|
 |
aec43b3 |
Patches by Paul Howarth
|
|
|
aec43b3 |
https://bugzilla.redhat.com/show_bug.cgi?id=485426
|
|
|
aec43b3 |
|
|
|
aec43b3 |
--- sendmail-8.14.3/sendmail/milter.c 2008-09-19 15:51:03.000000000 +0100
|
|
|
aec43b3 |
+++ sendmail-8.14.3/sendmail/milter.c 2008-09-19 16:37:57.000000000 +0100
|
|
|
aec43b3 |
@@ -30,6 +30,9 @@
|
|
|
aec43b3 |
|
|
|
aec43b3 |
# include <sm/fdset.h>
|
|
|
aec43b3 |
|
|
|
aec43b3 |
+# include <unistd.h>
|
|
|
aec43b3 |
+# include <fcntl.h>
|
|
|
aec43b3 |
+
|
|
|
aec43b3 |
static void milter_connect_timeout __P((int));
|
|
|
aec43b3 |
static void milter_error __P((struct milter *, ENVELOPE *));
|
|
|
aec43b3 |
static int milter_open __P((struct milter *, bool, ENVELOPE *));
|
|
|
aec43b3 |
@@ -650,6 +653,7 @@
|
|
|
aec43b3 |
SOCKADDR_LEN_T addrlen = 0;
|
|
|
aec43b3 |
int addrno = 0;
|
|
|
aec43b3 |
int save_errno;
|
|
|
aec43b3 |
+ int fdflags;
|
|
|
aec43b3 |
char *p;
|
|
|
aec43b3 |
char *colon;
|
|
|
aec43b3 |
char *at;
|
|
|
aec43b3 |
@@ -1186,6 +1190,21 @@
|
|
|
aec43b3 |
(char *)&nodelay, sizeof(nodelay));
|
|
|
aec43b3 |
}
|
|
|
aec43b3 |
# endif /* MILTER_NO_NAGLE && !defined(TCP_CORK) */
|
|
|
aec43b3 |
+
|
|
|
aec43b3 |
+ /*
|
|
|
aec43b3 |
+ ** Need to set close-on-exec for sock to prevent it
|
|
|
aec43b3 |
+ ** leaking to the local delivery process
|
|
|
aec43b3 |
+ */
|
|
|
aec43b3 |
+ if ((fdflags = fcntl(sock, F_GETFD, 0)) == -1 ||
|
|
|
aec43b3 |
+ fcntl(sock, F_SETFD, fdflags | FD_CLOEXEC) == -1)
|
|
|
aec43b3 |
+ {
|
|
|
aec43b3 |
+ save_errno = errno;
|
|
|
aec43b3 |
+ if (MilterLogLevel > 0)
|
|
|
aec43b3 |
+ sm_syslog(LOG_WARNING, e->e_id,
|
|
|
aec43b3 |
+ "Milter (%s): Unable to set close-on-exec on sock (%s)",
|
|
|
aec43b3 |
+ m->mf_name, sm_errstring(save_errno = errno));
|
|
|
aec43b3 |
+ }
|
|
|
aec43b3 |
+
|
|
|
aec43b3 |
return sock;
|
|
|
aec43b3 |
}
|
|
|
aec43b3 |
|
|
|
aec43b3 |
--- sendmail-8.14.3/libmilter/listener.c 2007-04-23 23:22:50.000000000 +0100
|
|
|
aec43b3 |
+++ sendmail-8.14.3/libmilter/listener.c 2008-06-18 16:36:38.000000000 +0100
|
|
|
aec43b3 |
@@ -728,6 +728,7 @@
|
|
|
aec43b3 |
int acnt = 0; /* error count for accept() failures */
|
|
|
aec43b3 |
int scnt = 0; /* error count for select() failures */
|
|
|
aec43b3 |
int save_errno = 0;
|
|
|
aec43b3 |
+ int fdflags;
|
|
|
aec43b3 |
#if !_FFR_WORKERS_POOL
|
|
|
aec43b3 |
sthread_t thread_id;
|
|
|
aec43b3 |
#endif /* !_FFR_WORKERS_POOL */
|
|
|
aec43b3 |
@@ -807,6 +808,19 @@
|
|
|
aec43b3 |
(void) smutex_unlock(&L_Mutex);
|
|
|
aec43b3 |
|
|
|
aec43b3 |
/*
|
|
|
aec43b3 |
+ ** Need to set close-on-exec for connfd in case a user's
|
|
|
aec43b3 |
+ ** filter starts other applications
|
|
|
aec43b3 |
+ */
|
|
|
aec43b3 |
+ if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 ||
|
|
|
aec43b3 |
+ fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1)
|
|
|
aec43b3 |
+ {
|
|
|
aec43b3 |
+ smi_log(SMI_LOG_WARN,
|
|
|
aec43b3 |
+ "%s: Unable to set close-on-exec on connfd (%s)",
|
|
|
aec43b3 |
+ smfi->xxfi_name, sm_errstring(errno));
|
|
|
aec43b3 |
+ /* XXX: continue? */
|
|
|
aec43b3 |
+ }
|
|
|
aec43b3 |
+
|
|
|
aec43b3 |
+ /*
|
|
|
aec43b3 |
** If remote side closes before accept() finishes,
|
|
|
aec43b3 |
** sockaddr might not be fully filled in.
|
|
|
aec43b3 |
*/
|