Hi.
- In both mimedefang and the multiplexor, fix use-after-free of lockfile
name.
- In mimedefang, fix minor memory leak caused by specifying more than one
-m option.
- Ensure mimedefang deletes its socket upon termination.
Lastly, in your release tarballs, please do NOT include files generated by
your configure script.
Thanks and have a great day.
Marc.
diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/mimedefang-multiplexor.c
devel-3.4.1/mimedefang-multiplexor.c
--- mimedefang-3.4.1/mimedefang-multiplexor.c 2023-04-11 17:03:43.000000000
-0600
+++ devel-3.4.1/mimedefang-multiplexor.c 2024-05-28 21:01:47.605110408
-0600
@@ -1056,7 +1056,7 @@ main(int argc, char *argv[], char **env)
/* Do the locking */
if (pidfile || lockfile) {
- if ( (lockfile_fd = write_and_lock_pidfile(pidfile, lockfile,
pidfile_fd)) < 0) {
+ if ( (lockfile_fd = write_and_lock_pidfile(pidfile, &lockfile,
pidfile_fd)) < 0) {
REPORT_FAILURE("Cannot lock lockfile: Is another copy running?");
exit(EXIT_FAILURE);
}
diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/mimedefang.c
devel-3.4.1/mimedefang.c
--- mimedefang-3.4.1/mimedefang.c 2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/mimedefang.c 2024-06-01 16:32:24.060072056 -0600
@@ -2267,6 +2267,7 @@ main(int argc, char **argv)
int nodaemon = 0;
char buf[SMALLBUF];
int got_p_option = 0;
+ char *sockfile = NULL;
int kidpipe[2];
char kidmsg[256];
int pidfile_fd = -1;
@@ -2499,6 +2500,7 @@ main(int argc, char **argv)
break;
case 'm':
/* Multiplexor */
+ if (MultiplexorSocketName) free(MultiplexorSocketName);
MultiplexorSocketName = strdup(optarg);
if (!MultiplexorSocketName) {
fprintf(stderr, "%s: Out of memory\n", argv[0]);
@@ -2515,6 +2517,12 @@ main(int argc, char **argv)
argv[0], optarg);
exit(EXIT_FAILURE);
}
+ if (sockfile) free(sockfile);
+ sockfile = strdup(optarg);
+ if (!sockfile) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(EXIT_FAILURE);
+ }
got_p_option = 1;
/* Remove socket from file system if it's a local socket */
(void) remove_local_socket(optarg);
@@ -2694,7 +2702,7 @@ main(int argc, char **argv)
/* Do the locking */
if (pidfile || lockfile) {
- if ( (lockfile_fd = write_and_lock_pidfile(pidfile, lockfile,
pidfile_fd)) < 0) {
+ if ( (lockfile_fd = write_and_lock_pidfile(pidfile, &lockfile,
pidfile_fd)) < 0) {
/* Signal the waiting parent */
REPORT_FAILURE("Cannot lock lockfile: Is another copy running?");
exit(EXIT_FAILURE);
@@ -2765,6 +2773,9 @@ main(int argc, char **argv)
if (lockfile) {
unlink(lockfile);
}
+ if (sockfile) {
+ remove(sockfile);
+ }
return rc;
}
diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/mimedefang.h
devel-3.4.1/mimedefang.h
--- mimedefang-3.4.1/mimedefang.h 2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/mimedefang.h 2024-05-28 15:18:36.377783713 -0600
@@ -69,7 +69,7 @@ extern int make_listening_socket(char const *str, int
backlog, int must_be_unix);
extern void do_delay(char const *sleepstr);
extern int is_localhost(struct sockaddr *);
extern int remove_local_socket(char const *str);
-extern int write_and_lock_pidfile(char const *pidfile, char *lockfile, int fd);
+extern int write_and_lock_pidfile(char const *pidfile, char **lockfile, int
fd);
#ifdef EMBED_PERL
extern int make_embedded_interpreter(char const *progPath,
char const *subFilter,
diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/utils.c devel-3.4.1/utils.c
--- mimedefang-3.4.1/utils.c 2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/utils.c 2024-05-28 15:22:24.885037463 -0600
@@ -1305,30 +1305,31 @@ free_debug(void *ctx, void *x, char const *fname, int
line)
#endif
int
-write_and_lock_pidfile(char const *pidfile, char *lockfile, int pidfile_fd)
+write_and_lock_pidfile(char const *pidfile, char **lockfile, int pidfile_fd)
{
struct flock fl;
char buf[64];
int lockfile_fd;
size_t len;
- if (!lockfile) {
+ if (!*lockfile) {
if (!pidfile) {
return -1;
}
len = strlen(pidfile) + 6;
/* If no lockfile was supplied, construct one based on pidfile */
- lockfile = malloc(len);
- if (!lockfile) {
+ *lockfile = malloc(len);
+ if (!*lockfile) {
return -1;
}
- snprintf(lockfile, len, "%s.lock", pidfile);
+ snprintf(*lockfile, len, "%s.lock", pidfile);
}
- lockfile_fd = open(lockfile, O_RDWR|O_CREAT, 0666);
+ lockfile_fd = open(*lockfile, O_RDWR|O_CREAT, 0666);
if (lockfile_fd < 0) {
- free(lockfile);
+ free(*lockfile);
+ *lockfile = NULL;
return -1;
}
@@ -1338,8 +1339,7 @@ write_and_lock_pidfile(char const *pidfile, char
*lockfile, int pidfile_fd)
fl.l_len = 0;
if (fcntl(lockfile_fd, F_SETLK, &fl) < 0) {
- syslog(LOG_ERR, "Could not lock lockfile file %s: %m. Is another copy
running?", lockfile);
- free(lockfile);
+ syslog(LOG_ERR, "Could not lock lockfile file %s: %m. Is another copy
running?", *lockfile);
return -1;
}
if (pidfile_fd >= 0) {
@@ -1349,11 +1349,9 @@ write_and_lock_pidfile(char const *pidfile, char
*lockfile, int pidfile_fd)
/* Close the pidfile fd; no longer needed */
if (close(pidfile_fd) < 0) {
- free(lockfile);
return -1;
}
}
- free(lockfile);
/* Do NOT close lockfile_fd... it will close and lock will be released
when we exit */
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org
