Package: sasl2-bin Version: 2.1.26.dfsg1-13+deb8u1jf1 Severity: important Tags: upstream patch
Dear Maintainer, I run Zimbra Collaboration Server (ZCS 8.5.x) which send a BYE and closes the connection on failed authentication. This causes auth_rimap to go into an infinite loop as its criteria for if data is available on the socket is incorrect. This bug was introduced by the patch for upstream bug #3211, included in cyrus-sasl2 2.1.26. The while() loop at auth_rimap.c:607 (line #496 upstream) has incorrect exit criteria -- if the socket is closed and the fd is at EOF the loop will not exit. A patch is attached, which I have tested and confirmed resolves the issue. This patch stacks onto cyrus-sasl2_2.1.26.dfsg1-13+deb8u1. I have submitted this bug and patch upstream, and it is tracked as bug #3920: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3920 Sample IMAP exchange: S: * OK IMAP4 ready C: saslauthd LOGIN "test" "test" S: saslauthd NO LOGIN failed S: * BYE Zimbra IMAP server terminating connection Server closes connection Sample strace: alarm(30) = 0 read(12, "* OK IMAP4 ready\r\n", 1000) = 18 alarm(0) = 30 select(13, [12], NULL, NULL, {1, 0}) = 0 (Timeout) sendto(4, "<39>Feb 19 21:20:24 saslauthd[55"..., 100, MSG_NOSIGNAL, NULL, 0) = 100 alarm(30) = 0 writev(12, [{"saslauthd LOGIN ", 16}, {"\"test\"", 6}, {" ", 1}, {"\"test\"", 6}, {"\r\n", 2}], 5) = 31 alarm(0) = 30 alarm(30) = 0 read(12, "saslauthd NO LOGIN failed\r\n", 1000) = 27 alarm(0) = 20 select(13, [12], NULL, NULL, {1, 0}) = 1 (in [12], left {0, 999831}) read(12, "* BYE Zimbra IMAP server termina"..., 973) = 49 select(13, [12], NULL, NULL, {0, 999831}) = 1 (in [12], left {0, 999719}) read(12, "", 924) = 0 select(13, [12], NULL, NULL, {0, 999719}) = 1 (in [12], left {0, 999717}) read(12, "", 924) = 0 select(13, [12], NULL, NULL, {0, 999717}) = 1 (in [12], left {0, 999715}) etc. Regards, --Jered -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sasl2-bin depends on: ii db-util 5.3.0 ii debconf [debconf-2.0] 1.5.56 ii libc6 2.19-18+deb8u3 ii libcomerr2 1.42.12-1.1 ii libdb5.3 5.3.28-9 ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2 ii libk5crypto3 1.12.1+dfsg-19+deb8u2 ii libkrb5-3 1.12.1+dfsg-19+deb8u2 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2 ii libpam0g 1.1.8-3.1+deb8u1 ii libsasl2-2 2.1.26.dfsg1-13+deb8u1jf1 ii libssl1.0.0 1.0.1k-3+deb8u2 sasl2-bin recommends no packages. sasl2-bin suggests no packages. -- Configuration Files: /etc/default/saslauthd changed [not included] -- debconf information excluded
--- a/saslauthd/auth_rimap.c +++ b/saslauthd/auth_rimap.c @@ -494,7 +494,7 @@ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { if ( FD_ISSET(s, &perm) ) { ret = read(s, rbuf+rc, sizeof(rbuf)-rc); - if ( ret<0 ) { + if ( ret<=0 ) { rc = ret; break; } else { @@ -607,7 +607,7 @@ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) { if ( FD_ISSET(s, &perm) ) { ret = read(s, rbuf+rc, sizeof(rbuf)-rc); - if ( ret<0 ) { + if ( ret<=0 ) { rc = ret; break; } else {