Menu

#99 Use of uninitialized value $SelfSigned (...) at /usr/share/logwatch/scripts/services/exim line 334

v7.5.5
closed
nobody
None
5
2022-01-01
2021-10-24
Joerg Mechnich
No

Hi there!

First of all let me thank you for providing this great tool.

On Debian bullseye using logwatch 7.5.5-1 I occasionally see the following error inside the notification email:

 --------------------- EXIM Begin ------------------------ 

 Use of uninitialized value $SelfSigned in concatenation (.) or string at /usr/share/logwatch/scripts/services/exim line 334, <STDIN> line 330.

 --- Self-Signed Certificate in use (  Time(s))

 ---------------------- EXIM End -------------------------

I have attached my copy of /usr/share/logwatch/scripts/services/exim to this post.
This is not really a hard bug, just thought to let you know.

Thanks again,
Jörg

1 Attachments
exim

Discussion

  • Joerg Mechnich

    Joerg Mechnich - 2021-10-24

    Maybe this snippet from my /var/log/exim/mainlog can help:

    2021-10-24 11:39:06 Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts option

    Following this suggestion would probably be one way to solve the issue for me... ;)

     

  • Bjorn

    Bjorn - 2021-10-24

    This might have been fixed recently. Can you try the current exim file? You can override your current /usr/share/logwatch/scripts/services/exim file, if you use the default location.

    The snippet you posted is probably the one that triggered the unitialized value error, and the suggested action would prevent the warning. But that needs to happen in your exim configuration, not in logwatch. But with the newer exim file, you shouldn't get the unitialized value error.

     

  • Joerg Mechnich

    Joerg Mechnich - 2021-10-27

    Nope, unfortunately, it will only change the error message:

    --------------------- EXIM Begin ------------------------ 

 Use of uninitialized value $SelfSignedH in concatenation (.) or string at /usr/share/logwatch/scripts/services/exim line 332, <STDIN> line 365.

 --- Self-Signed Certificate in use (  Time(s))
     

  • Bjorn

    Bjorn - 2021-10-27

    Hmmm...

    Don't know why it doesn't work. I don't run exim, so I can't easily test it. Attached is a patch that initializes the variable at the beginning. I wouldn't think it is needed (if array is not initialized, the if of the implied array scalar should fail). Let me know if it works. (And if it does work, I still wouldn't know why.)

    And, as always, if anyone else can help, chime in.

     
    exim.patch

  • Joerg Mechnich

    Joerg Mechnich - 2021-10-27

    The patch did not help, just created another error:
    Name "main::SelfSignedH" used only once: possible typo at /usr/share/logwatch/scripts/services/exim line 333.

    I might have found a fix though (and an explanation, although I am not at all a perl expert...):

    It works if you use $#SelfSignedH instead of $SelfSignedH inside the print statement. If I understand correctly, you have to either assign the array to a scalar or explicitly use the scalar keyword in order to get the length of it (or$#). Initialization of the array is not necessary then.

    I can imagine that it would make sense to change it for all similar statements inside the file.

     

    Last edit: Joerg Mechnich 2021-10-27

  • Joerg Mechnich

    Joerg Mechnich - 2021-10-27

    Ah sorry, what I wrote in my last post is probably incorrect (the result just looked good :D):

    $# apparently DOES NOT get the length but the last element. I will keep looking.

     

  • Joerg Mechnich

    Joerg Mechnich - 2021-10-27

    Got it (the solution was just a few lines below):

    Put in front $SelfSignedH and print (...) to create the scalar (probably)...

    Edit: attached git diff-based patch.

     

    Last edit: Joerg Mechnich 2021-10-27
    logwatch.patch

  • Joerg Mechnich

    Joerg Mechnich - 2021-10-28
     

  • Daniel Lewart

    Daniel Lewart - 2021-12-16

    Joerg, Bjorn, et al,

    This is the code in exim's src/tls.c that writes the log messages:

      log_write(0, LOG_MAIN,
    "Warning: No server certificate defined; will use a selfsigned one.\n"
    " Suggested action: either install a certificate or change tls_advertise_hosts option");

    Unfortunately, the "Suggested action" line has no timestamp.

    There are two problems with logwatch.patch:

    1. Even if there are no Warnings for the date range,
      $Detail >= $LvlMsgs will still print "Suggested action" messages from outside the range
    2. Name "main::SelfSigned" used only once

    Instead, please use the one-line diff patch I submitted Oct 5, 2021:
        https://sourceforge.net/p/logwatch/mailman/message/37361394/
    Reproduced below.

    Thank you!
    Daniel Lewart
    Urbana, Illinois

    --- scripts/services/exim.orig    2020-09-07 15:43:26.000000000 -0500
+++ scripts/services/exim    2021-10-05 00:00:00.000000000 -0500
@@ -329,7 +329,7 @@
    }
 }

-if (@SelfSignedH) {
+if ($SelfSigned) {
    print "\n--- Self-Signed Certificate in use ($SelfSigned  Time(s))\n";

    if ($Detail >= $LvlMsgs) {
     

    Last edit: Daniel Lewart 2021-12-16

  • Daniel Lewart

    Daniel Lewart - 2021-12-17

    Bjorn, Joerg, et al,

    And, as always, if anyone else can help, chime in.

    Gladly! Let's look at the following command:

    sudo logwatch --service=exim --range=2021-11-28

    logwatch.pl lines 777 and 787 are:

    777:  $CheckTime = $time_t[0] - 86400*2;
787:  if ($CheckTime <= ($FileStat[9])) {

    so it reads Archives from Nov 26 onwards.
    Below are the relevant log file lines.

    We only care about lines that match $SearchDate (2021-11-28).
    In this case, there are none, so $SelfSigned is undef, which is correct.

    That is why the condition should have been changed from:

    if (@SelfSignedH) {

    to:

    if ($SelfSigned) {

    I just saw Commit [97c94f] - [exim] Fix to unitialized $bb, reported by Roland Heymanns.
    Those $SelfSigned changes should be reverted.

    I hope this clarifies things.

    Thank you!
    Daniel Lewart
    Urbana, Illinois

    2021-11-26 00:15:23 Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts option
2021-11-26 00:17:42 Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts option
2021-11-26 03:00:23 Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts option
2021-11-27 23:56:59 Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts option
     

    Related

    Commit: [97c94f]

  • Bjorn

    Bjorn - 2021-12-19

    Daniel,

    Can you provide a diff -u between the current version of exim in the repository and your proposed changes?

    (Also, you might have an older logwatch.pl, as the line numbers above don't match the current logwatch.pl, but the referenced code in that file has not changed in a long time.)

     

  • Daniel Lewart

    Daniel Lewart - 2021-12-19

    Bjorn,

    1. diff -u output is attached
    2. Yes, my logwatch.pl is version 7.5.5-1 (Debian 11 "bullseye")
    3. "use strict;" would be a good thing

    Thank you!
    Dan

     
    exim.diff

  • Bjorn

    Bjorn - 2021-12-19

    Thanks for the patch. Here are some comments:

    • It appears that your patch creates a scalar version of @SelfSignedH, which is what $SelfSignedH is in the current repository version. Also, @SelfSignedH is also added-to by another condition, which your print conditional does not test (and thus not reliably output). It appears that you are not running the current version of the exim script.

    • You also mention the two-line implementation of the warning message, without the timestamp on the second line. Perhaps the solution to that is to read in the line after the first warning line.

    I'm attaching a patch for you to try. The patch is based on the current repository file. In addition to reading the subsequent line, it also corrects the extraneous spaces you identified.

    Let me know if that solves the problem.

    P.S. Your comment about "use strict" is true, but the concern about blindingly adding them now is breaking existing installations. (Unfortunately, they were not there from the start.) I believe newer (and future) versions of Perl have implicit strict pragmas. As previously mentioned, I don't run exim, and so I cannot test either this patch, or adding pragmas.

     
    exim.patch

  • Daniel Lewart

    Daniel Lewart - 2021-12-20

    Bjorn,

    Thank you for the comments and the improved patch!!
    My replies:
    1a) $SelfSignedH is not defined in the current repository or your patch
    1b) The other condition is outside the date range, so @SelfSignedH should not be added to
    2) Yes--that is a clever and superior solution!

    The patch does not work correctly because $SelfSignedH is not defined.

    You can test things by copying the "Warning" and "Suggested action" log lines above
    to /var/log/exim4/mainlog .

    Attached is a diff to your patch, which I have tested.

    By the way, do you know the meaning of the 'H' at the end of many array names?

    Thank you!
    Dan

     
    exim.diff

  • Bjorn

    Bjorn - 2021-12-20

    Thanks for the new patch - committed.

    And I don't know of the meaning of the 'H' suffix. It seems to be used for most (not all) arrays.

     

  • Bjorn

    Bjorn - 2022-01-01
    • status: open --> closed
     

Log in to post a comment.

MongoDB Logo MongoDB