[tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion.

tpop3d-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion.

From:	Dave Baker
Subject:	[tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion.
Date:	Wed, 15 Oct 2003 20:39:13 -0400
User-agent:	Mutt/1.5.4i

Since enabling TLS (immediate mode) and testing it for a while I've run
into a peculiar bug.  It was happening infrequently, but when it did
happen it was entirely reproduceable *UNTIL* I tried to isolate which
message was causing it.

Today, I managed to track down a little more about the source of the 
problem.  It seems it's caused by a certain character encoding.  tpop3d is
able to feed one copy of the email just fine, but if the same type of mail
appears again in the mailbox it will crash.

I tracked down a single mail that can duplicate this problem.  I just copy it
into a POP3 mbox and connect via "openssl s_client" to talk POP3.  I can
either log in, and "retr 1" twice to cause the crash, or if I have another
(good) mail I can log in and "retr 1" (bad), "retr 2" (good), "retr 1" (bad
again) and cause the crash.

Something interesting is that even though the mail is 6591 bytes on disk the 
mail headers indicate a Content-Length of 5295... the problem still occurs
if I edit out that header, but this at first led me to think it might be
a multi-byte character problem.


I have not yet tried with a maildir mailbox, but suspect it won't cause a
problem.


Attached is a gzipped copy of the mbox file that duplicates the crash.  Has
anyone else seen this?  


I wonder - does anyone know more about the TLS internals to take a
guess as to where the bug might lie?




Other pertinent details:
  tpop3d-1.5.2
  
  ./configure --prefix=/opt/tpop3d-1.5.2 --disable-auth-pam
  --disable-auth-passwd --disable-auth-mysql --disable-auth-pgsql
  --disable-auth-ldap --disable-auth-flatfile --disable-auth-other
  --enable-auth-perl --enable-mbox-bsd --enable-mbox-maildir --enable-tls
  --disable-snide-comments --enable-tcp-wrappers
  --with-openssl-root=/usr/local/

  Using perl_auth only.  I hand-patched the code (patch was sent to the list a
  few days ago) to modify the behavior of the "apop_only" flag to disable it's
  disconnectingness when under a secure connection.

  This is running under FreeBSD 4.5-RELEASE.
  
  OpenSSL is 0.9.7c

  (ldd) /opt/tpop3d-1.5.2/sbin/tpop3d:
        libwrap.so.3 => /usr/lib/libwrap.so.3 (0x2807b000)
        libssl.so.3 => /usr/local/lib/libssl.so.3 (0x28083000)
        libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280b1000)
        libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x2819d000)
        libperl.so.3 => /usr/lib/libperl.so.3 (0x281b6000)
        libm.so.2 => /usr/lib/libm.so.2 (0x2824e000)
        libc.so.4 => /usr/lib/libc.so.4 (0x2826a000)
        libutil.so.3 => /usr/lib/libutil.so.3 (0x28303000)

  

Here's the tpop3d output from the session that crashed:

2003-10-15 20:06:30.871169500 listeners_post_select: client 
[6]69.0.74.197/mail.server.hostname: connected to local address 69.55.238.47:995
2003-10-15 20:06:35.014563500 authcontext_new_user_pass: began session for 
address@hidden' with perl; uid 68, gid 6
2003-10-15 20:06:35.018870500 fork_child: address@hidden(69.0.74.197): began 
session for address@hidden' with perl; child PID is 92462
2003-10-15 20:06:35.025294500 mailspool_new_from_file: indexed mailspool 
/var/mail/dsb3.com/dave (6591 bytes) in 0.000s
2003-10-15 20:06:36.951299500 ioabs_tls_immediate_write: client 
address@hidden(69.0.74.197): bad write retry; closing connection
2003-10-15 20:06:36.954052500 connections_post_select: client 
address@hidden(69.0.74.197): finished session for address@hidden' with perl
2003-10-15 20:06:36.954067500 connections_post_select: client 
address@hidden(69.0.74.197): disconnected; 47/8024 bytes read/written


Here's some of the offending POP3 dialogue (I doubt it matters but the 
SSL cert I'm using is signed by geotrust)

$ openssl s_client -connect mail.server.hostname:995
CONNECTED(00000006)
(snip)
---
Server certificate
-----BEGIN CERTIFICATE-----
(snip)
---
No client certificate CA names sent
---
SSL handshake has read 1023 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
(snip)
---
+OK <address@hidden>
user address@hidden
+OK Tell me your password.
pass THEPASSWORDHERE
+OK Welcome aboard! You have exactly one message.
retr 1
+OK Message follows
(snip)
Content-Length: 5295
Lines: 3

(message body snipped)

.
retr 1
+OK Message follows
(snip)
Content-Length: 5295
Lines: 3

read:errno=0

(connection broken)






-- 

-    Dave Baker      :      address@hidden      :      http://dsb3.com/    -
GnuPG:  1024D/D7BCA55D / 09CD D148 57DE 711E 6708  B772 0DD4 51D5 D7BC A55D

mbox-crashes-tpop3d-ssl.gz
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

[tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Dave Baker <=
- Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Chris Lightfoot, 2003/10/16
  - Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Dave Baker, 2003/10/16
    - Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Chris Lightfoot, 2003/10/16
    - Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Dave Baker, 2003/10/17
    - Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Chris Lightfoot, 2003/10/17
    - Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion., Dave Baker, 2003/10/17

Prev by Date: [tpop3d-discuss] popb4 smtp using "exact"
Next by Date: Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion.
Previous by thread: [tpop3d-discuss] popb4 smtp using "exact"
Next by thread: Re: [tpop3d-discuss] Peculiar bug. 1.5.2 with TLS crashes on occasion.
Index(es):
- Date
- Thread