Bug#812585: exim4: Exim crashing when comparing password created with "htpaswwd" without "-d" -- segmentation fault.

Leszek Dubiel leszek.dubiel at dubielvitrum.pl
Mon Jan 25 10:35:15 UTC 2016 

Package: exim4
Version: 4.84-8+deb8u2
Severity: important
Tags: upstream

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

Here's the script to reproduce error: 

	#!/bin/bash 

	exec 2>&1

	printf '' >/tmp/mypassfile
	echo "fooboo" | htpasswd -d -i /tmp/mypassfile john1 
	echo "fooboo" | htpasswd    -i /tmp/mypassfile john2
	echo "xxxyyy" | htpasswd -d -i /tmp/mypassfile john3
	echo "xxxyyy" | htpasswd    -i /tmp/mypassfile john4
	cat /tmp/mypassfile
	printf "\n\n"

	for u in john1 john2 john3 john4; do 
		for p in fooboo xxxyyy; do 
			echo "user=$u, pass=$p"
					     exim -be '${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}'
			exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'
			echo
		done
	done 

and heres my output: 

	Adding password for user john1
	Adding password for user john2
	Adding password for user john3
	Adding password for user john4
	john1:Wob0SnzzkZiR6
	john2:$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
	john3:Bvn4WIUEUqpK6
	john4:$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1


	user=john1, pass=fooboo
	Wob0SnzzkZiR6
	ok and suceed

	user=john1, pass=xxxyyy
	Wob0SnzzkZiR6
	ok but failed

	user=john2, pass=fooboo
	$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28257 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'

	user=john2, pass=xxxyyy
	$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28261 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'

	user=john3, pass=fooboo
	Bvn4WIUEUqpK6
	ok but failed

	user=john3, pass=xxxyyy
	Bvn4WIUEUqpK6
	ok and suceed

	user=john4, pass=fooboo
	$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28273 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'

	user=john4, pass=xxxyyy
	$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28279 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'




*** End of the template - remove these template lines ***


-- Package-specific info:
Exim version 4.84 #3 built 15-Dec-2015 04:18:37
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='smarthost'
dc_other_hostnames='dubielvitrum.pl'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.18.0/24'
dc_smarthost='mail.dubielvitrum.pl'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:dubielvitrum.pl

-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  exim4-base             4.84-8+deb8u2
ii  exim4-daemon-light     4.84-8+deb8u2

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

More information about the Pkg-exim4-maintainers mailing list