Hello cyrus-developers,
Hello cyrus-user,
I think I found a bug in lmtpengine.c. In function savemsg with
defined SSL xrealloc is used and may move the old pointer p to a new
memory segment. So it may be, that the pointers contained in the
array fold point to an old memory segment and they are not sufficient
for pointer calculation afterwards.
Sorry, that I explained the above that detailed, but it was just to
verify myself, that I'm not telling something wrong.
I've tried too build a fix, but I'm not a real c-hacker, so take it or
through it away, if it is not good enough for your needs (at least at
my installations it works):
diff -aurN cyrus-imapd-2.2.8/imap/lmtpengine.c
cyrus-imapd-2.2.8-patched/imap/lmtpengine.c
--- cyrus-imapd-2.2.8/imap/lmtpengine.c Mon Jul 19 17:39:46 2004
+++ cyrus-imapd-2.2.8-patched/imap/lmtpengine.c Fri Aug 6 20:29:35 2004
@@ -615,8 +615,8 @@
"Return-Path", /* need to remove (we add our own) */
NULL
};
- char *addbody, *fold[5], *p;
- int addlen, nfold, i;
+ char *addbody, *p, *t;
+ int addlen, fold[5], nfold, i;
/* Copy to spool file */
f = func->spoolfile(m);
@@ -659,17 +659,20 @@
if (m->authuser) addlen += 28 + strlen(m->authuser) + 5; /* +5 for ssf */
addlen += 25 + strlen(config_servername) + strlen(CYRUS_VERSION);
addlen += 2 + strlen(datestr);
- p = addbody = xmalloc(addlen + 1);
+ t = p = addbody = xmalloc(addlen + 1);
nfold = 0;
p += sprintf(p, "from %s (%s)", cd->lhlo_param, cd->clienthost);
- fold[nfold++] = p;
+ fold[nfold++] = p - t;
+ t = p;
+
if (m->authuser) {
const int *ssfp;
sasl_getprop(cd->conn, SASL_SSF, (const void **) &ssfp);
p += sprintf(p, " (authenticated user=%s bits=%d)",
m->authuser, *ssfp);
- fold[nfold++] = p;
+ fold[nfold++] = p - t;
+ t = p;
}
/* We are always atleast "with LMTPA" -- no unauth delivery */
@@ -688,22 +691,23 @@
tls_get_info(cd->tls_conn, tls_info, sizeof(tls_info));
if (*tls_info) {
size_t offset = p - addbody;
- fold[nfold++] = p;
+ fold[nfold++] = p - t;
addlen += 3 + strlen(tls_info);
addbody = xrealloc(addbody, addlen + 1);
- p = addbody + offset;
+ t = p = addbody + offset;
p += sprintf(p, " (%s)", tls_info);
}
}
#endif /* HAVE_SSL */
strcat(p++, ";");
- fold[nfold++] = p;
+ fold[nfold++] = p - t;
+ t = p;
p += sprintf(p, " %s", datestr);
fprintf(f, "Received: ");
- for (i = 0, p = addbody; i < nfold; p = fold[i], i++) {
- fprintf(f, "%.*s\r\n\t", fold[i] - p, p);
+ for (i = 0, t = p = addbody; i < nfold; p = t + fold[i], t = p, i++) {
+ fprintf(f, "%.*s\r\n\t", fold[i], p);
}
fprintf(f, "%s\r\n", p);
spool_cache_header(xstrdup("Received"), addbody, m->hdrcache);
Kind regards,
Christian Stüllenberg
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
