Philip Hazel wrote:
> On Wed, 19 Mar 2003, Alexander Sabourenkov wrote:
>
>
>>The following transaction results in SIGSEGV on at least 4.10, 4.12 and 4.14:
>
>
> Thanks for the report.
>
>
>>Now compiling exim in debug mode to investigate further.
>
>
> More information is always helpful!
gdb bt for exim-4.14 :
Program received signal SIGSEGV, Segmentation fault.
0x28173e94 in strncpy () from /usr/lib/libc.so.4
(gdb) bt
#0 0x28173e94 in strncpy () from /usr/lib/libc.so.4
#1 0x8096a91 in string_cat (
string=0x80e73f8 ", or sets\n# up an auto-reply,
respectively.\n\nuserforward:\n driver = redirect\n check_local_user\n file
= $home/.forward\n no_verify\n no_expn\n check_ancestor\n# allow_filter\n
file_transport = addres"..., size=0xbfbfef54,
ptr=0xbfbfef58, s=0x0, len=4) at string.c:829
#2 0x8066f97 in expand_string_internal (string=0x80e5248 "$1", ket_ends=0,
left=0x0, skipping=0) at expand.c:2289
#3 0x806a75f in expand_string (string=0x80e5248 "$1") at expand.c:3965
#4 0x8090485 in smtp_setup_msg () at smtp_in.c:1845
#5 0x804ded7 in handle_smtp_call (listen_sockets=0x80e7070,
listen_socket_count=1, accept_socket=1, accepted=0xbfbff2ec)
at daemon.c:415
#6 0x804f744 in daemon_go () at daemon.c:1310
#7 0x80625b5 in main (argc=2, cargv=0xbfbffac0) at exim.c:3264
#8 0x804a51b in _start ()
(gdb)
The $1 in expand_string() call should be the '*'.
Something must be wrong in storing smtp session state, because if one does not
do the AUTH PLAIN part, like in the following transaction, exim does not get
an sigsegv:
EHLO tararam
250-lxnt.inside.caravan.ru Hello localhost [127.0.0.1]
250-SIZE 52428800
250-PIPELINING
250-AUTH LOGIN PLAIN
250 HELP
AUTH LOGIN =
334 UGFzc3dvcmQ6
*
501 Authentication cancelled
Seems like something gets set to something wrong when AUTH PLAIN fails, and
that causes segfault at AUTH LOGIN.
--
./lxnt
