XADM: A Certain Pattern in Address Fields in SMTP Messages Causes Information Store to Crash

ID: Q231748


The information in this article applies to:


SYMPTOMS

The Microsoft Exchange Server Information Store service stops responding (crashes) when processing a message from the Internet.


The call stack when the crash occurs is similar to the following:


FramePtr  RetAddr   Param1   Param2   Param3   Function Name
06ebf654  004fb02e  0716cb2c fffff45c 0716bf95 STORE!CmcvtrHdr::ulSkipComment+0x15
06ebf670  004fae3c  0716cb2c fffff45c 0716d348 0x004fb02e
06ebf6ac  00466328  00000000 fffffff3 00000000 STORE!CmcvtrHdrAddress::HrExtractAddress+0x95402
06ebf740  004b817b  0716b5a8 0716cdd8 0716bf7f STORE!CmcvtrHdrAddress::HrExtractRecips+0x13a
06ebf75c  004284db  0716b5a8 0716cdd8 0716bf7f STORE!CmcvtrHdrCc::hrExtract+0x20
06ebf78c  0045d431  0716af31 00000162 06ebf7b4 STORE!CINETextr::hrExtract+0x73
0716b400  00fd2eb8  00000001 00688cd8 0716ab18 STORE!CConvertStream::Write+0x69 


CAUSE

The following process illustrates how this behavior occurs:

  1. CmcvtrHdrAdress::HrExtractRecips is called to extract the To and Cc recipients.


  2. A comment in the Address field is excluded by the DeleteHeaderComments function, but the function deletes the comment in place and does not clear the rest of field. So garbage remains in the field. For example,


  3. "mchiba (M,Chiba); "
    becomes
    "mchiba ; ,Chiba); "
  4. HrExtractRecips calls HrExtractAddress to extract an address from the header.


  5. In HrExtractAddress, the code mishandles the end of field, and cbEOH becomes -1.



RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Microsoft Exchange Server version 5.5 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp
The English version of this fix should have the following file attributes or later:

Component: Information Store





File name Version
Store.exe 5.5.2607.0
Mdbmsg.dll 5.5.2607.0
Gapi32.dll 5.5.2607.0
Netif.dll 5.5.2607.0
Dsamain.exe 5.5.2607.0


NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:
Q154871 Determining If You Are Eligible for No-Charge Technical Support


STATUS

Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5.

Additional query words:


Keywords          : exc55 
Version           : winnt:5.5
Platform          : winnt 
Issue type        : kbbug 

Last Reviewed: July 12, 1999