Created attachment 1527782 [details] Patch fixing the issue Description of problem: Malformed DMARC record triggers a bug in libopendmarc, making application crash. $ host -t txt _dmarc.bbsv2.net _dmarc.bbsv2.net descriptive text "v=DMARC1\; p=reject\; rua=dmarc_agg.net\; ruf=dmarc_fr.net\; rf=afrfruf=dmarc_fr.net\; fo=1\; pct=100\; rf=afrf" No space before "ruf" tag makes the string longer than expected, returning NULL from a sanitizing function. A wrong operator is being used in the condition, causing a strlen() to be executed on the returned value. There is a merge request pending upstream, but there seems to be no activity after a year's time: https://sourceforge.net/p/opendmarc/code/merge-requests/7/ (I'm not the author of the MR or the sourceforge ticket, the patch attached is the result of debugging an in-house application). Version-Release number of selected component (if applicable): 1.3.2.0.18.fc29 How reproducible: Parsing a record causing the utility function to return NULL while processing some of the tags (see above). Additional info: Please see a gdb session attached, a patch is also included for reference.
Created attachment 1527784 [details] gdb session on a dumped core
Note that the following command can be used to determine whether this bug has been fixed or not: $ opendmarc-check bbsv2.net Segmentation fault (core dumped) $
Can anyone provide an update on this patch? We are unable to fully deploy opendmarc at all until this critical bug has been fixed and provided to RHEL6/7.
FEDORA-EPEL-2019-5393542b88 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5393542b88
FEDORA-EPEL-2019-3bcbd2f338 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3bcbd2f338
FEDORA-2019-24b3f84f6e has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-24b3f84f6e
FEDORA-2019-6a2ca74e55 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a2ca74e55
FEDORA-2019-e1f0417a24 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e1f0417a24
opendmarc-1.3.2-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3bcbd2f338
opendmarc-1.3.2-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-24b3f84f6e
opendmarc-1.3.2-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a2ca74e55
opendmarc-1.3.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e1f0417a24
opendmarc-1.3.2-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5393542b88
opendmarc-1.3.2-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
opendmarc-1.3.2-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Good news! The test I mentioned earlier in this thread, in particular: $ opendmarc-check bbsv2.net Segmentation fault (core dumped) $ does not cause a core dump after patching a RHEL 7 host with opendmarc-1.3.2-1.el7 As such, it is presumed that opendmarc will not crash for us once we put it into use on our production RHEL 7 MTA servers in the future and receive email from @bbsv2.net addresses.
Yep, the update solves the problem for us, too. Thank you!
That's great. The Fedora updates are now stable and the EPEL updates will go stable in two days (or sooner if they get +3 karma, but that's probably unlikely for a fairly niche package on EPEL).
opendmarc-1.3.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
opendmarc-1.3.2-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
opendmarc-1.3.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.