From 3fad8e0c3418bc561f255f2cad395f954309d19f Mon Sep 17 00:00:00 2001 From: gdt Date: Fri, 18 Mar 2011 15:26:30 +0000 Subject: Memory allocation hygiene fix from PR pkg/44704. spamass-milter forks, allocates memory and then execs, violating locking rules. This commit adds a patch from Juergen Hannken-Illjes that moves the allocation above the fork. TODO: upstream is recently alive again, after 5 years with no releases. Push these fixes upstream. --- mail/spamass-milter/Makefile | 4 +- mail/spamass-milter/distinfo | 4 +- mail/spamass-milter/patches/patch-aa | 79 ++++++++++++++++++++++++++++++++---- 3 files changed, 74 insertions(+), 13 deletions(-) (limited to 'mail/spamass-milter') diff --git a/mail/spamass-milter/Makefile b/mail/spamass-milter/Makefile index bd442ec0626..0e22c51e8e4 100644 --- a/mail/spamass-milter/Makefile +++ b/mail/spamass-milter/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.30 2010/06/10 12:30:21 gdt Exp $ +# $NetBSD: Makefile,v 1.31 2011/03/18 15:26:30 gdt Exp $ # DISTNAME= spamass-milter-0.3.1 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= mail MASTER_SITES= http://savannah.nongnu.org/download/spamass-milt/ diff --git a/mail/spamass-milter/distinfo b/mail/spamass-milter/distinfo index 095c009472a..59b246e97ba 100644 --- a/mail/spamass-milter/distinfo +++ b/mail/spamass-milter/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10 2010/09/10 23:33:42 gdt Exp $ +$NetBSD: distinfo,v 1.11 2011/03/18 15:26:30 gdt Exp $ SHA1 (spamass-milter-0.3.1.tar.gz) = dd488eb9ab1f230440fba8a729bee80550f2fbff RMD160 (spamass-milter-0.3.1.tar.gz) = 5db6af6b31de1bf83eafbd9713d81cdc957b5033 @@ -6,6 +6,6 @@ Size (spamass-milter-0.3.1.tar.gz) = 141144 bytes SHA1 (spamass-milter-001.patch) = d37227f95808479dc4d6ba5c76ddd2413b4530d3 RMD160 (spamass-milter-001.patch) = eef17cb4506e6f5c0908b6872b7fb5dcd8bc2e16 Size (spamass-milter-001.patch) = 2435 bytes -SHA1 (patch-aa) = 13ba0413c28d14cd1a18d42a0b09ca26b358d913 +SHA1 (patch-aa) = f5fd2951082c916e3cae1746f8921793ff09b567 SHA1 (patch-ab) = 03f7d4abc24e950fd44a4adbb708f3433d111643 SHA1 (patch-ac) = 851cbceab64b1a391cfe0aad0ba5a86c88218eb0 diff --git a/mail/spamass-milter/patches/patch-aa b/mail/spamass-milter/patches/patch-aa index fd5385cf5bd..1e3f340e959 100644 --- a/mail/spamass-milter/patches/patch-aa +++ b/mail/spamass-milter/patches/patch-aa @@ -1,6 +1,6 @@ -$NetBSD: patch-aa,v 1.4 2010/09/10 23:33:42 gdt Exp $ +$NetBSD: patch-aa,v 1.5 2011/03/18 15:26:30 gdt Exp $ -This patch has hunks for three separate reasons: +This patch has hunks for multiple reasons: 1) Ancient fix to avoid going beyond s2. @@ -13,7 +13,9 @@ authenticated users, from: http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2006-November/106024.html ---- spamass-milter.cpp.orig 2010-09-10 15:50:58.000000000 +0000 +4) Avoid memory allocation in after fork and before exec. From PR pkg/44704. + +--- spamass-milter.cpp.orig 2011-03-18 15:15:56.000000000 +0000 +++ spamass-milter.cpp @@ -170,10 +170,7 @@ char *spambucket; bool flag_full_email = false; /* pass full email address to spamc */ @@ -160,8 +162,6 @@ authenticated users, from: - /* XXX possible buffer overflow here */ - sprintf(buf, fmt, SENDMAIL, envrcpt[0]); -#endif -- -- debug(D_RCPT, "calling %s", buf); + char *popen_argv[4]; + + popen_argv[0] = SENDMAIL; @@ -169,6 +169,9 @@ authenticated users, from: + popen_argv[2] = envrcpt[0]; + popen_argv[3] = NULL; +- debug(D_RCPT, "calling %s", buf); ++ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]); + -#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ - rv = pthread_mutex_lock(&popen_mutex); - if (rv) @@ -177,8 +180,7 @@ authenticated users, from: - abort(); - } -#endif -+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]); - +- - p = popen(buf, "r"); + p = popenv(popen_argv, "r"); if (!p) @@ -206,7 +208,66 @@ authenticated users, from: } else { assassin->expandedrcpt.push_back(envrcpt[0]); -@@ -2033,7 +1989,7 @@ cmp_nocase_partial(const string& s, cons +@@ -1343,6 +1299,22 @@ SpamAssassin::~SpamAssassin() + + void SpamAssassin::Connect() + { ++ int argc; ++ char *argv[100]; ++ char spamc_user[64]; ++ ++ if (expandedrcpt.size() != 1) { ++ debug(D_RCPT, "%d recipients; spamc gets default username %s", (int)expandedrcpt.size(), defaultuser); ++ strlcpy(spamc_user, defaultuser, sizeof(spamc_user)); ++ } else { ++ if (flag_full_email) ++ strlcpy(spamc_user, full_user().c_str(), sizeof(spamc_user)); ++ else ++ strlcpy(spamc_user, local_user().c_str(), sizeof(spamc_user)); ++ strlwr(spamc_user); ++ debug(D_RCPT, "spamc gets %s", spamc_user); ++ } ++ + // set up pipes for in- and output + if (pipe(pipe_io[0])) + throw string(string("pipe error: ")+string(strerror(errno))); +@@ -1376,33 +1348,12 @@ void SpamAssassin::Connect() + // absolute path (determined in autoconf) + // should be a little more secure + // XXX arbitrary 100-argument max +- int argc = 0; +- char** argv = (char**) malloc(100*sizeof(char*)); ++ argc = 0; + argv[argc++] = SPAMC; + if (flag_sniffuser) + { + argv[argc++] = "-u"; +- if ( expandedrcpt.size() != 1 ) +- { +- // More (or less?) than one recipient, so we pass the default +- // username to SPAMC. This way special rules can be defined for +- // multi recipient messages. +- debug(D_RCPT, "%d recipients; spamc gets default username %s", (int)expandedrcpt.size(), defaultuser); +- argv[argc++] = defaultuser; +- } else +- { +- // There is only 1 recipient so we pass the username +- // (converted to lowercase) to SPAMC. Don't worry about +- // freeing this memory as we're exec()ing anyhow. +- if (flag_full_email) +- argv[argc] = strlwr(strdup(full_user().c_str())); +- else +- argv[argc] = strlwr(strdup(local_user().c_str())); +- +- debug(D_RCPT, "spamc gets %s", argv[argc]); +- +- argc++; +- } ++ argv[argc++] = spamc_user; + } + if (spamdhost) + { +@@ -2033,7 +1984,7 @@ cmp_nocase_partial(const string& s, cons string::const_iterator p=s.begin(); string::const_iterator p2=s2.begin(); @@ -215,7 +276,7 @@ authenticated users, from: if (toupper(*p) != toupper(*p2)) { debug(D_STR, "c_nc_p: <%s><%s> : miss", s.c_str(), s2.c_str()); -@@ -2157,5 +2113,71 @@ void warnmacro(char *macro, char *scope) +@@ -2157,5 +2108,71 @@ void warnmacro(char *macro, char *scope) warnedmacro = true; } -- cgit v1.2.3