Bug 89789

Summary: crash when closing kmail after unsuccessful pop3 list because of malformed server data
Product: [Frameworks and Libraries] kio Reporter: Ruwen Böhm <kwench79>
Component: pop3Assignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: kollix
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Attachments: Archive with test emails

Description Ruwen Böhm 2004-09-19 00:15:43 UTC 
Version:           1.7 (using KDE KDE 3.3.0)
Installed from:    Gentoo Packages
Compiler:          gcc version 3.4.x 
OS:                Linux

I am currently developping a pop3-daemon and I decided to use KMail to test it. At some point during this development, my daemon accepted KMails logon and delivered a message list (LIST command), but with ordinary LF instead of CRLF as terminators. KMail complained that it could not process the LIST command. It was afterwards not full usuably: I could not intiate new pop3-connects and KMail crashed when I quit it.

I think KMail makes assumptions about the format of the data returned by the server, which is bad. A malicious server could send malformed data to KMail and cause it at least to malfunction, if not to crash or to gain system access.
Comment 1 Nicola Larosa 2004-09-22 13:45:35 UTC 
I have this problem too. I've been seen it on KDE 3.2.3, too. It happens from time to time when talking to an old Sendmail server. The only changing things are the different mail messages coming in.
Comment 2 Till Adam 2005-01-01 20:43:57 UTC 
This is a pop slave problem.
Comment 3 Nicola Larosa 2005-01-16 09:46:42 UTC 
Created attachment 9113 [details]
Archive with test emails

The archive contains emails that crash KMail when retrieved from a vm-popd
server v.1.1.6 .
Comment 4 Nicola Larosa 2005-01-16 09:52:02 UTC 
Further investigated this. The crash happens randomly on spam emails, but also consistently on emails from one guy, on one mailing list, using MS Exchange Server (see attachment #9113 [details]). The crash happens whe talking to an old vm-popd server, v.1.1.6 .

Having searched deeper, this seems the same problem as in bug reports #61226 and #48483 . More than two years, it's time to put this old issue to rest. ;-)
Comment 5 Thomas McGuire 2007-12-12 23:38:50 UTC 
Reassigning the bugs of the SMTP, IMAP and POP ioslaves to kdepim-bugs.
Comment 6 Thomas McGuire 2007-12-12 23:43:13 UTC 
Undo autoconfirm.
Comment 7 Martin Koller 2009-08-06 20:57:23 UTC 
There is no code in popaccount.cpp which check for the line termination being \r\n.
I had also a crash in kmail while testing POP with netcat -l ...
when I returned after a LIST request only ^J^M (only whitespace).
I fixed that crash (Revision 1008041) and I assume it's the same as this report, therefore closing.