Crashing when run against OpenSSL 1.1.0c
Aki Tuomi
aki.tuomi at dovecot.fi
Tue Nov 15 11:43:53 UTC 2016
On 15.11.2016 13:27, Michael Marley wrote:
> Hi,
>
> I am running Dovecot 2.2.26.0 compiled against OpenSSL 1.1 and, since
> upgrading to OpenSSL 1.1.0c, the "lmtp" process has been crashing with
> SIGSEGV whenever it receives SIGINT. This always happens a minute or so
> after the lmtp process handles a message. It can also be manually
> reproduced by sending SIGINT to one of the running lmtp processes.
>
> I am compiling and running on an Ubuntu 17.04 x86_64 system using GCC 6.2.
>
> Here is the output of me reproducing it with gdb:
>
> (gdb) signal SIGINT
> Continuing with signal SIGINT.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007f6748cc2fb0 in ?? ()
> (gdb) bt
> #0 0x00007f6748cc2fb0 in ?? ()
> #1 0x00007f674872ac60 in ossl_init_thread_stop (locals=<optimized out>)
> at crypto/init.c:336
> #2 0x00007f674872aee4 in OPENSSL_cleanup () at crypto/init.c:391
> #3 0x00007f67491052e0 in __run_exit_handlers (status=0,
> listp=0x7f674948c5d8 <__exit_funcs>,
> run_list_atexit=run_list_atexit at entry=true,
> run_dtors=run_dtors at entry=true) at exit.c:83
> #4 0x00007f674910533a in __GI_exit (status=<optimized out>) at exit.c:105
> #5 0x00007f67490eb3f8 in __libc_start_main (main=0x555b35fbfbc0 <main>,
> argc=1, argv=0x7ffd4ede3588, init=<optimized out>,
> fini=<optimized out>, rtld_fini=<optimized out>,
> stack_end=0x7ffd4ede3578) at ../csu/libc-start.c:325
> #6 0x0000555b35fbfe3a in _start ()
>
> Here is the output of "doveconf -n":
>
> # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.devel (623ae77)
> # OS: Linux 4.8.7-040807-generic x86_64 Ubuntu Zesty Zapus (development
> branch)
> auth_mechanisms = plain login
> auth_username_format = %Ln
> mail_location = mdbox:~/mdbox
> mailbox_list_index = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart extracttext
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> plugin {
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> postmaster_address = michael at michaelmarley.com
> protocols = imap sieve lmtp
> service auth {
> client_limit = 1624
> unix_listener /var/spool/postfix/private/dovecot-auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> }
> service imap-login {
> inet_listener imaps {
> port = 0
> }
> }
> service lmtp {
> process_min_avail = 5
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> ssl = required
> ssl_ca = </etc/ssl/private/COMODORSADomainValidationSecureServerCA.crt
> ssl_cert = </etc/ssl/private/michaelmarley.com.crt
> ssl_cipher_list = HIGH !RC4 !aNULL !eNULL !3DES @STRENGTH
> ssl_dh_parameters_length = 4096
> ssl_key = # hidden, use -P to show it
> ssl_protocols = !SSLv3
> userdb {
> driver = passwd
> }
> protocol lmtp {
> mail_plugins = " sieve"
> }
> protocol lda {
> mail_plugins = " sieve"
> }
> local_name matthewtmarley.com {
> ssl_ca = </etc/ssl/private/COMODORSADomainValidationSecureServerCA.crt
> ssl_cert = </etc/ssl/private/matthewtmarley.com.crt
> ssl_key = # hidden, use -P to show it
> }
>
> I tried recompiling Dovecot to see if that might do any good, but I got
> the same result. Also, I noticed that the "test-crypto" test in
> src/lib-dcrypt also crashes on exit (despite the fact that all the tests
> succeeded) with a very similar stacktrace:
>
> (gdb) run
> Starting program:
> /home/michael/Source/dovecot/core/src/lib-dcrypt/test-crypto
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> test_cipher_test_vectors ............................................. : ok
> test_cipher_aead_test_vectors ........................................ : ok
> test_hmac_test_vectors ............................................... : ok
> test_load_v1_keys .................................................... : ok
> test_load_v1_key ..................................................... : ok
> test_load_v1_public_key .............................................. : ok
> test_load_v2_key ..................................................... : ok
> test_load_v2_public_key .............................................. : ok
> test_get_info_v2_key ................................................. : ok
> test_gen_and_get_info_rsa_pem ........................................ : ok
> test_get_info_rsa_private_key ........................................ : ok
> test_get_info_invalid_keys ........................................... : ok
> test_get_info_key_encrypted .......................................... : ok
> test_get_info_pw_encrypted ........................................... : ok
> test_password_change ................................................. : ok
> test_load_invalid_keys ............................................... : ok
> 0 / 16 tests failed
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff75a5480 in ?? ()
> (gdb) bt
> #0 0x00007ffff75a5480 in ?? ()
> #1 0x00007ffff6ff7c60 in ossl_init_thread_stop (locals=<optimized out>)
> at crypto/init.c:336
> #2 0x00007ffff6ff7ee4 in OPENSSL_cleanup () at crypto/init.c:391
> #3 0x00007ffff78472e0 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #4 0x00007ffff784733a in exit () from /lib/x86_64-linux-gnu/libc.so.6
> #5 0x00007ffff782d3f8 in __libc_start_main () from
> /lib/x86_64-linux-gnu/libc.so.6
> #6 0x000055555555f68a in _start ()
>
> If there is anything I have missed or if there is any other way I can
> help, please let me know.
>
> Thanks,
>
> Michael Marley
Hi!
This is a known problem, and we have received patch for it which we are
reviewing. At the moment Dovecot is not officially compatible with
OpenSSL 1.1.0.
Aki
More information about the dovecot
mailing list