[Dovecot] imap crash during URLFETCH
Mike Abbott
michael.abbott at apple.com
Tue Apr 30 04:07:04 EEST 2013
Dovecot-2.2.1's imap processes crash reliably when they use an IMAP URL with an invalid access specifier. A backtrace and some debug output follows. The crash is likely caused by imap_urlauth_fetch_parsed() returning 0 without having set *mpurl_r to NULL, and then imap_urlauth_fetch_local() freeing an uninitialized pointer.
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000001059
0 libdovecot-storage.0.dylib 0x000000010b06a383 imap_msgpart_url_free + 17
1 imap 0x000000010afc71cc imap_urlauth_fetch_local + 770
2 imap 0x000000010afc6dcf imap_urlauth_fetch_url + 439
3 imap 0x000000010afbb489 cmd_urlfetch + 580
4 imap 0x000000010afbdf4d command_exec + 55
5 imap 0x000000010afbdabb client_command_input + 34
6 imap 0x000000010afbdc7c client_command_input + 483
7 imap 0x000000010afbd351 client_handle_input + 239
8 imap 0x000000010afbc613 client_input + 119
9 libdovecot.0.dylib 0x000000010b111c74 io_loop_call_io + 46
10 libdovecot.0.dylib 0x000000010b112c85 io_loop_handler_run + 214
11 libdovecot.0.dylib 0x000000010b111e1f io_loop_run + 77
12 libdovecot.0.dylib 0x000000010b0d10c6 master_service_run + 24
13 imap 0x000000010afc5aba main + 1010
14 libdyld.dylib 0x00007fff89e5f7bd start + 1
Apr 29 20:00:31 imap(pid 82429 user mja): Debug: Fetching local URLAUTH imap://mja@duck.example.com/INBOX;uidvalidity=1366726248/;uid=19;urlauth=submit+mja:internal:012c9c6a3d74db6509e4a3802a0f5edf64546608b8
Apr 29 20:00:31 imap(pid 82429 user mja): Debug: Failed to fetch URLAUTH "imap://mja@duck.example.com/INBOX;uidvalidity=1366726248/;uid=19;urlauth=submit+mja:internal:012c9c6a3d74db6509e4a3802a0f5edf64546608b8": No 'submit+mja' access allowed for user mja
Apr 29 20:00:31 imap(pid 82429 user mja): Fatal: master: service(imap): child 82429 killed with signal 11 (core dumps disabled)
More information about the dovecot
mailing list