Re: [exim] Exim 4.95-RC2 released

Top Pagina
Delete this message
Reply to this message
Auteur: Jeremy Harris
Datum:  
Aan: exim-users
Nieuwe Onderwerpen: [exim] Segfaults with 4.95 (Re: Exim 4.95-RC2 released)
Onderwerp: Re: [exim] Exim 4.95-RC2 released
On 08/09/2021 07:58, Evgeniy Berdnikov via Exim-users wrote:
> OK. Exim was recompiled with MISSING_POSIX_MEMALIGN.
> Segfaults are still here. I see no significant difference with old dumps.


Good to know.

> Fault happens on sender verify callout, in rcpt or pre-data ACLs.
> Here is the recent example, callout from acl_check_rcpt:
>
> Reading symbols from /usr/sbin/exim4...
> [New LWP 1352271]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
> Core was generated by `/usr/sbin/exim4 -bd -q1m'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0xf7238b0d in _gnutls_trust_list_get_issuer (list=0x58441780,
>      cert=0x59027530, issuer=0xffbec6a8, flags=0)
>      at ../../../lib/x509/verify-high.c:1026


Looking at a current GnuTLS tree, hopefully not too different to
that used for your library version:

    1012 int _gnutls_trust_list_get_issuer(gnutls_x509_trust_list_t list,
    1013                                   gnutls_x509_crt_t cert,
    1014                                   gnutls_x509_crt_t * issuer,
    1015                                   unsigned int flags)
    1016 {
    1017         int ret;
    1018         unsigned int i;
    1019         size_t hash;
    1020
    1021         hash =
    1022             hash_pjw_bare(cert->raw_issuer_dn.data,
    1023                           cert->raw_issuer_dn.size);
    1024         hash %= list->size;
    1025
    1026         for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
    1027                 ret =
    1028                     gnutls_x509_crt_check_issuer(cert,
    1029                                                  list->node[hash].
    1030                                                  trusted_cas[i]);


... I'd say this is likely a problem internal to GnuTLS, not directly
down to something exim passed it. You should involve the GnuTLS maintainers
at this point (but please keep me in the loop).


One item which would be useful to know: what "trust list" might have been
involved during this callout. The transport tls_verify_certificates option
controls this.

--
Cheers,
Jeremy