[PATCH] mail-storage.c: check against NULL address in strcmp() invocation
Michal Soltys
soltys at ziu.info
Wed Jan 11 11:28:55 UTC 2017
On 01/10/2017 09:31 PM, Timo Sirainen wrote:
> On 10 Jan 2017, at 21.58, Michal Soltys <soltys at ziu.info> wrote:
>>
>> Configurations with multiple shared namespaces can trigger a bug
>> where the first argument of strcmp() invocation is NULL.
>>
>> This patch adds an explicit check, analogously to how the second
>> argument is sanitized.
>
> I think it shouldn't be NULL though.. I'd rather add some asserts and figure out why it is. I guess the attached patch assert-crashes? What's the backtrace there?
>
Yea, assert triggers instantly once I try to read any folder. bt full below
#2 0x00007f1b92c53727 in default_fatal_finish (type=LOG_TYPE_PANIC, status=0) at failures.c:201
backtrace = 0x971fb0 "/usr/lib/dovecot/libdovecot.so.0(+0xc36d8) [0x7f1b92c536d8] -> /usr/lib/dovecot/libdovecot.so.0(+0xc4c06) [0x7f1b92c54c06] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f1b92c53a5b] -> /usr/lib/d"...
#3 0x00007f1b92c54c06 in i_internal_fatal_handler (ctx=0x7ffdee3f6fe0, format=0x7f1b93043e68 "file %s: line %d (%s): assertion failed: (%s)", args=0x7ffdee3f7000) at failures.c:670
status = 0
#4 0x00007f1b92c53a5b in i_panic (format=0x7f1b93043e68 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0, timestamp_usecs = 0}
args = <error reading variable args (Attempt to dereference a generic pointer.)>
#5 0x00007f1b92f4921e in mail_storage_create_full (ns=0x9927e0, driver=0x7f1b93042516 "shared", data=0x98f438 "mdbox:%h", flags=(unknown: 0), storage_r=0x7ffdee3f71d0, error_r=0x7ffdee3f7230) at mail-storage.c:407
storage_class = 0x7f1b932995c0 <shared_storage>
storage = 0x995800
list = 0x994ff0
list_set = {layout = 0x7f1b9304841d "shared", root_dir = 0x98ebc8 "/var/run/dovecot", index_dir = 0x0, index_pvt_dir = 0x0,
control_dir = 0x0, alt_dir = 0x0, inbox_path = 0x0, subscription_fname = 0x0, maildir_name = 0x7f1b93044073 "",
mailbox_dir_name = 0x7f1b93044073 "", escape_char = 0 '\000', broken_char = 0 '\000', utf8 = false, alt_dir_nocheck = false,
index_control_use_maildir_name = false}
list_flags = (unknown: 0)
p = 0x0
__FUNCTION__ = "mail_storage_create_full"
#6 0x00007f1b92f4931d in mail_storage_create (ns=0x9927e0, driver=0x7f1b93042516 "shared", flags=(unknown: 0), error_r=0x7ffdee3f7230) at mail-storage.c:420
storage = 0x9921e0
#7 0x00007f1b92f3ecdc in mail_namespaces_init_add (user=0x98e0b0, ns_set=0x98ed70, unexpanded_ns_set=0x98e5e8, ns_p=0x992080, error_r=0x7ffdee3f7378) at mail-namespace.c:195
mail_set = 0x98e9d8
ns = 0x9927e0
driver = 0x7f1b93042516 "shared"
error = 0x0
ret = 0
#8 0x00007f1b92f3f694 in mail_namespaces_init (user=0x98e0b0, error_r=0x7ffdee3f7378) at mail-namespace.c:414
mail_set = 0x98e9d8
ns_set = 0x98ecc0
unexpanded_ns_set = 0x98e538
namespaces = 0x992080
ns_p = 0x992080
i = 1
count = 3
count2 = 3
__FUNCTION__ = "mail_namespaces_init"
#9 0x00007f1b92f52528 in mail_storage_service_init_post (ctx=0x97b7d0, user=0x980040, priv=0x7ffdee3f7380, mail_user_r=0x7ffdee3f7498, error_r=0x7ffdee3f7378) at mail-storage-service.c:728
mail_set = 0x98e9d8
home = 0x980be9 "/var/mail1/msl"
mail_user = 0x98e0b0
#10 0x00007f1b92f542c1 in mail_storage_service_next_real (ctx=0x97b7d0, user=0x980040, mail_user_r=0x7ffdee3f7498) at mail-storage-service.c:1426
priv = {uid = 105, gid = 8, uid_source = 0x7f1b930454cc "userdb lookup", gid_source = 0x7f1b930454cc "userdb lookup",
home = 0x980be9 "/var/mail1/msl", chroot = 0x971838 ""}
error = 0x0
len = 0
disallow_root = true
temp_priv_drop = false
use_chroot = true
#11 0x00007f1b92f5437c in mail_storage_service_next (ctx=0x97b7d0, user=0x980040, mail_user_r=0x7ffdee3f7498) at mail-storage-service.c:1444
old_log_prefix = 0x97fe50 "imap(msl): "
ret = 0
#12 0x00007f1b92f544f5 in mail_storage_service_lookup_next (ctx=0x97b7d0, input=0x7ffdee3f7520, user_r=0x7ffdee3f7490, mail_user_r=0x7ffdee3f7498, error_r=0x7ffdee3f7518) at mail-storage-service.c:1477
user = 0x980040
ret = 1
#13 0x00000000004314f0 in client_create_from_input (input=0x7ffdee3f7520, fd_in=7, fd_out=7, client_r=0x7ffdee3f7510, error_r=0x7ffdee3f7518) at main.c:228
user = 0x7ffdee3f74d0
mail_user = 0x7ffdee3f7510
ns = 0x7f1b92c9dfb3
client = 0x979370
imap_set = 0xc00000000
lda_set = 0x971100
errstr = 0x7f1b92efeac0 <static_system_pool> "\200\352\357\222\033\177"
mail_error = 32539
#14 0x0000000000431968 in login_client_connected (login_client=0x97da20, username=0x971043 "msl", extra_fields=0x9710d0) at main.c:316
input = {module = 0x43db49 "imap", service = 0x43db49 "imap", username = 0x971043 "msl", session_id = 0x97daa0 "PARRLs5FeMjAqAD+",
session_id_prefix = 0x0, session_create_time = 0, local_ip = {family = 2, u = {ip6 = {__in6_u = {
__u6_addr8 = "\300\250\000\374", '\000' <repeats 11 times>, __u6_addr16 = {43200, 64512, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {
4227901632, 0, 0, 0}}}, ip4 = {s_addr = 4227901632}}}, remote_ip = {family = 2, u = {ip6 = {__in6_u = {
__u6_addr8 = "\300\250\000\376", '\000' <repeats 11 times>, __u6_addr16 = {43200, 65024, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {
4261456064, 0, 0, 0}}}, ip4 = {s_addr = 4261456064}}}, local_port = 0, remote_port = 0, userdb_fields = 0x9710d0,
flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = 0, debug = 0}
client = 0x3000000018
flags = (MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION | unknown: 32538)
error = 0x7ffdee3f75f0 "0̗"
__FUNCTION__ = "login_client_connected"
#15 0x00007f1b92bc31c1 in master_login_auth_finish (client=0x97da20, auth_args=0x9710c8) at master-login.c:210
login = 0x97cd30
service = 0x9795e0
close_sockets = true
__FUNCTION__ = "master_login_auth_finish"
#16 0x00007f1b92bc3aca in master_login_auth_callback (auth_args=0x9710c8, errormsg=0x0, context=0x97da20) at master-login.c:379
client = 0x97da20
conn = 0x97d820
reply = {tag = 1, status = MASTER_AUTH_STATUS_OK, mail_pid = 20189}
#17 0x00007f1b92bc4ae9 in master_login_auth_input_user (auth=0x97cdb0,
args=0x97de5c "4291297281\tmsl\tuid=105\tgid=8\tmail=maildir:/var/mail1/msl\thome=/var/mail1/msl\tauth_token=18dd1092f041e803835776fae22759a100511eb8") at master-login-auth.c:244
request = 0x97cc30
list = 0x9710c0
id = 4291297281
#18 0x00007f1b92bc4fb1 in master_login_auth_input (auth=0x97cdb0) at master-login-auth.c:364
line = 0x97de57 "USER\t4291297281\tmsl\tuid=105\tgid=8\tmail=maildir:/var/mail1/msl\thome=/var/mail1/msl\tauth_token=18dd1092f041e803835776fae22759a100511eb8"
ret = false
#19 0x00007f1b92c72545 in io_loop_call_io (io=0x97ccb0) at ioloop.c:599
ioloop = 0x979740
t_id = 2
__FUNCTION__ = "io_loop_call_io"
#20 0x00007f1b92c74e68 in io_loop_handler_run_internal (ioloop=0x979740) at ioloop-epoll.c:222
ctx = 0x97b260
events = 0x97c0d0
event = 0x97c0d0
list = 0x97cd10
io = 0x97ccb0
tv = {tv_sec = 154, tv_usec = 999457}
events_count = 5
msecs = 155000
ret = 1
i = 0
j = 0
call = true
__FUNCTION__ = "io_loop_handler_run_internal"
#21 0x00007f1b92c72726 in io_loop_handler_run (ioloop=0x979740) at ioloop.c:648
No locals.
#22 0x00007f1b92c72649 in io_loop_run (ioloop=0x979740) at ioloop.c:623
__FUNCTION__ = "io_loop_run"
#23 0x00007f1b92bc6e3b in master_service_run (service=0x9795e0, callback=0x431b68 <client_connected>) at master-service.c:641
No locals.
#24 0x0000000000431efb in main (argc=1, argv=0x979390) at main.c:460
set_roots = {0x43ca60 <imap_setting_parser_info>, 0x648340 <lda_setting_parser_info>, 0x0}
login_set = {auth_socket_path = 0x971048 "id=105", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60,
callback = 0x431883 <login_client_connected>, failure_callback = 0x431ad3 <login_client_failed>, request_auth_token = 1}
service_flags = MASTER_SERVICE_FLAG_KEEP_CONFIG_OPEN
storage_service_flags = (MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | MAIL_STORAGE_SERVICE_FLAG_AUTOEXPUNGE)
username = 0x0
auth_socket_path = 0x43dc63 "auth-master"
c = -1
More information about the dovecot
mailing list