Bug#812585: exim4: Exim crashing when comparing password created with "htpaswwd" without "-d" -- segmentation fault.

Marc Haber mh+debian-packages at zugschlus.de
Mon Jan 25 12:44:18 UTC 2016 

This looks to me like a rather interesting upstream problem. Do you
feel comfortable with installing debug symbols and trying to obtain a
backtrace?

You might also want to report this to the upsteam bugzilla yourself to
make for shorter paths of communication.

Thanks for reporting this!

Greetings
Marc

On Mon, Jan 25, 2016 at 11:35:15AM +0100, Leszek Dubiel wrote:
> From: Leszek Dubiel <leszek.dubiel at dubielvitrum.pl>
> Subject: Bug#812585: exim4: Exim crashing when comparing password created
>  with "htpaswwd" without "-d" -- segmentation fault.
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> Reply-To: Leszek Dubiel <leszek.dubiel at dubielvitrum.pl>,
>  812585 at bugs.debian.org
> Date: Mon, 25 Jan 2016 11:35:15 +0100
> X-Debian-PR-Package: exim4
> X-Mailer: reportbug 6.6.3
> List-Id: Reach the exim4 maintainers
>  <pkg-exim4-maintainers.lists.alioth.debian.org>
> X-Spam-Score: (-) -1.9
> X-Spam-Report: torres.zugschlus.de  Content analysis details:   (-1.9
>  points, 5.0 required)   pts  rule name              description  ----
>  ---------------------- ------------------------------------------- -0.0
>  RP_MATCHES_RCVD        Envelope sender domain matches handover relay
>  domain -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
>                              [score: 0.0000]
> 
> Package: exim4
> Version: 4.84-8+deb8u2
> Severity: important
> Tags: upstream
> 
> Dear Maintainer,
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
> Here's the script to reproduce error: 
> 
> 	#!/bin/bash 
> 
> 	exec 2>&1
> 
> 	printf '' >/tmp/mypassfile
> 	echo "fooboo" | htpasswd -d -i /tmp/mypassfile john1 
> 	echo "fooboo" | htpasswd    -i /tmp/mypassfile john2
> 	echo "xxxyyy" | htpasswd -d -i /tmp/mypassfile john3
> 	echo "xxxyyy" | htpasswd    -i /tmp/mypassfile john4
> 	cat /tmp/mypassfile
> 	printf "\n\n"
> 
> 	for u in john1 john2 john3 john4; do 
> 		for p in fooboo xxxyyy; do 
> 			echo "user=$u, pass=$p"
> 					     exim -be '${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}'
> 			exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'
> 			echo
> 		done
> 	done 
> 
> and heres my output: 
> 
> 	Adding password for user john1
> 	Adding password for user john2
> 	Adding password for user john3
> 	Adding password for user john4
> 	john1:Wob0SnzzkZiR6
> 	john2:$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
> 	john3:Bvn4WIUEUqpK6
> 	john4:$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
> 
> 
> 	user=john1, pass=fooboo
> 	Wob0SnzzkZiR6
> 	ok and suceed
> 
> 	user=john1, pass=xxxyyy
> 	Wob0SnzzkZiR6
> 	ok but failed
> 
> 	user=john2, pass=fooboo
> 	$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
> 	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28257 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'
> 
> 	user=john2, pass=xxxyyy
> 	$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
> 	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28261 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'
> 
> 	user=john3, pass=fooboo
> 	Bvn4WIUEUqpK6
> 	ok but failed
> 
> 	user=john3, pass=xxxyyy
> 	Bvn4WIUEUqpK6
> 	ok and suceed
> 
> 	user=john4, pass=fooboo
> 	$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
> 	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28273 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'
> 
> 	user=john4, pass=xxxyyy
> 	$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
> 	./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28279 Segmentation fault      exim -be '${if crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and suceed}{ok but failed}}'
> 
> 
> 
> 
> *** End of the template - remove these template lines ***
> 
> 
> -- Package-specific info:
> Exim version 4.84 #3 built 15-Dec-2015 04:18:37
> Copyright (c) University of Cambridge, 1995 - 2014
> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
> Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
> Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM PRDR OCSP
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
> Authenticators: cram_md5 plaintext
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
> Fixed never_users: 0
> Size of off_t: 8
> Configuration file is /etc/exim4/exim4.conf
> # /etc/exim4/update-exim4.conf.conf
> #
> # Edit this file and /etc/mailname by hand and execute update-exim4.conf
> # yourself or use 'dpkg-reconfigure exim4-config'
> #
> # Please note that this is _not_ a dpkg-conffile and that automatic changes
> # to this file might happen. The code handling this will honor your local
> # changes, so this is usually fine, but will break local schemes that mess
> # around with multiple versions of the file.
> #
> # update-exim4.conf uses this file to determine variable values to generate
> # exim configuration macros for the configuration file.
> #
> # Most settings found in here do have corresponding questions in the
> # Debconf configuration, but not all of them.
> #
> # This is a Debian specific file
> 
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames='dubielvitrum.pl'
> dc_local_interfaces=''
> dc_readhost=''
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets='192.168.18.0/24'
> dc_smarthost='mail.dubielvitrum.pl'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='false'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
> mailname:dubielvitrum.pl
> 
> -- System Information:
> Debian Release: 8.3
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: i386 (i686)
> 
> Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
> Shell: /bin/sh linked to /bin/bash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages exim4 depends on:
> ii  debconf [debconf-2.0]  1.5.56
> ii  exim4-base             4.84-8+deb8u2
> ii  exim4-daemon-light     4.84-8+deb8u2
> 
> exim4 recommends no packages.
> 
> exim4 suggests no packages.
> 
> -- debconf information:
>   exim4/drec:
> 
> -- 
> Pkg-exim4-maintainers mailing list
> Pkg-exim4-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-maintainers

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

More information about the Pkg-exim4-maintainers mailing list