6.0.0-beta1
9/1/25

[#12282] Handling IMAP server errors can lead to DoS
Summary Handling IMAP server errors can lead to DoS
Queue IMP
Queue Version 6.0.4
Type Bug
State Duplicate
Priority 1. Low
Owners
Requester bra (at) fsn (dot) hu
Created 05/29/2013 (4478 days ago)
Due
Updated 05/29/2013 (4478 days ago)
Assigned
Resolved 05/29/2013 (4478 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
05/29/2013 04:03:46 PM Michael Rubinsky Comment #3
State ⇒ Duplicate
Reply to this comment
05/29/2013 03:47:08 PM bra (at) fsn (dot) hu Comment #2 Reply to this comment
I'm sorry, the title should be "NOT handling IMAP server errors can 
lead to DoS".
05/29/2013 03:46:14 PM bra (at) fsn (dot) hu Comment #1
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ Handling IMAP server errors can lead to DoS
Type ⇒ Bug
State ⇒ Unconfirmed
Reply to this comment
I've selected IMP as the category, because that's where it occurs, and 
I'm not sure where it should be fixed.
The problem happens when I do some IMAP operations and the server 
gives back an error, like here:
* 11 FETCH (UID 19 FLAGS (\Seen) RFC822.SIZE 2418 ENVELOPE ("Fri, 28 
Nov 2008 19:20:40 +0100" {102}
A Magyar =?iso-8859-1?Q?Di=E1ksport_Sz=F6v?= 
=?iso-8859-1?Q?ets=E9g_H=EDrei_2008=2E_november_28-=E1n?= 
(("Diaksporthir" NIL "diaksporthir" "mdsz.hu")) (("Diaksporthir" NIL 
"diaksporthir" "mdsz.hu")) ((NIL NIL "diaksporthir" "mdsz.hu")) ((NIL 
NIL "bra" "fsn.hu")) NIL NIL NIL "<20081128182040.GA20477@mdsz.hu>") 
BODY[HEADER.FIELDS (IMPORTANCE LIST-POST X-PRIORITY)] {2}

)
* 12 FETCH (UID 20 FLAGS (\Seen Junk))
* BYE Internal error occurred. Refer to server log for more 
information. [2013-05-29 17:30:25]

After this, the PHP process goes berserk by logging these lines (I use 
syslog, so syslog also gets some heavy times):
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: fgets() expects 
parameter 1 to be resource, null given [pid 1474 on line 4203 of 
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: feof() expects parameter 
1 to be resource, null given [pid 1474 on line 4190 of 
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: fgets() expects 
parameter 1 to be resource, null given [pid 1474 on line 4203 of 
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]

This goes in an infinite loop (until max execution time is reached), 
logging into syslog as fast as it can. Repeating this some more times 
on the web UI makes the whole system unusable, even denying logging in 
via sshd (syslogd is so overwhelmed that it blocks it).

I think it would be nice to prepare for IMAP errors other than logging 
more than 2000 lines per second, effectively causing a DoS to the 
system. :)

Saved Queries