## Title
authCacheFlush HTTP API crashes with assertion failure - type mismatch
between API schema and implementation
## Dovecot Version
2.4.2
## Component
doveadm HTTP API
## Description
The authCacheFlush command via doveadm HTTP API causes a server crash with
an assertion failure. The HTTP API schema declares the user parameter as
array type, but the internal implementation (doveadm_cmd_param_str)
expects string type, causing a type mismatch assertion failure.
## Steps to Reproduce
1. Send any authCacheFlush request to doveadm HTTP API:
bash
curl -X POST \
-H "Authorization: X-Dovecot-API <api_key>" \
-H "Content-Type: application/json" \
-d '[["authCacheFlush",{"user":"[1][email protected]"},"tag1"]]' \
[2]http://localhost:8080/doveadm/v1
2. Or with user as array (matching the declared schema):
bash
curl -X POST \
-H "Authorization: X-Dovecot-API <api_key>" \
-H "Content-Type: application/json" \
-d '[["authCacheFlush",{"user":["[3][email protected]"]},"tag1"]]' \
[4]http://localhost:8080/doveadm/v1
3. Or without any parameters:
bash
curl -X POST \
-H "Authorization: X-Dovecot-API <api_key>" \
-H "Content-Type: application/json" \
-d '[["authCacheFlush",{},"tag1"]]' \
[5]http://localhost:8080/doveadm/v1
## Expected Result
Auth cache should be flushed and API returns success response like:
json
[["doveadmResponse",[{"entries":1}],"tag1"]]
## Actual Result
Server crashes with empty reply (HTTP connection closed). The doveadm
process is killed with signal 6 (SIGABRT).
## Error Log
Panic: file doveadm-cmd-parse.c: line 120 (doveadm_cmd_param_str):
assertion failed: (param->type == CMD_PARAM_STR)
Error: Raw backtrace: #0 test_subprocess_fork[0x7362eb54a570] -> #1
backtrace_append[0x7362eb54a820] -> #2 backtrace_get[0x7362eb54a9c0] -> #3
e_info[0x7362eb556370] -> #4 i_syslog_fatal_handler[0x7362eb5564b0] -> #5
i_panic[0x7362eb474f28] -> #6 [unw_get_proc_name() failed: -10] -> #7
http_server_connection_shut_down[0x7362eb4e6a00] -> #8
io_loop_call_io[0x7362eb572510] -> #9
io_loop_handler_run_internal[0x7362eb5743a0] -> #10
io_loop_handler_run[0x7362eb574540] -> #11 io_loop_run[0x7362eb574740] ->
#12 master_service_run[0x7362eb4bc640] -> #13 main[0x64c4233d74f0] -> #14
__libc_init_first[0x7362eb02a150] -> #15 __libc_start_main[0x7362eb02a200]
-> #16 _start[0x64c4233d76e0]
Fatal: master: service(doveadm): child 2302469 killed with signal 6 (core
dumped)
## API Schema (from GET /doveadm/v1)
The API endpoint reports the following schema for authCacheFlush:
json
{
"command": "authCacheFlush",
"parameters": [
{"name": "socketPath", "type": "string"},
{"name": "user", "type": "array"}
]
}
## Analysis
The API schema declares user as array, but line 120 in doveadm-cmd-parse.c
calls doveadm_cmd_param_str() which asserts param->type == CMD_PARAM_STR.
This type mismatch causes the crash.
The relevant assertion in source code:
c
// doveadm-cmd-parse.c:120
assertion failed: (param->type == CMD_PARAM_STR)
## Note
- The CLI command doveadm auth cache flush <user> works correctly
- Only the HTTP API is affected
- All authentication methods (X-Dovecot-API header, Basic Auth) produce
the same crash
- The crash occurs regardless of whether parameters are provided or not
## Workaround
Currently no workaround via HTTP API. Must use CLI directly or via SSH.
## Environment
- OS: Linux (Ubuntu/Debian)
- Dovecot: 2.4.2
- doveadm HTTP API enabled on port 8080
References
Visible links
1. mailto:[email protected]
2. http://localhost:8080/doveadm/v1
3. mailto:[email protected]
4. http://localhost:8080/doveadm/v1
5. http://localhost:8080/doveadm/v1
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
