[exim-dev] [Bug 2012] New: Crash at DKIM pdkim_finish_bodyha…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2012] New: Crash at DKIM pdkim_finish_bodyhash
https://bugs.exim.org/show_bug.cgi?id=2012

            Bug ID: 2012
           Summary: Crash at DKIM pdkim_finish_bodyhash
           Product: Exim
           Version: 4.88
          Hardware: x86-64
                OS: FreeBSD
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: zarabotak@???
                CC: exim-dev@???


We have got several exim-4.88 crashes at pdkim_finish_bodyhash function.
Almost all stopped with error:
#0 0x0000000802e42a88 in memcmp () from /lib/libc.so.7
[New Thread 803e1c000 (LWP 102867/<unknown>)]

And backtrace shows:
#0  0x0000000802e42a88 in memcmp () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000000505cb0 in pdkim_finish_bodyhash (ctx=0x803ec59a8) at
pdkim.c:817
        bh = {data = 0x803f26790 "jК╦&\f4\032qd\236\033\r\"z5\231Oй", len = 32}
        sig = (pdkim_signature *) 0x803f258a8
#2  0x0000000000504b72 in pdkim_feed_finish (ctx=0x803ec59a8,
return_signatures=0x74bcc0) at pdkim.c:1327
        sig = (pdkim_signature *) 0x803f258a8
#3  0x000000000046615c in dkim_exim_verify_finish () at dkim.c:147
        sig = (pdkim_signature *) 0x0
        dkim_signers_size = 0
        dkim_signers_ptr = 0
        rc = 0
#4  0x0000000000491584 in receive_msg (extract_recip=0) at receive.c:3272


or

#0  0x0000000802e42a88 in memcmp () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000000505cb0 in pdkim_finish_bodyhash (ctx=0x803ec5670) at
pdkim.c:817
        bh = {data = 0x803ea47c0 "О@ в\205СХх╣╕╫F\213rX╞
pЁ\231Y╛^К═ЭT╢\024\037\225\024", len = 32}
        sig = (pdkim_signature *) 0x803ea38f0
#2  0x0000000000504b72 in pdkim_feed_finish (ctx=0x803ec5670,
return_signatures=0x74bcc0) at pdkim.c:1327
        sig = (pdkim_signature *) 0x803ea38f0
#3  0x000000000046615c in dkim_exim_verify_finish () at dkim.c:147
        sig = (pdkim_signature *) 0x0
        dkim_signers_size = 0
        dkim_signers_ptr = 0
        rc = 0
#4  0x0000000000491584 in receive_msg (extract_recip=0) at receive.c:3272


or

#0  0x0000000802e42a88 in memcmp () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000000505cb0 in pdkim_finish_bodyhash (ctx=0x803ec5818) at
pdkim.c:817
        bh = {data = 0x803e86af0 "", len = 20}
        sig = (pdkim_signature *) 0x803e85930
#2  0x0000000000504b72 in pdkim_feed_finish (ctx=0x803ec5818,
return_signatures=0x74bcc0) at pdkim.c:1327
        sig = (pdkim_signature *) 0x803e85930
#3  0x000000000046615c in dkim_exim_verify_finish () at dkim.c:147
        sig = (pdkim_signature *) 0x0
        dkim_signers_size = 0
        dkim_signers_ptr = 0
        rc = 0
#4  0x0000000000491584 in receive_msg (extract_recip=0) at receive.c:3272



And another one stopped with:
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:100
100             va = (*lp - mask01);
[New Thread 803e1c000 (LWP 106332/<unknown>)]


Backtrace:
#0  strlen (str=0x0) at /usr/src/lib/libc/string/strlen.c:100
        lp = (const long unsigned int *) 0x0
        va = <value optimized out>
        p = <value optimized out>
        vb = <value optimized out>
#1  0x00000000004bbdb4 in string_cat (string=0x0, size=0x7fffffffb944,
ptr=0x7fffffffb940, s=0x0) at string.c:1154
No locals.
#2  0x00000000004bc18c in string_append (string=0x0, size=0x7fffffffb944,
ptr=0x7fffffffb940, count=2) at string.c:1193
        t = (uschar *) 0x0
        ap = 0x7fffffffb800
        i = 0
#3  0x0000000000466790 in dkim_exim_verify_finish () at dkim.c:252
        size = 200
        ptr = 111
        logmsg = (uschar *) 0x803ea4f48 "d=NULL s=NULL c=relaxed/relaxed
a=rsa-sha1 b=0 t=1484057638 l=6269 [invalid - signature tag missing or
invalid]"
        sig = (pdkim_signature *) 0x803ea43c8
        dkim_signers_size = 0
        dkim_signers_ptr = 0
        rc = 0
#4  0x0000000000491584 in receive_msg (extract_recip=0) at receive.c:3272



We can't attach dump here because its size about 4,5M.

--
You are receiving this mail because:
You are on the CC list for the bug.