Bug#831758: exim4 NPD in expand_string, plaintext authentication with OpenBSD password file
Nathan Kennedy
ntk at hcoop.net
Tue Jul 19 05:30:44 UTC 2016
Package: exim4
Version: 4.84.2-1
Severity: normal
Tags: patch
Fixed upstream:
http://git.exim.org/exim.git/commit/9dc2b215e83a63efa242f6acd3ab7af8b608e5a1
Fix is in 4.87 and stretch. Broken in jessie. Patch attached.
Using plaintext password file generated with OpenBSD htpasswd (bcrypt),
exim crashes with a NPD on every authentication.
Stack trace:
#0 __strcmp_sse2_unaligned ()
at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:29
#1 * in eval_condition (s=0x7ff5b53a4948 "{1}{0}}",
resetok=0x7ffe1b7a3eb4, yield=0x7ffe1b7a4000) at expand.c:2737
#2 * in expand_string_internal (
string=0x7ff5b53a48e8 "${if
crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}
skipping=0, honour_dollar=1, resetok_p=0x0) at expand.c:3993
#3 * in expand_string (
string=0x7ff5b53a48e8 "${if
crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}
#4 * in auth_check_some_cond (ablock=0x7ff5b53a4830,
label=0x7ff5b33ae6ff "server_condition",
condition=0x7ff5b53a48e8 "${if
crypteq{$auth3}{${extract{1}{:}{${lookup{$aut
at check_serv_cond.c:88
#5 * in auth_check_serv_cond (ablock=0x7ff5b53a4830)
at check_serv_cond.c:35
#6 * in auth_plaintext_server (ablock=0x7ff5b53a4830,
data=0x7ff5b53ae317 "*") at plaintext.c:144
#7 * in smtp_setup_msg () at smtp_in.c:3263
#8 * in handle_smtp_call (listen_sockets=0x7ff5b53a7368,
listen_socket_count=4, accept_socket=8, accepted=0x7ffe1b7a55c0)
at daemon.c:511
#9 * in daemon_go () at daemon.c:2032
#10 * in main (argc=3, cargv=0x7ffe1b7e5d98) at exim.c:4690
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exim-npd.patch
Type: text/x-patch
Size: 1065 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20160719/07f1f945/attachment.bin>
More information about the Pkg-exim4-maintainers
mailing list