[exim-dev] [Bug 770] New: Daemon should reinitialize len bef…

Top Page
Delete this message
Reply to this message
Author: Maxim Dounin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 770] New: Daemon should reinitialize len before calling accept()
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=770
           Summary: Daemon should reinitialize len before calling accept()
           Product: Exim
           Version: 4.69
          Platform: All
        OS/Version: FreeBSD
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Networking
        AssignedTo: nigel@???
        ReportedBy: mdounin@???
                CC: exim-dev@???



Created an attachment (id=279)
--> (http://bugs.exim.org/attachment.cgi?id=279)
reinitialize len before calling accept()

In src/daemon.c, initialization for len argument of accept() syscall is done
only once per loop over active listening sockets. As a result if operation
system modifies len for some reason, for next socket accept() may be called
with invalid value of len.

At least FreeBSD resets len to 0 on error returned from accept() - and it may
happend e.g. on ECONNABORTED (i.e. client timed out before exim accepted
connection).

I've found this while digging into problem reported by Dmitriy Kirhlarov on
exim-user mailing list (http://permalink.gmane.org/gmane.mail.exim.user/80428).
Dmitriy was observing connections being treated as connections from completely
unrelated ips as a result of this bug.

Patch attached. It was tested by Dmitriy Kirhlarov and resolves his problem.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email