Bug 105001 - libspf2 segfaults when verifying SPF Queries
Summary: libspf2 segfaults when verifying SPF Queries
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Marcus Alves Grando
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-01 11:10 UTC by Christophe Thil
Modified: 2006-12-13 03:00 UTC (History)
0 users

See Also:

Attachments
patch-src_libspf2_spf__interpret.c (350 bytes, application/octet-stream; x-unix-mode=0644)
2006-11-10 19:43 UTC, Christophe Thil 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christophe Thil 2006-11-01 11:10:12 UTC 
When verifying SPF records, libspf2 segfaults if the verified sender is prohibited by spf records.
This does not only affect spfquery, but other programs using libspf2 (like exim), too.

Example:
[chris@galibier ~]$ spfquery -ip=88.198.155.186 -sender=chris@thil.de
works, because this IP address is a valid sender
[chris@galibier ~]$ spfquery -debug=9 -ip=1.2.3.4 -sender=chris@thil.de
crashed, because 1.2.3.4 is not a valid sender

Running with debug gives the following information:
[snip]
spf_dns.c:62         Debug: DNS cache lookup:  mail.thil.de  A (1)
spf_dns.c:62         Debug: DNS resolv lookup:  mail.thil.de  A (1)
spf_dns_resolv.c:207 Debug: msg id:             41727
spf_dns_resolv.c:208 Debug: ns_f_qr quest/resp: 1
spf_dns_resolv.c:209 Debug: ns_f_opcode:        0
spf_dns_resolv.c:210 Debug: ns_f_aa auth ans:   1
spf_dns_resolv.c:211 Debug: ns_f_tc truncated:  0
spf_dns_resolv.c:212 Debug: ns_f_rd rec desire: 1
spf_dns_resolv.c:213 Debug: ns_f_ra rec avail:  1
spf_dns_resolv.c:214 Debug: ns_f_rcode:         0
spf_dns_resolv.c:226 Debug: Answer:  1
spf_dns_resolv.c:244 Debug: name: mail.thil.de  type: 1  class: 1  ttl: 14400  rdlen: 4
spf_dns_resolv.c:258 Debug: A: 88.198.155.186
spf_dns.c:86         Debug: DNS resolv found:  mail.thil.de  A (1)  TTL: 0  RR found: 1  herrno: 0  source: resolv
spf_dns.c:86         Debug: DNS cache found:  mail.thil.de  A (1)  TTL: 0  RR found: 1  herrno: 0  source: resolv
spf_interpret.c:810  Debug: 0: found 1 A records for mail.thil.de  (herrno: 0)
spf_interpret.c:453  Debug: ip_match:  1.2.3.4 == 88.198.155.186  (/32 255.255.255.255):  0
Segmentation fault: 11 (core dumped)

gdb gives:
Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 100092]
0x00000008009351e4 in memset () from /lib/libc.so.6

How-To-Repeat: run
spfquery -ip=1.2.3.4 -sender=chris@thil.de
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2006-11-01 11:35:54 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->mnag

Over to maintainer
Comment 2 Christophe Thil 2006-11-10 19:43:54 UTC 
This bug seems to be known already. I found a Linux user who reported  
the same thing with AMD64 machines: http://article.gmane.org/ 
gmane.mail.spam.spf.devel/709/

As proposed, I changed the declarations from int to size_t, and now  
the bug seems to be gone.

Greetings,
Christophe
Comment 3 Marcus Alves Grando freebsd_committer freebsd_triage 2006-12-13 02:57:20 UTC 
State Changed
From-To: open->closed

Committed. Thanks!
Comment 4 dfilter service freebsd_committer freebsd_triage 2006-12-13 02:57:29 UTC 
mnag        2006-12-13 02:57:08 UTC

  FreeBSD ports repository

  Modified files:
    mail/libspf2         Makefile 
    mail/libspf2/files   patch-src_libspf2_spf__dns__resolv.c 
  Added files:
    mail/libspf2/files   patch-src__libspf2__spf_interpret.c 
  Log:
  - Fix SIGSEGV in amd64 using size_t instead of int. [1]
  - res_state has to be initialized before calling res_ninit(). [2]
  - Where res_ndestroy() is available, when thread is destroyed, we
    need to call res_ndestroy() instead of res_nclose(), to free the
    resource which is allocated by the resolver internally. [2]
  - portlint(1)
  - Bump PORTREVISION
  
  PR:             105001 [1]
  Submitted by:   Christophe Thil<chris___thil.de> [1], ume [2]
  
  Revision  Changes    Path
  1.10      +2 -2      ports/mail/libspf2/Makefile
  1.1       +13 -0     ports/mail/libspf2/files/patch-src__libspf2__spf_interpret.c (new)
  1.2       +86 -12    ports/mail/libspf2/files/patch-src_libspf2_spf__dns__resolv.c
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"