[exim-dev] [Bug 1708] Segfault on lsearch lookup

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1708] Segfault on lsearch lookup
https://bugs.exim.org/show_bug.cgi?id=1708

--- Comment #6 from Sylvain LÉVÊQUE <sylvain.leveque+bugreport@???> ---
> /tmp/exim.conf:
> begin rewrite
> *@foo.bar
> "${lookup{${local_part}}lsearch{/tmp/email-addresses}{$value}fail}" Ffrs
> *@foo.bar
> "${lookup{${local_part}}lsearch{/tmp/email-addresses}{$value}fail}" Ffrs
>
> /tmp/email-addresses:
> root: hans@???
>
> and then crash it with exim -C /tmp/exim.conf -brw root@???


I can shorten the proposed exim.conf and still have the crash:

# cat /tmp/email-addresses
root: hans@???

# cat /tmp/exim.conf
begin rewrite
*@foo.bar "${lookup{${local_part}}lsearch{/tmp/email-addresses}{$value}fail}"
Ffrs

# exim -C /tmp/exim.conf -d+rewrite+expand -brw root@???
Exim version 4.86 uid=0 gid=0 pid=17617 D=fbb95dfd
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC PRDR
OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [5.2.1 20151003]
Library version: GnuTLS: Compile: 3.3.18
                         Runtime: 3.3.18
Library version: PCRE: Compile: 8.35
                       Runtime: 8.35 2014-04-04
Total 13 lookups
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=17617
  auxiliary group list: <none>
changed uid/gid: calling tls_validate_require_cipher
  uid=102 gid=104 pid=17618
  auxiliary group list: <none>
tls_validate_require_cipher child 17618 ended: status=0x0
configuration file is /tmp/exim.conf
log selectors = 00000ffc 00332001
cwd=/home/sleveque 6 args: exim -C /tmp/exim.conf -d+rewrite+expand -brw
root@???
trusted user
admin user
changed uid/gid: privilege not needed
  uid=102 gid=104 pid=17617
  auxiliary group list: 104
originator: uid=0 gid=0 login=root name="Admin donkeykong.gromi.net"
address match test: subject=root@??? pattern=*@foo.bar
foo.bar in "foo.bar"? yes (matched "foo.bar")
root@??? in "*@foo.bar"? yes (matched "*@foo.bar")
expanding: ${local_part}
   result: root
expanding: /tmp/email-addresses
   result: /tmp/email-addresses
search_open: lsearch "/tmp/email-addresses"
search_find: file="/tmp/email-addresses"
  key="root" partial=-1 affix=NULL starflags=0
LRU list:
  7/tmp/email-addresses
  End
internal_search_find: file="/tmp/email-addresses"
  type=lsearch key="root"
file lookup required for root
  in /tmp/email-addresses
lookup yielded: hans@???
expanding: $value
   result: hans@???
expanding: ${lookup{${local_part}}lsearch{/tmp/email-addresses}{$value}fail}
   result: hans@???
LOG: address_rewrite MAIN
  "root@???" from sender: rewritten as "hans@???" by rule 1
  sender: hans@???
address match test: subject=root@??? pattern=*@foo.bar
foo.bar in "foo.bar"? yes (matched "foo.bar")
root@??? in "*@foo.bar"? yes (matched "*@foo.bar")
expanding: ${local_part}
   result: root
expanding: /tmp/email-addresses
   result: /tmp/email-addresses
search_open: lsearch "/tmp/email-addresses"
  cached open
search_find: file="/tmp/email-addresses"
  key="root" partial=-1 affix=NULL starflags=0
LRU list:
  7/tmp/email-addresses
  End
internal_search_find: file="/tmp/email-addresses"
  type=lsearch key="root"
cached data used for lookup of root
  in /tmp/email-addresses
Segmentation fault


--
Sylvain

--
You are receiving this mail because:
You are on the CC list for the bug.