https://bugs.exim.org/show_bug.cgi?id=2239
Bug ID: 2239 Summary: segfault when processing control = utf8_downconvert Product: Exim Version: 4.90 Hardware: x86-64 OS: Linux Status: NEW Severity: bug Priority: medium Component: ACLs Assignee: jgh146...@wizmail.org Reporter: geda...@gedalya.net CC: exim-dev@exim.org This seems to happen no matter where I put this modifier. I'm not that familiar with gdb so if more is needed in that realm please treat me like a dummy. This is a custom-built exim, reproduced the issue on Debian stretch and buster (testing). # exim -bV Exim version 4.90_1 #2 built 10-Feb-2018 12:45:40 Copyright (c) University of Cambridge, 1995 - 2017 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 GnuTLS Content_Scanning DKIM DNSSEC Event I18N OCSP PRDR SOCKS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch mysql Authenticators: dovecot plaintext Routers: accept dnslookup manualroute redirect Transports: appendfile autoreply lmtp pipe smtp Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file is /etc/exim4/exim4.conf Starting program: /usr/sbin/exim -bh 127.0.0.1 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". **** SMTP testing session as if from host 127.0.0.1 **** but without any ident (RFC 1413) callback. **** This is not for real! >>> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? yes (matched "*") >>> looking up host name for 127.0.0.1 >>> IP address lookup yielded "localhost" >>> local host found for non-MX address >>> checking addresses for localhost >>> ::1 >>> 127.0.0.1 OK >>> host in host_reject_connection? no (option unset) >>> host in sender_unqualified_hosts? no (option unset) >>> host in recipient_unqualified_hosts? no (option unset) >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) 220 mx2.gedalya.net ESMTP Sun, 11 Feb 2018 10:28:09 -0500 EHLO me >>> host in dsn_advertise_hosts? no (option unset) >>> host in pipelining_advertise_hosts? yes (matched "*") >>> host in auth_advertise_hosts? yes (matched "*") >>> host in chunking_advertise_hosts? yes (matched "*") >>> host in tls_advertise_hosts? yes (matched "*") >>> host in smtputf8_advertise_hosts? yes (matched "*") 250-mx2.gedalya.net Hello localhost [127.0.0.1] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-CHUNKING 250-STARTTLS 250-SMTPUTF8 250 HELP MAIL FROM: <t...@example.com> SMTPUTF8 >>> using ACL "acl_check_mail" >>> processing "deny" >>> message: no HELO given before MAIL command >>> check condition = ${if def:sender_helo_name {no}{yes}} >>> = no >>> deny: condition test failed in ACL "acl_check_mail" >>> processing "accept" >>> check control = utf8_downconvert Program received signal SIGSEGV, Segmentation fault. acl_check_condition (level=<optimized out>, basic_errno=0x7ffcb78439ec, log_msgptr=0x7ffcb7843d90, user_msgptr=0x7ffcb7843d98, epp=<synthetic pointer>, addr=0x0, where=1, cb=0x563f892ebaf8, verb=0) at acl.c:3338 3338 acl.c: No such file or directory. (gdb) bt full #0 acl_check_condition (level=<optimized out>, basic_errno=0x7ffcb78439ec, log_msgptr=0x7ffcb7843d90, user_msgptr=0x7ffcb7843d98, epp=<synthetic pointer>, addr=0x0, where=1, cb=0x563f892ebaf8, verb=0) at acl.c:3338 p = <optimized out> arg = 0x563f892ebb18 "utf8_downconvert" user_message = <optimized out> log_message = 0x0 rc = 0 sep = -47 #1 acl_check_internal (where=where@entry=1, addr=addr@entry=0x0, s=<optimized out>, user_msgptr=user_msgptr@entry=0x7ffcb7843d98, log_msgptr=0x7ffcb7843d90) at acl.c:4079 basic_errno = 0 endpass_seen = 0 fd = <optimized out> acl = 0x563f892ebae0 acl_name = <optimized out> ss = <optimized out> #2 0x0000563f87d04429 in acl_check (where=where@entry=1, recipient=recipient@entry=0x0, s=<optimized out>, user_msgptr=user_msgptr@entry=0x7ffcb7843d98, log_msgptr=log_msgptr@entry=0x7ffcb7843d90) at acl.c:4391 rc = <optimized out> adb = {next = 0x0, parent = 0x0, first = 0x0, dupof = 0x0, start_router = 0x0, router = 0x0, transport = 0x0, host_list = 0x0, host_used = 0x400000000, fallback_hosts = 0x563f87d6909b <string_vformat+1019>, reply = 0x563f87dc0000, retries = 0x0, address = 0x563f892e7370 "250-SIZE 52428800\r\n", unique = 0x563f87d693ed <string_vformat+1869> "D\213L$,\211\301D\213D$(\351I\374\377\377H\213|$\030\213\027\203\372/\017\207\350\001", cc_local_part = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, lc_local_part = 0x0, local_part = 0x563f87db8d00 "handling%s incoming connection from %s", prefix = 0x7ffcb7843c60 "`R/\211?V", suffix = 0x563fffffffff <error: Cannot access memory at address 0x563fffffffff>, domain = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, address_retry_key = 0x563f87da6e32 "-", domain_retry_key = 0x7f8f1dd465a0 <_IO_str_chk_jumps> "", current_dir = 0x0, home_dir = 0x275d94323b8aaf00 <error: Cannot access memory at address 0x275d94323b8aaf00>, message = 0x0, user_message = 0x0, onetime_parent = 0x563f87ff4120 <process_info> "30049 handling incoming connection from localhost (me) [127.0.0.1]\n", pipe_expandn = 0x563f87d39e11 <skip_comment+33>, return_filename = 0x563f892f5288 "ail\"", self_hostname = 0x563f892f5260 "t...@example.com", shadow_message = 0x563f87daf690 " ()<>@,;:\\\".[]\177", cipher = 0x563f87d39f5c <read_local_part+172> "L9\363H\211\307\017\204\270", ourcert = 0x563f892f5260, peercert = 0x563f87d39e11 <skip_comment+33>, peerdn = 0x18 <error: Cannot access memory at address 0x18>, ocsp = -1993363870, authenticator = 0x563f892f5270 "", auth_id = 0x563f87d3a15b <read_domain+235> "L9\355H\211\303\306E", auth_sndr = 0x7ffcb7843d00 "\250=\204\267\374\177", dsn_orcpt = 0x7ffcb7843db0 "", dsn_flags = -1993363886, dsn_aware = 22079, uid = 3078897072, gid = 32764, flags = {af_allow_file = 0, af_allow_pipe = 0, af_allow_reply = 0, af_dr_retry_exists = 0, af_expand_pipe = 0, af_file = 1, af_gid_set = 1, af_home_expanded = 0, af_initgroups = 0, af_local_host_removed = 1, af_lt_retry_exists = 0, af_pfr = 0, af_retry_skipped = 1, af_retry_timedout = 0, af_uid_set = 1, af_hide_child = 0, af_sverify_told = 1, af_verify_pmfail = 1, af_verify_nsfail = 1, af_homonym = 1, af_verify_routed = 0, af_verify_callout = 1, af_include_affixes = 0, af_cert_verified = 0, af_pass_message = 1, af_bad_reply = 0, af_tcp_fastopen_conn = 0, af_tcp_fastopen = 1, af_prdr_used = 0, af_chunking_used = 0, af_force_command = 0, af_utf8_downcvt = 1}, domain_cache = {22079}, localpart_cache = {2301603410}, mode = 22079, more_errno = -1993363887, delivery_usec = 22079, basic_errno = 15792, child_count = 46980, return_file = 32764, special_action = 0, transport_return = 21088, prop = {address_data = 0x275d94323b8aaf00 <error: Cannot access memory at address 0x275d94323b8aaf00>, domain_data = 0x0, localpart_data = 0x14ef110 <error: Cannot access memory at address 0x14ef110>, errors_address = 0x0, extra_headers = 0x7ffcb7843db0, remove_headers = 0x7ffcb7843da8 "d\256/\211?V", ignore_error = 0, utf8_msg = 0, utf8_downcvt = 0, utf8_downcvt_maybe = 0}} addr = 0x0 #3 0x0000563f87d5f0b9 in smtp_setup_msg () at smtp_in.c:4754 mail_args = <optimized out> errmess = 0x0 oldsignal = <optimized out> pid = <optimized out> end = 17 recipient_domain = -1993363868 flags = <optimized out> g = <optimized out> user_msg = 0x0 hello = 0x0 was_rej_mail = 1 argv = 0x0 etrn_serialize_key = <optimized out> recipient = 0x0 s = 0x563f00000005 <error: Cannot access memory at address 0x563f00000005> c = <optimized out> etrn_command = <optimized out> smtp_code = 0x0 sender_domain = 5 orcpt = 0x0 ss = <optimized out> au = <optimized out> log_msg = 0x0 was_rcpt = 0 start = 1 rc = <optimized out> done = 0 toomany = 0 discarded = <optimized out> last_was_rej_mail = <optimized out> last_was_rcpt = <optimized out> reset_point = <optimized out> __PRETTY_FUNCTION__ = "smtp_setup_msg" #4 0x0000563f87cfdeb7 in main (argc=3, cargv=0x7ffcb7884408) at exim.c:5164 x = {2130706433, 0, 0, 0} size = <optimized out> argv = 0x7ffcb7884408 arg_receive_timeout = -1 arg_smtp_receive_timeout = -1 arg_error_handling = 0 filter_sfd = <optimized out> filter_ufd = -1 i = <optimized out> rv = <optimized out> list_queue_option = <optimized out> msg_action = 0 msg_action_arg = <optimized out> namelen = <optimized out> queue_only_reason = 0 recipients_arg = 3 sender_address_domain = 0 test_retry_arg = <optimized out> test_rewrite_arg = <optimized out> arg_queue_only = <optimized out> bi_option = <optimized out> checking = <optimized out> count_queue = <optimized out> expansion_test = <optimized out> extract_recipients = <optimized out> flag_G = <optimized out> flag_n = <optimized out> forced_delivery = 0 f_end_dot = <optimized out> deliver_give_up = 0 list_queue = 0 list_options = <optimized out> list_config = <optimized out> local_queue_only = <optimized out> more = 1 one_msg_action = 0 opt_D_used = <optimized out> queue_only_set = <optimized out> receiving_message = <optimized out> sender_ident_set = <optimized out> session_local_queue_only = <optimized out> unprivileged = 0 removed_privilege = <optimized out> usage_wanted = <optimized out> verify_address_mode = <optimized out> verify_as_sender = <optimized out> version_printed = <optimized out> alias_arg = <optimized out> called_as = 0x563f87dce972 "" cmdline_syslog_name = <optimized out> start_queue_run_id = <optimized out> stop_queue_run_id = <optimized out> expansion_test_message = <optimized out> ftest_domain = <optimized out> ftest_localpart = <optimized out> ftest_prefix = <optimized out> ftest_suffix = <optimized out> log_oneline = <optimized out> malware_test_file = <optimized out> real_sender_address = <optimized out> originator_home = 0x563f892f4e48 "/root" sz = <optimized out> reset_point = 0x563f892f5260 pw = 0x7f8f1dd4bf00 <resbuf.9774> statbuf = {st_dev = 20, st_ino = 3, st_nlink = 1, st_mode = 8576, st_uid = 0, st_gid = 5, __pad0 = 0, st_rdev = 34816, st_size = 0, st_blksize = 1024, st_blocks = 0, st_atim = {tv_sec = 1518362888, tv_nsec = 328588062}, st_mtim = {tv_sec = 1518362888, tv_nsec = 328588062}, st_ctim = {tv_sec = 1518361976, tv_nsec = 364588067}, __glibc_reserved = {0, 0, 0}} passed_qr_pid = <optimized out> passed_qr_pipe = <optimized out> group_list = <error reading variable group_list (value requires 262144 bytes, which is more than max-value-size)> info_flag = <optimized out> info_stdout = <optimized out> rsopts = {0x563f87da9df9 "f", 0x563f87dc9c06 "ff", 0x563f87da487d "r", 0x563f87da4d56 "rf", 0x563f87da4d59 "rff"} -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##