[pfx] PATCH: Segfault with Postfix 3.10

Sun, 16 Feb 2025 10:12:02 -0800 

Omer Guven narrowed down the problem to one speicific email address
in the SANS emaiol security test message:

>>> measurem...@mail-mtasts-rn-mult-ivv.measurement.email-security-scans.org

I was able reproduce a crash sending mail to that address, without
needing any smtp_tls_policy_maps plugin stuff.

Logging:
Feb 16 12:50:13 wzv postfix/qmgr[137286]: 4Ywtbn0HJSzCfhg: 
from=<r...@porcupine.org>, size=261, nrcpt=1 (queue active)
Feb 16 12:50:16 wzv postfix/smtp[137584]: server certificate verification 
failed for tls-invalid.measurement.email-security-scans.org[195.191.197.90]:25: 
certificate has expired
Feb 16 12:50:16 wzv postfix/qmgr[137286]: warning: private/smtp socket: 
malformed response
Feb 16 12:50:16 wzv postfix/master[98891]: warning: process 
/usr/libexec/postfix/smtp.valgrind pid 137581 exit status 139

Valgrind:
==137584==    at 0x492B6C1: vbuf_print (vbuf_print.c:266)
==137584==    by 0x49315B1: vstring_vsprintf (vstring.c:637)
==137584==    by 0x4922F6E: msg_vprintf (msg_output.c:167)
==137584==    by 0x4922842: vmsg_info (msg.c:210)
==137584==    by 0x492281A: msg_info (msg.c:204)
==137584==    by 0x4889697: trw_report_failure (tlsrpt_wrapper.c:564)
==137584==    by 0x4879BDE: tls_log_verify_error (tls_verify.c:316)
==137584==    by 0x487D779: verify_x509 (tls_client.c:370)

This appears the result of a typo in the TLRPT client adapter:

tls_verify.c:
    314 #ifdef USE_TLSRPT
    315         if (tlsrpt)
    316             trw_report_failure(tlsrpt, TLSRPT_CERTIFICATE_EXPIRED,
    317                                 /* additional_info= */ (char *) 0,
    318                                 /* failure_code= */ (char *) 8);
    319 #endif

Where the '8' should be '0'. On my system the two look too similar. 

And now it passes:

Feb 16 13:00:08 wzv postfix/qmgr[137286]: 4Ywtbn0HJSzCfhg: 
from=<r...@porcupine.org>, size=261, nrcpt=1 (queue active)
Feb 16 13:00:11 wzv postfix/smtp[140478]: server certificate verification 
failed for tls-invalid.measurement.email-security-scans.org[195.191.197.90]:25: 
certificate has expired
Feb 16 13:00:11 wzv postfix/smtp[140478]: TLSRPT: status=failure, 
domain=mail-mtasts-rn-mult-ivv.measurement.email-security-scans.org, 
receiving_mx=tls-invalid.measurement.email-security-scans.org[195.191.197.90], 
failure_type=certificate_expired
Feb 16 13:00:11 wzv postfix/smtp[140478]: Untrusted TLS connection established 
to tls-invalid.measurement.email-security-scans.org[195.191.197.90]:25: TLSv1.3 
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 
server-signature RSA-PSS (4096 bits) server-digest SHA256
Feb 16 13:00:11 wzv postfix/smtp[140478]: 4Ywtbn0HJSzCfhg: Server certificate 
not verified
Feb 16 13:00:12 wzv postfix/smtp[140478]: certificate verification failed for 
tls-force.measurement.email-security-scans.org[195.191.197.89]:25: untrusted 
issuer /C=US/O=Internet Security Research Group/CN=ISRG Root X1
Feb 16 13:00:12 wzv postfix/smtp[140478]: TLSRPT: status=failure, 
domain=mail-mtasts-rn-mult-ivv.measurement.email-security-scans.org, 
receiving_mx=tls-force.measurement.email-security-scans.org[195.191.197.89], 
failure_type=validation_failure, 
failure_reason=unable_to_get_local_issuer_certificate
Feb 16 13:00:12 wzv postfix/smtp[140478]: Untrusted TLS connection established 
to tls-force.measurement.email-security-scans.org[195.191.197.89]:25: TLSv1.3 
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 
server-signature RSA-PSS (4096 bits) server-digest SHA256
Feb 16 13:00:12 wzv postfix/smtp[140478]: 4Ywtbn0HJSzCfhg: 
to=<measurem...@mail-mtasts-rn-mult-ivv.measurement.email-security-scans.org>, 
relay=tls-force.measurement.email-security-scans.org[195.191.197.89]:25, 
delay=599, delays=596/1.5/2.1/0, dsn=4.7.5, status=deferred (Server certificate 
not verified)

There are no other instances of this typo in Postfix source code.

        Wietse

--- /var/tmp/postfix-3.10-20250215/src/tls/tls_verify.c 2024-09-22 
09:34:08.000000000 -0400
+++ ./src/tls/tls_verify.c      2025-02-16 12:57:23.637983443 -0500
@@ -315,7 +315,7 @@
        if (tlsrpt)
            trw_report_failure(tlsrpt, TLSRPT_CERTIFICATE_EXPIRED,
                                /* additional_info= */ (char *) 0,
-                               /* failure_code= */ (char *) 8);
+                               /* failure_code= */ (char *) 0);
 #endif
        break;
     case X509_V_ERR_INVALID_PURPOSE:
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to