mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-22 20:41:26 +00:00
Code Issues Releases Activity

Fixed zombie processes issue that was caused by the recently added

Browse Source 
security patch.

Approved by:	itetcu (mentor, implicit)
Reported by:	Ted Hatfield
Obtained from:	Fedora
This commit is contained in:
Niels Heinen 2010-05-12 14:11:41 +00:00
parent 7eb81e0db9
commit 7d0d23c05c
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=254201
3 changed files with 116 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mail/spamass-milter/Makefile
View File

@ -7,7 +7,7 @@
PORTNAME= spamass-milter
PORTVERSION= 0.3.1
PORTREVISION= 9
PORTREVISION= 10
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_SAVANNAH}
MASTER_SITE_SUBDIR= spamass-milt

243
mail/spamass-milter/files/patch-spamass-milter.cpp
View File

@ -1,32 +1,19 @@
--- spamass-milter.cpp.orig 2010-05-06 11:24:40.000000000 +0200
+++ spamass-milter.cpp 2010-05-06 11:25:01.000000000 +0200
@@ -171,10 +171,6 @@
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
-static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
-#endif
-
// {{{ main()
int
@@ -461,59 +457,24 @@
send another copy. The milter API will not let you send the
message AND return a failure code to the sender, so this is
the only way to do it. */
-#if defined(__FreeBSD__)
- int rv;
-#endif
-
--- spamass-milter.cpp.orig 2006-03-23 22:41:36.000000000 +0100
+++ spamass-milter.cpp 2010-05-12 12:05:02.000000000 +0200
@@ -465,26 +465,11 @@
int rv;
#endif
-#if defined(HAVE_ASPRINTF)
- char *buf;
-#else
- char buf[1024];
-#endif
- char *fmt="%s \"%s\"";
+ char *popen_argv[3];
FILE *p;
+ char sendmail_prog[] = SENDMAIL;
+ char *const popen_argv[] = { sendmail_prog, spambucket, NULL };
+ pid_t pid;
-#if defined(HAVE_ASPRINTF)
- asprintf(&buf, fmt, SENDMAIL, spambucket);
@ -40,21 +27,16 @@
-#endif
-
- debug(D_COPY, "calling %s", buf);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
rv = pthread_mutex_lock(&popen_mutex);
if (rv)
@@ -493,15 +478,17 @@
abort();
}
#endif
- p = popen(buf, "w");
+ popen_argv[0] = SENDMAIL;
+ popen_argv[1] = spambucket;
+ popen_argv[2] = NULL;
+
+ debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
+ p = popenv(popen_argv, "w");
+ p = popenv(popen_argv, "w", &pid);
if (!p)
{
- debug(D_COPY, "popen failed(%s). Will not send a copy to spambucket", strerror(errno));
@ -65,54 +47,48 @@
fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
- pclose(p); p = NULL;
+ fclose(p); p = NULL;
+ waitpid(pid, NULL, 0);
}
-#if defined(__FreeBSD__)
- rv = pthread_mutex_unlock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
#if defined(__FreeBSD__)
rv = pthread_mutex_unlock(&popen_mutex);
@@ -511,9 +498,6 @@
abort();
}
#endif
-#if defined(HAVE_ASPRINTF)
- free(buf);
-#endif
}
return SMFIS_REJECT;
}
@@ -842,30 +803,19 @@
@@ -842,16 +826,12 @@
/* open a pipe to sendmail so we can do address expansion */
char buf[1024];
- char *fmt="%s -bv \"%s\" 2>&1";
-
+ char sendmail_prog[] = SENDMAIL;
+ char sendmail_mode[] = "-bv";
+ char * const popen_argv[] = { sendmail_prog, sendmail_mode, envrcpt[0], NULL };
+ pid_t pid;
-#if defined(HAVE_SNPRINTF)
- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
-#else
- /* XXX possible buffer overflow here */
- sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
-#endif
+ char *popen_argv[4];
+
+ popen_argv[0] = SENDMAIL;
+ popen_argv[1] = "-bv";
+ popen_argv[2] = envrcpt[0];
+ popen_argv[3] = NULL;
-
- debug(D_RCPT, "calling %s", buf);
+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
-#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
-
#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
rv = pthread_mutex_lock(&popen_mutex);
@@ -862,10 +842,10 @@
}
#endif
- p = popen(buf, "r");
+ p = popenv(popen_argv, "r");
+ p = popenv(popen_argv, "r", &pid);
if (!p)
{
- debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno));
@ -120,92 +96,97 @@
assassin->expandedrcpt.push_back(envrcpt[0]);
} else
{
@@ -890,16 +840,8 @@
@@ -890,7 +870,8 @@
assassin->expandedrcpt.push_back(p+7);
}
}
- pclose(p); p = NULL;
+ fclose(p); p = NULL;
+ waitpid(pid, NULL, 0);
}
-#if defined(__FreeBSD__)
- rv = pthread_mutex_unlock(&popen_mutex);
- if (rv)
- {
- debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
- abort();
- }
-#endif
#if defined(__FreeBSD__)
rv = pthread_mutex_unlock(&popen_mutex);
@@ -1002,9 +983,9 @@
assassin->output((string)
"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
+ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
macro_b+"\r\n\t"+
- "(envelope-from "+assassin->from()+"\r\n");
+ "(envelope-from "+assassin->from()+")\r\n");
} else
{
assassin->expandedrcpt.push_back(envrcpt[0]);
@@ -2157,5 +2099,71 @@
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
@@ -2157,5 +2138,72 @@
warnedmacro = true;
}
+/*
+ untrusted-argument-safe popen function - only supports "r" and "w" modes
+ for simplicity, and always reads stdout and stderr in "r" mode. Call
+ fclose to close the FILE.
+ fclose to close the FILE, and waitpid to reap the child process (pid).
+*/
+FILE *popenv(char *const argv[], const char *type)
+FILE *popenv(char *const argv[], const char *type, pid_t *pid)
+{
+ FILE *iop;
+ int pdes[2];
+ int save_errno;
+ if ((*type != 'r' && *type != 'w') || type[1])
+ {
+ errno = EINVAL;
+ return (NULL);
+ }
+ if (pipe(pdes) < 0)
+ return (NULL);
+ switch (fork()) {
+
+ case -1: /* Error. */
+ save_errno = errno;
+ (void)close(pdes[0]);
+ (void)close(pdes[1]);
+ errno = save_errno;
+ return (NULL);
+ /* NOTREACHED */
+ case 0: /* Child. */
+ if (*type == 'r') {
+ /*
+ * The dup2() to STDIN_FILENO is repeated to avoid
+ * writing to pdes[1], which might corrupt the
+ * parent's copy. This isn't good enough in
+ * general, since the exit() is no return, so
+ * the compiler is free to corrupt all the local
+ * variables.
+ */
+ (void)close(pdes[0]);
+ (void)dup2(pdes[1], STDOUT_FILENO);
+ (void)dup2(pdes[1], STDERR_FILENO);
+ if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
+ (void)close(pdes[1]);
+ }
+ } else {
+ if (pdes[0] != STDIN_FILENO) {
+ (void)dup2(pdes[0], STDIN_FILENO);
+ (void)close(pdes[0]);
+ }
+ (void)close(pdes[1]);
+ }
+ execv(argv[0], argv);
+ exit(127);
+ /* NOTREACHED */
+ }
+ FILE *iop;
+ int pdes[2];
+ int save_errno;
+
+ /* Parent; assume fdopen can't fail. */
+ if (*type == 'r') {
+ iop = fdopen(pdes[0], type);
+ (void)close(pdes[1]);
+ } else {
+ iop = fdopen(pdes[1], type);
+ (void)close(pdes[0]);
+ }
+ if ((*type != 'r' && *type != 'w') || type[1])
+ {
+ errno = EINVAL;
+ return (NULL);
+ }
+ if (pipe(pdes) < 0)
+ return (NULL);
+ switch (*pid = fork()) {
+
+ return (iop);
+ case -1: /* Error. */
+ save_errno = errno;
+ (void)close(pdes[0]);
+ (void)close(pdes[1]);
+ errno = save_errno;
+ return (NULL);
+ /* NOTREACHED */
+ case 0: /* Child. */
+ if (*type == 'r') {
+ /*
+ * The dup2() to STDIN_FILENO is repeated to avoid
+ * writing to pdes[1], which might corrupt the
+ * parent's copy. This isn't good enough in
+ * general, since the exit() is no return, so
+ * the compiler is free to corrupt all the local
+ * variables.
+ */
+ (void)close(pdes[0]);
+ (void)dup2(pdes[1], STDOUT_FILENO);
+ (void)dup2(pdes[1], STDERR_FILENO);
+ if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
+ (void)close(pdes[1]);
+ }
+ } else {
+ if (pdes[0] != STDIN_FILENO) {
+ (void)dup2(pdes[0], STDIN_FILENO);
+ (void)close(pdes[0]);
+ }
+ (void)close(pdes[1]);
+ }
+ execv(argv[0], argv);
+ exit(127);
+ /* NOTREACHED */
+ }
+
+ /* Parent; assume fdopen can't fail. */
+ if (*type == 'r') {
+ iop = fdopen(pdes[0], type);
+ (void)close(pdes[1]);
+ } else {
+ iop = fdopen(pdes[1], type);
+ (void)close(pdes[0]);
+ }
+
+ return (iop);
+}
+
// }}}

6
mail/spamass-milter/files/patch-spamass-milter.h
View File

@ -1,9 +1,9 @@
--- spamass-milter.h.orig 2006-03-23 23:07:55.000000000 +0100
+++ spamass-milter.h 2010-05-06 11:25:01.000000000 +0200
--- spamass-milter.h.orig 2010-05-12 11:58:14.000000000 +0200
+++ spamass-milter.h 2010-05-12 12:05:27.000000000 +0200
@@ -186,5 +186,6 @@
void parse_debuglevel(char* string);
char *strlwr(char *str);
void warnmacro(char *macro, char *scope);
+FILE *popenv(char *const argv[], const char *type);
+FILE *popenv(char *const argv[], const char *type, pid_t *pid);
#endif