Public bug reported:
We are experiencing segfaults in exim since upgrading from impish
(4.94.2-7ubuntu2 with libgnutls30 3.7.1-5ubuntu1) to jammy
(4.95-4ubuntu2 with libgnutls30 3.7.3-4ubuntu1), in
_gnutls_trust_list_get_issuer, seemingly in the sender verify callout
during message submission.
Typically the initial attempt to submit a message crashes an exim child
thread, but the same message is accepted when the sender retries.
gdb backtrace:
Thread 2.1 "exim4" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe2f844d080 (LWP 29278)]
0x00007fe2f8f3eb2b in _gnutls_trust_list_get_issuer (flags=<optimised out>,
issuer=<optimised out>, cert=<optimised out>, list=<optimised out>) at
x509/../../../lib/x509/verify-high.c:1026
1026 x509/../../../lib/x509/verify-high.c: No such file or directory.
(gdb) bt
#0 0x00007fe2f8f3eb2b in _gnutls_trust_list_get_issuer (flags=<optimised out>,
issuer=<optimised out>, cert=<optimised out>,
list=<optimised out>) at x509/../../../lib/x509/verify-high.c:1026
#1 gnutls_x509_trust_list_get_issuer (list=list@entry=0x55ef6bd9c260,
cert=0x55ef6bd9be20, issuer=issuer@entry=0x7ffc82dba510,
flags=flags@entry=16) at x509/../../../lib/x509/verify-high.c:1129
#2 0x00007fe2f8f3f679 in gnutls_x509_trust_list_verify_crt2
(list=0x55ef6bd9c260, cert_list=0x7ffc82dba5c0,
cert_list_size=<optimised out>, data=<optimised out>, elements=<optimised
out>, flags=33554432, voutput=0x7ffc82dba888, func=0x0)
at x509/../../../lib/x509/verify-high.c:1522
#3 0x00007fe2f8ed7516 in _gnutls_x509_cert_verify_peers
(status=0x7ffc82dba888, elements=0, data=0x0, session=0x55ef6c0c1150)
at ../../lib/cert-session.c:597
#4 gnutls_certificate_verify_peers (session=0x55ef6c0c1150,
data=data@entry=0x0, elements=elements@entry=0,
status=status@entry=0x7ffc82dba888) at ../../lib/cert-session.c:776
#5 0x00007fe2f8ed8000 in gnutls_certificate_verify_peers2 (session=<optimised
out>, status=status@entry=0x7ffc82dba888)
at ../../lib/cert-session.c:653
#6 0x000055ef6b7698ef in verify_certificate (state=<optimised out>,
errstr=0x7ffc82dbaa20)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:2519
#7 0x000055ef6b7a5d7b in tls_client_start.constprop.0
(cctx=cctx@entry=0x55ef6be0e688, conn_args=conn_args@entry=0x55ef6bdfe5f8,
tlsp=0x55ef6b7f59c0 <tls_out>, errstr=errstr@entry=0x7ffc82dbaa20,
cookie=<optimised out>)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:3593
#8 0x000055ef6b78b0ef in smtp_setup_conn (sx=0x55ef6bdfe5e8,
suppress_tls=<optimised out>) at transports/smtp.c:2673
#9 0x000055ef6b776350 in do_callout (pm_mailfrom=<optimised out>,
se_mailfrom=<optimised out>, options=<optimised out>,
callout_connect=<optimised out>, callout_overall=<optimised out>,
callout=<optimised out>, tf=0x7ffc82dbbc10,
host_list=<optimised out>, addr=0x7ffc82dbbdd0)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/verify.c:677
#10 verify_address (vaddr=<optimised out>, fp=<optimised out>,
options=<optimised out>, callout=<optimised out>,
callout_overall=<optimised out>, callout_connect=<optimised out>,
se_mailfrom=<optimised out>, pm_mailfrom=<optimised out>,
routed=<optimised out>) at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/verify.c:1947
#11 0x000055ef6b6f1660 in acl_verify (where=where@entry=0,
addr=addr@entry=0x7ffc82dbc5e0,
arg=0x55ef6babc2b8
"recipient/defer_ok/callout=30s,defer_ok,use_postmaster",
user_msgptr=user_msgptr@entry=0x7ffc82dbca50,
log_msgptr=log_msgptr@entry=0x7ffc82dbca58,
basic_errno=basic_errno@entry=0x7ffc82dbc38c)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:2168
#12 0x000055ef6b6f479e in acl_check_condition (level=<optimised out>,
basic_errno=0x7ffc82dbc38c, log_msgptr=<optimised out>,
user_msgptr=<optimised out>, epp=<synthetic pointer>, addr=<optimised out>,
where=<optimised out>, cb=0x55ef6babc298,
verb=<optimised out>) at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:3838
#13 acl_check_internal (where=where@entry=0, addr=addr@entry=0x7ffc82dbc5e0,
s=s@entry=0x55ef6bab9990 "acl_check_rcpt",
user_msgptr=user_msgptr@entry=0x7ffc82dbca50,
log_msgptr=log_msgptr@entry=0x7ffc82dbca58)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:4225
#14 0x000055ef6b6f7b9e in acl_check (where=0, recipient=<optimised out>,
s=0x55ef6bab9990 "acl_check_rcpt",
user_msgptr=0x7ffc82dbca50, log_msgptr=0x7ffc82dbca58)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:4539
#15 0x000055ef6b75c2fd in smtp_setup_msg () at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/smtp_in.c:5283
#16 0x000055ef6b6e5cda in handle_smtp_call (accepted=0x7ffc82dbceb0,
accept_socket=<optimised out>,
listen_socket_count=<optimised out>, listen_sockets=<optimised out>)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/daemon.c:551
#17 daemon_go () at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/daemon.c:2594
#18 main (argc=<optimised out>, cargv=<optimised out>)
at
/build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/exim.c:4947
** Affects: exim4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: gnutls28 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974214
Title:
Segfaults on sender verify callout, in _gnutls_trust_list_get_issuer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
