Package: perdition Version: 1.17.1-2 Severity: normal
Perdition exits with a signal 11 (segmentation fault) when ssl_mode is not set and it recieves a starttls command on an imap connection. The problem may exist for pop too, but I've not tested that. It can be reporoduced easily by unsetting ssl_mode, then telnet to the imap port and typing 'a001 starttls'. The segfault occurs in username_mangle -> username_strip -> strrchr because the username-parameter is null. The reason is likely in the somewhat obfuscated main loop of perdition, particularly in lines 628 to 652. The starttls command means that the status variable is 2, but when ssl_mode is not set the if-condition is false and the username_mangle function in line 652 is called next, which is probably not what is intended in this situation. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages perdition depends on: ii libc6 2.7-13 GNU C Library: Shared libraries ii libdb4.6 4.6.21-8 Berkeley v4.6 Database Libraries [ ii libgdbm3 1.8.3-3 GNU dbm database routines (runtime ii libpam0g 1.0.1-4 Pluggable Authentication Modules l ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libssl0.9.8 0.9.8g-13 SSL shared libraries ii libvanessa-adt0 0.0.7-2 Library of Abstract Data Types ii libvanessa-logger0 0.0.7-2 Generic Logging Library ii libvanessa-socket0 0.0.7-2 Library to simplify TCP socket ope perdition recommends no packages. Versions of packages perdition suggests: pn perdition-ldap <none> (no description available) pn perdition-mysql <none> (no description available) pn perdition-odbc <none> (no description available) pn perdition-postgresql <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
