The following issue has been RESOLVED. ====================================================================== http://www.dbmail.org/mantis/view.php?id=829 ====================================================================== Reported By: pschmiel Assigned To: paul ====================================================================== Project: DBMail Issue ID: 829 Category: IMAP daemon Reproducibility: always Severity: crash Priority: normal Status: resolved target: Resolution: fixed Fixed in Version: 2.3.7 ====================================================================== Date Submitted: 12-Jan-10 21:15 CET Last Modified: 14-Jan-10 16:53 CET ====================================================================== Summary: SIGSEGV on imap login with roundcube webmail Description: Trying to login with roundcube webmail on the current GIT head build results in a segfault. Here's the GDB backtrace:
http://www.dbmail.org/mantis/view.php?id=0 0x00007f652c9862d6 in strncmp () from /lib/libc.so.6 http://www.dbmail.org/mantis/view.php?id=1 0x00007f6528fb5b74 in auth_validate (ci=0x161a3d0, username=<value optimized out>, password=0x0, user_idnr=0x45932060) at authsql.c:387 http://www.dbmail.org/mantis/view.php?id=2 0x0000000000411677 in dbmail_imap_session_handle_auth (self=0x160eed0, username=0x1617e80 "blabla_some_md5hash_bla_replaced_for_sec", password=0x20 <Address 0x20 out of bounds>) at dbmail-imapsession.c:1186 http://www.dbmail.org/mantis/view.php?id=3 0x000000000040f894 in _ic_authenticate_enter (D=0x165b0e0) at imapcommands.c:208 http://www.dbmail.org/mantis/view.php?id=4 0x00007f652da5fa07 in ?? () from /usr/lib/libglib-2.0.so.0 http://www.dbmail.org/mantis/view.php?id=5 0x00007f652da5e474 in ?? () from /usr/lib/libglib-2.0.so.0 http://www.dbmail.org/mantis/view.php?id=6 0x00007f652c6f5fc7 in start_thread () from /lib/libpthread.so.0 http://www.dbmail.org/mantis/view.php?id=7 0x00007f652c9da5ad in clone () from /lib/libc.so.6 http://www.dbmail.org/mantis/view.php?id=8 0x0000000000000000 in ?? () ====================================================================== ---------------------------------------------------------------------- (0002975) pschmiel (reporter) - 13-Jan-10 16:39 http://www.dbmail.org/mantis/view.php?id=829#c2975 ---------------------------------------------------------------------- sigsegv only occures with roundcube webmail >= 0.3.1 ---------------------------------------------------------------------- (0002976) pschmiel (reporter) - 13-Jan-10 17:56 http://www.dbmail.org/mantis/view.php?id=829#c2976 ---------------------------------------------------------------------- after debugging a little bit i figured out that it's not a problem with roundcube. the segfault occures when a client log in using "AUTH" aka "CRAM-MD5" ---------------------------------------------------------------------- (0002977) pschmiel (reporter) - 13-Jan-10 18:10 http://www.dbmail.org/mantis/view.php?id=829#c2977 ---------------------------------------------------------------------- reproducible with thunderbird using CRAM-MD5 ---------------------------------------------------------------------- (0002978) jasb (reporter) - 13-Jan-10 18:38 http://www.dbmail.org/mantis/view.php?id=829#c2978 ---------------------------------------------------------------------- It's strange, it doesn't happen to me. Do you have all your libraries updated? libgmime2.4 libmhash libevent libglib ---------------------------------------------------------------------- (0002979) pschmiel (reporter) - 13-Jan-10 18:43 http://www.dbmail.org/mantis/view.php?id=829#c2979 ---------------------------------------------------------------------- all libs are in the version provided by the debian lenny apt sources. as a temporary "fix" I've removed AUTH=CRAM-MD5 from the capabilitys string. ---------------------------------------------------------------------- (0002980) pschmiel (reporter) - 13-Jan-10 20:38 http://www.dbmail.org/mantis/view.php?id=829#c2980 ---------------------------------------------------------------------- after further debugging it showed that the content of the self->arg[] fields containing the username and password that's handled over to dbmail_imap_session_handle_auth() are NULL ---------------------------------------------------------------------- (0002981) pschmiel (reporter) - 13-Jan-10 21:03 http://www.dbmail.org/mantis/view.php?id=829#c2981 ---------------------------------------------------------------------- Here are several other infos: imtest output: S: * OK imap 4r1 server (dbmail 2.3.7) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=CRAM-MD5 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE S: C01 OK CAPABILITY completed C: A01 AUTHENTICATE CRAM-MD5 S: + MTI2MzQxMjc1Ny4xMTQyNy4wQChub25lKQ== Please enter your password: C: c2NobWllbCAwN2M5OTdjZWJkMjJlNmMxMmYzYTU2YmUzZjQ1ZDg0Zg== failure: prot layer failure dbmail debug log: [0xe708e0] Debug:[clientbase] ci_read_cb(+358): read [27:A01 AUTHENTICATE CRAM-MD5] [0xe708e0] Debug:[clientbase] ci_read_cb(+362): [0x1312a70] state [1] read_buffer->len[27] [0xe708e0] Debug:[imap] imap_handle_input(+340): [0xece640] parser_state [0] command_state [0] [0xe708e0] Debug:[imap] imap_handle_input(+380): [0xece640] ci_read(ln) returned [27] [0xe708e0] Debug:[imap] imap4_tokenizer_main(+1917): [0xece640] tokenize [11/0] [ CRAM-MD5] [0xe708e0] Debug:[imap] imap_handle_input(+380): [0xece640] ci_read(ln) returned [0] [0xe708e0] Debug:[imap] socket_write_cb(+141): [0xece640] what [4] state [1] command_state [0] [0xe708e0] Debug:[imap] imap_handle_input(+340): [0xece640] parser_state [0] command_state [0] [0xe708e0] Debug:[imap] imap_handle_input(+352): [0xece640] read buffer empty [0xe708e0] Debug:[imap] imap_cb_read(+176): reading... [0xe708e0] Debug:[clientbase] ci_read_cb(+327): [0x1312a70] reset timeout [60] [0xe708e0] Debug:[clientbase] ci_read_cb(+358): read [58:c2NobWllbCAwN2M5OTdjZWJkMjJlNmMxMmYzYTU2YmUzZjQ1ZDg0Zg==] [0xe708e0] Debug:[clientbase] ci_read_cb(+362): [0x1312a70] state [1] read_buffer->len[58] [0xe708e0] Debug:[imap] imap_handle_input(+340): [0xece640] parser_state [0] command_state [0] [0xe708e0] Debug:[imap] imap_handle_input(+380): [0xece640] ci_read(ln) returned [58] [0xe708e0] Debug:[imap] imap4_tokenizer_main(+1917): [0xece640] tokenize [58/0] [c2NobWllbCAwN2M5OTdjZWJkMjJlNmMxMmYzYTU2YmUzZjQ1ZDg0Zg==] [0xe708e0] Debug:[misc] dm_base64_decode(+2290): [40:c2NobWllbCAwN2M5OTdjZWJkMjJlNmMxMmYzYTU2YmUzZjQ1ZDg0Zg==]->[schmiel 07c997cebd22e6c12f3a56be3f45d84f] [0xe708e0] Debug:[imap] imap4_tokenizer_main(+2113): [0xece640] tag: [A01], command: [AUTHENTICATE], [2] args [0xe708e0] Debug:[imap] imap4_tokenizer_main(+2117): [0xece640] arg[0]: 'CRAM-MD5' [0xe708e0] Debug:[imap] imap4_tokenizer(+544): parser_state: [1] [0xe708e0] Debug:[server] dm_thread_data_push(+113): [0x14537c0] [0xece640] [0xe708e0] Debug:[imap] imap_handle_input(+409): imap4 returned [0] [0xec3940] Debug:[server] dm_thread_dispatch(+154): data[0x14537c0], user_data[(nil)] [0xec3940] Debug:[db] db_use_usermap(+755): enabling usermap lookups [0xec3940] Debug:[db] db_usermap_resolve(+2987): checking userid [schmiel] in usermap [0xec3940] Debug:[db] db_usermap_resolve(+2993): client on inet socket [inet:::ffff:188.40.87.175:143] [0xec3940] Debug:[db] db_usermap_resolve(+3039): login [schmiel] not found in usermap [0xec3940] Debug:[auth] auth_validate(+388): validating using MD5 digest comparison *crash* ---------------------------------------------------------------------- (0002982) paul (administrator) - 14-Jan-10 14:33 http://www.dbmail.org/mantis/view.php?id=829#c2982 ---------------------------------------------------------------------- You are using MD5 encrypted passwords. You can't use CRAM-MD5 unless passwords are stored in plain text. Still, the server should not crash in this case... ---------------------------------------------------------------------- (0002983) paul (administrator) - 14-Jan-10 16:53 http://www.dbmail.org/mantis/view.php?id=829#c2983 ---------------------------------------------------------------------- Bug fixed in the master branch. We still need to deal with removing AUTH=CRAM-MD5 from the CAPABILITIES response after authentication fails due to encrypted password storage, but that's another bug. Issue History Date Modified Username Field Change ====================================================================== 12-Jan-10 21:15 pschmiel New Issue 12-Jan-10 21:16 pschmiel Issue Monitored: pschmiel 12-Jan-10 21:21 jasb Issue Monitored: jasb 13-Jan-10 16:39 pschmiel Note Added: 0002975 13-Jan-10 16:39 pschmiel Note Edited: 0002975 13-Jan-10 17:56 pschmiel Note Added: 0002976 13-Jan-10 18:10 pschmiel Note Added: 0002977 13-Jan-10 18:38 jasb Note Added: 0002978 13-Jan-10 18:43 pschmiel Note Added: 0002979 13-Jan-10 18:45 pschmiel Note Added: 0002980 13-Jan-10 20:38 pschmiel Note Edited: 0002980 13-Jan-10 21:03 pschmiel Note Added: 0002981 14-Jan-10 14:33 paul Note Added: 0002982 14-Jan-10 16:53 paul Note Added: 0002983 14-Jan-10 16:53 paul Assigned To => paul 14-Jan-10 16:53 paul Status new => resolved 14-Jan-10 16:53 paul Resolution open => fixed 14-Jan-10 16:53 paul Fixed in Version => 2.3.7 ====================================================================== _______________________________________________ Dbmail-dev mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev
