Re: PATCH: smtpd/tls segfault with smtpd_tls_loglevel >= 3

Mon, 07 Feb 2011 07:34:15 -0800 

Hi,

Am 07.02.2011 um 15:39 schrieb Wietse Venema:

> Wietse Venema:
>> Christian Roessner:
>>> I double checked that cacert.org's cert is in that path as well
>>> and that the c_hash exists, too. I did not find an answer and so
>>> I only changed the log level of smtpd_tls_loglevel = 1 to 3. This
>>> brought the segfault and this in the logs:
>>> 
>>> Feb  6 19:11:54 mx postfix/master[14500]: warning: process 
>>> /usr/lib/postfix/smtpd pid 14526 killed by signal 11
>>> Feb  6 19:13:15 mx postfix/master[14736]: warning: process 
>>> /usr/lib/postfix/smtpd pid 14784 killed by signal 11
>>> 
>> 
>> That's easy enough to verify with default configuration and
>> 
>>    openssl s_client -starttls smtp -connect 127.0.0.1:25
>> 
>> For now, just don't set smtpd_tls_loglevel >= 3.
> 
> Or apply the patch below (Postfix 2.8 and later).
> 
Patch applied:

Feb  7 16:25:55 mx postfix/tlsproxy[10233]: initializing the server-side TLS 
engine
Feb  7 16:25:55 mx postfix/tlsproxy[10233]: CONNECT from [127.0.0.1]:41711
Feb  7 16:25:55 mx postfix/tlsproxy[10233]: setting up TLS connection from 
[127.0.0.1]:41711
Feb  7 16:25:55 mx postfix/tlsproxy[10233]: [127.0.0.1]:41711: TLS cipher list 
"ALL:+RC4:@STRENGTH"
Feb  7 16:25:55 mx postfix/master[9964]: warning: process 
/usr/lib/postfix/tlsproxy pid 10233 killed by signal 11
Feb  7 16:26:18 mx postfix/smtpd[10367]: initializing the server-side TLS engine
Feb  7 16:26:18 mx postfix/smtpd[10367]: connect from 
dslb-088-068-165-221.pools.arcor-ip.net[88.68.165.221]
Feb  7 16:26:18 mx postfix/smtpd[10368]: initializing the server-side TLS engine
Feb  7 16:26:18 mx postfix/smtpd[10368]: connect from unknown[193.239.104.18]
Feb  7 16:26:18 mx postfix/smtpd[10368]: setting up TLS connection from 
unknown[193.239.104.18]
Feb  7 16:26:18 mx postfix/smtpd[10368]: unknown[193.239.104.18]: TLS cipher 
list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Feb  7 16:26:18 mx postfix/master[9964]: warning: process 
/usr/lib/postfix/smtpd pid 10368 killed by signal 11
Feb  7 16:26:18 mx postfix/master[9964]: warning: /usr/lib/postfix/smtpd: bad 
command startup -- throttling
Feb  7 16:26:18 mx postfix/smtpd[10367]: setting up TLS connection from 
dslb-088-068-165-221.pools.arcor-ip.net[88.68.165.221]
Feb  7 16:26:18 mx postfix/smtpd[10367]: 
dslb-088-068-165-221.pools.arcor-ip.net[88.68.165.221]: TLS cipher list 
"ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Feb  7 16:26:18 mx postfix/master[9964]: warning: process 
/usr/lib/postfix/smtpd pid 10367 killed by signal 11
Feb  7 16:26:18 mx postfix/smtpd[10193]: connect from 
dslb-088-068-165-221.pools.arcor-ip.net[88.68.165.221]
Feb  7 16:26:18 mx postfix/smtpd[10193]: setting up TLS connection from 
dslb-088-068-165-221.pools.arcor-ip.net[88.68.165.221]
Feb  7 16:26:18 mx postfix/smtpd[10193]: 
dslb-088-068-165-221.pools.arcor-ip.net[88.68.165.221]: TLS cipher list 
"ALL:+RC4:@STRENGTH"
Feb  7 16:26:18 mx postfix/master[9964]: warning: process 
/usr/lib/postfix/smtpd pid 10193 killed by signal 11
Feb  7 16:26:41 mx postfix/tlsproxy[10435]: initializing the server-side TLS 
engine
Feb  7 16:26:41 mx postfix/tlsproxy[10435]: CONNECT from [127.0.0.1]:41778
Feb  7 16:26:41 mx postfix/tlsproxy[10435]: setting up TLS connection from 
[127.0.0.1]:41778
Feb  7 16:26:41 mx postfix/tlsproxy[10435]: [127.0.0.1]:41778: TLS cipher list 
"ALL:+RC4:@STRENGTH"
Feb  7 16:26:41 mx postfix/master[9964]: warning: process 
/usr/lib/postfix/tlsproxy pid 10435 killed by signal 11



And:
[1660694.703414] tlsproxy[10435]: segfault at 8 ip 00007f3ab6f92620 sp 
00007fff5f99de08 error 6 in libcrypto.so.0.9.8[7f3ab6ed2000+168000]
[1660730.381308] smtpd[10545]: segfault at 8 ip 00007fac70890620 sp 
00007fffccd97ce8 error 6 in libcrypto.so.0.9.8[7fac707d0000+168000]
[1660743.542428] smtpd[10556]: segfault at 8 ip 00007fb04c381620 sp 
00007fffd2b07198 error 6 in libcrypto.so.0.9.8[7fb04c2c1000+168000]
[1660743.742590] smtpd[10557]: segfault at 8 ip 00007f9752c12620 sp 
00007fff297ac138 error 6 in libcrypto.so.0.9.8[7f9752b52000+168000]


Now tlsproxy segfaults, too.

I do debugging tonight...

Christian


---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com

Attachment: PGP.sig
Description: Signierter Teil der Nachricht

Reply via email to