[exim-dev] [Bug 2498] New: SIGSEGV with ARC expanding $authr…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2498] New: SIGSEGV with ARC expanding $authresults
https://bugs.exim.org/show_bug.cgi?id=2498

            Bug ID: 2498
           Summary: SIGSEGV with ARC expanding $authresults
           Product: Exim
           Version: 4.92
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb@???
          Reporter: wbreyha@???
                CC: exim-dev@???


this is for exim-4.93+localfixes. The fixes contain everything available on git
up to the fix for #2492 (retry taint).

My data ACL contains:
  warn    dmarc_status = *
          log_message  = DMARC DEBUG: status: $dmarc_status domain:
$dmarc_used_domain text: $dmarc_status_text


  warn    verify       = arc/none:fail:pass
          log_message  = _ARC_DEBUG: status: $arc_state reason:
$arc_state_reason


  warn    add_header   = :at_start:${authresults {univie.ac.at}}


The crash accours at the add_header ACL...

(gdb) bt
#0  0x00000034390899a3 in memcpy () from /lib64/libc.so.6
#1  0x00000000004b6649 in string_catn (g=0x143fc48, s=0x1338200 "\371\f\367]",
count=19721488) at string.c:1141
#2  0x00000000004dc129 in authres_arc (g=0x143fc48) at arc.c:1857
#3  0x0000000000454dba in expand_string_internal (string=0x10c8940
":at_start:${authresults {univie.ac.at}}", ket_ends=0, left=0x0, 
    skipping=0, honour_dollar=1, resetok_p=0x0) at expand.c:4400
#4  0x000000000045df9c in expand_cstring (string=0x10c8940
":at_start:${authresults {univie.ac.at}}") at expand.c:8051
#5  0x000000000045dfcd in expand_string (string=0x10c8940
":at_start:${authresults {univie.ac.at}}") at expand.c:8062
#6  0x0000000000421ec8 in acl_check_condition (verb=6, cb=0x10c8920, where=5,
addr=0x0, level=0, epp=0x7ffd18b386ec, 
    user_msgptr=0x7ffd18b38af0, log_msgptr=0x7ffd18b38ae8,
basic_errno=0x7ffd18b386f0) at acl.c:2895
#7  0x000000000042499e in acl_check_internal (where=5, addr=0x0, s=0x10bdb80
"acl_check_data", user_msgptr=0x7ffd18b38af0, 
    log_msgptr=0x7ffd18b38ae8) at acl.c:4079
#8  0x0000000000425530 in acl_check (where=5, recipient=0x0, s=0x10bdb80
"acl_check_data", user_msgptr=0x7ffd18b38af0, 
    log_msgptr=0x7ffd18b38ae8) at acl.c:4393
#9  0x0000000000491432 in receive_msg (extract_recip=0) at receive.c:3580
#10 0x0000000000427f49 in handle_smtp_call (listen_sockets=0x10d28e0,
listen_socket_count=2, accept_socket=5, accepted=0x7ffd18b391f0)
    at daemon.c:505
#11 0x000000000042b4a6 in daemon_go () at daemon.c:2079
#12 0x000000000044baca in main (argc=5, cargv=0x7ffd18b79d58) at exim.c:4715


The ARC results seem broken:
(gdb) frame 2
#2  0x00000000004dc129 in authres_arc (g=0x143fc48) at arc.c:1857
1857        g = string_catn(g, highest_ams->s.data, highest_ams->s.len);
(gdb) p highest_ams->s.data
$1 = (uschar *) 0x1338200 "\371\f\367]"
(gdb) p highest_ams->s.len
$3 = 19721488


My log shows at least some vital information regarding DKIM/DMARC and even ARC:
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N H=ironport01.boku.ac.at
(ironport01.boku.ac.at) [141.244.180.60] Warning: DKIM:
header.d=facebookmail.com result:pass
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N DMARC results:
spf_domain=forward.boku.ac.at dmarc_domain=facebookmail.com spf_align=no
dkim_align=yes enforcement='Accept'
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N H=ironport01.boku.ac.at
(ironport01.boku.ac.at) [141.244.180.60] Warning: DMARC DEBUG: status: accept
domain: facebookmail.com text: Accept
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N H=ironport01.boku.ac.at
(ironport01.boku.ac.at) [141.244.180.60] Warning: _ARC_DEBUG: status: none
reason:

But only the mailbody (-D) is left in the input queue.

--
You are receiving this mail because:
You are on the CC list for the bug.