Summary | Handling IMAP server errors can lead to DoS |
Queue | IMP |
Queue Version | 6.0.4 |
Type | Bug |
State | Duplicate |
Priority | 1. Low |
Owners | |
Requester | bra (at) fsn (dot) hu |
Created | 05/29/2013 (4478 days ago) |
Due | |
Updated | 05/29/2013 (4478 days ago) |
Assigned | |
Resolved | 05/29/2013 (4478 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
State ⇒ Duplicate
Bug: 12265lead to DoS".
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ Handling IMAP server errors can lead to DoS
Type ⇒ Bug
State ⇒ Unconfirmed
I'm not sure where it should be fixed.
The problem happens when I do some IMAP operations and the server
gives back an error, like here:
* 11 FETCH (UID 19 FLAGS (\Seen) RFC822.SIZE 2418 ENVELOPE ("Fri, 28
Nov 2008 19:20:40 +0100" {102}
A Magyar =?iso-8859-1?Q?Di=E1ksport_Sz=F6v?=
=?iso-8859-1?Q?ets=E9g_H=EDrei_2008=2E_november_28-=E1n?=
(("Diaksporthir" NIL "diaksporthir" "mdsz.hu")) (("Diaksporthir" NIL
"diaksporthir" "mdsz.hu")) ((NIL NIL "diaksporthir" "mdsz.hu")) ((NIL
NIL "bra" "fsn.hu")) NIL NIL NIL "<20081128182040.GA20477@mdsz.hu>")
BODY[HEADER.FIELDS (IMPORTANCE LIST-POST X-PRIORITY)] {2}
)
* 12 FETCH (UID 20 FLAGS (\Seen Junk))
* BYE Internal error occurred. Refer to server log for more
information. [2013-05-29 17:30:25]
After this, the PHP process goes berserk by logging these lines (I use
syslog, so syslog also gets some heavy times):
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: fgets() expects
parameter 1 to be resource, null given [pid 1474 on line 4203 of
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: feof() expects parameter
1 to be resource, null given [pid 1474 on line 4190 of
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
May 29 17:31:47 wm01a HORDE: [imp] PHP ERROR: fgets() expects
parameter 1 to be resource, null given [pid 1474 on line 4203 of
"/usr/local/share/pear/Horde/Imap/Client/Socket.php"]
This goes in an infinite loop (until max execution time is reached),
logging into syslog as fast as it can. Repeating this some more times
on the web UI makes the whole system unusable, even denying logging in
via sshd (syslogd is so overwhelmed that it blocks it).
I think it would be nice to prepare for IMAP errors other than logging
more than 2000 lines per second, effectively causing a DoS to the
system. :)