On 05/03/18 15:14, Ralf Hildebrandt wrote:
> Got a coredump:
>
> Mar  5 15:09:42 mail-cbf dovecot: 
> lmtp(backup@backup.invalid)<15425><2B+kCaZPnVpBPAAAplP5LA>: Fatal: master: 
> service(lmtp): child 15425 killed with signal 6 (core dumped)
>
>
> #0  0x00007fea19977428 in __GI_raise (sig=sig@entry=6) at 
> ../sysdeps/unix/sysv/linux/raise.c:54
>         resultvar = 0
>         pid = 15425
>         selftid = 15425
> #1  0x00007fea1997902a in __GI_abort () at abort.c:89
>         save_stage = 2
>         act = {
>           __sigaction_handler = {
>             sa_handler = 0x56239d9a3890, 
>             sa_sigaction = 0x56239d9a3890
>           }, 
>           sa_mask = {
>             __val = {1, 94710917811261, 140643428345904, 94710917811577, 0, 
> 140735221053024, 94710938452648, 513, 7700885895375379200, 0, 
> 140643433202867, 94710938452648, 
>               140735221053120, 94710938452304, 140643433203225, 
> 94710938452648}
>           }, 
>           sa_flags = 433895898, 
>           sa_restorer = 0x5
>         }
>         sigs = {
>           __val = {32, 0 <repeats 15 times>}
>         }
> #2  0x00007fea19dd2aaf in default_fatal_finish (type=LOG_TYPE_PANIC, 
> status=status@entry=0) at failures.c:228
>         backtrace = 0x56239bd7c2e0 
> "/usr/lib/dovecot/libdovecot.so.0(+0xc6aca) [0x7fea19dd2aca] -> 
> /usr/lib/dovecot/libdovecot.so.0(+0xc6bad) [0x7fea19dd2bad] -> 
> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fea19d44721] -> /usr/lib/d"...
>         recursed = 0
> #3  0x00007fea19dd2bad in i_internal_fatal_handler (ctx=0x7fff78dbb710, 
> format=<optimized out>, args=<optimized out>) at failures.c:718
>         status = 0
> #4  0x00007fea19d44721 in i_panic (format=format@entry=0x7fea19e0ec98 "file 
> %s: line %d (%s): assertion failed: (%s)") at failures.c:306
>         ctx = {
>           type = LOG_TYPE_PANIC, 
>           exit_status = 0, 
>           timestamp = 0x0, 
>           timestamp_usecs = 0, 
>           log_prefix = 0x0
>         }
>         args = <error reading variable args (Attempt to dereference a generic 
> pointer.)>
> #5  0x00007fea19d4831d in smtp_address_write (out=0x56239bd7c150, 
> address=0x56239bd7c108) at smtp-address.c:530
>         quoted = <optimized out>
>         p = 0x56239bd7c11b "üller"
>         pend = 0x56239bd7c121 ""
>         pblock = 0x56239bd7c11a "müller"
>         __func__ = "smtp_address_write"
> #6  0x00007fea19d48411 in smtp_address_encode (address=0x56239bd7c108) at 
> smtp-address.c:567
>         str = 0x56239bd7c150
> #7  0x00007fea1a3cf774 in mail_deliver_log_update_cache 
> (cache=cache@entry=0x56239bddf1c8, pool=0x56239bddf180, mail=0x56239be185c8) 
> at mail-deliver.c:111
>         message_id = 0x56239d943a4c 
> "<ae7dbbbcb4790c611b6a104ef5f7c...@cron-eu.crsend.com>"
>         subject = 0x56239d943b69 "JOMEC Seminar | Von Kennzahlencockpits und 
> Lean Hospital Strategien"
>         from_envelope = 0x0
>         from = <optimized out>
> #8  0x00007fea1a3cfabf in mail_deliver_save_finish (ctx=0x56239be14ca0) at 
> mail-deliver.c:533
>         box = <optimized out>
>         mbox = 0x56239be0efc0
>         muser = 0x56239bdcb7c0
>         dt = 0x56239bddf1c0
> #9  0x00007fea1a0c758c in mailbox_save_finish 
> (_ctx=_ctx@entry=0x7fff78dbb948) at mail-storage.c:2461
>         _data_stack_cur_id = 4
>         ctx = 0x56239be14ca0
>         t = 0x56239be10ce0
>         keywords = 0x0
>         pvt_flags = 0
>         copying_via_save = true
>         ret = <optimized out>
> #10 0x00007fea1a0b9eb4 in mail_storage_copy (ctx=0x0, 
> ctx@entry=0x56239be14ca0, mail=mail@entry=0x56239bdfdb28) at mail-copy.c:112
>         __func__ = "mail_storage_copy"
> #11 0x00007fea1a0e03f6 in mdbox_copy (_ctx=0x56239be14ca0, 
> mail=0x56239bdfdb28) at mdbox-save.c:461
>         ctx = 0x56239be14ca0
>         save_mail = 0x56239bdfdb28
>         src_mbox = <optimized out>
>         rec = {
>           map_uid = 2615013952, 
>           save_date = 22051
>         }
>         guid_data = 0x7fff78dbb9b0
>         wanted_guid = "@\362ݛ#V\000\000\240L\341\233#V\000"
> #12 0x00007fea1a3cf999 in mail_deliver_copy (ctx=0x56239be14ca0, 
> mail=0x56239bdfdb28) at mail-deliver.c:547
>         box = <optimized out>
>         mbox = 0x56239be0efc0
>         muser = 0x56239bdcb7c0
>         dt = 0x56239bddf1c0
> #13 0x00007fea1a0c7956 in mailbox_copy_int (_ctx=_ctx@entry=0x7fff78dbba98, 
> mail=0x56239bdfdb28) at mail-storage.c:2532
>         _data_stack_cur_id = 3
>         ctx = 0x56239be14ca0
>         t = 0x56239be10ce0
>         keywords = 0x0
>         pvt_flags = 0
>         backend_mail = 0x56239bdfdb28
>         ret = <optimized out>
>         __func__ = "mailbox_copy_int"
> #14 0x00007fea1a0c7c38 in mailbox_save_using_mail 
> (_ctx=_ctx@entry=0x7fff78dbba98, mail=<optimized out>) at mail-storage.c:2584
>         ctx = <optimized out>
>         __func__ = "mailbox_save_using_mail"
> #15 0x00007fea1a3d02ac in mail_deliver_save (ctx=ctx@entry=0x7fff78dbbc60, 
> mailbox=<optimized out>, flags=flags@entry=0, keywords=keywords@entry=0x0, 
>     storage_r=storage_r@entry=0x7fff78dbbc50) at mail-deliver.c:363
>         open_ctx = {
>           user = 0x56239bdcacb8, 
>           lda_mailbox_autocreate = false, 
>           lda_mailbox_autosubscribe = false
>         }
>         box = 0x56239be0e6b8
>         trans_flags = <optimized out>
>         t = 0x56239be10ce0
>         save_ctx = 0x0
>         headers_ctx = 0x0
>         kw = 0x0
>         dest_mail = <optimized out>
>         error = MAIL_ERROR_NONE
>         mailbox_name = 0x56239a9d0a54 "INBOX"
>         errstr = 0x0
>         guid = 0x6adf0aebb9aa5b00 <error: Cannot access memory at address 
> 0x6adf0aebb9aa5b00>
>         changes = {
>           pool = 0x1, 
>           uid_validity = 434166593, 
>           saved_uids = {
>             arr = {
>               buffer = 0x100000000, 
>               element_size = 7700885895375379200
>             }, 
>             v = 0x100000000, 
>             v_modifiable = 0x100000000
>           }, 
>           ignored_modseq_changes = 2614870800, 
>           changed = 35, 
>           no_read_perm = 86
>         }
>         default_save = <optimized out>
>         ret = 0
>         __func__ = "mail_deliver_save"
> #16 0x00007fea1a3d0916 in mail_deliver (ctx=ctx@entry=0x7fff78dbbc60, 
> storage_r=storage_r@entry=0x7fff78dbbc50) at mail-deliver.c:496
>         muser = 0x56239bdcb7c0
>         ret = <optimized out>
>         __func__ = "mail_deliver"
> #17 0x000056239a9cedc0 in lmtp_local_deliver (session=0x56239bddf1a8, 
> src_mail=0x56239bdfdb28, rcpt=0x56239bdd5c80, trans=0x56239bde0d68, 
> cmd=0x56239bde1ea8, 
>     local=0x56239bde2020) at lmtp-local.c:603
>         set_parser = <optimized out>
>         line = <optimized out>
>         str = 0x56239bd7bc08
>         proxy_data = {
>           proto = SMTP_PROXY_PROTOCOL_LMTP, 
>           source_ip = {
>             family = 0, 
>             u = {
>               ip6 = {
>                 __in6_u = {
>                   __u6_addr8 = '\000' <repeats 15 times>, 
>                   __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
>                   __u6_addr32 = {0, 0, 0, 0}
>                 }
>               }, 
>               ip4 = {
>                 s_addr = 0
>               }
>             }
>           }, 
>           source_port = 0, 
>           helo = 0x56239bd8d470 "mail-cbf.charite.de", 
>           login = 0x0, 
>           ttl_plus_1 = 0, 
>           timeout_secs = 0, 
>           extra_fields = 0x0, 
>           extra_fields_count = 0
>         }
>         delivery_time_started = {
>           tv_sec = 1520258982, 
>           tv_usec = 162818
>         }
>         sets = <optimized out>
>         rcpt_user = 0x56239bdcacb8
>         mail_set = <optimized out>
>         username = <optimized out>
>         rcpt_idx = 0
>         smtp_set = 0x56239be046e0
>         lda_set = 0x56239be04750
>         ns = <optimized out>
>         rcpt_to = 0x56239bde0e78
>         trcpt = 0x56239bde0e38
>         storage = 0x56239bdcecc8
>         mail_error = 1793002219
>         ret = <optimized out>
>         client = 0x56239bdbc338
>         service_user = <optimized out>
>         dctx = {
>           pool = 0x56239bddf180, 
>           set = 0x56239be04750, 
>           smtp_set = 0x56239be046e0, 
>           session = 0x56239bddf1a8, 
>           session_time_msecs = 0, 
>           delivery_time_started = {
>             tv_sec = 1520258982, 
>             tv_usec = 162818
>           }, 
>           dup_db = 0x0, 
>           session_id = 0x56239bd8d450 "2B+kCaZPnVpBPAAAplP5LA", 
>           src_mail = 0x56239bdfdb28, 
>           mail_from = 0x56239bde0e08, 
>           mail_params = {
>             auth = 0x0, 
>             body = {
>               type = SMTP_PARAM_MAIL_BODY_TYPE_UNSPECIFIED, 
>               ext = 0x0
>             }, 
>             envid = 0x0, 
>             ret = SMTP_PARAM_MAIL_RET_UNSPECIFIED, 
>             size = 0, 
>             extra_params = {
>               arr = {
>                 buffer = 0x0, 
>                 element_size = 0
>               }, 
>               v = 0x0, 
>               v_modifiable = 0x0
>             }
>           }, 
>           rcpt_to = 0x56239bde0e78, 
>           rcpt_params = {
>             orcpt = {
>               addr_type = 0x0, 
>               addr = 0x56239bde0e78, 
>               addr_raw = 0x0
>             }, 
>             notify = SMTP_PARAM_RCPT_NOTIFY_UNSPECIFIED, 
>             extra_params = {
>               arr = {
>                 buffer = 0x0, 
>                 element_size = 0
>               }, 
>               v = 0x0, 
>               v_modifiable = 0x0
>             }
>           }, 
>           rcpt_user = 0x56239bdcacb8, 
>           rcpt_default_mailbox = 0x56239a9d0a54 "INBOX", 
>           dest_mail = 0x0, 
>           cache = 0x0, 
>           tempfail_error = 0x0, 
>           tried_default_save = true, 
>           saved_mail = false, 
>           save_dest_mail = false, 
>           mailbox_full = false, 
>           dsn = false
>         }
>         input = <optimized out>
>         var_table = <optimized out>
>         error = 0x0
> #18 lmtp_local_deliver_to_rcpts (session=0x56239bddf1a8, 
> trans=0x56239bde0d68, cmd=0x56239bde1ea8, local=0x56239bde2020) at 
> lmtp-local.c:657
>         rcpt = 0x56239bdd5c80
>         first_uid = 4294967295
>         src_mail = 0x56239bdfdb28
>         count = <optimized out>
>         i = 0
> #19 lmtp_local_data (client=client@entry=0x56239bdbc338, 
> cmd=cmd@entry=0x56239bde1ea8, trans=trans@entry=0x56239bde0d68, 
> input=<optimized out>) at lmtp-local.c:734
>         local = 0x56239bde2020
>         session = 0x56239bddf1a8
>         old_uid = 0
> #20 0x000056239a9cdb53 in cmd_data_finish (trans=0x56239bde0d68, 
> cmd=0x56239bde1ea8, client=0x56239bdbc338) at commands.c:144
>         state = 0x56239bdbc3c0
>         input_proxy = 0x0
>         input_msg = 0x0
>         input_local = 0x56239bde26b8
>         inputs = {0x0, 0x56239bde2238, 0x0}
> #21 cmd_data_continue (conn_ctx=0x56239bdbc338, cmd=0x56239bde1ea8, 
> trans=0x56239bde0d68) at commands.c:190
>         client = 0x56239bdbc338
>         state = 0x56239bdbc3c0
>         data_input = <optimized out>
>         data = <optimized out>
>         size = 543
>         ret = <optimized out>
>         __func__ = "cmd_data_continue"
> #22 0x00007fea19d566e0 in cmd_data_handle_input (cmd=0x56239bde1ea8) at 
> smtp-server-cmd-data.c:199
>         conn = 0x56239bde0930
>         callbacks = 0x56239abd27a0 <lmtp_callbacks>
>         command = 0x56239bde1ea8
>         data_cmd = 0x56239bde83e8
>         ret = <optimized out>
>         __func__ = "cmd_data_handle_input"
> #23 0x00007fea19dea649 in io_loop_call_io (io=0x56239bdba970) at ioloop.c:614
>         ioloop = 0x56239bd82c70
>         t_id = 2
>         __func__ = "io_loop_call_io"
> #24 0x00007fea19debf29 in io_loop_handler_run_internal 
> (ioloop=ioloop@entry=0x56239bd82c70) at ioloop-epoll.c:222
>         ctx = 0x56239bd849f0
>         ret = <optimized out>
>         __func__ = "cmd_data_handle_input"
> #23 0x00007fea19dea649 in io_loop_call_io (io=0x56239bdba970) at ioloop.c:614
>         ioloop = 0x56239bd82c70
>         t_id = 2
>         __func__ = "io_loop_call_io"
> #24 0x00007fea19debf29 in io_loop_handler_run_internal 
> (ioloop=ioloop@entry=0x56239bd82c70) at ioloop-epoll.c:222
>         ctx = 0x56239bd849f0
> ---Type <return> to continue, or q <return> to quit---
>         io = <optimized out>
>         tv = {
>           tv_sec = 299, 
>           tv_usec = 999816
>         }
>         events_count = <optimized out>
>         msecs = <optimized out>
>         ret = 1
>         i = 0
>         j = <optimized out>
>         call = <optimized out>
>         __func__ = "io_loop_handler_run_internal"
> #25 0x00007fea19dea752 in io_loop_handler_run (ioloop=<optimized out>) at 
> ioloop.c:666
> No locals.
> #26 0x00007fea19dea968 in io_loop_run (ioloop=0x56239bd82c70) at ioloop.c:639
>         __func__ = "io_loop_run"
> #27 0x00007fea19d672a3 in master_service_run (service=0x56239bd82b00, 
> callback=<optimized out>) at master-service.c:767
> No locals.
> #28 0x000056239a9ccc3d in main (argc=1, argv=0x56239bd82890) at main.c:159
>         set_roots = {0x56239abd3280 <smtp_submit_setting_parser_info>, 
> 0x56239abd31e0 <lda_setting_parser_info>, 0x56239abd2600 
> <lmtp_setting_parser_info>, 0x0}
>         service_flags = <optimized out>
>         storage_service_flags = (MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT | 
> MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP | 
> MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP | 
> MAIL_STORAGE_SERVICE_FLAG_NO_LOG_INIT | 
> MAIL_STORAGE_SERVICE_FLAG_NO_IDLE_TIMEOUT)
>         tmp_base_dir = 0x56239bd7a040 "tp data)"
>         c = <optimized out>
>         error = 0x0
>
>
The assert and consequent core dump is happening when processing the u
umlaut character from the From header.

p = 0x56239bd7c11b "üller"
    

The problem is reproducible with a simple test case using a file
/tmp/test.txt that contains some 8 bit character like the u umlaut

From: a.mül...@example.com
To: whoe...@example.com
Date: 05 March 2018 21:00:00
Subject: test

test
EOF

Then it can be fed into posfix substituting youremailaddress@yourdomain
with a real account on the dovecot server.

cat /tmp/test.txt | sendmail -f some...@example.com
youremailaddress@yourdomain

In the maillog there is the following error message:
Mar  5 01:00:40 localhost dovecot:
lmtp(admin99)<22325><nhREHKiInFo1VwAA0J78UA>: Panic: file
smtp-address.c: line 530 (smtp_address_write): assertion failed:
(smtp_char_is_qpair(*p))


There are two ways to fix this: 1) let dovecot accept non ascii chars in
the local part as it did until 2.2 (see attached patch) or 2) instead of
the i_assert() call, log an error and reject the email. But this second
approach looks more complicated.

The patch just removes the i_assert() call. I tried that patch and it
seems ok. Before applying it, it is worthwhile if anyone can remember
what was the logic behind this i_assert() call in the first place (which
I fail to see), in case there is something that I am overlooking.

John

--- smtp-address.c.orig    2018-03-05 20:47:35.654257741 +0100
+++ smtp-address.c    2018-03-05 20:47:48.550311547 +0100
@@ -527,7 +527,6 @@
         if (!quoted) {
             str_append_c(out, '.');
         } else {
-            i_assert(smtp_char_is_qpair(*p));
             if (!smtp_char_is_qtext(*p))
                 str_append_c(out, '\\');
             str_append_c(out, *p);

Reply via email to