Date: Tue, 5 Sep 2000 16:31:48 +1000 (EST) From: Troy Bell <troy@asiaonline.net> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/21055: popper3 dumps core Message-ID: <200009050631.e856VmZ07941@scoliosis.toadshow.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 21055
>Category: ports
>Synopsis: popper3 dumps core
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 04 23:30:02 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Troy Bell
>Release: FreeBSD 4.1-STABLE i386
>Organization:
Asia Online Brisbane
>Environment:
qpopper version 3.0.2
>Description:
This server handles mail for a MAC network.
All MAC email clients, such as netscape mail, eudora, etc. work fine
with qpopper, but when using Microsoft Outlook Express for the MAC
to check mail from the server, it "doesn't work".
Qpopper dumps core, and terminates the current session (if any) with
the user:
Sep 5 15:51:59 scoliosis /kernel: pid 3573 (popper3), uid 0:
exited on signal 11 (core dumped)
Sep 5 15:56:12 scoliosis /kernel: pid 3586 (popper3), uid 0:
exited on signal 11 (core dumped)
GDB backtrace:
Core was generated by `popper3'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libmd.so.2...done.
Reading symbols from /usr/lib/libutil.so.3...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0 0x80565b8 in Qvsnprintf (s=0xbfbfe5eb "", n=1016,
format=0x8058700 " not available (user %s): %s (%s)",
ap=0xbfbfe9b4 "ðö¿¿äÂ\005\bðö¿¿sf\005\b\001") at snprintf.c:230
230 if ( width != -1 && width > strlen(sval) ) {
(gdb) bt
#0 0x80565b8 in Qvsnprintf (s=0xbfbfe5eb "", n=1016,
format=0x8058700 " not available (user %s): %s (%s)",
ap=0xbfbfe9b4 "ðö¿¿äÂ\005\bðö¿¿sf\005\b\001") at snprintf.c:230
#1 0x804c4ba in pop_msg (p=0xbfbff6f0, stat=POP_FAILURE, fn=0x0, ln=0,
format=0x8058700 " not available (user %s): %s (%s)") at pop_msg.c:102
#2 0x8050844 in pop_apop (p=0xbfbff6f0) at pop_apop.c:182
#3 0x804ed9d in main (argc=1, argv=0xbfbffcf0) at popper.c:225
#4 0x8049a75 in _start ()
--
This happens every time the user checks mail (was noticable when the
user had her mail client set to check email every 5 minutes).
These MACs are connecting to this mailserver via a linux box
that does masquerading (so it's not a "direct" connection as such).
The linux box is running kernel 2.2.16.
>How-To-Repeat:
POP your mail using MS Outlook Express for MAC.
>Fix:
No known workaround from our end.
Hoping you can provide one, as UID 0 and snprintf() doesn't sound
nice together :) (let's hope it's not exploitable, if it is indeed
a problem).
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009050631.e856VmZ07941>