[Dovecot] PATCH: SQL connect crash

[Leandro Santi]

Hi!

Dovecot 2.0.0 auth process seems to crash while attempting to
connect to a nonexistent SQL database. A shallow look at the code
reveals that NULL module->conn in passdb-sql.c is being erroneously
dereferenced while trying to clean up after a failed connection
attempt:

(gdb) bt
#0  0x0806240e in sql_query_callback (result=0x8076c40, sql_request=0x808ff90)
    at passdb-sql.c:70
#1  0x08069b66 in sqlpool_request_abort (_request=<value optimized out>)
    at driver-sqlpool.c:114
#2  0x0806ab2a in driver_sqlpool_deinit (_db=0x808b970) at driver-sqlpool.c:448
#3  0x0806970a in sql_deinit (_db=0x808b5bc) at sql-api.c:87
#4  0x0805a3ac in db_sql_unref (_conn=0x807fc60) at db-sql.c:119
#5  0x08062be2 in userdb_deinit (userdb=0x807fc48) at userdb.c:177
#6  0x0804ff4b in auths_deinit () at auth.c:213
#7  0x0805b7bc in main (argc=1474660693, argv=0xec835356) at main.c:160

gdb) print ((struct sql_passdb_module *) _module)->conn
$20 = (struct sql_connection *) 0x0

It seems that module->conn for passdb is being zeroed at auth_deinit(),
passdb_deinit() completes succesfully but then userdb_deinit() does
the illegal access.

The following hack seems to eliminate the symptom, however I'd
strongly recommend to take a deeper look at the issue. I suspect
that a higher level fix would be more appropriate.

--- dovecot-2.0.rc6.orig/src/auth/passdb-sql.c  2010-07-21
14:13:29.000000000 +0000
+++ dovecot-2.0.rc6.patched/src/auth/passdb-sql.c       2010-08-18
21:07:05.000000000 +0000
@@ -67,7 +67,7 @@

        ret = sql_result_next_row(result);
        if (ret < 0) {
-               if (!module->conn->default_password_query) {
+               if (!module->conn || !module->conn->default_password_query) {
                        auth_request_log_error(auth_request, "sql",
                                               "Password query failed: %s",
                                               sql_result_get_error(result));

Leandro