[dkim-milter-discuss] dkim-filter crash bug and workaround
This affects all versions from 2.5.0 to 2.7.2. With the addition of configuration reloads in 2.5.0, there is a failure to set up some configuration defaults in certain circumstances. This can lead to crashes when particular message mutations pass through the filter because of assertion failures or invalid pointer dereferences. Specifically, if you don't use -C on the command line and don't use any of the On- action directives in the configuration file (or don't use a configuration file at all), the default actions for those exceptions are never loaded. The action is to continue in those cases as a result, rather than the intended (documented) defaults. This means when libdkim rejects a message for formatting reasons, the filter will plunder forward, continuing to process the same message rather than halting processing as it should. This eventually causes the filter to make a call into the DKIM library which causes an illegal request or an assertion failure, and the filter will crash. The specific instance of this that has been observed is as follows: a) no use of -C on the command line b) no On-* directives in the configuration file (or no configuration file) c) a Sender: header with an address whose domain is in the list of domains to sign d) no From: header on the message A permanent fix has already been added to the impending 2.8.0 release. A patched beta release of it is already available. I expect to be posting that around the end of this week. In the interim, you can protect your installations from this by either: 1) starting your filter with -C int=t on the command line. The default includes int=t so this won't change your filter's operation, but it will cause the full set of defaults to be established properly as the filter starts up; OR 2) editing your configuration file to contain the line: On-InternalError tempfail ...which has the same effect. The upcoming release fixes the filter's default loading and also hardens the library so even without that fix (or without the filter), a crash will no longer result. If people want or need a patch to 2.7.2 while waiting for 2.8.0 or would rather do that than upgrade right away to a new release, I can produce a 2.7.3 or just post a source patch here. Please let me know if you have such requirements. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
Re: [dkim-milter-discuss] dkim-filter crash bug and workaround
On Wednesday 07 January 2009 15:05, Murray S. Kucherawy wrote: This affects all versions from 2.5.0 to 2.7.2. ... If people want or need a patch to 2.7.2 while waiting for 2.8.0 or would rather do that than upgrade right away to a new release, I can produce a 2.7.3 or just post a source patch here. Please let me know if you have such requirements. This affects two Ubuntu versions that are post-release and I'll have to patch if I am to fix them, so a patch would be handy. It's 2.5.4 and 2.6.0 if it matters. Scott K -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
Re: [dkim-milter-discuss] dkim-filter crash bug and workaround
On Wed, 7 Jan 2009, Scott Kitterman wrote: This affects two Ubuntu versions that are post-release and I'll have to patch if I am to fix them, so a patch would be handy. It's 2.5.4 and 2.6.0 if it matters. Diffs to those two versions attached. They're identical except for the line numbers and version numbers.Index: dkim-filter/dkim-filter.c === RCS file: /cvs/dkim-filter/dkim-filter.c,v retrieving revision 1.360 diff -u -r1.360 dkim-filter.c --- dkim-filter/dkim-filter.c 15 Apr 2008 20:42:29 - 1.360 +++ dkim-filter/dkim-filter.c 7 Jan 2009 20:56:14 - @@ -975,9 +975,6 @@ char *v; char *tmp; - /* load defaults */ - memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling); - if (confstr == NULL) return TRUE; @@ -1128,6 +1125,9 @@ new-conf_signbytes = -1L; new-conf_sigmintype = SIGMIN_BYTES; + /* load defaults */ + memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling); + return new; } Index: libdkim/dkim.c === RCS file: /cvs/libdkim/dkim.c,v retrieving revision 1.469 diff -u -r1.469 dkim.c --- libdkim/dkim.c 14 Apr 2008 20:02:58 - 1.469 +++ libdkim/dkim.c 7 Jan 2009 20:56:14 - @@ -2723,6 +2723,7 @@ { dkim_error(dkim, required header \%s\ not found, required_signhdrs[c]); + dkim-dkim_state = DKIM_STATE_UNUSABLE; return DKIM_STAT_SYNTAX; } } Index: dkim-filter/dkim-filter.c === RCS file: /cvs/dkim-filter/dkim-filter.c,v retrieving revision 1.385 diff -u -r1.385 dkim-filter.c --- dkim-filter/dkim-filter.c 5 Jun 2008 15:12:44 - 1.385 +++ dkim-filter/dkim-filter.c 7 Jan 2009 20:55:47 - @@ -1130,9 +1130,6 @@ char *v; char *tmp; - /* load defaults */ - memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling); - if (confstr == NULL) return TRUE; @@ -1278,6 +1275,9 @@ new-conf_signbytes = -1L; new-conf_sigmintype = SIGMIN_BYTES; + /* load defaults */ + memcpy(conf-conf_handling, defaults, sizeof conf-conf_handling); + return new; } Index: libdkim/dkim.c === RCS file: /cvs/libdkim/dkim.c,v retrieving revision 1.485 diff -u -r1.485 dkim.c --- libdkim/dkim.c 5 Jun 2008 23:32:41 - 1.485 +++ libdkim/dkim.c 7 Jan 2009 20:55:47 - @@ -2776,6 +2776,7 @@ { dkim_error(dkim, required header \%s\ not found, required_signhdrs[c]); + dkim-dkim_state = DKIM_STATE_UNUSABLE; return DKIM_STAT_SYNTAX; } } -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB___ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
Re: [dkim-milter-discuss] dkim-filter crash bug and workaround
On Wed, 7 Jan 2009, Murray S. Kucherawy wrote: The specific instance of this that has been observed is as follows: a) no use of -C on the command line b) no On-* directives in the configuration file (or no configuration file) c) a Sender: header with an address whose domain is in the list of domains to sign d) no From: header on the message Forgot one: e) all other signing criteria are met (MTA name matches, macros match, source is on the internal list, etc.) That is, one cannot craft a message from outside and send it inbound and expect the filter to crash, i.e. it's not exploitable from outside. -- Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ___ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss