Segfaults with netqmail, ucspi-ssl and TLS

I am running netqmail patched for with TLS support under sslserver from the ucspi-ssl package.

However, every time a connection is closed the sslserver process segfaults. On the Opteron it also causes messages like
sslserver[13106] general protection rip:2ab6c23cf687 rsp:7fffe89e9308 error:0
to appear in my system log.

Currently tracing the problem, but it seems that the process dedicated to handling the encryption assumes that it has to start an encrypted connection even though it has not been requested to do so. I'll have to dig around a bit more.

Update: I also have a very trivial patch that fixes the issue. I've been running with it for over an year now and there have been no issues so it should be safe.
Here is the file:
ucspi-ssl-070-fixsegfault.patch

Comments

  1. It was a problem in the TLS patch. When the child process exits (the qmail-smtp process), the parent process responsible for the encrypted communication receives a nothing on its control file descriptor... a nothing that it does not check is nothing. It thus ends up using this nothing to initiate a SSL context and naturally the kernel gets angry.

    ReplyDelete

Post a Comment

Popular posts from this blog

ADSL Router Model CT-5367 user and pass (VIVACOM)

Installing Gentoo with full disk encryption

FreeIPA cluster with containers