[dovecot/core] b804e2: lib-imap-urlauth: Don't access freed memory on err...

GitHub noreply at github.com
Tue Sep 13 15:00:15 UTC 2016 

  Branch: refs/heads/master
  Home:   https://github.com/dovecot/core
  Commit: b804e2b1744ef1616626dd7b8b8ff6cb83cfb2df
      https://github.com/dovecot/core/commit/b804e2b1744ef1616626dd7b8b8ff6cb83cfb2df
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-imap-urlauth/imap-urlauth-connection.c

  Log Message:
  -----------
  lib-imap-urlauth: Don't access freed memory on errors.


  Commit: 262eeae35ee285981b37294628ec8d054daa1b23
      https://github.com/dovecot/core/commit/262eeae35ee285981b37294628ec8d054daa1b23
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-dict/dict-file.c

  Log Message:
  -----------
  dict-file: Don't leak a lock on temp file creation failure.


  Commit: 67a0f9eecf3f0f351afaf2f675fded998312a6fc
      https://github.com/dovecot/core/commit/67a0f9eecf3f0f351afaf2f675fded998312a6fc
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/plugins/fts-squat/squat-uidlist.c

  Log Message:
  -----------
  fts-squat: Fixed memory leak on corrupted uidlist handling


  Commit: e87393d3a562cdbc3fd0b346d57612808175f420
      https://github.com/dovecot/core/commit/e87393d3a562cdbc3fd0b346d57612808175f420
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-sql/driver-pgsql.c

  Log Message:
  -----------
  pgsql: Fixed clearing sql_commit_result.error_type

error was correctly set to NULL with the earlier memset(), but error_type
may have been garbage. This shouldn't have caused any actual problems.


  Commit: 9474b66acc57ad89538328d6fbb89a81c3decd94
      https://github.com/dovecot/core/commit/9474b66acc57ad89538328d6fbb89a81c3decd94
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-test/test-common.c

  Log Message:
  -----------
  lib-test: Fixed NULL pointer dereference when using --enable-static-checker


  Commit: 79fff45046397ba48c8693d5f37a1fd93096987f
      https://github.com/dovecot/core/commit/79fff45046397ba48c8693d5f37a1fd93096987f
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-storage/mail-storage-service.c

  Log Message:
  -----------
  lib-storage: Fix potential crash when userdb-returns "key+=value" for a nonexistent setting.

type would have also happened to be initialized to SET_STR for the crash to
happen.


  Commit: 3177b410680f3915549719f84a4acbffd4f9c561
      https://github.com/dovecot/core/commit/3177b410680f3915549719f84a4acbffd4f9c561
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-dcrypt/dcrypt-openssl.c
    M src/lib-storage/index/dbox-common/dbox-save.c
    M src/lib-storage/list/mailbox-list-iter.c
    M src/lib-storage/mail-storage.c
    M src/plugins/fts-squat/squat-trie.c

  Log Message:
  -----------
  Removed dead code to make static analyzer happier.


  Commit: abb404575a238f27ea03b6049880f30f1656ddc4
      https://github.com/dovecot/core/commit/abb404575a238f27ea03b6049880f30f1656ddc4
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-fs/fs-posix.c
    M src/lib-index/mailbox-log.c
    M src/lib-stats/stats-connection.c
    M src/lib-storage/index/imapc/imapc-mail.c
    M src/lib/istream-file.c
    M src/login-common/login-proxy-state.c
    M src/plugins/fts/fts-api.c
    M src/plugins/virtual/virtual-mail.c

  Log Message:
  -----------
  Added asserts to make static analyzer happier.


  Commit: c8a54e1bb71d9f3cee6935f1ca5067b9fa8e1ee3
      https://github.com/dovecot/core/commit/c8a54e1bb71d9f3cee6935f1ca5067b9fa8e1ee3
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/auth/auth-policy.c

  Log Message:
  -----------
  auth: Explicitly ignore return value to make static analyzer happier.


  Commit: 3c30113d275819d3ec946e327401241b8d2797db
      https://github.com/dovecot/core/commit/3c30113d275819d3ec946e327401241b8d2797db
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/auth/auth-request.c

  Log Message:
  -----------
  auth: Make sure auth_request_log_info() doesn't crash when there are no passdbs

auth_request_is_disabled_master_user() could have caused such crash.


  Commit: 4598234b354e4f43bdc5855d96be2854e6cdeb98
      https://github.com/dovecot/core/commit/4598234b354e4f43bdc5855d96be2854e6cdeb98
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-dict/dict-client.c

  Log Message:
  -----------
  dict-client: Don't crash if dict-server returns broken reply.

Just treat missing <tab>value as empty value.


  Commit: 5525765548dda226c3b4432228d2fb1a9c7549d9
      https://github.com/dovecot/core/commit/5525765548dda226c3b4432228d2fb1a9c7549d9
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/doveadm/doveadm-print.c

  Log Message:
  -----------
  doveadm: Don't allow doveadm_print_header(title==NULL) anymore.

It's not used anywhere, and if it was used it would have crashed with at
least "tab" backend.


  Commit: d4361f37b24057f615db6fc55aca0dc2b5d7444e
      https://github.com/dovecot/core/commit/d4361f37b24057f615db6fc55aca0dc2b5d7444e
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-master/ipc-server.c

  Log Message:
  -----------
  lib-master: Fixed memory leak when IPC server is handling commands.

This mainly meant that when login processes responded to doveadm proxy
list/kick commands memory was leaked.


  Commit: 6b32b849af6e0aeb7106103b758757ffa69b2b71
      https://github.com/dovecot/core/commit/6b32b849af6e0aeb7106103b758757ffa69b2b71
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/lib-lda/lmtp-client.c

  Log Message:
  -----------
  lib-lda: Cleanup error handling in LMTP client code.

If there are no successful recipients, we'll need to deinit the client.
But at that point we've already called all the callbacks, so the line
parameter to lmtp_client_fail_full() isn't actually used anywhere.
This was confusing static analyzer because global_fail_string was used
as parameter, which could have been NULL and wouldn't have been valid
for the callbacks.


  Commit: 5bfda550bd63d34365db650232e7a618f3cbeae7
      https://github.com/dovecot/core/commit/5bfda550bd63d34365db650232e7a618f3cbeae7
  Author: Timo Sirainen <timo.sirainen at dovecot.fi>
  Date:   2016-09-13 (Tue, 13 Sep 2016)

  Changed paths:
    M src/doveadm/doveadm-auth.c

  Log Message:
  -----------
  doveadm-auth: Handle unexpected auth "continue" request without crashing.


Compare: https://github.com/dovecot/core/compare/c46d97e6a26a...5bfda550bd63

More information about the dovecot-cvs mailing list