<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>

<div class="content">

<p class="details" style="font-style: italic; color: #666;">

<a href="https://gitlab.com/tobhe" style="color: #1068bf;">Tobias Heider</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1374" style="color: #1068bf;">#1374</a>

</p>

<div class="md" style="color: #303030; word-wrap: break-word;">

<p dir="auto" style="color: #303030; margin: 0 0 16px;" align="initial">This issue was originally reported in the Ubuntu bug tracker, I am forwarding it here since it looks like it might be an upstream GnuTLS bug. <a href="https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214" rel="nofollow noreferrer noopener" target="_blank" style="color: #1068bf; margin-top: 0;">Original report</a>.</p>

<blockquote dir="auto" style="color: #7f8fa4; font-size: inherit; border-left-color: #eaeaea; border-left-style: solid; margin: 16px 0; padding: 8px 24px; border-width: 0 0 0 3px;" align="initial">

<p style="color: #7f8fa4 !important; font-size: inherit; line-height: 1.5; margin: 0 0 16px;">We are experiencing segfaults in exim since upgrading from impish (4.94.2-7ubuntu2 with libgnutls30 3.7.1-5ubuntu1) to jammy (4.95-4ubuntu2 with libgnutls30 3.7.3-4ubuntu1), in _gnutls_trust_list_get_issuer, seemingly in the sender/recipient verify callout during message submission.</p>

<p style="color: #7f8fa4 !important; font-size: inherit; line-height: 1.5; margin: 0 0 16px;">Typically the initial attempt to submit a message crashes an exim child thread, but the same message is accepted when the sender retries.</p>

<p style="color: #7f8fa4 !important; font-size: inherit; line-height: 1.5; margin: 0;">gdb backtrace:</p>

</blockquote>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true" style='display: block; font-size: 13px; color: #303030; line-height: 1.6em; overflow-x: auto; border-radius: 2px; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; margin: 0 0 16px; padding: 12px; border: 1px solid #dbdbdb;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: 4px; white-space: pre; margin-top: 0; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">Thread 2.1 "exim4" received signal SIGSEGV, Segmentation fault.</span>

<span id="LC2" class="line" lang="plaintext">[Switching to Thread 0x7fe2f844d080 (LWP 29278)]</span>

<span id="LC3" class="line" lang="plaintext">0x00007fe2f8f3eb2b in _gnutls_trust_list_get_issuer (flags=<optimised out>, issuer=<optimised out>, cert=<optimised out>, list=<optimised out>) at x509/../../../lib/x509/verify-high.c:1026</span>

<span id="LC4" class="line" lang="plaintext">1026 x509/../../../lib/x509/verify-high.c: No such file or directory.</span>

<span id="LC5" class="line" lang="plaintext">(gdb) bt</span>

<span id="LC6" class="line" lang="plaintext">#0 0x00007fe2f8f3eb2b in _gnutls_trust_list_get_issuer (flags=<optimised out>, issuer=<optimised out>, cert=<optimised out>,</span>

<span id="LC7" class="line" lang="plaintext">    list=<optimised out>) at x509/../../../lib/x509/verify-high.c:1026</span>

<span id="LC8" class="line" lang="plaintext">#1 gnutls_x509_trust_list_get_issuer (list=list@entry=0x55ef6bd9c260, cert=0x55ef6bd9be20, issuer=issuer@entry=0x7ffc82dba510,</span>

<span id="LC9" class="line" lang="plaintext">    flags=flags@entry=16) at x509/../../../lib/x509/verify-high.c:1129</span>

<span id="LC10" class="line" lang="plaintext">#2 0x00007fe2f8f3f679 in gnutls_x509_trust_list_verify_crt2 (list=0x55ef6bd9c260, cert_list=0x7ffc82dba5c0,</span>

<span id="LC11" class="line" lang="plaintext">    cert_list_size=<optimised out>, data=<optimised out>, elements=<optimised out>, flags=33554432, voutput=0x7ffc82dba888, func=0x0)</span>

<span id="LC12" class="line" lang="plaintext">    at x509/../../../lib/x509/verify-high.c:1522</span>

<span id="LC13" class="line" lang="plaintext">#3 0x00007fe2f8ed7516 in _gnutls_x509_cert_verify_peers (status=0x7ffc82dba888, elements=0, data=0x0, session=0x55ef6c0c1150)</span>

<span id="LC14" class="line" lang="plaintext">    at ../../lib/cert-session.c:597</span>

<span id="LC15" class="line" lang="plaintext">#4 gnutls_certificate_verify_peers (session=0x55ef6c0c1150, data=data@entry=0x0, elements=elements@entry=0,</span>

<span id="LC16" class="line" lang="plaintext">    status=status@entry=0x7ffc82dba888) at ../../lib/cert-session.c:776</span>

<span id="LC17" class="line" lang="plaintext">#5 0x00007fe2f8ed8000 in gnutls_certificate_verify_peers2 (session=<optimised out>, status=status@entry=0x7ffc82dba888)</span>

<span id="LC18" class="line" lang="plaintext">    at ../../lib/cert-session.c:653</span>

<span id="LC19" class="line" lang="plaintext">#6 0x000055ef6b7698ef in verify_certificate (state=<optimised out>, errstr=0x7ffc82dbaa20)</span>

<span id="LC20" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:2519</span>

<span id="LC21" class="line" lang="plaintext">#7 0x000055ef6b7a5d7b in tls_client_start.constprop.0 (cctx=cctx@entry=0x55ef6be0e688, conn_args=conn_args@entry=0x55ef6bdfe5f8,</span>

<span id="LC22" class="line" lang="plaintext">    tlsp=0x55ef6b7f59c0 <tls_out>, errstr=errstr@entry=0x7ffc82dbaa20, cookie=<optimised out>)</span>

<span id="LC23" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:3593</span>

<span id="LC24" class="line" lang="plaintext">#8 0x000055ef6b78b0ef in smtp_setup_conn (sx=0x55ef6bdfe5e8, suppress_tls=<optimised out>) at transports/smtp.c:2673</span>

<span id="LC25" class="line" lang="plaintext">#9 0x000055ef6b776350 in do_callout (pm_mailfrom=<optimised out>, se_mailfrom=<optimised out>, options=<optimised out>,</span>

<span id="LC26" class="line" lang="plaintext">    callout_connect=<optimised out>, callout_overall=<optimised out>, callout=<optimised out>, tf=0x7ffc82dbbc10,</span>

<span id="LC27" class="line" lang="plaintext">    host_list=<optimised out>, addr=0x7ffc82dbbdd0)</span>

<span id="LC28" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/verify.c:677</span>

<span id="LC29" class="line" lang="plaintext">#10 verify_address (vaddr=<optimised out>, fp=<optimised out>, options=<optimised out>, callout=<optimised out>,</span>

<span id="LC30" class="line" lang="plaintext">    callout_overall=<optimised out>, callout_connect=<optimised out>, se_mailfrom=<optimised out>, pm_mailfrom=<optimised out>,</span>

<span id="LC31" class="line" lang="plaintext">    routed=<optimised out>) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/verify.c:1947</span>

<span id="LC32" class="line" lang="plaintext">#11 0x000055ef6b6f1660 in acl_verify (where=where@entry=0, addr=addr@entry=0x7ffc82dbc5e0,</span>

<span id="LC33" class="line" lang="plaintext">    arg=0x55ef6babc2b8 "recipient/defer_ok/callout=30s,defer_ok,use_postmaster", user_msgptr=user_msgptr@entry=0x7ffc82dbca50,</span>

<span id="LC34" class="line" lang="plaintext">    log_msgptr=log_msgptr@entry=0x7ffc82dbca58, basic_errno=basic_errno@entry=0x7ffc82dbc38c)</span>

<span id="LC35" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:2168</span>

<span id="LC36" class="line" lang="plaintext">#12 0x000055ef6b6f479e in acl_check_condition (level=<optimised out>, basic_errno=0x7ffc82dbc38c, log_msgptr=<optimised out>,</span>

<span id="LC37" class="line" lang="plaintext">    user_msgptr=<optimised out>, epp=<synthetic pointer>, addr=<optimised out>, where=<optimised out>, cb=0x55ef6babc298,</span>

<span id="LC38" class="line" lang="plaintext">    verb=<optimised out>) at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:3838</span>

<span id="LC39" class="line" lang="plaintext">#13 acl_check_internal (where=where@entry=0, addr=addr@entry=0x7ffc82dbc5e0, s=s@entry=0x55ef6bab9990 "acl_check_rcpt",</span>

<span id="LC40" class="line" lang="plaintext">    user_msgptr=user_msgptr@entry=0x7ffc82dbca50, log_msgptr=log_msgptr@entry=0x7ffc82dbca58)</span>

<span id="LC41" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:4225</span>

<span id="LC42" class="line" lang="plaintext">#14 0x000055ef6b6f7b9e in acl_check (where=0, recipient=<optimised out>, s=0x55ef6bab9990 "acl_check_rcpt",</span>

<span id="LC43" class="line" lang="plaintext">    user_msgptr=0x7ffc82dbca50, log_msgptr=0x7ffc82dbca58)</span>

<span id="LC44" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/acl.c:4539</span>

<span id="LC45" class="line" lang="plaintext">#15 0x000055ef6b75c2fd in smtp_setup_msg () at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/smtp_in.c:5283</span>

<span id="LC46" class="line" lang="plaintext">#16 0x000055ef6b6e5cda in handle_smtp_call (accepted=0x7ffc82dbceb0, accept_socket=<optimised out>,</span>

<span id="LC47" class="line" lang="plaintext">    listen_socket_count=<optimised out>, listen_sockets=<optimised out>)</span>

<span id="LC48" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/daemon.c:551</span>

<span id="LC49" class="line" lang="plaintext">#17 daemon_go () at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/daemon.c:2594</span>

<span id="LC50" class="line" lang="plaintext">#18 main (argc=<optimised out>, cargv=<optimised out>)</span>

<span id="LC51" class="line" lang="plaintext">    at /build/exim4-sMcKLv/exim4-4.95/b-exim4-daemon-light/build-Linux-x86_64/exim.c:4947</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #303030; margin: 0;" align="initial">A similar issue has been discussed on the <a href="https://lists.exim.org/lurker/message/20211008.224037.c1fee944.gl.html" rel="nofollow noreferrer noopener" target="_blank" style="color: #1068bf; margin-top: 0;">exim4 mailing list</a>, but I couldn't find a corresponding upstream bug report. It looks like <a href="https://gitlab.com/gnutls/gnutls/-/issues/1277" data-original="#1277" data-link="false" data-link-reference="false" data-project="179611" data-issue="94675005" data-issue-type="issue" data-reference-type="issue" data-container="body" data-placement="top" title="Possible race condition in gnutls_x509_trust_list_verify_crt2" class="gfm gfm-issue has-tooltip" style="color: #1068bf;">#1277 (closed)</a> might be related but the reported version already contains the fix for that.</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1374" style="color: #1068bf;">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/-/sent_notifications/31e8f480c83a1d5d16a63e32b5c82844/unsubscribe" style="color: #1068bf;">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1374"}}</script>

</p>

</div>

</body>

</html>