On Tue, Sep 07, 2021 at 03:32:02PM +0100, Jeremy Harris via Exim-users wrote:
> Another test you could try is a build with
> #define MISSING_POSIX_MEMALIGN
> in OS/os.h-Linux.
> If that still coredumps in the same place, it's not a "write
> to readonly data" trap; so more likely a null pointer.
OK. Exim was recompiled with MISSING_POSIX_MEMALIGN.
Segfaults are still here. I see no significant difference with old dumps.
Fault happens on sender verify callout, in rcpt or pre-data ACLs.
Here is the recent example, callout from acl_check_rcpt:
Reading symbols from /usr/sbin/exim4...
[New LWP 1352271]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/exim4 -bd -q1m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0xf7238b0d in _gnutls_trust_list_get_issuer (list=0x58441780,
cert=0x59027530, issuer=0xffbec6a8, flags=0)
at ../../../lib/x509/verify-high.c:1026
#0 0xf7238b0d in _gnutls_trust_list_get_issuer (list=0x58441780,
cert=0x59027530, issuer=0xffbec6a8, flags=0)
at ../../../lib/x509/verify-high.c:1026
ret = <optimized out>
i = 0
hash = 1408224284
#1 0xf7238be6 in gnutls_x509_trust_list_get_issuer (list=0x58441780,
cert=0x59027530, issuer=0xffbec6a8, flags=0)
at ../../../lib/x509/verify-high.c:1128
ret = <optimized out>
__func__ = "gnutls_x509_trust_list_get_issuer"
#2 0xf7239613 in gnutls_x509_trust_list_verify_crt2 (list=0x58441780,
cert_list=0xffbec6bc, cert_list_size=<optimized out>, data=0x0,
elements=0, flags=33554432, voutput=0xffbec970, func=0x0)
at ../../../lib/x509/verify-high.c:1521
sorted_size = <optimized out>
j = <optimized out>
issuer = 0xffbec704
ret = <optimized out>
i = <optimized out>
hash = <optimized out>
sorted = {0x59025230, 0x59027530, 0x5, 0x8c, 0xf73ffe7c <calloc+140>,
0xffbec810, 0xf72022f6 <_gnutls_x509_crt_get_extension+6>,
0xf7375f0c, 0x4946dc00, 0x59027530, 0xf72a922d, 0xf73fb8fb,
0xf7375f0c, 0xf65428ec, 0x58da0540, 0x59027530}
retrieved = {0xf71ebedf <rpl_free+63>, 0x585c0830, 0x0,
0xf7579885 <__errno_location+5>, 0xf71ebec1 <rpl_free+33>,
0xf65428ec, 0x0, 0x0, 0x4946dc00, 0xf71ebea7 <rpl_free+7>,
0xf7375f0c, 0x0,
0xf71c3f4c <_gnutls_ocsp_verify_mandatory_stapling+156>, 0x585c0830,
0x585c0830, 0x0}
retrieved_size = 0
hostname = <optimized out>
purpose = <optimized out>
email = <optimized out>
hostname_size = <optimized out>
have_set_name = <optimized out>
saved_output = <optimized out>
ip = {data = <optimized out>, size = <optimized out>}
cert_set = {node = <optimized out>, size = <optimized out>}
__func__ = "gnutls_x509_trust_list_verify_crt2"
__PRETTY_FUNCTION__ = "gnutls_x509_trust_list_verify_crt2"
#3 0xf71c4647 in _gnutls_x509_cert_verify_peers (session=0x58da0540,
data=0x0, elements=0, status=0xffbec970) at ../../lib/cert-session.c:597
info = <optimized out>
cred = 0x58441620
peer_certificate_list = 0x5840d9c0
resp = {data = 0x58d9fde0 "0\202\001\323\n\001", size = 471}
peer_certificate_list_size = <optimized out>
i = <optimized out>
x = <optimized out>
ret = <optimized out>
cand_issuers = <optimized out>
cand_issuers_size = <optimized out>
ocsp_status = 0
verify_flags = <optimized out>
__func__ = "_gnutls_x509_cert_verify_peers"
#4 0xf71c4f3f in gnutls_certificate_verify_peers (session=0x58da0540,
data=0x0, elements=0, status=0xffbec970) at ../../lib/cert-session.c:776
info = <optimized out>
__func__ = "gnutls_certificate_verify_peers"
#5 0xf71c4fd0 in gnutls_certificate_verify_peers2 (session=0x58da0540,
status=0xffbec970) at ../../lib/cert-session.c:653
No locals.
#6 0x566f288b in verify_certificate (state=<optimized out>, errstr=0xffbeca80)
at tls-gnu.c:2518
rc = <optimized out>
verify = 1480842840
__FUNCTION__ = "verify_certificate"
#7 0x566f4b1b in tls_client_start (cctx=0x5900d248, conn_args=0x58ffd1ec,
cookie=0x58d9e69c, tlsp=0x567d1ee0 <tls_out>, errstr=0xffbeca80)
at tls-gnu.c:3591
host = 0x584f4934
tb = <optimized out>
ob = 0x5843dd6c
rc = 0
state = 0x5843efac
cipher_list = <optimized out>
require_ocsp = 0
request_ocsp = 1
__FUNCTION__ = "tls_client_start"
#8 0x567265b6 in smtp_setup_conn (sx=<optimized out>,
suppress_tls=<optimized out>) at smtp.c:2673
buffer2 = "220 2.0.0 SMTP server ready\000\360˾\377;\260>\367\354ʾ\377.\267tV\360˾\377\006\000\000\000\354ʾ\377\250GOX\027\000\000\000\250GOXprotecti.\267tV\250GOXok\003com\000V\000\000\000\000\001\200\255\373\250GOX\250GOX\250GOX\250GOX\265GOX\277GOX\250GOX\277GOX", '\000' <repeats 20 times>, "\324\031}V\000\000\000\000\330\031}V\000\000\000\377\000\000\000\000(\023xV\001\000CM\374EOX\377\377\377\377", '\000' <repeats 12 times>, "\377\377\377\377"...
ob = <optimized out>
pass_message = 0
message = 0x0
yield = 0
tls_errstr = 0x0
__FUNCTION__ = "smtp_setup_conn"
#9 0x56700d46 in do_callout (pm_mailfrom=<optimized out>,
se_mailfrom=<optimized out>, options=<optimized out>,
callout_connect=<optimized out>, callout_overall=<optimized out>,
callout=<optimized out>, tf=0xffbedde0, host_list=<optimized out>,
addr=<optimized out>) at verify.c:677
host_af = <optimized out>
port = 25
interface = 0x0
host = <optimized out>
...
--
Eugene Berdnikov
