Summary: | Potential security issue with libetpan code in mailmbox plugin | ||
---|---|---|---|
Product: | Claws Mail (GTK 2) | Reporter: | Perry E. Metzger <perry> |
Component: | Plugins/mailMBOX | Assignee: | users |
Status: | RESOLVED FIXED | ||
Severity: | critical | ||
Priority: | P3 | ||
Version: | other | ||
Hardware: | All | ||
OS: | All |
Description
Perry E. Metzger
2017-05-07 19:27:14 UTC
At first, I wanted to close this, since we do not use the parts of libetpan where the fuzzed segfaults happen (mailimf). Then I noticed that our mailmbox plugin uses a very old copy of libetpan's mailimf code, which probably is a bad itea all by itself. We should probably do one of these: 1. update the src/plugins/mailmbox/mailimf* files from current libetpan (copying also any eventual fixes to the reported issues 2. get rid of the local copy of mailimf code, link the plugin against libetpan and use mailimf functions provided by it directly There is now a patch associated with libetpan issue 274 by the way. It might be easy enough to apply to the legacy code for now. Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ ++ ChangeLog 2017-05-08 01:14:02.523175950 +0200 http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=1b2aaf6c8aa1fabd8737c21c63ebfccaa39feaad Merge: 2775715 0c02106 Author: Colin Leroy <colin@colino.net> Date: Mon May 8 01:14:02 2017 +0200 Merge branch 'master' of file:///home/git/claws http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=0c021062d1ba763d57f37777cfe2e2119d3264ef Author: Andrej Kacian <ticho@claws-mail.org> Date: Mon May 8 01:09:53 2017 +0200 Fix crash in mailimf_group_parse() in mailmbox plugin. Fix based on upstream fix: https://github.com/dinhviethoa/libetpan/commit/1fe8fb Fixes our bug #3821: Potential security issue with libetpan code in mailmbox plugin Hoa has provided an even better fix, which I copied into our copy of mailimf.c. Thanks for the report! And thank you for the prompt fix! Does this merit a point release? (In reply to comment #5) > Does this merit a point release? No, it doesn't. After further checks, we're only using two minor functions from the mailimf code, and their call graphs do not touch code affected by that fix. Good to hear. On the wider issue, as you noted, it would still be good to update the plugin not to use a local copy of libetpan. |