248271 – mail/postfix: smtpd dies with segmentation fault after updating to 3.5.5

Bug 248271 - mail/postfix: smtpd dies with segmentation fault after updating to 3.5.5

Summary: mail/postfix: smtpd dies with segmentation fault after updating to 3.5.5

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Olli Hauer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-07-26 06:14 UTC by Yasuhiro Kimura
Modified:	2020-07-26 20:28 UTC (History)
CC List:	5 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ohauer)

Attachments
Comment 2 patch for the port (1.29 KB, patch) 2020-07-26 17:39 UTC, Guido Falsi	no flags	Details \| Diff
Patch importing upstream fix (1.58 KB, patch) 2020-07-26 18:03 UTC, Guido Falsi	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yasuhiro Kimura freebsd_committer

2020-07-26 06:14:59 UTC

After updating mail/postfix to 3.5.5 smtpd dies with segmentation fault as following.

Jul 26 12:02:14 eastasia postfix/smtpd[94926]: connect from maybe.home.utahime.org[192.168.174.201]
Jul 26 12:02:14 eastasia postfix/smtpd[94926]: SSL_accept error from maybe.home.utahime.org[192.168.174.201]: -1
Jul 26 12:02:14 eastasia postfix/smtpd[94926]: warning: TLS library problem: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 42:
Jul 26 12:02:14 eastasia postfix/master[93317]: warning: process /usr/local/libexec/postfix/smtpd pid 94926 killed by signal 11

If I go back to 3.5.4 then problem disappears.

root@eastasia[602]# uname -a
FreeBSD eastasia.home.utahime.org 12.1-RELEASE-p7 FreeBSD 12.1-RELEASE-p7 GENERIC  amd64
root@eastasia[603]#

Comment 1 Herbert J. Skuhra 2020-07-26 07:34:44 UTC

Yes, I have the same issue and I already reported this to ohauer@ and Wietse. They can't reproduce this issue or say more or less all is fine.

At the moment I run postfix-3.5.5 with reverting the following change:

diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 94e356b4..5022ff8b 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -923,7 +923,6 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
        if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef)
            locl_sig_dgst = OBJ_nid2sn(nid);
 
-       X509_free(cert);
     }
     /* Signature algorithms for the peer end of the connection */
     if ((cert = SSL_get_peer_certificate(ssl)) != 0) {

Maybe not the proper solution but it works.

Comment 2 Christos Chatzaras 2020-07-26 13:32:04 UTC

I have the same issue:

https://marc.info/?l=postfix-users&m=159576254217400&w=2

And the logs are full of these messages:

postfix/master[83315]: warning: process /usr/local/libexec/postfix/smtpd pid 53056 killed by signal 11

Comment 3 Guido Falsi freebsd_committer

2020-07-26 17:23:09 UTC

Hi,

I updated to 3.5.5 right now and am seeing this too.

Maybe I'll test the patch suggested by Herbert in comment #1

Comment 4 Herbert J. Skuhra 2020-07-26 17:29:38 UTC

Wietse posted a fix:

https://marc.info/?l=postfix-users&m=159578436822974&w=2

Comment 5 Guido Falsi freebsd_committer

2020-07-26 17:39:45 UTC

Created attachment 216783 [details]
Comment 2 patch for the port

I can confirm the fix suggested in comment #2 makes the problem disappear.

I'm attaching a patch to the port which applies such a fix.

Comment 6 Guido Falsi freebsd_committer

2020-07-26 17:40:20 UTC

(In reply to Herbert J. Skuhra from comment #4)

Oh, great, I'll update my patch.

Comment 7 Guido Falsi freebsd_committer

2020-07-26 18:03:42 UTC

Created attachment 216786 [details]
Patch importing upstream fix

Comment 8 Yasuhiro Kimura freebsd_committer

2020-07-26 18:43:59 UTC

(In reply to Guido Falsi from comment #7)

Thank you for patch. It works fine for me.

Comment 9 commit-hook freebsd_committer

2020-07-26 19:19:15 UTC

A commit references this bug:

Author: ohauer
Date: Sun Jul 26 19:18:55 UTC 2020
New revision: 543491
URL: https://svnweb.freebsd.org/changeset/ports/543491

Log:
  - update to 3.5.6

  20200726
    Bugfix (introduced: Postfix 3.5.5): part of a memory leak
    fix was backported to the wrong place. File: tls/tls_misc.c.

    The Postfix 3.5.5 workaround did not explicitly override
    the system-wide OpenSSL configuration of allowed TLS protocol
    versions, for sessions where the remote SMTP client sends
    SNI. It's better to be safe than sorry. File: tls/tls_server.c.

  PR:		248271
  Reported by:	many

Changes:
  head/mail/postfix/Makefile
  head/mail/postfix/distinfo

Comment 10 Olli Hauer freebsd_committer

2020-07-26 19:27:51 UTC

Thanks to all reporters!

Wietse rolled a new release (3.5.6) which is now available in the ports tree

Comment 11 Andre Rikkert de Koe - ARK-ICT 2020-07-26 20:28:24 UTC

(In reply to Olli Hauer from comment #10)

thank you for committing the fix.