Package: mlmmj
Version: 1.2.11-7.1
Severity: grave
Tags: patch
Hi,
Here is included a patch against current MLMMJ version in Debian.
Please consider applying it and have it uploaded as a security fix,
this is really making MLMMJ crash, who knows what concequences on
that bug...
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (700, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23.9
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Versions of packages mlmmj depends on:
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii grep-dctrl 2.9.3 Grep Debian package information -
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii postfix [mail-transpor 2.3.8-2+b1 A high-performance mail transport
mlmmj recommends no packages.
-- debconf information excluded
diff -ur mlmmj-1.2.11/src/subscriberfuncs.c mlmmj-1.2.11.patched/src/subscriberfuncs.c
--- mlmmj-1.2.11/src/subscriberfuncs.c 2005-02-15 06:59:24.000000000 +0800
+++ mlmmj-1.2.11.patched/src/subscriberfuncs.c 2007-12-27 18:21:27.269083926 +0800
@@ -56,6 +56,10 @@
return (off_t)-1;
}
+ /* No need to check in 0-size file */
+ if(st.st_size == 0)
+ return (off_t)-1;
+
if((start = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) ==
MAP_FAILED) {
log_error(LOG_ARGS, "Could not mmap fd");
diff -ur mlmmj-1.2.11/src/getaddrsfromfd.c mlmmj-1.2.11.patched/src/getaddrsfromfd.c
--- mlmmj-1.2.11/src/getaddrsfromfd.c 2005-02-15 06:59:24.000000000 +0800
+++ mlmmj-1.2.11.patched/src/getaddrsfromfd.c 2007-12-27 18:31:28.944831839 +0800
@@ -22,6 +22,10 @@
return -1;
}
+ /* No need to check in 0-size file */
+ if(st.st_size == 0)
+ return (off_t)-1;
+
start = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
if(start == MAP_FAILED) {
log_error(LOG_ARGS, "Could not mmap fd");
