------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=770
Summary: Daemon should reinitialize len before calling accept()
Product: Exim
Version: 4.69
Platform: All
OS/Version: FreeBSD
Status: NEW
Severity: bug
Priority: medium
Component: Networking
AssignedTo: nigel@???
ReportedBy: mdounin@???
CC: exim-dev@???
Created an attachment (id=279)
--> (
http://bugs.exim.org/attachment.cgi?id=279)
reinitialize len before calling accept()
In src/daemon.c, initialization for len argument of accept() syscall is done
only once per loop over active listening sockets. As a result if operation
system modifies len for some reason, for next socket accept() may be called
with invalid value of len.
At least FreeBSD resets len to 0 on error returned from accept() - and it may
happend e.g. on ECONNABORTED (i.e. client timed out before exim accepted
connection).
I've found this while digging into problem reported by Dmitriy Kirhlarov on
exim-user mailing list (
http://permalink.gmane.org/gmane.mail.exim.user/80428).
Dmitriy was observing connections being treated as connections from completely
unrelated ips as a result of this bug.
Patch attached. It was tested by Dmitriy Kirhlarov and resolves his problem.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
