summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorWolfgang Breyha <wbreyha@gmx.net>2014-09-28 13:40:45 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2014-09-28 13:47:39 +0100
commitbd21a787cdeef803334a6c7bf50d23b2a18cbd6f (patch)
tree31b4349907c5b7cc409d9f5a3e4a2528baff083b /src
parenta9764ac59781eec7ec4d0099d6c849059f7efc42 (diff)
Fix transport-results pipe for multiple recipients combined with certs.
The previous parsing failed when a result item split over a buffer boundary; fix by prefixing sizes to items, and checking enough has been read as the initial parsing stage.
Diffstat (limited to 'src')
-rw-r--r--src/src/deliver.c162
-rw-r--r--src/src/macros.h4
2 files changed, 124 insertions, 42 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c
index a598e2535..2ee69d37e 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -2883,6 +2883,8 @@ uschar *ptr = endptr;
uschar *msg = p->msg;
BOOL done = p->done;
BOOL unfinished = TRUE;
+/* minimum size to read is header size including id, subid and length */
+int required = PIPE_HEADER_SIZE;
/* Loop through all items, reading from the pipe when necessary. The pipe
is set up to be non-blocking, but there are two different Unix mechanisms in
@@ -2905,12 +2907,15 @@ while (!done)
{
retry_item *r, **rp;
int remaining = endptr - ptr;
+ uschar header[PIPE_HEADER_SIZE + 1];
+ uschar id, subid;
+ uschar *endc;
/* Read (first time) or top up the chars in the buffer if necessary.
There will be only one read if we get all the available data (i.e. don't
fill the buffer completely). */
- if (remaining < 2500 && unfinished)
+ if (remaining < required && unfinished)
{
int len;
int available = big_buffer_size - remaining;
@@ -2943,17 +2948,64 @@ while (!done)
won't read any more, as "unfinished" will get set FALSE. */
endptr += len;
+ remaining += len;
unfinished = len == available;
}
/* If we are at the end of the available data, exit the loop. */
-
if (ptr >= endptr) break;
+ /* copy and read header */
+ memcpy(header, ptr, PIPE_HEADER_SIZE);
+ header[PIPE_HEADER_SIZE] = '\0';
+ id = header[0];
+ subid = header[1];
+ required = Ustrtol(header + 2, &endc, 10) + PIPE_HEADER_SIZE; /* header + data */
+ if (*endc)
+ {
+ msg = string_sprintf("failed to read pipe from transport process "
+ "%d for transport %s: error reading size from header", pid, addr->transport->driver_name);
+ done = TRUE;
+ break;
+ }
+
+ DEBUG(D_deliver)
+ debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,unfinished:%d\n",
+ id, subid, header+2, required, remaining, unfinished);
+
+ /* is there room for the dataset we want to read ? */
+ if (required > big_buffer_size - PIPE_HEADER_SIZE)
+ {
+ msg = string_sprintf("failed to read pipe from transport process "
+ "%d for transport %s: big_buffer too small! required size=%d buffer size=%d", pid, addr->transport->driver_name,
+ required, big_buffer_size - PIPE_HEADER_SIZE);
+ done = TRUE;
+ break;
+ }
+
+ /* we wrote all datasets with atomic write() calls
+ remaining < required only happens if big_buffer was too small
+ to get all available data from pipe. unfinished has to be true
+ as well. */
+ if (remaining < required)
+ if (unfinished)
+ continue;
+ else
+ {
+ msg = string_sprintf("failed to read pipe from transport process "
+ "%d for transport %s: required size=%d > remaining size=%d and unfinished=false",
+ pid, addr->transport->driver_name, required, remaining);
+ done = TRUE;
+ break;
+ }
+
+ /* step behind the header */
+ ptr += PIPE_HEADER_SIZE;
+
/* Handle each possible type of item, assuming the complete item is
available in store. */
- switch (*ptr++)
+ switch (id)
{
/* Host items exist only if any hosts were marked unusable. Match
up by checking the IP address. */
@@ -3050,7 +3102,7 @@ while (!done)
#ifdef SUPPORT_TLS
case 'X':
if (addr == NULL) goto ADDR_MISMATCH; /* Below, in 'A' handler */
- switch (*ptr++)
+ switch (subid)
{
case '1':
addr->cipher = NULL;
@@ -3088,7 +3140,7 @@ while (!done)
#endif /*SUPPORT_TLS*/
case 'C': /* client authenticator information */
- switch (*ptr++)
+ switch (subid)
{
case '1':
addr->authenticator = (*ptr)? string_copy(ptr) : NULL;
@@ -3111,7 +3163,7 @@ while (!done)
#ifdef EXPERIMENTAL_DSN
case 'D':
- if (addr == NULL) break;
+ if (addr == NULL) goto ADDR_MISMATCH;
memcpy(&(addr->dsn_aware), ptr, sizeof(addr->dsn_aware));
ptr += sizeof(addr->dsn_aware);
DEBUG(D_deliver) debug_printf("DSN read: addr->dsn_aware = %d\n", addr->dsn_aware);
@@ -3179,7 +3231,7 @@ while (!done)
continue_hostname = NULL;
}
done = TRUE;
- DEBUG(D_deliver) debug_printf("Z%c item read\n", *ptr);
+ DEBUG(D_deliver) debug_printf("Z0%c item read\n", *ptr);
break;
/* Anything else is a disaster. */
@@ -3632,9 +3684,40 @@ while (parcount > max)
static void
-rmt_dlv_checked_write(int fd, void * buf, int size)
+rmt_dlv_checked_write(int fd, char id, char subid, void * buf, int size)
{
-int ret = write(fd, buf, size);
+uschar writebuffer[PIPE_HEADER_SIZE + BIG_BUFFER_SIZE];
+int header_length;
+
+/* we assume that size can't get larger then BIG_BUFFER_SIZE which currently is set to 16k */
+/* complain to log if someone tries with buffer sizes we can't handle*/
+
+if (size > 99999)
+{
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "Failed writing transport result to pipe: can't handle buffers > 99999 bytes. truncating!\n");
+ size = 99999;
+}
+
+/* to keep the write() atomic we build header in writebuffer and copy buf behind */
+/* two write() calls would increase the complexity of reading from pipe */
+
+/* convert size to human readable string prepended by id and subid */
+header_length = snprintf(writebuffer, PIPE_HEADER_SIZE+1, "%c%c%05d", id, subid, size);
+if (header_length != PIPE_HEADER_SIZE)
+{
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "header snprintf failed\n");
+ writebuffer[0] = '\0';
+}
+
+DEBUG(D_deliver) debug_printf("header write id:%c,subid:%c,size:%d,final:%s\n",
+ id, subid, size, writebuffer);
+
+if (buf && size > 0)
+ memcpy(writebuffer + PIPE_HEADER_SIZE, buf, size);
+
+size += PIPE_HEADER_SIZE;
+int ret = write(fd, writebuffer, size);
if(ret != size)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n",
ret == -1 ? strerror(errno) : "short write");
@@ -4160,8 +4243,8 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
for (h = addr->host_list; h != NULL; h = h->next)
{
if (h->address == NULL || h->status < hstatus_unusable) continue;
- sprintf(CS big_buffer, "H%c%c%s", h->status, h->why, h->address);
- rmt_dlv_checked_write(fd, big_buffer, Ustrlen(big_buffer+3) + 4);
+ sprintf(CS big_buffer, "%c%c%s", h->status, h->why, h->address);
+ rmt_dlv_checked_write(fd, 'H', '0', big_buffer, Ustrlen(big_buffer+2) + 3);
}
/* The number of bytes written. This is the same for each address. Even
@@ -4169,9 +4252,8 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
size of each one is the same, and it's that value we have got because
transport_count gets reset before calling transport_write_message(). */
- big_buffer[0] = 'S';
- memcpy(big_buffer+1, &transport_count, sizeof(transport_count));
- rmt_dlv_checked_write(fd, big_buffer, sizeof(transport_count) + 1);
+ memcpy(big_buffer, &transport_count, sizeof(transport_count));
+ rmt_dlv_checked_write(fd, 'S', '0', big_buffer, sizeof(transport_count));
/* Information about what happened to each address. Four item types are
used: an optional 'X' item first, for TLS information, then an optional "C"
@@ -4194,7 +4276,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
if (addr->cipher)
{
ptr = big_buffer;
- sprintf(CS ptr, "X1%.128s", addr->cipher);
+ sprintf(CS ptr, "%.128s", addr->cipher);
while(*ptr++);
if (!addr->peerdn)
*ptr++ = 0;
@@ -4204,35 +4286,33 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
while(*ptr++);
}
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'X', '1', big_buffer, ptr - big_buffer);
}
if (addr->peercert)
{
ptr = big_buffer;
- *ptr++ = 'X'; *ptr++ = '2';
if (!tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
while(*ptr++);
else
*ptr++ = 0;
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'X', '2', big_buffer, ptr - big_buffer);
}
if (addr->ourcert)
{
ptr = big_buffer;
- *ptr++ = 'X'; *ptr++ = '3';
if (!tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
while(*ptr++);
else
*ptr++ = 0;
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'X', '3', big_buffer, ptr - big_buffer);
}
# ifndef DISABLE_OCSP
if (addr->ocsp > OCSP_NOT_REQ)
{
ptr = big_buffer;
- sprintf(CS ptr, "X4%c", addr->ocsp + '0');
+ sprintf(CS ptr, "%c", addr->ocsp + '0');
while(*ptr++);
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'X', '4', big_buffer, ptr - big_buffer);
}
# endif
#endif /*SUPPORT_TLS*/
@@ -4240,34 +4320,33 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
if (client_authenticator)
{
ptr = big_buffer;
- sprintf(CS big_buffer, "C1%.64s", client_authenticator);
+ sprintf(CS big_buffer, "%.64s", client_authenticator);
while(*ptr++);
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'C', '1', big_buffer, ptr - big_buffer);
}
if (client_authenticated_id)
{
ptr = big_buffer;
- sprintf(CS big_buffer, "C2%.64s", client_authenticated_id);
+ sprintf(CS big_buffer, "%.64s", client_authenticated_id);
while(*ptr++);
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'C', '2', big_buffer, ptr - big_buffer);
}
if (client_authenticated_sender)
{
ptr = big_buffer;
- sprintf(CS big_buffer, "C3%.64s", client_authenticated_sender);
+ sprintf(CS big_buffer, "%.64s", client_authenticated_sender);
while(*ptr++);
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'C', '3', big_buffer, ptr - big_buffer);
}
#ifndef DISABLE_PRDR
if (addr->flags & af_prdr_used)
- rmt_dlv_checked_write(fd, "P", 1);
-#endif
+ rmt_dlv_checked_write(fd, 'P', '0', NULL, 0);
+ #endif
-#ifdef EXPERIMENTAL_DSN
- big_buffer[0] = 'D';
- memcpy(big_buffer+1, &addr->dsn_aware, sizeof(addr->dsn_aware));
- rmt_dlv_checked_write(fd, big_buffer, sizeof(addr->dsn_aware) + 1);
+ #ifdef EXPERIMENTAL_DSN
+ memcpy(big_buffer, &addr->dsn_aware, sizeof(addr->dsn_aware));
+ rmt_dlv_checked_write(fd, 'D', '0', big_buffer, sizeof(addr->dsn_aware));
DEBUG(D_deliver) debug_printf("DSN write: addr->dsn_aware = %d\n", addr->dsn_aware);
#endif
@@ -4276,7 +4355,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
for (r = addr->retries; r != NULL; r = r->next)
{
uschar *ptr;
- sprintf(CS big_buffer, "R%c%.500s", r->flags, r->key);
+ sprintf(CS big_buffer, "%c%.500s", r->flags, r->key);
ptr = big_buffer + Ustrlen(big_buffer+2) + 3;
memcpy(ptr, &(r->basic_errno), sizeof(r->basic_errno));
ptr += sizeof(r->basic_errno);
@@ -4287,13 +4366,13 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
sprintf(CS ptr, "%.512s", r->message);
while(*ptr++);
}
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'R', '0', big_buffer, ptr - big_buffer);
}
/* The rest of the information goes in an 'A' item. */
- ptr = big_buffer + 3;
- sprintf(CS big_buffer, "A%c%c", addr->transport_return,
+ ptr = big_buffer + 2;
+ sprintf(CS big_buffer, "%c%c", addr->transport_return,
addr->special_action);
memcpy(ptr, &(addr->basic_errno), sizeof(addr->basic_errno));
ptr += sizeof(addr->basic_errno);
@@ -4328,7 +4407,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
: addr->host_used->dnssec==DS_NO ? '1' : '0';
}
- rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, 'A', '0', big_buffer, ptr - big_buffer);
}
/* Add termination flag, close the pipe, and that's it. The character
@@ -4336,9 +4415,8 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
A change from non-NULL to NULL indicates a problem with a continuing
connection. */
- big_buffer[0] = 'Z';
- big_buffer[1] = (continue_transport == NULL)? '0' : '1';
- rmt_dlv_checked_write(fd, big_buffer, 2);
+ big_buffer[0] = (continue_transport == NULL)? '0' : '1';
+ rmt_dlv_checked_write(fd, 'Z', '0', big_buffer, 1);
(void)close(fd);
exit(EXIT_SUCCESS);
}
diff --git a/src/src/macros.h b/src/src/macros.h
index b7dd337e4..d06e2637b 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -156,6 +156,10 @@ as long as the maximum path length. */
#define BIG_BUFFER_SIZE 16384
#endif
+/* header size of pipe content
+ currently: char id, char subid, char[5] length */
+#define PIPE_HEADER_SIZE 7
+
/* This limits the length of data returned by local_scan(). Because it is
written on the spool, it gets read into big_buffer. */