Gordon Messmer writes:
Sam, I was just looking at my logs and noticed this on a host using gnutls:Dec 23 13:03:46 ascension courieresmtpd: *** glibc detected *** couriertls: free(): invalid pointer: 0x00002ae17a930074 *** Dec 23 13:03:46 ascension courieresmtpd: ======= Backtrace: ========= Dec 23 13:03:46 ascension courieresmtpd: /lib64/libc.so.6[0x3384271834] Dec 23 13:03:46 ascension courieresmtpd: /lib64/libc.so.6(cfree+0x8c)[0x3384274e7c] Dec 23 13:03:46 ascension courieresmtpd: /usr/lib64/libgnutls.so.13[0x3388662aa6] Dec 23 13:03:46 ascension courieresmtpd: /usr/lib64/libgnutls.so.13[0x3388664646] Dec 23 13:03:46 ascension courieresmtpd: /usr/lib64/libgnutls.so.13(gnutls_x509_crt_deinit+0x14)[0x3388649144] Dec 23 13:03:46 ascension courieresmtpd: /usr/lib64/libgnutls.so.13(gnutls_certificate_free_cas+0x24)[0x3388631714] Dec 23 13:03:46 ascension courieresmtpd: /usr/lib64/libgnutls.so.13(gnutls_certificate_free_credentials+0x1e)[0x3388631ffe] Dec 23 13:03:46 ascension courieresmtpd: couriertls[0x406f39] Dec 23 13:03:46 ascension courieresmtpd: couriertls[0x405108] Dec 23 13:03:46 ascension courieresmtpd: /lib64/libc.so.6(__libc_start_main+0xf4)[0x338421d8b4] Dec 23 13:03:46 ascension courieresmtpd: couriertls[0x403f79] The message I'd send to smtpd was accepted without warnings in the client, so my guess is that the error happens in the tls_free_session function. I'm not entirely sure what's causing the error, but my guess is that gnutls_deinit(ssl->session) has already freed the memory.
Yes, that's what it means, however I cannot see where the problem is, just by looking at the code. I built Courier against GnuTLS, and made a test TLS session; but I cannot reproduce the error, however I'm using a self-signed cert, and by looking at GnuTLS's source, it looks like this might occur only with either real certs, or a cert with an intermediate signer.
I see a few other bugs, by staring at the code again, but this wouldn't be one of them.
Can you try some troubleshooting. First, determine that this error gets reported consistently. Then, in a test environment, substitute a self-signed cert for your real cert, and see what happens.
If it's confirmed that this only occurs with real certs, I'll try to cobble together a test environment with a CA, and a CA-signed cert, and see what happens.
pgpHqYGAQYUZm.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
