Date: Fri, 27 Jan 2006 10:23:09 +0300 From: Solar Designer <solar@...nwall.com> To: bug@...cmail.org Cc: xvendor@...ts.openwall.com Subject: Re: procmail mailbox truncation bug Hi, A while ago I wrote about a procmail bug resulting in mailbox corruptions and provided a patch. Well, Dr. Werner Fink of SuSE has discovered a bug in my patch (and Sebastian Krahmer brought it to my attention). I had overlooked the fact that the "lasttell" variable is also used from comsat.c, so my patch broke comsat/biff functionality. There's now an updated patch which does not alter the value of "lasttell", available at this same CVSweb URL: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/procmail/ It's revision 1.2 of procmail-3.22-owl-truncate.diff. With apologies for the bug, Alexander On Sun, Nov 06, 2005 at 02:25:38PM +0300, Solar Designer wrote: > There's a really nasty bug in procmail, both 3.15.2 and 3.22 are affected. > > The bug is basically that procmail, when running into a disk quota or a > full partition, would truncate the mailbox file back to its prior size > _after_ releasing the lock. This has resulted in numerous mailbox > corruptions on a mail server I co-administer and a week ago I managed to > reproduce this on purpose (with several instances of procmail being the > only software accessing the mailbox). After my fix, I am no longer > able to reproduce this and there have been no further mailbox corruptions > during this week, so the fix appears to work. > > The patch can be found in our CVSweb: > > http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/procmail/ > > It's procmail-3.22-owl-truncate.diff > > No, it's not dirty, it just follows procmail's original coding style. > No added gotos, sorry. > > The official fix might need to be slightly different to not rely on > ftruncate(). > > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 > http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.