[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smtpserver dying when using specific PARAM BindAddress



Hi again...

well I couldn't solve it by myself... but at least I think I know where the 
problem lies ("geographically" I mean, not logically).

I have a setup with two smtpserver with different configurations... 

Each one has a different set of policies (PARAM policydb differs) and each 
one listens in a different IP address.

I use one in my published MX address and the other for message submission.

I had this running for months without a hitch with 2.99.56-pre4 (14/02/2003 
cvs).

When I installed the 2.99.56.pre9 from CVS (25/08/2003) I manually updated 
the config & policy files so as to start from newer defaults, but the 
result was always the same, a segmentation fault when starting smtpserver.

Yesterday (28/08) I updated from CVS and first tried running with the 
default config and it worked OK.

When I applied the new config, it crashed in cfparam() while doing a 
malloc() inside strdup() (line 158 of cfgread.c).

gdb info follows:
==========================================================================
# gdb /app/zmailer/bin/smtpserver core.16066 
GNU gdb Red Hat Linux (5.1.90CVS-5)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `smtpserver -sve -l /logs/mail/smtpserver-or -P 
/postoffice-or -C smtpserver-or.'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libdb-3.3.so...done.
Loaded symbols for /lib/libdb-3.3.so
Reading symbols from /usr/lib/libgdbm.so.2...done.
Loaded symbols for /usr/lib/libgdbm.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libssl.so.2...done.
Loaded symbols for /lib/libssl.so.2
Reading symbols from /lib/libcrypto.so.2...done.
Loaded symbols for /lib/libcrypto.so.2
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  0x40253ce2 in _int_malloc () from /lib/libc.so.6
(gdb) bt
#0  0x40253ce2 in _int_malloc () from /lib/libc.so.6
#1  0x40253394 in malloc () from /lib/libc.so.6
#2  0x4025a270 in strdup () from /lib/libc.so.6
#3  0x08056b06 in cfparam (str=0xbfffb64d "%H ESMTP (NO UCE)(NO UBE) our 
local time is now %T", size=1024, 
    cfgfilename=0xbffffb90 "smtpserver-or.conf", linenum=106) at 
cfgread.c:158
#4  0x08058023 in readcffile (name=0xbffffb90 "smtpserver-or.conf") at 
cfgread.c:492
#5  0x0804cc06 in main (argc=10, argv=0xbfffeba4) at smtpserver.c:817
#6  0x401fb4ad in __libc_start_main () from /lib/libc.so.6
(gdb)
==========================================================================

However, the error seems to indicate something going wrong "before" that.

Now I started with the fresh smtpserver.conf, and started doing changes 
from top to bottom, the first one being the specific IP address:
PARAM BindAddress         [192.168.1.81]

That alone generated a core dump, and gdb says:
==========================================================================
# gdb /app/zmailer/bin/smtpserver core.24027 
GNU gdb Red Hat Linux (5.1.90CVS-5)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `smtpserver -sve -l /logs/mail/smtpserver-mx -P 
/postoffice-mx -C smtpserver-mx.'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libdb-3.3.so...done.
Loaded symbols for /lib/libdb-3.3.so
Reading symbols from /usr/lib/libgdbm.so.2...done.
Loaded symbols for /usr/lib/libgdbm.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libssl.so.2...done.
Loaded symbols for /lib/libssl.so.2
Reading symbols from /lib/libcrypto.so.2...done.
Loaded symbols for /lib/libcrypto.so.2
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  0x40253ce2 in _int_malloc () from /lib/libc.so.6
(gdb) bt
#0  0x40253ce2 in _int_malloc () from /lib/libc.so.6
#1  0x40253394 in malloc () from /lib/libc.so.6
#2  0x0806a0ff in emalloc (len=16) at emalloc.c:21
#3  0x08053308 in policydefine (relp=0x80791f4, dbtype=0xbfffa652 "btree", 
dbpath=0xbfffa659 "/app/zmailer/db/smtp-policy")
    at policytest.c:215
#4  0x080572e2 in cfparam (str=0xbfffa674 "", size=1024, 
cfgfilename=0xbffffb90 "smtpserver-mx.conf", linenum=125)
    at cfgread.c:287
#5  0x08057f93 in readcffile (name=0xbffffb90 "smtpserver-mx.conf") at 
cfgread.c:492
#6  0x0804cb76 in main (argc=10, argv=0xbfffdba4) at smtpserver.c:817
#7  0x401fb4ad in __libc_start_main () from /lib/libc.so.6
(gdb)
==========================================================================

Now, looking for coincidences between both dumps, in the former, it hung 
doing a malloc when processing the "PARAM hdr220" line, and the latter hung 
doing a malloc when processing the "PARAM policydb" line.

FTR, in the latter the non-comment lines in smtpserver-mx.conf were:
PARAM BindAddress         [192.168.1.81]
PARAM   no-multiline-replies
PARAM hdr220 %H ESMTP (NO UCE)(NO UBE) our local time is now %T
PARAM help =============================================================
PARAM help See ftp://ftp.isi.edu/in-notes/rfc2821.txt for protocol info
PARAM help Also at http://www.rfc-editor.org/rfc/rfc2821.txt
PARAM help =============================================================
PARAM  policydb   $DBTYPE  $MAILVAR/db-mx/smtp-policy

And in the former:
PARAM BindAddress         [192.168.1.81]
PARAM   no-multiline-replies
PARAM  policydb   $DBTYPE  $MAILVAR/db/smtp-policy

Whereas the original (non-hunging) smtpserver.conf only has:
PARAM   no-multiline-replies
PARAM  policydb   $DBTYPE  $MAILVAR/db/smtp-policy


Just browsing the code I can see that "PARAM no-multiline-replies" only 
sets an integer variable, whereas "PARAM hdr220" calls a strdup (which does 
malloc) and "PARAM policydb" calls policydefine() which in turn calls 
strdup.

So, if "PARAM BindAddress" is used, the next malloc fails...

Now, my C knowledge is really limited and I don't know the code, but maybe 
the realloc at line 224 of cfgread.c is a good place to start... I dunno.

Here's a cutout from "cvs diff -u -r 1.45 -r 1.46 cfgread.c" 
Maybe this went wrong somehow?
@@ -211,8 +212,15 @@
       if (bindport != 0 && bindport != 0xFFFFU)
        bindport_set = 1;
     } else if (cistrcmp(name, "BindAddress") == 0 && param1) {
-       called_getbindaddr=1;
-       bindaddr_set = !zgetbindaddr(param1,&bindaddr);
+      called_getbindaddr=1;
+      if (!zgetbindaddr(param1,&bindaddr)) {
+       bindaddrs_count += 1;
+       bindaddrs = realloc( bindaddrs, sizeof(Usockaddr) * bindaddrs_count 
);
+       if (!bindaddrs)
+         bindaddrs_count = 0;
+       else
+         bindaddrs[ bindaddrs_count ] = bindaddr;
+      }
     }
 
     /* SMTP Protocol limit & policy tune options */

TIA.

--
Mariano Absatz - El Baby
mailto:baby@baby.com.ar
http://www.baby.com.ar/
    PGP KEYS: 
http://www.baby.com.ar/datos/personales.html#claves_pgp
  |\  _
  _\\/'>     Powered by Pegasus Mail
 /|__)       http://www.pmail.com
  ) )\
-----------------------------------------------------------
There's too much blood in my caffeine system.

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi