BUG: segfault in auth when user listed multiple times in LDAP

Timo Sirainen tss at iki.fi
Thu Jul 3 17:34:48 UTC 2014


On 27.6.2014, at 13.24, Laszlo Toth <laszlo.toth at linguamatics.com> wrote:

> I think I found a bug in the auth module. It can be triggered when the userdb is in LDAP and an user is found multiple times in LDAP.
> 
> Dovecot version 2.2.10 (from ATrpms Testing) running on CentOS 6.5 x64.
> 
> Jun 27 10:34:34 server dovecot: auth: Debug: ldap(USER): user search: base=dc=linguamatics,dc=com scope=subtree filter=( & (uid=user) (| (&(objectClass=posixAccount)(|(employeeType=staff)(employeeType=guest))) (objectClass=account) ) ) fields=uid
> Jun 27 10:34:34 server kernel: auth[15916]: segfault at 8 ip 00007f45e5aa9bef sp 00007fff5b17e210 error 4 in libauthdb_ldap.so[7f45e5aa4000+a000]
> Jun 27 10:34:34 server dovecot: auth: Error: ldap(user): LDAP search returned multiple entries
> Jun 27 10:34:34 server dovecot: auth: Debug: ldap(user): no fields returned by the server
> Jun 27 10:34:35 server abrtd: Directory 'ccpp-2014-06-27-10:34:34-15916' creation detected
> Jun 27 10:34:35 server abrt[16137]: Saved core dump of pid 15916 (/usr/libexec/dovecot/auth) to /var/spool/abrt/ccpp-2014-06-27-10:34:34-15916 (2863104 bytes)
> Jun 27 10:34:35 server dovecot: doveadm(user): Error: userdb lookup(user): Disconnected unexpectedly
> Jun 27 10:34:35 server dovecot: doveadm(user): Error: sync: User lookup failed: Internal error occurred. Refer to server log for more information.
> Jun 27 10:34:35 server dovecot: auth: Fatal: master: service(auth): child 15916 killed with signal 11 (core dumped)

Doesn't crash in latest hg, so I guess this is fixed already.



More information about the dovecot mailing list