Bug 1200780 - postfix: postlog NULL pointer dereference crash when invoked with incorrect arguments
Summary: postfix: postlog NULL pointer dereference crash when invoked with incorrect a...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: postfix
Version: 6.6
Hardware: Unspecified
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Jaroslav Škarvada
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-11 11:35 UTC by Christoffer Strömblad
Modified: 2017-09-06 07:36 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-06 07:36:17 UTC
Target Upstream Version:


Attachments (Terms of Use)
upstream patch (555 bytes, patch)
2016-09-12 16:18 UTC, Ondřej Lysoněk
no flags Details | Diff

Description Christoffer Strömblad 2015-03-11 11:35:41 UTC
Description of problem:
When issuing the command postlog with invalid parameters the program will crash. According to this (http://permalink.gmane.org/gmane.mail.postfix.devel/2942) discussion the problem seem to have been addressed, but unsure.

Due to the potential exploitability and severe consequences a bug was determined to be the best option to highlight the potential problem.

Version-Release number of selected component (if applicable):
postfix-2.6.6-6.el6_5.x86_64

How reproducible:
Every time.

Steps to Reproduce:
1. Issue command 'postlog --help' (or any other invalid parameter for that matter)
2. That's it.

Actual results:
Segmentation fault.

Expected results:
A command usage help text according to the code.

Additional info:

Comment 1 Tomas Hoger 2015-03-11 12:59:06 UTC
(In reply to Christoffer Strömblad from comment #0)
> Due to the potential exploitability and severe consequences a bug was
> determined to be the best option to highlight the potential problem.

Considering that this is simple NULL pointer dereference in a non-suid/sgid application not meant to be run as daemon, you probably should clarify the exploitability and severe consequences.  Looks like a non-security bug, hence re-assigning where this should have been filed.

Note that two patches were already proposed by upstream developers:

http://thread.gmane.org/gmane.mail.postfix.devel/2942/focus=2943
http://thread.gmane.org/gmane.mail.postfix.devel/2942/focus=2945

Comment 2 Christoffer Strömblad 2015-03-11 13:04:40 UTC
I apologise if this was posted in the wrong category under incorrect assumptions. I'm not in anyway an experienced developer or system-administrator but felt that a segmentation fault in a software that had ownership of root/root might be something to look into with POTENTIAL exploitability and consequences.

If you judge this to be non-security related issue, excellent. I wouldn't know, but felt that the "better safe than sorry" maxim was appropriate.

Comment 6 Ondřej Lysoněk 2016-09-12 16:18:31 UTC
Created attachment 1200243 [details]
upstream patch

Attaching the patch which was used upstream.

Comment 8 Tomáš Hozza 2017-09-06 07:36:17 UTC
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017.  During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:
http://redhat.com/rhel/lifecycle

This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification.  Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com


Note You need to log in before you can comment on or make changes to this bug.