Hi,
I'm getting segfaults and unexpected disconnects from managesieve server, when the Thunderbird SIEVE extension tries to validate SIEVE scripts agains Pidgeonhole in Dovecot 2.1.8.
The extension says: "Server terminated unexpectedly the connection, click on reconnect to try again."
It can be reproduced by simply calling CHECKSCRIPT followed by a string:
mail01:~# telnet 127.0.0.1 19200 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. "IMPLEMENTATION" "Sieve" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave" "NOTIFY" "mailto" "SASL" "PLAIN" "VERSION" "1.0" OK "Mailbox" AUTHENTICATE "PLAIN" "AGRwYXJ0aGV5QGV4YW1wbGUub3JnAGRwYXJ0aGV5" OK "Logged in." CHECKSCRIPT {6+} abcdef Connection closed by foreign host.
The server interrupts the connection and the logs show the following:
# dovecot.log Sep 7 01:40:46 dovecot: mailbox: mail: managesieve(dparthey@example.org): Fatal: master: service(managesieve): child 31356 killed with signal 11 (core dumped)
# kern.log Sep 7 01:40:46 kernel: [1417105.954609] managesieve[31356]: segfault at 0 ip 00007f1c415c4876 sp 00007fffb3731f88 error 4 in libc-2.11.1.so[7f1c41543000+17a000]
Here is the backtrace:
mail01:~# gdb /usr/lib/dovecot/managesieve /var/tmp/core.managesieve.31356 Core was generated by `dovecot-mailbox/managesieve'. Program terminated with signal 11, Segmentation fault. #0 0x00007f1c415c4876 in ?? () from /lib/libc.so.6 (gdb) bt full #0 0x00007f1c415c4876 in ?? () from /lib/libc.so.6 No symbol table info available. #1 0x000000000040b1c3 in sieve_storage_save_will_activate (ctx=0x257f1a0) at sieve-storage-save.c:328 _data_stack_cur_id = 4 scriptname = 0x25400ae "default.sieve" ret = <value optimized out> #2 0x00000000004065b0 in cmd_putscript_finish_parsing (cmd=0x2575cb8) at cmd-putscript.c:206 ehandler = <value optimized out> cpflags = <value optimized out> sbin = <value optimized out> errors = <value optimized out> _data_stack_cur_id = 0 script = <value optimized out> client = 0x2575c30 ctx = 0x2578180 args = 0x254bc68 ret = <value optimized out> #3 0x0000000000406838 in cmd_putscript_continue_script (cmd=0x2575cb8) at cmd-putscript.c:423 all_written = <value optimized out> client = 0x2575c30 ctx = 0x2578180 size = 39279968 #4 0x0000000000406caf in client_input_putscript (context=0x2575c30) at cmd-putscript.c:84 cmd = 0x2575cb8 __FUNCTION__ = "client_input_putscript" #5 0x00007f1c41d1d3e6 in io_loop_call_io (io=0x2575fd0) at ioloop.c:379 ioloop = 0x2548680 t_id = 2 #6 0x00007f1c41d1e46f in io_loop_handler_run (ioloop=<value optimized out>) at ioloop-epoll.c:213 ctx = 0x25489f0 event = 0x2548a60 list = 0x2576020 io = 0x0 tv = {tv_sec = 18, tv_usec = 988469} msecs = <value optimized out> ret = <value optimized out> i = 0 call = false #7 0x00007f1c41d1d388 in io_loop_run (ioloop=0x2548680) at ioloop.c:398 No locals. #8 0x00007f1c41d09653 in master_service_run (service=0x2548530, callback=0x25400ae) at master-service.c:543 No locals. #9 0x00000000004096ce in main (argc=1, argv=0x2548370) at main.c:308 set_roots = {0x610d60, 0x0} login_set = {auth_socket_path = 0x2540088 "/var/run/dovecot/auth-master", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback = 0x409810 <login_client_connected>, failure_callback = 0x409290 <login_client_failed>} service_flags = <value optimized out> storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT username = 0x0 c = <value optimized out>