#2711 Squirrelmail timeouts on email with bad headers

Produces PHP errors
closed-fixed
nobody
Folders (317)
5
2010-06-21
2010-04-14
Anonymous
No

If a user receives an email with bad headers syntax (typically a UTF8 character directly in Subject, From or To header without MIME encoded-word syntax (RFC 2047)), SquirrelMail 1.4.20 is unable to display the list of emails in the folder and it usually timeouts with php error "execution time exceeded 30s". I know these emails are against RFC standards, but these simply arrive sometimes, and it shouldn't block the user's entire mailbox. Squirrelmail 1.4.20-RC2 handles these improperly formatted email correctly, with no timeouts or slow-downs.

A typical email that causes this problem is attached.

Discussion

<< < 1 .. 4 5 6 (Page 6 of 6)
  • This fix is being added to SVN in a few minutes from now. Thanks for all your help. By the way, any idea why you, as "sender"/"submitter" of this tracker (and someone else who contributed here too) are showing up as "https://www.google.com/accounts"? Do you have a SourceForge account? Are you logging into it and posting here? Maybe it's due to using an OpenID to log in?

     
    • status: open-works-for-me --> closed-fixed
     
  • Oh, for clarification, the OP and I discussed this further in private and have resolved the tertiary issues that came up in the latter part of this tracker.

     
  • radocea bogdan
    radocea bogdan
    2010-09-06

    Hello.
    I had the exact same problem with localization.
    I commented the lines 191, 192 and 193 in functions/strings.php (/usr/share/squirrelmail/functions/strings.php on a debian/ubuntu system)

    Here is the original text:
    while (($entity_pos = sq_strpos($string, '&', $entity_pos + 1)) !== FALSE
    && ($entity_end_pos = sq_strpos($string, ';', $entity_pos)) !== FALSE
    && $entity_pos <= $adjusted_max_chars)

    Here is the MODIFIED text (this is the correct code):
    while (isset($entity_end_pos)
    && $entity_end_pos < $actual_strlen
    && ($entity_pos = sq_strpos($string, '&', $entity_end_pos + 1))!== FALSE
    && ($entity_end_pos = sq_strpos($string, ';', $entity_pos)) !==FALSE
    && $entity_pos <= $adjusted_max_chars)
    Now my squirrelmail interface is working normally even with wrong email headers.

     
  • radocea bogdan
    radocea bogdan
    2010-09-06

    oh, and also take a look at this thread to install the localized language you need.

     
  • This tracker is for SquirrelMail, not for third party re-packaging of SquirrelMail, nor should you be reporting on anything but the newest version of SquirrelMail if you are looking at trackers like this that have been closed.

    This issue has already been fixed, but you are using a version of SquirrelMail that is not up to date. Please don't pollute this tracker with uninformed "fixes" when you haven't even tried the fixes that are readily available here and on our downloads page.

     
<< < 1 .. 4 5 6 (Page 6 of 6)