[BUG] imap-login segfault when running nmap -sV

Florian Pritz bluewind at xinu.at
Fri Apr 24 16:50:28 UTC 2015


On 21.04.2015 17:10, Marcus Rueckert wrote:
>> > #0  0x00007f120100260b in ssl3_get_client_hello () from /usr/lib/libssl.so.1.0.0
>> > #1  0x00007f120100738f in ssl3_accept () from /usr/lib/libssl.so.1.0.0
>> > #2  0x00007f1201012b36 in ssl3_write_bytes () from /usr/lib/libssl.so.1.0.0
>> > #3  0x00007f1201906200 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #4  0x00007f12019062d8 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #5  0x00007f1201905f72 in ssl_proxy_destroy () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #6  0x00007f12019060e4 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #7  0x00007f1201906671 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #8  0x00007f1201902efa in ?? () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #9  0x00007f120162d503 in ?? () from /usr/lib/dovecot/libdovecot.so.0
>> > #10 0x00007f120168d62c in io_loop_call_io () from /usr/lib/dovecot/libdovecot.so.0
>> > #11 0x00007f120168e665 in io_loop_handler_run_internal () from /usr/lib/dovecot/libdovecot.so.0
>> > #12 0x00007f120168d699 in io_loop_handler_run () from /usr/lib/dovecot/libdovecot.so.0
>> > #13 0x00007f120168d718 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0
>> > #14 0x00007f120162cb23 in master_service_run () from /usr/lib/dovecot/libdovecot.so.0
>> > #15 0x00007f1201903788 in login_binary_run () from /usr/lib/dovecot/libdovecot-login.so.0
>> > #16 0x00007f120127d800 in __libc_start_main () from /usr/lib/libc.so.6
>> > #17 0x0000000000402909 in _start ()
> 
> looks more like a crash in openssl.

It is indeed crashing in openssl, but apparently because dovecot ignores
an earlier returned error and the ssl object is not properly set up.
There is a patch that works around this, but I don't yet know if it will
be included in openssl. Anyway, this should (also) be fixed in dovecot.

More details: https://rt.openssl.org/Ticket/Display.html?id=3818

Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150424/4abd2827/attachment.sig>


More information about the dovecot mailing list