diff options
author | Dirk Meyer <dinoex@FreeBSD.org> | 2009-10-26 08:46:44 +0000 |
---|---|---|
committer | Dirk Meyer <dinoex@FreeBSD.org> | 2009-10-26 08:46:44 +0000 |
commit | bce06ee935e758048a7136f322ecf2ad938077de (patch) | |
tree | a3abebd830273e0e87cc60b750d6db54dd182f35 /mail/sendmail/files | |
parent | 868cb0f55356bda1a83f20c6009588136aa8b409 (diff) |
- Security patch libmiter
SECURITY: fix DOS vulnerability in libmiter
Obtained from: Jose-Marcio Martins da Cruz
Notes
Notes:
svn path=/head/; revision=243318
Diffstat (limited to 'mail/sendmail/files')
-rw-r--r-- | mail/sendmail/files/patch-worker.c | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/mail/sendmail/files/patch-worker.c b/mail/sendmail/files/patch-worker.c new file mode 100644 index 000000000000..8852ca003f7d --- /dev/null +++ b/mail/sendmail/files/patch-worker.c @@ -0,0 +1,150 @@ +--- libmilter/worker.c.orig 2007-12-03 23:06:05.000000000 +0100 ++++ libmilter/worker.c 2009-06-15 09:46:29.000000000 +0200 +@@ -328,6 +328,8 @@ + int dim_pfd = 0; + bool rebuild_set = true; + int pcnt = 0; /* error count for poll() failures */ ++ time_t lastcheck; ++ int nfd = 0; + + Tskmgr.tm_tid = sthread_get_id(); + if (pthread_detach(Tskmgr.tm_tid) != 0) +@@ -345,12 +347,12 @@ + } + dim_pfd = PFD_STEP; + ++ lastcheck = time(NULL); + for (;;) + { + SMFICTX_PTR ctx; +- int nfd, rfd, i; ++ int rfd, i; + time_t now; +- time_t lastcheck; + + POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN)); + +@@ -364,20 +366,20 @@ + /* check for timed out sessions? */ + if (lastcheck + DT_CHECK_OLD_SESSIONS < now) + { +- SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link) ++ ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); ++ while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD)) + { ++ SMFICTX_PTR ctx_nxt; ++ ++ ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link); + if (ctx->ctx_wstate == WKST_WAITING) + { + if (ctx->ctx_wait == 0) +- { + ctx->ctx_wait = now; +- continue; +- } +- +- /* if session timed out, close it */ +- if (ctx->ctx_wait + OLD_SESSION_TIMEOUT +- < now) ++ else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT ++ < now) + { ++ /* if session timed out, close it */ + sfsistat (*fi_close) __P((SMFICTX *)); + + POOL_LEV_DPRINTF(4, +@@ -389,10 +391,9 @@ + (void) (*fi_close)(ctx); + + mi_close_session(ctx); +- ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); +- continue; + } + } ++ ctx = ctx_nxt; + } + lastcheck = now; + } +@@ -465,6 +466,7 @@ + } + } + } ++ rebuild_set = false; + } + + TASKMGR_UNLOCK(); +--- libsharedmilter/worker.c.orig 2007-12-03 23:06:05.000000000 +0100 ++++ libsharedmilter/worker.c 2009-06-15 09:46:29.000000000 +0200 +@@ -328,6 +328,8 @@ + int dim_pfd = 0; + bool rebuild_set = true; + int pcnt = 0; /* error count for poll() failures */ ++ time_t lastcheck; ++ int nfd = 0; + + Tskmgr.tm_tid = sthread_get_id(); + if (pthread_detach(Tskmgr.tm_tid) != 0) +@@ -345,12 +347,12 @@ + } + dim_pfd = PFD_STEP; + ++ lastcheck = time(NULL); + for (;;) + { + SMFICTX_PTR ctx; +- int nfd, rfd, i; ++ int rfd, i; + time_t now; +- time_t lastcheck; + + POOL_LEV_DPRINTF(4, ("Let's %s again...", WAITFN)); + +@@ -364,20 +366,20 @@ + /* check for timed out sessions? */ + if (lastcheck + DT_CHECK_OLD_SESSIONS < now) + { +- SM_TAILQ_FOREACH(ctx, &WRK_CTX_HEAD, ctx_link) ++ ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); ++ while (ctx != SM_TAILQ_END(&WRK_CTX_HEAD)) + { ++ SMFICTX_PTR ctx_nxt; ++ ++ ctx_nxt = SM_TAILQ_NEXT(ctx, ctx_link); + if (ctx->ctx_wstate == WKST_WAITING) + { + if (ctx->ctx_wait == 0) +- { + ctx->ctx_wait = now; +- continue; +- } +- +- /* if session timed out, close it */ +- if (ctx->ctx_wait + OLD_SESSION_TIMEOUT +- < now) ++ else if (ctx->ctx_wait + OLD_SESSION_TIMEOUT ++ < now) + { ++ /* if session timed out, close it */ + sfsistat (*fi_close) __P((SMFICTX *)); + + POOL_LEV_DPRINTF(4, +@@ -389,10 +391,9 @@ + (void) (*fi_close)(ctx); + + mi_close_session(ctx); +- ctx = SM_TAILQ_FIRST(&WRK_CTX_HEAD); +- continue; + } + } ++ ctx = ctx_nxt; + } + lastcheck = now; + } +@@ -465,6 +466,7 @@ + } + } + } ++ rebuild_set = false; + } + + TASKMGR_UNLOCK(); |