Bug 1177852
| Summary: | managesieve can segfault compiling certain sieve scripts | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Orion Poplawski <orion> |
| Component: | dovecot | Assignee: | Michal Hlavinka <mhlavink> |
| Status: | CLOSED ERRATA | QA Contact: | Frantisek Sumsal <fsumsal> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | fsumsal, jscotka, ovasik |
| Target Milestone: | rc | Keywords: | Patch |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | dovecot-2.2.10-7.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-04 07:22:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Verified with dovecot-2.2.10-7.el7. Old package: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: [BZ#1177852] managesieve segfault :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Command 'touch mail' (Expected 0, got 0) :: [ INFO ] :: Testing sieve: if address :comparator { } :: [ PASS ] :: Command 'echo 'if address :comparator { }' > sieve' (Expected 0, got 0) :: [ FAIL ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 139) :: [ INFO ] :: Testing sieve: if address :comparator 1 "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator 1 "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator ["a", "b"] "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator ["a", "b"] "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator :frop "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator :frop "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator :all "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator :all "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ LOG ] :: Duration: 1s :: [ LOG ] :: Assertions: 10 good, 1 bad :: [ FAIL ] :: RESULT: [BZ#1177852] managesieve segfault New package: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: [BZ#1177852] managesieve segfault :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Command 'touch mail' (Expected 0, got 0) :: [ INFO ] :: Testing sieve: if address :comparator { } :: [ PASS ] :: Command 'echo 'if address :comparator { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator 1 "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator 1 "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator ["a", "b"] "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator ["a", "b"] "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator :frop "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator :frop "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ INFO ] :: Testing sieve: if address :comparator :all "from" "frop" { } :: [ PASS ] :: Command 'echo 'if address :comparator :all "from" "frop" { }' > sieve' (Expected 0, got 0) :: [ PASS ] :: Command 'sieve-test sieve mail' (Expected 0,1,89, got 89) :: [ LOG ] :: Duration: 1s :: [ LOG ] :: Assertions: 11 good, 0 bad :: [ PASS ] :: RESULT: [BZ#1177852] managesieve segfault Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2477.html |
Description of problem: The sieve plugin for Thundirbird likes to rapidly compile work in progress sieve scripts to continually give feedback on any errors in the script. This can trigger segmentation faults in lib-sieve with certain pathologically incomplete sieve scripts. One example: #0 tag_comparator_validate (valdtr=0x7f291aa713a0, arg=0x7fff5c3cfa58, cmd=0x7f291aa69360) at sieve-comparators.c:143 143 if ( (*arg)->type != SAAT_STRING ) { (gdb) list 138 *arg = sieve_ast_argument_next(*arg); 139 140 /* Check syntax: 141 * ":comparator" <comparator-name: string> 142 */ 143 if ( (*arg)->type != SAAT_STRING ) { 144 sieve_argument_validate_error(valdtr, *arg, 145 ":comparator tag requires one string argument, but %s was found", 146 sieve_ast_argument_name(*arg) ); 147 return FALSE; (gdb) print arg $1 = (struct sieve_ast_argument **) 0x7fff5c3cfa58 (gdb) print *arg $2 = (struct sieve_ast_argument *) 0x0 So sieve_ast_argument_next() is returning NULL and we're trying to dereference it without checking. Fix has been checked in upstream: http://hg.rename-it.nl/dovecot-2.2-pigeonhole/rev/b6c55ac6460d Version-Release number of selected component (if applicable): dovecot-2.2.10-4.el7_0.1.x86_64