[Dovecot] Segfault in managesieve with "sieve_extensions = -redirect"
Hi!
I've got a segfault in managesieve while using: sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect
The problem seems to lie in "-redirect".
Reason for excluding "redirect" from sieve is my users should not use sieve to forward or redirect mails but use an external method (web-script to set LDAP attribute) which checks several things like active spam-checker, existing target mailbox, etc.
The version ov dovecot ist 1:2.0.9-1~3.gbp785ad1~dvz60+1 on Debian Squeeze which is from the Debian maintainers git repository recompiled on Squeeze (I know, pretty wild.)
doveconf -n and backtrace follow:
-----------------------8<---------------------------------------------
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0 auth_username_format = %Ln dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 1000 first_valid_uid = 1000 last_valid_gid = 1000 last_valid_uid = 1000 mail_access_groups = virtmail mail_gid = virtmail mail_location = mdbox:~/mdbox mail_plugins = " quota zlib" mail_uid = virtmail mdbox_rotate_interval = 23 hours mdbox_rotate_size = 25 M namespace { hidden = yes inbox = yes list = yes location = prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = dict:Benutzer-Quota::proxy::quota quota_rule = *:storage=2G sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster@th-mittelhessen.de protocols = imap pop3 sieve service dict { unix_listener dict { group = virtmail mode = 0660 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert =
-----------------------8<---------------------------------------------
(gdb) bt full #0 sieve_extensions_set_string (svinst=<value optimized out>, ext_string=<value optimized out>) at sieve-extensions.c:567 ext = 0x0 op = 0 '\000' name = 0x2375331 "redirect" _data_stack_cur_id = 2 ext_reg = 0x23856c8 ext_names = 0x2375368 i = <value optimized out> ext_count = <value optimized out> relative = true #1 0x00007fb2db4207c2 in sieve_extensions_init (svinst=0x2385680) at sieve-extensions.c:256 extensions = <value optimized out> ext = <value optimized out> #2 0x00007fb2db426914 in sieve_init (env=0x40d700, context=<value optimized out>, debug=false) at sieve.c:83 svinst = 0x2385680 uint_setting = 0 size_setting = 37179544 pool = 0x2385660 #3 0x00000000004085ff in managesieve_capabilities_dump () at managesieve-capabilities.c:125 svinst = <value optimized out> notify_cap = <value optimized out> #4 0x0000000000408af5 in main (argc=4, argv=0x237d370) at main.c:273 set_roots = {0x610040, 0x0} service_flags = <value optimized out> storage_service_flags = 0 postlogin_socket_path = 0x0 username = 0x0 c = <value optimized out>
-----------------------8<---------------------------------------------
Grüße, Sven.
-- Sig lost. Core dumped.
I do not understand certain things in your dovecot-n
in my dovecot -n
there is a
plugin {
plugin = autocreate managesieve sieve
sieve = ~/.dovecot.sieve
sieve_before = /var/sieve-scripts/roundcube.sieve
sieve_dir = ~/sieve
sieve_global_path = whatever
autocreate = Trash
autocreate2 = Junk
autocreate3 = Sent
autocreate4 = Drafts
autosubscribe = Trash
autosubscribe2 = Junk
autosubscribe3 = Sent
autosubscribe4 = Drafts
}
this missing in your config
Le mercredi 02 mars 2011 à 15:15 +0100, Sven Hartge a écrit :
Hi!
I've got a segfault in managesieve while using: sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect
The problem seems to lie in "-redirect".
Reason for excluding "redirect" from sieve is my users should not use sieve to forward or redirect mails but use an external method (web-script to set LDAP attribute) which checks several things like active spam-checker, existing target mailbox, etc.
The version ov dovecot ist 1:2.0.9-1~3.gbp785ad1~dvz60+1 on Debian Squeeze which is from the Debian maintainers git repository recompiled on Squeeze (I know, pretty wild.)
doveconf -n and backtrace follow:
-----------------------8<---------------------------------------------
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0 auth_username_format = %Ln dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no first_valid_gid = 1000 first_valid_uid = 1000 last_valid_gid = 1000 last_valid_uid = 1000 mail_access_groups = virtmail mail_gid = virtmail mail_location = mdbox:~/mdbox mail_plugins = " quota zlib" mail_uid = virtmail mdbox_rotate_interval = 23 hours mdbox_rotate_size = 25 M namespace { hidden = yes inbox = yes list = yes location = prefix = INBOX. separator = . subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { quota = dict:Benutzer-Quota::proxy::quota quota_rule = *:storage=2G sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect zlib_save = gz zlib_save_level = 6 } postmaster_address = postmaster@th-mittelhessen.de protocols = imap pop3 sieve service dict { unix_listener dict { group = virtmail mode = 0660 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert =
-----------------------8<---------------------------------------------
(gdb) bt full #0 sieve_extensions_set_string (svinst=<value optimized out>, ext_string=<value optimized out>) at sieve-extensions.c:567 ext = 0x0 op = 0 '\000' name = 0x2375331 "redirect" _data_stack_cur_id = 2 ext_reg = 0x23856c8 ext_names = 0x2375368 i = <value optimized out> ext_count = <value optimized out> relative = true #1 0x00007fb2db4207c2 in sieve_extensions_init (svinst=0x2385680) at sieve-extensions.c:256 extensions = <value optimized out> ext = <value optimized out> #2 0x00007fb2db426914 in sieve_init (env=0x40d700, context=<value optimized out>, debug=false) at sieve.c:83 svinst = 0x2385680 uint_setting = 0 size_setting = 37179544 pool = 0x2385660 #3 0x00000000004085ff in managesieve_capabilities_dump () at managesieve-capabilities.c:125 svinst = <value optimized out> notify_cap = <value optimized out> #4 0x0000000000408af5 in main (argc=4, argv=0x237d370) at main.c:273 set_roots = {0x610040, 0x0} service_flags = <value optimized out> storage_service_flags = 0 postlogin_socket_path = 0x0 username = 0x0 c = <value optimized out>
-----------------------8<---------------------------------------------
Grüße, Sven.
-- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
fakessh @ fakessh@fakessh.eu wrote:
I do not understand certain things in your dovecot-n
in my dovecot -n there is a plugin { plugin = autocreate managesieve sieve sieve = ~/.dovecot.sieve sieve_before = /var/sieve-scripts/roundcube.sieve sieve_dir = ~/sieve sieve_global_path = whatever autocreate = Trash autocreate2 = Junk autocreate3 = Sent autocreate4 = Drafts autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Sent autosubscribe4 = Drafts
}
this missing in your config
Yeah, so?
I don't need autosubscritption, a global path or autocreation of folders. Of course those config options are missing then.
My config is from a working example, I can toggle between "works fine" and "managesieve process segfaults" by removing or adding "-redirect" to the sieve_extensions parameter.
Grüße, Sven.
-- Sig lost. Core dumped.
Op 2-3-2011 15:15, Sven Hartge schreef:
Hi!
I've got a segfault in managesieve while using: sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect
The problem seems to lie in "-redirect".
The redirect command is part of the Sieve core specification and it is thus no extension. It's availability can therefore not be disabled using the sieve_extensions setting.
When I wouldn't have made a bug here, you would have been warned with the following message:
"ignored unknown extension 'redirect' while configuring available extensions"
Instead, you got a segfault, which is now fixed:
http://hg.rename-it.nl/dovecot-2.0-pigeonhole/rev/bb26cdb18bdf
Reason for excluding "redirect" from sieve is my users should not use sieve to forward or redirect mails but use an external method (web-script to set LDAP attribute) which checks several things like active spam-checker, existing target mailbox, etc.
The version ov dovecot ist 1:2.0.9-1~3.gbp785ad1~dvz60+1 on Debian Squeeze which is from the Debian maintainers git repository recompiled on Squeeze (I know, pretty wild.)
Hmm, considering what Sieve RFC 5228 says:
"Implementations MAY ignore a redirect action silently due to policy reasons. For example, an implementation MAY choose not to redirect to an address that is known to be undeliverable. Any ignored redirect MUST NOT cancel the implicit keep." (page 24)
"(2) MUST provide the means for administrators to limit the ability of users to abuse redirect. In particular, it MUST be possible to limit the number of redirects a script can perform. Additionally, if no use cases exist for using redirect to multiple destinations, this limit SHOULD be set to 1. Additional limits, such as the ability to restrict redirect to local users, MAY also be implemented." (page 38)
"Allowing redirects at all may not be appropriate in situations where email accounts are freely available and/or not trackable to a human who can be held accountable for creating message bombs or other abuse." (page 39)
Unfortunately, we currently don't have a means to actually disable redirect. The number of redirects can be limited using the existing sieve_max_redirects option, but a value of 0 stands for 'unlimited', meaning that 1 is the minimum. In hindsight, this was a really bad choice :)
So we have two options: - Change the meaning of 0 for sieve_max_redirects. It's quite likely no one has set this to 0. - Add a separate setting to disable redirect, e.g. sieve_redirect_disable.
Not sure what to choose yet.
Regards,
Stephan.
Stephan Bosch stephan@rename-it.nl wrote:
Op 2-3-2011 15:15, Sven Hartge schreef:
I've got a segfault in managesieve while using: sieve_extensions = -vacation -reject -spamtest -virustest -enotify -redirect
The problem seems to lie in "-redirect".
The redirect command is part of the Sieve core specification and it is thus no extension. It's availability can therefore not be disabled using the sieve_extensions setting.
OK, already thought so after inspecting the RfC.
When I wouldn't have made a bug here, you would have been warned with the following message:
"ignored unknown extension 'redirect' while configuring available extensions"
Which would have caused a mail from me, why "redirect" is an unknown extension. ;)
"Implementations MAY ignore a redirect action silently due to policy reasons."
This fits my use case. redirects/forwards are configured differently here and I need to disable redirect, because I _know_ some of my students will figure out, how to circumvent some restrictions we enforce on mail forwarding. Especially the students fromt the Computer Science department. :)
Unfortunately, we currently don't have a means to actually disable redirect. The number of redirects can be limited using the existing sieve_max_redirects option, but a value of 0 stands for 'unlimited', meaning that 1 is the minimum. In hindsight, this was a really bad choice :)
So we have two options: - Change the meaning of 0 for sieve_max_redirects. It's quite likely no one has set this to 0. - Add a separate setting to disable redirect, e.g. sieve_redirect_disable.
Use "-1" to disable it?
Grüße, Sven
-- Sig lost. Core dumped.
On 2.3.2011, at 19.32, Sven Hartge wrote:
So we have two options: likely no one has set this to 0.
- Change the meaning of 0 for sieve_max_redirects. It's quite
Doesn't seem that bad.. Like you said, probably will affect zero to very few people. Would of course be nice if this happened only when Dovecot's minor version changed (to v2.1), i.e. when people are expecting a little bit of backwards incompatible changes. I think v2.1.0 will be out before summer.
- Add a separate setting to disable redirect, e.g. sieve_redirect_disable.
Extra settings are always annoying.
Use "-1" to disable it?
In general Dovecot settings don't currently have negative values. It would either generate an error or change the value to 2^32-1, which would be better for the unlimited value.
participants (4)
-
fakessh @
-
Stephan Bosch
-
Sven Hartge
-
Timo Sirainen