#992997 milter-greylist: segfault in libGeoIP

Package:
milter-greylist
Source:
milter-greylist
Description:
Greylist milter for sendmail
Submitter:
Bjørn Mork
Date:
2021-09-13 15:45:03 UTC
Severity:
normal
#992997#5
Date:
2021-08-26 06:09:40 UTC
From:
To:
Seeing lots of these after upgrading til bullseye:

Aug 23 22:12:23 louie kernel: milter-greylist[192919]: segfault at 28 ip 00007fbaf22fe8d9 sp 00007fbaee77c670 error 4 in libGeoIP.so.1.6.12[7fbaf22fc000+1b000]
Aug 23 22:12:23 louie kernel: Code: 90 e9 6b d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 8f 00 00 00 41 54 49 89 d4 53 48 89 fb 48 89 f7 48 83 ec 08 <0f> be 43 28 3c 0c 74 4f 3c 12 74 4b 48 8b 3d cc 26 03 00 48 8d 35
Aug 24 22:45:40 louie kernel: milter-greylist[217578]: segfault at 28 ip 00007fcc2deb78d9 sp 00007fcc2a335670 error 4 in libGeoIP.so.1.6.12[7fcc2deb5000+1b000]
Aug 24 22:45:40 louie kernel: Code: 90 e9 6b d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 8f 00 00 00 41 54 49 89 d4 53 48 89 fb 48 89 f7 48 83 ec 08 <0f> be 43 28 3c 0c 74 4f 3c 12 74 4b 48 8b 3d cc 26 03 00 48 8d 35
Aug 25 22:10:57 louie kernel: milter-greylist[240196]: segfault at 28 ip 00007f525900a8d9 sp 00007f5255c89670 error 4 in libGeoIP.so.1.6.12[7f5259008000+1b000]
Aug 25 22:10:57 louie kernel: Code: 90 e9 6b d8 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 8f 00 00 00 41 54 49 89 d4 53 48 89 fb 48 89 f7 48 83 ec 08 <0f> be 43 28 3c 0c 74 4f 3c 12 74 4b 48 8b 3d cc 26 03 00 48 8d 35

Doesn't look too good, given that it's probably triggered by mail contents
somehow.


Bjørn
#992997#10
Date:
2021-08-30 21:21:57 UTC
From:
To:
Hi Bjørn,

I just updated the package to latest 4.6.4, can you please try with that
and check if you still get the same problem. If you still the same problem
the a coredump or some way to reproduce the problem will be needed.
#992997#15
Date:
2021-09-01 07:11:30 UTC
From:
To:
Sudip Mukherjee <sudipm.mukherjee@gmail.com> writes:
you may close this bug as you find appropriate.

Looking at the upstream changelog I noticted this entry under 4.6.3:
        ..
        Fix crash when GeoIP for IPv6 is not configured (Paul Howarth)

And that could very well have been the issue.  The server is dual-stack,
but I only had

 geoipdb "/usr/share/GeoIP/GeoIP.dat"

in /etc/milter-greylist/greylist.conf and no geoipv6db entry.



Bjørn
#992997#20
Date:
2021-09-13 15:40:17 UTC
From:
To:
Hello Bjørn, hello Sudip,
I just tried to locate the line where the crash happens from
the dmesg output and got to this location [1].

Unfortunately the CVS tree seems not up to date or I was using the wrong one.
At least there was a change in geoip.c in line 166 [2] [3].

Kind regards,
Bernhard

[1] https://sources.debian.org/src/geoip/1.6.12-7/libGeoIP/GeoIP.c/#L2038
[2] https://sources.debian.org/src/milter-greylist/4.6.2-3/geoip.c/#L166
[3] https://sources.debian.org/src/milter-greylist/4.6.4-1/geoip.c/#L166