(Posting this here as well as upstream, since the upstream project appears abandoned, and downstream is left to sort out bugs.) I'm calling the OpenDMARC milter from Postfix using the configuration: smtpd_milters = local:/run/opendkim/opendkim.sock local:/run/opendmarc/opendmarc.sock Unauthenticated inbound email destined for my domain arrives without issue, but when I attempt to send sasl authenticated email from Postfix, OpenDMARC crashes. Fedora 42, aarch64, logs pasted below. [fedora@server ~]$ opendmarc -V opendmarc: OpenDMARC Filter v1.4.2 SMFI_VERSION 0x1000001 libmilter version 1.0.1 Active code options: WITH_SPF May 02 13:09:27 server opendmarc[905]: implicit authentication service: server.example.com May 02 13:09:27 server systemd-coredump[1411]: Process 905 (opendmarc) of user 988 dumped core. Module /usr/bin/opendmarc from rpm opendmarc-1.4.2-28.fc42.aarch64 Module libcap.so.2 from rpm libcap-2.73-2.fc42.aarch64 Module libnss_systemd.so.2 from rpm systemd-257.5-2.fc42.aarch64 Module libspf2.so.2 from rpm libspf2-1.2.11-17.20210922git4915c308.fc42.aarch64 Module libmilter.so.1.0 from rpm sendmail-8.18.1-5.fc42.aarch64 Module libopendmarc.so.2 from rpm opendmarc-1.4.2-28.fc42.aarch64 Stack trace of thread 1406: #0 0x0000ffffa6a9590c strchr (libc.so.6 + 0xa590c) #1 0x0000ffffa6bfd684 opendmarc_spf_ipv6_explode.part.0.lto_priv.0 (libopendmarc.so.2 + 0xd684) #2 0x0000ffffa6bfa7d8 opendmarc_spf_ipv6_cidr_check (libopendmarc.so.2 + 0xa7d8) #3 0x0000ffffa6bfc7f0 opendmarc_spf_parse (libopendmarc.so.2 + 0xc7f0) #4 0x0000ffffa6bfd518 opendmarc_spf_test (libopendmarc.so.2 + 0xd518) #5 0x0000aaaad070cf88 mlfi_eom (/usr/bin/opendmarc + 0xcf88) #6 0x0000ffffa6bc7d90 mi_engine (libmilter.so.1.0 + 0x7d90) #7 0x0000ffffa6bc8130 mi_handle_session (libmilter.so.1.0 + 0x8130) #8 0x0000ffffa6bc8150 n/a (libmilter.so.1.0 + 0x8150) #9 0x0000ffffa6a7d284 start_thread (libc.so.6 + 0x8d284) #10 0x0000ffffa6ae804c thread_start (libc.so.6 + 0xf804c) Stack trace of thread 905: #0 0x0000ffffa6a86ba8 __syscall_cancel_arch (libc.so.6 + 0x96ba8) #1 0x0000ffffa6a795bc __internal_syscall_cancel (libc.so.6 + 0x895bc) #2 0x0000ffffa6a79610 __syscall_cancel (libc.so.6 + 0x89610) #3 0x0000ffffa6ae5448 __select (libc.so.6 + 0xf5448) #4 0x0000ffffa6bc91d0 mi_listener (libmilter.so.1.0 + 0x91d0) #5 0x0000ffffa6bc98a4 smfi_main (libmilter.so.1.0 + 0x98a4) #6 0x0000aaaad07044a0 main (/usr/bin/opendmarc + 0x44a0) #7 0x0000ffffa6a1625c __libc_start_call_main (libc.so.6 + 0x2625c) #8 0x0000ffffa6a1633c __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2633c) #9 0x0000aaaad0705a30 _start (/usr/bin/opendmarc + 0x5a30) Stack trace of thread 909: #0 0x0000ffffa6a86bac __syscall_cancel_arch (libc.so.6 + 0x96bac) #1 0x0000ffffa6a795bc __internal_syscall_cancel (libc.so.6 + 0x895bc) #2 0x0000ffffa6a79610 __syscall_cancel (libc.so.6 + 0x89610) #3 0x0000ffffa6a2c588 __sigtimedwait (libc.so.6 + 0x3c588) #4 0x0000ffffa6a2b9e4 sigwait (libc.so.6 + 0x3b9e4) #5 0x0000aaaad07080fc dmarcf_reloader (/usr/bin/opendmarc + 0x80fc) #6 0x0000ffffa6a7d284 start_thread (libc.so.6 + 0x8d284) #7 0x0000ffffa6ae804c thread_start (libc.so.6 + 0xf804c) Stack trace of thread 910: #0 0x0000ffffa6a86bac __syscall_cancel_arch (libc.so.6 + 0x96bac) #1 0x0000ffffa6a795bc __internal_syscall_cancel (libc.so.6 + 0x895bc) #2 0x0000ffffa6a79610 __syscall_cancel (libc.so.6 + 0x89610) #3 0x0000ffffa6a2c588 __sigtimedwait (libc.so.6 + 0x3c588) #4 0x0000ffffa6a2b9e4 sigwait (libc.so.6 + 0x3b9e4) #5 0x0000ffffa6bc701c n/a (libmilter.so.1.0 + 0x701c) #6 0x0000ffffa6a7d284 start_thread (libc.so.6 + 0x8d284) #7 0x0000ffffa6ae804c thread_start (libc.so.6 + 0xf804c) ELF object binary architecture: AARCH64 May 02 13:09:27 server systemd[1]: opendmarc.service: Main process exited, code=dumped, status=11/SEGV May 02 13:09:27 server systemd[1]: opendmarc.service: Failed with result 'core-dump'. May 02 13:09:28 server systemd[1]: opendmarc.service: Scheduled restart job, restart counter is at 1. May 02 13:09:28 server systemd[1]: Started opendmarc.service - Domain-based Message Authentication, Reporting & Conformance (DMARC) Milter. May 02 13:09:28 server opendmarc[1421]: OpenDMARC Filter v1.4.2 starting (args: -f -c /etc/opendmarc.conf) May 02 13:09:28 server opendmarc[1421]: additional trusted authentication services: (none)
- Can you easily reproduce it? - Can you check using `coredumpctl` if the dump is available for analysis? If so, can you start gdb with `coredumpctl gdb $PID` and print a full trace with `bt full`? After you can check the last frame with `frame 1` and print variables with `info locals`.
- Can you easily reproduce it? Yes, I can't send any authenticated mail without removing OpenDMARC from my smtpd_milters, OpenDMARC crashes every time. - Can you check using `coredumpctl` Hopefully the below is of use. (gdb) bt full #0 0x0000ffffb281590c in strchr () from /lib64/libc.so.6 No symbol table info available. #1 0x0000ffffb297d684 in opendmarc_spf_ipv6_explode.part.0.lto_priv () from /lib64/libopendmarc.so.2 No symbol table info available. #2 0x0000ffffb297a7d8 in opendmarc_spf_ipv6_cidr_check () from /lib64/libopendmarc.so.2 No symbol table info available. #3 0x0000ffffb297c7f0 in opendmarc_spf_parse () from /lib64/libopendmarc.so.2 No symbol table info available. #4 0x0000ffffb297d518 in opendmarc_spf_test () from /lib64/libopendmarc.so.2 No symbol table info available. #5 0x0000aaaae509cf88 in mlfi_eom () No symbol table info available. #6 0x0000ffffb2947d90 in mi_engine () from /lib64/libmilter.so.1.0 No symbol table info available. #7 0x0000ffffb2948130 in mi_handle_session () from /lib64/libmilter.so.1.0 No symbol table info available. #8 0x0000ffffb2948150 in ?? () from /lib64/libmilter.so.1.0 No symbol table info available. #9 0x0000ffffb27fd284 in start_thread () from /lib64/libc.so.6 No symbol table info available. #10 0x0000ffffb286804c in thread_start () from /lib64/libc.so.6 No symbol table info available. (gdb) frame 1 #1 0x0000ffffb297d684 in opendmarc_spf_ipv6_explode.part.0.lto_priv () from /lib64/libopendmarc.so.2
I forgot the last one! (gdb) info locals No symbol table info available.
Can you try with: # dnf copr enable mikelo2/opendmarc-bz2363660 && dnf upgrade *opendmarc* && systemctl restart opendmarc.service Build is here: https://copr.fedorainfracloud.org/coprs/mikelo2/opendmarc-bz2363660/build/8990834/ It contains the following patch: https://src.fedoraproject.org/fork/mikelo2/rpms/opendmarc/blob/bz2363660/f/0001-libopendmarc-fix-NULL-pointer-deref-in-opendmarc_spf.patch Not 100% sure it will fix it, but it's a simple test.
Thank you Mikel, I do not experience the crash with the build you have provided.
Thanks for confirming Dominic. I pushed a PR upstream and will update Fedora and EPEL builds. As the new build will have the same version number than the one in copr, you may not get the update with the signed package.
That's fine, and thanks again, Fedora is the best distro in the world. :)
FEDORA-2025-ddb1785fa9 (opendmarc-1.4.2-29.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-ddb1785fa9
FEDORA-2025-ddb1785fa9 (opendmarc-1.4.2-29.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-2ac50cc07d (opendmarc-1.4.2-29.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-2ac50cc07d
FEDORA-2025-42809f32cb (opendmarc-1.4.2-29.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2025-42809f32cb
FEDORA-EPEL-2025-e9243316fe (opendmarc-1.4.2-29.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e9243316fe
FEDORA-2025-8b1fc98fed (opendmarc-1.4.2-29.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-8b1fc98fed
FEDORA-EPEL-2025-cd2685953b (opendmarc-1.4.2-29.el10_1) has been submitted as an update to Fedora EPEL 10.1. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cd2685953b
FEDORA-2025-8b1fc98fed has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-8b1fc98fed` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-8b1fc98fed See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-2ac50cc07d has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-2ac50cc07d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-2ac50cc07d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-cd2685953b has been pushed to the Fedora EPEL 10.1 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cd2685953b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-e9243316fe has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e9243316fe See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-42809f32cb has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-42809f32cb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-42809f32cb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-8b1fc98fed (opendmarc-1.4.2-29.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-2ac50cc07d (opendmarc-1.4.2-29.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-cd2685953b (opendmarc-1.4.2-29.el10_1) has been pushed to the Fedora EPEL 10.1 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-e9243316fe (opendmarc-1.4.2-29.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-42809f32cb (opendmarc-1.4.2-29.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.