Bug 751124

Summary: Crash when opening IMAP folder
Product: [Fedora] Fedora Reporter: Honza Horak <hhorak>
Component: muttAssignee: Honza Horak <hhorak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: hhorak, mcepl, mcepl, mlichvar, pertusus
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mutt-1.5.21-26.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 750929 Environment:
Last Closed: 2013-11-10 07:45:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 750929    
Bug Blocks: 1021464    

Description Honza Horak 2011-11-03 15:31:24 UTC
+++ This bug was initially created as a clone of Bug #750929 +++

Description of problem:
I have set

set folder=imaps://matej.cz/INBOX

and when starting mutt, I get this crash:

Program received signal SIGSEGV, Segmentation fault.
__strstr_sse2 (haystack_start=0x1 <Address 0x1 out of bounds>, 
    needle_start=0x4a8248 "-----BEGIN") at ../string/strstr.c:63
63	  while (*haystack && *needle)
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 keyutils-libs-1.4-3.el6.x86_64 libgcrypt-1.4.5-9.el6.x86_64 libgpg-error-1.7-4.el6.x86_64 libtasn1-2.3-3.el6.x86_64 nss-softokn-freebl-3.12.9-10.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb) thread apply all backtrace

Thread 1 (Thread 0x7ffff7fd67c0 (LWP 24792)):
#0  __strstr_sse2 (haystack_start=0x1 <Address 0x1 out of bounds>, 
    needle_start=0x4a8248 "-----BEGIN") at ../string/strstr.c:63
#1  0x000000000048798b in tls_compare_certificates (certdata=0xb9b8f0, certstat=0, 
    hostname=<value optimized out>, chainidx=0, certerr=0x7fffffffca18, savedcert=0x7fffffffca14)
    at mutt_ssl_gnutls.c:438
#2  tls_check_preauth (certdata=0xb9b8f0, certstat=0, hostname=<value optimized out>, 
    chainidx=0, certerr=0x7fffffffca18, savedcert=0x7fffffffca14) at mutt_ssl_gnutls.c:590
#3  0x0000000000489131 in tls_check_certificate (conn=0xb7d950) at mutt_ssl_gnutls.c:1005
#4  tls_negotiate (conn=0xb7d950) at mutt_ssl_gnutls.c:346
#5  0x000000000048950c in tls_socket_open (conn=0xb7d950) at mutt_ssl_gnutls.c:162
#6  0x0000000000490a27 in imap_open_connection (idata=0xb7def0) at imap.c:407
#7  0x0000000000490d68 in imap_conn_find (account=0x7fffffffd860, flags=<value optimized out>)
    at imap.c:371
#8  0x00000000004924af in imap_open_mailbox (ctx=0xb7c650) at imap.c:574
#9  0x0000000000443be5 in mx_open_mailbox (path=<value optimized out>, flags=0, pctx=0x0)
    at mx.c:661
#10 0x0000000000439aa6 in main (argc=1, argv=<value optimized out>) at main.c:1017
(gdb) 

Version-Release number of selected component (if applicable):
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64

How reproducible:
100% (three out of three attempts, also with attempt to access POP3 account)

Steps to Reproduce:
1.try to access IMAP or POP3 account
2.
3.
  
Actual results:
crash

Expected results:
opened mailbox

Additional info:

--- Additional comment from hhorak on 2011-11-03 11:29:31 EDT ---

Created attachment 531585 [details]
proposed patch to parse certificates file securely

I've managed to reproduce the failure, using a little bit damaged certificate file (added a zero byte to the beginning). mutt seems not to be robust enough when working with certificates file.

Comment 1 Honza Horak 2012-03-27 08:48:05 UTC
This bug has been fixed in Rawhide some time ago.

Comment 2 Honza Horak 2013-10-21 11:11:59 UTC
The fix for this bug has had a typo. Anyway, upstream used a similar patch, just replaced memmem with strstr, so let's fix this bug with upstream's solution.

Comment 3 Fedora Update System 2013-10-21 11:50:53 UTC
mutt-1.5.21-26.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/mutt-1.5.21-26.fc20

Comment 4 Fedora Update System 2013-10-21 18:30:24 UTC
Package mutt-1.5.21-26.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mutt-1.5.21-26.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19633/mutt-1.5.21-26.fc20
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2013-11-10 07:45:05 UTC
mutt-1.5.21-26.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.