ph10 2006/04/04 10:09:45 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src ACKNOWLEDGMENTS
exim-src/src ip.c
exim-src/src/routers iplookup.c
Log:
Fix subtle but important bug in ip_connect(); it shouldn't close the
socket on a connection error. Also ensure that socket is closed in
iplookup.c after ip_connect() failure.
Revision Changes Path
1.337 +12 -0 exim/exim-doc/doc-txt/ChangeLog
1.45 +3 -1 exim/exim-src/ACKNOWLEDGMENTS
1.6 +3 -2 exim/exim-src/src/ip.c
1.7 +1 -0 exim/exim-src/src/routers/iplookup.c
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.336
retrieving revision 1.337
diff -u -r1.336 -r1.337
--- ChangeLog 4 Apr 2006 08:35:39 -0000 1.336
+++ ChangeLog 4 Apr 2006 09:09:44 -0000 1.337
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.336 2006/04/04 08:35:39 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.337 2006/04/04 09:09:44 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -339,6 +339,18 @@
a MIME-type, and this confuses some software.
PH/70 Catch two compiler warnings in sieve.c.
+
+PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
+ function verify_get_ident() calls ip_connect() to connect a socket, but
+ if the "connect()" function timed out, ip_connect() used to close the
+ socket. However, verify_get_ident() also closes the socket later, and in
+ between Exim writes to the log, which may get opened at this point. When
+ the socket was closed in ip_connect(), the log could get the same file
+ descriptor number as the socket. This naturally causes chaos. The fix is
+ not to close the socket in ip_connect(); the socket should be closed by
+ the function that creates it. There was only one place in the code where
+ this was missing, in the iplookup router, which I don't think anybody now
+ uses, but I've fixed it anyway.
Exim version 4.60
Index: ACKNOWLEDGMENTS
===================================================================
RCS file: /home/cvs/exim/exim-src/ACKNOWLEDGMENTS,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- ACKNOWLEDGMENTS 16 Mar 2006 12:07:55 -0000 1.44
+++ ACKNOWLEDGMENTS 4 Apr 2006 09:09:45 -0000 1.45
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-src/ACKNOWLEDGMENTS,v 1.44 2006/03/16 12:07:55 ph10 Exp $
+$Cambridge: exim/exim-src/ACKNOWLEDGMENTS,v 1.45 2006/04/04 09:09:45 ph10 Exp $
EXIM ACKNOWLEDGEMENTS
@@ -20,7 +20,7 @@
Philip Hazel
Lists created: 20 November 2002
-Last updated: 16 March 2006
+Last updated: 04 April 2006
THE OLD LIST
@@ -173,6 +173,7 @@
extension (exiscan)
Jürgen Kreileder Fix for cyrus_sasl advertisement problem
Friso Kuipers Patch for GDBM problem
+Matthias Lederhofer Diagnosing and patching obscure and subtle socket bug
Chris Liddiard Fix for bug in exiqsumm
Chris Lightfoot Patch for -restore-times in exim_lock
Edgar Lovecraft Patch for ${str2b64:
@@ -199,6 +200,7 @@
Support for the DrWeb content scanner
Andreas Mueller Patch for logging uncompleted SMTP transactions
Pete Naylor Patch for LDAP TCP connect timeout setting
+Alexander Newmann Diagnosing and patching obscure and subtle socket bug
Matthew Newton Patch for exicyclog log location problem
Marcin Owsiany Diagnosis of a tricky timeout failure bug
Eric Parusel Patch for tls_remember_esmtp
Index: ip.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/ip.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ip.c 16 Feb 2006 10:05:33 -0000 1.5
+++ ip.c 4 Apr 2006 09:09:45 -0000 1.6
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/ip.c,v 1.5 2006/02/16 10:05:33 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/ip.c,v 1.6 2006/04/04 09:09:45 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -165,7 +165,9 @@
*************************************************/
/* This function connects a socket to a remote address and port. The socket may
-or may not have previously been bound to a local interface.
+or may not have previously been bound to a local interface. The socket is not
+closed, even in cases of error. It is expected that the calling function, which
+created the socket, will be the one that closes it.
Arguments:
sock the socket
@@ -243,7 +245,6 @@
/* A failure whose error code is "Interrupted system call" is in fact
an externally applied timeout if the signal handler has been run. */
-(void)close(sock);
errno = (save_errno == EINTR && sigalrm_seen)? ETIMEDOUT : save_errno;
return -1;
}
Index: iplookup.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/routers/iplookup.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- iplookup.c 7 Feb 2006 11:19:02 -0000 1.6
+++ iplookup.c 4 Apr 2006 09:09:45 -0000 1.7
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/routers/iplookup.c,v 1.6 2006/02/07 11:19:02 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/routers/iplookup.c,v 1.7 2006/04/04 09:09:45 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -240,6 +240,7 @@
if (ip_connect(query_socket, host_af, h->address,ob->port, ob->timeout) < 0)
{
+ close(query_socket);
DEBUG(D_route)
debug_printf("connection to %s failed: %s\n", h->address,
strerror(errno));
