[pkgsrc/trunk]: pkgsrc/mail/exim exim: fix crash on startup if log_buffer is ...

[gavan <gavan%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d7aaadf960e2
branches:  trunk
changeset: 437314:d7aaadf960e2
user:      gavan <gavan%pkgsrc.org@localhost>
date:      Thu Aug 20 16:40:57 2020 +0000

description:
exim: fix crash on startup if log_buffer is allocated right after taint pool

The check whether a block of memory is tainted erroneously returns true
if the block in question starts the very next byte after a block in the
tainted pool. Depending on the memory allocator, this can cause problems.
For example, on NetBSD/amd64 9.0, this seems to allocate the first tainted
block immediately before log_buffer. This leads to a recursive error in
log_write the first time anything is written to the log, leading to a
segmentation fault when the stack fills up.

diffstat:

 mail/exim/Makefile                  |   4 ++--
 mail/exim/distinfo                  |   3 ++-
 mail/exim/patches/patch-src_store.c |  21 +++++++++++++++++++++
 3 files changed, 25 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r f6ae8708dc73 -r d7aaadf960e2 mail/exim/Makefile
--- a/mail/exim/Makefile        Thu Aug 20 16:27:03 2020 +0000
+++ b/mail/exim/Makefile        Thu Aug 20 16:40:57 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.180 2020/06/02 08:24:14 adam Exp $
+# $NetBSD: Makefile,v 1.181 2020/08/20 16:40:57 gavan Exp $
 
 DISTNAME=      exim-4.94
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    mail net
 MASTER_SITES=  ftp://ftp.exim.org/pub/exim/exim4/
 MASTER_SITES+= https://ftp.exim.org/pub/exim/exim4/
diff -r f6ae8708dc73 -r d7aaadf960e2 mail/exim/distinfo
--- a/mail/exim/distinfo        Thu Aug 20 16:27:03 2020 +0000
+++ b/mail/exim/distinfo        Thu Aug 20 16:40:57 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.77 2020/06/01 19:42:48 adam Exp $
+$NetBSD: distinfo,v 1.78 2020/08/20 16:40:57 gavan Exp $
 
 SHA1 (exim-4.94.tar.xz) = 60323c206be7d9f535c4bd369b470a514e489cd5
 RMD160 (exim-4.94.tar.xz) = 6b51d059d9667c732df9ccb87f0de9b341c35281
@@ -9,3 +9,4 @@
 SHA1 (patch-lookups_Makefile) = cfc40dba3f75ef37b9887f7767139ad50cf9d4e5
 SHA1 (patch-scripts_exim__install) = aa0a31e77d5f76e33bc92140c14d39c79f710b95
 SHA1 (patch-src_exicyclog.src) = cea5f04f52c9264fd7d279c046686dac2dc57a65
+SHA1 (patch-src_store.c) = db12aefb50c2741cb525b7363c4bafbe353dfc5f
diff -r f6ae8708dc73 -r d7aaadf960e2 mail/exim/patches/patch-src_store.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/exim/patches/patch-src_store.c       Thu Aug 20 16:40:57 2020 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-src_store.c,v 1.1 2020/08/20 16:40:57 gavan Exp $
+
+--- src/store.c.orig   2020-05-30 20:35:38.000000000 +0000
++++ src/store.c
+@@ -188,14 +188,14 @@ for (int pool = POOL_TAINT_BASE; pool < 
+   if ((b = current_block[pool]))
+     {
+     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
+-    if (US p >= bc && US p <= bc + b->length) return TRUE;
++    if (US p >= bc && US p < bc + b->length) return TRUE;
+     }
+ 
+ for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
+   for (b = chainbase[pool]; b; b = b->next)
+     {
+     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
+-    if (US p >= bc && US p <= bc + b->length) return TRUE;
++    if (US p >= bc && US p < bc + b->length) return TRUE;
+     }
+ return FALSE;
+ }