Denial of Service bug in Pine 4.44

["Martin J. Muench" <mjm () codito de>]

Hi,

while using pine I found a small bug which causes pine to crash.

When opening a MIME encoded mail with a blank boundary, pine
will crash.

The header looks like this:

...
Content-Type: multipart/mixed; boundary=""
Mime-Version: 1.0
...

This is no dangerous bug and you can simply delete the received
messages within pine.


Patch.

This is the explanation of the maintainers:
<quote>
As for a patch that fixes this problem, such a fix already exists.  The
bug exists in the underlying c-client code, an update of which can be
obtained at ftp://ftp.cac.washington.edu/imap/imap-2002.RC2.tar.Z. The
contents of this file can be put in place of the "imap" directory in the
pine distribution, after which building pine will make use of the new
c-client code (consequently, you will need to change
SET_DISABLEAUTOMATICSHAREDNAMESPACES to SET_DISABLEAUTOSHAREDNS in
pine/pine.c).
</quote>



Martin J. Muench

www.codito.de