------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=881 Summary: Socket descriptor leak in dovecot authenticator / Dovecot authenticator failure [PATCH] Product: Exim Version: 4.69 Platform: All OS/Version: All Status: NEW Keywords: work:tiny Severity: bug Priority: high Component: SMTP Authentication AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] I have problems with the dovecot authenticator not working if the user mistypes her password the first time (using Thunderbird 2 as a client). Even if the correct password is given the second time, the current authentication code fails with the following log message: 2009-08-21 04:31:14 dovecot_login authenticator failed for adsl-99-147-160-74.ds l.lgtpmi.sbcglobal.net (Schneeweisschen-II.local) [99.147.160.74]: 435 Unable to authenticate at present: authentication socket read error or premature eof At the same time, dovecot logs this: Aug 21 04:31:10 hotzenplotz dovecot: auth(default): BUG: Authentication client g ave a PID 55886 of existing connection Note that authentication is set up correctly, as logging in to dovecot via IMAP works, as well as hitting cancel in Thunderbird (causing the SMTP connection to be dropped) and then resends the message typing in the correct password at the first try. I googled around a bit, and somewhere on a dovecot mailing list (can't remember the URL, sorry) the author suggested that this means that dovecot is opening sockets to quickly, such that dovecot couldn't notice that the old one was closed yet, and suggested exim should recycle the same socket. That sounded a bit fishy, in particular since things still fail, even if I wait 2 minutes with entering the password the second time. So I looked at the code in dovecot.c, and I think there is a close(fd) missing right before the last line. In the authenticator code, each time it is called a new socket is created in a local variable fd by calling socket() and it is then connected. But there seems to be no corresponding close(). Obviously this is draining system resources, but it also causes the problem I described above. Simply adding a call to close() before returning solved the issue completely for me. If needed, I can create a patch file, but it's really easy to fix, just add close(fd); at the very end of dovecot.c, just before returning (that's safe since we never reach it if socket() fails). I know nothing about the exim source, but from what I saw in dovecot.c, the more advanced (and likely more efficient) solution may be to cache the file descriptor for the connected socket in the options_block. For that to work, the missing response handling (see /* FIXME: add proper response handling */ in dovecot.c) would probably need to be implemented. There may also be issues with concurrent access (i.e. two authentication requests from different clients at the same time) to the same socket, but I simply don't know enough about the internals of exim to comment on that. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
