On Fri, Sep 18, 2020 at 12:05:09AM +0300, Timo Sirainen wrote: > > One of my IMAP users reports failures when trying to do full-text > > searches of a large (3G) mailbox; subject-only searches are OK. > > > > The backtrace in syslog is: > > > > Sep 15 11:51:37 aragorn dovecot: imap(atreic): Panic: file > > message-parser.c: line 174 (message_part_finish): assertion failed: > > (ctx->nested_parts_count > 0) > > The original backported patch for v2.2 was accidentally wrong. Also I'm not > sure if Debian backport had the "--" suffix boundary fix either? Attached > anyway patches for both fixes. >
Thanks for looking at this, Timo. The 2.2 packages in Debian 9 (stretch LTS) should have the latest patches. See [1] and [2]. 1. https://salsa.debian.org/debian/dovecot/-/blob/stable/stretch/debian/patches/CVE-2020-12100-14.patch#L57 2. https://salsa.debian.org/debian/dovecot/-/blob/stable/stretch/debian/patches/CVE-2020-12100-16.patch Matthew, the stack trace doesn't include the most relevant symbols, so the code path isn't entirely clear. It's likely that the problem isn't specifically related to a large mailbox, as originally suggested, but rather a specific message in that mailbox. It might be interesting if we could get a copy of that message, if it can be identified and the contents aren't sensitive. Feel free to provide it to me privately if posting it to the BTS isn't desirable. It'd help track this down, and I'd be interested in testing the buster and sid dovecot packages against it. Thanks noah
