Fixed zombie processes issue that was caused by the recently added

security patch. Approved by: itetcu (mentor, implicit) Reported by: Ted Hatfield Obtained from: Fedora
author: Niels Heinen <niels@FreeBSD.org> 2010-05-12 14:11:41 +0000
committer: Niels Heinen <niels@FreeBSD.org> 2010-05-12 14:11:41 +0000
commit: 7d0d23c05c3162a4efab9e73e6b3fe6d818f29b5 (patch)
tree: 1208bede76aade7ec8a834d69f63fc2e5a802f89 /mail/spamass-milter
parent: 7eb81e0db9b476cf083e4ab4e26ab550b9eca671 (diff)
download: ports-7d0d23c05c3162a4efab9e73e6b3fe6d818f29b5.tar.gz
ports-7d0d23c05c3162a4efab9e73e6b3fe6d818f29b5.zip
3 files changed, 116 insertions, 135 deletions
diff --git a/mail/spamass-milter/Makefile b/mail/spamass-milter/Makefile
index 1903ce1e2992..63cf2305cb5a 100644
--- a/mail/spamass-milter/Makefile
+++ b/mail/spamass-milter/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	spamass-milter
 PORTVERSION=	0.3.1
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_SAVANNAH}
 MASTER_SITE_SUBDIR=	spamass-milt
diff --git a/mail/spamass-milter/files/patch-spamass-milter.cpp b/mail/spamass-milter/files/patch-spamass-milter.cpp
index 37172fa89d0b..dcf4af0bdb48 100644
--- a/mail/spamass-milter/files/patch-spamass-milter.cpp
+++ b/mail/spamass-milter/files/patch-spamass-milter.cpp
@@ -1,32 +1,19 @@
---- spamass-milter.cpp.orig	2010-05-06 11:24:40.000000000 +0200
-+++ spamass-milter.cpp	2010-05-06 11:25:01.000000000 +0200
-@@ -171,10 +171,6 @@
- bool flag_expand = false;	/* alias/virtusertable expansion */
- bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
- 
--#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
--static pthread_mutex_t popen_mutex = PTHREAD_MUTEX_INITIALIZER;
--#endif
--
- // {{{ main()
- 
- int
-@@ -461,59 +457,24 @@
- 			   send another copy.  The milter API will not let you send the
- 			   message AND return a failure code to the sender, so this is
- 			   the only way to do it. */
--#if defined(__FreeBSD__)
--			int rv;
--#endif
--			
+--- spamass-milter.cpp.orig	2006-03-23 22:41:36.000000000 +0100
++++ spamass-milter.cpp	2010-05-12 12:05:02.000000000 +0200
+@@ -465,26 +465,11 @@
+ 			int rv;
+ #endif
+ 			
 -#if defined(HAVE_ASPRINTF)
 -			char *buf;
 -#else
 -			char buf[1024];
 -#endif
 -			char *fmt="%s \"%s\"";
-+			char *popen_argv[3];
  			FILE *p;
++			char sendmail_prog[] = SENDMAIL;
++			char *const popen_argv[] = { sendmail_prog, spambucket, NULL };
++			pid_t pid;
  
 -#if defined(HAVE_ASPRINTF)
 -			asprintf(&buf, fmt, SENDMAIL, spambucket);
@@ -40,21 +27,16 @@
 -#endif
 -
 -			debug(D_COPY, "calling %s", buf);
--#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
--			rv = pthread_mutex_lock(&popen_mutex);
--			if (rv)
--			{
--				debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
--				abort();
--			}		
--#endif
+ #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
+ 			rv = pthread_mutex_lock(&popen_mutex);
+ 			if (rv)
+@@ -493,15 +478,17 @@
+ 				abort();
+ 			}		
+ #endif
 -			p = popen(buf, "w");
-+			popen_argv[0] = SENDMAIL;
-+			popen_argv[1] = spambucket;
-+			popen_argv[2] = NULL;
-+			
 +			debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
-+			p = popenv(popen_argv, "w");
++			p = popenv(popen_argv, "w", &pid);
  			if (!p)
  			{
 -				debug(D_COPY, "popen failed(%s).  Will not send a copy to spambucket", strerror(errno));
@@ -65,54 +47,48 @@
  				fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
 -				pclose(p); p = NULL;
 +				fclose(p); p = NULL;
++				waitpid(pid, NULL, 0);
  			}
--#if defined(__FreeBSD__)
--			rv = pthread_mutex_unlock(&popen_mutex);
--			if (rv)
--			{
--				debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
--				abort();
--			}		
--#endif
+ #if defined(__FreeBSD__)
+ 			rv = pthread_mutex_unlock(&popen_mutex);
+@@ -511,9 +498,6 @@
+ 				abort();
+ 			}		
+ #endif
 -#if defined(HAVE_ASPRINTF)
 -			free(buf);
 -#endif 
  		}
  		return SMFIS_REJECT;
  	}
-@@ -842,30 +803,19 @@
+@@ -842,16 +826,12 @@
  		/* open a pipe to sendmail so we can do address expansion */
  
  		char buf[1024];
 -		char *fmt="%s -bv \"%s\" 2>&1";
--
++		char sendmail_prog[] = SENDMAIL;
++		char sendmail_mode[] = "-bv";
++		char * const popen_argv[] = { sendmail_prog, sendmail_mode, envrcpt[0], NULL };
++		pid_t pid;
+ 
 -#if defined(HAVE_SNPRINTF)
 -		snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
 -#else
 -		/* XXX possible buffer overflow here */
 -		sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
 -#endif
-+		char *popen_argv[4];
-+		
-+		popen_argv[0] = SENDMAIL;
-+		popen_argv[1] = "-bv";
-+		popen_argv[2] = envrcpt[0];
-+		popen_argv[3] = NULL;
- 
+-
 -		debug(D_RCPT, "calling %s", buf);
 +		debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
  
--#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
--		rv = pthread_mutex_lock(&popen_mutex);
--		if (rv)
--		{
--			debug(D_ALWAYS, "Could not lock popen mutex: %s", strerror(rv));
--			abort();
--		}		
--#endif
--
+ #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
+ 		rv = pthread_mutex_lock(&popen_mutex);
+@@ -862,10 +842,10 @@
+ 		}		
+ #endif
+ 
 -		p = popen(buf, "r");
-+		p = popenv(popen_argv, "r");
++		p = popenv(popen_argv, "r", &pid);
  		if (!p)
  		{
 -			debug(D_RCPT, "popen failed(%s).  Will not expand aliases", strerror(errno));
@@ -120,92 +96,97 @@
  			assassin->expandedrcpt.push_back(envrcpt[0]);
  		} else
  		{
-@@ -890,16 +840,8 @@
+@@ -890,7 +870,8 @@
  					assassin->expandedrcpt.push_back(p+7);
  				}
  			}
 -			pclose(p); p = NULL;
 +			fclose(p); p = NULL;
++			waitpid(pid, NULL, 0);
  		}
--#if defined(__FreeBSD__)
--		rv = pthread_mutex_unlock(&popen_mutex);
--		if (rv)
--		{
--			debug(D_ALWAYS, "Could not unlock popen mutex: %s", strerror(rv));
--			abort();
--		}		
--#endif
+ #if defined(__FreeBSD__)
+ 		rv = pthread_mutex_unlock(&popen_mutex);
+@@ -1002,9 +983,9 @@
+ 
+ 		assassin->output((string)
+ 			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+-			"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
++			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+ 			macro_b+"\r\n\t"+
+-			"(envelope-from "+assassin->from()+"\r\n");
++			"(envelope-from "+assassin->from()+")\r\n");
+ 
  	} else
- 	{
- 		assassin->expandedrcpt.push_back(envrcpt[0]);
-@@ -2157,5 +2099,71 @@
+ 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+@@ -2157,5 +2138,72 @@
  	warnedmacro = true;
  }
  
 +/*
 +   untrusted-argument-safe popen function - only supports "r" and "w" modes
 +   for simplicity, and always reads stdout and stderr in "r" mode.  Call
-+   fclose to close the FILE.
++   fclose to close the FILE, and waitpid to reap the child process (pid).
 +*/
-+FILE *popenv(char *const argv[], const char *type)
++FILE *popenv(char *const argv[], const char *type, pid_t *pid)
 +{
-+	FILE *iop;
-+	int pdes[2];
-+	int save_errno;
-+	if ((*type != 'r' && *type != 'w') || type[1])
-+	{
-+		errno = EINVAL;
-+		return (NULL);
-+	}
-+	if (pipe(pdes) < 0)
-+		return (NULL);
-+	switch (fork()) {
-+	
-+	case -1:			/* Error. */
-+		save_errno = errno;
-+		(void)close(pdes[0]);
-+		(void)close(pdes[1]);
-+		errno = save_errno;
-+		return (NULL);
-+		/* NOTREACHED */
-+	case 0:				/* Child. */
-+		if (*type == 'r') {
-+			/*
-+			 * The dup2() to STDIN_FILENO is repeated to avoid
-+			 * writing to pdes[1], which might corrupt the
-+			 * parent's copy.  This isn't good enough in
-+			 * general, since the exit() is no return, so
-+			 * the compiler is free to corrupt all the local
-+			 * variables.
-+			 */
-+			(void)close(pdes[0]);
-+			(void)dup2(pdes[1], STDOUT_FILENO);
-+			(void)dup2(pdes[1], STDERR_FILENO);
-+			if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
-+				(void)close(pdes[1]);
-+			} 
-+		} else {
-+			if (pdes[0] != STDIN_FILENO) {
-+				(void)dup2(pdes[0], STDIN_FILENO);
-+				(void)close(pdes[0]);
-+			}
-+			(void)close(pdes[1]);
-+		}
-+		execv(argv[0], argv);
-+		exit(127);
-+		/* NOTREACHED */
-+	}
++       FILE *iop;
++       int pdes[2];
++       int save_errno;
++
++       if ((*type != 'r' && *type != 'w') || type[1])
++       {
++               errno = EINVAL;
++               return (NULL);
++       }
++       if (pipe(pdes) < 0)
++               return (NULL);
++       switch (*pid = fork()) {
++
++       case -1:                        /* Error. */
++               save_errno = errno;
++               (void)close(pdes[0]);
++               (void)close(pdes[1]);
++               errno = save_errno;
++               return (NULL);
++               /* NOTREACHED */
++       case 0:                         /* Child. */
++               if (*type == 'r') {
++                       /*
++                        * The dup2() to STDIN_FILENO is repeated to avoid
++                        * writing to pdes[1], which might corrupt the
++                        * parent's copy.  This isn't good enough in
++                        * general, since the exit() is no return, so
++                        * the compiler is free to corrupt all the local
++                        * variables.
++                        */
++                       (void)close(pdes[0]);
++                       (void)dup2(pdes[1], STDOUT_FILENO);
++                       (void)dup2(pdes[1], STDERR_FILENO);
++                       if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
++                               (void)close(pdes[1]);
++                       }
++               } else {
++                       if (pdes[0] != STDIN_FILENO) {
++                               (void)dup2(pdes[0], STDIN_FILENO);
++                               (void)close(pdes[0]);
++                       }
++                       (void)close(pdes[1]);
++               }
++               execv(argv[0], argv);
++               exit(127);
++               /* NOTREACHED */
++       }
 +
-+	/* Parent; assume fdopen can't fail. */
-+	if (*type == 'r') {
-+		iop = fdopen(pdes[0], type);
-+		(void)close(pdes[1]);
-+	} else {
-+		iop = fdopen(pdes[1], type);
-+		(void)close(pdes[0]);
-+	}
++       /* Parent; assume fdopen can't fail. */
++       if (*type == 'r') {
++               iop = fdopen(pdes[0], type);
++               (void)close(pdes[1]);
++       } else {
++               iop = fdopen(pdes[1], type);
++               (void)close(pdes[0]);
++       }
 +
-+	return (iop);
++       return (iop);
 +}
 +
  // }}}
diff --git a/mail/spamass-milter/files/patch-spamass-milter.h b/mail/spamass-milter/files/patch-spamass-milter.h
index 2eb0cac4a946..8fe2ef83a223 100644
--- a/mail/spamass-milter/files/patch-spamass-milter.h
+++ b/mail/spamass-milter/files/patch-spamass-milter.h
@@ -1,9 +1,9 @@
---- spamass-milter.h.orig	2006-03-23 23:07:55.000000000 +0100
-+++ spamass-milter.h	2010-05-06 11:25:01.000000000 +0200
+--- spamass-milter.h.orig	2010-05-12 11:58:14.000000000 +0200
++++ spamass-milter.h	2010-05-12 12:05:27.000000000 +0200
 @@ -186,5 +186,6 @@
  void parse_debuglevel(char* string);
  char *strlwr(char *str);
  void warnmacro(char *macro, char *scope);
-+FILE *popenv(char *const argv[], const char *type);
++FILE *popenv(char *const argv[], const char *type, pid_t *pid);
  
  #endif
author	Niels Heinen <niels@FreeBSD.org>	2010-05-12 14:11:41 +0000
committer	Niels Heinen <niels@FreeBSD.org>	2010-05-12 14:11:41 +0000
commit	7d0d23c05c3162a4efab9e73e6b3fe6d818f29b5 (patch)
tree	1208bede76aade7ec8a834d69f63fc2e5a802f89 /mail/spamass-milter
parent	7eb81e0db9b476cf083e4ab4e26ab550b9eca671 (diff)
download	ports-7d0d23c05c3162a4efab9e73e6b3fe6d818f29b5.tar.gz ports-7d0d23c05c3162a4efab9e73e6b3fe6d818f29b5.zip