Hello! We experienced crashes of the dovecot-auth process during user verification with pam_ssh.
After a little debugging I saw that pam_ssh and dovecot both provide a buffer_free() function. During cleanup of pam_ssh the buffer_free() from dovecot was called. The members of the buffer had all "out of bound" addresses. After rename the buffer_free() in dovecot the pam login works fine. Cheer, Elmar
diff -rNbB dovecot-1.2.13.orig/ChangeLog dovecot-1.2.13/ChangeLog 18337c18337 < Changed buffer_free() and buffer_free_without_data() APIs to take ** --- > Changed buffer_free_renamed() and buffer_free_without_data() APIs to > take ** diff -rNbB dovecot-1.2.13.orig/src/lib/array.h dovecot-1.2.13/src/lib/array.h 81c81 < buffer_free(&array->buffer); --- > buffer_free_renamed(&array->buffer); diff -rNbB dovecot-1.2.13.orig/src/lib/buffer.c dovecot-1.2.13/src/lib/buffer.c 123c123 < void buffer_free(buffer_t **_buf) --- > void buffer_free_renamed(buffer_t **_buf) diff -rNbB dovecot-1.2.13.orig/src/lib/buffer.h dovecot-1.2.13/src/lib/buffer.h 30c30 < void buffer_free(buffer_t **buf); --- > void buffer_free_renamed(buffer_t **buf); diff -rNbB dovecot-1.2.13.orig/src/lib/file-cache.c dovecot-1.2.13/src/lib/file-cache.c 39c39 < buffer_free(&cache->page_bitmask); --- > buffer_free_renamed(&cache->page_bitmask); diff -rNbB dovecot-1.2.13.orig/src/lib/istream-seekable.c dovecot-1.2.13/src/lib/istream-seekable.c 50c50 < buffer_free(&sstream->buffer); --- > buffer_free_renamed(&sstream->buffer); 115c115 < buffer_free(&sstream->buffer); --- > buffer_free_renamed(&sstream->buffer); 205c205 < buffer_free(&sstream->buffer); --- > buffer_free_renamed(&sstream->buffer); diff -rNbB dovecot-1.2.13.orig/src/lib/str.c dovecot-1.2.13/src/lib/str.c 37c37 < buffer_free(str); --- > buffer_free_renamed(str); diff -rNbB dovecot-1.2.13.orig/src/lib-auth/auth-client.c dovecot-1.2.13/src/lib-auth/auth-client.c 40c40 < buffer_free(&client->available_auth_mechs); --- > buffer_free_renamed(&client->available_auth_mechs); diff -rNbB dovecot-1.2.13.orig/src/lib-auth/auth-server-connection.c dovecot-1.2.13/src/lib-auth/auth-server-connection.c 328c328 < buffer_free(&conn->auth_mechs_buf); --- > buffer_free_renamed(&conn->auth_mechs_buf); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-cache-compress.c dovecot-1.2.13/src/lib-index/mail-cache-compress.c 276,277c276,277 < buffer_free(&ctx.buffer); < buffer_free(&ctx.field_seen); --- > buffer_free_renamed(&ctx.buffer); > buffer_free_renamed(&ctx.field_seen); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-cache-transaction.c dovecot-1.2.13/src/lib-index/mail-cache-transaction.c 106c106 < buffer_free(&ctx->cache_data); --- > buffer_free_renamed(&ctx->cache_data); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-cache.c dovecot-1.2.13/src/lib-index/mail-cache.c 704c704 < buffer_free(&view->cached_exists_buf); --- > buffer_free_renamed(&view->cached_exists_buf); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-index-fsck.c dovecot-1.2.13/src/lib-index/mail-index-fsck.c 254c254 < buffer_free(&dest); --- > buffer_free_renamed(&dest); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-index-map.c dovecot-1.2.13/src/lib-index/mail-index-map.c 518c518 < buffer_free(&rec_map->buffer); --- > buffer_free_renamed(&rec_map->buffer); 976c976 < buffer_free(&rec_map->buffer); --- > buffer_free_renamed(&rec_map->buffer); 1023c1023 < buffer_free(&map->hdr_copy_buf); --- > buffer_free_renamed(&map->hdr_copy_buf); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-index-sync-ext.c dovecot-1.2.13/src/lib-index/mail-index-sync-ext.c 248c248 < buffer_free(&map->rec_map->buffer); --- > buffer_free_renamed(&map->rec_map->buffer); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-index-sync-update.c dovecot-1.2.13/src/lib-index/mail-index-sync-update.c 758c758 < buffer_free(&sync_map_ctx->unknown_extensions); --- > buffer_free_renamed(&sync_map_ctx->unknown_extensions); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-index-transaction-view.c dovecot-1.2.13/src/lib-index/mail-index-transaction-view.c 39c39 < buffer_free(&tview->lookup_return_data); --- > buffer_free_renamed(&tview->lookup_return_data); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-transaction-log-append.c dovecot-1.2.13/src/lib-index/mail-transaction-log-append.c 710c710 < buffer_free(&ctx.output); --- > buffer_free_renamed(&ctx.output); 714c714 < buffer_free(&ctx.output); --- > buffer_free_renamed(&ctx.output); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mail-transaction-log-file.c dovecot-1.2.13/src/lib-index/mail-transaction-log-file.c 90c90 < buffer_free(&file->buffer); --- > buffer_free_renamed(&file->buffer); 1401c1401 < buffer_free(&file->buffer); --- > buffer_free_renamed(&file->buffer); 1441c1441 < buffer_free(&file->buffer); --- > buffer_free_renamed(&file->buffer); 1577c1577 < buffer_free(&file->buffer); --- > buffer_free_renamed(&file->buffer); diff -rNbB dovecot-1.2.13.orig/src/lib-index/mailbox-list-index-sync.c dovecot-1.2.13/src/lib-index/mailbox-list-index-sync.c 892c892 < buffer_free(&ctx->output_buf); --- > buffer_free_renamed(&ctx->output_buf); diff -rNbB dovecot-1.2.13.orig/src/lib-mail/message-decoder.c dovecot-1.2.13/src/lib-mail/message-decoder.c 73,75c73,75 < buffer_free(&ctx->encoding_buf); < buffer_free(&ctx->buf); < buffer_free(&ctx->buf2); --- > buffer_free_renamed(&ctx->encoding_buf); > buffer_free_renamed(&ctx->buf); > buffer_free_renamed(&ctx->buf2); diff -rNbB dovecot-1.2.13.orig/src/lib-mail/message-header-decode.c dovecot-1.2.13/src/lib-mail/message-header-decode.c 133c133 < buffer_free(&decodebuf); --- > buffer_free_renamed(&decodebuf); diff -rNbB dovecot-1.2.13.orig/src/lib-mail/message-header-parser.c dovecot-1.2.13/src/lib-mail/message-header-parser.c 48c48 < buffer_free(&ctx->value_buf); --- > buffer_free_renamed(&ctx->value_buf); diff -rNbB dovecot-1.2.13.orig/src/lib-storage/index/index-mail.c dovecot-1.2.13/src/lib-storage/index/index-mail.c 1360c1360 < buffer_free(&mail->header_data); --- > buffer_free_renamed(&mail->header_data); diff -rNbB dovecot-1.2.13.orig/src/plugins/fts-squat/squat-test.c dovecot-1.2.13/src/plugins/fts-squat/squat-test.c 132c132 < buffer_free(&valid); --- > buffer_free_renamed(&valid); diff -rNbB dovecot-1.2.13.orig/src/pop3/client.c dovecot-1.2.13/src/pop3/client.c 151c151 < buffer_free(&message_sizes_buf); --- > buffer_free_renamed(&message_sizes_buf); diff -rNbB dovecot-1.2.13.orig/src/tests/test-lib.c dovecot-1.2.13/src/tests/test-lib.c 302c302 < buffer_free(&buf); --- > buffer_free_renamed(&buf);
