Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Jan 2006 10:23:09 +0300
From: Solar Designer <>
Subject: Re: procmail mailbox truncation bug


A while ago I wrote about a procmail bug resulting in mailbox
corruptions and provided a patch.  Well, Dr. Werner Fink of SuSE has
discovered a bug in my patch (and Sebastian Krahmer brought it to my
attention).  I had overlooked the fact that the "lasttell" variable is
also used from comsat.c, so my patch broke comsat/biff functionality.

There's now an updated patch which does not alter the value of
"lasttell", available at this same CVSweb URL:

It's revision 1.2 of procmail-3.22-owl-truncate.diff.

With apologies for the bug,


On Sun, Nov 06, 2005 at 02:25:38PM +0300, Solar Designer wrote:
> There's a really nasty bug in procmail, both 3.15.2 and 3.22 are affected.
> The bug is basically that procmail, when running into a disk quota or a
> full partition, would truncate the mailbox file back to its prior size
> _after_ releasing the lock.  This has resulted in numerous mailbox
> corruptions on a mail server I co-administer and a week ago I managed to
> reproduce this on purpose (with several instances of procmail being the
> only software accessing the mailbox).  After my fix, I am no longer
> able to reproduce this and there have been no further mailbox corruptions
> during this week, so the fix appears to work.
> The patch can be found in our CVSweb:
> It's procmail-3.22-owl-truncate.diff
> No, it's not dirty, it just follows procmail's original coding style.
> No added gotos, sorry.
> The official fix might need to be slightly different to not rely on
> ftruncate().
> -- 
> Alexander Peslyak <solar at>
> GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
> - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.