talloc access after free error ntlmssp_server.c:457

J Landwehr jlandwehr at icloud.com
Wed Mar 30 12:04:27 UTC 2016 

Do you think it’s a bug in the dovecot code that calls winbind?
Or in the samba based winbind code?

We have a fully patched CentOS system.

This case is definitely triggered as follows:
Connect with Outlook
Outlook brings in any new mail
After maybe 30 seconds there are IMAP disconnect messages in maillog
Then send a message to yourself.
The message is sent and received, but the dovecot server crashes/panics
Appears to be related to the CONT command
And receiving NT_STATUS_WRONG_PASSWORD / NT_STATUS_LOGON_FAILURE

What I can’t figure out is that ntlm_auth always works from the command line, and IMAP is otherwise working to bring in new mail (so authenticating is working) - but it’s like a certain condition of sync’ing perhaps the Sent folder with the Inbox folder having two authentication events simultaneously is the issue, and the second one fails?

auth client connected
auth client conencted
client in: AUTH
client in: AUTH
client passdb out: CONT#0111
client passdb out: CONT#0111
client in: CONT<hidden>
Got 'YR ..." from squid (length: 59).
Starting GENSEC mechanism ntlmssp
Starting GENSEC mechanism ntlmssp

Login for user [domain]\[user]@[workstation] failed due to [Wrong Password]
../auth/ntlmssp/ntlmssp_server.c:455: checking NTLMSSP password for domain/user failed: NT_STATUS_WRONG_PASSWORD
GENSEC login failed: NT_STATUS_LOGON_FAILURE
winbind(?,IP,<...>): user not authenticated: NT_STATUS_LOGON_FAILURE
client in: CONT
got 'KK ......' from squid .
talloc: access after free error - first free may be at ../auth/ntlmssp/ntlmssp_server.c:457
Bad talloc magic value - access after free
PANIC (pid ....): Bad talloc magic value - access after free
Definitely welcome any debugging ideas and workarounds, because we have had to shut off IMAP and only use POP.

> On Mar 29, 2016, at 1:46 PM, Timo Sirainen <tss at iki.fi> wrote:
> 
> On 16 Mar 2016, at 22:38, J Landwehr <jlandwehr at icloud.com> wrote:
>> 
>> Our new/fresh dovecot imap installation on CentOS (latest from yum repository, which is 2.2.10) is locking up with a panic on a consistent basis and denying service to subsequent clients.  The behavior is repeatable.  Have spent weeks debugging and trying different configurations with no success.
>> 
>> Specific /var/log/maillog error messages are:
>> 
>> 12:06:54 dovecot: auth: Error: talloc: access after free error - first free may be at ../auth/ntlmssp/ntlmssp_server.c:457
>> 12:06:54 dovecot: auth: Error: Bad talloc magic value - access after free
>> 12:06:54 dovecot: auth: Error: PANIC (pid 2570): Bad talloc magic value - access after free
> 
> Looks like a bug in the winbind code.
>

More information about the dovecot mailing list