Bug#803255: exim4: segfault upon reading /etc/email-addresses

Sylvain LEVEQUE sylvain.leveque+bugreport at gmail.com
Wed Oct 28 12:41:20 UTC 2015 

Package: exim4
Version: 4.86-4
Severity: important

Dear Maintainer,

After upgrading from exim4 4.86-3 to 4.86-4, I observe a segfault when /etc/email-addresses is looked up by sendmail/exim and an entry with a rewriting rule is found. These mails don't get sent.

Commenting out the corresponding line in /etc/email-addresses fixes the problem. 

I am seeing this segfault on armel, but not on amd64.

# cat /etc/email-addresses
# This is /etc/email-addresses. It is part of the exim package
#
# This file contains email addresses to use for outgoing mail. Any local
# part not in here will be qualified by the system domain as normal.
#
# It should contain lines of the form:
#
#user: someone at isp.com
#otheruser: someoneelse at anotherisp.com
sleveque: sylvain at gromi.net
monit at donkeykong: sylvain at gromi.net
root: sylvain at gromi.net

# echo "Subject: test" | /usr/lib/sendmail -v sylvain at gromi.net
Segmentation fault

# echo "Subject: test" | strace /usr/lib/sendmail -v sylvain at gromi.net
[snip]
rt_sigaction(SIGTERM, {0xb6ec3b4c, [TERM], SA_RESTORER|SA_RESTART, 0xb68accf0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0xb6ec3b4c, [INT], SA_RESTORER|SA_RESTART, 0xb68accf0}, {SIG_DFL, [], 0}, 8) = 0
fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e58000
read(0, "Subject: test\n", 4096)        = 14
read(0, "", 4096)                       = 0
open("/etc/email-addresses", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=400, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=400, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e57000
_llseek(4, 0, [0], SEEK_SET)            = 0
read(4, "# This is /etc/email-addresses. "..., 4096) = 400
read(4, "", 4096)                       = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xc8b80b28} ---
+++ killed by SIGSEGV +++
Segmentation fault

# cat /etc/email-addresses
# This is /etc/email-addresses. It is part of the exim package
#
# This file contains email addresses to use for outgoing mail. Any local
# part not in here will be qualified by the system domain as normal.
#
# It should contain lines of the form:
#
#user: someone at isp.com
#otheruser: someoneelse at anotherisp.com
sleveque: sylvain at gromi.net
monit at donkeykong: sylvain at gromi.net
#root: sylvain at gromi.net

# echo "Subject: test" | /usr/lib/sendmail -v sylvain at gromi.net
LOG: MAIN
  <= root at donkeykong.gromi.net U=root P=local S=358
donkeykong:~# delivering 1ZrPx0-0002Kr-GX
R: smarthost for sylvain at gromi.net
T: remote_smtp_smarthost for sylvain at gromi.net
Connecting to XXXXXXXXXXXXXXX:25 ... connected
  SMTP<< 220 XXXXXXXXXXXXXXXX ESMTP Postfix
  SMTP>> EHLO donkeykong.gromi.net
  SMTP<< 250-XXXXXXXXXXXXXXXX
         250-PIPELINING
         250-SIZE 35000000
         250-VRFY
         250-ETRN
         250-STARTTLS
         250-ENHANCEDSTATUSCODES
         250-8BITMIME
         250 DSN
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 Ready to start TLS
  SMTP>> EHLO donkeykong.gromi.net
  SMTP<< 250-XXXXXXXXXXXXXXXX
         250-PIPELINING
         250-SIZE 35000000
         250-VRFY
         250-ETRN
         250-ENHANCEDSTATUSCODES
         250-8BITMIME
         250 DSN
  SMTP>> MAIL FROM:<root at gromi.net> SIZE=1390
  SMTP>> RCPT TO:<sylvain at gromi.net>
  SMTP>> DATA
  SMTP<< 250 2.1.0 Ok
  SMTP<< 250 2.1.5 Ok
  SMTP<< 354 End data with <CR><LF>.<CR><LF>
  SMTP>> writing message and terminating "."
  SMTP<< 250 2.0.0 Ok: queued as 8F372D480B3
  SMTP>> QUIT
LOG: MAIN
  => sylvain at gromi.net R=smarthost T=remote_smtp_smarthost H=XXXXXXXXXXXXX [XXXXXXXXXX] X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no DN="OU=GT42558204,OU=See www.rapidssl.com/resources/cps (c)15,OU=Domain Control Validated - RapidSSL(R),CN=XXXXXXXX" C="250 2.0.0 Ok: queued as 8F372D480B3"
LOG: MAIN
  Completed

-- Package-specific info:
Exim version 4.86 #3 built 17-Oct-2015 13:01:01
Copyright (c) University of Cambridge, 1995 - 2015
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2015
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable'), (40, 'experimental')
Architecture: armel (armv5tel)

Kernel: Linux 3.15-rc8-kirkwood
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.57
ii  exim4-base             4.86-4
ii  exim4-daemon-light     4.86-4

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information excluded

More information about the Pkg-exim4-maintainers mailing list