Bug 54383 - kmail hangs with unviewable attachments
Summary: kmail hangs with unviewable attachments
Status: RESOLVED FIXED
Alias: None
Product: kmail
Classification: Applications
Component: general (show other bugs)
Version: 1.5
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-02-10 06:37 UTC by Corrin Lakeland
Modified: 2007-09-14 12:17 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Corrin Lakeland 2003-02-10 06:37:14 UTC 
Version:           1.5 (using KDE 3.1.0 (RC5))
Installed from:     (sid)
Compiler:          gcc version 2.95.4 20011002 (Debian prerelease)
OS:          Linux (i686) release 2.4.20

I have a lot of postscript files that take a long time to render (perhaps half an hour), however it would be equally easy for a malicious person to create a postscript file that takes forever to render.  This is not a problem with large attachments -- the attachments are only a couple hundred kilobytes, and could possibly be made as small as one kilobyte.I can attach and send these files fine, but whenever I receive one, or browse my sent mail, kmail will appear to freeze.  Checking the process list will show gs taking all of the CPU.  This means kmail is unuseable for about half an hour or,with a malicious email, forever. If I kill gs, then kmail will start to take 100% of the CPU and eventually bring down the whole of KDE (unless killed first).Non blocking subtasks has been a wishlist item for a long time.  My concern here is that killing the subtask seems to take down kmail which is different to (e.g.) killing gpg when kmail calls it.
Comment 1 Corrin Lakeland 2003-02-18 05:51:50 UTC 
Subject: Re:  kmail hangs with unviewable attachments

Hi Stephan,

On Sat, 15 Feb 2003 12:19, you wrote:
> ------- You are receiving this mail because: -------
> http://bugs.kde.org/show_bug.cgi?id=54383
> binner@kde.org changed:
>
>            What    |Removed                     |Added
> ---------------------------------------------------------------------------
>- Severity|crash                       |normal

I disagree.  Say I receive postscript file which causes gv to take forever.  I 
can't ignore gv and continue browsing email -- kmail will be frozen until gv 
quits.  And if I kill gv, then (at least when I tried it) kmail does not 
handle gv terminating and also quitting. So there is no way to avoid a freeze 
or a crash (that I've found -- perhaps the correct kill signal?).

If kmail is modified to cope with gv terminating then I would agree that 
changing crash to bug was appropriate.

Corrin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+UbFpi5A0ZsG8x8cRAgb4AJ9GaJJq5iS2eYoJfzYkUbyMOxrMTgCdF9cD
97oulsRrrKniCSffiCfilWg=
=JPKw
-----END PGP SIGNATURE-----
Comment 2 Ingo Kl 2003-02-20 01:37:45 UTC 
Subject: KDE_3_1_BRANCH: kdenetwork/kmail

CVS commit by kloecker: 

Don't display PostScript attachments inline. This prevents a possible DoS attack (cf. Bug 54383).

CCMAIL: 54383-fixed@bugs.kde.org


  M +4 -1      kmreaderwin.cpp   1.581.2.11


--- kdenetwork/kmail/kmreaderwin.cpp  #1.581.2.10:1.581.2.11
@@ -1058,5 +1058,8 @@ kdDebug(5006) << "* application *" << en
           case DwMime::kSubtypePostscript: {
 kdDebug(5006) << "postscript" << endl;
-              isImage = true;
+              // showing PostScript inline can be used for a DoS attack;
+              // therefore it's disabled until KMail is fixed to not hang
+              // while a PostScript attachment is rendered; IK 2003-02-20
+              //isImage = true;
             }
             break;