Denial of Service in pine 4.44

Author: Martin J. Muench

Date: 24 Jul 2002

-[ Product: Pine
-[ Version: 4.44
-[ OS: Unix
-[ Vendor: http://www.washington.edu/pine/

Summary

Pine crashes when opening a MIME encoded mail with an empty boundary.

Problem

The problem occurs when receiving a MIME encoded mail with empty boundary like following header:
...
Content-Type: multipart/mixed; boundary=""
Mime-Version: 1.0
...

Patches

This is the explanation of the maintainers:

"As for a patch that fixes this problem, such a fix already exists. The bug exists in the underlying c-client code, an update of which can be obtained at ftp://ftp.cac.washington.edu/imap/imap-2002.RC2.tar.Z. The contents of this file can be put in place of the "imap" directory in the pine distribution, after which building pine will make use of the new c-client code (consequently, you will need to change SET_DISABLEAUTOMATICSHAREDNAMESPACES to SET_DISABLEAUTOSHAREDNS in pine/pine.c)."