From nobody@FreeBSD.org  Tue Jun 30 02:31:52 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B0DD21065676
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 30 Jun 2009 02:31:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 9EEC48FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 30 Jun 2009 02:31:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n5U2Vp38007665
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 30 Jun 2009 02:31:51 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n5U2VpXk007664;
	Tue, 30 Jun 2009 02:31:51 GMT
	(envelope-from nobody)
Message-Id: <200906300231.n5U2VpXk007664@www.freebsd.org>
Date: Tue, 30 Jun 2009 02:31:51 GMT
From: Bryan Drewery <bryan@shatow.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mail/qmail: Outgoing IP + QMTPC - segfault
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         136176
>Category:       ports
>Synopsis:       mail/qmail: Outgoing IP + QMTPC - segfault
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    garga
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 30 02:40:02 UTC 2009
>Closed-Date:    Wed Jul 01 17:27:56 UTC 2009
>Last-Modified:  Wed Jul  1 17:30:04 UTC 2009
>Originator:     Bryan Drewery
>Release:        FreeBSD 7.2
>Organization:
>Environment:
>Description:
The combined patch for OUTGOING_IP and QMTPC (qmail-1.03-qmtpc_outgoingip.patch) fails to pass the 'outip' parameter to timeoutconn() which results in a segfault.
>How-To-Repeat:
Enable OUTGOING_IP and QMTPC. Send an email to a server with QMTP support enabled. 12801 in its MX. Tracing with gdb shows that the crash is in timeoutconn() as the 'outip' param is 0xd1 (209).
>Fix:
The current combined patch has this block:
+
+    if (qmtp_priority(ip.ix[i].pref)) {
+      if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) qmtp_port,timeoutconnect) == 0) {
+      tcpto_err(&ip.ix[i].ip,0);
+      partner = ip.ix[i].ip;
+      qmtp(); /* does not return */
+      }
+      close(smtpfd);
+      smtpfd = socket(AF_INET,SOCK_STREAM,0);
+      if (smtpfd == -1) temp_oserr();
+    }

-    if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) port,timeoutconnect) == 0) {
+    if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip,(unsigned int) smtp_port,timeoutconnect) == 0) {
------------------------

The first timeoutconn should be fixed to:
if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip, (unsigned int) qmtp_port,timeoutconnect) == 0)

Note the &outip being passed in, same as the smtp timeoutconn() call.

No patch attached. Let me know if you would like one.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->garga 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Jun 30 02:40:12 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=136176 

From: Renato Botelho <garga@FreeBSD.org>
To: bug-followup@FreeBSD.org, bryan@shatow.net
Cc:  
Subject: Re: ports/136176: mail/qmail: Outgoing IP + QMTPC - segfault
Date: Tue, 30 Jun 2009 07:58:29 -0300

 What you are saying is exactly the patch does, it replaces the line:
 
 if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) port,timeoutconnect) == 0) {
 
 for:
 
 if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip,(unsigned int) smtp_port,timeoutconnect) == 0) {
 
 Maybe I missed something on your explanation, please, send a patch and i'll
 take a look.
 
 Thanks
 -- 
 Renato Botelho <garga @ FreeBSD.org>
                <garga @ freebsdbrasil.com.br>
 GnuPG Key: http://www.FreeBSD.org/~garga/pubkey.asc
 
 But these pills can't be habit forming;
 I've been taking them for years.

From: Bryan Drewery <bryan@shatow.net>
To: Renato Botelho <garga@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/136176: mail/qmail: Outgoing IP + QMTPC - segfault
Date: Tue, 30 Jun 2009 07:22:30 -0500

 This is a multi-part message in MIME format.
 --------------060700010201000709020708
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Renato,
 
 I am referring to the combined patch called 
 qmail-1.03-qmtpc_outgoingip.patch.
 
 The one that is used when selecting both QMTPC and OUTGOINGIP as opposed 
 to 2 different patches.
 
 Yes, the timeoutconn for the smtp port is proper. The line for the qmtp 
 port is not.
 
 See attached patch against qmail-1.03-qmtpc_outgoingip.patch.
 
 Thanks,
 Bryan
 
 --------------060700010201000709020708
 Content-Type: text/plain;
  name="qmail-1.03-qmtpc_outgoingip.patch.patch.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="qmail-1.03-qmtpc_outgoingip.patch.patch.txt"
 
 --- qmail-1.03-qmtpc_outgoingip.patch.orig    2005-09-26 13:08:55.000000000 -0500
 +++ qmail-1.03-qmtpc_outgoingip.patch 2009-06-30 07:19:18.000000000 -0500
 @@ -248,7 +246,7 @@
       if (smtpfd == -1) temp_oserr();
  +
  +    if (qmtp_priority(ip.ix[i].pref)) {
 -+      if (timeoutconn(smtpfd,&ip.ix[i].ip,(unsigned int) qmtp_port,timeoutconnect) == 0) {
 ++      if (timeoutconn(smtpfd,&ip.ix[i].ip,&outip,(unsigned int) qmtp_port,timeoutconnect) == 0) {
  +      tcpto_err(&ip.ix[i].ip,0);
  +      partner = ip.ix[i].ip;
  +      qmtp(); /* does not return */
 
 --------------060700010201000709020708--
State-Changed-From-To: open->closed 
State-Changed-By: garga 
State-Changed-When: Wed Jul 1 17:27:56 UTC 2009 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=136176 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/136176: commit references a PR
Date: Wed,  1 Jul 2009 17:27:59 +0000 (UTC)

 garga       2009-07-01 17:27:44 UTC
 
   FreeBSD ports repository
 
   Modified files:
     mail/qmail           Makefile distinfo 
   Log:
   Fix qmtpc + outgoingip patch to prevent a segfault when both are applied
   
   PR:             ports/136176
   Submitted by:   Bryan Drewery <bryan@shatow.net>
   
   Revision  Changes    Path
   1.143     +1 -1      ports/mail/qmail/Makefile
   1.74      +3 -3      ports/mail/qmail/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
