Bug#815208: sasl2-bin: auth_rimap infinite loop (hang) when IMAP server closes connection
Jered Floyd
jered at convivian.com
Sat Feb 20 03:38:27 UTC 2016
Package: sasl2-bin
Version: 2.1.26.dfsg1-13+deb8u1jf1
Severity: important
Tags: upstream patch
Dear Maintainer,
I run Zimbra Collaboration Server (ZCS 8.5.x) which send a BYE and closes the connection on failed authentication. This causes auth_rimap to go into an infinite loop as its criteria for if data is available on the socket is incorrect.
This bug was introduced by the patch for upstream bug #3211, included in cyrus-sasl2 2.1.26. The while() loop at auth_rimap.c:607 (line #496 upstream) has incorrect exit criteria -- if the socket is closed and the fd is at EOF the loop will not exit.
A patch is attached, which I have tested and confirmed resolves the issue. This patch stacks onto cyrus-sasl2_2.1.26.dfsg1-13+deb8u1.
I have submitted this bug and patch upstream, and it is tracked as bug #3920: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3920
Sample IMAP exchange:
S: * OK IMAP4 ready
C: saslauthd LOGIN "test" "test"
S: saslauthd NO LOGIN failed
S: * BYE Zimbra IMAP server terminating connection
Server closes connection
Sample strace:
alarm(30) = 0
read(12, "* OK IMAP4 ready\r\n", 1000) = 18
alarm(0) = 30
select(13, [12], NULL, NULL, {1, 0}) = 0 (Timeout)
sendto(4, "<39>Feb 19 21:20:24 saslauthd[55"..., 100, MSG_NOSIGNAL, NULL, 0) = 100
alarm(30) = 0
writev(12, [{"saslauthd LOGIN ", 16}, {"\"test\"", 6}, {" ", 1}, {"\"test\"", 6}, {"\r\n", 2}], 5) = 31
alarm(0) = 30
alarm(30) = 0
read(12, "saslauthd NO LOGIN failed\r\n", 1000) = 27
alarm(0) = 20
select(13, [12], NULL, NULL, {1, 0}) = 1 (in [12], left {0, 999831})
read(12, "* BYE Zimbra IMAP server termina"..., 973) = 49
select(13, [12], NULL, NULL, {0, 999831}) = 1 (in [12], left {0, 999719})
read(12, "", 924) = 0
select(13, [12], NULL, NULL, {0, 999719}) = 1 (in [12], left {0, 999717})
read(12, "", 924) = 0
select(13, [12], NULL, NULL, {0, 999717}) = 1 (in [12], left {0, 999715})
etc.
Regards,
--Jered
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sasl2-bin depends on:
ii db-util 5.3.0
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18+deb8u3
ii libcomerr2 1.42.12-1.1
ii libdb5.3 5.3.28-9
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
ii libk5crypto3 1.12.1+dfsg-19+deb8u2
ii libkrb5-3 1.12.1+dfsg-19+deb8u2
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2
ii libpam0g 1.1.8-3.1+deb8u1
ii libsasl2-2 2.1.26.dfsg1-13+deb8u1jf1
ii libssl1.0.0 1.0.1k-3+deb8u2
sasl2-bin recommends no packages.
sasl2-bin suggests no packages.
-- Configuration Files:
/etc/default/saslauthd changed [not included]
-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth_rimap_socket_closed.patch
Type: text/x-diff
Size: 698 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20160219/b227c831/attachment.patch>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list