Debian Bug report logs - #720060
segfault after sending password

version graph

Package: mailutils-pop3d; Maintainer for mailutils-pop3d is Jordi Mallach <jordi@debian.org>; Source for mailutils-pop3d is src:mailutils.

Reported by: "Steve M. Robbins" <smr@debian.org>

Date: Sun, 18 Aug 2013 03:42:01 UTC

Severity: grave

Tags: patch

Found in version mailutils/1:2.99.98-1

Fixed in version mailutils/1:2.99.98-1.1

Done: Philipp Kern <pkern@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://savannah.gnu.org/bugs/index.php?39920

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Jordi Mallach <jordi@debian.org>:
Bug#720060; Package mailutils-pop3d. (Sun, 18 Aug 2013 03:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Steve M. Robbins" <smr@debian.org>:
New Bug report received and forwarded. Copy sent to Jordi Mallach <jordi@debian.org>. (Sun, 18 Aug 2013 03:42:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Steve M. Robbins" <smr@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: segfault after sending password
Date: Sat, 17 Aug 2013 22:38:40 -0500
Package: mailutils-pop3d
Version: 1:2.99.98-1
Severity: grave
File: /usr/sbin/pop3d

The pop3d daemon segfaults after receiving the USER and PASS commands.
This has been happening for quite some time, perhaps 6 months or more.

Running under gdb gives the following backtrace.

Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:213
213     ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
(gdb) bt
#0  __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:213
#1  0x00007ffff65d38a8 in ?? () from /usr/lib/libmailutils.so.4
#2  0x00007ffff65d2950 in mu_auth_runlist () from /usr/lib/libmailutils.so.4
#3  0x00007ffff65d3056 in mu_authenticate () from /usr/lib/libmailutils.so.4
#4  0x0000555555560aa1 in ?? ()
#5  0x000055555555ef83 in ?? ()
#6  0x000055555555f8a3 in ?? ()
#7  0x00007ffff54a3995 in __libc_start_main (main=0x55555555f3d4, argc=2, ubp_av=0x7fffffffe9d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe9c8) at libc-start.c:260
#8  0x000055555555b749 in ?? ()


I'll try to obtain a backtrace with debugging symbols.


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mailutils-pop3d depends on:
ii  libc6              2.17-92
ii  libgnutls26        2.12.23-5
ii  libgsasl7          1.8.0-2
ii  libkyotocabinet16  1.2.76-4
ii  libldap-2.4-2      2.4.31-1+nmu2
ii  libmailutils4      1:2.99.98-1
ii  libpam0g           1.1.3-9
ii  libwrap0           7.6.q-24
ii  mailutils-common   1:2.99.98-1
ii  netbase            5.1
ii  update-inetd       4.43

mailutils-pop3d recommends no packages.

mailutils-pop3d suggests no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Jordi Mallach <jordi@debian.org>:
Bug#720060; Package mailutils-pop3d. (Sun, 18 Aug 2013 04:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Steve M. Robbins" <steve@sumost.ca>:
Extra info received and forwarded to list. Copy sent to Jordi Mallach <jordi@debian.org>. (Sun, 18 Aug 2013 04:33:05 GMT) Full text and rfc822 format available.

Message #10 received at 720060@bugs.debian.org (full text, mbox):

From: "Steve M. Robbins" <steve@sumost.ca>
To: 720060@bugs.debian.org
Subject: The backtrace
Date: Sat, 17 Aug 2013 23:29:46 -0500
[Message part 1 (text/plain, inline)]
Hi,

Below is a backtrace (password masked).

Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:213
213     ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
(gdb) bt
#0  __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:213
#1  0x00007ffff65d38a8 in mu_authenticate_generic (return_data=0x0, key=0x5555557dd4d0, func_data=0x0, call_data=0x7fffffffe325) at system.c:108
#2  0x00007ffff65d2950 in mu_auth_runlist (flist=0x55555578bcd0, return_data=0x0, key=0x5555557dd4d0, data=0x7fffffffe325) at mu_auth.c:196
#3  0x00007ffff65d3056 in mu_authenticate (auth_data=0x5555557dd4d0, pass=0x7fffffffe325 "xxxxx") at mu_auth.c:297
#4  0x0000555555560be1 in pop3d_user (arg=0x7fffffffe5a5 "tanu", sess=0x7fffffffe590) at user.c:118
#5  0x000055555555f0c3 in pop3d_mainloop (ifd=0, ofd=1, tls=tls_no) at pop3d.c:426
#6  0x000055555555f9e3 in main (argc=1, argv=0x7fffffffe908) at pop3d.c:662

(gdb) up
#1  0x00007ffff65d38a8 in mu_authenticate_generic (return_data=0x0, key=0x5555557ded90, func_data=0x0, call_data=0x7fffffffe325) at system.c:108
108              && strcmp (auth_data->passwd, crypt (pass, auth_data->passwd)) == 0 ?
(gdb) p auth_data->passwd
$4 = 0x5555557dede5 "x"


Note that my system uses shadow passwords, hence the 'x'.

-Steve
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jordi Mallach <jordi@debian.org>:
Bug#720060; Package mailutils-pop3d. (Sun, 18 Aug 2013 05:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Steve M. Robbins" <steve@sumost.ca>:
Extra info received and forwarded to list. Copy sent to Jordi Mallach <jordi@debian.org>. (Sun, 18 Aug 2013 05:06:04 GMT) Full text and rfc822 format available.

Message #15 received at 720060@bugs.debian.org (full text, mbox):

From: "Steve M. Robbins" <steve@sumost.ca>
To: 720060@bugs.debian.org
Subject: patch for segfault
Date: Sun, 18 Aug 2013 00:02:50 -0500
[Message part 1 (text/plain, inline)]
So the immediate problem is that the crypt() call in system.c line 108 returns NULL, so
the strcmp() naturally segfaults.  Below is a patch to cure this issue.  The program now
just displays "-ERR Bad login" without a segfault.

What I don't yet understand is why mu_authenticate_generic() is used
rather than mu_authenticate_system().  The latter properly handles
shadow passwords.  It also has the same problematic construct that
doesn't handle the case that crypt() returns NULL so the patch below 
fixes that, too.


--- orig/mailutils-2.99.98/libmailutils/auth/system.c	2012-01-05 12:21:31.000000000 -0600
+++ mailutils-2.99.98/libmailutils/auth/system.c	2013-08-17 23:58:49.064170096 -0500
@@ -104,9 +104,17 @@
   if (!auth_data || !pass)
     return EINVAL;
   
-  return auth_data->passwd
-         && strcmp (auth_data->passwd, crypt (pass, auth_data->passwd)) == 0 ?
+  if (!auth_data->passwd)
+    return MU_ERR_AUTH_FAILURE;
+
+  {
+    char *crypt_pass = crypt (pass, auth_data->passwd);
+    if (!crypt_pass)
+      return MU_ERR_AUTH_FAILURE;
+
+    return strcmp (auth_data->passwd, crypt_pass) == 0 ?
           0 : MU_ERR_AUTH_FAILURE;
+  }
 }
 
 /* Called only if generic fails */
@@ -126,8 +134,11 @@
       struct spwd *spw;
       spw = getspnam (auth_data->name);
       if (spw)
-	return strcmp (spw->sp_pwdp, crypt (pass, spw->sp_pwdp)) == 0 ?
+	{
+	  char *crypt_pass = crypt (pass, spw->sp_pwdp);
+	  return crypt_pass && strcmp (spw->sp_pwdp, crypt_pass) == 0 ?
 	        0 : MU_ERR_AUTH_FAILURE;
+	}
     }
 #endif
   return MU_ERR_AUTH_FAILURE;
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jordi Mallach <jordi@debian.org>:
Bug#720060; Package mailutils-pop3d. (Sun, 18 Aug 2013 07:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Steve M. Robbins" <steve@sumost.ca>:
Extra info received and forwarded to list. Copy sent to Jordi Mallach <jordi@debian.org>. (Sun, 18 Aug 2013 07:21:04 GMT) Full text and rfc822 format available.

Message #20 received at 720060@bugs.debian.org (full text, mbox):

From: "Steve M. Robbins" <steve@sumost.ca>
To: 720060@bugs.debian.org
Subject: patch fixes the issue
Date: Sun, 18 Aug 2013 02:16:56 -0500
[Message part 1 (text/plain, inline)]
Hi again,

I was incorrect in my last message when I said that
mu_authenticate_system() is not called.  It is called.

The patch I provided completely fixes my problem.

-Steve
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Steve M. Robbins <smr@debian.org> to control@bugs.debian.org. (Sun, 18 Aug 2013 07:21:07 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'https://savannah.gnu.org/bugs/index.php?39920'. Request was from Steve M. Robbins <smr@debian.org> to control@bugs.debian.org. (Mon, 02 Sep 2013 02:45:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#720060; Package mailutils-pop3d. (Wed, 18 Sep 2013 08:51:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jordi Mallach <jordi@debian.org>:
Extra info received and forwarded to list. (Wed, 18 Sep 2013 08:51:10 GMT) Full text and rfc822 format available.

Message #29 received at 720060@bugs.debian.org (full text, mbox):

From: Jordi Mallach <jordi@debian.org>
To: "Steve M. Robbins" <steve@sumost.ca>, 720060@bugs.debian.org
Subject: Re: Bug#720060: patch fixes the issue
Date: Wed, 18 Sep 2013 10:41:44 +0200
Hi Steve,

On Sun, Aug 18, 2013 at 02:16:56AM -0500, Steve M. Robbins wrote:
> I was incorrect in my last message when I said that
> mu_authenticate_system() is not called.  It is called.
> 
> The patch I provided completely fixes my problem.

Sorry for the late reply, and many thanks for bug report, analysis and
patch!

I've added the patch to the SVN repository, and hopefully will upload soon.

I'll take care of forwarding this patch upstream, too.

Again, many thanks!

Jordi
-- 
Jordi Mallach PĂ©rez  --  Debian developer     http://www.debian.org/
jordi@sindominio.net     jordi@debian.org     http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/



Added tag(s) pending. Request was from Jordi Mallach <jordi@debian.org> to control@bugs.debian.org. (Wed, 18 Sep 2013 08:51:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Jordi Mallach <jordi@debian.org>:
Bug#720060; Package mailutils-pop3d. (Fri, 22 Nov 2013 19:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Kern <pkern@debian.org>:
Extra info received and forwarded to list. Copy sent to Jordi Mallach <jordi@debian.org>. (Fri, 22 Nov 2013 19:30:05 GMT) Full text and rfc822 format available.

Message #36 received at 720060@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: Jordi Mallach <jordi@debian.org>, 720060@bugs.debian.org
Cc: "Steve M. Robbins" <steve@sumost.ca>
Subject: Re: Bug#720060: patch fixes the issue
Date: Fri, 22 Nov 2013 20:21:11 +0100
[Message part 1 (text/plain, inline)]
Hi,

On Wed, Sep 18, 2013 at 10:41:44AM +0200, Jordi Mallach wrote:
> I've added the patch to the SVN repository, and hopefully will upload soon.

I uploaded the patch to DELAYED/3-days as this is a RC bug. Debdiff
attached.

Kind regards
Philipp Kern
[mailutils_2.99.98-1_2.99.98-1.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Reply sent to Philipp Kern <pkern@debian.org>:
You have taken responsibility. (Mon, 25 Nov 2013 19:51:10 GMT) Full text and rfc822 format available.

Notification sent to "Steve M. Robbins" <smr@debian.org>:
Bug acknowledged by developer. (Mon, 25 Nov 2013 19:51:10 GMT) Full text and rfc822 format available.

Message #41 received at 720060-close@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: 720060-close@bugs.debian.org
Subject: Bug#720060: fixed in mailutils 1:2.99.98-1.1
Date: Mon, 25 Nov 2013 19:49:25 +0000
Source: mailutils
Source-Version: 1:2.99.98-1.1

We believe that the bug you reported is fixed in the latest version of
mailutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 720060@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Philipp Kern <pkern@debian.org> (supplier of updated mailutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Nov 2013 20:09:51 +0100
Source: mailutils
Binary: libmailutils4 libmailutils-dev mailutils mailutils-common mailutils-imap4d mailutils-pop3d mailutils-comsatd mailutils-guile mailutils-mh python-mailutils mailutils-doc mailutils-dbg
Architecture: source all amd64
Version: 1:2.99.98-1.1
Distribution: unstable
Urgency: low
Maintainer: Jordi Mallach <jordi@debian.org>
Changed-By: Philipp Kern <pkern@debian.org>
Description: 
 libmailutils-dev - Development files for GNU mailutils
 libmailutils4 - GNU Mail abstraction library
 mailutils  - GNU mailutils utilities for handling mail
 mailutils-common - Common files for GNU mailutils
 mailutils-comsatd - GNU mailutils-based comsatd daemon
 mailutils-dbg - Debugging symbols for GNU mailutils
 mailutils-doc - Documentation files for GNU mailutils
 mailutils-guile - GNU mailutils Guile interpreter and modules
 mailutils-imap4d - GNU mailutils-based IMAP4 Daemon
 mailutils-mh - GNU mailutils-based MH utilities
 mailutils-pop3d - GNU mailutils-based POP3 Daemon
 python-mailutils - GNU Mail abstraction library (Python interface)
Closes: 720060
Changes: 
 mailutils (1:2.99.98-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add patch by Steve M. Robbins to fix a crash upon authentication.
     (Closes: #720060)
Checksums-Sha1: 
 f9c0b315347a851706d24dda49ada22e34a2dd35 2515 mailutils_2.99.98-1.1.dsc
 4978a0417b7cd3851138130ce298530d8faddcdd 32588 mailutils_2.99.98-1.1.debian.tar.gz
 5db2db234dc1138bad86084e7e7b539b4dc842b5 597342 mailutils-common_2.99.98-1.1_all.deb
 79d43ff0c3437a1ac8122c32b874b4ae595bde67 661138 mailutils-doc_2.99.98-1.1_all.deb
 da434aa20a6fb551e95cb2b71c98d3c011283958 758340 libmailutils4_2.99.98-1.1_amd64.deb
 55b0e84478cb6374a77d37cf778118eb0be596c7 452380 libmailutils-dev_2.99.98-1.1_amd64.deb
 85c37b6f2a8e3f008a6788414f14daf618658805 606192 mailutils_2.99.98-1.1_amd64.deb
 569752133335e0562bab7554b5a2b19d93cc007b 452672 mailutils-imap4d_2.99.98-1.1_amd64.deb
 697f2435f85db3d487efb02700adbade4062a860 435296 mailutils-pop3d_2.99.98-1.1_amd64.deb
 2472bd4cf8dc475c2cbfb35caa02584ea38a3a78 415966 mailutils-comsatd_2.99.98-1.1_amd64.deb
 aae34ffd7d1a29cd34f0d5865d4af074460b46d5 405526 mailutils-guile_2.99.98-1.1_amd64.deb
 0a9972bfcb872d1248c5aba9026b493e15e88308 799840 mailutils-mh_2.99.98-1.1_amd64.deb
 b4d9ce481412c796d050cd9f96fbdcae3d5294fa 397242 python-mailutils_2.99.98-1.1_amd64.deb
 7927e8a1a9c37154313d02bbad6a6815d76d1c98 2903456 mailutils-dbg_2.99.98-1.1_amd64.deb
Checksums-Sha256: 
 2bdafba4500abff788ef06b935ca22af2de4c20c3d5624cb5ab1616dce0f5864 2515 mailutils_2.99.98-1.1.dsc
 308e4a08a12fbbd94e6b5285297206a297d74b2f225bdd6578bff9c7290d389a 32588 mailutils_2.99.98-1.1.debian.tar.gz
 c4ee876dfe0912225b27a202e31a4113007b7c28fcc15b4f08f2ef81003b1035 597342 mailutils-common_2.99.98-1.1_all.deb
 e0757575d7ebddf145b9d2785f30d2cb5bc915e1b9afcb187a7f7eee45b5d5c8 661138 mailutils-doc_2.99.98-1.1_all.deb
 4cae1906ba92167c3b7888e73c2d28aaeaf6a201fb7e26ae2718da874160ad1d 758340 libmailutils4_2.99.98-1.1_amd64.deb
 39e85f059cfcff9b78cd00c336662bc9d60bfe59267cb938b92b3985eb23ccf2 452380 libmailutils-dev_2.99.98-1.1_amd64.deb
 08974c2bec656ae197a5bf0315b238124fd5efc6de442851c60c96e8775b9948 606192 mailutils_2.99.98-1.1_amd64.deb
 e554b4c2259e2e65e1562f78bd0b311d948d7c366f53a915579284a08442b500 452672 mailutils-imap4d_2.99.98-1.1_amd64.deb
 bc4c81eccca31267c1f3178b64924affd5fd154accd35f0e156b9cb60bf5890c 435296 mailutils-pop3d_2.99.98-1.1_amd64.deb
 db038cd1e10eca7f8f4b9327d7527edeea023c5f1d16872c0fd6ba3338104459 415966 mailutils-comsatd_2.99.98-1.1_amd64.deb
 3ea18604adbb5322e63c6e63061d3b2dea7c729b32dc6902296e0f8a9fc11410 405526 mailutils-guile_2.99.98-1.1_amd64.deb
 702fc0ff6fda6bd17e3f65b9ccb09e2d36d84df19f747fcdc79645c661020d0d 799840 mailutils-mh_2.99.98-1.1_amd64.deb
 9c309a0a3c2f412b5d80e58b5dabdcef96a0a53b9ce67ef68eaf37f1edd3e5ed 397242 python-mailutils_2.99.98-1.1_amd64.deb
 0b8155312ffe0acf265356f25facf6f6d160346da188ada0f120180056bee628 2903456 mailutils-dbg_2.99.98-1.1_amd64.deb
Files: 
 bf7b1d338e091b6a01e70917f05e5897 2515 mail optional mailutils_2.99.98-1.1.dsc
 25cf4b297f4b1b005c7286b7b18beee1 32588 mail optional mailutils_2.99.98-1.1.debian.tar.gz
 a29ce80dbdcb8d786f5eb471eb83686a 597342 mail optional mailutils-common_2.99.98-1.1_all.deb
 920fc6d2287b65c41403d2129ce6162b 661138 doc optional mailutils-doc_2.99.98-1.1_all.deb
 0c2bcb4facc7871ece88125c817a4944 758340 libs optional libmailutils4_2.99.98-1.1_amd64.deb
 60fc339ac18d8f251e50cfc6ab46606c 452380 libdevel optional libmailutils-dev_2.99.98-1.1_amd64.deb
 edd4d34ba1d016a154876b8e4a760811 606192 mail optional mailutils_2.99.98-1.1_amd64.deb
 55cbf63cac0d0006909d61e7083f9b69 452672 net optional mailutils-imap4d_2.99.98-1.1_amd64.deb
 f8028715781f2aa47be746940c78fdad 435296 net optional mailutils-pop3d_2.99.98-1.1_amd64.deb
 812a6fb36393fef3f098a0de1c0b0ff7 415966 net optional mailutils-comsatd_2.99.98-1.1_amd64.deb
 209c0b46b76638b48e22f5aca3e291c7 405526 mail optional mailutils-guile_2.99.98-1.1_amd64.deb
 2eaa9c2a02d12fd20005923054d63a26 799840 mail optional mailutils-mh_2.99.98-1.1_amd64.deb
 cbfaa45d4baa413280dd0eeb1b8ac532 397242 python optional python-mailutils_2.99.98-1.1_amd64.deb
 689bf841f61df3b9882bc10be1ec5b1a 2903456 debug extra mailutils-dbg_2.99.98-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBCAAGBQJSj638AAoJEERuJUU10FbsFgcH/iKQOQFbt4u9WHJhA6szGvZH
G1HawOUtXBCpbedHLqMKHxMvvs/+iRmCnmZ5XQm8qMADiD7k3rn1bc4G5B0kbLts
hzMKa8MiqNmIFl0qBNlQXnabV5YwG9Zo4F74iI5HfoeVK2pwu3UhCvurzjiOZdS3
zEA1lPl/jLusjyoEedL9Iudmy7oDhs/sBXksf8ZLlxQRPCMLsVzM2s6cRsxEuAlr
lkICL3JMDGRzpzbSikYgQJCNeODz0ZENBewjO1/KQ4FJRLSYuF3fvf9d5YtQ2gMV
0CXaNlP019+/WSq25YU+4dLNu2B50A4IBwIjGSNPNIYNFsOeAcX2PtcV+GThbmw=
=TtLv
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 31 Dec 2013 07:42:33 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 06:23:11 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.