summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2021-01-11 19:48:12 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2021-01-15 00:42:38 +0000
commit6acb441b40bbcded2e85819c71a068db713e7ca6 (patch)
tree311b0a019b3b1d8760a9e2752dc2ba8b55d8478c /src
parentca22cc0abe93c28f3d296d99c239413bb0d079c4 (diff)
Hints DB: harden against corrupt files by ignoring unexpected size records
Diffstat (limited to 'src')
-rw-r--r--src/src/dbfn.c28
-rw-r--r--src/src/dbfunctions.h3
-rw-r--r--src/src/enq.c4
-rw-r--r--src/src/transports/smtp.c2
4 files changed, 33 insertions, 4 deletions
diff --git a/src/src/dbfn.c b/src/src/dbfn.c
index a37271f36..452e2ade6 100644
--- a/src/src/dbfn.c
+++ b/src/src/dbfn.c
@@ -333,6 +333,34 @@ return yield;
}
+/* Read a record. If the length is not as expected then delete it, write
+an error log line and return NULL.
+Use this for fixed-size records (so not retry or wait records).
+
+Arguments:
+ dbblock a pointer to an open database block
+ key the key of the record to be read
+ length the expected record length
+
+Returns: a pointer to the retrieved record, or
+ NULL if the record is not found/bad
+*/
+
+void *
+dbfn_read_enforce_length(open_db * dbblock, const uschar * key, size_t length)
+{
+int rlen;
+void * yield = dbfn_read_with_length(dbblock, key, &rlen);
+
+if (yield)
+ {
+ if (rlen == length) return yield;
+ log_write(0, LOG_MAIN|LOG_PANIC, "Bad db record size for '%s'", key);
+ dbfn_delete(dbblock, key);
+ }
+return NULL;
+}
+
/*************************************************
* Write to database file *
diff --git a/src/src/dbfunctions.h b/src/src/dbfunctions.h
index 2e18e0eff..f3b04ad2f 100644
--- a/src/src/dbfunctions.h
+++ b/src/src/dbfunctions.h
@@ -2,7 +2,7 @@
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
@@ -12,6 +12,7 @@ void dbfn_close(open_db *);
int dbfn_delete(open_db *, const uschar *);
open_db *dbfn_open(uschar *, int, open_db *, BOOL, BOOL);
void *dbfn_read_with_length(open_db *, const uschar *, int *);
+void *dbfn_read_enforce_length(open_db *, const uschar *, size_t);
uschar *dbfn_scan(open_db *, BOOL, EXIM_CURSOR **);
int dbfn_write(open_db *, const uschar *, void *, int);
diff --git a/src/src/enq.c b/src/src/enq.c
index 7feba5531..0dcb9a732 100644
--- a/src/src/enq.c
+++ b/src/src/enq.c
@@ -53,7 +53,7 @@ if (!(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
/* See if there is a record for this host or queue run; if there is, we cannot
proceed with the connection unless the record is very old. */
-serial_record = dbfn_read(dbm_file, key);
+serial_record = dbfn_read_enforce_length(dbm_file, key, sizeof(dbdata_serialize));
if (serial_record && time(NULL) - serial_record->time_stamp < 6*60*60)
{
if (serial_record->count >= lim)
@@ -102,7 +102,7 @@ dbdata_serialize *serial_record;
DEBUG(D_transport) debug_printf("end serialized: %s\n", key);
if ( !(dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE))
- || !(serial_record = dbfn_read(dbm_file, key))
+ || !(serial_record = dbfn_read_enforce_length(dbm_file, key, sizeof(dbdata_serialize)))
)
return;
if (--serial_record->count > 0)
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 2a600d480..301d84c2e 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -805,7 +805,7 @@ else
uschar * ehlo_resp_key = ehlo_cache_key(sx);
dbdata_ehlo_resp * er;
- if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))
+ if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
{ DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
else if (time(NULL) - er->time_stamp > retry_data_expire)
{