Bug#815208: marked as done (sasl2-bin: auth_rimap infinite loop (hang) when IMAP server closes connection)

Thu, 24 Mar 2016 04:22:04 -0700 

Your message dated Thu, 24 Mar 2016 11:19:17 +0000
with message-id <[email protected]>
and subject line Bug#815208: fixed in cyrus-sasl2 2.1.26.dfsg1-15
has caused the Debian Bug report #815208,
regarding sasl2-bin: auth_rimap infinite loop (hang) when IMAP server closes 
connection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
815208: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815208
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sasl2-bin
Version: 2.1.26.dfsg1-13+deb8u1jf1
Severity: important
Tags: upstream patch

Dear Maintainer,

I run Zimbra Collaboration Server (ZCS 8.5.x) which send a BYE and closes the 
connection on failed authentication.  This causes auth_rimap to go into an 
infinite loop as its criteria for if data is available on the socket is 
incorrect.

This bug was introduced by the patch for upstream bug #3211, included in 
cyrus-sasl2 2.1.26.  The while() loop at auth_rimap.c:607 (line #496 upstream) 
has incorrect exit criteria -- if the socket is closed and the fd is at EOF the 
loop will not exit.

A patch is attached, which I have tested and confirmed resolves the issue.  
This patch stacks onto cyrus-sasl2_2.1.26.dfsg1-13+deb8u1.

I have submitted this bug and patch upstream, and it is tracked as bug #3920: 
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3920

Sample IMAP exchange:
  S:   * OK IMAP4 ready
  C:   saslauthd LOGIN "test" "test"
  S:   saslauthd NO LOGIN failed
  S:   * BYE Zimbra IMAP server terminating connection
  Server closes connection

Sample strace:
  alarm(30)                               = 0
  read(12, "* OK IMAP4 ready\r\n", 1000)  = 18
  alarm(0)                                = 30
  select(13, [12], NULL, NULL, {1, 0})    = 0 (Timeout)
  sendto(4, "<39>Feb 19 21:20:24 saslauthd[55"..., 100, MSG_NOSIGNAL, NULL, 0) 
= 100
  alarm(30)                               = 0
  writev(12, [{"saslauthd LOGIN ", 16}, {"\"test\"", 6}, {" ", 1}, {"\"test\"", 
6}, {"\r\n", 2}], 5) = 31
  alarm(0)                                = 30
  alarm(30)                               = 0
  read(12, "saslauthd NO LOGIN failed\r\n", 1000) = 27
  alarm(0)                                = 20
  select(13, [12], NULL, NULL, {1, 0})    = 1 (in [12], left {0, 999831})
  read(12, "* BYE Zimbra IMAP server termina"..., 973) = 49
  select(13, [12], NULL, NULL, {0, 999831}) = 1 (in [12], left {0, 999719})
  read(12, "", 924)                       = 0
  select(13, [12], NULL, NULL, {0, 999719}) = 1 (in [12], left {0, 999717})
  read(12, "", 924)                       = 0
  select(13, [12], NULL, NULL, {0, 999717}) = 1 (in [12], left {0, 999715})
etc.

Regards,
--Jered



-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sasl2-bin depends on:
ii  db-util                5.3.0
ii  debconf [debconf-2.0]  1.5.56
ii  libc6                  2.19-18+deb8u3
ii  libcomerr2             1.42.12-1.1
ii  libdb5.3               5.3.28-9
ii  libgssapi-krb5-2       1.12.1+dfsg-19+deb8u2
ii  libk5crypto3           1.12.1+dfsg-19+deb8u2
ii  libkrb5-3              1.12.1+dfsg-19+deb8u2
ii  libldap-2.4-2          2.4.40+dfsg-1+deb8u2
ii  libpam0g               1.1.8-3.1+deb8u1
ii  libsasl2-2             2.1.26.dfsg1-13+deb8u1jf1
ii  libssl1.0.0            1.0.1k-3+deb8u2

sasl2-bin recommends no packages.

sasl2-bin suggests no packages.

-- Configuration Files:
/etc/default/saslauthd changed [not included]

-- debconf information excluded

--- a/saslauthd/auth_rimap.c
+++ b/saslauthd/auth_rimap.c
@@ -494,7 +494,7 @@
         while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
            if ( FD_ISSET(s, &perm) ) {
               ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
-              if ( ret<0 ) {
+              if ( ret<=0 ) {
                  rc = ret;
                  break;
               } else {
@@ -607,7 +607,7 @@
         while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
            if ( FD_ISSET(s, &perm) ) {
               ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
-              if ( ret<0 ) {
+              if ( ret<=0 ) {
                  rc = ret;
                  break;
               } else {

--- End Message ---
--- Begin Message --- 
Source: cyrus-sasl2
Source-Version: 2.1.26.dfsg1-15

We believe that the bug you reported is fixed in the latest version of
cyrus-sasl2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated cyrus-sasl2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Mar 2016 11:54:40 +0100
Source: cyrus-sasl2
Binary: sasl2-bin cyrus-sasl2-doc libsasl2-2 libsasl2-modules 
libsasl2-modules-db libsasl2-modules-ldap libsasl2-modules-otp 
libsasl2-modules-sql libsasl2-modules-gssapi-mit libsasl2-dev 
libsasl2-modules-gssapi-heimdal cyrus-sasl2-dbg cyrus-sasl2-mit-dbg 
cyrus-sasl2-heimdal-dbg
Architecture: source amd64 all
Version: 2.1.26.dfsg1-15
Distribution: unstable
Urgency: medium
Maintainer: Debian Cyrus SASL Team 
<[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description:
 cyrus-sasl2-dbg - Cyrus SASL - debugging symbols
 cyrus-sasl2-doc - Cyrus SASL - documentation
 cyrus-sasl2-heimdal-dbg - Cyrus SASL - debugging symbols for Heimdal modules
 cyrus-sasl2-mit-dbg - Cyrus SASL - debugging symbols for MIT modules
 libsasl2-2 - Cyrus SASL - authentication abstraction library
 libsasl2-dev - Cyrus SASL - development files for authentication abstraction 
lib
 libsasl2-modules - Cyrus SASL - pluggable authentication modules
 libsasl2-modules-db - Cyrus SASL - pluggable authentication modules (DB)
 libsasl2-modules-gssapi-heimdal - Pluggable Authentication Modules for SASL 
(GSSAPI)
 libsasl2-modules-gssapi-mit - Cyrus SASL - pluggable authentication modules 
(GSSAPI)
 libsasl2-modules-ldap - Cyrus SASL - pluggable authentication modules (LDAP)
 libsasl2-modules-otp - Cyrus SASL - pluggable authentication modules (OTP)
 libsasl2-modules-sql - Cyrus SASL - pluggable authentication modules (SQL)
 sasl2-bin  - Cyrus SASL - administration programs for SASL users database
Closes: 815208
Changes:
 cyrus-sasl2 (2.1.26.dfsg1-15) unstable; urgency=medium
 .
   * Add fix for auth_rimap infinite loop (hang) when IMAP server closes
     connection (Closes: #815208)
Checksums-Sha1:
 4e98ae0f0bd783ac7ea6290846cbc1ded3d849b5 3433 cyrus-sasl2_2.1.26.dfsg1-15.dsc
 3545cc72f300b25f0775f58e21d6d6dd6b49d309 96008 
cyrus-sasl2_2.1.26.dfsg1-15.debian.tar.xz
 d0c66d446561ccdbc4ed54393b39462eeda703ab 829270 
cyrus-sasl2-dbg_2.1.26.dfsg1-15_amd64.deb
 d33b0362383de121f561de80b3a0226aff3e4af6 106818 
cyrus-sasl2-doc_2.1.26.dfsg1-15_all.deb
 df195f4c51118bf5c2df68da472d74a50781b9d3 93032 
cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-15_amd64.deb
 1c39cb504a9485829723b975e78395070353a8f2 92504 
cyrus-sasl2-mit-dbg_2.1.26.dfsg1-15_amd64.deb
 880763d60d183bd336e2ced6a1b9e18b797c22c0 103438 
libsasl2-2_2.1.26.dfsg1-15_amd64.deb
 64959de25c0c7c5c33e743fa92f667f316192d12 308614 
libsasl2-dev_2.1.26.dfsg1-15_amd64.deb
 6df4822a60c56dfc171bc1f8542ba10eba2c630a 66880 
libsasl2-modules-db_2.1.26.dfsg1-15_amd64.deb
 eaed461439022f3ceee3348be680817f81057fe9 70298 
libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-15_amd64.deb
 a40fbb0a75815db521dbf29c31403787ddcfe56d 89276 
libsasl2-modules-gssapi-mit_2.1.26.dfsg1-15_amd64.deb
 a1166f891a6f6b090cf9197139eab8c880746fe3 65714 
libsasl2-modules-ldap_2.1.26.dfsg1-15_amd64.deb
 62602729034195109509ab8cd855e4900118fb7a 78638 
libsasl2-modules-otp_2.1.26.dfsg1-15_amd64.deb
 8136cc7dd55295795b2166defd44e3ecdb4bc848 68260 
libsasl2-modules-sql_2.1.26.dfsg1-15_amd64.deb
 03932cb636103d7c7ab429c151cb1c3eeed89ec8 100624 
libsasl2-modules_2.1.26.dfsg1-15_amd64.deb
 3a98e4937d8541cdb2a60240a8d53088cfa0cc52 162120 
sasl2-bin_2.1.26.dfsg1-15_amd64.deb
Checksums-Sha256:
 4a6fbe05074f04521d5ba4a8507080dfda4d9be0e93bf19074b539c915220ab8 3433 
cyrus-sasl2_2.1.26.dfsg1-15.dsc
 edfee3d077d084c75e664df1c7228a1cf16556dae6eb479a004350593e056636 96008 
cyrus-sasl2_2.1.26.dfsg1-15.debian.tar.xz
 70f8697005fe281c6b31eab572ab3f37fdaa64467cc1d90430a5497552872677 829270 
cyrus-sasl2-dbg_2.1.26.dfsg1-15_amd64.deb
 dc65401c5ffce6ff621a2ef873c19a5add34af0b83a1da230f01909cd12df838 106818 
cyrus-sasl2-doc_2.1.26.dfsg1-15_all.deb
 5ddb19a381292eab84301502ac6bd83627081bb736dc435e8130eb4972726724 93032 
cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-15_amd64.deb
 84ba63104b92eb81fb943a1b1a3c131c3a8cf697c8ce5ce635e2da353206629a 92504 
cyrus-sasl2-mit-dbg_2.1.26.dfsg1-15_amd64.deb
 bea364b190fa9208a5f13559705774372e09d6182d1b4bdab720034634a26ced 103438 
libsasl2-2_2.1.26.dfsg1-15_amd64.deb
 126c78a6574783e37c75898109fb30665dae0356cb83dfc64816fee3cafff63d 308614 
libsasl2-dev_2.1.26.dfsg1-15_amd64.deb
 662c0cfa550a9288769188e765a7e327afde9a647985c2e7f04542f1cbecf52a 66880 
libsasl2-modules-db_2.1.26.dfsg1-15_amd64.deb
 aa8017a137bf670bdca1fa7b8629583feca05c328c67f06d34199d4d0f92f0f2 70298 
libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-15_amd64.deb
 cc022b393639b46014474970941bec0528df70661ef757a5714ac9826a798765 89276 
libsasl2-modules-gssapi-mit_2.1.26.dfsg1-15_amd64.deb
 5600d3066ccd4bb05c98bd5070b109eae19ea19458a408014944b1f1789e26a3 65714 
libsasl2-modules-ldap_2.1.26.dfsg1-15_amd64.deb
 ffe8905246abb65a47714dd7141cf4850eb47efb77ef386a8efec1937d899918 78638 
libsasl2-modules-otp_2.1.26.dfsg1-15_amd64.deb
 2f0a35748c5ecea45e10419956e742b37dea5b9bcadaafaf5e12ac00b5ae8746 68260 
libsasl2-modules-sql_2.1.26.dfsg1-15_amd64.deb
 5c1291231acea5a7b4112fb32722195ab9596039f7f98481a7c4b824224bd8ed 100624 
libsasl2-modules_2.1.26.dfsg1-15_amd64.deb
 b77e8f6ef8ab12d7cd5b791426bb051b6352e83a3d40dbb57ec7ed2352cd6350 162120 
sasl2-bin_2.1.26.dfsg1-15_amd64.deb
Files:
 65f1dd218962595dd35585e4ffc23eac 3433 libs standard 
cyrus-sasl2_2.1.26.dfsg1-15.dsc
 3da22b4caf4747a4dc71c0f942bed6e1 96008 libs standard 
cyrus-sasl2_2.1.26.dfsg1-15.debian.tar.xz
 4ba179993c87752c48112834de789d09 829270 debug extra 
cyrus-sasl2-dbg_2.1.26.dfsg1-15_amd64.deb
 7d598d826f0feac78abdb9f46a110d47 106818 doc optional 
cyrus-sasl2-doc_2.1.26.dfsg1-15_all.deb
 77ddb63cb048a8790548f4b4fe83cf94 93032 debug extra 
cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-15_amd64.deb
 4bcffd8531bba2b74a626a631a946d06 92504 debug extra 
cyrus-sasl2-mit-dbg_2.1.26.dfsg1-15_amd64.deb
 b52528fb03b6e1ced3398174fcc1622f 103438 libs standard 
libsasl2-2_2.1.26.dfsg1-15_amd64.deb
 04a8877eedee4f050709cbca2a2bb948 308614 libdevel optional 
libsasl2-dev_2.1.26.dfsg1-15_amd64.deb
 0ab29ebe0fde507a82befe571231adad 66880 libs standard 
libsasl2-modules-db_2.1.26.dfsg1-15_amd64.deb
 f0502598bc286df194288d2115bbb960 70298 libs extra 
libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-15_amd64.deb
 24efbe4fa108ee3e291e9b0b6fd61870 89276 libs extra 
libsasl2-modules-gssapi-mit_2.1.26.dfsg1-15_amd64.deb
 72687ae43b6d91c18de94221fc6dec89 65714 libs extra 
libsasl2-modules-ldap_2.1.26.dfsg1-15_amd64.deb
 a23164ca10393d861435cb5ec07d2c30 78638 libs extra 
libsasl2-modules-otp_2.1.26.dfsg1-15_amd64.deb
 014998dcd260a2a1a2090a51fbb8cb26 68260 libs extra 
libsasl2-modules-sql_2.1.26.dfsg1-15_amd64.deb
 85c7e942f418401ff5fd1882e6ef34fb 100624 libs optional 
libsasl2-modules_2.1.26.dfsg1-15_amd64.deb
 bd46e23a95a96049929b2c18b7d6668e 162120 utils optional 
sasl2-bin_2.1.26.dfsg1-15_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJW88s4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHGNsP/isC7fYkO8PLZBJ3Wj4QlWK0
QbLmCHW8H917Ie+0uVvzdRBBT+XtOUL83Eloyz786cyvWdyxXvl659buuJfb68vc
NREIhFInsrfcfnKeEnfKO1uuzZY61wyx1mZWfmgt3CLcA59tNGIK6yqivZ0EIawG
7ggGT0nB5Ubg4PeVE2BcAnMHOJqvHoK6G/WUx7UO2HEV/3lhqrFitEFGkvJsl4+G
20na3EgKU1/GlafTsZ8CpAMzWqdrZwOP5UBkUIj9j/YokOSmLTshsCDgPENWoA73
6q+Aztzap39N6iiPDc1gQg/9SBYAtcGJlkq8iFFNeXEwjRKGafJD8kwwA1Y5VF+7
ej9m+yjLbd0SubTB8/e5ErXWlBp+EwbTBkdKO3rAxLDSHS8v81HMvA1Z5yBGsI7/
OJG8CmHQq4ierjOWbN9AaTNMiQBAKSi9klJz6+5o8VGyjZNvq4+eJyEEPzC7KVKD
FQh6I9E4l0y/vZbE1Nh4UNhR1Z7xXYkTTw/2Qu7YMZouB/czgaaWIoetSjFgjy4Y
Te18I2bNG/ey3N/vi9QTKgVeOt51RNGTpo9T5vFGBOznbYbDaRH1sMjRNk7mCuNX
P9fsETIuomSU/hP3g0yyr2A6WQM7Sg25g15k3bwmfnclbfyYZ2hx0RWxrIY52tRf
WmWMl6f9tJOuS4tKalpp
=T1Z3
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to