Hello,
Stephan Helma contacted me privately and explained that he was
experiencing crashes in exim when using the queryprogram router. He
traced the problem to the fact that queryprogram uses a fixed size
buffer[256] to capture the program's output and his program was
producing longer outputs.
I tried to reproduce the crash on my system (using a shell-script
consisting only of printf) but failed to. Glancing at the code however
I think I should, this looks like a off-by-one error[1]:
---------------
uschar buffer[256];
[...]
len = read(fd_out, buffer, sizeof(buffer));
[...]
while (len > 0 && isspace(buffer[len-1])) len--;
buffer[len] = 0;
DEBUG(D_route) debug_printf("command wrote: %s\n", buffer);
---------------
Imho only up to sizeof(buffer)-1 should be read or a dynamically
reallocted buffer should be used.
Stephan also provided a rough patch to resize the buffer dynamically,
I am not attaching it here because Stephan was not completely
convinced of the patch's quality.
cu andreas
[1] Please take everything I say about a C-program with a enormous
grain of salt, I am simply miserable at it.
