Bug#831758: exim4 NPD in expand_string, plaintext authentication with OpenBSD password file

Nathan Kennedy ntk at hcoop.net
Tue Jul 19 05:30:44 UTC 2016

Package: exim4
Version: 4.84.2-1
Severity: normal
Tags: patch

Fixed upstream: 

Fix is in 4.87 and stretch. Broken in jessie. Patch attached.

Using plaintext password file generated with OpenBSD htpasswd (bcrypt), 
exim crashes with a NPD on every authentication.

Stack trace:
#0  __strcmp_sse2_unaligned ()
     at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:29
#1  * in eval_condition (s=0x7ff5b53a4948 "{1}{0}}",
     resetok=0x7ffe1b7a3eb4, yield=0x7ffe1b7a4000) at expand.c:2737
#2  * in expand_string_internal (
     string=0x7ff5b53a48e8 "${if 
     skipping=0, honour_dollar=1, resetok_p=0x0) at expand.c:3993
#3  * in expand_string (
     string=0x7ff5b53a48e8 "${if 
#4  * in auth_check_some_cond (ablock=0x7ff5b53a4830,
     label=0x7ff5b33ae6ff "server_condition",
     condition=0x7ff5b53a48e8 "${if 
     at check_serv_cond.c:88
#5  * in auth_check_serv_cond (ablock=0x7ff5b53a4830)
     at check_serv_cond.c:35
#6  * in auth_plaintext_server (ablock=0x7ff5b53a4830,
     data=0x7ff5b53ae317 "*") at plaintext.c:144
#7  * in smtp_setup_msg () at smtp_in.c:3263
#8  * in handle_smtp_call (listen_sockets=0x7ff5b53a7368,
     listen_socket_count=4, accept_socket=8, accepted=0x7ffe1b7a55c0)
     at daemon.c:511
#9  * in daemon_go () at daemon.c:2032
#10 * in main (argc=3, cargv=0x7ffe1b7e5d98) at exim.c:4690

-------------- next part --------------
A non-text attachment was scrubbed...
Name: exim-npd.patch
Type: text/x-patch
Size: 1065 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20160719/07f1f945/attachment.bin>

More information about the Pkg-exim4-maintainers mailing list