Package: fetchmail
Version: 6.3.18-2
Severity: normal
Tags: patch
this problem applies to both the version in squeeze and sid's 6.3.21-3.
scenario: you want to remote-control fetchmail, but you don't want to write
passwords into files,
so you feed fetchmail a minimal rcfile via stdin with -f -. this by itself
works fine. if you also
want or need to use a --plugin (eg. socat for socks), then things fail badly:
the plugin is run without
a stdin fd, hence can't take input from fetchmail, lots of fun ensues.
plugins without -f - work fine, it's just the combination that fails.
explanation: the root cause is rcfile_y.y, line 493, which closes whatever fd
carried the rcfile. with -f -
this closes fetchmail's stdin - and so far that's unproblematic.
however, in socket.c lines 166ff things go wrong: fetchmail sets up the plugin
with a socketpair, which
will likely include the first unused fd - and fd zero is now indeed unused.
in line 180ff a dup2 replumbing from "that fd" (=zero) to zero is performed -
and then "that fd" is closed.
and hey presto, we've got no fd zero = stdin for the plugin.
solution: the simplest solution (patch attached) is to make the fclose of the
rcfile conditional,
ie. don't close if it's stdin. in the long run the dup2+close code might be
made more robust by
not doing a dup2+close if fd[0] is already 0 or 1.
regards
az
--- rcfile_y.y.orig 2012-05-03 14:12:01.000000000 +1000
+++ rcfile_y.y 2012-05-03 14:12:15.000000000 +1000
@@ -490,7 +490,8 @@
yyparse(); /* parse entire file */
- fclose(yyin); /* not checking this should be safe, file mode was r */
+ if (yyin != stdin)
+ fclose(yyin); /* not checking this should be safe, file mode was r */
if (prc_errflag)
return(PS_SYNTAX);
