https://bugs.exim.org/show_bug.cgi?id=2498
Bug ID: 2498
Summary: SIGSEGV with ARC expanding $authresults
Product: Exim
Version: 4.92
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: jgh146exb@???
Reporter: wbreyha@???
CC: exim-dev@???
this is for exim-4.93+localfixes. The fixes contain everything available on git
up to the fix for #2492 (retry taint).
My data ACL contains:
warn dmarc_status = *
log_message = DMARC DEBUG: status: $dmarc_status domain:
$dmarc_used_domain text: $dmarc_status_text
warn verify = arc/none:fail:pass
log_message = _ARC_DEBUG: status: $arc_state reason:
$arc_state_reason
warn add_header = :at_start:${authresults {univie.ac.at}}
The crash accours at the add_header ACL...
(gdb) bt
#0 0x00000034390899a3 in memcpy () from /lib64/libc.so.6
#1 0x00000000004b6649 in string_catn (g=0x143fc48, s=0x1338200 "\371\f\367]",
count=19721488) at string.c:1141
#2 0x00000000004dc129 in authres_arc (g=0x143fc48) at arc.c:1857
#3 0x0000000000454dba in expand_string_internal (string=0x10c8940
":at_start:${authresults {univie.ac.at}}", ket_ends=0, left=0x0,
skipping=0, honour_dollar=1, resetok_p=0x0) at expand.c:4400
#4 0x000000000045df9c in expand_cstring (string=0x10c8940
":at_start:${authresults {univie.ac.at}}") at expand.c:8051
#5 0x000000000045dfcd in expand_string (string=0x10c8940
":at_start:${authresults {univie.ac.at}}") at expand.c:8062
#6 0x0000000000421ec8 in acl_check_condition (verb=6, cb=0x10c8920, where=5,
addr=0x0, level=0, epp=0x7ffd18b386ec,
user_msgptr=0x7ffd18b38af0, log_msgptr=0x7ffd18b38ae8,
basic_errno=0x7ffd18b386f0) at acl.c:2895
#7 0x000000000042499e in acl_check_internal (where=5, addr=0x0, s=0x10bdb80
"acl_check_data", user_msgptr=0x7ffd18b38af0,
log_msgptr=0x7ffd18b38ae8) at acl.c:4079
#8 0x0000000000425530 in acl_check (where=5, recipient=0x0, s=0x10bdb80
"acl_check_data", user_msgptr=0x7ffd18b38af0,
log_msgptr=0x7ffd18b38ae8) at acl.c:4393
#9 0x0000000000491432 in receive_msg (extract_recip=0) at receive.c:3580
#10 0x0000000000427f49 in handle_smtp_call (listen_sockets=0x10d28e0,
listen_socket_count=2, accept_socket=5, accepted=0x7ffd18b391f0)
at daemon.c:505
#11 0x000000000042b4a6 in daemon_go () at daemon.c:2079
#12 0x000000000044baca in main (argc=5, cargv=0x7ffd18b79d58) at exim.c:4715
The ARC results seem broken:
(gdb) frame 2
#2 0x00000000004dc129 in authres_arc (g=0x143fc48) at arc.c:1857
1857 g = string_catn(g, highest_ams->s.data, highest_ams->s.len);
(gdb) p highest_ams->s.data
$1 = (uschar *) 0x1338200 "\371\f\367]"
(gdb) p highest_ams->s.len
$3 = 19721488
My log shows at least some vital information regarding DKIM/DMARC and even ARC:
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N H=ironport01.boku.ac.at
(ironport01.boku.ac.at) [141.244.180.60] Warning: DKIM:
header.d=facebookmail.com result:pass
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N DMARC results:
spf_domain=forward.boku.ac.at dmarc_domain=facebookmail.com spf_align=no
dkim_align=yes enforcement='Accept'
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N H=ironport01.boku.ac.at
(ironport01.boku.ac.at) [141.244.180.60] Warning: DMARC DEBUG: status: accept
domain: facebookmail.com text: Accept
Dec 16 05:50:01 ray exim[30374]: 1igiKX-0007tu-2N H=ironport01.boku.ac.at
(ironport01.boku.ac.at) [141.244.180.60] Warning: _ARC_DEBUG: status: none
reason:
But only the mailbody (-D) is left in the input queue.
--
You are receiving this mail because:
You are on the CC list for the bug.
