Mail Notification

Buffer overflow while doing GSSAPI authentication

Bug #602623 reported by Mantas Mikulėnas on 2010-07-07

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Mail Notification	New	Undecided	Unassigned

Bug Description

I have configured my IMAP server for GSSAPI (Kerberos) authentication, and I'm trying to use mail-notification with it, but I get this error message (copied from mail-notification -i):

** INFO: <email address hidden> reported an error: unable to encode Base64: overflowed buffer

Full log attached.

Revision history for this message

Mantas Mikulėnas (grawity) wrote on 2010-07-07:

Full output of $(mail-notification -i) Edit (2.5 KiB, text/plain)

Revision history for this message

Mantas Mikulėnas (grawity) wrote on 2010-07-07:

A hack to fix the buffer overflow Edit (496 bytes, text/plain)

After careful inspection, it seems that the problem occurs in src/mn-client-session.c, when write_base64() is passed a zero-length input buffer. Being new at C, I'm quite sure my quick "fix" may create other problems - but attaching it anyway.

Revision history for this message

Frédéric Crozat (fcrozat) wrote on 2010-08-27:

better patch (from Fedora) Edit (1.3 KiB, text/plain)

Revision history for this message

Aaron Kaplan (5-launchpad5425-aaronkaplan-info) wrote on 2010-11-18:

This bug is absent when using cyrus-sasl 2.1.22, and present when using cyrus-sasl 2.1.23. It seems likely to be related to this security fix: http://www.kb.cert.org/vuls/id/238019

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Bug attachments

Full output of $(mail-notification -i) Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.