diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2005-12-08 12:57:31 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2005-12-08 12:57:31 +0000 |
commit | d7d618addc5183368639e16cf40992a8a5b22f55 (patch) | |
tree | 663f1e983ea6e8ca6681e5945af16989f5ac006c | |
parent | b3f58d5f75da9c28129972ce2343f423afadb5ff (diff) | |
download | fetchmail-d7d618addc5183368639e16cf40992a8a5b22f55.tar.gz fetchmail-d7d618addc5183368639e16cf40992a8a5b22f55.tar.bz2 fetchmail-d7d618addc5183368639e16cf40992a8a5b22f55.zip |
Fix segfault in multidrop mode with headerless email.
Reported by Daniel Drake, patch by Sunil Shetye.
This was actually modified from Sunil's patch to leave the if() {...} braces
in the code to avoid ambiguities later.
svn path=/branches/BRANCH_6-3/; revision=4530
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | transact.c | 31 |
2 files changed, 12 insertions, 21 deletions
@@ -30,6 +30,8 @@ fetchmail 6.3.1 (not yet released): that we are not using. Patch by Sunil Shetye. (MA) * Plug potential memory and socket leak when polling multiple folders or when the upstream sends bogus message sizes. Patch by Sunil Shetye. (MA) +* Fix segfault in multidrop mode with headerless email. + Reported by Daniel Drake, patch by Sunil Shetye. (MA) fetchmail 6.3.0 (released 2005-11-30): @@ -407,16 +407,14 @@ int readheaders(int sock, * condition the code for sending bouncemail will actually look * at the freed storage and coredump... */ - if (msgblk.headers) - free(msgblk.headers); + xfree(msgblk.headers); free_str_list(&msgblk.recipients); - if (delivered_to) - free(delivered_to); + xfree(delivered_to); /* initially, no message digest */ memset(ctl->digest, '\0', sizeof(ctl->digest)); - msgblk.headers = received_for = delivered_to = NULL; + received_for = NULL; from_offs = reply_to_offs = resent_from_offs = app_from_offs = sender_offs = resent_sender_offs = env_offs = -1; oldlen = 0; @@ -441,8 +439,6 @@ int readheaders(int sock, if ((n = SockRead(sock, buf, sizeof(buf)-1)) == -1) { set_timeout(0); free(line); - free(msgblk.headers); - msgblk.headers = NULL; return(PS_SOCKET); } set_timeout(0); @@ -911,8 +907,6 @@ int readheaders(int sock, if (retain_mail) { - free(msgblk.headers); - msgblk.headers = NULL; return(PS_RETAINED); } if (refuse_mail) @@ -944,8 +938,13 @@ int readheaders(int sock, * Don't mess with this code casually. It would be way too easy * to break it in a way that blackholed mail. Better to pass * the occasional duplicate than to do that... + * + * Matthias Andree: + * The real fix however is to insist on Delivered-To: or similar + * headers and require that one copy per recipient be dropped. + * Everything else breaks sooner or later. */ - if (MULTIDROP(ctl)) + if (MULTIDROP(ctl) && msgblk.headers) { MD5_CTX context; @@ -1055,8 +1054,7 @@ int readheaders(int sock, ctl->server.envelope && !strcasecmp(ctl->server.envelope, "Delivered-To")) { find_server_names(delivered_to, ctl, &msgblk.recipients); - free(delivered_to); - delivered_to = NULL; + xfree(delivered_to); } else if (received_for) /* @@ -1118,9 +1116,6 @@ int readheaders(int sock, if (outlevel >= O_DEBUG) report(stdout, GT_("forwarding and deletion suppressed due to DNS errors\n")); - free(msgblk.headers); - msgblk.headers = NULL; - free_str_list(&msgblk.recipients); return(PS_TRANSIENT); } else @@ -1129,9 +1124,6 @@ int readheaders(int sock, if ((n = open_sink(ctl, &msgblk, &good_addresses, &bad_addresses)) != PS_SUCCESS) { - free(msgblk.headers); - msgblk.headers = NULL; - free_str_list(&msgblk.recipients); return(n); } } @@ -1231,9 +1223,6 @@ int readheaders(int sock, { report(stdout, GT_("writing RFC822 msgblk.headers\n")); release_sink(ctl); - free(msgblk.headers); - msgblk.headers = NULL; - free_str_list(&msgblk.recipients); return(PS_IOERR); } else if ((run.poll_interval == 0 || nodetach) && outlevel >= O_VERBOSE && !is_a_file(1) && !run.use_syslog) |