Additional patch - should help "bulletproofing"

Sun, 17 Mar 2002 16:24:24 -0800 

  Now that I've seen the exploit, I am sure the following patch is
highly relevant.  I was hoping to get this rolled into the next qpopper
release, but was not in a big hurry.  I had thought it had little
practical impact but I think it relates directly to the "spinning"
behavior, which interacts with OS behavior on repeated reads of a
closed file handle.

  I had to hand-edit this patch to take out some changes irrelevant to
the current problem, so the line numbers may be peculiar.  Just apply
it as best you can even if the offsets look wrong.

  -- Clifton

diff -c -r qpopper4.0.3-base/popper/popper.c qpopper4.0.3/popper/popper.c
*** qpopper4.0.3-base/popper/popper.c   Fri Jun  1 16:24:36 2001
--- qpopper4.0.3/popper/popper.c        Tue Feb 26 11:32:58 2002
***************
*** 556,568 ****
  tgetline ( char *str, int size, POP *p, int timeout )
  {
      int ring();
  
! 
!     (void) signal ( SIGALRM, VOIDSTAR ring );
      alarm ( timeout );
      if ( setjmp ( env ) ) {
          str = NULL;
!         pop_log ( p, POP_NOTICE, HERE, "(v%s) Timeout (%d secs) during "
                                         "nw read from %s at %s (%s)",
                    VERSION, timeout, p->user, p->client, p->ipaddr );
      }
--- 579,598 ----
  tgetline ( char *str, int size, POP *p, int timeout )
  {
      int ring();
+     int disconnected();
  
!     signal ( SIGALRM, VOIDSTAR ring );
!     signal ( SIGHUP,  VOIDSTAR disconnected );
!     signal ( SIGPIPE, VOIDSTAR disconnected );
      alarm ( timeout );
      if ( setjmp ( env ) ) {
          str = NULL;
!         if ( hangup ) 
!             pop_log ( p, POP_NOTICE, HERE, "(v%s) Hangup/disconnect during "
!                                        "nw read from %s at %s (%s)",
!                   VERSION, p->user, p->client, p->ipaddr );
!         else 
!             pop_log ( p, POP_NOTICE, HERE, "(v%s) Timeout (%d secs) during "
                                         "nw read from %s at %s (%s)",
                    VERSION, timeout, p->user, p->client, p->ipaddr );
      }
***************
*** 570,575 ****
--- 600,607 ----
          str = getline ( str, size, p );
      alarm  ( 0 );
      signal ( SIGALRM, SIG_DFL );
+     signal ( SIGHUP,  VOIDSTAR catchSIGHUP );
+     signal ( SIGPIPE, VOIDSTAR catchSIGHUP );
      return ( str );
  }
  
***************
*** 582,587 ****
--- 614,627 ----
      return POP_FAILURE;
  }
  
+ int 
+ disconnected ( SIGPARAM )
+ {
+     hangup = TRUE ;
+     longjmp ( env, 1 );
+     return POP_FAILURE;
+ }
+ 
  
  #ifdef STRNCASECMP
  /*

-- 
 Clifton Royston  --  LavaNet Systems Architect --  [EMAIL PROTECTED]
   WWJD?   "JWRTFM!" - Scott Dorsey (kludge)   "JWG" - Eddie Aikau

Reply via email to