https://bugs.exim.org/show_bug.cgi?id=2606
Bug ID: 2606
Summary: Segfault in sqlite lookup with invalid sqlite_dbfile
Product: Exim
Version: 4.94
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Lookups
Assignee: unallocated@exim.org
Reporter: jh.exim-bugzilla@plonk.de
CC: exim-dev@exim.org
If sqlite_dbfile is empty, not set or set to an invalid path like " = bla" or "
= $spool_directory/grey.sqlite" (it's not expanded), a segfault occurs:
Example (using exim-4.94-1.fc32.x86_64 from Fedora 32):
# echo '${lookup sqlite {select * from bla}}' | exim -d+expand -be
Exim version 4.94 uid=0 gid=0 pid=236658 D=f7715dfd
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL
Content_Scanning DANE DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR PROXY SOCKS SPF
DMARC TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [10.1.1 20200507 (Red Hat 10.1.1-1)]
Library version: Glibc: Compile: 2.31
Runtime: 2.31
...
Library version: SQLite: Compile: 3.31.1
Runtime: 3.32.2
...
> ?considering: ${lookup sqlite {select * from bla}}
?considering: select * from bla}}
???expanding: select * from bla
??????result: select * from bla
search_open: sqlite "NULL"
Segmentation fault
--
You are receiving this mail because:
You are on the CC list for the bug.
Bug ID: 2606
Summary: Segfault in sqlite lookup with invalid sqlite_dbfile
Product: Exim
Version: 4.94
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Lookups
Assignee: unallocated@exim.org
Reporter: jh.exim-bugzilla@plonk.de
CC: exim-dev@exim.org
If sqlite_dbfile is empty, not set or set to an invalid path like " = bla" or "
= $spool_directory/grey.sqlite" (it's not expanded), a segfault occurs:
Example (using exim-4.94-1.fc32.x86_64 from Fedora 32):
# echo '${lookup sqlite {select * from bla}}' | exim -d+expand -be
Exim version 4.94 uid=0 gid=0 pid=236658 D=f7715dfd
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL
Content_Scanning DANE DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR PROXY SOCKS SPF
DMARC TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [10.1.1 20200507 (Red Hat 10.1.1-1)]
Library version: Glibc: Compile: 2.31
Runtime: 2.31
...
Library version: SQLite: Compile: 3.31.1
Runtime: 3.32.2
...
> ?considering: ${lookup sqlite {select * from bla}}
?considering: select * from bla}}
???expanding: select * from bla
??????result: select * from bla
search_open: sqlite "NULL"
Segmentation fault
--
You are receiving this mail because:
You are on the CC list for the bug.