On 08/09/2021 07:58, Evgeniy Berdnikov via Exim-users wrote:
> OK. Exim was recompiled with MISSING_POSIX_MEMALIGN.
> Segfaults are still here. I see no significant difference with old dumps.
Good to know.
> Fault happens on sender verify callout, in rcpt or pre-data ACLs.
> Here is the recent example, callout from acl_check_rcpt:
>
> Reading symbols from /usr/sbin/exim4...
> [New LWP 1352271]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
> Core was generated by `/usr/sbin/exim4 -bd -q1m'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0xf7238b0d in _gnutls_trust_list_get_issuer (list=0x58441780,
> cert=0x59027530, issuer=0xffbec6a8, flags=0)
> at ../../../lib/x509/verify-high.c:1026
Looking at a current GnuTLS tree, hopefully not too different to
that used for your library version:
1012 int _gnutls_trust_list_get_issuer(gnutls_x509_trust_list_t list,
1013 gnutls_x509_crt_t cert,
1014 gnutls_x509_crt_t * issuer,
1015 unsigned int flags)
1016 {
1017 int ret;
1018 unsigned int i;
1019 size_t hash;
1020
1021 hash =
1022 hash_pjw_bare(cert->raw_issuer_dn.data,
1023 cert->raw_issuer_dn.size);
1024 hash %= list->size;
1025
1026 for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
1027 ret =
1028 gnutls_x509_crt_check_issuer(cert,
1029 list->node[hash].
1030 trusted_cas[i]);
... I'd say this is likely a problem internal to GnuTLS, not directly
down to something exim passed it. You should involve the GnuTLS maintainers
at this point (but please keep me in the loop).
One item which would be useful to know: what "trust list" might have been
involved during this callout. The transport tls_verify_certificates option
controls this.
--
Cheers,
Jeremy
