enabled builds which makes this a non-issue. |
This bug completely prevents the installation of a secured POP3 service using Red Hat Linux 7.1 without using external packages. When I run /usr/sbin/ipop3d (from imap-2000) from the command line and give it the "STLS" command, which the RFC says starts TLS negotiation, I get the following response: +OK STLS completed Aborted (core dumped) ... and the process promptly dumps core. This happens with the prebuilt imap-2000 binary as well as with one built from the source RPM. Running the core through GDB gives limited stack information, since the binary was built without debugging: (gdb) where #0 0x401a85c1 in __kill () from /lib/libc.so.6 #1 0x401a833d in raise (sig=6) at ../sysdeps/posix/raise.c:27 #2 0x401a99a8 in abort () at ../sysdeps/generic/abort.c:88 #3 0x0805d443 in net_getbuffer () at eval.c:41 #4 0x080613be in auth_plain_server () at eval.c:41 #5 0x08061729 in auth_plain_server () at eval.c:41 #6 0x0804c588 in strcpy () at ../sysdeps/generic/strcpy.c:31 #7 0x40196e5e in __libc_start_main (main=0x804c194 <strcpy+276>, argc=1, ubp_av=0xbffffb4c, init=0x804b538 <_init>, fini=0x80a384c <_fini>, rtld_fini=0x4000d3c4 <_dl_fini>, stack_end=0xbffffb3c) at ../sysdeps/generic/libc-start.c:129