[opendmarc-dev] Fwd: opendmarc 1.3.2-beta0 bug

Fri Aug 19 21:27:25 PDT 2016

I have tracked down what I believe is a bug in 1.3.2-Beta0.  This was found
on my EL6 system using the testing build that Steve Jenkins has prepared.

I was seeing segfaults on every connection attempt.  gdb helped track it
down to this:

sfsistat
mlfi_connect(SMFICTX *ctx, char *host, _SOCK_ADDR *ip)
{
        DMARCF_CONNCTX cc;
        struct dmarcf_config *conf;

        dmarcf_config_reload();

        if (dmarcf_checkhost(host, ignore) ||
            (ip != NULL && dmarcf_checkip(ip, ignore)))
        {
                if (conf->conf_dolog)
                        syslog(LOG_INFO, "ignoring connection from %s",
host);
                return SMFIS_ACCEPT;
        }

specifically, see how conf is defined on the local stack, but is
dereferenced before being set here.  In 1.3.1, this reads if
(curconf->conf_dolog) ...

It was changed in this changeset (thanks git blame):
ec281d40 (Murray S. Kucherawy 2016-07-19 02:48:03 -0700 1689)           if
(conf->conf_dolog)
ec281d40 (Murray S. Kucherawy 2016-07-19 02:48:03 -0700 1690)
    syslog(LOG_INFO, "ignoring connection from %s", host);

commit ec281d4039b1b5518fca8d9d1a5b67f1a21c50bb
Author: Murray S. Kucherawy <msk at trusteddomain.org>
Date:   Tue Jul 19 02:48:03 2016 -0700

    Fix bug #158: Log ignored connections.  Patch from Andreas Schulze.

Thanks,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trusteddomain.org/pipermail/opendmarc-dev/attachments/20160819/309ab321/attachment.htm>