affected file: qmail-smtpd.c affected function: int authenticate(void) steps to reproduce: 1) use alternative qmail-queue program that prints something to STDERR (fe. debug messages during development) original qmail-queue does not write log messages itself 2) use SMTP-AUTH in an SMTP session the authentication function calls fd_copy(2,1) to redirect STDERR to STDOUT. I think the intention is to send authentication error messages of the executed password program to the remote client. BUT "fd_copy" is called before a "fork" is performed, redirecting STDERR of the whole process and subsequently all executed programs (qmail-queue) to the client. This redirects messages, which are intended for the log, to the client. These messages acertainly not comply with RFC. The following patch moves the "fd_copy" to the forked process, leaving the parent process writing messages to STDERR and therefore the log file. ------------------------------ --- qmail-1.03.orig/qmail-smtpd.c 2004-11-19 09:00:53.000000000 +0100 +++ qmail-1.03/qmail-smtpd.c 2004-12-11 19:06:23.185045688 +0100 @@ -1006,7 +1006,6 @@ if (!stralloc_0(&pass)) die_nomem(); if (!stralloc_0(&resp)) die_nomem(); - if (fd_copy(2,1) == -1) return err_pipe(); //close(3); if (pipe(pi) == -1) return err_pipe(); //if (pi[0] != 3) return err_pipe(); @@ -1014,6 +1013,7 @@ case -1: return err_fork(); case 0: + if (fd_copy(2,1) == -1) _exit(1); close(pi[1]); if (pi[0] != 3) { close(3); ------------------------------
Is this still the case with -r16?
No response. Please reopen if you've comments.
