Ubuntu
libspf2 package

segfaults on amd64 systems

Bug #65952 reported by Herbert Straub
4
Affects Status Importance Assigned to Milestone
libspf2 (Debian)
Fix Released
Unknown
libspf2 (Ubuntu)
Fix Released
Low
Michael Bienia

Bug Description

Binary package hint: libspf2-2

Package: libspf2-2
Version: 1.2.5-3

The milter-greylist (linked with libspf2) segfaults every time on amd64 cpus. The
attached gdb shows:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1124096352 (LWP 5648)]
0x00002aaaab19d2a0 in memset () from /lib/libc.so.6

(gdb) bt
#0 0x00002aaaab19d2a0 in memset () from /lib/libc.so.6
#1 0x00002aaaaabcc5c2 in SPF_record_expand_data () from /usr/lib/libspf2.so.2
#2 0x00002aaaaabcccb7 in SPF_record_expand_data () from /usr/lib/libspf2.so.2
#3 0x00002aaaaabcceb6 in SPF_request_get_exp () from /usr/lib/libspf2.so.2
#4 0x00002aaaaabcdd6f in SPF_i_done () from /usr/lib/libspf2.so.2
#5 0x00002aaaaabcedf6 in SPF_record_interpret () from /usr/lib/libspf2.so.2
#6 0x00002aaaaabd1525 in SPF_request_is_loopback () from /usr/lib/libspf2.so.2
#7 0x00002aaaaabd15cf in SPF_request_query_mailfrom () from /usr/lib/libspf2.so.2
#8 0x000000000040cb75 in ?? ()
#9 0x0000000000403208 in ?? ()
#10 0x00002aaaab02273d in st_sender (g=0x43005140) at engine.c:853
#11 0x00002aaaab021bbe in mi_engine (ctx=0x547f30) at engine.c:355
#12 0x00002aaaab023b1f in mi_handle_session (ctx=0x547f30) at handler.c:45
#13 0x00002aaaab0228d9 in mi_thread_handle_wrapper (arg=0x549e40) at listener.c:566
#14 0x00002aaaaaf0d0fa in start_thread () from /lib/libpthread.so.0
#15 0x00002aaaab1f2ce2 in clone () from /lib/libc.so.6
#16 0x0000000000000000 in ?? ()
(gdb)

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii libspf2-2 1.2.5-3 Sender Policy Framework library, written in

Carsten Koch-Mauthe found the same error and debugged the situation, see the mailinglist
article:

http://permalink.gmane.org/gmane.mail.spam.spf.devel/709

I created a patch, based on this analyses, but also change len from int to size_t:

--- src/libspf2/spf_interpret.c.orig 2006-10-13 16:47:29.000000000 +0200
+++ src/libspf2/spf_interpret.c 2006-10-13 16:48:16.000000000 +0200
@@ -49,8 +49,8 @@
        SPF_record_t *spf_record;
        SPF_errcode_t err;
        char *buf;
- int buflen;
- int len;
+ size_t buflen;
+ size_t len;

        SPF_ASSERT_NOTNULL(spf_response);
        spf_request = spf_response->spf_request;

With this patch, the milter-greylist doesn't segfaults. I also report this situation to the libspf2 developer mailinglist and to Debian Bug#392793.

Regards
Herbert Straub

Bug Watch Updater (bug-watch-updater)
Changed in libspf2:
status: Unknown → Unconfirmed
Revision history for this message
Scott Kitterman (kitterman) wrote :

The attached patch seems to be a more complete solution to this problem. It builds successfully on both AMD64 and i386 systems.

Changed in libspf2:
status: Unconfirmed → Confirmed
Revision history for this message
Scott Kitterman (kitterman) wrote :

Corrected maintainer to MOTU and changed to use dpatch.

Revision history for this message
Michael Bienia (geser) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Fri, 9 Mar 2007 10:27:29 -0500
Source: libspf2
Binary: spfquery libspf2-2 libspf2-dev
Architecture: source
Version: 1.2.5-4ubuntu2
Distribution: feisty
Urgency: low
Maintainer: Ubuntu MOTU Developers <email address hidden>
Changed-By: Scott Kitterman <email address hidden>
Description:
 libspf2-2 - Sender Policy Framework library, written in C
 libspf2-dev - Header and development libraries for libspf2
 spfquery - Sender Policy Framework library, written in C
Launchpad-Bugs-Fixed: 65952
Changes:
 libspf2 (1.2.5-4ubuntu2) feisty; urgency=low
 .
   * Fix data types to avoid segfault on AMD64
     - Patch thanks to Thomas Jacob <email address hidden>
     - Corrects LP: #65952 (Closes Debian #392793)
   * Change maintainer to MOTU
   * Add dpatch and debian/patches for fix.
Files:
 c5a411df278749caf3e7b9f53be2f0c0 816 - optional libspf2_1.2.5-4ubuntu2.dsc
 ebbe1c8e478a3514f0a7a89bd62f71cb 15201 - optional libspf2_1.2.5-4ubuntu2.diff.gz
Original-Maintainer: Debian QA Group <email address hidden>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.2 (GNU/Linux)

iQCVAwUBRfGDbKPP1313boLqAQM8kAQAkANqKH5kHBg5RTZ6CUUP2DbRsCyJlOwc
83GuqDGntko1l9p+0KVp4nItmSSXRspgeMlnHFn/wMTU2tP68JL2xuQHTlonRk/P
c5us2yL4lRakejiPobcGjfDVShSUawlPCshEhaR8PbqM1vsGvajgRaLRrDNt1fV6
whr5b6dGHoE=
=UOpr
-----END PGP SIGNATURE-----

Changed in libspf2:
assignee: nobody → geser
importance: Undecided → Low
status: Confirmed → Fix Committed
Scott Kitterman (kitterman)
Changed in libspf2:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in libspf2:
status: Unconfirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.