#1732 cant display messages with some special attachment filename

open
nobody
5
2005-03-29
2005-03-29
Mikey
No

Hello,

Problem description:

I've recently got some mails that yielded when opening
after some time the following error:
Fatal error: Maximum execution time of 30 seconds
exceeded in /srv/www/htdocs/squirrelmail/class/mime/
Message.class.php on line 355

Used software:

Squirrelmail 1.4.4 (and earlier versions)
Bincimap 1.2.12
PHP 4.3.1
Apache 1.3.27

Problem reproduction:

I tracked the reason down to be related to some
sequence of characters within the filename of the
attachment. The interessting part of the initial mail was
the following..

Content-Type: text/x-vcard; charset="us-ascii";
name="*username*\##\ showdef = 1.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="*username*\##\
showdef = 1.vcf"

I managed to reproduce the same problem when sending
me a mail that contained "*\" within the filename.. heres
the mail i used to reproduce the problem..

-[snip]-----------------------------------------------------------------------
Subject: test vcard
Content-Type: multipart/mixed;
boundary="------------070903000903060107080308"

This is a multi-part message in MIME format.
--------------070903000903060107080308
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

test

--------------070903000903060107080308
Content-Type: text/x-vcard; charset=utf-8;
name="*\key.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="*\key.vcf"

begin:vcard
fn:dsd
n:;dsd
x-mozilla-html:FALSE
version:2.1
end:vcard

--------------070903000903060107080308--
-[snap]-----------------------------------------------------------------------

Analysis:

A log of the imap conversation shows the following..

5976 > * OK Welcome to Binc IMAP Copyright (C)
2002-2005 Andreas Aardal Hanssen at 2005-03-29 00:53:
56 CEST
5976 < A001 LOGIN "user@somehost" "password"
15978 0 [user@somehost@127.0.0.1:]
<user@somehost> authenticated
5976 > A001 OK LOGIN completed
5976 < A002 SELECT "INBOX"
5976 > * 36 EXISTS
5976 > * 0 RECENT
5976 > * OK [UIDVALIDITY 1111417789]
5976 > * OK [UIDNEXT 42] 42 is the next UID
5976 > * FLAGS (\Answered \Flagged \Deleted \Recent
\Seen \Draft)
5976 > * OK [PERMANENTFLAGS (\Answered \Flagged
\Deleted \Seen \Draft)] Limited
15976 > A002 OK [READ-WRITE] SELECT +
5976 > completed
5976 < A003 EXPUNGE
5976 > A003 OK EXPUNGE completed
5976 < A004 UID FETCH 41 (FLAGS
BODYSTRUCTURE)
15976 > * 36 FETCH (FLAGS (\Seen)
BODYSTRUCTURE (("text" "plain" ("charset" "ISO-8859-
1") NIL NIL "7bit" 8 3 NIL NIL NIL NIL)("tex " "x-vcard"
("charset" "utf-8" "name" {9}
5976 > *\key.vcf) NIL NIL "7bit" 77 8 NIL ("attachment"
("filename" {9}
15976 > *\key.vcf)) NIL NIL) "mi+
5976 > xed" ("boundary" "------------
070903000903060107080308") NIL NIL) UID 41)
5976 > A004 OK FETCH completed
15976 < [EOF]
15978 1 [user@somehost@127.0.0.1:INBOX] shutting
down (client disconnected) - bodies:0 statements:3
15976 2 [unknown@127.0.0.1:] shutting down - read:200
bytes, wrote:1581 bytes.
15976 > [EOF]

The difference between a normal filename and one with
the *\ combination seems to be that the filename comes
as a literal from the imap.

The php goes into an endless loop in class/mime/
Message.class.php line 355, thats the parseProperties
function, so i've added some lines to give me its
parameters when its in the loop.. the output was the
following..

$i= 176
$read= (("text" "plain" ("charset" "ISO-8859-1") NIL NIL
"7bit" 8 3 NIL NIL NIL NIL)("text" "x-vcard" ("charset" "utf-
8" "name" {9} *\key.vcf ) NIL NIL "7bit" 77 8 NIL
("attachment" ("filename" {9

It seems that the line in $read is cutted off by a good part
and so the php runs in an endless loop there waiting for a
')'. It seems to me that for some reason squirrelmail did
not receive (or read) the complete FETCH answer.
Since other imap clients seem to understand this FETCH
answer and display the message without problems my
guess is that there is maybe a bug within functions/
imap_general.php.

Discussion

  • Logged In: YES
    user_id=285765

    Hello,
    We've just released a new stable version 1.4.7 and a lot of
    bugs have been fixed since 1.4.4. It would really help us if
    you could test if it's still present, please let us know.
    Thanks!