#3637: mutt-1.5.21: mutt doesn't check mktemp() result, thus hangs in endless
loop
sometimes
-----------------+-------------------
Reporter: is@… | Type: defect
Status: new | Priority: major
-----------------+-------------------
{{{
Package: mutt
Version: 1.5.21
Severity: normal
-- Please type your report below this line
One of the users at my workplace mistankenly created the tmpdir using
'touch', thus creating a plain file instead of a directory. The next
time he started mutt, it hung after accepting the IMAP password in a
tight loop, consuming nearly 100% CPU time.
Investigation with a debugger showed lib.c lines ca. 566 - 571:
566 do
567 {
568 snprintf (newdir, ndlen, "%s/%s", parent, ".muttXXXXXX");
569 mktemp (newdir);
570 }
571 while ((rv = mkdir (newdir, 0700)) == -1 && errno == EEXIST);
572
573 if (rv == -1)
574 return -1;
What happens is that mktemp() fails. As the return value is not checked,
the value of newdir - which happens to be shortened to the directory
component at the point of the error - is used, and mkdir() fails with
EEXIST, resulting in an endless (well, until the tmpdir file is removed)
loop.
The easy way out would be to replace line 569 by
if (mktemp (newdir) == NUL)
return -1;
I'd prefer to replace the whole sequence above (566-574) with
snprintf (newdir, ndlen, "%s/%s", parent, ".muttXXXXXX");
if (mkdtemp (newdir) == NULL)
return -1;
(A local patch to this effect has been added to pkgsrc as a temporary
fix.)
Note that there are other places (eg. in muttlib.c) where mktemp is
not checked for failure; I've not analyzed their impact.
-- System Information
System Version: NetBSD marie 5.1.2_PATCH NetBSD 5.1.2_PATCH (MARIE) #0:
Sun Oct 14 10:49:18 CEST 2012
is@henrietta:/var/itch/sources/51/obj.shark/sys/arch/shark/compile/MARIE
shark
-- Build environment information
(Note: This is the build environment installed on the system
muttbug is run on. Information may or may not match the environment
used to build mutt.)
- gcc version information
cc
Using built-in specs.
Target: arm--netbsdelf
Configured with: /usr/src/tools/gcc/../../gnu/dist/gcc4/configure
--enable-long-long --disable-multilib --enable-threads --disable-symvers
--build=x86_64-unknown-netbsd4.99.72 --host=arm--netbsdelf --target=arm--
netbsdelf --enable-__cxa_atexit
Thread model: posix
gcc version 4.1.3 20080704 prerelease (NetBSD nb2 20081120)
- CFLAGS
-Wall -pedantic -Wno-long-long -O2 -I/usr/include -I/usr/pkg/include/db4
-- Mutt Version Information
Mutt 1.5.21 (2010-09-15)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: NetBSD 5.1.2_PATCH (shark)
hcache backend: Berkeley DB 4.8.30: (April 9, 2010)
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL -USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL
-USE_FLOCK
+USE_POP +USE_IMAP -USE_SMTP
+USE_SSL_OPENSSL -USE_SSL_GNUTLS -USE_SASL -USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR -HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME
-CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS -HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/pkg/share/mutt"
SYSCONFDIR="/usr/pkg/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to <[email protected]>.
To report a bug, please visit http://bugs.mutt.org/.
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3637>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
