Package: ssmtp
Version: 2.62-2.2
Severity: important
tag 506188 security
Hello,
This is very similar to #506188. In fact I am not entirely convinced it
isn't the same issue. The strace listing looks the same to me, when I
did an strace of the previous version on a similar test case to the bug
submitter of #506188.
So far I can only reproduce it after cron (wrongly) had an entry with
apt-get update
In roots cronjob entry, and only one one computer. If I copy redirect
the output to a file and then pipe this into ssmtp the problem doesn't
occur.
Anyway, according to strace:
read(0, "From: root (Cron Daemon)\nTo: root\nSubject: Cron <r...@fb> /usr/bin/apt-get update\nContent-Type:
text/plain; charset=UTF-8\nX-Cron-Env: <SHELL=/bin/sh>\nX-Cron-Env: <HOME=/root>\nX-Cron-Env:
<PATH=/usr/bin:/bin>\nX-Cron-Env: <LOGNAME=root>\n\nHit http://mirrors.uwa.edu.au lenny Release.gpg\nIgn
http://mirrors.uwa.edu.au lenny/main Translation-en_AU\nIgn http://mirrors.uwa.edu.au lenny/contrib
Translation-en_AU\nHit http://mirror.aarnet.edu.au lenny Release.gpg\nIgn http://mirror.aarnet.edu.au lenny/main
Translation-en_AU\nIgn http://mirror.aarnet.edu.au lenny/contrib Translation-en_AU\nIgn http://mirror.aarnet.edu.au
lenny/non-free Translation-en_AU\nIgn http://mirrors.uwa.edu.au lenny/non-free Translation-en_AU\nHit
http://mirrors.uwa.edu.au lenny Release\nHit http://mirror.aarnet.edu.au lenny Release\nHit http://mirrors.uwa.edu.au
lenny/main Packages/DiffIndex\nHit http://mirror.aarnet.edu.au lenny/main Packages/DiffIndex\nHit
http://security.debian.org lenny/updates Release.gpg\nIgn http://security.debian.org lenny/updates/m"..., 1024) =
1024
That is fine. It read a maximum of 1024 bytes into memory.
This is the last write that has non garbage data, corresponds with the
second last line in the above read:
write(4, "Hit http://security.debian.org lenny/updates Release.gpg\r\n"..., 58)
= 58
Later on though it needs to get more data, but the read returns an "error":
read(0, 0xb7f5a000, 1024) = -1 EAGAIN (Resource temporarily unavailable)
I have no idea why it is getting this result, but that is not the point
of this report. It doesn't try again.
Unfortunately it seems to write 2049 bytes despite the error
(so only the bytes up to the first "\0" are valid).
write(4, "Ign http://security.debian.org
lenny/updates/m\0lease.gpg\0\0dex\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 [....] "..., 2049) = 2049
--
Brian May <[email protected]>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
