Bug 123605

Summary: IMAP search syntax error, segfault.
Product: [Unmaintained] kmail Reporter: David Woodhouse <dwmw2>
Component: IMAPAssignee: kdepim bugs <pim-bugs-null>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version First Reported In: 1.9.1   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description David Woodhouse 2006-03-14 11:48:52 UTC 
Version:           1.9.1 (using KDE KDE 3.5.1)
Installed from:    Fedora RPMs
OS:                Linux

In an attempt to research bug #123228, I attempted to search for messages which contain 'multipart/signed'.
The IMAP command issued was as follows:

"303584 UID SEARCH TEXT \"multipart\r\n"

The response, predictably, was:

"303584 BAD Error in IMAP command UID: Missing \'\"\'\r\n"

kmail brought up a dialog box reporting the error from the IMAP server, and repeated the error dialog every time I clicked on a new mail after that. I tried to cancel the search by entering more text into the quick-search box and then hitting the 'reset quick search' button, but the error dialogs persisted. So I tried another 'slow' search -- just for 'asd' in the subject. This did stop the error dialogs, because it made kmail segfault and die.

The IMAP server is dovecot, not that it really matters.
Comment 1 Carsten Burghardt 2006-04-05 22:32:38 UTC 
SVN commit 526877 by burghard:

Only remove the / when it is not quoted - fixes wrong searches.
BUGS:123605


 M  +8 -3      imapparser.cc  


--- branches/KDE/3.5/kdepim/kioslaves/imap4/imapparser.cc #526876:526877
@@ -1745,10 +1745,15 @@
   {
     QString temp = (*it);
 
-    // if we have a '/' separator we'll just nuke it
     int pt = temp.find ('/');
-    if (pt > 0)
-      temp.truncate(pt);
+    if (pt > 0) 
+    {
+      if (temp.findRev ('"', pt) == -1 || temp.find('"', pt) == -1)
+      {
+        // if we have non-quoted '/' separator we'll just nuke it
+        temp.truncate(pt);
+      }
+    }
     if (temp.find ("section=", 0, false) == 0)
       _section = temp.right (temp.length () - 8);
     else if (temp.find ("type=", 0, false) == 0)