Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
Package: dovecot-sieve Version: 1:2.2.18-1 Followup-For: Bug #792669 Please consider increasing the severity of this bug and releasing the package with the upgraded pigeonhole asap (probably without additional changes). I upgraded my main personal mail server last week (after a few weeks of no upgrades) and subsequently permanently lost more than two-thirds of my received emails for 2 days, before I noticed the problem. Most of my emails invoke sieve header manipulation, and the dovecot-lda crash was being reported back to the sender as a permanent mail delivery error. Not only were the messages lost, but several mailing lists suspended delivery due to the permanent error. This is a very serious problem for operators of mail servers which make heavy use of sieve. I have temporarily replaced delivery using dovecot-lda with postfix default delivery (hence not using sieve). But I would like to re-enable my sieve mail handling as soon as possible and, more importantly, prevent others from losing emails. Maybe a future release could consider some way of protecting dovecot-lda from crashes in the sieve code so that sieve bugs just cause normal delivery instead of permanent delivery failures and lost emails. -- Package-specific info: -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_IE.utf8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages dovecot-sieve depends on: ii dovecot-core 1:2.2.18-1 ii libc6 2.19-19 ii ucf 3.0030 dovecot-sieve recommends no packages. dovecot-sieve suggests no packages. Versions of packages dovecot-sieve is related to: ii dovecot-core [dovecot-common] 1:2.2.18-1 pn dovecot-dbgnone pn dovecot-devnone pn dovecot-gssapi none ii dovecot-imapd 1:2.2.18-1 pn dovecot-ldap none pn dovecot-lmtpd none pn dovecot-managesieved none pn dovecot-mysql none pn dovecot-pgsql none ii dovecot-pop3d 1:2.2.18-1 ii dovecot-sieve 1:2.2.18-1 pn dovecot-sqlite none -- no debconf information
Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
On Sun, 23 Aug 2015, Graham Cobb wrote: Package: dovecot-sieve Version: 1:2.2.18-1 Followup-For: Bug #792669 Please consider increasing the severity of this bug and releasing the package with the upgraded pigeonhole asap (probably without additional changes). I am actually working on this at this very minute. I thought that since it has been some time since the last upload I would work on some other issues in the package but I think I will postpone all that for now and get an upload out today. -- Jaldhar H. Vyas jald...@debian.org
Bug#792669: ***UNCHECKED*** Re: Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
On Sun, 26 Jul 2015, Stephan Bosch wrote: I had to install a clean Debian Stretch to reproduce this. To my surprise, I noticed that this installs the newest Dovecot, but with a very old Pigeonhole (0.4.2; current is 0.4.8). I had a look in the changelogs and this smells very much like a bug I solved in 0.4.4. The fact that I don't see this problem with newer versions of Pigeonhole seems to confirm this. So, I think the Debian maintainers should upgrade to a newer version of Pigeonhole to solve this. Thanks Stephan for staying on top of this. I have updated to pigeonhole 0.4.8 in our git repository and I'll release a new package as soon as I've made a few other changes. -- Jaldhar H. Vyas jald...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
Op 7/17/2015 om 12:41 PM schreef Antoine Amarilli:
Package: dovecot-sieve
Version: 1:2.2.18-1
Severity: normal
Dear Maintainer,
On my system, sieve-test segfaults on the following minified Sieve script:
require [editheader];
addheader foo bar;
if header :is foo baz { }
To reproduce, put the above script in script.sieve and do the following:
echo mail
cat dovecot.conf EOF
plugin {
sieve_extensions = +editheader
}
EOF
sieve-test -c dovecot.conf script.sieve mail
The sieve-test command should segfault.
I had to install a clean Debian Stretch to reproduce this. To my
surprise, I noticed that this installs the newest Dovecot, but with a
very old Pigeonhole (0.4.2; current is 0.4.8).
I had a look in the changelogs and this smells very much like a bug I
solved in 0.4.4. The fact that I don't see this problem with newer
versions of Pigeonhole seems to confirm this.
So, I think the Debian maintainers should upgrade to a newer version of
Pigeonhole to solve this.
Regards,
Stephan.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
Hi,
I can't reproduce this so far. I followed your little recipe and nothing
adverse happens.
I also don't see how this could happen based on the code.
Is anyone else seeing this?
Regards,
Stephan.
Antoine Amarilli schreef op 17-7-2015 om 12:41:
Package: dovecot-sieve
Version: 1:2.2.18-1
Severity: normal
Dear Maintainer,
On my system, sieve-test segfaults on the following minified Sieve script:
require [editheader];
addheader foo bar;
if header :is foo baz { }
To reproduce, put the above script in script.sieve and do the following:
echo mail
cat dovecot.conf EOF
plugin {
sieve_extensions = +editheader
}
EOF
sieve-test -c dovecot.conf script.sieve mail
The sieve-test command should segfault.
Here is a backtrace:
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x77b747c7 in _header_right_trim (raw=0x3 error: Cannot access memory
at address 0x3)
at sieve-message.c:492
#2 sieve_message_header_stringlist_next_item (_strlist=0x5575d120,
str_r=0x7fffe940)
at sieve-message.c:556
#3 0x77b8b371 in sieve_stringlist_next_item (str_r=0x7fffe940,
strlist=0x5575d120)
at sieve-stringlist.h:44
#4 sieve_match (renv=renv@entry=0x55791ab0, mcht=mcht@entry=0x7fffe9d0,
cmp=cmp@entry=0x7fffe9b0, value_list=0x5575d120,
key_list=0x5575d0c8,
exec_status=exec_status@entry=0x7fffe99c) at sieve-match.c:181
#5 0x77b91730 in tst_header_operation_execute (renv=0x55791ab0,
address=0x55791af8)
at tst-header.c:193
#6 0x77b828f7 in sieve_interpreter_operation_execute
(interp=0x55791a80)
at sieve-interpreter.c:542
#7 sieve_interpreter_continue (interp=interp@entry=0x55791a80,
interrupted=interrupted@entry=0x0)
at sieve-interpreter.c:573
#8 0x77b82a4a in sieve_interpreter_start
(interp=interp@entry=0x55791a80,
result=optimized out, interrupted=interrupted@entry=0x0) at
sieve-interpreter.c:604
#9 0x77b82a7b in sieve_interpreter_run (interp=0x55791a80,
result=0x55798e00)
at sieve-interpreter.c:615
#10 0x77b94f8f in sieve_run (sbin=0x5577aeb0,
result=result@entry=0x7fffeae0,
msgdata=0x7fffebc0, senv=senv@entry=0x7fffebf0,
ehandler=0x557799e0,
flags=optimized out) at sieve.c:335
#11 0x77b959cc in sieve_test (sbin=optimized out, msgdata=optimized
out,
senv=0x7fffebf0, ehandler=optimized out, stream=0x5578b6f0,
flags=optimized out,
keep=0x0) at sieve.c:496
#12 0x77d7 in main (argc=6, argv=0x55764390) at sieve-test.c:295
sieve-test used to work fine on the (non-minified) script on which it now
segfaults, so this bug was probably introduced by a recent version.
-- Package-specific info:
dovecot configuration
-
# 2.2.18: /etc/dovecot/dovecot.conf
# OS: Linux 4.0.0-2-amd64 x86_64 Debian stretch/sid
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
ssl = no
userdb {
driver = passwd
}
-- System Information:
Debian Release: stretch/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dovecot-sieve depends on:
ii dovecot-core 1:2.2.18-1
ii libc6 2.19-18
ii ucf 3.0030
dovecot-sieve recommends no packages.
dovecot-sieve suggests no packages.
Versions of packages dovecot-sieve is related to:
ii dovecot-core [dovecot-common] 1:2.2.18-1
ii dovecot-dbg1:2.2.18-1
pn dovecot-devnone
pn dovecot-gssapi none
pn dovecot-imapd none
pn dovecot-ldap none
pn dovecot-lmtpd none
pn dovecot-managesieved none
pn dovecot-mysql none
pn dovecot-pgsql none
pn dovecot-pop3d none
ii dovecot-sieve 1:2.2.18-1
pn dovecot-sqlite none
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
Package: dovecot-sieve
Version: 1:2.2.18-1
Severity: normal
Dear Maintainer,
On my system, sieve-test segfaults on the following minified Sieve script:
require [editheader];
addheader foo bar;
if header :is foo baz { }
To reproduce, put the above script in script.sieve and do the following:
echo mail
cat dovecot.conf EOF
plugin {
sieve_extensions = +editheader
}
EOF
sieve-test -c dovecot.conf script.sieve mail
The sieve-test command should segfault.
Here is a backtrace:
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x77b747c7 in _header_right_trim (raw=0x3 error: Cannot access
memory at address 0x3)
at sieve-message.c:492
#2 sieve_message_header_stringlist_next_item (_strlist=0x5575d120,
str_r=0x7fffe940)
at sieve-message.c:556
#3 0x77b8b371 in sieve_stringlist_next_item (str_r=0x7fffe940,
strlist=0x5575d120)
at sieve-stringlist.h:44
#4 sieve_match (renv=renv@entry=0x55791ab0,
mcht=mcht@entry=0x7fffe9d0,
cmp=cmp@entry=0x7fffe9b0, value_list=0x5575d120,
key_list=0x5575d0c8,
exec_status=exec_status@entry=0x7fffe99c) at sieve-match.c:181
#5 0x77b91730 in tst_header_operation_execute (renv=0x55791ab0,
address=0x55791af8)
at tst-header.c:193
#6 0x77b828f7 in sieve_interpreter_operation_execute
(interp=0x55791a80)
at sieve-interpreter.c:542
#7 sieve_interpreter_continue (interp=interp@entry=0x55791a80,
interrupted=interrupted@entry=0x0)
at sieve-interpreter.c:573
#8 0x77b82a4a in sieve_interpreter_start
(interp=interp@entry=0x55791a80,
result=optimized out, interrupted=interrupted@entry=0x0) at
sieve-interpreter.c:604
#9 0x77b82a7b in sieve_interpreter_run (interp=0x55791a80,
result=0x55798e00)
at sieve-interpreter.c:615
#10 0x77b94f8f in sieve_run (sbin=0x5577aeb0,
result=result@entry=0x7fffeae0,
msgdata=0x7fffebc0, senv=senv@entry=0x7fffebf0,
ehandler=0x557799e0,
flags=optimized out) at sieve.c:335
#11 0x77b959cc in sieve_test (sbin=optimized out, msgdata=optimized
out,
senv=0x7fffebf0, ehandler=optimized out, stream=0x5578b6f0,
flags=optimized out,
keep=0x0) at sieve.c:496
#12 0x77d7 in main (argc=6, argv=0x55764390) at sieve-test.c:295
sieve-test used to work fine on the (non-minified) script on which it now
segfaults, so this bug was probably introduced by a recent version.
-- Package-specific info:
dovecot configuration
-
# 2.2.18: /etc/dovecot/dovecot.conf
# OS: Linux 4.0.0-2-amd64 x86_64 Debian stretch/sid
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
ssl = no
userdb {
driver = passwd
}
-- System Information:
Debian Release: stretch/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dovecot-sieve depends on:
ii dovecot-core 1:2.2.18-1
ii libc6 2.19-18
ii ucf 3.0030
dovecot-sieve recommends no packages.
dovecot-sieve suggests no packages.
Versions of packages dovecot-sieve is related to:
ii dovecot-core [dovecot-common] 1:2.2.18-1
ii dovecot-dbg1:2.2.18-1
pn dovecot-devnone
pn dovecot-gssapi none
pn dovecot-imapd none
pn dovecot-ldap none
pn dovecot-lmtpd none
pn dovecot-managesieved none
pn dovecot-mysql none
pn dovecot-pgsql none
pn dovecot-pop3d none
ii dovecot-sieve 1:2.2.18-1
pn dovecot-sqlite none
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#792669: dovecot-sieve: sieve-test segfaults with editheader
Hi, I also get the segfault, with the same devcot-sieve version on debian stretch. (I just followed the steps because a3nm asked if someone could reproduce, I don't use the package normally). Regards, Guillain -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
