Closed Bug 765897 Opened 12 years ago Closed 8 years ago

Insufficient salting of Message-IDs

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 45.0

People

(Reporter: mnyromyr, Unassigned)

References

Details

(Whiteboard: [fixed by bug 902580]) 

nsMsgCompUtils.cpp::msg_generate_message_id calls  GenerateGlobalRandomBytes to fill PRUInt32 salt. But GenerateGlobalRandomBytes will fill these 4 bytes only with values between 0 and 9, effectively creating only 10000 different salts!

Given that we usually use the email address domain as the FQDN, this means that message-id collisions are way too likely, especially for big freemail providers like GMail and others.
To make it clear: this means that only 10000 mails written in the same second with the same domain will cause a message-id collision.
We should probably start generating longer message ids (too). It seems some servers think they are too short and add data to them which means threading breaks. I've especially noticed this with list mails from Wayne.
Fixed by bug 902580.
Status: NEW → RESOLVED
Closed: 8 years ago
Depends on: 902580
Resolution: --- → FIXED
Whiteboard: [fixed by bug 902580]
Target Milestone: --- → Thunderbird 45.0
You need to log in before you can comment on or make changes to this bug.