From dpc22 at cam.ac.uk Thu Jul 2 13:00:11 2009 From: dpc22 at cam.ac.uk (David Carter) Date: Thu, 2 Jul 2009 18:00:11 +0100 (BST) Subject: Tiny patch Message-ID: mailbox_cache_size() has a bounds test which is incorrect: see attached. Solaris/x86 appears to mmap() things right at the top of memory, which means that cacheitembegin + mailbox->cache_size can overflow. Linux/x86 mmap()s things somewhere in the middle of the memory map, so the problem isn't visible there. make_md5, make_sha1 and sync_server are the only things which appear to call mailbox_cache_size(), so not a huge deal. -- David Carter Email: David.Carter at ucs.cam.ac.uk University Computing Service, Phone: (01223) 334502 New Museums Site, Pembroke Street, Fax: (01223) 334679 Cambridge UK. CB2 3QH. Index: imap/mailbox.c =================================================================== RCS file: /cvs/src/cyrus/imap/mailbox.c,v retrieving revision 1.193 diff -u -d -r1.193 mailbox.c --- imap/mailbox.c 5 May 2009 01:20:02 -0000 1.193 +++ imap/mailbox.c 2 Jul 2009 16:41:23 -0000 @@ -320,8 +320,8 @@ return 0; for (cache_ent = 0; cache_ent < NUM_CACHE_FIELDS; cache_ent++) { cacheitem = CACHE_ITEM_NEXT(cacheitem); - if (cacheitem < cacheitembegin || - cacheitem > cacheitembegin + mailbox->cache_size) { + if ((cacheitem < cacheitembegin) || + (cacheitem > mailbox->cache_base + mailbox->cache_size)) { return 0; /* clearly bogus */ } } From baconm at email.unc.edu Sun Jul 5 23:52:08 2009 From: baconm at email.unc.edu (Michael Bacon) Date: Sun, 5 Jul 2009 23:52:08 -0400 Subject: Alternate patch for bug 3093 -- backend.c doesn't compare offered mechanisms to conf file Message-ID: <45B7618A-A6A5-4A8D-8794-CC979FED9AEB@email.unc.edu> So I spent several hours today working on this patch, before I realized that Wesley Craig had already developed a patch. I notice that his hasn't been accepted into the trunk on CVS yet. Let me just state that this was a blocker bug for our implementation, and that I support some kind of fix being applied. Since I've already written it, I went ahead and attached the patch as I wrote it below -- same basic idea as Wesley's, but different implementation. Someone else can decide which to use... :) Another (new, I think) bug patch coming in just a sec.... index: backend.c =================================================================== RCS file: /cvs/src/cyrus/imap/backend.c,v retrieving revision 1.59 diff -u -r1.59 backend.c --- backend.c 4 Feb 2009 16:42:02 -0000 1.59 +++ backend.c 6 Jul 2009 03:35:52 -0000 @@ -134,6 +134,38 @@ return ret; } +static void reconcile_mechs(char **list, const char *conflist) +{ + char *new; + char *cur; + char *end; + + if (strlen(*list) == 0) { + return; + } + + /* Lazy way of getting a big enough buffer */ + /* The new string should be no longer than the old */ + new = xstrndup(*list, strlen(*list) + 1); + *new = '\0'; + + for (cur = *list; cur != NULL; cur = end) { + if (end = strchr(cur, ' ')) { + *end = '\0'; + end++; + } + + if (strstr(cur, conflist)) { + if (strlen(new)) { + strcat(new, " "); + } + strcat(new, cur); + } + } + free(*list); + *list = new; +} + static int do_starttls(struct backend *s, struct tls_cmd_t *tls_cmd) { #ifndef HAVE_SSL @@ -247,8 +279,7 @@ do { /* If we have a mech_conf, use it */ if (mech_conf) { - free(*mechlist); - *mechlist = xstrdup(mech_conf); + reconcile_mechs(mechlist, mech_conf); } if (*mechlist) { From baconm at email.unc.edu Mon Jul 6 00:19:51 2009 From: baconm at email.unc.edu (Michael Bacon) Date: Mon, 6 Jul 2009 00:19:51 -0400 Subject: Segfault in backend_connect if backend server mech list empty (bug 3166) Message-ID: <2DCF7E0D-7F66-43D7-8B78-76572E891B49@email.unc.edu> If the backend server in a murder advertises no mechanisms in its capability string (say, if it's expecting a STARTTLS before offering PLAIN), the proxyd will seg fault. This is due to an xstrdup call on a NULL pointer (as returned from backend.c:ask_capability()). This patch simply checks for the NULL condition and replaces it with an empty string. Bug submitted with patch as 3166. https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3166 Michael Bacon ITS Messaging UNC Chapel Hill --- backend.c.1off Sun Jul 5 23:35:47 2009 +++ backend.c Mon Jul 6 00:02:55 2009 @@ -457,8 +457,14 @@ if ((server[0] != '/') || (strcmp(prot->sasl_service, "lmtp") && strcmp(prot->sasl_service, "csync"))) { - char *mlist = xstrdup(mechlist); /* backend_auth is destructive */ + char *mlist; + if (mechlist != NULL) { + mlist = xstrdup(mechlist); /* backend_auth is destructive */ + } else { + mlist = xstrdup(""); + } + if ((r = backend_authenticate(ret, prot, &mlist, userid, cb, auth_status))) { syslog(LOG_ERR, "couldn't authenticate to backend server: %s", From wes at umich.edu Mon Jul 6 17:20:20 2009 From: wes at umich.edu (Wesley Craig) Date: Mon, 6 Jul 2009 17:20:20 -0400 Subject: Alternate patch for bug 3093 -- backend.c doesn't compare offered mechanisms to conf file In-Reply-To: <45B7618A-A6A5-4A8D-8794-CC979FED9AEB@email.unc.edu> References: <45B7618A-A6A5-4A8D-8794-CC979FED9AEB@email.unc.edu> Message-ID: <18731FBD-A1BA-4B15-8F08-D92B2FFDBD65@umich.edu> You should attach this to 3093 for consideration. Checking Bugzilla can often save hours of work. I believe the only thing delaying my patch from being incorporated into CVS is someone to review a question I had. I suspect my question applies to your patch as well. :wes On 05 Jul 2009, at 23:52, Michael Bacon wrote: > So I spent several hours today working on this patch, before I > realized that Wesley Craig had already developed a patch. I notice > that his hasn't been accepted into the trunk on CVS yet. Let me > just state that this was a blocker bug for our implementation, and > that I support some kind of fix being applied. Since I've already > written it, I went ahead and attached the patch as I wrote it below > -- same basic idea as Wesley's, but different implementation. > Someone else can decide which to use... :) > > Another (new, I think) bug patch coming in just a sec.... > > index: backend.c > =================================================================== > RCS file: /cvs/src/cyrus/imap/backend.c,v > retrieving revision 1.59 > diff -u -r1.59 backend.c > --- backend.c 4 Feb 2009 16:42:02 -0000 1.59 > +++ backend.c 6 Jul 2009 03:35:52 -0000 > @@ -134,6 +134,38 @@ > return ret; > } > > +static void reconcile_mechs(char **list, const char *conflist) > +{ > + char *new; > + char *cur; > + char *end; > + > + if (strlen(*list) == 0) { > + return; > + } > + > + /* Lazy way of getting a big enough buffer */ > + /* The new string should be no longer than the old */ > + new = xstrndup(*list, strlen(*list) + 1); > + *new = '\0'; > + > + for (cur = *list; cur != NULL; cur = end) { > + if (end = strchr(cur, ' ')) { > + *end = '\0'; > + end++; > + } > + > + if (strstr(cur, conflist)) { > + if (strlen(new)) { > + strcat(new, " "); > + } > + strcat(new, cur); > + } > + } > + free(*list); > + *list = new; > +} > + > static int do_starttls(struct backend *s, struct tls_cmd_t *tls_cmd) > { > #ifndef HAVE_SSL > @@ -247,8 +279,7 @@ > do { > /* If we have a mech_conf, use it */ > if (mech_conf) { > - free(*mechlist); > - *mechlist = xstrdup(mech_conf); > + reconcile_mechs(mechlist, mech_conf); > } > > if (*mechlist) { From jon at cybus.co.uk Mon Jul 13 07:40:57 2009 From: jon at cybus.co.uk (Jonathan Miles) Date: Mon, 13 Jul 2009 12:40:57 +0100 Subject: Patch for ipurge Message-ID: <4A5B1D49.10004@cybus.co.uk> Hi all, I modified ipurge to enable support for matching system flags, including \Seen (using the mailbox's seen database). Would you accept a patch for this against CVS? And if so, where do I send it? Regards, Jon From brong at fastmail.fm Mon Jul 27 02:44:06 2009 From: brong at fastmail.fm (Bron Gondwana) Date: Mon, 27 Jul 2009 16:44:06 +1000 Subject: Environment Reference Count Went Negative Message-ID: <20090727064406.GA26370@brong.net> So this has been annoying me enough to track down the cause. It's idled. Specifically, the fork() after cyrus_init(). You can't do that. It's broken. If you want to fork then you need to do it before cyrus_init() or you wind up cloning the bdb environment and closing it twice. Question for those who might know - why does idled fork so late? Well - first of all why does it fork at all rather than being forked off by master - but following on from that... Anyway, the attached patch moves the fork before the cyrus_init(), which solves the problem nicely for me. I did consider just not calling cyrus_done in the parent clean exit, but that seemed much more dangerous. Bron. -------------- next part -------------- diff --git a/imap/idled.c b/imap/idled.c index e46d136..cd8f404 100644 --- a/imap/idled.c +++ b/imap/idled.c @@ -293,6 +293,22 @@ int main(int argc, char **argv) } } + /* fork unless we were given the -d option */ + if (debugmode == 0) { + + pid = fork(); + + if (pid == -1) { + perror("fork"); + exit(1); + } + + if (pid != 0) { /* parent */ + exit(0); + } + } + /* child */ + cyrus_init(alt_config, "idled", 0); /* get name of shutdown file */ @@ -354,24 +370,6 @@ int main(int argc, char **argv) umask(oldumask); /* for Linux */ chmod(local.sun_path, 0777); /* for DUX */ - /* fork unless we were given the -d option */ - if (debugmode == 0) { - - pid = fork(); - - if (pid == -1) { - perror("fork"); - cyrus_done(); - exit(1); - } - - if (pid != 0) { /* parent */ - cyrus_done(); - exit(0); - } - } - /* child */ - /* get ready for select() */ FD_ZERO(&read_set); FD_SET(s, &read_set); From brong at fastmail.fm Mon Jul 27 11:04:26 2009 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 28 Jul 2009 01:04:26 +1000 Subject: Another skiplist bug! Message-ID: <20090727150426.GA24031@brong.net> Believe it or not, I'm actually not perfect, and there's a doozy of a bug in skiplists that I'm probably entirely responsible for. If your foreach callback function returns a non-zero result, then it double-unlocks. Wow, what a pain. Attached patch fixes it. I've run it on my testbed happily, and will roll it out to production tomorrow. Bron ( releases by embarassment - I think it's getting on time for a 2.3.15 if we can round up all our bugfixes ) -------------- next part -------------- diff --git a/lib/cyrusdb_skiplist.c b/lib/cyrusdb_skiplist.c index 36110ca..5b481d4 100644 --- a/lib/cyrusdb_skiplist.c +++ b/lib/cyrusdb_skiplist.c @@ -1070,6 +1070,7 @@ int myforeach(struct db *db, size_t savebuflen = 0; size_t savebufsize; int r = 0, cb_r = 0; + int need_unlock = 0; assert(db != NULL); assert(prefixlen >= 0); @@ -1093,6 +1094,7 @@ int myforeach(struct db *db, if ((r = read_lock(db)) < 0) { return r; } + need_unlock = 1; } ptr = find_node(db, prefix, prefixlen, 0); @@ -1112,6 +1114,7 @@ int myforeach(struct db *db, if ((r = unlock(db)) < 0) { return r; } + need_unlock = 0; } /* save KEY, KEYLEN */ @@ -1131,6 +1134,7 @@ int myforeach(struct db *db, if ((r = read_lock(db)) < 0) { return r; } + need_unlock = 1; } else { /* make sure we're up to date */ update_lock(db, *tidptr); @@ -1161,7 +1165,7 @@ int myforeach(struct db *db, } } - if (!tidptr) { + if (need_unlock) { /* release read lock */ if ((r = unlock(db)) < 0) { return r;