[Dovecot] Crash in pop3 with version 2.2.12
Axel Luttgens
axel.luttgens at skynet.be
Fri Apr 4 09:09:06 UTC 2014
Le 4 avr. 2014 à 10:37, Teemu Huovila a écrit :
> Hello
>
> On 04/04/2014 11:18 AM, Axel Luttgens wrote:
>> I'm still wondering... under which circumstances could the crash occur?
> This issue occurs whenever the function src/pop3/pop3-commands.c:client_uidls_save() is called.
> The function is called when:
>
> The pop3 internal structure client->message_uidls_save is 1. This in turn happens when any of these is true:
> 1. pop3 logoutformat has %u
> 2. config setting pop3_uidl_duplicates is not the default "allow"
> 3. config setting pop3_save_uidl=yes
>
> The problem manifests in two different ways.
> 1) When the zlib plugin is active the executable crashed due to a segmentation fault.
> 2) If there is no zlib, the data returned by the UIDL command is "off-by-one" and the last data item is null.
>
> Without zlib the error might look something like this:
> C:uidl
> S:+OK
> S:1 00000002533553b6
> S:2 00000003533553b6
> S:3 00000004533553b6
> S:4 00000005533553b6
> S:5 00000006533553b6
> S:6 (null)
> S:.
>
>> Hence the question: to patch or not to patch?
> Patch, if your setup will need to meet any of the three criteria triggering the issue, before 2.2.13 is released.
Hello Teemu,
Thank you very much for your kind and very detailed explanation.
None of 1. to 3. apply here, so I guess I've just been lucky.
On the other hand, I didn't notice that the patch applies to a very precise context (the client_uidls_save function); it should thus be safe to apply it in all cases (even if un-needed with some *current* configuration).
Sincerely,
Axel
More information about the dovecot
mailing list