Bug 1302429

Summary:	dovecot pigeonhole plugin crashes on body part matches
Product:	[Fedora] Fedora	Reporter:	Scott Shambarger <scott-fedora>
Component:	dovecot	Assignee:	Michal Hlavinka <mhlavink>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	23	CC:	janfrode, mhlavink
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	dovecot-2.2.21-2.fc23 dovecot-2.2.21-2.fc22	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-02-17 03:57:45 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Scott Shambarger 2016-01-27 21:06:52 UTC

Description of problem:
dovecot-pigeonhole 0.4.10 crashes when sieve matches against some extracted body parts... maillog contains:

dovecot: lda(xxx): Panic: file str.c: line 22 (str_new_const): assertion failed: (str[len] == '\0')
dovecot: lda(xxx): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x827c2) [0x7f274a5cd7c2] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8287a) [0x7f274a5cd87a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f274a574b01] -> /usr/lib64/dovecot/libdovecot.so.0(+0xa9468) [0x7f274a5f4468] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(+0x61ddc) [0x7f2749919ddc] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_match+0xf1) [0x7f27499002e1] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(+0x62685) [0x7f274991a685] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_interpreter_continue+0x7c) [0x7f27498f70ec] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_interpreter_run+0x2b) [0x7f27498f730b] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(+0x52690) [0x7f274990a690] -> /usr/lib64/dovecot/libdovecot-sieve.so.0(sieve_execute+0x47) [0x7f274990b1f7] -> /usr/lib64/dovecot/lib90_sieve_plugin.so(+0x3b90) [0x7f2749b70b90] -> /usr/lib64/dovecot/libdovecot-lda.so.0(mail_deliver+0x49) [0x7f274ab888e9] -> /usr/libexec/dovecot/dovecot-lda(main+0x666) [0x563025824c16] -> /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f274a1aa580] -> /usr/libexec/dovecot/dovecot-lda(_start+0x29) [0x563025825279]


Version-Release number of selected component (if applicable):
dovecot-pigeonhole-2.2.21-1.fc23.x86_64

How reproducible:
Some body parts extraction results in a corrupt part_list structure used in  sieve 'body :text :contains "somestring"' matches

Full debuginfo trace for reference:
#0  0x00007f283bdf4a98 in raise () from /lib64/libc.so.6
#1  0x00007f283bdf669a in abort () from /lib64/libc.so.6
#2  0x00007f283c2037ba in default_fatal_finish (type=LOG_TYPE_PANIC, status=status@entry=0) at failures.c:201
#3  0x00007f283c20387a in i_syslog_fatal_handler (ctx=0x7ffe63694f20, format=<optimized out>, args=<optimized out>)
    at failures.c:418
#4  0x00007f283c1aab01 in i_panic (
    format=format@entry=0x7f283c231d38 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275
#5  0x00007f283c22a468 in str_new_const (pool=<optimized out>, str=<optimized out>, len=<optimized out>)
    at str.c:22
#6  0x00007f283b54fddc in ext_body_stringlist_next_item (_strlist=0x5638b7543928, str_r=0x7ffe63695070)
    at ext-body-common.c:89
#7  0x00007f283b5362e1 in sieve_stringlist_next_item (str_r=0x7ffe63695070, strlist=0x5638b7543928)
    at sieve-stringlist.h:44
#8  sieve_match (renv=renv@entry=0x5638b7587e98, mcht=mcht@entry=0x7ffe63695120, cmp=cmp@entry=0x7ffe63695100, 
    value_list=0x5638b7543928, key_list=0x5638b75438e0, exec_status=exec_status@entry=0x7ffe636950dc)
    at sieve-match.c:181
#9  0x00007f283b550685 in ext_body_operation_execute (renv=0x5638b7587e98, address=<optimized out>)
    at tst-body.c:381
#10 0x00007f283b52d0ec in sieve_interpreter_operation_execute (interp=0x5638b7587e40) at sieve-interpreter.c:870
#11 sieve_interpreter_continue (interp=interp@entry=0x5638b7587e40, interrupted=interrupted@entry=0x0)
    at sieve-interpreter.c:908
#12 0x00007f283b52d2da in sieve_interpreter_start (interp=interp@entry=0x5638b7587e40, result=<optimized out>, 
    interrupted=interrupted@entry=0x0) at sieve-interpreter.c:939
#13 0x00007f283b52d30b in sieve_interpreter_run (interp=0x5638b7587e40, result=0x5638b7588e50)
    at sieve-interpreter.c:950
#14 0x00007f283b540690 in sieve_run (sbin=0x5638b7583620, result=result@entry=0x7ffe63695240, 
    msgdata=0x7ffe63695330, senv=0x7ffe63695410, ehandler=ehandler@entry=0x5638b7573c80, flags=<optimized out>)
    at sieve.c:341
#15 0x00007f283b5411f7 in sieve_execute (sbin=<optimized out>, msgdata=<optimized out>, senv=<optimized out>, 
    exec_ehandler=exec_ehandler@entry=0x5638b7573c80, action_ehandler=0x5638b7587630, 
    flags=flags@entry=SIEVE_RUNTIME_FLAG_NOGLOBAL, keep=0x0) at sieve.c:550
#16 0x00007f283b7a6b90 in lda_sieve_singlescript_execute (srctx=0x7ffe636953a0) at lda-sieve-plugin.c:451
#17 lda_sieve_execute (storage_r=0x7ffe63695580, srctx=0x7ffe636953a0) at lda-sieve-plugin.c:867
#18 lda_sieve_deliver_mail (mdctx=<optimized out>, storage_r=0x7ffe63695580) at lda-sieve-plugin.c:928
#19 0x00007f283c7be8e9 in mail_deliver (ctx=0x7ffe636955c0, storage_r=0x7ffe63695580) at mail-deliver.c:440
#20 0x00005638b62e7c16 in main (argc=1, argv=0x5638b7549390) at main.c:440

Found in "Pigeonhole v0.4.11 for Dovecot v2.2.21" changelog:

- Several fixes in message body part handling:
  - Fixed assert failure occurring when text extraction is attempted on
    an empty or broken text part.
  - Fixed assert failure in handling of body parts that are converted
    to text.

I rebuilt dovecot with the upstream pigeonhole 0.4.11, and the bug does not re-occur.

Comment 1 Fedora Update System 2016-01-29 14:50:43 UTC

dovecot-2.2.21-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-573fde9db4

Comment 2 Fedora Update System 2016-01-29 14:50:43 UTC

dovecot-2.2.21-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f43b13b3dd

Comment 3 Scott Shambarger 2016-01-29 15:22:57 UTC

Installed the updated package in place of my build, and generally works and bug is fixed.  Thanks.

Comment 4 Fedora Update System 2016-01-30 19:21:51 UTC

dovecot-2.2.21-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f43b13b3dd

Comment 5 Fedora Update System 2016-01-30 19:55:42 UTC

dovecot-2.2.21-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-573fde9db4

Comment 6 Fedora Update System 2016-02-17 03:57:43 UTC

dovecot-2.2.21-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-02-17 04:21:28 UTC

dovecot-2.2.21-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.