2009-06-04

php-imap extension == evil

The Problem

The PHP IMAP extension relies on University of Washington's libc-client IMAP library which appears to be written by kindergarteners. After some review of the source code, UW's IMAP client library appears to have extensive, serious security and stability problems at very fundamental levels.

I'm seeing segfaults (buffer overflows) performing simple operations like fetching attachments. Some attachments work fine but others fail; larger files especially. There are bug reports and CVE entries related to similar issues. However, upgrading to the supposed "fixed" versions of everything does not make any difference for my specific issue. It does fix some other issues related to this. (i.e. the exact same programming errors that appear to affect thousands of lines of code in the UW client.)

The Solution

Use one of the many native IMAP class library. My choice would be Zend_Mail as we use Zend Framework extensively here at work. Zend_Mail supports a number of other mail protocols in addition to IMAP. MIME type support is likely much better than other options. The other logical choice would be Pear Net_IMAP.

Labels: , , ,

- posted by David L Norris @ 18:14 [Permanent link]
2008-07-20

Web Development Resources

I have been working on a web development resources listing for tools and services I use every day.

It can be found at: http://sites.google.com/a/webaugur.com/web-development

Labels: , , ,

- posted by David L Norris @ 07:38 [Permanent link]
2006-10-22

Insight/GDB debugger for Windows on Linux

I needed a debugger for Windows applications which runs on Linux. After some digging around I've found that the MinGW project is maintaining the Insight debugger from the old Red Hat GNUPro Toolkit. Insight is a graphical front-end for GDB (GNU Debugger). That's exactly what I need. But I need the Windows version and I need it running on Linux.

So I've made a package named mingw32-insight for use with Debian-based Linux distributions. There's a native build of Insight provided by Debian, also. My package is wrapped in such a way that it works with the CodeBlocks::IDE development environment, also. You can find instructions on how to add a Linux to Windows cross-compiler configuration for CodeBlocks in the forums. You can install my mingw32-insight package and skip steps 7, 8, 9, 10 and 11 in the above forum posting. My package does all of that for you. My package also adds "Insight for 32-bit Windows" to your Applications -> Programming menu on the desktop.

Who knows how well this works in general. Its quite possible one could run into problems due to missing features in WINE's implementation of Microsoft Windows. But its better than nothing and exactly what I need.

Labels: , ,

- posted by Augur @ 00:22 [Permanent link]