master process handling patch

Patrick Goetz pgoetz at mail.utexas.edu
Wed Jul 21 15:27:34 EDT 2010


On 07/15/2010 05:23 PM, Henrique de Moraes Holschuh wrote:
>
> Heh, you can already use whatever we have in the experimental branch, it is
> good enough for limited use :)
>

This isn't entirely true.  This patch, which I mentioned previously, 
looks like it could lead to header corruption in the saved header stored 
in ibuf:
-------------------------------------------
10-fix_potential_overflows.dpatch:
--- git~/imap/message.c 2010-01-16 19:22:57.000000000 -0200
+++ git/imap/message.c  2010-01-16 19:27:30.915091898 -0200
@@ -996,7 +996,7 @@
      /* Save header value */
      len = hdrend - hdr;
      message_ibuf_ensure(ibuf, len+2);
-    strncpy(ibuf->end, hdr, len);
+    strncpy(ibuf->end, hdr, len+1);
      ibuf->end += len;
      *(ibuf->end)++ = '\r';
      *(ibuf->end)++ = '\n';
------------------------------------------

This is kind of an insane situation that there are bug fix patches 
hanging around that have been in the debian source package since 2.3.8 
which haven't been pushed upstream.  As a result, I don't trust any of 
the patches until I've checked them myself.  And since I don't 
understand what patches 12,13 are doing, I'm hoping you'll have time to 
go over them soon.

Meanwhile, I'm going over the patches the redhat people added to 
cyrus-imapd-2.3.16-5.src  (actually, first comparing the differences 
between this newer version and cyrus-imapd-2.3.16-3.fc13.src) to see if 
there's anything there that needs to be migrated to the debian package.

I haven't done any C programming in a loooong time, so part of the delay 
on my part was getting back up to speed in C.  Now that that's done, I 
hope to be through this in a few days (modulo being out of town all next 
week).





More information about the Cyrus-devel mailing list