Re: [exim] bad memory reference; pool not found, at gstring_grow 1124
On 2022-12-19, Jeremy Harris via Exim-users wrote:
> On 19/12/2022 06:32, Jasen Betts via Exim-users wrote:
>>logwrite =
>> ${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz
>
> Thanks for locating this so precisely.
> Fix pushed: 1ed24e36e279
Thanks for the fix.
--
Jasen.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] bad memory reference; pool not found, at gstring_grow 1124
On 20/12/2022 17:12, Andreas Metzler via Exim-users wrote: Is there a security impact of the bug? Nope. Logging only... and only if you've written your config to try and save an 8 kB (with the release size of log buffer) log message. I guess, if you have, an attacker could induce a lot of process terminations. Most systems won't have setuid-coredumps enabled, so little issue there. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] bad memory reference; pool not found, at gstring_grow 1124
On 2022-12-19 Jeremy Harris via Exim-users wrote:
> On 19/12/2022 06:32, Jasen Betts via Exim-users wrote:
> >logwrite =
> > ${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz
> Thanks for locating this so precisely.
> Fix pushed: 1ed24e36e279
Hello,
Is there a security impact of the bug?
cu Andreas
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] bad memory reference; pool not found, at gstring_grow 1124
On 19/12/2022 06:32, Jasen Betts via Exim-users wrote:
logwrite =
${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz
Thanks for locating this so precisely.
Fix pushed: 1ed24e36e279
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] bad memory reference; pool not found, at gstring_grow 1124
On 2022-12-05, Jeremy Harris via Exim-users wrote:
> On 05/12/2022 23:31, Jasen Betts via Exim-users wrote:
>> I'm getting this error panic
>> "bad memory reference; pool not found, at gstring_grow 1124"
>>
>> at a acl logwrite in an ${acl expansion in a router
>>
>> the logwrite is over-size and thus truncated in the debug message
>>
>> then it crashes.
>>
>> it seems to happen failry rarely, maybe 1 in 1 emails on this
path.
>>
>
> version, ops in progress... core dump?
> --
> Cheers,
>Jeremy
>
debian backports' exinm-daemon-heavy 4.96
It's caused by caused by a logwrite of exactly 8153
characters (must be exact) in a context where exim_message_id is defined.
eg put this:
logwrite =
${sg{${sg{${sg{aaa}{a}{bbb}}}{b}{c}}}{c}{ddd}}zz
in the data ACL
so the line it would write would start with
-MM-DD HH:MM:SS_IDIDID-IDIDID-ID_
+1+2+3+--
making exactly 8153+37 = 8190 characters not including the newline.
--
Jasen.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] bad memory reference; pool not found, at gstring_grow 1124
On 05/12/2022 23:31, Jasen Betts via Exim-users wrote:
I'm getting this error panic
"bad memory reference; pool not found, at gstring_grow 1124"
at a acl logwrite in an ${acl expansion in a router
the logwrite is over-size and thus truncated in the debug message
then it crashes.
it seems to happen failry rarely, maybe 1 in 1 emails on this path.
version, ops in progress... core dump?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] bad memory reference; pool not found, at gstring_grow 1124
I'm getting this error panic
"bad memory reference; pool not found, at gstring_grow 1124"
at a acl logwrite in an ${acl expansion in a router
the logwrite is over-size and thus truncated in the debug message
then it crashes.
it seems to happen failry rarely, maybe 1 in 1 emails on this path.
--
Jasen.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
