RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1570017 - Premature LOGOUT disconnect on SSL connections - BYE not flushed / correctly sent
Summary: Premature LOGOUT disconnect on SSL connections - BYE not flushed / correctly ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: dovecot
Version: 7.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Michal Hlavinka
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-20 12:51 UTC by Graham Leggett
Modified: 2020-02-07 18:27 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-07 18:27:12 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Graham Leggett 2018-04-20 12:51:50 UTC
Description of problem:

When an IMAP client connecting to dovecot sends the LOGOUT command, dovecot immediately terminates the connection, and the BYE response is not sent to the client.

This in turn triggers further bugs in Limilabs IMAP client / Docuware, which in turn renders it impossible for Docuware v6.12 to log in successfully to a Redhat SSL IMAP server.

Version-Release number of selected component (if applicable):

dovecot-2.2.10-8.el7.x86_64



How reproducible:


Steps to Reproduce:
1. Using Docuware (or the embedded Limilabs IMAP client), attempt to connect and login to a RHEL7 dovecot server.
2.
3.

Actual results:

Docuware complains "Not able to establish connection. Please verify your input!".

The underlying Limilabs library logs the following: "Limilabs.Client.ServerException: Tried to read a line. No data received."


Expected results:

The IMAP login works successfully.

Additional info:

By enabling a trace of the conversation using dovecot rawlog, and by monitoring the behaviour of the SSL at the same time using ssldump, we find the following:

- SSL handshake completes successfully.

- Dovecot says hello:

1 12   0.6355   (0.2349)    S>C      application_data
1 13   0.6355   (0.0000)    S>C      application_data

1524225651.163802 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

- Limilabs says ID:

1524225651.397017 ea6c9b67cbcf4776 ID ("name" "Mail.dll" "version" "3.0.14050.1215" "vendor" "www.limilabs.com" "contact" "support")

1 14   0.8178   (0.1822)    C>S      application_data
1 15   0.8178   (0.0000)    C>S      application_data

- Dovecot says ID completed:

1524225651.397148 * ID ("name" "Dovecot")
1524225651.397161 ea6c9b67cbcf4776 OK ID completed.

1 16   0.8182   (0.0004)    S>C      application_data
1 17   0.8182   (0.0000)    S>C      application_data

- Limilabs says LOGOUT:

1524225651.580768 bcc40b4680cc43ed LOGOUT

1 18   0.9993   (0.1810)    C>S      application_data
1 19   0.9993   (0.0000)    C>S      application_data

- Dovecot *thinks* it says BYE but this is never flushed or sent over the network, the connection is terminated prematurely.

1524225651.580815 * BYE Logging out
1524225651.580826 bcc40b4680cc43ed OK Logout completed.

1 20   0.9997   (0.0003)    S>C      Alert
  1      0.9998   (0.0000)    S>C    TCP FIN
  1      1.1814   (0.1816)    C>S    TCP FIN

- Limilabs complains that "Tried to read a line. No data received."

As a workaround, if stunnel is used to do SSL in front of dovecot instead of dovecot native SSL, the connection termination works properly, and Limilabs/Docuware works.

Comment 2 Graham Leggett 2018-04-20 13:01:43 UTC
A fix for this bug appears to have been applied to dovecot in 2014:

https://dovecot.org/list/dovecot-cvs/2014-June/024504.html

The fix was distributed in Debian here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751682

Redhat appeared to not distribute the fix for CVE-2015-3420:

https://access.redhat.com/security/cve/cve-2015-3420

The following bug report claimed that the dovecot fix described above caused the CVE, which doesn't seem to make sense:

https://bugzilla.redhat.com/show_bug.cgi?id=1216057

Comment 3 Graham Leggett 2018-04-20 13:52:57 UTC
Downloaded the SRPM for dovecot and applied the following two patches, and the problem was fixed:

https://dovecot.org/list/dovecot-cvs/2014-June/024504.html
https://www.dovecot.org/list/dovecot-cvs/2014-June/024509.html

Comment 4 Michal Hlavinka 2020-02-07 18:27:12 UTC
Upstream fixed this for dovecot 2.2.17, we have updated to dovecot 2.2.36 that contains that fix.


Note You need to log in before you can comment on or make changes to this bug.