[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Was: 2.99.49p9 router loop ->> killer message for p10s9
- To: crosser@online.ru
- Subject: Re: Was: 2.99.49p9 router loop ->> killer message for p10s9
- From: Matti Aarnio <matti.aarnio@tele.fi>
- Date: Wed, 11 Mar 1998 22:16:35 +0200 (EET)
- Cc: zmailer@nic.funet.fi
- In-Reply-To: <ML-3.3.889638374.7349.crosser@ariel.sovam.com> from Eugene Crosser at "Mar 11, 98 08:46:14 pm"
- Phone: +358-20402082 (office, with redirection to cellular)
> > > While 2.99.49p9 on Solaris 2.5.1 processed the below message, the router
> > > looped and exhausted all the memory. What I found the Cc: header has a
> > > unclosed double quote, is that the cause? And latest Zmailer has
> > > remedy on it?
> >
> > Very likely yes, that is the cause.
> > And yes, the lattest snapshots have a remedy for it.
>
> Last Saturday, the two messages that I am attaching caused routers .49p10s9
> die. cf files are from .49p10s9 plus your patch for x400 style addresses
> (of 3 March). I think it's worth your investigation? Writing this in
> person not to dump the mailing list.
The samples I got were nearly identical.
What they eventually revealed was overflow in
error printout routine where it stores indexes
to the errors.
Patch below. (Soon also in CVS.)
> Eugene
Content-Description: 79852-28679
[application/octet-stream is not supported, skipping...]
Content-Description: 79866-28687
[application/octet-stream is not supported, skipping...]
/Matti Aarnio
Index: router/rfc822hdrs.c
===================================================================
RCS file: /home/mea/src/CVSROOT/zmailer/router/rfc822hdrs.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 rfc822hdrs.c
--- router/rfc822hdrs.c 1998/02/10 21:01:51 1.1.1.1
+++ router/rfc822hdrs.c 1998/03/11 20:09:04
@@ -194,7 +194,8 @@
if (e->e_resent) {
strcpy(buf, "Resent-");
- strcat(buf, s);
+ strncpy(buf+7, s, sizeof(buf)-8);
+ buf[sizeof(buf)-1] = 0;
s = strsave(buf);
}
if (!CISTREQ(h->h_descriptor->hdr_name, s)) {
@@ -287,7 +288,7 @@
register struct header *h;
static struct headerinfo *msgidDesc;
static int genseq = 0;
- char buf[1024]; /* XX: tsk tsk */
+ char buf[200]; /* XX: tsk tsk */
struct tm *ts;
if (msgidDesc == NULL) {
@@ -318,14 +319,14 @@
}
*p = '\0';
cp = tzbuf;
- sprintf(buf, "<%02d%s%d.%02d%02d%02d%s.%s+%d@%s>",
+ sprintf(buf, "<%02d%s%d.%02d%02d%02d%.20s.%.20s+%d@%.90s>",
ts->tm_year % 100, monthname[ts->tm_mon], ts->tm_mday,
ts->tm_hour, ts->tm_min, ts->tm_sec,
cp, e->e_file, ++genseq, myhostname);
}
#else /* New way to do this .. more compressed one.. */
ts = gmtime(&unixtime);
- sprintf(buf, "<%04d%02d%02d%02d%02d%02dZ%s+%d@%s>",
+ sprintf(buf, "<%04d%02d%02d%02d%02d%02dZ%.20s+%d@%.90s>",
ts->tm_year + 1900, ts->tm_mon + 1, ts->tm_mday,
ts->tm_hour, ts->tm_min, ts->tm_sec,
e->e_file, ++genseq, myhostname);
@@ -888,6 +889,8 @@
* because it needs to be kept in sync with the functions above.
*/
+struct errmsgpos { int pos; token822 *tokens; };
+
void
errprint(fp, pp, hdrlen)
FILE *fp;
@@ -897,7 +900,9 @@
int inAddress, n, i, j, len;
token822 *t;
struct addr *lastp, *tpp;
- struct { int pos; token822 *tokens; } errmsg[200];
+
+ static struct errmsgpos * errmsg = NULL;
+ static int errmsgposspace = 0;
inAddress = 0;
for (lastp = NULL, tpp = pp; tpp != NULL; tpp = tpp->p_next)
@@ -912,6 +917,19 @@
else if (pp->p_type == anAddress)
inAddress = 1;
else if (pp->p_type == anError) {
+ if (n >= errmsgposspace) {
+ /* Must expand the space */
+ if (errmsgposspace == 0) {
+ errmsgposspace = 100;
+ errmsg = (void*) emalloc(sizeof(*errmsg) *
+ errmsgposspace);
+ } else {
+ errmsgposspace <<= 1;
+ errmsg = (void*) erealloc(errmsg,
+ sizeof(*errmsg) *
+ errmsgposspace);
+ }
+ }
errmsg[n].pos = len - 1;
errmsg[n++].tokens = pp->p_tokens;
continue;