[PATH] expire plugins segfault with misconfigured dict
Lazy
lazy404 at gmail.com
Sun Aug 3 13:13:38 UTC 2014
2014-07-07 15:18 GMT+02:00 Lazy <lazy404 at gmail.com>:
> dovecot 2.2.13
>
> With configuration like
>
> plugin {
>
> expire_dict = blblbla
> }
>
> expiere plugins segfaults during deinit. It might also segfault if the
> dict service was unavaiable.
>
> attached bellow is a diff against 2.2.13
>
> Jul 7 14:51:11 dovecot1 dovecot: lmtp(10548, lazy): Error: expire
> plugin: dict_init(blblbla) failed: Dictionary URI is missing ':':
> blblbla
>
> Jul 7 14:51:11 dovecot1 dovecot: lmtp(10548, lazy): Fatal: master:
> service(lmtp): child 10548 killed with signal 11 (core dumps disabled)
>
>
> Program received signal SIGSEGV, Segmentation fault.
>
> 0x00007f337d8af8ae in dict_deinit (_dict=0x8) at dict.c:87
>
> 87 struct dict *dict = *_dict;
>
> (gdb) bt
>
> #0 0x00007f337d8af8ae in dict_deinit (_dict=0x8) at dict.c:87
>
> #1 0x00007f337c88f647 in expire_mail_user_deinit (user=0x1b60e80) at
> expire-plugin.c:299
>
> #2 0x00007f337cca3e7f in quota_user_deinit (user=0x1b60e80) at
> quota-storage.c:491
>
> #3 0x00007f337dbcb0f1 in mail_user_unref (_user=0x1b2d070) at mail-user.c:163
>
> #4 0x000000000040832b in client_input_data_write_local
> (client=0x1b2cf60, input=0x1b43f10) at commands.c:830
>
> #5 0x0000000000408755 in client_input_data_write (client=0x1b2cf60)
> at commands.c:939
>
> #6 0x0000000000408b18 in client_input_data_handle (client=0x1b2cf60)
> at commands.c:1033
>
> #7 0x0000000000408b52 in client_input_data (client=0x1b2cf60) at
> commands.c:1042
>
> #8 0x00007f337d8fc723 in io_loop_call_io (io=0x1b2c360) at ioloop.c:441
>
> #9 0x00007f337d8fe6e5 in io_loop_handler_run_internal
> (ioloop=0x1b27740) at ioloop-epoll.c:220
>
> #10 0x00007f337d8fc8be in io_loop_handler_run (ioloop=0x1b27740) at ioloop.c:488
>
> #11 0x00007f337d8fc817 in io_loop_run (ioloop=0x1b27740) at ioloop.c:465
>
> #12 0x00007f337d888d40 in master_service_run (service=0x1b275d0,
> callback=0x404b5c <client_connected>) at master-service.c:566
>
> #13 0x0000000000404db2 in main (argc=1, argv=0x1b27390) at main.c:122
>
> (gdb) p _dict
>
> $1 = (struct dict **) 0x8
>
> (gdb) bt full
>
> #0 0x00007f337d8af8ae in dict_deinit (_dict=0x8) at dict.c:87
>
> dict = 0x10
>
> #1 0x00007f337c88f647 in expire_mail_user_deinit (user=0x1b60e80) at
> expire-plugin.c:299
>
> euser = 0x0
>
> #2 0x00007f337cca3e7f in quota_user_deinit (user=0x1b60e80) at
> quota-storage.c:491
>
> quser = 0x1b62958
>
> quota_set = 0x1b656a0
>
> #3 0x00007f337dbcb0f1 in mail_user_unref (_user=0x1b2d070) at mail-user.c:163
>
> user = 0x1b60e80
>
> __FUNCTION__ = "mail_user_unref"
>
> #4 0x000000000040832b in client_input_data_write_local
> (client=0x1b2cf60, input=0x1b43f10) at commands.c:830
>
> session = 0x1b60a70
>
> src_mail = 0x1b5c250
>
> old_uid = 300
>
> first_uid = 4294967295
>
> __FUNCTION__ = "client_input_data_write_local"
>
> #5 0x0000000000408755 in client_input_data_write (client=0x1b2cf60)
> at commands.c:939
>
> input = 0x1b43f10
>
> ret = true
>
> #6 0x0000000000408b18 in client_input_data_handle (client=0x1b2cf60)
> at commands.c:1033
>
> data = 0x1b556b8 "\330\001"
>
> size = 2
>
> ret = -1
>
> #7 0x0000000000408b52 in client_input_data (client=0x1b2cf60) at
> commands.c:1042
>
reposting
--
Michal Grzedzicki
--- src/plugins/expire/expire-plugin.c (wersja 1343)
+++ src/plugins/expire/expire-plugin.c (kopia robocza)
@@ -296,10 +296,12 @@
{
struct expire_mail_user *euser = EXPIRE_USER_CONTEXT(user);
- dict_deinit(&euser->db);
- expire_set_deinit(&euser->set);
+ if (euser != NULL) {
+ dict_deinit(&euser->db);
+ expire_set_deinit(&euser->set);
- euser->module_ctx.super.deinit(user);
+ euser->module_ctx.super.deinit(user);
+ }
}
static const char *const *expire_get_patterns(struct mail_user *user)
More information about the dovecot
mailing list