Bugzilla Bug 41196

When building exim, IPV6_USE_INET_PTON isn't defined
in config.h if IPV6 is in use.  This causes errors as follows:

To: ph10@cus.cam.ac.uk
Cc: Brad Allen <Ulmo@Q.Net>
Subject: [Exim] exim 4.12 SIGSEGV, probably in ident code
From: Brad Allen <Ulmo@Q.Net>
X-Mailer: Mew version 3.3 on XEmacs 21.4.12 (Portable Code)

Not sent to main list, since I don't have time to figure out how.

I found a configuration error.  It solves this problem in this case:

> [Exim] exim 4.12 SIGSEGV, probably in ident code
> 
> Philip Hazel exim-users at exim.org
> Mon, 31 Mar 2003 10:13:39 +0100 (BST)
> 
>   * Previous message: [Exim] exim 4.12 SIGSEGV, probably
>     in ident code
>   * Next message: [Exim] exim MTA used as unauthed relay
>   * Messages sorted by: [ date ] [ thread ] [ subject ] [
>     author ]
> 
> ---------------------------------------------------------
> 
> On Mon, 31 Mar 2003, Oleg Cherevko wrote:
> 
> > 03:36:10  2710 Connection request from 210.22.102.30 port 49963
> > 03:36:10  2710 1 SMTP accept process running
> > 03:36:10  2710 ---0 Rst 614688    **       daemon.c  613 24600
> > 03:36:10  2710 Listening...
> > 03:36:10  7517 ---0 Get 614704    24       string.c  344
> > 03:36:10  7517 host in rfc1413_hosts? yes (matched "*")
> > 03:36:10  7517 doing ident callback
> > 03:36:10  2710 child 7517 ended: status=0xb
> > 03:36:10  2710 0 SMTP accept processes now running
> > 03:36:10  2710 Listening...
> >
> > Note: the same host (210.22.102.30), the same debug log pattern.
> > Not that it bothers me much (for this is obviousely some spammers
> > trying to feed my Exim their junk), but I'd rather prefer Exim to
> > end these connections in more graceful way...
> 
> I agree. But I'm not sure how to proceed here. I guess I'll have to
> set up a simulation that does an ident call to that host. I've put
> this on my list to investigate - thanks for the report.
> 
> If you want to do debugging yourself, the relevant part of the
> source is the function verify_get_ident() in the module verify.c. To
> narrow down where the segfault is occurring, additional
> debug_printf() statements can be addded.

So far, this is what I have:

In Exim 4.30, it is SIGSEGVing someplace in this code piece (in
verify.c:verify_get_ident(), as you said):

if (ip_bind(sock, host_af, interface_address, 0) < 0)
  {
  DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
    strerror(errno));
  goto END_OFF;
  }

I thought it did it regardless of IP type and origination host, so
far, but tried some more examples, eliminated one configuration error
with tcpwrappers, and then isolated it more (either I wasn't paying
attention or it changed behavoir before that):

Ok, so the problem is just coming from a local host:

19:51:22 18940 doing ident callback
19:51:22 18940 doing ident callback A
19:51:22 18840 1 SMTP accept process running
19:51:22 18840 ---0 Rst 0x8138668    **       daemon.c  627 24600
19:51:22 18840 child 18940 ended: status=0xb
19:51:22 18840 0 SMTP accept processes now running
19:51:22 18840 Listening...

Let's try ipv6 vs. ipv4:

That was it.  Coming in from IPv6 from any host causes the error, but
not ipv4.

Exim on Debian doesn't have this problem.  I keep wondering if it is
some library on Gentoo that is doing it.

In ip.c:ip_bind():  it is doing it in this line:

    ip_addrinfo(address, &sin.v6);  /* Panic-dies on error */

In ip.c:ip_addrinfo(), it is doing it in this line:

 memcpy(saddr, res->ai_addr, res->ai_addrlen);

So, now I need to see what is wrong there.  First, let's do debugging
on memcpy, then move back:

sizeof(*saddr) 28, sizeof(*res->ai_addr) 16, res->ai_adrlen 28

This is what I suspected; someone doesn't know they're using IPv6;
IPv6 addresses are 12 more bytes than IPv4 addresses, and 16+12=28.

I wonder how *res->ai_addr did that.

Sigh.  Walk back now.

This is a distribution error:

In config.h:

#define HAVE_IPV6             TRUE
/* IPV6_USE_INET_PTON not set */

When uncomment IPV6_USE_INET_PTON, it:

works.

OK --- reporting to Gentoo.

> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.
> 
> 
> 
> 
> ---------------------------------------------------------
> 
>   * Previous message: [Exim] exim 4.12 SIGSEGV, probably
>     in ident code
>   * Next message: [Exim] exim MTA used as unauthed relay
>   * Messages sorted by: [ date ] [ thread ] [ subject ] [
>     author ]


Reproducible: Always
Steps to Reproduce:
1.  Compile exim with ipv6.
2.  Configure exim with ident enabled (I think default?).
3.  Start exim to listen to smtp port (normal mode).
4.  Connect to exim on IPv6 port.
5.  SIGSEGV happens as described.

So far, fix seems to work.

Actual Results:  
See summary message.

strace -f exim -bd -d+all

shows that there is a SIGSEGV in the child process.
In my message, I track down the location of that.

Gets a connect and disconnect without messages from
remote host, since exim sees the SIGSEGV and gives up
for that subprocess.


Expected Results:  
To connect to SMTP port normally from remote host.


This could be my error, however, I don't think so, since
I experienced it with three versions of exim (emerge,
emerge with ACCEPT_KEYWORDS='~x86', and a version of
exim you don't have yet).

handing these over to Jay

I've modified the 4.32 ebuild (soon to be in portage), can you confirm this is
still a problem (I don't use ipv6 here yet).

Marking this bug as fixed as there's been no further reports of problems, feel
free to re-open if this is still an issue.