https://bugs.exim.org/show_bug.cgi?id=2029
Bug ID: 2029
Summary: DKIM verification segfaults on some mails
Product: Exim
Version: 4.88
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: DKIM
Assignee: tom@???
Reporter: lists@???
CC: exim-dev@???
After upgrade to 4.88 (currently exim4-daemon-heavy 4.88-4~bpo8+1) my (rather
busy) exim segfaults regulary:
2017-01-27T16:09:49.417301+01:00 XXX kernel: [100741.693490] exim4[29489]:
segfault at 0 ip 00007fdd68549062 sp 00007fffa7930048 error 4 in
libc-2.19.so[7fdd684c4000+1a1000]
2017-01-27T16:10:51.565272+01:00 XXX kernel: [100803.840310] exim4[29636]:
segfault at 0 ip 00007fdd68549062 sp 00007fffa7930048 error 4 in
libc-2.19.so[7fdd684c4000+1a1000]
2017-01-27T16:10:59.497227+01:00 XXX kernel: [100811.775673] exim4[29652]:
segfault at 0 ip 00007fdd68549062 sp 00007fffa7930048 error 4 in
libc-2.19.so[7fdd684c4000+1a1000]
After writing a core dump I get the following trace:
(gdb) bt full
#0 __memcmp_sse2 () at ../sysdeps/x86_64/multiarch/../memcmp.S:57
No locals.
#1 0x00007f8762403ba6 in pdkim_finish_bodyhash (ctx=0x7f87632bf318,
ctx=0x7f87632bf318) at pdkim.c:814
bh = {data = 0x7f87632ca240
"\315\035\322/\311\315J\177\026\340{\235\277\205\301i\217]`\245",
len = 20}
sig = 0x7f87632c9740
#2 pdkim_feed_finish (ctx=0x7f87632bf318,
return_signatures=return_signatures@entry=0x7f8762654988 <dkim_signatures>)
at pdkim.c:1392
sig = 0x7f87632c9740
#3 0x00007f876238473e in dkim_exim_verify_finish () at dkim.c:147
sig = 0x0
dkim_signers_size = 0
dkim_signers_ptr = 0
rc = <optimized out>
#4 0x00007f87623a6143 in receive_msg (extract_recip=1663869504) at
receive.c:3272
start = 32767
end = -1615224000
domain = 32767
size = 32647
sptr = 1663774896
smtp_yield = 1
yield = 1650802968
blackholed_by = 0x0
blackhole_log_msg = 0x7f8762434988 ""
cutthrough_done = 1650801860
lock_data = {l_type = 1, l_whence = 0, l_start = 0, l_len = 19, l_pid =
3}
bad_addresses = 0x0
errmsg = 0xf00000001 <error: Cannot access memory at address
0xf00000001>
statbuf = {st_dev = 64768, st_ino = 54133, st_nlink = 1, st_mode =
33184, st_uid = 105,
st_gid = 110, __pad0 = 0, st_rdev = 0, st_size = 18262, st_blksize =
4096, st_blocks = 40,
st_atim = {tv_sec = 1485528559, tv_nsec = 364323956}, st_mtim =
{tv_sec = 1485528559,
tv_nsec = 920346191}, st_ctim = {tv_sec = 1485528559, tv_nsec =
920346191}, __glibc_reserved = {
0, 0, 0}}
smtp_reply = 0x0
user_msg = 0x0
log_msg = 0x7f87632b2fad ""
next = 0x7f8762434988
timestamp = 0x7f8762653cc4 <smtp_input> "\001"
As far as I can see the error is in
if (memcmp(bh.data, sig->bodyhash.data, bh.len) == 0)
with
(gdb) p bh.data
$16 = (uschar *) 0x7f87632ca240
"\315\035\322/\311\315J\177\026\340{\235\277\205\301i\217]`\245"
(gdb) p sig->bodyhash.data
$17 = (uschar *) 0x0
(gdb) p bh.len
$18 = 20
As a quick fix I disabled DKIM via dkim_disable_verify and saw no segfaults
since.
This problem seems to be related to some malformed spam â in most cases DKIM
used to work fine.
--
You are receiving this mail because:
You are on the CC list for the bug.