Debian Bug report logs - #212762
fetchmail: Segmentation fault after retrieving mail list

version graph

Package: fetchmail; Maintainer for fetchmail is Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>; Source for fetchmail is src:fetchmail.

Reported by: Ross Boylan <RossBoylan@stanfordalumni.org>

Date: Thu, 25 Sep 2003 21:33:04 UTC

Severity: grave

Tags: moreinfo, security

Found in versions 6.2.4-1, 6.2.1-1, 6.2.4-4, 6.2.5-12

Fixed in version fetchmail/6.2.5-15

Done: Lucas Wall <lwall@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Ross Boylan <RossBoylan@stanfordalumni.org>:
New Bug report received and forwarded. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ross Boylan <RossBoylan@stanfordalumni.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: RossBoylan@stanfordalumni.org
Subject: fetchmail: Segmentation fault after retrieving mail list
Date: Thu, 25 Sep 2003 14:17:20 -0700
Package: fetchmail
Version: 6.2.4-1
Severity: normal

Consider severity: important
Justification: fetchmail won't retrieve mail
As this seems something specific to my situation, I'm not sure it's
justified.    Your call.

The problem is important to me, though :)

The following excerpt from a debug-run of fetchmail shows the problem:
/etc/init.d/fetchmail: Stopping the service...
Stopping mail retrieval agent: system-wide fetchmail not running.
/etc/init.d/fetchmail: exit status of service stop was: 0
/etc/init.d/fetchmail: RUNUSER is fetchmail
/etc/init.d/fetchmail: OPTIONS would be --daemon 300 --silent --syslog -f /etc/fetchmailrc -i /var/mail/.fetchmail-UIDL-cache
/etc/init.d/fetchmail: Starting service in nodetach mode, hit ^C (SIGINT/intr) to finish run...
fetchmail: starting fetchmail 6.2.4 daemon
fetchmail: 6.2.4 querying earthlink.net (protocol POP3) at Thu Sep 25 13:50:50 2003: poll started
mailfilter: 0.5.0 querying earthlink.net on Thu Sep 25 13:50:50 2003
mailfilter: Examining 11 message(s).
fetchmail: POP3< +OK NGPopper vEL_4_38 at earthlink.net ready <3066.1064523068@harrier>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK
fetchmail: POP3< user
fetchmail: POP3< pass
fetchmail: POP3< top
fetchmail: POP3< uidl
fetchmail: POP3< .
fetchmail: POP3> USER drrboylan
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< +OK drrboylan has 12 messages (48922 octets).
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 12 48922
fetchmail: POP3> LAST
fetchmail: POP3< +OK 0
12 messages for drrboylan at earthlink.net (48922 octets).
fetchmail: POP3> LIST
fetchmail: POP3< +OK
fetchmail: POP3< 1 5541
fetchmail: POP3< 2 3582
fetchmail: POP3< 3 6130
fetchmail: POP3< 4 3581
fetchmail: POP3< 5 4127
fetchmail: POP3< 6 3980
fetchmail: POP3< 7 3065
fetchmail: POP3< 8 3566
fetchmail: POP3< 9 4304
fetchmail: POP3< 10 3789
fetchmail: POP3< 11 3350
fetchmail: POP3< 12 3907
fetchmail: POP3< .
/etc/init.d/fetchmail: line 193: 25104 Segmentation fault      su "--command=${DAEMON} ${OPTIONS} --nosyslog --nodetach -v -v" ${RUNUSER} 0>&- 2>&1
/etc/init.d/fetchmail: End of service run. Exit status was: 139
------------------------------------

This is quite strange, because it was just working.  It also appears
to bomb with /etc/init.d/fetchmail restart, i.e., the problem is not
specific to debug mode.

The error is reliably repeatable.

This follows a rather intense period of activity mucking with
mailfilter and fetchmail settings.  I had just had my first successful
run of the combination when this problem arose.  The steps in between
success and failure were these:

Edited fetchmailrc to remove the uidl option.  (I was trying to get
some old mail off the server).  I did this as root.
Attempted debug-run produces
File /etc/fetchmailrc must be owned by you.
I did chown fetchmail:nogroup /etc/fetchmailrc (not sure what it was
before)

Another debug-run.  mailfilter ran successfully, deleting one
message.  fetchmail initiated dialogue with pop3 server and then
failed as in the above log (which is from a little later).

I was running fetchmail and mailfilter pretty frequently, so they may
have stepped on each other.  The frequent accesses to the mailbox on
the server may have put it in a bad state.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux wheat 2.4.21advncdfs #1 Wed Sep 17 22:06:42 PDT 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages fetchmail depends on:
ii  adduser                       3.51       Add and remove users and groups
ii  base-files                    3.0.10     Debian base system miscellaneous f
ii  debconf                       1.3.14     Debian configuration management sy
ii  debianutils                   2.5.4      Miscellaneous utilities specific t
ii  libc6                         2.3.2-7    GNU C Library: Shared libraries an
ii  libssl0.9.7                   0.9.7b-2   SSL shared libraries

-- debconf information:
* fetchmail/confwarn: 
* fetchmail/systemwide: true
* fetchmail/initdefaultswarn: 
* fetchmail/runasroot: false
  fetchmail/fetchidswarn: 




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Benjamin Drieu <benj@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Benjamin Drieu <benj@debian.org>
To: Ross Boylan <RossBoylan@stanfordalumni.org>
Cc: 212762@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#212762: fetchmail: Segmentation fault after retrieving mail list
Date: Fri, 26 Sep 2003 00:07:33 +0200
[Message part 1 (text/plain, inline)]
Ross Boylan <RossBoylan@stanfordalumni.org> writes:

> This is quite strange, because it was just working.  It also appears
> to bomb with /etc/init.d/fetchmail restart, i.e., the problem is not
> specific to debug mode.
>
> The error is reliably repeatable.

Could you run fetchmail under strace, for example with :
"/etc/init.d/fetchmail debug-run strace -o /tmp/strace.out" and send
the result to me (without passwords traced of course ;-)).

This is perhaps an UIDL related problem.  A GDB backtrace could prove
useful as well.  I can drive you with GDB if you need.

Cheers,
Benjamin

-- 
  .''`.
 ; ;' ;      Debian GNU/Linux     |   Benjamin Drieu
 `. `'    http://www.debian.org/  |  <benj@debian.org>
   `-    
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Benjamin Drieu <benj@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Ross Boylan <RossBoylan@stanfordalumni.org>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #20 received at 212762@bugs.debian.org (full text, mbox):

From: Ross Boylan <RossBoylan@stanfordalumni.org>
To: Benjamin Drieu <benj@debian.org>
Cc: Ross Boylan <RossBoylan@stanfordalumni.org>, 212762@bugs.debian.org
Subject: Re: Bug#212762: definitely a uidl problem
Date: Thu, 25 Sep 2003 15:27:34 -0700
On Fri, Sep 26, 2003 at 12:07:33AM +0200, Benjamin Drieu wrote:
> Ross Boylan <RossBoylan@stanfordalumni.org> writes:
> 
> > This is quite strange, because it was just working.  It also appears
> > to bomb with /etc/init.d/fetchmail restart, i.e., the problem is not
> > specific to debug mode.
> >
> > The error is reliably repeatable.
> 
> Could you run fetchmail under strace, for example with :
> "/etc/init.d/fetchmail debug-run strace -o /tmp/strace.out" and send
> the result to me (without passwords traced of course ;-)).
> 
> This is perhaps an UIDL related problem.  A GDB backtrace could prove
> useful as well.  I can drive you with GDB if you need.

This is definitely a UIDL problem.  When I add uidl back to
fetchmailrc, the problem goes away.  Just to verify that it wasn't
simply the server having fixed itself up, I deleted uidl and got the
error again.

Do you want the strace to the bug tracker, or just direct to you?
I'll get it in a minute.  I'm not sure if it will help since the
standard package is not a debug version (I assume).

I have a fairly complete development environment; I could build a
special version if necessary.

> 
> Cheers,
> Benjamin
> 


Also, here's my fetchmailrc, with sensitive info altered (the fetchall
is a very recent addition; the preconnect is relatively recent):

set postmaster "postmaster"
set bouncemail
set properties ""
set daemon 600
# the seemingly silly aka below allows matches to 
# swan.mail.pas.earthlink.net  and other such addresses
poll earthlink.net aka earthlink.net no dns with proto pop3 options uidl
	# main user
	user meme there with password xxxx is ross here fetchall
	warnings 3600 fetchlimit 2500
	antispam 571 550 501 554
	preconnect "mailfilter"
	# auxiliary
	user me2 there with password xxxx is * here
	warnings 3600 fetchlimit 2500
	antispam 571 550 501 554



Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Ross Boylan <RossBoylan@stanfordalumni.org>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #25 received at 212762@bugs.debian.org (full text, mbox):

From: Ross Boylan <RossBoylan@stanfordalumni.org>
To: Benjamin Drieu <benj@debian.org>
Cc: Ross Boylan <RossBoylan@stanfordalumni.org>, 212762@bugs.debian.org
Subject: Re: Bug#212762: fetchmail: Segmentation fault after retrieving mail list
Date: Thu, 25 Sep 2003 15:33:09 -0700
On Fri, Sep 26, 2003 at 12:07:33AM +0200, Benjamin Drieu wrote:
> Ross Boylan <RossBoylan@stanfordalumni.org> writes:
> 
> > This is quite strange, because it was just working.  It also appears
> > to bomb with /etc/init.d/fetchmail restart, i.e., the problem is not
> > specific to debug mode.
> >
> > The error is reliably repeatable.
> 
> Could you run fetchmail under strace, for example with :
> "/etc/init.d/fetchmail debug-run strace -o /tmp/strace.out" and send
> the result to me (without passwords traced of course ;-)).
> 
> This is perhaps an UIDL related problem.  A GDB backtrace could prove
> useful as well.  I can drive you with GDB if you need.
> 
> Cheers,
> Benjamin
> 
Oh, this is going to be fun.  It runs OK under strace, but crashes
without it.  Ideas?





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Benjamin Drieu <benj@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #30 received at 212762@bugs.debian.org (full text, mbox):

From: Benjamin Drieu <benj@debian.org>
To: Ross Boylan <RossBoylan@stanfordalumni.org>
Cc: 212762@bugs.debian.org
Subject: Re: Bug#212762: fetchmail: Segmentation fault after retrieving mail list
Date: Sun, 28 Sep 2003 14:39:10 +0200
[Message part 1 (text/plain, inline)]
Ross Boylan <RossBoylan@stanfordalumni.org> writes:

> Oh, this is going to be fun.  It runs OK under strace, but crashes
> without it.  Ideas?

Hmmm.  Perhaps send me your UIDL file?

-- 
  .''`.
 ; ;' ;      Debian GNU/Linux     |   Benjamin Drieu
 `. `'    http://www.debian.org/  |  <benj@debian.org>
   `-    
[Message part 2 (application/pgp-signature, inline)]

Tags added: moreinfo Request was from Benjamin Drieu <benj@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to prox <prox@vger.org>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #37 received at 212762@bugs.debian.org (full text, mbox):

From: prox <prox@vger.org>
To: Debian Bug Tracking System <212762@bugs.debian.org>
Subject: fetchmail 6.2.4-3 and 6.2.4-1: segv after receiving headerlist and started working on first header
Date: Thu, 09 Oct 2003 14:37:16 +0200
Package: fetchmail
Version: 6.2.1-1
Severity: normal
Followup-For: Bug #212762

fetchmail has been working for me a long time until 6.2.4-3.
I tried downgrading to 6.2.4-1 but it also gave SEGV and Im now running
6.2.1-1 and it seams to be working.

SEGV happens after it have received all header sizes and started getting the
first header. I suspected that it might have been the mail that was the
problem but when i check it now it doesnt look like that.

I am using fetchmail on a remote IMAP server nothing fancy.

$ cat .fetchmailrc
poll server protocol imap user "user" password "pass"

I run it in crontab every 5 mins:

/usr/bin/fetchmail -a -m "/usr/bin/maildrop -d prox"

It never gets to maildrop so its not likly maildrop that segvs.

If you need more info i can revert to 6.2.4-3 and give you some output just ask.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux mcojj 2.4.22-grsec #1 SMP Wed Sep 10 19:55:10 CEST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages fetchmail depends on:
ii  adduser                       3.51       Add and remove users and groups
ii  base-files                    3.0.11     Debian base system miscellaneous f
ii  debconf                       1.3.14     Debian configuration management sy
ii  debianutils                   2.5.5      Miscellaneous utilities specific t
ii  libc6                         2.3.2-8    GNU C Library: Shared libraries an
ii  libssl0.9.7                   0.9.7c-3   SSL shared libraries

-- debconf information:
* fetchmail/runasroot: false
* fetchmail/initdefaultswarn: 
  fetchmail/fetchidswarn: 
* fetchmail/confwarn: 
* fetchmail/systemwide: true




Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Daniel Joensson <danieljo@fagotten.org>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #42 received at 212762@bugs.debian.org (full text, mbox):

From: Daniel Joensson <danieljo@fagotten.org>
To: Debian Bug Tracking System <212762@bugs.debian.org>
Subject: fetchmail: More information: strace, ltrace, gdb output
Date: Fri, 10 Oct 2003 21:23:05 +0200
Package: fetchmail
Version: 6.2.4-1
Followup-For: Bug #212762

I have the same problem. When running fetchmail, it connects to the IMAP
server and fetches the message list, then causes a segmentation fault. I
get the same behaviour when running with [sl]trace. My ~/.fetchmailrc
looks like this:

poll mailin.fagotten.org with protocol imap:
     user "danieljo" there has password "xxxxxxxx"
     is daniel here and wants mda "/usr/bin/procmail -f -"
     fetchall ssl

I recompiled the packed with debug information and ran it under gdb. The
result of a "bt full" as well as [sl]trace data can be found in:

http://www.fagotten.org/danieljo/bug/debian_212762/strace.txt.bz2
http://www.fagotten.org/danieljo/bug/debian_212762/ltrace.txt.bz2
http://www.fagotten.org/danieljo/bug/debian_212762/gdb_output.txt

The ltrace output is password sanitized but otherwise unchanged.

I tested using the package in unstable (6.2.4-3) but it gave exactly the
same results (SEGV).

/Daniel

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux paco 2.4.22 #1 Sun Sep 28 04:03:01 CEST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages fetchmail depends on:
ii  adduser                       3.51       Add and remove users and groups
ii  base-files                    3.0.10     Debian base system miscellaneous f
ii  debconf                       1.3.14     Debian configuration management sy
ii  debianutils                   2.5.5      Miscellaneous utilities specific t
ii  libc6                         2.3.2-7    GNU C Library: Shared libraries an
ii  libssl0.9.7                   0.9.7b-2   SSL shared libraries

-- debconf information:
  fetchmail/initdefaultswarn: 
* fetchmail/confwarn: 
  fetchmail/fetchidswarn: 
  fetchmail/runasroot: false
* fetchmail/systemwide: false




Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Sven Koch <haegar@sdinet.de>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #47 received at 212762@bugs.debian.org (full text, mbox):

From: Sven Koch <haegar@sdinet.de>
To: Debian Bug Tracking System <212762@bugs.debian.org>
Subject: fetchmail: Same here: segfault after getting list and sending first header
Date: Sun, 09 Nov 2003 03:38:46 +0100
Package: fetchmail
Version: 6.2.4-4
Severity: normal
Followup-For: Bug #212762

I just wanted to let you know that I got the same problem, after upgrading my
pop3-server at work to a new version today.

my fetchmail config is:

poll post.somewhere.example protocol POP3:
        dns
        user haegar there is haegar here
        password nowhidden
        pass8bits
        fetchall 
        ssl

it works against the old server, the pop3 daemon of courier-imapd (old
handcompiled version):

fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .

but it segfaults against the new pop3 server, the pop3 daemon of cyrus imapd
(current debian sid version rebuilt on woody):

fetchmail: POP3< +OK post.somewhere.example Cyrus POP3
v2.1.15-IPv6-Debian-2.1.15-7.sdinet2 server ready <1857852136.1068345356@post.comunit.de>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK List of capabilities follows
fetchmail: POP3< SASL PLAIN
fetchmail: POP3< EXPIRE NEVER
fetchmail: POP3< LOGIN-DELAY 60
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< PIPELINING
fetchmail: POP3< RESP-CODES
fetchmail: POP3< AUTH-RESP-CODE
fetchmail: POP3< USER
fetchmail: POP3< IMPLEMENTATION Cyrus POP3 server v2.1.15-IPv6-Debian-2.1.15-7.s
fetchmail: POP3< dinet2
fetchmail: POP3< .
fetchmail: POP3> USER haegar
fetchmail: POP3< +OK Name is a valid mailbox
fetchmail: POP3> PASS *
fetchmail: POP3< +OK Maildrop locked and ready
fetchmail: POP3> STAT
fetchmail: POP3< +OK 742 7006603
742 messages for haegar at post.comunit.de (7006603 octets).
fetchmail: POP3> LIST
fetchmail: POP3< +OK scan listing follows
fetchmail: POP3< 1 233
[...lots...]
fetchmail: POP3< 742 11428
fetchmail: POP3< .
fetchmail: POP3> RETR 1
fetchmail: POP3< +OK Message follows
reading message haegar@post.somewhere.example:1 of 742 (233 octets)
fetchmail: SMTP< 220 horizon.somewhereelse.example ESMTP bofa-smtpd (0.42R23
(c) Illjur Bru)
fetchmail: SMTP> EHLO localhost
fetchmail: SMTP< 250-horizon.somewhereelse.example Hello localhost [127.0.0.1]
fetchmail: SMTP< 250-SIZE
fetchmail: SMTP< 250-PIPELINING
fetchmail: SMTP< 250-STARTTLS
fetchmail: SMTP< 250 HELP
fetchmail: SMTP> MAIL FROM:<haegar@somewhere.example> SIZE=233
fetchmail: SMTP< 250 <haegar@somewhere.example> is syntactically correct
fetchmail: SMTP> RCPT TO:<haegar@localhost>
fetchmail: SMTP< 250 <haegar@localhost> verified
fetchmail: SMTP> DATA
fetchmail: SMTP< 354 Enter message, ending with "." on a line by itself
/etc/init.d/fetchmail: line 193:  3642 Segmentation fault      su
"--command=${DAEMON} ${OPTIONS} --nosyslog --nodetach -v -v" ${RUNUSER} 0>&- 2>&1
/etc/init.d/fetchmail: End of service run. Exit status was: 139


Hope this additional informations helps in finding and fixing the bug.


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux horizon 2.4.21-pre4-ac3 #3 Sun Feb 9 20:41:30 CET 2003 i686
Locale: LANG=C, LC_CTYPE=ISO_8859_1

Versions of packages fetchmail depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  base-files                  3.0.12       Debian base system miscellaneous f
ii  debconf                     1.3.20       Debian configuration management sy
ii  debianutils                 2.6          Miscellaneous utilities specific t
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries

-- debconf information:
* fetchmail/confwarn: 
* fetchmail/systemwide: true
* fetchmail/initdefaultswarn: 
* fetchmail/runasroot: false
  fetchmail/fetchidswarn: 




Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Sven Koch <haegar@sdinet.de>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #52 received at 212762@bugs.debian.org (full text, mbox):

From: Sven Koch <haegar@sdinet.de>
To: Debian Bug Tracking System <212762@bugs.debian.org>
Subject: fetchmail: More info?
Date: Mon, 17 Nov 2003 03:46:42 +0100
Package: fetchmail
Version: 6.2.4-4
Severity: normal
Followup-For: Bug #212762

My system/server setup is the same as in my last posting to this bug.

I just recompiled the fetchmail package with debugging enabled, and ran it
under gdb. The segfault occured, and gave the following backtrace:

(gdb) run -f /etc/fetchmailrc --nodetach -v -v
Starting program: /usr/bin/fetchmail -f /etc/fetchmailrc --nodetach -v -v
fetchmail: removing stale lockfile

Program received signal SIGSEGV, Segmentation fault.
0x401f6a8f in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x401f6a8f in strlen () from /lib/libc.so.6
#1  0xbffdcef8 in ?? ()
#2  0x08061c41 in stuffline (ctl=0x20766f4e, 
    buf=0x33303032 <Address 0x33303032 out of bounds>) at sink.c:631
Previous frame inner to this frame (corrupt stack?)
(gdb) 


Running it under strace segfaults too and is more or less boring.

But under ltrace it gives:
(tabs at linestart inserted by me to get this more readable)

recv(5, 0x08088fe0, 8190, 2, 0)                  = 56
memchr("354 Enter message, ending with "." on a line by
	itself\r\nIZE\r\n250-PIPELINING\r\n250-STARTTLS\r\n250 HELP\r\n", '\n', 56)
	= 0x08089017
read(5, "354 Enter message, ending with "." on a line by itself\r\n", 56) =
	56
setitimer(0, 0xbffdaa80, 0, 2, 0)                = 0
memset(0xbffda9f0, '\000', 140)                  = 0xbffda9f0
sigemptyset(0xbffda9f4)                          = 0
sigaction(14, 0xbffda9f0, 0xbffda960)            = 0
strlen("354 Enter message, ending with "." on a line by itself\r\n") = 56
vsyslog(6, 0x0807b4d0, 0xbffdaaa8, 6, 6)         = 0
time(NULL)                                       = 1069036174
strstr("Received: from  (localhost [127.0.0.1])\r\n\tby post.comunit.de
	(Cyrus v2.1.15-IPv6-Debian-2.1.15-7.sdinet2) with LMTP; Wed, 29 Oct".
	.., "Received:") = "Received: from  (localhost [127.0.0.1])\r\n\tby
	post.comunit.de (Cyrus v2.1.15-IPv6-Debian-2.1.15-7.sdinet2) with LMTP; W
	ed, 29 Oct"...
snprintf("Received: from post.comunit.de [193.103.160.162]\r\n", 8193,
	"Received: from %s [%u.%u.%u.%u]\r\n", "post.comunit.de", 193, 103, 16
	0, 162) = 50
strlen("eceived: from post.comunit.de [193.103.160.162]\r\n") = 49
write(5, "Received: from post.comunit.de [193.103.160.162]\r\n", 50) = 50
snprintf("\tby localhost with POP3 (fetchmail-6.2.4", 8193, "\tby %s with %s
	(fetchmail-%s", "localhost", "POP3", "6.2.4") = 40
strlen("\tby localhost with POP3 (fetchmail-6.2.4") = 40
strlen("\tby localhost with POP3 (fetchmail-6.2.4") = 40
snprintf(")\r\n", 8153, ")\r\n")                 = 3
strlen("by localhost with POP3 (fetchmail-6.2.4)\r\n") = 42
write(5, "\tby localhost with POP3 (fetchmail-6.2.4)\r\n", 43) = 43
strchr("haegar", '@')                            = NULL
snprintf("haegar@localhost", 764, "%s@%s", "haegar", "localhost") = 16
snprintf("for haegar@localhost", 8192, "for %s", "haegar@localhost") = 20
strlen("\tfor haegar@localhost")                 = 21
sprintf(" (single-drop); ", " (%s); ", "single-drop") = 16
time(0xbffdce80)                                 = 1069036174
setlocale(2, "C")                                = "C"
localtime(0xbffdce80)                            = 0x402b2d00
strftime("Mon, 17 Nov 2003 03:29:34 XXXXX (CET)", 49, "%a, %d %b %Y %H:%M:%S
	XXXXX (%Z)", 0x402b2d00) = 37
setlocale(2, "")                                 = "C"
gmtime(0xbffdce80)                               = 0x402b2d00
localtime(0xbffdce80)                            = 0x402b2d00
sprintf("+0100", "%c%02d%02d", '+', 1, 0)        = 5
strstr("Mon, 17 Nov 2003 03:29:34 XXXXX (CET)", "XXXXX") = "XXXXX (CET)"
strncpy(0x080831ba, "+0100", 5)                  = 0x080831ba
strlen("\tfor haegar@localhost (single-drop); ") = 37
strlen("\tfor haegar@localhost (single-drop); ") = 37
snprintf("Mon, 17 Nov 2003 03:29:34 +0100 (CET)\r\n", 8156, "%s\r\n", "Mon,
	17 Nov 2003 03:29:34 +0100 (CET)") = 39
strlen("for haegar@localhost (single-drop); Mon, 17 Nov 2003 03:29:34 +0100
	(CET)\r\n") = 75
write(5, "\tfor haegar@localhost (single-drop); Mon, 17 Nov 2003 03:29:34
	+0100 (CET)\r\n", 76) = 76
strlen("eceived: from  (localhost [127.0.0.1])\r\n\tby post.comunit.de
	(Cyrus v2.1.15-IPv6-Debian-2.1.15-7.sdinet2) with LMTP; Wed, 29 Oct ".
	..) = 184
strlen("\n\b\021")                               = 3
strlen("")                                       = 0
strlen("")                                       = 0
strlen("d\r+@d\r+@\020")                         = 9
strlen("")                                       = 0
strlen("")                                       = 0
strlen("\020\001")                               = 2
strlen("")                                       = 0
strlen("\251\035\317\2569?\013Z\335es\014\370\033\335kO\002EOFo\314\035l/\2733\270+\200")
	= 29
strlen("n<]SG\226R\361\360\003NCZ\343\254\0257#\203+/xA\360Q\007\007\374\244\342XB\214w\212\375=\375\b\306\034\023(\232\257\034\257b\037+\362
	\335\344\312\333\323\360\003\030s\347/v\266J>9U\034\300\020-V\221\365A\024,\335\254O\277A/\314\016Y\321\262(\301D\007\217\217\246Ef")
	= 98
strlen("")                                       = 0
strlen("")                                       = 0
strlen("")                                       = 0
strlen("")                                       = 0
strlen("")                                       = 0

and this last line loops till eternity (or until I killed fetchmail)


Do you have any more ideas to nail this down and get it fixed?


greetings
sven


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux horizon 2.4.21-pre4-ac3 #3 Sun Feb 9 20:41:30 CET 2003 i686
Locale: LANG=C, LC_CTYPE=ISO_8859_1

Versions of packages fetchmail depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  base-files                  3.0.12       Debian base system miscellaneous f
ii  debconf                     1.3.20       Debian configuration management sy
ii  debianutils                 2.6.1        Miscellaneous utilities specific t
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org, Benjamin Drieu <benj@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Ben Korvemaker <korvemaker@sympatico.ca>:
Extra info received and forwarded to list. Copy sent to Benjamin Drieu <benj@debian.org>. Full text and rfc822 format available.

Message #57 received at 212762@bugs.debian.org (full text, mbox):

From: Ben Korvemaker <korvemaker@sympatico.ca>
To: Debian Bug Tracking System <212762@bugs.debian.org>
Subject: fetchmail intermittently segfaulting
Date: Tue, 9 Dec 2003 16:04:06 -0500
Package: fetchmail
Version: 6.2.4-4
Severity: normal
Followup-For: Bug #212762

My fetchmail seemed to have rather spontaneously started failing a few
days ago, but only intermittently.

I've done some upgrades, but nothing that seemed to affect library
dependencies. Following the bits of info other people have put on this
bug, I ran strace, and found nothing exciting, although I can give you
what i've got. I also ran ltrace, and the last strcmp() attempted was
curious -- the first argument was null:

10826 15:48:26 memchr(".\r\n043", '\n', 3)                     = 0xbfffb7f2
10826 15:48:26 read(3, ".\r\n", 3)                             = 3
10826 15:48:26 setitimer(0, 0xbfffb780, 0, 2, 0)               = 0
10826 15:48:26 fflush(0x402aaca0)                              = 0
10826 15:48:26 fprintf(0x402aaca0, "%s: ", "fetchmail")        = 11
10826 15:48:26 vfprintf(0x402aaca0, "%s< %s\n", 0xbfffb7a8)    = 8
10826 15:48:26 fflush(0x402aaca0)                              = 0
10826 15:48:26 strcmp(NULL, "<20031209213958.A31324@slot.holl"... <unfinished ...>
10826 15:48:26 --- SIGSEGV (Segmentation fault) ---
10826 15:48:26 +++ killed by SIGSEGV +++

Is there anything else I can provide to help? Is there anything I can do
to make the segfaults stop?

Ben

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux clockwork 2.4.22-20031005 #1 Sun Oct 5 18:28:32 EDT 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages fetchmail depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  base-files                  3.0.12       Debian base system miscellaneous f
ii  debconf                     1.3.22       Debian configuration management sy
ii  debianutils                 2.6.1        Miscellaneous utilities specific t
ii  libc6                       2.3.2.ds1-10 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries

-- debconf information:
* fetchmail/confwarn: 
* fetchmail/systemwide: false
  fetchmail/initdefaultswarn: 
  fetchmail/runasroot: false
  fetchmail/fetchidswarn: 



Information forwarded to debian-bugs-dist@lists.debian.org, Graham Wilson <graham@debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to "Edward J. Shornock" <ed@crazeecanuck.homelinux.net>:
Extra info received and forwarded to list. Copy sent to Graham Wilson <graham@debian.org>. Full text and rfc822 format available.

Message #62 received at 212762@bugs.debian.org (full text, mbox):

From: "Edward J. Shornock" <ed@crazeecanuck.homelinux.net>
To: Debian Bug Tracking System <212762@bugs.debian.org>
Subject: fetchmail: SEGFAULT on 3rd poll after uid command
Date: Sat, 19 Feb 2005 01:25:48 -0500
Package: fetchmail
Version: 6.2.5-12
Followup-For: Bug #212762

Fails with a segmentation fault with a really long uid. Included with
this report is the fetchids file, bt output, strace output, ltrace
output, and fetchmail -v -v output.

If any other information would be helpful, please let me know.

----- fetchmail -v -v --------------
fetchmail: awakened at Sat 19 Feb 2005 12:40:43 AM EST
fetchmail: interval not reached, not querying 192.168.1.1
fetchmail: Writing fetchids file.
fetchmail: sleeping at Sat 19 Feb 2005 12:40:43 AM EST
fetchmail: awakened at Sat 19 Feb 2005 12:41:13 AM EST
fetchmail: 6.2.5 querying 192.168.1.1 (protocol POP3) at Sat 19 Feb 2005 12:41:13 AM EST: poll started
fetchmail: POP3< +OK MrPostman webmail proxy ready
fetchmail: POP3> USER xxxx@xxxx.com^M
fetchmail: POP3< +OK user xxxx@xxxx.com accepted
fetchmail: POP3> PASS *^M
fetchmail: POP3< +OK password accepted
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 21 2760704
fetchmail: POP3> LAST
fetchmail: POP3< -ERR Command not supported or recognized
fetchmail: POP3> UIDL 11
fetchmail: POP3< +OK 11 8389_0_2890_1347_2248_0_1234_7483_2506326049_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT1eV3ufzzbuVa4C8WDI3AUO0qtlkxFQxKE9WHKmt08DcVGLVt1jQCxRjzzVRYTlOKPnKM-

---- fetchids file -----
SObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT1eV3ufzzbuVa4C8WDI3AUO0qtlkxFQxKE9WHKmt08DcVGLVt1jQCxRjzzVRYTlOKPnKM-
xxxx@xxxx.com@192.168.1.1 8106_0_3404_1284_76422_0_1224_156619_3999656005_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT1cFrkI09T7DtFr9LU0J7xfHeEU02tmId54s_NPK6rbBnjabfxHwATr6yp3aXU3524_uZC
xxxx@xxxx.com@192.168.1.1 6469_0_3893_1280_640_0_1223_1642_360576369_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT1cFrqyeaH5y_v3uevK8vlTJJfzWcKbNhcIQNWL8ze.jKuNQmVh36jK8KzSNUzA_0vffI-
xxxx@xxxx.com@192.168.1.1 9214_0_4427_1470_5565_0_1188_22028_861702103_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT2eFnlK.3_c6GNkSTjk2UTr9w.dnBkmzETkC1h6p3bMrfva21SEsEheZ2yXJPlFEI.b08-
xxxx@xxxx.com@192.168.1.1 3602_0_4937_1502_12899_0_1161_18546_532919462_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT2eFvuOT2.OFRflmLwWGSYgUHyvCfBqs5ESle.ek3cYQdBg3ik7Qyp2KUNOS1Qbsl3vhKP
xxxx@xxxx.com@192.168.1.1 2452_0_5438_1428_2050_0_1145_5725_34757075_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT2d1zlwUDML8oCwHpCG3VDruZ2cWixLm58I2VxYdxBNRqnv4KG9kjAMH_5MKj9TG.SPSw-
xxxx@xxxx.com@192.168.1.1 7406_0_5964_1342_152034_0_1106_210416_4255623294_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT2cFrusy2xTFR1KCSOBkZxyKEB_7Gc9MFRssdfH11jrfO_VvD2Re6WmBFm8Z6PNa3.Ag--
xxxx@xxxx.com@192.168.1.1 7963_7058784_1407_1295_1236_0_1298_2159_2018672021
xxxx@xxxx.com@192.168.1.1 4747_6917113_159_1360_1297_0_1287_2275_2830436148
xxxx@xxxx.com@192.168.1.1 3501_6914624_595_1314_1173_0_1286_2048_3169185279
xxxx@xxxx.com@192.168.1.1 4327_5762502_1009_1273_1366_0_1272_2632_3476829756

----- strace output -----

write(1, "fetchmail: awakened at Sat 19 Fe"..., 55) = 55
stat64("/var/mail/zip.fetchmail", {st_mode=S_IFREG|0710, st_size=171, ...}) = 0
time([1108791673])                      = 1108791673
write(1, "fetchmail: 6.2.5 querying 192.16"..., 103) = 103
rt_sigaction(SIGALRM, {0x805aaa0, [], 0}, {0x8056150, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x805aae0, [], SA_RESTART}, {0x8056150, [], SA_RESTART}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(11110), sin_addr=inet_addr("192.168.1.1")}, 16) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
recv(3, "+OK MrPostman webmail proxy read"..., 512, MSG_PEEK) = 35
read(3, "+OK MrPostman webmail proxy read"..., 35) = 35
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
write(1, "fetchmail: POP3< +OK MrPostman w"..., 51) = 51
write(3, "USER xxxx@xxxx.com\r\n", 24) = 24
write(1, "fetchmail: POP3> USER zipform@ya"..., 41) = 41
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
recv(3, "+OK user xxxx@xxxx.com accep"..., 512, MSG_PEEK) = 37
read(3, "+OK user xxxx@xxxx.com accep"..., 37) = 37
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
write(1, "fetchmail: POP3< +OK user zipfor"..., 53) = 53
write(3, "PASS <password>\r\n", 15)       = 15
write(1, "fetchmail: POP3> PASS *\r\n", 25) = 25
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
recv(3, "+OK password accepted\r\n", 512, MSG_PEEK) = 23
read(3, "+OK password accepted\r\n", 23) = 23
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
write(1, "fetchmail: POP3< +OK password ac"..., 39) = 39
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {0x805a6c0, [], SA_RESTART|SA_NOCLDSTOP}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({3, 0}, {3, 0})               = 0
write(1, "fetchmail: selecting or re-polli"..., 50) = 50
write(3, "STAT\r\n", 6)                 = 6
write(1, "fetchmail: POP3> STAT\n", 22) = 22
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
recv(3, "+OK 21 2760704\r\n", 512, MSG_PEEK) = 16
read(3, "+OK 21 2760704\r\n", 16)       = 16
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
write(1, "fetchmail: POP3< +OK 21 2760704\n", 32) = 32
write(3, "LAST\r\n", 6)                 = 6
write(1, "fetchmail: POP3> LAST\n", 22) = 22
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
recv(3, "-ERR Command not supported or re"..., 512, MSG_PEEK) = 42
read(3, "-ERR Command not supported or re"..., 42) = 42
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
write(1, "fetchmail: POP3< -ERR Command no"..., 58) = 58
write(2, "fetchmail: ", 11)             = 11
write(2, "Command not supported or recogni"..., 36) = 36
write(3, "UIDL 11\r\n", 9)              = 9
write(1, "fetchmail: POP3> UIDL 11\n", 25) = 25
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={300, 0}}, NULL) = 0
recv(3, "+OK 11 8389_0_2890_1347_2248_0_1"..., 512, MSG_PEEK) = 214
read(3, "+OK 11 8389_0_2890_1347_2248_0_1"..., 214) = 214
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
write(1, "fetchmail: POP3< +OK 11 8389_0_2"..., 230) = 230
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


------ ltrace output -------------
vfprintf(0xb7e53be0, "awakened at %s\n", 0xbffffba8) = 44
fflush(0xb7e53be0)                               = 0
__xstat(3, "/var/mail/zip.fetchmail", 0xbffffbe0) = 0
time(0xbffffb60)                                 = 1108793284
setlocale(2, "")                                 = "en_US.UTF-8"
localtime(0xbffffb60)                            = 0xb7e5d7c0
strftime("Sat 19 Feb 2005 01:08:04 AM EST", 60, "%c", 0xb7e5d7c0) = 31
setlocale(2, "C")                                = "C"
dcgettext(0, 0x80732e0, 5, 0x4216b42c, 0)        = 0x80732e0
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s querying %s (protocol %s) at "..., 0xbffffb78) = 92
fflush(0xb7e53be0)                               = 0
memset(0xbfffb950, '\000', 140)                  = 0xbfffb950
sigemptyset(0xbfffb954)                          = 0
sigaction(14, 0xbfffb950, 0xbfffb8c0)            = 0
memset(0xbfffb950, '\000', 140)                  = 0xbfffb950
sigemptyset(0xbfffb954)                          = 0
sigaction(13, 0xbfffb950, 0xbfffb8c0)            = 0
_setjmp(0x8081ee0, 0x805aae0, 21, 0xbfffb98c, 0) = 0
setitimer(0, 0xbfffb9e0, 0, 0x805ab58, 0)        = 0
inet_aton("192.168.1.1", 0xbfffb9d4)             = 1
socket(2, 1, 0)                                  = 3
connect(3, 0xbfffb9d0, 16, 0, 0xbfffb9e0)        = 0
setitimer(0, 0xbfffb9e0, 0, 0, 0)                = 0
setitimer(0, 0xbfffb9e0, 0, 0, 0)                = 0
setitimer(0, 0xbfffb770, 0, 0, 0)                = 0
recv(3, 0xbfffb7d0, 512, 2, 0)                   = 35
memchr("+OK MrPostman webmail proxy read"..., '\n', 35) = 0xbfffb7f2
read(3, "+OK MrPostman webmail proxy read"..., 35) = 35
setitimer(0, 0xbfffb770, 0, 2, 0)                = 0
strlen("+OK MrPostman webmail proxy read"...)    = 35
strlen("+OK MrPostman webmail proxy read"...)    = 34
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s< %s\n", 0xbfffb798)     = 40
fflush(0xb7e53be0)                               = 0
__ctype_b_loc()                                  = 0xb7d26564
strcpy(0xbfffda60, "MrPostman webmail proxy ready") = 0xbfffda60
strcasecmp("192.168.1.1", "pop3.email.msn.com")  = -63
vsnprintf("USER xxxx@xxxx.com", 8193, "USER %s", 0xbfffb9c8) = 22
snprintf("\r\n", 8171, "\r\n")                   = 2
write(3, "USER xxxx@xxxx.com\r\n", 24)       = 24
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s> %s\n", 0xbfff9978)     = 30
fflush(0xb7e53be0)                               = 0
setitimer(0, 0xbfff96e0, 0, 0xb7e538a0, 0)       = 0
recv(3, 0xbfff9740, 512, 2, 0)                   = 37
memchr("+OK user xxxx@xxxx.com accep"..., '\n', 37) = 0xbfff9764
read(3, "+OK user xxxx@xxxx.com accep"..., 37) = 37
setitimer(0, 0xbfff96e0, 0, 2, 0)                = 0
strlen("+OK user xxxx@xxxx.com accep"...)    = 37
strlen("+OK user xxxx@xxxx.com accep"...)    = 36
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s< %s\n", 0xbfff9708)     = 42
fflush(0xb7e53be0)                               = 0
__ctype_b_loc()                                  = 0xb7d26564
strcpy(0xbfff9990, "user xxxx@xxxx.com accepted") = 0xbfff9990
strcpy(0x8085940, "<password>")                    = 0x8085940
vsnprintf("PASS <password>", 8193, "PASS %s", 0xbfffb9c8) = 13
snprintf("\r\n", 8180, "\r\n")                   = 2
write(3, "PASS <password>\r\n", 15)                = 15
strstr("PASS <password>\r\n", "<password>")          = "<password>\r\n"
strlen("<password>")                               = 8
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s> %s\n", 0xbfff9978)     = 14
fflush(0xb7e53be0)                               = 0
setitimer(0, 0xbfff96e0, 0, 0x8066056, 0)        = 0
recv(3, 0xbfff9740, 512, 2, 0)                   = 23
memchr("+OK password accepted\r\ncom accep"..., '\n', 23) = 0xbfff9756
read(3, "+OK password accepted\r\n", 23)         = 23
setitimer(0, 0xbfff96e0, 0, 2, 0)                = 0
strlen("+OK password accepted\r\n")              = 23
strlen("+OK password accepted\r")                = 22
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s< %s\n", 0xbfff9708)     = 28
fflush(0xb7e53be0)                               = 0
__ctype_b_loc()                                  = 0xb7d26564
strcpy(0xbfff9990, "password accepted")          = 0xbfff9990
sleep(3)                                         = 0
gettext(0x8076820, 0x808f528, 0xbfffda60, 0, 0)  = 0x8076820
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "selecting or re-polling default "..., 0xbfffba08) = 39
fflush(0xb7e53be0)                               = 0
vsnprintf("STAT", 8193, "STAT", 0xbfffb728)      = 4
snprintf("\r\n", 8189, "\r\n")                   = 2
write(3, "STAT\r\n", 6)                          = 6
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s> %s\n", 0xbfff96e8)     = 11
fflush(0xb7e53be0)                               = 0
setitimer(0, 0xbfffb490, 0, 0, 0)                = 0
recv(3, 0xbfffb4f0, 512, 2, 0)                   = 16
memchr("+OK 21 2760704\r\n\001", '\n', 16)       = 0xbfffb4ff
read(3, "+OK 21 2760704\r\n", 16)                = 16
setitimer(0, 0xbfffb490, 0, 2, 0)                = 0
strlen("+OK 21 2760704\r\n")                     = 16
strlen("+OK 21 2760704\r")                       = 15
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s< %s\n", 0xbfffb4b8)     = 21
fflush(0xb7e53be0)                               = 0
__ctype_b_loc()                                  = 0xb7d26564
strcpy(0xbfffb7d0, "21 2760704")                 = 0xbfffb7d0
sscanf(0xbfffb7d0, 0x807170b, 0xbfffba54, 0xbfffba5c, 0xb7d9643a) = 2
vsnprintf("LAST", 8193, "LAST", 0xbfffb728)      = 4
snprintf("\r\n", 8189, "\r\n")                   = 2
write(3, "LAST\r\n", 6)                          = 6
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s> %s\n", 0xbfff96e8)     = 11
fflush(0xb7e53be0)                               = 0
setitimer(0, 0xbfffb490, 0, 0x8066056, 0)        = 0
recv(3, 0xbfffb4f0, 512, 2, 0)                   = 42
memchr("-ERR Command not supported or re"..., '\n', 42) = 0xbfffb519
read(3, "-ERR Command not supported or re"..., 42) = 42
setitimer(0, 0xbfffb490, 0, 2, 0)                = 0
strlen("-ERR Command not supported or re"...)    = 42
strlen("-ERR Command not supported or re"...)    = 41
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s< %s\n", 0xbfffb4b8)     = 47
fflush(0xb7e53be0)                               = 0
__ctype_b_loc()                                  = 0xb7d26564
fflush(0xb7e53d40)                               = 0
fprintf(0xb7e53d40, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53d40, "%s\n", 0xbfffb4d8)         = 36
fflush(0xb7e53d40)                               = 0
strcpy(0xbfffb7d0, "Command not supported or recogni"...) = 0xbfffb7d0
vsnprintf("UIDL 11", 8193, "UIDL %d", 0xbfffb428) = 7
snprintf("\r\n", 8186, "\r\n")                   = 2
write(3, "UIDL 11\r\n", 9)                       = 9
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s> %s\n", 0xbfff93e8)     = 14
fflush(0xb7e53be0)                               = 0
setitimer(0, 0xbfffb190, 0, 0xbfffb754, 0)       = 0
recv(3, 0xbfffb1f0, 512, 2, 0)                   = 214
memchr("+OK 11 8389_0_2890_1347_2248_0_1"..., '\n', 214) = 0xbfffb2c5
read(3, "+OK 11 8389_0_2890_1347_2248_0_1"..., 214) = 214
setitimer(0, 0xbfffb190, 0, 2, 0)                = 0
strlen("+OK 11 8389_0_2890_1347_2248_0_1"...)    = 214
strlen("+OK 11 8389_0_2890_1347_2248_0_1"...)    = 213
fflush(0xb7e53be0)                               = 0
fprintf(0xb7e53be0, "%s: ", "fetchmail")         = 11
vfprintf(0xb7e53be0, "%s< %s\n", 0xbfffb1b8)     = 219
fflush(0xb7e53be0)                               = 0
__ctype_b_loc()                                  = 0xb7d26564
strcpy(0xbfffb430, "11 8389_0_2890_1347_2248_0_1234_"...) = 0xbfffb430
sscanf(0xbfffb430, 0x80716de, 0xbfffb654, 0xbfffb670, 0x38203131) = 2
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++


------ backtrace -------
#0  str_in_list (idl=0x74564d73,
    str=0xbfffb690 "8389_0_2890_1347_2248_0_1234_7483_2506326049_oSObkYn4Ur5HQV7r2mDutBsIQs29pnxJ0QI10iq8A3Sb0pvJF0RrukbovBG6liUYs_RPrzlZWKWdBcSRxu6C2YmeFtT1eV3ufzzbuVa4C8WDI3AUO0qtlkxFQxKE9WHKmt08DcVGLVt1jQCxRjzzVRYTlOK"...,
    caseblind=0 '\0') at uid.c:353
#1  0x0804fe61 in pop3_fastuidl (sock=1449346104, ctl=0x74564c47,
    count=1129409073, newp=0x74564d73) at pop3.c:643
#2  0x30746d4b in ?? ()
#3  0x56634438 in ?? ()
#4  0x74564c47 in ?? ()
#5  0x43516a31 in ?? ()
#6  0x7a6a5278 in ?? ()
#7  0x5952567a in ?? ()
#8  0x4b4f6c54 in ?? ()
#9  0x4d4b6e50 in ?? ()
#10 0x0000002d in ?? ()
#11 0x00000000 in ?? ()
#12 0x0805a700 in sigchld_handler () at daemon.c:83
Previous frame inner to this frame (corrupt stack?)

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (650, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-p4.20050217
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)

Versions of packages fetchmail depends on:
ii  adduser                     3.59         Add and remove users and groups
ii  base-files                  3.1.2        Debian base system miscellaneous f
ii  debconf                     1.4.45       Debian configuration management sy
ii  debianutils                 2.11.2       Miscellaneous utilities specific t
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7e-3     SSL shared libraries

-- debconf information:
* fetchmail/confwarn:
* fetchmail/initdefaultswarn:
* fetchmail/systemwide: true
* fetchmail/runasroot: false



Severity set to `grave'. Request was from Nico Golde <nico@ngolde.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Matthias Andree <matthias.andree@gmx.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #69 received at 212762@bugs.debian.org (full text, mbox):

From: Matthias Andree <matthias.andree@gmx.de>
To: 212762@bugs.debian.org
Subject: This has been assigned CVE Name: CAN-2005-2335
Date: Thu, 21 Jul 2005 10:25:20 +0200
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335>

-- 
Matthias Andree



Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nico@ngolde.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #74 received at 212762@bugs.debian.org (full text, mbox):

From: Nico Golde <nico@ngolde.de>
To: Matthias Andree <matthias.andree@gmx.de>, 212762@bugs.debian.org
Subject: Re: Bug#212762: This has been assigned CVE Name: CAN-2005-2335
Date: Thu, 21 Jul 2005 11:16:22 +0200
Hi,
* Matthias Andree <matthias.andree@gmx.de> [2005-07-21 10:57]:
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335>

the link you gave does not work.
regards nico
-- 
Nico Golde - JAB: nion@jabber.ccc.de | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org 
VIM has two modes - the one in which it beeps 
and the one in which it doesn't -- encrypted mail preferred



Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nico@ngolde.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.

Your message did not contain a Subject field. They are recommended and useful because the title of a Bug is determined using this field. Please remember to include a Subject field in your messages in future.

Full text and rfc822 format available.


Message #79 received at 212762@bugs.debian.org (full text, mbox):

From: Nico Golde <nico@ngolde.de>
To: 212762@bugs.debian.org
Cc: control@bugs.debian.org
Date: Thu, 21 Jul 2005 13:36:58 +0200
tags 212762 + pending security
Hi,
the bug offers a remote exploitation of fetchmail with a
manipulated pop3 server.
The CAN is:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335

Until it is available on the website you can have a look at:
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
All versions in debian apart from oldstable are affected.
I will upload a new package as soon as possible. Mail to
security-team sent.
Regards Nico

-- 
Nico Golde - JAB: nion@jabber.ccc.de | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org 
VIM has two modes - the one in which it beeps 
and the one in which it doesn't -- encrypted mail preferred



Tags added: pending, security Request was from Nico Golde <nico@ngolde.de> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Lucas Wall <lwall@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Ross Boylan <RossBoylan@stanfordalumni.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #86 received at 212762-close@bugs.debian.org (full text, mbox):

From: Lucas Wall <lwall@debian.org>
To: 212762-close@bugs.debian.org
Subject: Bug#212762: fixed in fetchmail 6.2.5-15
Date: Thu, 21 Jul 2005 13:02:37 -0400
Source: fetchmail
Source-Version: 6.2.5-15

We believe that the bug you reported is fixed in the latest version of
fetchmail, which is due to be installed in the Debian FTP archive:

fetchmail-ssl_6.2.5-15_all.deb
  to pool/main/f/fetchmail/fetchmail-ssl_6.2.5-15_all.deb
fetchmail_6.2.5-15.diff.gz
  to pool/main/f/fetchmail/fetchmail_6.2.5-15.diff.gz
fetchmail_6.2.5-15.dsc
  to pool/main/f/fetchmail/fetchmail_6.2.5-15.dsc
fetchmail_6.2.5-15_i386.deb
  to pool/main/f/fetchmail/fetchmail_6.2.5-15_i386.deb
fetchmailconf_6.2.5-15_all.deb
  to pool/main/f/fetchmail/fetchmailconf_6.2.5-15_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 212762@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lucas Wall <lwall@debian.org> (supplier of updated fetchmail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 21 Jul 2005 13:25:10 -0300
Source: fetchmail
Binary: fetchmailconf fetchmail-ssl fetchmail
Architecture: source i386 all
Version: 6.2.5-15
Distribution: unstable
Urgency: high
Maintainer: Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>
Changed-By: Lucas Wall <lwall@debian.org>
Description: 
 fetchmail  - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
 fetchmail-ssl - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
 fetchmailconf - fetchmail configurator
Closes: 212762
Changes: 
 fetchmail (6.2.5-15) unstable; urgency=high
 .
   * Nico Golde:
     - fixed buffer overrun in pop3 UIDs handling CAN-2005-2335
       http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
       (closes: #212762)
Files: 
 8911c7350a00e2dfa9d4dd3a3a0b44c3 818 mail optional fetchmail_6.2.5-15.dsc
 c9cbcab2586b83f88e4c11017f018782 134079 mail optional fetchmail_6.2.5-15.diff.gz
 e6a55132dd5061695938ab12fe1c2444 101556 mail optional fetchmailconf_6.2.5-15_all.deb
 9e26c70d872dee8d3f30470ce83174f5 42522 mail optional fetchmail-ssl_6.2.5-15_all.deb
 d7a27eacf72669ef78ba03b32a91d6b1 547014 mail optional fetchmail_6.2.5-15_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC39F4vJtHM4T7RtYRAq4DAKCj+/9QitI2FdNx6fOQ1gO4uN+O1wCeJ1ix
UdMdbMYp4WrszoQgeiMoLmo=
=PJl0
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>:
Bug#212762; Package fetchmail. Full text and rfc822 format available.

Acknowledgement sent to Matthias Andree <matthias.andree@gmx.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #91 received at 212762@bugs.debian.org (full text, mbox):

From: Matthias Andree <matthias.andree@gmx.de>
To: 212762@bugs.debian.org
Subject: fetchmail 6.2.5.1 found to be faulty, 6.2.5.2 released.
Date: Fri, 22 Jul 2005 04:57:23 +0200
The fetchmail update patch 6.2.5.1 was found to be faulty by Miloslav
Trmac, it contains a denial of service vulnerability. For details, see
<http://lists.berlios.de/pipermail/fetchmail-devel/2005-July/000397.html>

I have uploaded fetchmail-patch-6.2.5.2.gz to
<http://developer.berlios.de/project/showfiles.php?group_id=1824> which
contains a much simpler fix that Ludwig Nussel of SUSE Security has
provided.

I have updated the security announcement at
<http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt> to version 1.01.

-- 
Matthias Andree



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 03:55:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 06:26:12 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.