Skip Menu |

This queue is for tickets about the Net-IMAP-Simple CPAN distribution.

Report information
The Basics
Id: 33925
Status: resolved
Priority: 0/
Queue: Net-IMAP-Simple

Owner: jettero [...]
Requestors: jik [...]

Bug Information
Severity: Critical
Broken in: 1.17
Fixed in: (no value)

Subject: Ignores response length and interprets body text as command result!
Download (untitled) / with headers
text/plain 843b
Net::IMAP::Simple ignores the octet length sent by the server at the beginning of a FETCH response, and merely looks for the expected status line at the end of the response to determine when all the data has been received. Somebody just sent me a spam message with a bunch of garbage hidden in it, including a whole ton of strings that look like IMAP server response lines, one of which just happened to match the response line that Net::IMAP::Simple was looking for, so it stopped downloading the message at that point and hence the stream between it and the server was corrupted. The stuff in the spam message was probably an intentional effort to break IMAP clients. The fact that Net::IMAP::Simple was indeed broken by it indicates that it is vulnerable to this denial-of-service attack, and there may be security implications as well.
Subject: Re: [ #33925] AutoReply: Ignores response length and interprets body text as command result!
Date: Sun, 09 Mar 2008 10:41:35 -0400
To: bug-Net-IMAP-Simple [...]
From: Jonathan Kamens <jik [...]>
Download (untitled) / with headers
text/plain 412b
Aha. I see upon further examination that Net::IMAP::Simple 1.17 attempts to deal with multiline responses but fails because it doesn't take into account the fact that lines from the server end with CRLF, not LF. It uses the end-of-line regexp operator ($) on such a line, but it fails because Perl considers the CR part of the line and hence the regexp does not match. Attached patch fixes this. jik
Download diff
text/plain 460b
--- 2006-10-11 12:23:45.000000000 -0400 +++ 2008-03-09 10:38:04.000000000 -0400 @@ -868,7 +868,7 @@ while ( $res = $sock->getline ) { $self->_debug(caller, __LINE__, '_process_cmd', $res) if $self->{debug}; - if ( $res =~ /^\*.*\{(\d+)\}$/ ) { + if ( $res =~ /^\*.*\{(\d+)\}\r\n/ ) { $args{process}->($res); $args{process}->($_) foreach $self->_read_multiline($sock, $1); } else {
Download (untitled) / with headers
text/plain 477b
I've spent the last week clearing all the tickets for net-imap-simple, which I just recently inherited. I saved this ticket for last because it sounded like fun (or at least a little challenging). Imagine how surprised I was to find that you had already solved it with a patch. Hehe. Applied. (There's a test to prove this works now.) -- If riding in an airplane is flying, then riding in a boat is swimming. 109 jumps, 44.4 minutes of freefall, 85.0 freefall miles.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to