[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ZMailer] Zmailer crashes
On Fri, Oct 31, 2008 at 04:03:05PM +0000, Ralf Baechle wrote:
> Since quite a while I'm observing these kernel messages on a Linux x86_64
> system:
>
> sm[3270]: segfault at 3ba7f9f0 ip 79fbc9 sp 7fffe7c48e30 error 6 in libc-2.7.so[72d000+14d000]
> sm[3493] trap stack segment ip:7f0e2a121bc9 sp:7fff3240e4a0 error:0
> sm[3773]: segfault at 3ba7f9f0 ip 79fbc9 sp 7fff55499680 error 6 in libc-2.7.so[72d000+14d000]
> sm[3772] trap stack segment ip:7fbfcd993bc9 sp:7fffd5e98080 error:0
> sm[3605]: segfault at 3ba7f9f0 ip 79fbc9 sp 7fff046d38c0 error 6 in libc-2.7.so[72d000+14d000]
>
> Lots of these - and occasionally also a smtpserver crash:
I don't use sm, thus I don't see these..
Perhaps you could run ZMailer compiled for debugging, and run environment
allowing core dump files:
# ulimit -c unlimited
# zmailer scheduler
Now collect *core* files from within $POSTOFFICE, and look for clues with gdb:
# gdb sm sm.core
(gdb) where
...
> smtpserver[2679]: segfault at 0 ip ee59d4 sp 7fffdf3d8e90 error 4 in libc-2.7.so[e83000+14d000]
>
> Are these known / fixed problems?
This I recall having seen... Probably this one:
+2006-01-04 Matti Aarnio <mea@zmailer.org>
+
+ * smtpserver/rfc821scn.c:
+ After years of operation, learned that bad EHLO-parameter
+ with 8-bit chars is able to crash the smtpserver in
+ rfc821_domain() when it checks bytes (characters) being
+ in some class or other, and encounters 8th-bit-set one.
+ Everywhere else the input is pre-sanitized of characters
+ outside printable ASCII range.
+ This was observed on a 2.6.x Linux running on x86-64 hardware,
+ with the character classification table at the beginning of
+ the .data section below of which there was non-mapped range..
+ .. upon which referral a SEGV was generated.
+
+ Made also the used character classification dataset
+ to be 'const', which it is...
+
+ Btw: this is NOT a SECURITY bug, code never writes into that
+ array, only reads from it, and as a result (depending on
+ multiple things in your runtime environment) may just read
+ junk, or segfault. Gigo rule.
+
Garbage In -> crash
> Zmailer version is 2.99.57.pre4-2 from CVS running on Fedora 8.
>
> Thanks,
> Ralf
--
/Matti Aarnio <mea@nic.funet.fi>
--
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi