[Dovecot] imap-login: memory corruption

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Fri Jan 16 02:28:33 EET 2009


* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:

> > Are you also looking at what errors are in the valgrind log? It might
> > prevent the crashes. Does grep find any of:
> > 
> > Invalid free() / delete / delete[]
> > Invalid read of size
> > Invalid write of size
> > bytes inside a block of size
> 
> root at postamt:/tmp# egrep -i "(invalid|inside)" imap-login.*
> root at postamt:/tmp# 

Got one now:
Jan 16 01:04:42 postamt dovecot: child 10780 (login) returned error 1 (latest ip=84.191.241.127)

Looking at /tmp/imap-login.10780 (attached!) I get:

$ egrep -i "(invalid|inside)" /tmp/imap-login.10780 
==10780== Invalid write of size 1
==10780== Invalid write of size 1
==10780== Invalid write of size 1
==10780== Invalid write of size 1


-- 
Ralf Hildebrandt (Ralf.Hildebrandt at charite.de)          snickebo at charite.de
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
I work for an investment bank. I have dealt with code written by stock
exchanges. I have seen how the computer systems that store your money
are run. If I ever make a fortune, I will store it in gold bullion
under my bed.  
-------------- next part --------------
==10780== Memcheck, a memory error detector.
==10780== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==10780== Using LibVEX rev 1854, a library for dynamic binary translation.
==10780== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==10780== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==10780== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==10780== For more details, rerun with: -v
==10780== 
==10780== My PID = 10780, parent PID = 9832.  Prog and args are:
==10780==    /usr/local/libexec/dovecot/imap-login
==10780== 
==10780== Syscall param socketcall.sendmsg(msg.msg_iov[i]) points to uninitialised byte(s)
==10780==    at 0x4295D6C: sendmsg (in /usr/lib/debug/libc-2.7.so)
==10780==    by 0x804F3B6: master_request_login (master.c:87)
==10780==    by 0x8054416: auth_client_input_ok (auth-server-request.c:194)
==10780==    by 0x8053599: auth_client_input (auth-server-connection.c:136)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780==    by 0x804E839: main (main.c:484)
==10780==  Address 0xbea4c8be is on thread 1's stack
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40F09F7: BN_mod_inverse (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F48E0: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E93C1: BN_mod_exp_mont (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E9BBF: BN_mod_exp (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40EFA3F: BN_BLINDING_create_param (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410BD55: RSA_setup_blinding (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109A0C: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109F94: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40E7451: BN_div (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40ED531: BN_nnmod (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F130A: BN_mod_inverse (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F48E0: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E93C1: BN_mod_exp_mont (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E9BBF: BN_mod_exp (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40EFA3F: BN_BLINDING_create_param (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410BD55: RSA_setup_blinding (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109A0C: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109F94: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40E7451: BN_div (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4942: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E93C1: BN_mod_exp_mont (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E9BBF: BN_mod_exp (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40EFA3F: BN_BLINDING_create_param (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410BD55: RSA_setup_blinding (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109A0C: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109F94: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40F09F7: BN_mod_inverse (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F48E0: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x41097DD: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40E7451: BN_div (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4942: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x41097DD: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40F09F7: BN_mod_inverse (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F48E0: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410980D: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40E7451: BN_div (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4942: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410980D: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40F09F7: BN_mod_inverse (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F48E0: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109840: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40E7451: BN_div (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4942: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109840: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40F09F7: BN_mod_inverse (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F48E0: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4113D10: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4113821: DH_generate_key (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4045A4C: ssl3_send_server_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047997: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4051DDF: ssl23_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x40526D7: ssl23_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780== 
==10780== Conditional jump or move depends on uninitialised value(s)
==10780==    at 0x40E7451: BN_div (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4942: BN_MONT_CTX_set (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40F4C27: BN_MONT_CTX_set_locked (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4113D10: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4113821: DH_generate_key (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4045A4C: ssl3_send_server_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047997: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4051DDF: ssl23_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x40526D7: ssl23_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780== 
==10780== Invalid write of size 1
==10780==    at 0x4024984: memcpy (mc_replace_strmem.c:402)
==10780==    by 0x805B000: pool_system_clean_realloc (mempool-system-clean.c:149)
==10780==    by 0x804FC09: ssl_clean_realloc (ssl-proxy-openssl.c:729)
==10780==    by 0x40BC4C4: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40BCC0A: CRYPTO_realloc (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4129118: lh_delete (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x406472E: (within /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x406565F: ssl_get_prev_session (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404674F: ssl3_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404791F: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4051DDF: ssl23_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==  Address 0x4b2b77f is not stack'd, malloc'd or (recently) free'd
==10780== 
==10780== Invalid write of size 1
==10780==    at 0x402498C: memcpy (mc_replace_strmem.c:402)
==10780==    by 0x805B000: pool_system_clean_realloc (mempool-system-clean.c:149)
==10780==    by 0x804FC09: ssl_clean_realloc (ssl-proxy-openssl.c:729)
==10780==    by 0x40BC4C4: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40BCC0A: CRYPTO_realloc (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4129118: lh_delete (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x406472E: (within /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x406565F: ssl_get_prev_session (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404674F: ssl3_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404791F: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4051DDF: ssl23_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==  Address 0x4b2b77e is not stack'd, malloc'd or (recently) free'd
==10780== 
==10780== Invalid write of size 1
==10780==    at 0x4024995: memcpy (mc_replace_strmem.c:402)
==10780==    by 0x805B000: pool_system_clean_realloc (mempool-system-clean.c:149)
==10780==    by 0x804FC09: ssl_clean_realloc (ssl-proxy-openssl.c:729)
==10780==    by 0x40BC4C4: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40BCC0A: CRYPTO_realloc (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4129118: lh_delete (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x406472E: (within /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x406565F: ssl_get_prev_session (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404674F: ssl3_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404791F: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4051DDF: ssl23_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==  Address 0x4b2b77d is not stack'd, malloc'd or (recently) free'd
==10780== 
==10780== Invalid write of size 1
==10780==    at 0x402499E: memcpy (mc_replace_strmem.c:402)
==10780==    by 0x805B000: pool_system_clean_realloc (mempool-system-clean.c:149)
==10780==    by 0x804FC09: ssl_clean_realloc (ssl-proxy-openssl.c:729)
==10780==    by 0x40BC4C4: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40BCC0A: CRYPTO_realloc (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4129118: lh_delete (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x406472E: (within /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x406565F: ssl_get_prev_session (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404674F: ssl3_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x404791F: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4051DDF: ssl23_get_client_hello (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==  Address 0x4b2b77c is not stack'd, malloc'd or (recently) free'd

valgrind: m_mallocfree.c:194 (mk_plain_bszB): Assertion 'bszB != 0' failed.
==10780==    at 0x3801A41D: report_and_quit (m_libcassert.c:140)
==10780==    by 0x3801A70E: vgPlain_assert_fail (m_libcassert.c:200)
==10780==    by 0x38024519: vgPlain_arena_free (m_mallocfree.c:194)
==10780==    by 0x38036928: vgPlain_cli_free (replacemalloc_core.c:108)
==10780==    by 0x38001C6F: die_and_free_mem (mc_malloc_wrappers.c:122)
==10780==    by 0x38002727: vgMemCheck_free (mc_malloc_wrappers.c:319)
==10780==    by 0x38039072: vgPlain_scheduler (scheduler.c:1269)
==10780==    by 0x3804D2D8: run_a_thread_NORETURN (syswrap-linux.c:89)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==10780==    at 0x4022B8A: free (vg_replace_malloc.c:323)
==10780==    by 0x804FC29: ssl_clean_free (ssl-proxy-openssl.c:734)
==10780==    by 0x40BCC89: CRYPTO_free (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E8BBD: BN_mod_exp_mont_consttime (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40E91FF: BN_mod_exp_mont (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410949B: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x4109DD2: (within /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x410B91D: RSA_private_decrypt (in /usr/lib/i686/cmov/libcrypto.so.0.9.8)
==10780==    by 0x40447F3: ssl3_get_client_key_exchange (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x4047244: ssl3_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x405FCB9: SSL_accept (in /usr/lib/i686/cmov/libssl.so.0.9.8)
==10780==    by 0x8050F5A: ssl_step (ssl-proxy-openssl.c:399)
==10780==    by 0x8059A3F: io_loop_handler_run (ioloop-epoll.c:203)
==10780==    by 0x8058EAF: io_loop_run (ioloop.c:326)
==10780==    by 0x804E839: main (main.c:484)


Note: see also the FAQ.txt in the source distribution.
It contains workarounds to several common problems.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what Linux distro you are using.  Thanks.



More information about the dovecot mailing list