[Pymilter] pymilter dies on IPv6 addresses

Stuart Gathman stuart at gathman.org
Wed Nov 22 09:52:45 EST 2017


So, it is strange that the backtrace doesn't show Py_BuildValue.  The
call to Py_BuildValue is varargs, which can cause portability problems. 
The call for IP6 connections has two additional arguments - both long:
flowinfo and scope_id.  Generally, C compilers push the last args first,
so if there was some problem with the two extra args, it would not
affect parsing the preceding ones.  But there could be something
different on BSD where a cast is needed on flowinfo and scope_id to
prevent shifting offsets of earlier args.

I don't give this a high likelihood, because the address of hostname in
the backtrace looks like a reasonable stack address.  Does BSD put the
stack near the end of the virtual address space like that?

    case AF_INET6:
      { struct sockaddr_in6 *sa = (struct sockaddr_in6 *)hostaddr;
        PyObject *ip6addr_obj = makeip6addr(sa);
        long scope_id = 0;
#ifdef HAVE_IPV6_RFC2553
	scope_id = ntohl(sa->sin6_scope_id);
#endif
        arglist = Py_BuildValue("(Osh(Oiii))", c, hostname, hostaddr->sa_family,
				ip6addr_obj,
				ntohs(sa->sin6_port),
				ntohl(sa->sin6_flowinfo),
				scope_id);
        Py_DECREF(ip6addr_obj);
      }
      break;


On 11/21/2017 12:41 PM, Stuart Gathman wrote:
> On 11/21/2017 02:56 AM, Attila Nagy wrote:
>> Sorry, this is the full backtrace which gdb gives:
>> (gdb) bt
>> #0  strlen (str=0xffffffffdf3f9d40 <Address 0xffffffffdf3f9d40 out of
>> bounds>)
>>     at /usr/src/lib/libc/string/strlen.c:100
>> #1  0x0000000800ae2ae7 in PyString_FromString ()
>>    from /usr/local/lib/libpython2.7.so.1
>> #2  0x0000000805a760a7 in milter_wrap_connect ()
>>    from /usr/local/lib/python2.7/site-packages/milter.so
> So, it looks like postfix/libmilter is passing some garbage for
> hostname.  Here is the API:
>
>   http://pythonhosted.org/pymilter/milter_api/xxfi_connect.html
>






More information about the Pymilter mailing list