New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
imapd/pop3d crashing on TLS shutdown #4785
Comments
I also do see such crashes, which produce coredumps. Looking in the coredumps, the problematic place is shutting down the TLS connection. So I have compiled OpenSSL and Cyrus IMAP with Address Sanitizer and wait for this to happen again. Fortunately or unfortunately this anomaly does not happen very often. Can you describe how to reproduce the problem? |
I compiled cyrus-imapd 3.8-patched and OpenSSL 3.0.12 with -g -O2 -fsanitize=address -fno-omit-frame-pointer -fno-common -fsanitize-recover=address and then execute it with the environment variables At some moment the file below is produced. My reading is that Right now I cannot say more, as I have no idea about TLS/OpenSSL internals. But I came independently to the conclusion mentioned at openssl/openssl#23031.
|
With this change diff --git a/imap/tls.c b/imap/tls.c
index bd318b5ea..63160e09d 100644
--- a/imap/tls.c
+++ b/imap/tls.c
@@ -1213,6 +1213,7 @@ EXPORTED int tls_start_servertls(int readfd, int writefd, int timeout,
/* Check the error code */
err = SSL_get_error(tls_conn, sts);
+ syslog(LOG_CRIT, "SSL_accept() failed -> err=%i, sts=%i", err, sts);
switch (err) {
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE: Cyrus IMAP sends to syslog and ASAN logs:
|
It looks like we are hitting the same also on Fedora with 3.8.1, it didn't happen with 3.6.0: Bug 2256083 - Sporadic segv in imapd after upgrading to FC39 |
FWIW I'm also seeing this on OmniOS:
|
This reverts commit a3523d4. cyrusimap#4785
I recently upgraded the OS on my mail servers from a version that shipped Cyrus IMAP 3.6.1 and OpenSSL 3.0 so one that incoudes Cyrus IMAP 3.8.1 and OpenSSL 3.1.
I immediately started seeing crashes of both imapd and pop3d during TLS session shutdown.
The following analysis is from a core file created while the application was running under the illumos libumem memory allocator, with debugging turned on.
The crash occurs when attempting to free an
SSL
structure viaSSL_free()
The
SSL
object concerned was originally allocated bySSL_new()
, as can be seen by looking at the allocation stack trace:The crash occurs because
SSL->session
was previously freed inssl3_send_alert()
:Based on this, I opened openssl/openssl#23031 against openssl, thinking that the problem was there. However, after a bit of investigation and further testing, and comments from the openssl developers over in that issue, it appears that the problem originates from a3523d4
I reverted that and have experienced no crashes for 24 hours.
Quoting from the openssl issue I created:
The text was updated successfully, but these errors were encountered: