Coredump: Panic: file smtp-address.c: line 530 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p))
John Fawcett
john at voipsupport.it
Mon Mar 5 22:09:52 EET 2018
On 05/03/18 15:14, Ralf Hildebrandt wrote:
> Got a coredump:
>
> Mar 5 15:09:42 mail-cbf dovecot: lmtp(backup at backup.invalid)<15425><2B+kCaZPnVpBPAAAplP5LA>: Fatal: master: service(lmtp): child 15425 killed with signal 6 (core dumped)
>
>
> #0 0x00007fea19977428 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
> resultvar = 0
> pid = 15425
> selftid = 15425
> #1 0x00007fea1997902a in __GI_abort () at abort.c:89
> save_stage = 2
> act = {
> __sigaction_handler = {
> sa_handler = 0x56239d9a3890,
> sa_sigaction = 0x56239d9a3890
> },
> sa_mask = {
> __val = {1, 94710917811261, 140643428345904, 94710917811577, 0, 140735221053024, 94710938452648, 513, 7700885895375379200, 0, 140643433202867, 94710938452648,
> 140735221053120, 94710938452304, 140643433203225, 94710938452648}
> },
> sa_flags = 433895898,
> sa_restorer = 0x5
> }
> sigs = {
> __val = {32, 0 <repeats 15 times>}
> }
> #2 0x00007fea19dd2aaf in default_fatal_finish (type=LOG_TYPE_PANIC, status=status at entry=0) at failures.c:228
> backtrace = 0x56239bd7c2e0 "/usr/lib/dovecot/libdovecot.so.0(+0xc6aca) [0x7fea19dd2aca] -> /usr/lib/dovecot/libdovecot.so.0(+0xc6bad) [0x7fea19dd2bad] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fea19d44721] -> /usr/lib/d"...
> recursed = 0
> #3 0x00007fea19dd2bad in i_internal_fatal_handler (ctx=0x7fff78dbb710, format=<optimized out>, args=<optimized out>) at failures.c:718
> status = 0
> #4 0x00007fea19d44721 in i_panic (format=format at entry=0x7fea19e0ec98 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:306
> ctx = {
> type = LOG_TYPE_PANIC,
> exit_status = 0,
> timestamp = 0x0,
> timestamp_usecs = 0,
> log_prefix = 0x0
> }
> args = <error reading variable args (Attempt to dereference a generic pointer.)>
> #5 0x00007fea19d4831d in smtp_address_write (out=0x56239bd7c150, address=0x56239bd7c108) at smtp-address.c:530
> quoted = <optimized out>
> p = 0x56239bd7c11b "üller"
> pend = 0x56239bd7c121 ""
> pblock = 0x56239bd7c11a "müller"
> __func__ = "smtp_address_write"
> #6 0x00007fea19d48411 in smtp_address_encode (address=0x56239bd7c108) at smtp-address.c:567
> str = 0x56239bd7c150
> #7 0x00007fea1a3cf774 in mail_deliver_log_update_cache (cache=cache at entry=0x56239bddf1c8, pool=0x56239bddf180, mail=0x56239be185c8) at mail-deliver.c:111
> message_id = 0x56239d943a4c "<ae7dbbbcb4790c611b6a104ef5f7c540 at cron-eu.crsend.com>"
> subject = 0x56239d943b69 "JOMEC Seminar | Von Kennzahlencockpits und Lean Hospital Strategien"
> from_envelope = 0x0
> from = <optimized out>
> #8 0x00007fea1a3cfabf in mail_deliver_save_finish (ctx=0x56239be14ca0) at mail-deliver.c:533
> box = <optimized out>
> mbox = 0x56239be0efc0
> muser = 0x56239bdcb7c0
> dt = 0x56239bddf1c0
> #9 0x00007fea1a0c758c in mailbox_save_finish (_ctx=_ctx at entry=0x7fff78dbb948) at mail-storage.c:2461
> _data_stack_cur_id = 4
> ctx = 0x56239be14ca0
> t = 0x56239be10ce0
> keywords = 0x0
> pvt_flags = 0
> copying_via_save = true
> ret = <optimized out>
> #10 0x00007fea1a0b9eb4 in mail_storage_copy (ctx=0x0, ctx at entry=0x56239be14ca0, mail=mail at entry=0x56239bdfdb28) at mail-copy.c:112
> __func__ = "mail_storage_copy"
> #11 0x00007fea1a0e03f6 in mdbox_copy (_ctx=0x56239be14ca0, mail=0x56239bdfdb28) at mdbox-save.c:461
> ctx = 0x56239be14ca0
> save_mail = 0x56239bdfdb28
> src_mbox = <optimized out>
> rec = {
> map_uid = 2615013952,
> save_date = 22051
> }
> guid_data = 0x7fff78dbb9b0
> wanted_guid = "@\362ݛ#V\000\000\240L\341\233#V\000"
> #12 0x00007fea1a3cf999 in mail_deliver_copy (ctx=0x56239be14ca0, mail=0x56239bdfdb28) at mail-deliver.c:547
> box = <optimized out>
> mbox = 0x56239be0efc0
> muser = 0x56239bdcb7c0
> dt = 0x56239bddf1c0
> #13 0x00007fea1a0c7956 in mailbox_copy_int (_ctx=_ctx at entry=0x7fff78dbba98, mail=0x56239bdfdb28) at mail-storage.c:2532
> _data_stack_cur_id = 3
> ctx = 0x56239be14ca0
> t = 0x56239be10ce0
> keywords = 0x0
> pvt_flags = 0
> backend_mail = 0x56239bdfdb28
> ret = <optimized out>
> __func__ = "mailbox_copy_int"
> #14 0x00007fea1a0c7c38 in mailbox_save_using_mail (_ctx=_ctx at entry=0x7fff78dbba98, mail=<optimized out>) at mail-storage.c:2584
> ctx = <optimized out>
> __func__ = "mailbox_save_using_mail"
> #15 0x00007fea1a3d02ac in mail_deliver_save (ctx=ctx at entry=0x7fff78dbbc60, mailbox=<optimized out>, flags=flags at entry=0, keywords=keywords at entry=0x0,
> storage_r=storage_r at entry=0x7fff78dbbc50) at mail-deliver.c:363
> open_ctx = {
> user = 0x56239bdcacb8,
> lda_mailbox_autocreate = false,
> lda_mailbox_autosubscribe = false
> }
> box = 0x56239be0e6b8
> trans_flags = <optimized out>
> t = 0x56239be10ce0
> save_ctx = 0x0
> headers_ctx = 0x0
> kw = 0x0
> dest_mail = <optimized out>
> error = MAIL_ERROR_NONE
> mailbox_name = 0x56239a9d0a54 "INBOX"
> errstr = 0x0
> guid = 0x6adf0aebb9aa5b00 <error: Cannot access memory at address 0x6adf0aebb9aa5b00>
> changes = {
> pool = 0x1,
> uid_validity = 434166593,
> saved_uids = {
> arr = {
> buffer = 0x100000000,
> element_size = 7700885895375379200
> },
> v = 0x100000000,
> v_modifiable = 0x100000000
> },
> ignored_modseq_changes = 2614870800,
> changed = 35,
> no_read_perm = 86
> }
> default_save = <optimized out>
> ret = 0
> __func__ = "mail_deliver_save"
> #16 0x00007fea1a3d0916 in mail_deliver (ctx=ctx at entry=0x7fff78dbbc60, storage_r=storage_r at entry=0x7fff78dbbc50) at mail-deliver.c:496
> muser = 0x56239bdcb7c0
> ret = <optimized out>
> __func__ = "mail_deliver"
> #17 0x000056239a9cedc0 in lmtp_local_deliver (session=0x56239bddf1a8, src_mail=0x56239bdfdb28, rcpt=0x56239bdd5c80, trans=0x56239bde0d68, cmd=0x56239bde1ea8,
> local=0x56239bde2020) at lmtp-local.c:603
> set_parser = <optimized out>
> line = <optimized out>
> str = 0x56239bd7bc08
> proxy_data = {
> proto = SMTP_PROXY_PROTOCOL_LMTP,
> source_ip = {
> family = 0,
> u = {
> ip6 = {
> __in6_u = {
> __u6_addr8 = '\000' <repeats 15 times>,
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
> __u6_addr32 = {0, 0, 0, 0}
> }
> },
> ip4 = {
> s_addr = 0
> }
> }
> },
> source_port = 0,
> helo = 0x56239bd8d470 "mail-cbf.charite.de",
> login = 0x0,
> ttl_plus_1 = 0,
> timeout_secs = 0,
> extra_fields = 0x0,
> extra_fields_count = 0
> }
> delivery_time_started = {
> tv_sec = 1520258982,
> tv_usec = 162818
> }
> sets = <optimized out>
> rcpt_user = 0x56239bdcacb8
> mail_set = <optimized out>
> username = <optimized out>
> rcpt_idx = 0
> smtp_set = 0x56239be046e0
> lda_set = 0x56239be04750
> ns = <optimized out>
> rcpt_to = 0x56239bde0e78
> trcpt = 0x56239bde0e38
> storage = 0x56239bdcecc8
> mail_error = 1793002219
> ret = <optimized out>
> client = 0x56239bdbc338
> service_user = <optimized out>
> dctx = {
> pool = 0x56239bddf180,
> set = 0x56239be04750,
> smtp_set = 0x56239be046e0,
> session = 0x56239bddf1a8,
> session_time_msecs = 0,
> delivery_time_started = {
> tv_sec = 1520258982,
> tv_usec = 162818
> },
> dup_db = 0x0,
> session_id = 0x56239bd8d450 "2B+kCaZPnVpBPAAAplP5LA",
> src_mail = 0x56239bdfdb28,
> mail_from = 0x56239bde0e08,
> mail_params = {
> auth = 0x0,
> body = {
> type = SMTP_PARAM_MAIL_BODY_TYPE_UNSPECIFIED,
> ext = 0x0
> },
> envid = 0x0,
> ret = SMTP_PARAM_MAIL_RET_UNSPECIFIED,
> size = 0,
> extra_params = {
> arr = {
> buffer = 0x0,
> element_size = 0
> },
> v = 0x0,
> v_modifiable = 0x0
> }
> },
> rcpt_to = 0x56239bde0e78,
> rcpt_params = {
> orcpt = {
> addr_type = 0x0,
> addr = 0x56239bde0e78,
> addr_raw = 0x0
> },
> notify = SMTP_PARAM_RCPT_NOTIFY_UNSPECIFIED,
> extra_params = {
> arr = {
> buffer = 0x0,
> element_size = 0
> },
> v = 0x0,
> v_modifiable = 0x0
> }
> },
> rcpt_user = 0x56239bdcacb8,
> rcpt_default_mailbox = 0x56239a9d0a54 "INBOX",
> dest_mail = 0x0,
> cache = 0x0,
> tempfail_error = 0x0,
> tried_default_save = true,
> saved_mail = false,
> save_dest_mail = false,
> mailbox_full = false,
> dsn = false
> }
> input = <optimized out>
> var_table = <optimized out>
> error = 0x0
> #18 lmtp_local_deliver_to_rcpts (session=0x56239bddf1a8, trans=0x56239bde0d68, cmd=0x56239bde1ea8, local=0x56239bde2020) at lmtp-local.c:657
> rcpt = 0x56239bdd5c80
> first_uid = 4294967295
> src_mail = 0x56239bdfdb28
> count = <optimized out>
> i = 0
> #19 lmtp_local_data (client=client at entry=0x56239bdbc338, cmd=cmd at entry=0x56239bde1ea8, trans=trans at entry=0x56239bde0d68, input=<optimized out>) at lmtp-local.c:734
> local = 0x56239bde2020
> session = 0x56239bddf1a8
> old_uid = 0
> #20 0x000056239a9cdb53 in cmd_data_finish (trans=0x56239bde0d68, cmd=0x56239bde1ea8, client=0x56239bdbc338) at commands.c:144
> state = 0x56239bdbc3c0
> input_proxy = 0x0
> input_msg = 0x0
> input_local = 0x56239bde26b8
> inputs = {0x0, 0x56239bde2238, 0x0}
> #21 cmd_data_continue (conn_ctx=0x56239bdbc338, cmd=0x56239bde1ea8, trans=0x56239bde0d68) at commands.c:190
> client = 0x56239bdbc338
> state = 0x56239bdbc3c0
> data_input = <optimized out>
> data = <optimized out>
> size = 543
> ret = <optimized out>
> __func__ = "cmd_data_continue"
> #22 0x00007fea19d566e0 in cmd_data_handle_input (cmd=0x56239bde1ea8) at smtp-server-cmd-data.c:199
> conn = 0x56239bde0930
> callbacks = 0x56239abd27a0 <lmtp_callbacks>
> command = 0x56239bde1ea8
> data_cmd = 0x56239bde83e8
> ret = <optimized out>
> __func__ = "cmd_data_handle_input"
> #23 0x00007fea19dea649 in io_loop_call_io (io=0x56239bdba970) at ioloop.c:614
> ioloop = 0x56239bd82c70
> t_id = 2
> __func__ = "io_loop_call_io"
> #24 0x00007fea19debf29 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x56239bd82c70) at ioloop-epoll.c:222
> ctx = 0x56239bd849f0
> ret = <optimized out>
> __func__ = "cmd_data_handle_input"
> #23 0x00007fea19dea649 in io_loop_call_io (io=0x56239bdba970) at ioloop.c:614
> ioloop = 0x56239bd82c70
> t_id = 2
> __func__ = "io_loop_call_io"
> #24 0x00007fea19debf29 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x56239bd82c70) at ioloop-epoll.c:222
> ctx = 0x56239bd849f0
> ---Type <return> to continue, or q <return> to quit---
> io = <optimized out>
> tv = {
> tv_sec = 299,
> tv_usec = 999816
> }
> events_count = <optimized out>
> msecs = <optimized out>
> ret = 1
> i = 0
> j = <optimized out>
> call = <optimized out>
> __func__ = "io_loop_handler_run_internal"
> #25 0x00007fea19dea752 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:666
> No locals.
> #26 0x00007fea19dea968 in io_loop_run (ioloop=0x56239bd82c70) at ioloop.c:639
> __func__ = "io_loop_run"
> #27 0x00007fea19d672a3 in master_service_run (service=0x56239bd82b00, callback=<optimized out>) at master-service.c:767
> No locals.
> #28 0x000056239a9ccc3d in main (argc=1, argv=0x56239bd82890) at main.c:159
> set_roots = {0x56239abd3280 <smtp_submit_setting_parser_info>, 0x56239abd31e0 <lda_setting_parser_info>, 0x56239abd2600 <lmtp_setting_parser_info>, 0x0}
> service_flags = <optimized out>
> storage_service_flags = (MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT)
> tmp_base_dir = 0x56239bd7a040 "tp data)"
> c = <optimized out>
> error = 0x0
>
>
The assert and consequent core dump is happening when processing the u
umlaut character from the From header.
p = 0x56239bd7c11b "üller"
The problem is reproducible with a simple test case using a file
/tmp/test.txt that contains some 8 bit character like the u umlaut
From: a.müller at example.com
To: whoever at example.com
Date: 05 March 2018 21:00:00
Subject: test
test
EOF
Then it can be fed into posfix substituting youremailaddress at yourdomain
with a real account on the dovecot server.
cat /tmp/test.txt | sendmail -f someone at example.com
youremailaddress at yourdomain
In the maillog there is the following error message:
Mar 5 01:00:40 localhost dovecot:
lmtp(admin99)<22325><nhREHKiInFo1VwAA0J78UA>: Panic: file
smtp-address.c: line 530 (smtp_address_write): assertion failed:
(smtp_char_is_qpair(*p))
There are two ways to fix this: 1) let dovecot accept non ascii chars in
the local part as it did until 2.2 (see attached patch) or 2) instead of
the i_assert() call, log an error and reject the email. But this second
approach looks more complicated.
The patch just removes the i_assert() call. I tried that patch and it
seems ok. Before applying it, it is worthwhile if anyone can remember
what was the logic behind this i_assert() call in the first place (which
I fail to see), in case there is something that I am overlooking.
John
--- smtp-address.c.orig 2018-03-05 20:47:35.654257741 +0100
+++ smtp-address.c 2018-03-05 20:47:48.550311547 +0100
@@ -527,7 +527,6 @@
if (!quoted) {
str_append_c(out, '.');
} else {
- i_assert(smtp_char_is_qpair(*p));
if (!smtp_char_is_qtext(*p))
str_append_c(out, '\\');
str_append_c(out, *p);
More information about the dovecot
mailing list