[Exim] Crash in queryprogram router?

Etusivu
Poista viesti
Vastaa
Lähettäjä: Andreas Metzler
Päiväys:  
Vastaanottaja: exim-users
Kopio: Stephan Helma
Aihe: [Exim] Crash in queryprogram router?
Hello,
Stephan Helma contacted me privately and explained that he was
experiencing crashes in exim when using the queryprogram router. He
traced the problem to the fact that queryprogram uses a fixed size
buffer[256] to capture the program's output and his program was
producing longer outputs.

I tried to reproduce the crash on my system (using a shell-script
consisting only of printf) but failed to. Glancing at the code however
I think I should, this looks like a off-by-one error[1]:

---------------
uschar buffer[256];
[...]
len = read(fd_out, buffer, sizeof(buffer));
[...]
while (len > 0 && isspace(buffer[len-1])) len--;
buffer[len] = 0;

DEBUG(D_route) debug_printf("command wrote: %s\n", buffer);
---------------

Imho only up to sizeof(buffer)-1 should be read or a dynamically
reallocted buffer should be used.

Stephan also provided a rough patch to resize the buffer dynamically,
I am not attaching it here because Stephan was not completely
convinced of the patch's quality.
                   cu andreas


[1] Please take everything I say about a C-program with a enormous
grain of salt, I am simply miserable at it.