[Pkg-sogo-maintainers] Bug#970382: sogo: Segfault with userPasswordAlgorithm=md5-crypt

Sebastien Delafond seb at debian.org
Tue Sep 15 11:48:59 BST 2020 

Package: sogo
Version: 4.0.7-1+deb10u1
Severity: normal

I'm trying to use a postfixadmin user source, stored in mysql, with the
following configuration:

   SOGoUserSources = (
      {
        type = sql;
        id = postfixadmin;
        viewURL = "mysql://user:passwd@foo.bar:3306/postfixadmin/sogo_users";
        canAuthenticate = YES;
        isAddressBook = YES;
        userPasswordAlgorithm = "md5-crypt";
        DomainFieldName = "domain";
        IMAPLoginFieldName = "c_name";
        LoginFieldNames = (
              "c_uid",
              "c_name"
          );
      }
    );

This causes SOGo to segfault when trying to login on the web
interface. SOGo is able to find the user in mysql, but crashes right
after that:

  [11131]: <0x0x560ff5d9a450[WOHttpAdaptor]> notified the watchdog that we are ready
  [11131]: |SOGo| starting method 'GET' on uri '/SOGo'
  [11131]: <0x0x560ff5db8f40[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
  [11131]: <0x0x560ff5db8f40[SOGoCache]> Using host(s) 'localhost' as server(s)
  0 sogod[11131:11131] PG0x0x560ff5b3b420 SQL: SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous'
  [11131]: |SOGo| request took 0.009448 seconds to execute
  [11131]: 37.167.168.127 "GET /SOGo HTTP/1.1" 302 0/0 0.012 - - 3M
  [11131]: |SOGo| starting method 'GET' on uri '/SOGo/'
  [11131]: |SOGo|   constructed root-url: /SOGo/
  [11131]: |SOGo|   setting root-url in context: /SOGo/
  [11131]: |SOGo| ROOT baseURL(no container, name=(null)):
  
  [11131]: |SOGo| request took 0.041883 seconds to execute
  [11131]: 37.167.168.127 "GET /SOGo/ HTTP/1.1" 200 27160/0 0.043 - - 1M
  [11131]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
  [11131:11131] MySQL4 connection established 0x0x560ff5daaed0
  [11131:11131] MySQL4 channel 0x0x560ff5e469c0 opened (connection=0x0x560ff5daaed0,postfixadmin)
  [11131:11131] <MySQL4Channel[0x0x560ff5e469c0] connection=0x0x560ff5daaed0> SQL: SELECT c_password FROM sogo_users WHERE (c_uid = 'first.last') OR (c_name = 'first.last');
  [11131:11131] <MySQL4Channel[0x0x560ff5e469c0] connection=0x0x560ff5daaed0>   query has results, entering fetch-mode.
  [8566]: <0x0x560ff5b535b0[WOWatchDogChild]> child 11131 exited
  [8566]: <0x0x560ff5b535b0[WOWatchDogChild]>  (terminated due to signal 11)

Using sogo-dbgsym, I extracted the following backtrace in gdb: it's
apparently choking when trying to hash the password through crypt:

  (gdb) bt
  #0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
  #1  0x00007ffff7f45954 in -[NSData(SOGoCryptoExtension) asCryptUsingSalt:] (self=0x555555c6cd40, _cmd=0x7ffff7fb8be0 <_OBJC_SELECTOR_TABLE+160>, theSalt=0x55555599d5e0) at NSData+Crypto.m:679                                                                                                                               
  #2  0x00007ffff7f43cca in -[NSData(SOGoCryptoExtension) asCryptedPassUsingScheme:withSalt:] (self=0x555555c6cd40, _cmd=0x7ffff7fb7cd0 <_OBJC_SELECTOR_TABLE+304>, passwordScheme=0x555555858920, theSalt=0x55555599d5e0) at NSData+Crypto.m:187                                                                               
  #3  0x00007ffff7f42d44 in -[NSString(SOGoCryptoExtension) asCryptedPassUsingScheme:withSalt:andEncoding:] (self=0x555555d40410, _cmd=0x7ffff7fb7ca0 <_OBJC_SELECTOR_TABLE+256>, passwordScheme=0x555555858920, theSalt=0x55555599d5e0, userEncoding=encPlain) at NSString+Crypto.m:222                                        
  #4  0x00007ffff7f42b3d in -[NSString(SOGoCryptoExtension) isEqualToCrypted:withDefaultScheme:] (self=0x555555d40410, _cmd=0x7ffff7fad9d0 <_OBJC_SELECTOR_TABLE+240>, cryptedPassword=0x555555d40590, theScheme=0x555555858920) at NSString+Crypto.m:161                                                                       
  #5  0x00007ffff7f3457c in -[SQLSource _isPassword:equalTo:] (self=0x555555d28a50, _cmd=0x7ffff7fadb30 <_OBJC_SELECTOR_TABLE+592>, plainPassword=0x555555d40410, encryptedPassword=0x555555d40590) at SQLSource.m:194                                                                                                          
  #6  0x00007ffff7f34c3b in -[SQLSource checkLogin:password:perr:expire:grace:] (self=0x555555d28a50, _cmd=0x7ffff7fa58f0 <_OBJC_SELECTOR_TABLE+752>, _login=0x555555d43790, _pwd=0x555555d40410, _perr=0x7fffffffbce4, _expire=0x7fffffffbce8, _grace=0x7fffffffbcec) at SQLSource.m:301                                       
  #7  0x00007ffff7f2562b in -[SOGoUserManager _sourceCheckLogin:andPassword:domain:perr:expire:grace:] (self=0x555555d3cca0, _cmd=0x7ffff7fa5a20 <_OBJC_SELECTOR_TABLE+1056>, login=0x555555d43790, password=0x555555d40410, domain=0x7fffffffbcf0, perr=0x7fffffffbce4, expire=0x7fffffffbce8, grace=0x7fffffffbcec)           
      at SOGoUserManager.m:478
  #8  0x00007ffff7f25fef in -[SOGoUserManager checkLogin:password:domain:perr:expire:grace:useCache:] (self=0x555555d3cca0, _cmd=0x7ffff7fbf400 <_OBJC_SELECTOR_TABLE+256>, _login=0x555555d43790, _pwd=0x555555d40410, _domain=0x7fffffffbcf0, _perr=0x7fffffffbce4, _expire=0x7fffffffbce8, _grace=0x7fffffffbcec,            
      useCache=0 '\000') at SOGoUserManager.m:642
  #9  0x00007ffff7f4b229 in -[SOGoWebAuthenticator checkLogin:password:domain:perr:expire:grace:useCache:] (self=0x555555c32e10, _cmd=0x7ffff2922cf0 <_OBJC_SELECTOR_TABLE+528>, _login=0x555555d43790, _pwd=0x555555d40410, _domain=0x7fffffffbcf0, _perr=0x7fffffffbce4, _expire=0x7fffffffbce8, _grace=0x7fffffffbcec,       
      _useCache=0 '\000') at SOGoWebAuthenticator.m:164
  #10 0x00007ffff2916d4e in -[SOGoRootPage connectAction] (self=0x555555cc1790, _cmd=0x555555a61810) at SOGoRootPage.m:209
  #11 0x00007ffff79f98ef in ?? () from /lib/libNGObjWeb.so.4.9
  #12 0x00007ffff295eaa4 in -[UIxComponent performActionNamed:] (self=0x555555cc1790, _cmd=0x7ffff7bbcc80, _actionName=0x555555911460) at UIxComponent.m:795
  #13 0x00007ffff7a7a9e4 in ?? () from /lib/libNGObjWeb.so.4.9
  #14 0x00007ffff7a7ab10 in ?? () from /lib/libNGObjWeb.so.4.9
  #15 0x00007ffff7a75011 in ?? () from /lib/libNGObjWeb.so.4.9
  #16 0x00007ffff7a774d2 in ?? () from /lib/libNGObjWeb.so.4.9
  #17 0x00007ffff79fb72c in ?? () from /lib/libNGObjWeb.so.4.9
  #18 0x00007ffff79bbaa8 in ?? () from /lib/libNGObjWeb.so.4.9
  #19 0x00007ffff79bbdc1 in ?? () from /lib/libNGObjWeb.so.4.9
  #20 0x000055555555d626 in -[SOGo dispatchRequest:] (self=0x555555988180, _cmd=0x7ffff7ba1f80, _request=0x5555559d7b20) at SOGo.m:584
  #21 0x00007ffff7a65a12 in ?? () from /lib/libNGObjWeb.so.4.9
  #22 0x00007ffff7a65d88 in ?? () from /lib/libNGObjWeb.so.4.9
  #23 0x00007ffff7a61a2e in ?? () from /lib/libNGObjWeb.so.4.9
  #24 0x00007ffff7a61c3e in ?? () from /lib/libNGObjWeb.so.4.9
  #25 0x00007ffff7a62044 in ?? () from /lib/libNGObjWeb.so.4.9
  #26 0x00007ffff7a624e3 in ?? () from /lib/libNGObjWeb.so.4.9
  #27 0x00007ffff714a357 in ?? () from /lib/libgnustep-base.so.1.26
  #28 0x00007ffff7614d3e in ?? () from /lib/libNGExtensions.so.4.9
  #29 0x00007ffff7260899 in ?? () from /lib/libgnustep-base.so.1.26
  #30 0x00007ffff71924ff in ?? () from /lib/libgnustep-base.so.1.26
  #31 0x00007ffff7192294 in ?? () from /lib/libgnustep-base.so.1.26
  #32 0x00007ffff79bb2e4 in ?? () from /lib/libNGObjWeb.so.4.9
  #33 0x000055555555c76d in -[SOGo run] (self=0x555555988180, _cmd=0x7ffff7b26d90) at SOGo.m:337
  #34 0x00007ffff79e5b79 in WOApplicationMain () from /lib/libNGObjWeb.so.4.9
  #35 0x00007ffff7a070c9 in WOWatchDogApplicationMain () from /lib/libNGObjWeb.so.4.9
  #36 0x000055555555b30e in main (argc=13, argv=0x7fffffffec58, env=0x7fffffffecc8) at sogod.m:51

If I use userPasswordAlgorithm="crypt", the backtrace is exactly the
same. If I use any other userPasswordAlgorithm not relying on crypt,
then SOGo does not crash (but of course I'm then unable to login).

This problem seems to be specific to 4.0.x:

  - the same SOGoUserSources uses to work fine in version
    2.3.12-1 in jessie

  - everything is also OK if I use 4.3.2-1 from testing via "apt
    install -t bullseye", on top of my current buster setup

Cheers,

-- 
Seb

-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sogo depends on:
ii  adduser               3.118
ii  gnustep-base-runtime  1.26.0-4+deb10u1
ii  libc6                 2.28-10
ii  libcurl3-gnutls       7.64.0-4+deb10u1
ii  libgcc1               1:8.3.0-6
ii  libglib2.0-0          2.58.3-2+deb10u2
ii  libgnustep-base1.26   1.26.0-4+deb10u1
ii  libgnutls30           3.6.7-4+deb10u3
ii  liblasso3             2.6.0-2+b2
ii  libmemcached11        1.0.18-4.2
ii  libobjc4              8.3.0-6
ii  libsbjson2.3          2.3.2-4+b1
ii  libsope1              4.0.7-1
ii  lsb-base              10.2019051400
ii  memcached             1.5.6-1.1
ii  sogo-common           4.0.7-1+deb10u1
ii  systemd               241-5
ii  zip                   3.0-11+b1

sogo recommends no packages.

Versions of packages sogo suggests:
pn  postgresql | default-mysql-server | virtual-mysql-server  <none>

-- no debconf information

More information about the Pkg-sogo-maintainers mailing list