subject:"\\\\\\\[dkim\\\\\\\-milter\\\\\\\-discuss\\\\\\\] dkim\\\\\\\-filter crash bug and workaround"

[dkim-milter-discuss] dkim-filter crash bug and workaround

2009-01-07 Thread Murray S. Kucherawy

This affects all versions from 2.5.0 to 2.7.2.

With the addition of configuration reloads in 2.5.0, there is a failure to 
set up some configuration defaults in certain circumstances.  This can 
lead to crashes when particular message mutations pass through the filter 
because of assertion failures or invalid pointer dereferences.

Specifically, if you don't use -C on the command line and don't use any 
of the On- action directives in the configuration file (or don't use a 
configuration file at all), the default actions for those exceptions are 
never loaded.  The action is to continue in those cases as a result, 
rather than the intended (documented) defaults.  This means when libdkim 
rejects a message for formatting reasons, the filter will plunder forward, 
continuing to process the same message rather than halting processing as 
it should.  This eventually causes the filter to make a call into the DKIM 
library which causes an illegal request or an assertion failure, and the 
filter will crash.

The specific instance of this that has been observed is as follows:

a) no use of -C on the command line
b) no On-* directives in the configuration file (or no configuration file)
c) a Sender: header with an address whose domain is in the list of domains
to sign
d) no From: header on the message

A permanent fix has already been added to the impending 2.8.0 release.  A 
patched beta release of it is already available.  I expect to be posting 
that around the end of this week.  In the interim, you can protect your 
installations from this by either:

1) starting your filter with -C int=t on the command line.  The default 
includes int=t so this won't change your filter's operation, but it will 
cause the full set of defaults to be established properly as the filter 
starts up; OR

2) editing your configuration file to contain the line:

On-InternalError tempfail

...which has the same effect.

The upcoming release fixes the filter's default loading and also hardens 
the library so even without that fix (or without the filter), a crash will 
no longer result.

If people want or need a patch to 2.7.2 while waiting for 2.8.0 or would 
rather do that than upgrade right away to a new release, I can produce a 
2.7.3 or just post a source patch here.  Please let me know if you have 
such requirements.

--
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
___
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss

Re: [dkim-milter-discuss] dkim-filter crash bug and workaround

2009-01-07 Thread Scott Kitterman

On Wednesday 07 January 2009 15:05, Murray S. Kucherawy wrote:
 This affects all versions from 2.5.0 to 2.7.2.
...
 If people want or need a patch to 2.7.2 while waiting for 2.8.0 or would
 rather do that than upgrade right away to a new release, I can produce a
 2.7.3 or just post a source patch here.  Please let me know if you have
 such requirements.

This affects two Ubuntu versions that are post-release and I'll have to patch 
if I am to fix them, so a patch would be handy.  It's 2.5.4 and 2.6.0 if it 
matters.

Scott K

--
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
___
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss

Re: [dkim-milter-discuss] dkim-filter crash bug and workaround

2009-01-07 Thread Murray S. Kucherawy


On Wed, 7 Jan 2009, Scott Kitterman wrote:
This affects two Ubuntu versions that are post-release and I'll have to 
patch if I am to fix them, so a patch would be handy.  It's 2.5.4 and 
2.6.0 if it matters.


Diffs to those two versions attached.  They're identical except for the 
line numbers and version numbers.Index: dkim-filter/dkim-filter.c
===
RCS file: /cvs/dkim-filter/dkim-filter.c,v
retrieving revision 1.360
diff -u -r1.360 dkim-filter.c
--- dkim-filter/dkim-filter.c   15 Apr 2008 20:42:29 -  1.360
+++ dkim-filter/dkim-filter.c   7 Jan 2009 20:56:14 -
@@ -975,9 +975,6 @@
char *v;
char *tmp;
 
-   /* load defaults */
-   memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling);
-
if (confstr == NULL)
return TRUE;
 
@@ -1128,6 +1125,9 @@
new-conf_signbytes = -1L;
new-conf_sigmintype = SIGMIN_BYTES;
 
+   /* load defaults */
+   memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling);
+
return new;
 }
 
Index: libdkim/dkim.c
===
RCS file: /cvs/libdkim/dkim.c,v
retrieving revision 1.469
diff -u -r1.469 dkim.c
--- libdkim/dkim.c  14 Apr 2008 20:02:58 -  1.469
+++ libdkim/dkim.c  7 Jan 2009 20:56:14 -
@@ -2723,6 +2723,7 @@
{
dkim_error(dkim, required header \%s\ not found,
   required_signhdrs[c]);
+   dkim-dkim_state = DKIM_STATE_UNUSABLE;
return DKIM_STAT_SYNTAX;
}
}
Index: dkim-filter/dkim-filter.c
===
RCS file: /cvs/dkim-filter/dkim-filter.c,v
retrieving revision 1.385
diff -u -r1.385 dkim-filter.c
--- dkim-filter/dkim-filter.c   5 Jun 2008 15:12:44 -   1.385
+++ dkim-filter/dkim-filter.c   7 Jan 2009 20:55:47 -
@@ -1130,9 +1130,6 @@
char *v;
char *tmp;
 
-   /* load defaults */
-   memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling);
-
if (confstr == NULL)
return TRUE;
 
@@ -1278,6 +1275,9 @@
new-conf_signbytes = -1L;
new-conf_sigmintype = SIGMIN_BYTES;
 
+   /* load defaults */
+   memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling);
+
return new;
 }
 
Index: libdkim/dkim.c
===
RCS file: /cvs/libdkim/dkim.c,v
retrieving revision 1.485
diff -u -r1.485 dkim.c
--- libdkim/dkim.c  5 Jun 2008 23:32:41 -   1.485
+++ libdkim/dkim.c  7 Jan 2009 20:55:47 -
@@ -2776,6 +2776,7 @@
{
dkim_error(dkim, required header \%s\ not found,
   required_signhdrs[c]);
+   dkim-dkim_state = DKIM_STATE_UNUSABLE;
return DKIM_STAT_SYNTAX;
}
}
--
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB___
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss

Re: [dkim-milter-discuss] dkim-filter crash bug and workaround

2009-01-07 Thread Murray S. Kucherawy

On Wed, 7 Jan 2009, Murray S. Kucherawy wrote:
 The specific instance of this that has been observed is as follows:

 a) no use of -C on the command line
 b) no On-* directives in the configuration file (or no configuration file)
 c) a Sender: header with an address whose domain is in the list of domains
   to sign
 d) no From: header on the message

Forgot one:

e) all other signing criteria are met (MTA name matches, macros match, 
source is on the internal list, etc.)

That is, one cannot craft a message from outside and send it inbound and 
expect the filter to crash, i.e. it's not exploitable from outside.

--
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
___
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss

[dkim-milter-discuss] dkim-filter crash bug and workaround

Re: [dkim-milter-discuss] dkim-filter crash bug and workaround

Re: [dkim-milter-discuss] dkim-filter crash bug and workaround

Re: [dkim-milter-discuss] dkim-filter crash bug and workaround

4 matches

Site Navigation

Mail list logo

Footer information