Bug#402665: STARTTLS causes segfault

peterc at gelato.unsw.edu.au peterc at gelato.unsw.edu.au
Tue Dec 12 00:55:31 CET 2006


Package: exim4-daemon-heavy
Version: 4.63-11

When I try to send authenticated email through my server using TLS,
the server crashes.

libgnutls13 version is 1.4.4-3
Reverting to 1.4.2-2 solves the problem.

Feel free to reassign this problem to gnutls13 if the problem's
really there.

Here's an strace:

read(5, "ehlo croc\r\n", 8192)          = 11
alarm(0)                                = 259
rt_sigaction(SIGALRM, {0x806df40, [], 0}, NULL, 8) = 0
rt_sigaction(SIGALRM, {0x80abe30, [], 0}, NULL, 8) = 0
write(3, "250-mx.chubb.wattle.id.au Hello "..., 139) = 139
alarm(300)                              = 0
read(5, "starttls\r\n", 8192)           = 10
alarm(0)                                = 291
rt_sigaction(SIGALRM, {0x806df40, [], 0}, NULL, 8) = 0
brk(0x815b000)                          = 0x815b000
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4
select(5, [4], NULL, NULL, {3, 0})      = 1 (in [4], left {3, 0})
read(4, "\34\254\3101\307\206+m\247\307\223\346\335\255\327\374"..., 120) = 120
select(5, [4], NULL, NULL, {3, 0})      = 1 (in [4], left {3, 0})
read(4, "m\374\2439\223\335\325\367\10\2518\22\377\17\330\235\'"..., 120) = 120
select(5, [4], NULL, NULL, {3, 0})      = 1 (in [4], left {3, 0})
read(4, "fPUwJ\313\23\37U\35#w\23\277{u\34\22\370\243{\217e\24\265"..., 120) = 120
select(5, [4], NULL, NULL, {3, 0})      = 1 (in [4], left {3, 0})
read(4, "4f\n\352\253Y\250m\\K\24\264/\213\252A\2\255\371\341\272"..., 120) = 120
select(5, [4], NULL, NULL, {3, 0})      = 1 (in [4], left {3, 0})
read(4, "ZVH\'\240\336\326\263\245\245\36pVze\3719\344?\223\272"..., 120) = 120
gettimeofday({1165879251, 31140}, NULL) = 0
getrusage(RUSAGE_SELF, {ru_utime={0, 10000}, ru_stime={0, 0}, ...}) = 0
time(NULL)                              = 1165879251
times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 691262857
--- SIGSEGV (Segmentation fault) @ 0 (0) ---


Here's a little of the debug output for that conversation:
Exim version 4.63 uid=0 gid=0 pid=18252 D=fbb95cfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_S
canning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch 
ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=18252
  auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00089001
cwd=/etc/exim4 3 args: exim4 -bd -d
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
18252 LOG: MAIN
18252   IPv6 socket creation failed: Address family not supported by protocol
18252 LOG: MAIN
18252   Failed to create IPv6 socket for wildcard listening (Address family not 
supported by protocol): will use IPv4
18252 listening on all interfaces (IPv4) port 25
18252 pid written to /var/run/exim4/exim.pid
18252 changed uid/gid: running as a daemon
18252   uid=103 gid=103 pid=18252
18252   auxiliary group list: 103
18252 LOG: MAIN
18252   exim 4.63 daemon started: pid=18252, no queue runs, listening for SMTP o
n port 25 (IPv4)
18252 set_process_info: 18252 daemon: no queue runs, listening for SMTP on port 
25 (IPv4)
18252 daemon running with uid=103 gid=103 euid=103 egid=103
18252 Listening...
18252 Connection request from 203.143.174.122 port 46735
18252 search_tidyup called
18255 sender_fullhost = [203.143.174.122]
18255 sender_rcvhost = [203.143.174.122]
18255 Process 18255 is handling incoming connection from [203.143.174.122]
18255 host in host_lookup? yes (matched "*")
18255 looking up host name for 203.143.174.122
18252 1 SMTP accept process running
18252 Listening...
18255 DNS lookup of 122.174.143.203.in-addr.arpa (PTR) succeeded
18255 IP address lookup yielded research-remote.nicta.com.au
18255 gethostbyname2(af=inet6) returned 4 (NO_DATA)
18255 gethostbyname2 looked up these IP addresses:
18255   name=research-remote.nicta.com.au address=203.143.174.122
18255 checking addresses for research-remote.nicta.com.au
18255   203.143.174.122 OK
18255 sender_fullhost = research-remote.nicta.com.au [203.143.174.122]
18255 sender_rcvhost = research-remote.nicta.com.au ([203.143.174.122])
18255 set_process_info: 18255 handling incoming connection from research-remote.
nicta.com.au [203.143.174.122]
18255 host in host_reject_connection? no (option unset)
18255 host in sender_unqualified_hosts? no (option unset)
18255 host in recipient_unqualified_hosts? no (option unset)
18255 host in helo_verify_hosts? no (option unset)
18255 host in helo_try_verify_hosts? no (option unset)
18255 host in helo_accept_junk_hosts? no (option unset)
18255 SMTP>> 220 mx.chubb.wattle.id.au ESMTP Exim 4.63 Tue, 12 Dec 2006 10:39:04 +1100
18255 Process 18255 is ready for new message
18255 smtp_setup_msg entered
18255 SMTP<< ehlo croc
18255 sender_fullhost = research-remote.nicta.com.au (croc) [203.143.174.122]
18255 sender_rcvhost = research-remote.nicta.com.au ([203.143.174.122] helo=croc
)
18255 set_process_info: 18255 handling incoming connection from research-remote.
nicta.com.au (croc) [203.143.174.122]
18255 host in pipelining_advertise_hosts? yes (matched "*")
18255 host in auth_advertise_hosts? yes (matched "*")
18255 host in tls_advertise_hosts? yes (matched "*")
18255 SMTP>> 250-mx.chubb.wattle.id.au Hello research-remote.nicta.com.au [203.1
43.174.122]
18255 250-SIZE 52428800
18255 250-PIPELINING
18255 250-STARTTLS
18255 250 HELP
18255 SMTP<< STARTTLS
18255 initializing GnuTLS as a server
18252 child 18255 ended: status=0xb
18252 0 SMTP accept processes now running
18252 Listening...




More information about the Pkg-exim4-maintainers mailing list