https://bugs.exim.org/show_bug.cgi?id=3079
Bug ID: 3079
Summary: SIGSEGV (null pointer indirection) when a lookup is
performed on a key with no values using dbmnz.
Product: Exim
Version: 4.96+
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Lookups
Assignee: unallocated@exim.org
Reporter: vsbugge@samfundet.no
CC: exim-dev@lists.exim.org
Steps to reproduce:
```
$> printf "test\n\n" | db5.3_load -T -t hash test.db
$> echo "\${lookup{test}dbmnz{$(pwd)/test.db}}" | ./exim -be
> 2024-03-07 00:05:10 SIGSEGV (fault address: (nil))
2024-03-07 00:05:10 SEGV_MAPERR
2024-03-07 00:05:10 SIGSEGV (null pointer indirection)
2024-03-07 00:05:10 SIGSEGV (109100 initializing
)
[...]
```
The bug was introduced in 6d2c02 and is present in the current master. The
issue causes issues with empty email lists in our mailing list system after
upgrading to Debian bookworm.
The bug is due to calling Ustrlen on a null pointer in the function
string_copyn_taint_trc ( src/functions.h ). I have a patch with a test ready if
you want to take a look.
Kind regards,
Sebastian Bugge
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Bug ID: 3079
Summary: SIGSEGV (null pointer indirection) when a lookup is
performed on a key with no values using dbmnz.
Product: Exim
Version: 4.96+
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Lookups
Assignee: unallocated@exim.org
Reporter: vsbugge@samfundet.no
CC: exim-dev@lists.exim.org
Steps to reproduce:
```
$> printf "test\n\n" | db5.3_load -T -t hash test.db
$> echo "\${lookup{test}dbmnz{$(pwd)/test.db}}" | ./exim -be
> 2024-03-07 00:05:10 SIGSEGV (fault address: (nil))
2024-03-07 00:05:10 SEGV_MAPERR
2024-03-07 00:05:10 SIGSEGV (null pointer indirection)
2024-03-07 00:05:10 SIGSEGV (109100 initializing
)
[...]
```
The bug was introduced in 6d2c02 and is present in the current master. The
issue causes issues with empty email lists in our mailing list system after
upgrading to Debian bookworm.
The bug is due to calling Ustrlen on a null pointer in the function
string_copyn_taint_trc ( src/functions.h ). I have a patch with a test ready if
you want to take a look.
Kind regards,
Sebastian Bugge
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/