Hi!
Dovecot 2.0.0 auth process seems to crash while attempting to
connect to a nonexistent SQL database. A shallow look at the code
reveals that NULL module->conn in passdb-sql.c is being erroneously
dereferenced while trying to clean up after a failed connection
attempt:
(gdb) bt
#0 0x0806240e in sql_query_callback (result=0x8076c40, sql_request=0x808ff90)
at passdb-sql.c:70
#1 0x08069b66 in sqlpool_request_abort (_request=<value optimized out>)
at driver-sqlpool.c:114
#2 0x0806ab2a in driver_sqlpool_deinit (_db=0x808b970) at driver-sqlpool.c:448
#3 0x0806970a in sql_deinit (_db=0x808b5bc) at sql-api.c:87
#4 0x0805a3ac in db_sql_unref (_conn=0x807fc60) at db-sql.c:119
#5 0x08062be2 in userdb_deinit (userdb=0x807fc48) at userdb.c:177
#6 0x0804ff4b in auths_deinit () at auth.c:213
#7 0x0805b7bc in main (argc=1474660693, argv=0xec835356) at main.c:160
gdb) print ((struct sql_passdb_module *) _module)->conn
$20 = (struct sql_connection *) 0x0
It seems that module->conn for passdb is being zeroed at auth_deinit(),
passdb_deinit() completes succesfully but then userdb_deinit() does
the illegal access.
The following hack seems to eliminate the symptom, however I'd
strongly recommend to take a deeper look at the issue. I suspect
that a higher level fix would be more appropriate.
--- dovecot-2.0.rc6.orig/src/auth/passdb-sql.c 2010-07-21
14:13:29.000000000 +0000
+++ dovecot-2.0.rc6.patched/src/auth/passdb-sql.c 2010-08-18
21:07:05.000000000 +0000
@@ -67,7 +67,7 @@
ret = sql_result_next_row(result);
if (ret < 0) {
- if (!module->conn->default_password_query) {
+ if (!module->conn ||
!module->conn->default_password_query) {
auth_request_log_error(auth_request, "sql",
"Password query failed:
%s",
sql_result_get_error(result));
Leandro