Opened 5 years ago

Closed 5 years ago

#1486798 closed Bugs (fixed)

First mail in inbox is displayed wrong

Reported by: Mechanix Owned by:
Priority: 1 - Highest Milestone: 0.4-stable
Component: Security Version: 0.4-beta
Severity: critical Keywords:
Cc:

Description

Hi,

i use the latest 0.4 Beta version and have a couple of IMAPS accounts. What i´ve noticed is: the first mail in the inbox is wrong. When i click on the mail it displays a complete different content from another mail account! Only when i double click on the mail the right content is shown.
This is a very severe security issue here. I hope you can fix this bug as soon as possible.
Thank you.

Attachments (2)

imap.log (90.7 KB) - added by Mechanix 5 years ago.
imap_fetch.log (12.8 KB) - added by Mechanix 5 years ago.

Download all attachments as: .zip

Change History (13)

comment:1 Changed 5 years ago by alec

  • Milestone changed from later to 0.4-stable

We need more info. Try svn-trunk version. What PHP/IMAP? Enable imap_debug and attach logs/imap here. Are you using some proxies?

comment:2 Changed 5 years ago by Mechanix

Hi thank you for your reply.
This are the versions i use:
PHP Version 5.2.6
courier-imap-4.1.3-1

Yes i am behind a proxy at the moment. I´ll try to reproduce this at home later and provide the needed information. Thank you

Changed 5 years ago by Mechanix

comment:3 Changed 5 years ago by Mechanix

I´m sorry i use dovecot-1.0.10-0_66 as a imap server. Attached is the logfile. The message id 01716F6941B80F46975EE95C9675479201C2C14 is the one which is wrong. I see the content from a mail from another account. Has this something got to do with a sort of caching, maybe from js?

Kind regards,

Chris

comment:4 Changed 5 years ago by Mechanix

OK, this doesn´t occur only on the first message. I´ve just noticed this on a couple of messages in the inbox.

comment:5 Changed 5 years ago by alec

Please, check the log from the moment when you select the message. I don't see this in the log. Also it doesn't looks like 0.4. What http proxy are you using? Also please attach a log from the moment when you're clicking on the folder, something is strange in the log (probably not related to this issue).

Changed 5 years ago by Mechanix

comment:6 Changed 5 years ago by Mechanix

No, this is 0.4b. I´ve noticed that this issue doesn´t occur when not behind a proxy. We have here a caching proxy from Bluecoat. Attached is the logfile from the moment i´ve double clicked the message.

comment:7 follow-up: Changed 5 years ago by alec

  • Component changed from Core functionality to Security issue

So, there's a bug in send_nocaching_headers(). Wrong headers are sent when using https.

comment:8 in reply to: ↑ 7 Changed 5 years ago by Mechanix

Replying to alec:

So, there's a bug in send_nocaching_headers(). Wrong headers are sent when using https.

Is this a function in RC 04-beta?

comment:9 Changed 5 years ago by alec

Yes, but to fix this I'll need do some tests with Internet Explorer, so I'll try to fix this at home.

comment:10 Changed 5 years ago by Mechanix

Thank you so much for your quick reply.

comment:11 Changed 5 years ago by alec

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in [37e467d5], but this should be tested more and verified with Internet Explorer. You'll need probably to clear proxy's cache.

Note: See TracTickets for help on using tickets.