Dovecot 2.3.9 - lmtp crashes with Signal 11
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote:
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
Hallo Aki,
the affected code location seems to be concerned with parsing to ’To:’ header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains “undisclosed-recipients:;”.
I checked this manually and sure enough lmtp crashes:
nc -C -U dovecot-lmtp
220 keira.mike2k.de Dovecot ready.
LHLO keira.mike2k.de
250-keira.mike2k.de
250-8BITMIME
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-PIPELINING
250 STARTTLS
MAIL FROM:ms@mike2k.de
250 2.1.0 OK
RCPT TO:mikey@localhost.mike2k.de
250 2.1.5 OK
DATA
354 OK
To:
bla
.
(and thats it, connection closed because of the segfault).
Michael
On 11. Dec 2019, at 08:07, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote:
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
Hi!
We have released v2.3.9.1 fixing this issue.
Thank you for your effort!
Aki
On 13.12.2019 12.27, Michael Stilkerich wrote:
Hallo Aki,
the affected code location seems to be concerned with parsing to ’To:’ header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains “undisclosed-recipients:;”.
I checked this manually and sure enough lmtp crashes:
nc -C -U dovecot-lmtp
220 keira.mike2k.de Dovecot ready.
LHLO keira.mike2k.de
250-keira.mike2k.de
250-8BITMIME 250-CHUNKING
250-ENHANCEDSTATUSCODES
250-PIPELINING
250 STARTTLS
MAIL FROM:ms@mike2k.de
250 2.1.0 OK RCPT TO:mikey@localhost.mike2k.de 250 2.1.5 OK
DATA
354 OK To:bla
.
(and thats it, connection closed because of the segfault).
Michael
On 11. Dec 2019, at 08:07, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote:
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
Hi Aki,
first thanks for the quick fix.
Unfortunately, it only resolves the issue partially. For the “To: undisclosed-recipients:;”, it works now. For “To: “ it still crashes (i. e. what I did with my manual lmtp dialog).
Michael
On 13. Dec 2019, at 11:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
We have released v2.3.9.1 fixing this issue.
Thank you for your effort!
Aki
On 13.12.2019 12.27, Michael Stilkerich wrote:
Hallo Aki,
the affected code location seems to be concerned with parsing to ’To:’ header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains “undisclosed-recipients:;”.
I checked this manually and sure enough lmtp crashes:
nc -C -U dovecot-lmtp
220 keira.mike2k.de Dovecot ready.
LHLO keira.mike2k.de
250-keira.mike2k.de
250-8BITMIME 250-CHUNKING
250-ENHANCEDSTATUSCODES
250-PIPELINING
250 STARTTLS
MAIL FROM:ms@mike2k.de
250 2.1.0 OK RCPT TO:mikey@localhost.mike2k.de 250 2.1.5 OK
DATA
354 OK To:bla
.
(and thats it, connection closed because of the segfault).
Michael
On 11. Dec 2019, at 08:07, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote:
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
HI,
and the backtrace (essentially same as before except for the line numbers moved by the code changes):
Core was generated by `dovecot/lmtp'. [50/749] Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r@entry=0x5569a8e108d0, name_r=name_r@entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 22 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r@entry=0x5569a8e108d0, name_r=name_r@entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 #1 0x00007fece33adfdb in decode_address_header (name_r=0x5569a8e108d8, address_r=0x5569a8e108d0, hdr=<optimized out>, pool=0x5569a8e10550) at push-notification-event-message-common.c:67 #2 push_notification_message_fill (mail=mail@entry=0x5569a8e14898, pool=0x5569a8e10550, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR _DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPET), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x5569a8e10890, date_tz=0x5569a8e10898, message_id=0x5569a8e108b8, flags=0x5569a8e108ac, flags_set=0x5569a8e108a8, keywords=0x5569a8e108b0, snippet=0x5569a8e108a0, ext=0x5569a8e108c0) at push-notification-event-message-common.c:67 #3 0x00007fece33ada41 in push_notification_event_messagenew_event (ptxn=0x5569a8e10578, ec=0x5569a8e10820, msg=0x5569a8e10850, mail=0x5569a8e14898) at push-notification-event-messagenew.c:83 #4 0x00007fece33af1dd in push_notification_trigger_msg_save_new (txn=0x5569a8e10578, mail=0x5569a8e14898, msg=0x5569a8e10850) at push-notification-triggers.c:138 #5 0x00007fece3e4d2f3 in notify_contexts_mail_save (mail=0x5569a8e14898) at notify-plugin.c:62 #6 0x00007fece3e4e5b8 in notify_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at notify-storage.c:104 #7 0x00007fece406073d in quota_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at quota-storage.c:302 #8 0x00007fece59e9e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x5569a8dd1b18) at mail-storage.c:2759 #9 0x00007fece1e7107f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007fece1e6664c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007fece1e6711b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007fece1e7a6e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007fece20e6488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007fece5cfa60d in mail_do_deliver (storage_r=0x7ffc0dcb6d00, ctx=0x7ffc0dcb6df0) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffc0dcb6df0, storage_r=storage_r@entry=0x7ffc0dcb6d00) at mail-deliver.c:592 #16 0x00005569a7b930e1 in lmtp_local_default_deliver (client=0x5569a8d97898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffc0dcb7030) at lmtp-local.c:593 #17 0x00005569a7b938cf in lmtp_local_deliver (local=0x5569a8dbd9b0, local=0x5569a8dbd9b0, session=0x5569a8dd6748, src_mail=0x5569a8dd1b18, llrcpt=0x5569a8db8600, trans=0x5569a8db8ab8, cmd=0x5569a8db8088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x5569a8dd6748, trans=0x5569a8db8ab8, cmd=0x5569a8db8088, local=0x5569a8dbd9b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x5569a8d97898, cmd=cmd@entry=0x5569a8db8088, trans=trans@entry=0x5569a8db8ab8, input=<optimized out>) at lmtp-local.c:730 #20 0x00005569a7b920cf in client_default_cmd_data (client=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8, data_input=0x5569a8dbcc00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x00005569a7b91e6f in cmd_data_finish (trans=0x5569a8db8ab8, cmd=0x5569a8db8088, client=0x5569a8d97898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8) at lmtp-commands.c:213 #23 0x00007fece56522c7 in cmd_data_do_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:333 #25 0x00007fece56fc2af in io_loop_call_io (io=0x5569a8db68e0) at ioloop.c:718 #26 0x00007fece56fdc8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x5569a8d5cfd0) at ioloop-epoll.c:222 #27 0x00007fece56fc3c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007fece56fc5e8 in io_loop_run (ioloop=0x5569a8d5cfd0) at ioloop.c:743 #29 0x00007fece566a4b3 in master_service_run (service=0x5569a8d5ce60, callback=<optimized out>) at master-service.c:809 #30 0x00005569a7b90b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
Michael
On 13. Dec 2019, at 12:10, Michael Stilkerich ms@mike2k.de wrote:
Hi Aki,
first thanks for the quick fix.
Unfortunately, it only resolves the issue partially. For the “To: undisclosed-recipients:;”, it works now. For “To: “ it still crashes (i. e. what I did with my manual lmtp dialog).
Michael
On 13. Dec 2019, at 11:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
We have released v2.3.9.1 fixing this issue.
Thank you for your effort!
Aki
On 13.12.2019 12.27, Michael Stilkerich wrote:
Hallo Aki,
the affected code location seems to be concerned with parsing to ’To:’ header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains “undisclosed-recipients:;”.
I checked this manually and sure enough lmtp crashes:
nc -C -U dovecot-lmtp
220 keira.mike2k.de Dovecot ready.
LHLO keira.mike2k.de
250-keira.mike2k.de
250-8BITMIME 250-CHUNKING
250-ENHANCEDSTATUSCODES
250-PIPELINING
250 STARTTLS
MAIL FROM:ms@mike2k.de
250 2.1.0 OK RCPT TO:mikey@localhost.mike2k.de 250 2.1.5 OK
DATA
354 OK To:bla
.
(and thats it, connection closed because of the segfault).
Michael
On 11. Dec 2019, at 08:07, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote:
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
Can you provide p *addr?
Aki
On 13.12.2019 13.15, Michael Stilkerich wrote:
HI,
and the backtrace (essentially same as before except for the line numbers moved by the code changes):
Core was generated by `dovecot/lmtp'. [50/749] Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r@entry=0x5569a8e108d0, name_r=name_r@entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 22 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r@entry=0x5569a8e108d0, name_r=name_r@entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 #1 0x00007fece33adfdb in decode_address_header (name_r=0x5569a8e108d8, address_r=0x5569a8e108d0, hdr=<optimized out>, pool=0x5569a8e10550) at push-notification-event-message-common.c:67 #2 push_notification_message_fill (mail=mail@entry=0x5569a8e14898, pool=0x5569a8e10550, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR _DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPET), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x5569a8e10890, date_tz=0x5569a8e10898, message_id=0x5569a8e108b8, flags=0x5569a8e108ac, flags_set=0x5569a8e108a8, keywords=0x5569a8e108b0, snippet=0x5569a8e108a0, ext=0x5569a8e108c0) at push-notification-event-message-common.c:67 #3 0x00007fece33ada41 in push_notification_event_messagenew_event (ptxn=0x5569a8e10578, ec=0x5569a8e10820, msg=0x5569a8e10850, mail=0x5569a8e14898) at push-notification-event-messagenew.c:83 #4 0x00007fece33af1dd in push_notification_trigger_msg_save_new (txn=0x5569a8e10578, mail=0x5569a8e14898, msg=0x5569a8e10850) at push-notification-triggers.c:138 #5 0x00007fece3e4d2f3 in notify_contexts_mail_save (mail=0x5569a8e14898) at notify-plugin.c:62 #6 0x00007fece3e4e5b8 in notify_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at notify-storage.c:104 #7 0x00007fece406073d in quota_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at quota-storage.c:302 #8 0x00007fece59e9e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x5569a8dd1b18) at mail-storage.c:2759 #9 0x00007fece1e7107f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007fece1e6664c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007fece1e6711b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007fece1e7a6e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007fece20e6488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007fece5cfa60d in mail_do_deliver (storage_r=0x7ffc0dcb6d00, ctx=0x7ffc0dcb6df0) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffc0dcb6df0, storage_r=storage_r@entry=0x7ffc0dcb6d00) at mail-deliver.c:592 #16 0x00005569a7b930e1 in lmtp_local_default_deliver (client=0x5569a8d97898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffc0dcb7030) at lmtp-local.c:593 #17 0x00005569a7b938cf in lmtp_local_deliver (local=0x5569a8dbd9b0, local=0x5569a8dbd9b0, session=0x5569a8dd6748, src_mail=0x5569a8dd1b18, llrcpt=0x5569a8db8600, trans=0x5569a8db8ab8, cmd=0x5569a8db8088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x5569a8dd6748, trans=0x5569a8db8ab8, cmd=0x5569a8db8088, local=0x5569a8dbd9b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x5569a8d97898, cmd=cmd@entry=0x5569a8db8088, trans=trans@entry=0x5569a8db8ab8, input=<optimized out>) at lmtp-local.c:730 #20 0x00005569a7b920cf in client_default_cmd_data (client=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8, data_input=0x5569a8dbcc00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x00005569a7b91e6f in cmd_data_finish (trans=0x5569a8db8ab8, cmd=0x5569a8db8088, client=0x5569a8d97898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8) at lmtp-commands.c:213 #23 0x00007fece56522c7 in cmd_data_do_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:333 #25 0x00007fece56fc2af in io_loop_call_io (io=0x5569a8db68e0) at ioloop.c:718 #26 0x00007fece56fdc8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x5569a8d5cfd0) at ioloop-epoll.c:222 #27 0x00007fece56fc3c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007fece56fc5e8 in io_loop_run (ioloop=0x5569a8d5cfd0) at ioloop.c:743 #29 0x00007fece566a4b3 in master_service_run (service=0x5569a8d5ce60, callback=<optimized out>) at master-service.c:809 #30 0x00005569a7b90b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
Michael
On 13. Dec 2019, at 12:10, Michael Stilkerich ms@mike2k.de wrote:
Hi Aki,
first thanks for the quick fix.
Unfortunately, it only resolves the issue partially. For the “To: undisclosed-recipients:;”, it works now. For “To: “ it still crashes (i. e. what I did with my manual lmtp dialog).
Michael
On 13. Dec 2019, at 11:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
We have released v2.3.9.1 fixing this issue.
Thank you for your effort!
Aki
On 13.12.2019 12.27, Michael Stilkerich wrote:
Hallo Aki,
the affected code location seems to be concerned with parsing to ’To:’ header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains “undisclosed-recipients:;”.
I checked this manually and sure enough lmtp crashes:
nc -C -U dovecot-lmtp
220 keira.mike2k.de Dovecot ready.
LHLO keira.mike2k.de
250-keira.mike2k.de
250-8BITMIME 250-CHUNKING
250-ENHANCEDSTATUSCODES
250-PIPELINING
250 STARTTLS
MAIL FROM:ms@mike2k.de
250 2.1.0 OK RCPT TO:mikey@localhost.mike2k.de 250 2.1.5 OK
DATA
354 OK To:bla
.
(and thats it, connection closed because of the segfault).
Michael
On 11. Dec 2019, at 08:07, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote:
Hello,
since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8.
The backtrace from one of the coredumps:
Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. done. [New LWP 1554] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 20 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) at push-notification-event-message-common.c:20 #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
I can provide one of the mails causing the crash if helpful (they are all spam).
Best regards, Michael
Sure, addr is NULL:
(gdb) p *addr Cannot access memory at address 0x0
Michael
On 13. Dec 2019, at 12:16, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Can you provide p *addr?
Aki
On 13.12.2019 13.15, Michael Stilkerich wrote:
HI,
and the backtrace (essentially same as before except for the line numbers moved by the code changes):
Core was generated by `dovecot/lmtp'. [50/749] Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool@entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r@entry=0x5569a8e108d0, name_r=name_r@entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 22 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool@entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r@entry=0x5569a8e108d0, name_r=name_r@entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 #1 0x00007fece33adfdb in decode_address_header (name_r=0x5569a8e108d8, address_r=0x5569a8e108d0, hdr=<optimized out>, pool=0x5569a8e10550) at push-notification-event-message-common.c:67 #2 push_notification_message_fill (mail=mail@entry=0x5569a8e14898, pool=0x5569a8e10550, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR _DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPET), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x5569a8e10890, date_tz=0x5569a8e10898, message_id=0x5569a8e108b8, flags=0x5569a8e108ac, flags_set=0x5569a8e108a8, keywords=0x5569a8e108b0, snippet=0x5569a8e108a0, ext=0x5569a8e108c0) at push-notification-event-message-common.c:67 #3 0x00007fece33ada41 in push_notification_event_messagenew_event (ptxn=0x5569a8e10578, ec=0x5569a8e10820, msg=0x5569a8e10850, mail=0x5569a8e14898) at push-notification-event-messagenew.c:83 #4 0x00007fece33af1dd in push_notification_trigger_msg_save_new (txn=0x5569a8e10578, mail=0x5569a8e14898, msg=0x5569a8e10850) at push-notification-triggers.c:138 #5 0x00007fece3e4d2f3 in notify_contexts_mail_save (mail=0x5569a8e14898) at notify-plugin.c:62 #6 0x00007fece3e4e5b8 in notify_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at notify-storage.c:104 #7 0x00007fece406073d in quota_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at quota-storage.c:302 #8 0x00007fece59e9e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x5569a8dd1b18) at mail-storage.c:2759 #9 0x00007fece1e7107f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007fece1e6664c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007fece1e6711b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007fece1e7a6e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007fece20e6488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007fece5cfa60d in mail_do_deliver (storage_r=0x7ffc0dcb6d00, ctx=0x7ffc0dcb6df0) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx@entry=0x7ffc0dcb6df0, storage_r=storage_r@entry=0x7ffc0dcb6d00) at mail-deliver.c:592 #16 0x00005569a7b930e1 in lmtp_local_default_deliver (client=0x5569a8d97898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffc0dcb7030) at lmtp-local.c:593 #17 0x00005569a7b938cf in lmtp_local_deliver (local=0x5569a8dbd9b0, local=0x5569a8dbd9b0, session=0x5569a8dd6748, src_mail=0x5569a8dd1b18, llrcpt=0x5569a8db8600, trans=0x5569a8db8ab8, cmd=0x5569a8db8088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x5569a8dd6748, trans=0x5569a8db8ab8, cmd=0x5569a8db8088, local=0x5569a8dbd9b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client@entry=0x5569a8d97898, cmd=cmd@entry=0x5569a8db8088, trans=trans@entry=0x5569a8db8ab8, input=<optimized out>) at lmtp-local.c:730 #20 0x00005569a7b920cf in client_default_cmd_data (client=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8, data_input=0x5569a8dbcc00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x00005569a7b91e6f in cmd_data_finish (trans=0x5569a8db8ab8, cmd=0x5569a8db8088, client=0x5569a8d97898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8) at lmtp-commands.c:213 #23 0x00007fece56522c7 in cmd_data_do_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:333 #25 0x00007fece56fc2af in io_loop_call_io (io=0x5569a8db68e0) at ioloop.c:718 #26 0x00007fece56fdc8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x5569a8d5cfd0) at ioloop-epoll.c:222 #27 0x00007fece56fc3c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007fece56fc5e8 in io_loop_run (ioloop=0x5569a8d5cfd0) at ioloop.c:743 #29 0x00007fece566a4b3 in master_service_run (service=0x5569a8d5ce60, callback=<optimized out>) at master-service.c:809 #30 0x00005569a7b90b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169
Michael
On 13. Dec 2019, at 12:10, Michael Stilkerich ms@mike2k.de wrote:
Hi Aki,
first thanks for the quick fix.
Unfortunately, it only resolves the issue partially. For the “To: undisclosed-recipients:;”, it works now. For “To: “ it still crashes (i. e. what I did with my manual lmtp dialog).
Michael
On 13. Dec 2019, at 11:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
We have released v2.3.9.1 fixing this issue.
Thank you for your effort!
Aki
On 13.12.2019 12.27, Michael Stilkerich wrote:
Hallo Aki,
the affected code location seems to be concerned with parsing to ’To:’ header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains “undisclosed-recipients:;”.
I checked this manually and sure enough lmtp crashes:
nc -C -U dovecot-lmtp
220 keira.mike2k.de Dovecot ready.
LHLO keira.mike2k.de
250-keira.mike2k.de
250-8BITMIME 250-CHUNKING
250-ENHANCEDSTATUSCODES
250-PIPELINING
250 STARTTLS
MAIL FROM:ms@mike2k.de
250 2.1.0 OK RCPT TO:mikey@localhost.mike2k.de 250 2.1.5 OK
DATA
354 OK To:bla
.
(and thats it, connection closed because of the segfault).
Michael
On 11. Dec 2019, at 08:07, Aki Tuomi aki.tuomi@open-xchange.com wrote:
Hi!
Can you provide a mail sample and doveconf -n please?
Aki
> On 11/12/2019 08:57 Michael Stilkerich via dovecot dovecot@dovecot.org wrote: > > > Hello, > > since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8. > > The backtrace from one of the coredumps: > > Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. > done. > [New LWP 1554] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". > Core was generated by `dovecot/lmtp'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) > at push-notification-event-message-common.c:20 > 20 push-notification-event-message-common.c: No such file or directory. > (gdb) bt > #0 decode_address_header (pool=pool@entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r@entry=0x560631ad7090, name_r=name_r@entry=0x560631ad7098) > at push-notification-event-message-common.c:20 > #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 > #2 push_notification_message_fill (mail=mail@entry=0x560631adc088, pool=0x560631ad6d10, > event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, > keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 > #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 > #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 > #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 > #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 > #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 > #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 > #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so > #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 > #15 mail_deliver (ctx=ctx@entry=0x7ffedf944c30, storage_r=storage_r@entry=0x7ffedf944b40) at mail-deliver.c:592 > #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 > #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) > at lmtp-local.c:530 > #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 > #19 lmtp_local_data (client=client@entry=0x560631a5e898, cmd=cmd@entry=0x560631a7f088, trans=trans@entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 > #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 > #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 > #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 > #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 > #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 > #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 > #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop@entry=0x560631a23fd0) at ioloop-epoll.c:222 > #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 > #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 > #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 > #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 > > I can provide one of the mails causing the crash if helpful (they are all spam). > > Best regards, > Michael
participants (2)
-
Aki Tuomi
-
Michael Stilkerich