Bug#812585: exim4: Exim crashing when comparing password created with "htpaswwd" without "-d" -- segmentation fault.

Mon, 25 Jan 2016 02:45:50 -0800 

Package: exim4
Version: 4.84-8+deb8u2
Severity: important
Tags: upstream

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

Here's the script to reproduce error: 

        #!/bin/bash 

        exec 2>&1

        printf '' >/tmp/mypassfile
        echo "fooboo" | htpasswd -d -i /tmp/mypassfile john1 
        echo "fooboo" | htpasswd    -i /tmp/mypassfile john2
        echo "xxxyyy" | htpasswd -d -i /tmp/mypassfile john3
        echo "xxxyyy" | htpasswd    -i /tmp/mypassfile john4
        cat /tmp/mypassfile
        printf "\n\n"

        for u in john1 john2 john3 john4; do 
                for p in fooboo xxxyyy; do 
                        echo "user=$u, pass=$p"
                                             exim -be 
'${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}'
                        exim -be '${if 
crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and 
suceed}{ok but failed}}'
                        echo
                done
        done 

and heres my output: 

        Adding password for user john1
        Adding password for user john2
        Adding password for user john3
        Adding password for user john4
        john1:Wob0SnzzkZiR6
        john2:$apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
        john3:Bvn4WIUEUqpK6
        john4:$apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1


        user=john1, pass=fooboo
        Wob0SnzzkZiR6
        ok and suceed

        user=john1, pass=xxxyyy
        Wob0SnzzkZiR6
        ok but failed

        user=john2, pass=fooboo
        $apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
        ./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28257 
Segmentation fault      exim -be '${if 
crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and 
suceed}{ok but failed}}'

        user=john2, pass=xxxyyy
        $apr1$4ONta6/3$ST0PLD7TaDxfYEnSbPpoy1
        ./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28261 
Segmentation fault      exim -be '${if 
crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and 
suceed}{ok but failed}}'

        user=john3, pass=fooboo
        Bvn4WIUEUqpK6
        ok but failed

        user=john3, pass=xxxyyy
        Bvn4WIUEUqpK6
        ok and suceed

        user=john4, pass=fooboo
        $apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
        ./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28273 
Segmentation fault      exim -be '${if 
crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and 
suceed}{ok but failed}}'

        user=john4, pass=xxxyyy
        $apr1$4hCz.Hp.$HhHC6yULqW1TEUGuC0bsS1
        ./reproduce_exim_segmentation_fault_on_crypteq: line 14: 28279 
Segmentation fault      exim -be '${if 
crypteq{'"$p"'}{${lookup{'"$u"'}lsearch{/tmp/mypassfile}{$value}{*}}}{ok and 
suceed}{ok but failed}}'




*** End of the template - remove these template lines ***


-- Package-specific info:
Exim version 4.84 #3 built 15-Dec-2015 04:18:37
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM PRDR OCSP
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='smarthost'
dc_other_hostnames='dubielvitrum.pl'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.18.0/24'
dc_smarthost='mail.dubielvitrum.pl'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:dubielvitrum.pl

-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  exim4-base             4.84-8+deb8u2
ii  exim4-daemon-light     4.84-8+deb8u2

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

Reply via email to