imapd dumps core on APPEND URL with invalid section

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

we get core dumps of imapd on commands like this:

A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE (URL "/INBOX/;uid=44335/;section=TEXT.MIME" URL "/INBOX/;uid=44335/;section=TEXT")
Connection closed by foreign host.

Tested with:
Cyrus 2.4.18 on Solaris 11
Cyrus 2.4.17 on CentOS 7

section=MIME instead of section=TEXT.MIME (which I think is not a valid section) works for the message:

A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE (URL "/INBOX/;uid=44335/;section=MIME" URL "/INBOX/;uid=44335/;section=TEXT")
A7 OK [APPENDUID 1469792687 169] Completed

To illustrate the issue we produced core dumps with some nonsense sections, example:

A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE (URL "/INBOX/;uid=44335/;section=CATS_AND_DOGS" URL "/INBOX/;uid=44335/;section=TEXT")
Connection closed by foreign host.


This is the stacktrace of the corresponding core file (produced with Cyrus 2.4.17):

(gdb) bt full
#0 __bswap_32 (__bsx=<error reading variable: Cannot access memory at address 0x7f6211818650>) at /usr/include/bits/byteswap.h:47
No locals.
#1 index_urlfetch (state=<optimized out>, msgno=<optimized out>, params=0, section=<optimized out>, start_octet=0, octet_count=0,
    pout=0x7f612b939610, outsize=0x7fff44d3ce80) at index.c:2785
        num_parts = 2
        p = 0x7f612b9292fb "CATS_AND_DOGS"
        data = 0x7f6129f41000 <Address 0x7f6129f41000 out of bounds>
        msg_base = 0x7f6129f41000 <Address 0x7f6129f41000 out of bounds>
        msg_size = 4812
        cacheitem = 0x7f6211818650 <Address 0x7f6211818650 out of bounds>
        fetchmime = 1
        domain = 0
        size = 4812
        skip = 1697477688
        n = <optimized out>
        r = <optimized out>
        decbuf = 0x0
        mailbox = 0x7f612b929878
        im = 0x7f612b92a7b0
[…]
(gdb) where
#0 __bswap_32 (__bsx=<error reading variable: Cannot access memory at address 0x7f62a7ebe650>) at /usr/include/bits/byteswap.h:47 #1 index_urlfetch (state=<optimized out>, msgno=<optimized out>, params=0, section=<optimized out>, start_octet=0, octet_count=0, pout=0x7f61c12d4600, outsize=0x7ffcec9b1fc0)
    at index.c:2785
#2 0x00007f61c06d0277 in cmd_append (tag=<optimized out>, name=<optimized out>, cur_name=<optimized out>) at imapd.c:3121
#3  0x00007f61c06d5f2c in cmdloop () at imapd.c:1279
#4 0x00007f61c06d7759 in service_main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at imapd.c:946 #5 0x00007f61c06c0875 in main (argc=<optimized out>, argv=<optimized out>, envp=0x7ffcec9b7a88) at service.c:582


I don’t know where to fix it best in order to get BADURL or something instead of a core dump, so any help would be highly appreciated.

Regards,
Edda

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux