[exim-dev] [Bug 2217] New: DKIM segfaults on arbitrary signa…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2217] New: DKIM segfaults on arbitrary signature parameters
https://bugs.exim.org/show_bug.cgi?id=2217

            Bug ID: 2217
           Summary: DKIM segfaults on arbitrary signature parameters
           Product: Exim
           Version: 4.90
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: wbreyha@???
                CC: exim-dev@???


I found some rare segfaults on my hosts all pointing to:
(gdb) frame 1
#1  0x00000000004ed87a in pdkim_parse_sig_header (ctx=0x27f4488, 
    raw_hdr=0x28daac0 "DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=baglis.tv; s=mail;\r\n\tt=1514010263; atpsh=sha256;
atps=baglis.tv;\r\n\tbh=OrfRKuYuAXzXpMvHY9OXRnpNG8FI/5spnIckHRi0yJI=;\r\n\th=Date:To:From:Reply-To:Subj"...)
at pdkim.c:520
520              if (Ustrcmp(s, pdkim_hashes[i].dkim_hashname) == 0)
(gdb) p s
$1 = (uschar *) 0x1 <Address 0x1 out of bounds>
(gdb) p pdkim_hashes[i].dkim_hashname
$2 = (const uschar *) 0x529f17 "sha1"


For me this looks like it fails on parsing
atpsh=sha256
and
atps=baglis.tv
which all coredumps show.

...
(gdb) p *cur_tag
$4 = {size = 129, ptr = 5, s = 0x28db7c0 "atpsh"}

--
You are receiving this mail because:
You are on the CC list for the bug.