ports/132119: [patch] mail/spamd memory leak in grey.c

Thu Feb 26 10:00:13 UTC 2009

>Number:         132119
>Category:       ports
>Synopsis:       [patch] mail/spamd memory leak in grey.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 26 10:00:12 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     olli hauer
>Release:        
>Organization:
>Environment:
>Description:
spamd leaking memory, see discussion
http://lists.freebsd.org/pipermail/freebsd-pf/2009-February/005000.html

The following patch from Bob Beck will solve the issue.
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/grey.c.diff?r1=1.45;r2=1.46

Regards,
olli hauer
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

+++ files/patch-grey_c  2009-02-26 10:36:14.000000000 +0100
@@ -0,0 +1,68 @@
+--- spamd/grey.c.orig  2007-06-06 12:43:19.000000000 +0200
++++ spamd/grey.c   2009-02-26 10:33:33.000000000 +0100
+@@ -376,7 +376,7 @@
+   static char buf[MAX_MAIL];
+   char *cp;
+
+-  if (*addr == '<');
++  if (*addr == '<')
+       addr++;
+   (void) strlcpy(buf, addr, sizeof(buf));
+   cp = strrchr(buf, '>');
+@@ -398,8 +398,11 @@
+   size_t len;
+   struct mail_addr *m;
+
+-  while (!SLIST_EMPTY(&match_suffix))
++  while (!SLIST_EMPTY(&match_suffix)) {
++      m = SLIST_FIRST(&match_suffix);
+       SLIST_REMOVE_HEAD(&match_suffix, entry);
++      free(m);
++  }
+   if ((fp = fopen(alloweddomains_file, "r")) != NULL) {
+       while ((buf = fgetln(fp, &len))) {
+ #ifdef __FreeBSD__
+@@ -410,11 +413,11 @@
+               buf++;
+               len--;
+           }
++          if (len == 0)
++              continue;
+           /* jump over comments and blank lines */
+           if (*buf == '#' || *buf == '\n')
+               continue;
+-          if (len == 0)
+-              continue;
+ #endif
+           if (buf[len-1] == '\n')
+               len--;
+@@ -434,8 +437,11 @@
+   }
+   return;
+ bad:
+-  while (!SLIST_EMPTY(&match_suffix))
++  while (!SLIST_EMPTY(&match_suffix)) {
++      m = SLIST_FIRST(&match_suffix);
+       SLIST_REMOVE_HEAD(&match_suffix, entry);
++      free(m);
++  }
+ }
+
+ void
+@@ -609,6 +615,7 @@
+       dbc->act = 0;
+       dbc->dsiz = 0;
+       SLIST_REMOVE_HEAD(&db_changes, entry);
++      free(dbc);
+
+   }
+   return(ret);
+@@ -795,7 +802,7 @@
+
+   now = time(NULL);
+   /* expiry times have to be in the future */
+-  expire = strtonum(expires, now, UINT_MAX, NULL);
++  expire = strtonum(expires, now, INT_MAX, NULL);
+   if (expire == 0)
+       return(-1);
+


>Release-Note:
>Audit-Trail:
>Unformatted:

