[exim-dev] [Bug 1482] New: smtp_deliver() outbuffer too sma…

Página Inicial
Delete this message
Reply to this message
Autor: Wolfgang Breyha
Data:  
Para: exim-dev
Assunto: [exim-dev] [Bug 1482] New: smtp_deliver() outbuffer too small
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1482
           Summary: smtp_deliver() outbuffer  too small
           Product: Exim
           Version: 4.82
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Delivery in general
        AssignedTo: nigel@???
        ReportedBy: wbreyha@???
                CC: exim-dev@???



My DSN patch revealed some oddities in the delivery process.

Some "funny" sender set an ENVID with 1024 chars length. Sending this ENVID
along with SMTP fails because:

smtp.c:smtp_deliver() uses
uschar buffer[4096];
uschar outbuffer[1024];

The "MAIL FROM" command is constructed using buffer. The long ENVID (or
theoretically any other component) uses >1024 characters of buffer.

At the end
---
rc = smtp_write_command(&outblock, smtp_use_pipelining,
       "MAIL FROM:<%s>%s\r\n", return_path, buffer);
---
is called. outblock->buffer == outbuffer with size 1024.


In smtp_write_command() the final string is built to big_buffer and count holds
the final size.

Then the block
---
if (count > outblock->buffersize - (outblock->ptr - outblock->buffer))
  {
  rc = outblock->cmd_count;                 /* flush resets */
  if (!flush_buffer(outblock)) return -1;
  }
---
is reached. Since count (>1024) is always > outblock->buffersize (1024) 
flush_buffer() is called, but outblock is still empty.


flush_buffer() now calls
---
#ifdef SUPPORT_TLS
if (tls_out.active == outblock->sock)
rc = tls_write(FALSE, outblock->buffer, outblock->ptr - outblock->buffer);
else
#endif

rc = send(outblock->sock, outblock->buffer, outblock->ptr - outblock->buffer,
0);
if (rc <= 0)
{
HDEBUG(D_transport|D_acl) debug_printf("send failed: %s\n", strerror(errno));
return FALSE;
}
---
In my case it was a tls session using openssl. Since size == 0, rc == 0.

And here is the second oddity. The error says:
send failed: Success
since errno == 0, too. Later on this is also written to the log...
== xxxxxxxxxx@??? <xxxxxxxxxxxx@???> R=relay_domains
T=remote_smtp defer (0): send() to xxxxxx.xx.univie.ac.at [131.130.xxx.xxx]
failed: Success

I think outbuffer size needs to be at least sizeof(buffer). This will prevent
the "failed: Success" oddity, too.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email