imapd dumps core on APPEND URL with invalid section

ellie timoney ellie at fastmail.com
Mon Aug 1 01:41:26 EDT 2016 

The master branch has a commit to address this exact (like, literally
"TEXT.MIME") issue:

https://github.com/cyrusimap/cyrus-imapd/commit/f7b95b93

I've just cherry-picked it onto the cyrus-imapd-2.4 branch and it
applied cleanly first time, so it's upstream now.  (It's already in 2.5,
and has been since the 2.5.0 release.)

Though your email raises another question -- what do we want to do about
other junk section values?

On Sat, Jul 30, 2016, at 11:18 PM, Edda via Info-cyrus wrote:
> Hi,
> 
> we get core dumps of imapd on commands like this:
> 
> A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE 
> (URL "/INBOX/;uid=44335/;section=TEXT.MIME" URL 
> "/INBOX/;uid=44335/;section=TEXT")
> Connection closed by foreign host.
> 
> Tested with:
> Cyrus 2.4.18 on Solaris 11
> Cyrus 2.4.17 on CentOS 7
> 
> section=MIME instead of section=TEXT.MIME (which I think is not a valid 
> section) works for the message:
> 
> A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE 
> (URL "/INBOX/;uid=44335/;section=MIME" URL 
> "/INBOX/;uid=44335/;section=TEXT")
> A7 OK [APPENDUID 1469792687 169] Completed
> 
> To illustrate the issue we produced core dumps with some nonsense 
> sections, example:
> 
> A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE 
> (URL "/INBOX/;uid=44335/;section=CATS_AND_DOGS" URL 
> "/INBOX/;uid=44335/;section=TEXT")
> Connection closed by foreign host.
> 
> 
> This is the stacktrace of the corresponding core file (produced with 
> Cyrus 2.4.17):
> 
> (gdb) bt full
> #0  __bswap_32 (__bsx=<error reading variable: Cannot access memory at 
> address 0x7f6211818650>) at /usr/include/bits/byteswap.h:47
> No locals.
> #1  index_urlfetch (state=<optimized out>, msgno=<optimized out>, 
> params=0, section=<optimized out>, start_octet=0, octet_count=0,
>      pout=0x7f612b939610, outsize=0x7fff44d3ce80) at index.c:2785
>          num_parts = 2
>          p = 0x7f612b9292fb "CATS_AND_DOGS"
>          data = 0x7f6129f41000 <Address 0x7f6129f41000 out of bounds>
>          msg_base = 0x7f6129f41000 <Address 0x7f6129f41000 out of bounds>
>          msg_size = 4812
>          cacheitem = 0x7f6211818650 <Address 0x7f6211818650 out of
>          bounds>
>          fetchmime = 1
>          domain = 0
>          size = 4812
>          skip = 1697477688
>          n = <optimized out>
>          r = <optimized out>
>          decbuf = 0x0
>          mailbox = 0x7f612b929878
>          im = 0x7f612b92a7b0
> […]
> (gdb) where
> #0  __bswap_32 (__bsx=<error reading variable: Cannot access memory at 
> address 0x7f62a7ebe650>) at /usr/include/bits/byteswap.h:47
> #1  index_urlfetch (state=<optimized out>, msgno=<optimized out>, 
> params=0, section=<optimized out>, start_octet=0, octet_count=0, 
> pout=0x7f61c12d4600, outsize=0x7ffcec9b1fc0)
>      at index.c:2785
> #2  0x00007f61c06d0277 in cmd_append (tag=<optimized out>, 
> name=<optimized out>, cur_name=<optimized out>) at imapd.c:3121
> #3  0x00007f61c06d5f2c in cmdloop () at imapd.c:1279
> #4  0x00007f61c06d7759 in service_main (argc=<optimized out>, 
> argv=<optimized out>, envp=<optimized out>) at imapd.c:946
> #5  0x00007f61c06c0875 in main (argc=<optimized out>, argv=<optimized 
> out>, envp=0x7ffcec9b7a88) at service.c:582
> 
> 
> I don’t know where to fix it best in order to get BADURL or something 
> instead of a core dump, so any help would be highly appreciated.
> 
> Regards,
> Edda
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

More information about the Info-cyrus mailing list