[exim-dev] [Bug 2250] Peculiarity with SMTP delivery in Exim…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2250] Peculiarity with SMTP delivery in Exim 4.90.1
https://bugs.exim.org/show_bug.cgi?id=2250

--- Comment #13 from David Carter <dpc22@???> ---
(In reply to David Carter from comment #12)

> I am currently running ae06ddc47aa43bb5e2dcbe2643e41649d1947a9d (latest
> available commit from origin/exim-4_90+fixes), and that still has the
> problem.
>
> I am now trying the same version with:
>
> DISABLE_DKIM=yes
>
> to see if that helps.


We have been running this way for three hours now, and the problem has gone
away.

So it looks like the problem is somewhere in the DKIM code.

I guess that I shouldn't be surprised: I have reported half a dozen separate
crash problems and memory management issues against Exim 4.88, 4.89 and 4.90
over the last two years, and they have all been in the DKIM code.

At face value it looks like something in that code is running:

*((char *)s) = '\0';

for some bad value of s. However I would expect that to run after the DATA
phase of the SMTP conversation. Unfortunately that suggests a rather more
unpleasant memory management issue. Those are always fun to debug...

Suggestions?

It wouldn't be hard to generate a core dump of one of these broken processes,
but I'm not convinced that the back trace will tell us anything useful.

If we need to bisect with DKIM enabled then I am going to have to work around
the following bug which causes email loss:

> This is an important prerequisite to bisection because of:
>
> commit e5fc5d4ba779be4c57bd08ad2da70b6e1a85a549
> Author: Jeremy Harris <jgh146exb@???>
> Date: Wed Feb 7 23:09:55 2018 +0000
>
>     DKIM: fix buffer overflow in verify

>
>     Caused crash in free() by corrupting malloc metadata.

>
>     Reported-by: University of Cambridge
>     Broken-by: 80a47a2c96


That patch doesn't apply cleanly to "80a47a2c96". It looks like quite a long
has changed since then, so I'm going to need some help applying the same fix to
intermediate versions.

--
You are receiving this mail because:
You are on the CC list for the bug.