Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Jun 2009 02:31:51 GMT
From:      Bryan Drewery <bryan@shatow.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/136176: mail/qmail: Outgoing IP + QMTPC - segfault
Message-ID:  <200906300231.n5U2VpXk007664@www.freebsd.org>
Resent-Message-ID: <200906300240.n5U2e3sJ061737@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         136176
>Category:       ports
>Synopsis:       mail/qmail: Outgoing IP + QMTPC - segfault
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 30 02:40:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Bryan Drewery
>Release:        FreeBSD 7.2
>Organization:
>Environment:
>Description:
The combined patch for OUTGOING_IP and QMTPC (qmail-1.03-qmtpc_outgoingip.patch) fails to pass the 'outip' parameter to timeoutconn() which results in a segfault.
>How-To-Repeat:
Enable OUTGOING_IP and QMTPC. Send an email to a server with QMTP support enabled. 12801 in its MX. Tracing with gdb shows that the crash is in timeoutconn() as the 'outip' param is 0xd1 (209).
>Fix:
The current combined patch has this block:
+
+    if (qmtp_priority(ip.ix[i].pref)) {
+      if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) qmtp_port,timeoutconnect) == 0) {
+      tcpto_err(&ip.ix[i].ip,0);
+      partner = ip.ix[i].ip;
+      qmtp(); /* does not return */
+      }
+      close(smtpfd);
+      smtpfd = socket(AF_INET,SOCK_STREAM,0);
+      if (smtpfd == -1) temp_oserr();
+    }

-    if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) port,timeoutconnect) == 0) {
+    if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip,(unsigned int) smtp_port,timeoutconnect) == 0) {
------------------------

The first timeoutconn should be fixed to:
if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip, (unsigned int) qmtp_port,timeoutconnect) == 0)

Note the &outip being passed in, same as the smtp timeoutconn() call.

No patch attached. Let me know if you would like one.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906300231.n5U2VpXk007664>