imapd dumps core on APPEND URL with invalid section

Edda letters001 at sendmaid.org
Mon Aug 1 08:30:08 EDT 2016 

Hi Ellie,

Am 01.08.16 um 07:41 schrieb ellie timoney via Info-cyrus:
> The master branch has a commit to address this exact (like, literally
> "TEXT.MIME") issue:
>
> https://github.com/cyrusimap/cyrus-imapd/commit/f7b95b93
>
> I've just cherry-picked it onto the cyrus-imapd-2.4 branch and it
> applied cleanly first time, so it's upstream now.  (It's already in 2.5,
> and has been since the 2.5.0 release.)
Thank you very much for pointing me to the patch and for applying it to 
the 2.4. branch and for helping so quickly
Just tried it, works well for us.

>
> Though your email raises another question -- what do we want to do about
> other junk section values?
For non existing sections names I would suggest to reply with NO, BADURL 
("No such message part") as cyrus-imapd does already for sections out of 
range:

A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE 
(URL "/INBOX/;uid=44335/;section=15" URL "/INBOX/;uid=44335/;section=TEXT")
A7 NO [BADURL "/INBOX/;uid=44335/;section=15"] No such message part

If index_urlfetch (./imap/index.c) would return with BADURL on non 
existing section names too, catenate_url (./imap/imapd.c) would catch it 
already as "No such message part“.

Regards,
Edda
> On Sat, Jul 30, 2016, at 11:18 PM, Edda via Info-cyrus wrote:
>> Hi,
>>
>> we get core dumps of imapd on commands like this:
>>
>> A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE
>> (URL "/INBOX/;uid=44335/;section=TEXT.MIME" URL
>> "/INBOX/;uid=44335/;section=TEXT")
>> Connection closed by foreign host.
>>
>> Tested with:
>> Cyrus 2.4.18 on Solaris 11
>> Cyrus 2.4.17 on CentOS 7
>>
>> section=MIME instead of section=TEXT.MIME (which I think is not a valid
>> section) works for the message:
>>
>> A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE
>> (URL "/INBOX/;uid=44335/;section=MIME" URL
>> "/INBOX/;uid=44335/;section=TEXT")
>> A7 OK [APPENDUID 1469792687 169] Completed
>>
>> To illustrate the issue we produced core dumps with some nonsense
>> sections, example:
>>
>> A7 APPEND "INBOX/Junk E-mail" () "29-Jul-2016 07:17:38 +0000" CATENATE
>> (URL "/INBOX/;uid=44335/;section=CATS_AND_DOGS" URL
>> "/INBOX/;uid=44335/;section=TEXT")
>> Connection closed by foreign host.
>>
>>
>> This is the stacktrace of the corresponding core file (produced with
>> Cyrus 2.4.17):
>>
>> (gdb) bt full
>> #0  __bswap_32 (__bsx=<error reading variable: Cannot access memory at
>> address 0x7f6211818650>) at /usr/include/bits/byteswap.h:47
>> No locals.
>> #1  index_urlfetch (state=<optimized out>, msgno=<optimized out>,
>> params=0, section=<optimized out>, start_octet=0, octet_count=0,
>>       pout=0x7f612b939610, outsize=0x7fff44d3ce80) at index.c:2785
>>           num_parts = 2
>>           p = 0x7f612b9292fb "CATS_AND_DOGS"
>>           data = 0x7f6129f41000 <Address 0x7f6129f41000 out of bounds>
>>           msg_base = 0x7f6129f41000 <Address 0x7f6129f41000 out of bounds>
>>           msg_size = 4812
>>           cacheitem = 0x7f6211818650 <Address 0x7f6211818650 out of
>>           bounds>
>>           fetchmime = 1
>>           domain = 0
>>           size = 4812
>>           skip = 1697477688
>>           n = <optimized out>
>>           r = <optimized out>
>>           decbuf = 0x0
>>           mailbox = 0x7f612b929878
>>           im = 0x7f612b92a7b0
>> […]
>> (gdb) where
>> #0  __bswap_32 (__bsx=<error reading variable: Cannot access memory at
>> address 0x7f62a7ebe650>) at /usr/include/bits/byteswap.h:47
>> #1  index_urlfetch (state=<optimized out>, msgno=<optimized out>,
>> params=0, section=<optimized out>, start_octet=0, octet_count=0,
>> pout=0x7f61c12d4600, outsize=0x7ffcec9b1fc0)
>>       at index.c:2785
>> #2  0x00007f61c06d0277 in cmd_append (tag=<optimized out>,
>> name=<optimized out>, cur_name=<optimized out>) at imapd.c:3121
>> #3  0x00007f61c06d5f2c in cmdloop () at imapd.c:1279
>> #4  0x00007f61c06d7759 in service_main (argc=<optimized out>,
>> argv=<optimized out>, envp=<optimized out>) at imapd.c:946
>> #5  0x00007f61c06c0875 in main (argc=<optimized out>, argv=<optimized
>> out>, envp=0x7ffcec9b7a88) at service.c:582
>>
>>
>> I don’t know where to fix it best in order to get BADURL or something
>> instead of a core dump, so any help would be highly appreciated.
>>
>> Regards,
>> Edda
>>
>> ----
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20160801/c6b51b3d/attachment.html>

More information about the Info-cyrus mailing list