Hide Forgot
Description of problem: Dovecot crashing on malformed email messages. Version-Release number of selected component (if applicable): dovecot-0.99.11-10.EL4 How reproducible: http://www.somerandomstuff.com/2011/09/30/dovecot-crash/ Taken from that page (this is not my work): The problem is a malformed multi-part (rfc1341) message. These messages usually look something like this. In the headers, you'll see: Content-type: multipart/mixed; boundary="M7qxj4rHbpfU" The body, oversimplified, will look something like this: Some text. --M7qxj4rHbpfU Content-type: foo foo foo foo foo foo foo foo foo foo --M7qxj4rHbpfU Content-type: text/plain; charset=us-ascii bar bar bar bar bar bar bar bar bar --M7qxj4rHbpfU-- This last line, the closing encapsulation boundary, indicates that there are no further parts: --M7qxj4rHbpfU-- In cases where this crash happens, this line is missing. I suspect what's happening is that dovecot continue reading the next mail's headers as if it's part of the last part, until it reaches the new (unexpected) Content-type header. Steps to Reproduce: 1. wait for malformed message to arrive 2. swear like longshoreman 3. examine /var/log/maillog Actual results: Nov 9 12:55:40 mukluk pop3(stbjohn): file lib.c: line 37 (nearest_power): assertion failed: (num <= ( (size_t)1 << (BITS_IN_SIZE_T-1))) Nov 9 12:55:40 mukluk dovecot: child 8337 (pop3) killed with signal 6 Expected results: Additional info: rpm -i --force dovecot-0.99.11-9.EL4.i386.rpm fixed the problem, so there is definitely an issue in dovecot-0.99.11-10.EL4
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.