Bug 2177653 - Opendmarc crashes with segfault at 0 ip 0000148cd4fc76d0 sp 0000148cc7dd9138 error 4 in libbsd.so.0.11.3[148cd4fbf000+c000]
Summary: Opendmarc crashes with segfault at 0 ip 0000148cd4fc76d0 sp 0000148cc7dd9138 ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: opendmarc
Version: epel9
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Mikel Olasagasti Uranga
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-13 09:01 UTC by Klaus Tachtler
Modified: 2025-04-23 02:38 UTC (History)
5 users (show)

Fixed In Version: opendmarc-1.4.2-27.fc43 opendmarc-1.4.2-28.fc42 opendmarc-1.4.2-28.el9 opendmarc-1.4.2-28.el10_1
Clone Of:
Environment:
Last Closed: 2025-04-12 21:27:59 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Fedora Package Sources opendmarc pull-request 14 0 None None None 2025-01-29 13:11:48 UTC

Description Klaus Tachtler 2023-03-13 09:01:08 UTC 
Description of problem:

Opendmarc crashes with 'milter unix:/run/opendmarc/opendmarc.sock: can't read SMFIC_BODYEOB reply packet header: Application error'

[35266.313292] opendmarc[19208]: segfault at 0 ip 0000148cd4fc76d0 sp 0000148cc7dd9138 error 4 in libbsd.so.0.11.3[148cd4fbf000+c000]

See solution witch patch for OpenDMARC:
https://github.com/trusteddomainproject/OpenDMARC/issues/183


Version-Release number of selected component (if applicable):

Name        : opendmarc
Arch        : x86_64
Version     : 1.4.1.1
Release     : 3.el7
Size        : 246 k
Repo        : installed
From repo   : epel
Summary     : A Domain-based Message Authentication, Reporting & Conformance
            : (DMARC) milter and library
URL         : http://www.trusteddomain.org/opendmarc.html
License     : BSD and Sendmail
Description : OpenDMARC (Domain-based Message Authentication, Reporting &
            : Conformance) provides an open source library that implements the
            : DMARC verification service plus a milter-based filter application
            : that can plug in to any milter-aware MTA, including sendmail,
            : Postfix, or any other MTA that supports the milter protocol.
            : 
            : The DMARC sender authentication system is still a draft standard,
            : working towards RFC status.
            : 
            : The database schema required for some functions is provided in
            : /usr/share/opendmarc/db. The rddmarc tools are provided in
            : /usr/share/opendmarc/contrib/rddmarc.


How reproducible:

Get an E-Mail with "ARC-Seal: i=1; none" or DMARC signature wirh more than 2048 bit lenght.


Steps to Reproduce:
1. E-Mail with "ARC-Seal: i=1; none" or DMARC signature wirh more than 2048 bit lenght.
2. OpenDMARC under CentOS-7 crashed.
3. [35266.313292] opendmarc[19208]: segfault at 0 ip 0000148cd4fc76d0 sp 0000148cc7dd9138 error 4 in libbsd.so.0.11.3[148cd4fbf000+c000]

Actual results:

OpenDMARC chrashed with: [35266.313292] opendmarc[19208]: segfault at 0 ip 0000148cd4fc76d0 sp 0000148cc7dd9138 error 4 in libbsd.so.0.11.3[148cd4fbf000+c000] 


Expected results:

OpenDMARC can handel E-Mail with "ARC-Seal: i=1; none" or DMARC signature wirh more than 2048 bit lenght or higher, see patch:

https://github.com/trusteddomainproject/OpenDMARC/issues/183


Additional info:

Patch avialable:

https://github.com/trusteddomainproject/OpenDMARC/issues/183
Comment 1 Alexander Boström 2023-06-20 13:43:58 UTC 
Please consider applying these patches in Fedora, which have been submitted upstream but have not been accepted. They are really required for using OpenDMARC on an MX host.

I created https://copr.fedorainfracloud.org/coprs/abo/opendmarc/ almost a year ago hoping it would be a temporary solution, but it is still needed.

Specifically I suggest these patches:

https://github.com/trusteddomainproject/OpenDMARC/pull/223
https://github.com/trusteddomainproject/OpenDMARC/pull/224
https://github.com/trusteddomainproject/OpenDMARC/pull/225
Comment 2 Troy Dawson 2024-07-09 04:19:33 UTC 
EPEL 7 entered end-of-life (EOL) status on 2024-06-30.\n\nEPEL 7 is no longer maintained, which means that it\nwill not receive any further security or bug fix updates.\n As a result we are closing this bug.
Comment 3 Steve Siirila 2025-01-14 15:37:28 UTC 
This is STILL an issue in EPEL 9 (opendmarc 1.4.2) and is disrupting our ability to run the latest version of opendmarc.  Considering that the patch has been available for years, please consider applying it to EPEL 9.
Comment 4 Kevin Fenzi 2025-01-18 22:39:53 UTC 
Reopening and moving to epel9
Comment 5 Graham Leggett 2025-01-21 11:20:17 UTC 
Just ran into the same issue.

Can confirm the patches in https://bugzilla.redhat.com/show_bug.cgi?id=2177653#c1 worked around the problem for me.
Comment 6 Mikel Olasagasti Uranga 2025-01-29 13:11:48 UTC 
Thanks for reopening Kevin.

I created a PR with the change, will test and merge. This can be later backported to EL releases.
Comment 7 Graham Leggett 2025-01-30 09:41:21 UTC 
Much appreciated, thank you.
Comment 8 Fedora Update System 2025-04-12 19:36:40 UTC 
FEDORA-2025-525419f4ed (opendmarc-1.4.2-27.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-525419f4ed
Comment 9 Fedora Update System 2025-04-12 19:51:13 UTC 
FEDORA-2025-470dc317c1 (opendmarc-1.4.2-27.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-470dc317c1
Comment 10 Fedora Update System 2025-04-12 21:27:59 UTC 
FEDORA-2025-525419f4ed (opendmarc-1.4.2-27.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 11 Fedora Update System 2025-04-12 21:28:25 UTC 
FEDORA-2025-525419f4ed (opendmarc-1.4.2-27.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 12 Fedora Update System 2025-04-13 02:41:37 UTC 
FEDORA-2025-470dc317c1 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-470dc317c1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-470dc317c1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 13 Fedora Update System 2025-04-13 16:16:04 UTC 
FEDORA-EPEL-2025-07ed33e698 (opendmarc-1.4.2-28.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-07ed33e698
Comment 14 Fedora Update System 2025-04-13 16:16:05 UTC 
FEDORA-EPEL-2025-5c7a765aeb (opendmarc-1.4.2-28.el10_1) has been submitted as an update to Fedora EPEL 10.1.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5c7a765aeb
Comment 15 Mikel Olasagasti Uranga 2025-04-13 16:18:41 UTC 
Update https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-07ed33e698 includes the fix, please test.

The update also contains the split of the package as described here: https://fedoraproject.org/wiki/Changes/SplitOpendmarcTools

The -tools package requires CRB repo enabled.
Comment 16 Fedora Update System 2025-04-15 20:22:01 UTC 
FEDORA-2025-341fab382f has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-341fab382f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-341fab382f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 17 Fedora Update System 2025-04-15 20:32:25 UTC 
FEDORA-EPEL-2025-5c7a765aeb has been pushed to the Fedora EPEL 10.1 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5c7a765aeb

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 18 Fedora Update System 2025-04-15 20:57:08 UTC 
FEDORA-EPEL-2025-07ed33e698 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-07ed33e698

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 19 Fedora Update System 2025-04-22 02:57:17 UTC 
FEDORA-2025-341fab382f (opendmarc-1.4.2-28.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 20 Fedora Update System 2025-04-23 00:53:56 UTC 
FEDORA-EPEL-2025-07ed33e698 (opendmarc-1.4.2-28.el9) has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 21 Fedora Update System 2025-04-23 02:38:00 UTC 
FEDORA-EPEL-2025-5c7a765aeb (opendmarc-1.4.2-28.el10_1) has been pushed to the Fedora EPEL 10.1 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.