antispam plugin crash

Thomas Witt lists at thwitt.de
Sun Aug 17 16:45:01 UTC 2014


Hi,

the dovecot antispam plugin crahses here on a nullpointer dereference in
antispam_copy() at mailbox.c

The crash tracks back to a call of
antispam_classify_copy(asms->box_class, asmb->box_class)

At that point in time asmb is set to 0x0, causing the process to crash
with SIGSEGV.

Regards,
Thomas

GDB output:

Program received signal SIGSEGV, Segmentation fault.
antispam_copy (ctx=0x14ed9f0, mail=0x14c6cc0) at mailbox.c:107
107         enum mailbox_copy_type copy_type =
(gdb) bt
#0  antispam_copy (ctx=0x14ed9f0, mail=0x14c6cc0) at mailbox.c:107
#1  0x00007fdadb627fcd in mailbox_copy () from
/usr/lib64/dovecot/libdovecot-storage.so.0
#2  0x00007fdada6cdba0 in act_store_execute () from
/usr/lib64/dovecot/libdovecot-sieve.so.0
#3  0x00007fdada6c59d9 in sieve_result_execute () from
/usr/lib64/dovecot/libdovecot-sieve.so.0
#4  0x00007fdada6d4a2a in sieve_execute () from
/usr/lib64/dovecot/libdovecot-sieve.so.0
#5  0x00007fdada9212cb in lda_sieve_deliver_mail () from
/usr/lib64/dovecot/lib90_sieve_plugin.so
#6  0x00007fdadb8cae1a in mail_deliver () from
/usr/lib64/dovecot/libdovecot-lda.so.0
#7  0x0000000000405ebd in client_input_data_handle ()
#8  0x00007fdadb34e9bf in io_loop_call_io () from
/usr/lib64/dovecot/libdovecot.so.0
#9  0x00007fdadb34f8b7 in io_loop_handler_run_internal () from
/usr/lib64/dovecot/libdovecot.so.0
#10 0x00007fdadb34ea29 in io_loop_handler_run () from
/usr/lib64/dovecot/libdovecot.so.0
#11 0x00007fdadb34eaa8 in io_loop_run () from
/usr/lib64/dovecot/libdovecot.so.0
#12 0x00007fdadb2fe803 in master_service_run () from
/usr/lib64/dovecot/libdovecot.so.0
#13 0x0000000000404995 in main ()
(gdb) p asms
$3 = (struct antispam_mailbox *) 0x0


More information about the dovecot mailing list