[Mimedefang] MIMEDefang 3.4.1 fixes

Mon Jun 3 22:34:47 EDT 2024

Hi.

- In both mimedefang and the multiplexor, fix use-after-free of lockfile
  name.
- In mimedefang, fix minor memory leak caused by specifying more than one
  -m option.
- Ensure mimedefang deletes its socket upon termination.

Lastly, in your release tarballs, please do NOT include files generated by 
your configure script.

Thanks and have a great day.

Marc.

diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/mimedefang-multiplexor.c devel-3.4.1/mimedefang-multiplexor.c

--- mimedefang-3.4.1/mimedefang-multiplexor.c	2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/mimedefang-multiplexor.c	2024-05-28 21:01:47.605110408 -0600
@@ -1056,7 +1056,7 @@ main(int argc, char *argv[], char **env)

     /* Do the locking */
     if (pidfile || lockfile) {
-	if ( (lockfile_fd = write_and_lock_pidfile(pidfile, lockfile, pidfile_fd)) < 0) {
+	if ( (lockfile_fd = write_and_lock_pidfile(pidfile, &lockfile, pidfile_fd)) < 0) {
 	    REPORT_FAILURE("Cannot lock lockfile: Is another copy running?");
 	    exit(EXIT_FAILURE);
 	}
diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/mimedefang.c devel-3.4.1/mimedefang.c
--- mimedefang-3.4.1/mimedefang.c	2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/mimedefang.c	2024-06-01 16:32:24.060072056 -0600
@@ -2267,6 +2267,7 @@ main(int argc, char **argv)
     int nodaemon = 0;
     char buf[SMALLBUF];
     int got_p_option = 0;
+    char *sockfile = NULL;
     int kidpipe[2];
     char kidmsg[256];
     int pidfile_fd = -1;
@@ -2499,6 +2500,7 @@ main(int argc, char **argv)
 	    break;
 	case 'm':
 	    /* Multiplexor */
+	    if (MultiplexorSocketName) free(MultiplexorSocketName);
 	    MultiplexorSocketName = strdup(optarg);
 	    if (!MultiplexorSocketName) {
 		fprintf(stderr, "%s: Out of memory\n", argv[0]);
@@ -2515,6 +2517,12 @@ main(int argc, char **argv)
 			argv[0], optarg);
 		exit(EXIT_FAILURE);
 	    }
+	    if (sockfile) free(sockfile);
+	    sockfile = strdup(optarg);
+	    if (!sockfile) {
+		fprintf(stderr, "%s: Out of memory\n", argv[0]);
+		exit(EXIT_FAILURE);
+	    }
 	    got_p_option = 1;
 	    /* Remove socket from file system if it's a local socket */
 	    (void) remove_local_socket(optarg);
@@ -2694,7 +2702,7 @@ main(int argc, char **argv)

     /* Do the locking */
     if (pidfile || lockfile) {
-	if ( (lockfile_fd = write_and_lock_pidfile(pidfile, lockfile, pidfile_fd)) < 0) {
+	if ( (lockfile_fd = write_and_lock_pidfile(pidfile, &lockfile, pidfile_fd)) < 0) {
 	    /* Signal the waiting parent */
 	    REPORT_FAILURE("Cannot lock lockfile: Is another copy running?");
 	    exit(EXIT_FAILURE);
@@ -2765,6 +2773,9 @@ main(int argc, char **argv)
     if (lockfile) {
 	unlink(lockfile);
     }
+    if (sockfile) {
+	remove(sockfile);
+    }
     return rc;
 }

diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/mimedefang.h devel-3.4.1/mimedefang.h
--- mimedefang-3.4.1/mimedefang.h	2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/mimedefang.h	2024-05-28 15:18:36.377783713 -0600
@@ -69,7 +69,7 @@ extern int make_listening_socket(char const *str, int backlog, int must_be_unix);
 extern void do_delay(char const *sleepstr);
 extern int is_localhost(struct sockaddr *);
 extern int remove_local_socket(char const *str);
-extern int write_and_lock_pidfile(char const *pidfile, char *lockfile, int fd);
+extern int write_and_lock_pidfile(char const *pidfile, char **lockfile, int fd);
 #ifdef EMBED_PERL
 extern int make_embedded_interpreter(char const *progPath,
 				     char const *subFilter,
diff -NRapruz -X /etc/diff.excludes mimedefang-3.4.1/utils.c devel-3.4.1/utils.c
--- mimedefang-3.4.1/utils.c	2023-04-11 17:03:43.000000000 -0600
+++ devel-3.4.1/utils.c	2024-05-28 15:22:24.885037463 -0600
@@ -1305,30 +1305,31 @@ free_debug(void *ctx, void *x, char const *fname, int line)
 #endif

 int
-write_and_lock_pidfile(char const *pidfile, char *lockfile, int pidfile_fd)
+write_and_lock_pidfile(char const *pidfile, char **lockfile, int pidfile_fd)
 {
     struct flock fl;
     char buf[64];
     int lockfile_fd;
     size_t len;

-    if (!lockfile) {
+    if (!*lockfile) {
 	if (!pidfile) {
 	    return -1;
 	}
 	len = strlen(pidfile) + 6;
 	/* If no lockfile was supplied, construct one based on pidfile */
-	lockfile = malloc(len);
-	if (!lockfile) {
+	*lockfile = malloc(len);
+	if (!*lockfile) {
 	    return -1;
 	}

-	snprintf(lockfile, len, "%s.lock", pidfile);
+	snprintf(*lockfile, len, "%s.lock", pidfile);
     }

-    lockfile_fd = open(lockfile, O_RDWR|O_CREAT, 0666);
+    lockfile_fd = open(*lockfile, O_RDWR|O_CREAT, 0666);
     if (lockfile_fd < 0) {
-      free(lockfile);
+      free(*lockfile);
+      *lockfile = NULL;
       return -1;
     }

@@ -1338,8 +1339,7 @@ write_and_lock_pidfile(char const *pidfile, char *lockfile, int pidfile_fd)
     fl.l_len = 0;

     if (fcntl(lockfile_fd, F_SETLK, &fl) < 0) {
-      syslog(LOG_ERR, "Could not lock lockfile file %s: %m.  Is another copy running?", lockfile);
-      free(lockfile);
+      syslog(LOG_ERR, "Could not lock lockfile file %s: %m.  Is another copy running?", *lockfile);
       return -1;
     }
     if (pidfile_fd >= 0) {
@@ -1349,11 +1349,9 @@ write_and_lock_pidfile(char const *pidfile, char *lockfile, int pidfile_fd)

 	/* Close the pidfile fd; no longer needed */
 	if (close(pidfile_fd) < 0) {
-      free(lockfile);
 	    return -1;
 	}
     }
-    free(lockfile);

     /* Do NOT close lockfile_fd... it will close and lock will be released
        when we exit */

