imap deadlock bug in 0.7.65

Maxim Dounin mdounin at
Fri Apr 23 06:46:02 MSD 2010


On Thu, Apr 22, 2010 at 06:12:57PM -0700, Alan Batie wrote:

> At line 729 of ngx_mail_proxy_module.c, there is this check for how much
> data was received from an imap server response:
>     if (b->last - b->pos < 5) {
>         return NGX_AGAIN;
>     }
> Our zimbra server, oddly enough, running nginx itself, returns "+ \r\n"
> in response to the initial phase of a login.  As this is only 4
> characters, nginx goes back for more, only there isn't any more coming,
> resulting in a timeout.  Changing 5 to 4 fixes the problem, though
> probably a "MIN_IMAP_RESPONSE" define would probably be better.

As far as I understand RFC 3501 the only situation where "+ " CRLF 
form is permitted is server challenage in AUTHENTICATE command.  
And nginx doesn't use AUTHENTICATE command while talking to backends, 
it uses LOGIN command instead.

Could you please provide something like tcpdump -xXs0 of such 
a connection and some more details about your backend?

I'm ok with relaxing the above check, just curious.

Maxim Dounin

More information about the nginx mailing list