Bug 449125

Summary: Large X-UID mail headers in dovecot break clients
Product: Red Hat Enterprise Linux 4 Reporter: Issue Tracker <tao>
Component: dovecotAssignee: Michal Hlavinka <mhlavink>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 4.6CC: bhamrick, bughunt, moshiro, ofourdan, tao
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-05 14:38:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Issue Tracker 2008-05-30 16:27:51 UTC
Escalated to Bugzilla from IssueTracker

Comment 1 Issue Tracker 2008-05-30 16:27:53 UTC
Unassigning myself from this ticket as tomorrow is my last day at RH.

Below is the patch backported to RHEL4. afaik X-UID headers aren't sent
as part of an email, they're added by the MDA. The workaround mentioned
in the initial problem description removes the X-UID and X-IMAPbase
entries from the mbox. In other words it fixes the problem after it has
already occurred. The patch below may prevent the invalid X-UID headers in
the first place, but we need to be able to reproduce the problem to confirm

diff -urp dovecot-0.99.13/src/lib-index/mbox/mbox-index.c
--- dovecot-0.99.13/src/lib-index/mbox/mbox-index.c     2003-11-09
01:43:17.000000000 +1000
+++ dovecot-0.99.14/src/lib-index/mbox/mbox-index.c     2005-01-19
09:55:49.000000000 +1000
@@ -359,6 +359,11 @@ void mbox_header_cb(struct message_part 
                                ctx->uid = ctx->uid * 10 +
+                       if (ctx->uid >= ctx->index->header->next_uid) {
+                               /* unexpectedly large UID field.
+                                  don't allow it. */
+                               ctx->uid = 0;
+                       }
                } else if (strcasecmp(hdr->name, "X-Status") == 0) {
                        /* update message flags */
                        ctx->flags |= mbox_get_status_flags(hdr->value,

This event sent from IssueTracker by mpoole  [Support Engineering Group]
 issue 146096

Comment 2 Issue Tracker 2008-05-30 16:27:54 UTC
I am going to escalate this to BZ with the patch mentioned so that
engineering might at least contemplate including it.

Note that this will be aligned with 4.8 which likely the last RHEL4
release.  Without a concrete reproducer there is every chance this will be

This event sent from IssueTracker by mpoole  [Support Engineering Group]
 issue 146096

Comment 3 Martin Poole 2008-05-30 16:30:28 UTC
Apparently triggered by header like

X-UID: 2632762697

Comment 4 Michal Hlavinka 2008-09-22 14:51:15 UTC
*** Bug 429100 has been marked as a duplicate of this bug. ***

Comment 5 RHEL Program Management 2008-10-31 16:50:01 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 10 Michal Hlavinka 2010-03-05 14:38:16 UTC
I'm sorry for not addressing the issue in RHEL-4. As dovecot
is not scheduled for update in RHEL-4.9, I'm closing that bugzilla WONTFIX. If
you are still experiencing the issue with RHEL-5, feel free to reopen it
against RHEL-5.