Version: 1.7 (using KDE KDE 3.3.0) Installed from: Gentoo Packages Compiler: gcc version 3.4.x OS: Linux I am currently developping a pop3-daemon and I decided to use KMail to test it. At some point during this development, my daemon accepted KMails logon and delivered a message list (LIST command), but with ordinary LF instead of CRLF as terminators. KMail complained that it could not process the LIST command. It was afterwards not full usuably: I could not intiate new pop3-connects and KMail crashed when I quit it. I think KMail makes assumptions about the format of the data returned by the server, which is bad. A malicious server could send malformed data to KMail and cause it at least to malfunction, if not to crash or to gain system access.
I have this problem too. I've been seen it on KDE 3.2.3, too. It happens from time to time when talking to an old Sendmail server. The only changing things are the different mail messages coming in.
This is a pop slave problem.
Created attachment 9113 [details] Archive with test emails The archive contains emails that crash KMail when retrieved from a vm-popd server v.1.1.6 .
Further investigated this. The crash happens randomly on spam emails, but also consistently on emails from one guy, on one mailing list, using MS Exchange Server (see attachment #9113 [details]). The crash happens whe talking to an old vm-popd server, v.1.1.6 . Having searched deeper, this seems the same problem as in bug reports #61226 and #48483 . More than two years, it's time to put this old issue to rest. ;-)
Reassigning the bugs of the SMTP, IMAP and POP ioslaves to kdepim-bugs.
Undo autoconfirm.
There is no code in popaccount.cpp which check for the line termination being \r\n. I had also a crash in kmail while testing POP with netcat -l ... when I returned after a LIST request only ^J^M (only whitespace). I fixed that crash (Revision 1008041) and I assume it's the same as this report, therefore closing.