Outlook Express Win98 bug Miquel van Smoorenburg (miquels@CISTRON.NL) Tue, 11 May 1999 10:58:41 +0200 There is a bug in Outlook Express delivered with Windows '98, at least version 4.72.3110.1 (4.01 SP1) and 4.72.3120.0 (4.01 SP1 + oepatsp1) Windows '95 updated with MSIE 4.01 has Outlook Express 4.72.3612.1700, which doesn't show the problem. OE from MSIE3 and MSIE5 don't have the problem either. There might be versions of MSIE4 included with Windows '98 that don't show the problem either, but I don't have a stack of Windows CDs to test against. We have talked to Microsoft NL about this, tracking number S2134 T6142. However they either deny there is a bug ("sorry sir, this product has been available for a year now so there cannot be any bugs in it") or they do not understand what we are talking about. They also claim to have not received any mail we sent to them, so I am giving up on that. We did send them this bug report by fax, perhaps that technology is stable enough to work for them, I don't know. Description of the problem: A dot on a single line means EOM in the POP3 protocol. If a message contains that it must be escaped by adding an extra dot, so we have 2 dots on a single line - which is OK. However if on the TCP level the line after this double-dot crosses over to the next packet, Outlook Express will interpret the double-dot as a single dot, switching back to POP3 command mode and interpreting the rest of the message as a response from the POP3 server. Result is an error message and usually a hanging POP3 session. Perhaps it's not really a bug in Outlook, but the Windows I/O library or the TCP implementation.. which is scary. So at the TCP packet level it looks like this: packet1: [message data] packet1: \r\n..\r\nthis is a line that packet2: continues in the next packet The double-dot on the 2nd line will be interpreted as a single dot. Include a few thousand lines like this in an email and the bug will trigger: So . this . might . actually . cause . the . bug . with . some . luck . repeat . until . three . times . max . mtu . of . 1500 Mike. -- Indifference will certainly be the downfall of mankind, but who cares? ------------------------------------------------------------------------------ Outlook Express Win98 bug, addition. Miquel van Smoorenburg (miquels@CISTRON.NL) Wed, 12 May 1999 10:59:46 +0200 In article , Miquel van Smoorenburg wrote: >There is a bug in Outlook Express delivered with Windows '98, at least >version 4.72.3110.1 (4.01 SP1) and 4.72.3120.0 (4.01 SP1 + oepatsp1) [...] >Outlook >Express will interpret the double-dot as a single dot, switching back to >POP3 command mode and interpreting the rest of the message as a response >from the POP3 server. Result is an error message and usually a hanging >POP3 session. It occured to me that it might not be clear from the original message but because the POP3 session is hanging, the message will not be removed from the server and the next time mail is check the same thing will occur. This is an effective DOS attack against the mailbox. The only way to solve this is to remove the message with another POP3 email program (Eudora, Pegasus) or to ask the sysadmin of the POP3 server to remove the message manually (look for a message that has a line starting with a dot). Upgrading to MSIE 5.0 will also solve the problem, but there is no simple/small bugfix from Microsoft available (an MSIE 5.0 download is what - 20 MB at least?) yet for as far as I know. So, ISP helpdesks - take note. This is at least one of the causes of the problems all these people have been having with their "blocked mail". Mike. -- Indifference will certainly be the downfall of mankind, but who cares?