auth-policy crashing

[James via dovecot]

My auth process is dumping core.  This happens several times per day but 
dovecot can operate normally for hours between errors.

The crash occurs in src/auth/auth-policy.c, line 356:
t@1 (l@1) program terminated by signal SEGV (no mapping at the fault 
address)
Current function is auth_policy_parse_response
  356           context->request->policy_refusal = FALSE;

...context->request is null.  Add markers to the code...

    }
    if (context->request == NULL) fprintf(stderr, 
"2222222222222222222222222222 context->request == NULL\n");
    i_stream_unref(&context->payload);

    if (context->request == NULL) fprintf(stderr, 
"1111111111111111111111111111 context->request == NULL\n");
    if (context->parse_error) {
        context->result = (context->set->policy_reject_on_fail ? -1 : 0);
    }

    if (context->request == NULL) fprintf(stderr, 
"AAAAAAAAAAAAAAAAAAAAAAAAAAAA context->request == NULL\n");
    context->request->policy_refusal = FALSE;

    if (context->result < 0) {

...gives at the time of the crash...

Aug  1 14:25:44 mailhost dovecot: [ID 702911 mail.error] auth: Error: 
1111111111111111111111111111 context->request == NULL
Aug  1 14:25:44 mailhost dovecot: [ID 702911 mail.error] auth: Error: 
AAAAAAAAAAAAAAAAAAAAAAAAAAAA context->request == NULL

...so context->result is not null before the call (no 222) to 
i_stream_unref but is after.



dovecot.conf has:

auth_policy_server_url = http://policyserver.lan/
auth_policy_server_timeout_msecs = 3000
auth_policy_hash_nonce = Ohr9phaeSeip2Pahaez2raiGohxoo5Ia
auth_policy_request_attributes = remote=%{rip}
auth_policy_check_before_auth = yes
auth_policy_check_after_auth = yes
auth_policy_report_after_auth = yes


To simplify the problem I used a dummy policy server, in nginx.conf:

    location / {
        default_type  application/json;
        return 200 "{\"status\":0,\"msg\":\"accepted\"}";
    }

however no matter what rubbish a policy server sends back it should not 
cause dovecot to crash.

I've tried 32 and 64 bit and two compilers (gcc and SunStudio), all 
result in crashes.  Adding:
    keepalive_timeout 0;
...to nginx.conf appears to reduce the crashes.  It happens with a 
variety of users and with debug output I see no pattern.



James.