Bug 248271 - mail/postfix: smtpd dies with segmentation fault after updating to 3.5.5
Summary: mail/postfix: smtpd dies with segmentation fault after updating to 3.5.5
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Olli Hauer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-26 06:14 UTC by Yasuhiro KIMURA
Modified: 2020-07-26 20:28 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (ohauer)


Attachments
Comment 2 patch for the port (1.29 KB, patch)
2020-07-26 17:39 UTC, Guido Falsi
no flags Details | Diff
Patch importing upstream fix (1.58 KB, patch)
2020-07-26 18:03 UTC, Guido Falsi
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro KIMURA 2020-07-26 06:14:59 UTC
After updating mail/postfix to 3.5.5 smtpd dies with segmentation fault as following.

Jul 26 12:02:14 eastasia postfix/smtpd[94926]: connect from maybe.home.utahime.org[192.168.174.201]
Jul 26 12:02:14 eastasia postfix/smtpd[94926]: SSL_accept error from maybe.home.utahime.org[192.168.174.201]: -1
Jul 26 12:02:14 eastasia postfix/smtpd[94926]: warning: TLS library problem: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 42:
Jul 26 12:02:14 eastasia postfix/master[93317]: warning: process /usr/local/libexec/postfix/smtpd pid 94926 killed by signal 11

If I go back to 3.5.4 then problem disappears.

root@eastasia[602]# uname -a
FreeBSD eastasia.home.utahime.org 12.1-RELEASE-p7 FreeBSD 12.1-RELEASE-p7 GENERIC  amd64
root@eastasia[603]#
Comment 1 Herbert J. Skuhra 2020-07-26 07:34:44 UTC
Yes, I have the same issue and I already reported this to ohauer@ and Wietse. They can't reproduce this issue or say more or less all is fine.

At the moment I run postfix-3.5.5 with reverting the following change:

diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 94e356b4..5022ff8b 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -923,7 +923,6 @@ void    tls_get_signature_params(TLS_SESS_STATE *TLScontext)
        if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef)
            locl_sig_dgst = OBJ_nid2sn(nid);
 
-       X509_free(cert);
     }
     /* Signature algorithms for the peer end of the connection */
     if ((cert = SSL_get_peer_certificate(ssl)) != 0) {

Maybe not the proper solution but it works.
Comment 2 Christos Chatzaras 2020-07-26 13:32:04 UTC
I have the same issue:

https://marc.info/?l=postfix-users&m=159576254217400&w=2

And the logs are full of these messages:

postfix/master[83315]: warning: process /usr/local/libexec/postfix/smtpd pid 53056 killed by signal 11
Comment 3 Guido Falsi freebsd_committer 2020-07-26 17:23:09 UTC
Hi,

I updated to 3.5.5 right now and am seeing this too.

Maybe I'll test the patch suggested by Herbert in comment #1
Comment 4 Herbert J. Skuhra 2020-07-26 17:29:38 UTC
Wietse posted a fix:

https://marc.info/?l=postfix-users&m=159578436822974&w=2
Comment 5 Guido Falsi freebsd_committer 2020-07-26 17:39:45 UTC
Created attachment 216783 [details]
Comment 2 patch for the port

I can confirm the fix suggested in comment #2 makes the problem disappear.

I'm attaching a patch to the port which applies such a fix.
Comment 6 Guido Falsi freebsd_committer 2020-07-26 17:40:20 UTC
(In reply to Herbert J. Skuhra from comment #4)

Oh, great, I'll update my patch.
Comment 7 Guido Falsi freebsd_committer 2020-07-26 18:03:42 UTC
Created attachment 216786 [details]
Patch importing upstream fix
Comment 8 Yasuhiro KIMURA 2020-07-26 18:43:59 UTC
(In reply to Guido Falsi from comment #7)

Thank you for patch. It works fine for me.
Comment 9 commit-hook freebsd_committer 2020-07-26 19:19:15 UTC
A commit references this bug:

Author: ohauer
Date: Sun Jul 26 19:18:55 UTC 2020
New revision: 543491
URL: https://svnweb.freebsd.org/changeset/ports/543491

Log:
  - update to 3.5.6

  20200726
    Bugfix (introduced: Postfix 3.5.5): part of a memory leak
    fix was backported to the wrong place. File: tls/tls_misc.c.

    The Postfix 3.5.5 workaround did not explicitly override
    the system-wide OpenSSL configuration of allowed TLS protocol
    versions, for sessions where the remote SMTP client sends
    SNI. It's better to be safe than sorry. File: tls/tls_server.c.

  PR:		248271
  Reported by:	many

Changes:
  head/mail/postfix/Makefile
  head/mail/postfix/distinfo
Comment 10 Olli Hauer freebsd_committer 2020-07-26 19:27:51 UTC
Thanks to all reporters!

Wietse rolled a new release (3.5.6) which is now available in the ports tree
Comment 11 Andre Rikkert de Koe - ARK-ICT 2020-07-26 20:28:24 UTC
(In reply to Olli Hauer from comment #10)

thank you for committing the fix.