master process handling patch
Patrick Goetz
pgoetz at mail.utexas.edu
Wed Jul 21 15:27:34 EDT 2010
On 07/15/2010 05:23 PM, Henrique de Moraes Holschuh wrote:
>
> Heh, you can already use whatever we have in the experimental branch, it is
> good enough for limited use :)
>
This isn't entirely true. This patch, which I mentioned previously,
looks like it could lead to header corruption in the saved header stored
in ibuf:
-------------------------------------------
10-fix_potential_overflows.dpatch:
--- git~/imap/message.c 2010-01-16 19:22:57.000000000 -0200
+++ git/imap/message.c 2010-01-16 19:27:30.915091898 -0200
@@ -996,7 +996,7 @@
/* Save header value */
len = hdrend - hdr;
message_ibuf_ensure(ibuf, len+2);
- strncpy(ibuf->end, hdr, len);
+ strncpy(ibuf->end, hdr, len+1);
ibuf->end += len;
*(ibuf->end)++ = '\r';
*(ibuf->end)++ = '\n';
------------------------------------------
This is kind of an insane situation that there are bug fix patches
hanging around that have been in the debian source package since 2.3.8
which haven't been pushed upstream. As a result, I don't trust any of
the patches until I've checked them myself. And since I don't
understand what patches 12,13 are doing, I'm hoping you'll have time to
go over them soon.
Meanwhile, I'm going over the patches the redhat people added to
cyrus-imapd-2.3.16-5.src (actually, first comparing the differences
between this newer version and cyrus-imapd-2.3.16-3.fc13.src) to see if
there's anything there that needs to be migrated to the debian package.
I haven't done any C programming in a loooong time, so part of the delay
on my part was getting back up to speed in C. Now that that's done, I
hope to be through this in a few days (modulo being out of town all next
week).
More information about the Cyrus-devel
mailing list