Bug 146976

Summary: fetchmail daemon can crash
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Forgotten User ZC6aJTElLj <forgotten_ZC6aJTElLj>
Component: NetworkAssignee: Stanislav Brabec <sbrabec>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: forgotten_ZC6aJTElLj
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User ZC6aJTElLj 2006-01-31 16:15:44 UTC 
On two SuSE 10.0 systems, I have seen frequent crashes of the fetchmail daemon. This is nasty, since in that case, e-mails are not being fetched any more without any other notification.

I cannot tell what exactly leads to that situation (there was a temporary DNS problem, but that should be handled correctly by fetchmail). Maybe the reason for this is explained by one of the recent bugs listed here:

http://fetchmail.berlios.de/

There seem to be several possible crashes, including empty headers, a free() call after bounced messages and others. Your version of fetchmail seems quite old and may not have all the latest patches applied.
Comment 1 Stanislav Brabec 2006-02-09 17:19:11 UTC 
To verify it, you can try to rebuild latest version from SuSE Linux 10.1 beta (or supplementary).

We have all security updates from latest fetchmail, with exception of very minor CVE-2006-0321. All crashes of fetchmail are considered as security bugs. We do no package updates for released products.

Without detailed debugging information (backtrace) is is not possible to do anything with this bug, since nobody else reported these problems.
Comment 2 Stanislav Brabec 2006-02-20 13:04:57 UTC 
Setting to NEEDINFO: Could you be more verbose (e. g. send backtraces, crasher mails etc.). Without it, there is no chance to debug or reproduce.
Comment 3 Forgotten User ZC6aJTElLj 2006-02-20 13:22:16 UTC 
Alas, I can not. As I stated, there was no error output and the error was not reproducible for me. After the daemon has been restarted, it ran fine with the same mail input as before.

The only thing I could see were errors regarding temp DNS failures before the crash (which also was not logged, I could only see that because the daemon did not fetch mail any more from my POP3S host). The reason for not more people seeing this error may be the fact that I use SSL to fetch mails which is not so common.

My cure for that problem was a regular CRON job to check if the daemon still works and restart it in the negative case, although you are right in stating that any crash of fetchmail should be considered a security bug.
Comment 4 Stanislav Brabec 2006-02-20 13:36:31 UTC 
Many people use fetchmail with POP3S...

You can try to set ulimit -c unlimited, install debuginfo package (from opensuse repository - must have the same release and mtime {If the crash occurs with -O0 optimization, it is useful to build such package.}), then run it again. If the crash occurs again, please send the core file created by this crash or send backtrace.

If you will be able to do it, it is possible to trace the problem. Then please reopen this bug or report it directly to the upstream maintainer.

For now I am closing it as INVALID - information is not sufficient to reproduce, locate or debug.