Bug#353539: marked as done (metamail: [CVE-2006-0709] crashes with very long boundaries in messages)

To: Anibal Monsalve Salazar <anibal@debian.org>
Subject: Bug#353539: marked as done (metamail: [CVE-2006-0709] crashes with very long boundaries in messages)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 22 Feb 2006 15:33:29 -0800
Message-id: <[🔎] E1FC3U9-0000IQ-Ru@spohr.debian.org>
References: <E1FC3EN-0007tV-7L@spohr.debian.org> <[🔎] 20060219124012.GA9225@localhost.localdomain>

Your message dated Wed, 22 Feb 2006 15:17:11 -0800
with message-id <E1FC3EN-0007tV-7L@spohr.debian.org>
and subject line Bug#353539: fixed in metamail 2.7-51
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org
Subject: metamail: crashes with very long filenames in messages
From: Ulf Harnhammar <metaur@telia.com>
Date: Sun, 19 Feb 2006 13:40:12 +0100
Message-id: <[🔎] 20060219124012.GA9225@localhost.localdomain>
Reply-to: metaur@telia.com

Subject: metamail: crashes with very long filenames in messages
Package: metamail
Version: 2.7-50
Severity: normal
Tags: patch

Hello,

metamail crashes if a message has a part with a very long filename and the
user interacts to save it under that name, which is clearly visible on the
screen:


metaur@metaur:~/recently$ /usr/bin/metamail < metamail2.txt
From: <metaur@localhost>
To: <metaur@localhost>
Subject: metamail crash bug #2

This message contains raw digital data, which can either be viewed as text
or written to a file.

What do you want to do with the raw data?
1 -- See it as text
2 -- Write it to a file
3 -- Just skip it
4 -- Give another content type

2
Please enter the name of a file to which the data should be written
(Default: 
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU) 
>
Segmentation fault
metaur@metaur:~/recently$


I have attached a patch and a test message.

// Ulf Harnhammar

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages metamail depends on:
ii  libc6                         2.3.5-13   GNU C Library: Shared libraries an
ii  libncurses5                   5.5-1      Shared libraries for terminal hand

Versions of packages metamail recommends:
ii  mime-support                  3.35-1     MIME files 'mime.types' & 'mailcap
ii  sharutils                     1:4.2.1-15 shar, unshar, uuencode, uudecode

-- no debconf information

--- src/metamail/metamail.c.old	2006-02-19 13:18:51.000000000 +0100
+++ src/metamail/metamail.c	2006-02-19 13:20:35.000000000 +0100
@@ -385,6 +385,8 @@ int nestingdepth;
 	Fname[0] = 0;
 
         suggestedname = FindParam("name");
+        if (strlen(suggestedname) > NAME_MAX - 50)
+            suggestedname[NAME_MAX - 50] = '\0';
         if (!suggestedname) {
             MkTmpFileName(SugBuf);
             suggestedname = SugBuf;

From: <metaur@localhost>
To: <metaur@localhost>
Subject: metamail crash bug #2
MIME-Version: 1.0
Content-Type: application/octet-stream; name=UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Content-Transfer-Encoding: quoted-printable

hi!=00=00

--- End Message ---

--- Begin Message ---

To: 353539-close@bugs.debian.org
Subject: Bug#353539: fixed in metamail 2.7-51
From: Anibal Monsalve Salazar <anibal@debian.org>
Date: Wed, 22 Feb 2006 15:17:11 -0800
Message-id: <E1FC3EN-0007tV-7L@spohr.debian.org>

Source: metamail
Source-Version: 2.7-51

We believe that the bug you reported is fixed in the latest version of
metamail, which is due to be installed in the Debian FTP archive:

metamail_2.7-51.diff.gz
  to pool/main/m/metamail/metamail_2.7-51.diff.gz
metamail_2.7-51.dsc
  to pool/main/m/metamail/metamail_2.7-51.dsc
metamail_2.7-51_i386.deb
  to pool/main/m/metamail/metamail_2.7-51_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 353539@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated metamail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 23 Feb 2006 09:17:36 +1100
Source: metamail
Binary: metamail
Architecture: source i386
Version: 2.7-51
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 metamail   - implementation of MIME
Closes: 352482 353539
Changes: 
 metamail (2.7-51) unstable; urgency=high
 .
   * QA upload.
   * Fixed "[CVE-2006-0709] crashes with very long boundaries in
     messages", closes: #352482, #353539. Patch thanks to
     Ulf Harnhammar <metaur@telia.com>.
Files: 
 48cdeddf6218467b783109a06159a9f8 597 mail optional metamail_2.7-51.dsc
 8152ee3780223118a18e4d0969a6ddad 321763 mail optional metamail_2.7-51.diff.gz
 477ec68982615ed2b72178ab4948c102 150530 mail optional metamail_2.7-51_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD/O1OipBneRiAKDwRAr3VAJ9d9vy4JYZ0B0EzP+mhkvOFq7gv/QCcDha+
tQh7uTB40WCJS6z+EqqIdUo=
=YHUq
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#353539: metamail: crashes with very long filenames in messages
  - From: Ulf Harnhammar <metaur@telia.com>

Prev by Date: Bug#353539: marked as done (metamail: [CVE-2006-0709] crashes with very long boundaries in messages)
Next by Date: Bug#352482: marked as done (metamail: [CVE-2006-0709] crashes with very long boundaries in messages)
Previous by thread: Bug#353539: marked as done (metamail: [CVE-2006-0709] crashes with very long boundaries in messages)
Next by thread: Processing of psh_1.8-6_i386.changes
Index(es):
- Date
- Thread