[Dovecot] Segfault in quota-fs plugin

[Brandon Davidson]

Hi all,

We recently attempted to update our Dovecot installation to version
1.2.5. After doing so, we noticed a constant stream of crash messages in
our log file:

Sep 22 15:58:41 hostname dovecot: imap-login: Login: user=<USERNAME>,
method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, TLS
Sep 22 15:58:41 hostname dovecot: dovecot: child 6339 (imap) killed with
signal 11 (core dumps disabled)

We rolled back to version 1.2.4, and installed 1.2.5 on a test system -
something we'll have to make sure to do *before* rolling new versions
into production.

Anyway, after examining a few core files from the test system, it looks
like the recent changes to the quota plugin (specifically the maildir
backend's late initialization fix) have broken the other backends. Stack
trace and further debugging are available here:
http://uoregon.edu/~brandond/dovecot-1.2.5/bt.txt

The relevant code seems to have been added in changeset 9380:
http://hg.dovecot.org/dovecot-1.2/rev/fe063e0d7109

Specifically, quota.c line 447 does not check to see if the backend
implements init_limits before calling it, resulting in a null function
call for all backends that do not do so. Since this crash would appear
to affect all quota backends other than maildir, it should be a pretty
easy to reproduce.

I've attached a patch which seems to fix the obvious code issue. I can't
guarantee it's the correct fix since this is my first poke at the
Dovecot source, but it seems to have stopped the crashing on our test
host.

Regards,

-Brandon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-1.2.5-check-init_limits.patch
Type: application/octet-stream
Size: 429 bytes
Desc: dovecot-1.2.5-check-init_limits.patch
Url : http://dovecot.org/pipermail/dovecot/attachments/20090922/e8265578/attachment.obj