postfix-2.4.9

2025-08-30 13:48:06 +00:00 · 2008-09-02 00:00:00 -05:00
parent 8e5bb93aff
commit 61fae4f061
3 changed files with 14 additions and 2 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -13647,3 +13647,13 @@ Apologies for any names omitted.
 	legitimate configurations that deliver mail to a symbolic
 	link in a directory with less restrictive permissions.

+20080826
+
+	Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
+	With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
+	file descriptor leak when it executes non-Postfix commands
+	in, for example, user-controlled $HOME/.forward files.  A
+	local user can access a leaked epoll file descriptor to
+	implement a denial of service attack on Postfix. Data
+	confidentiality and integrity are not affected.  File:
+	util/events.c.
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20080814"
-#define MAIL_VERSION_NUMBER	"2.4.8"
+#define MAIL_RELEASE_DATE	"20080902"
+#define MAIL_VERSION_NUMBER	"2.4.9"

 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- a/postfix/src/util/events.c
+++ b/postfix/src/util/events.c
@@ -354,6 +354,7 @@ static int event_pollfd;		/* handle to file descriptor set */

 #define EVENT_REG_INIT_HANDLE(er, n) do { \
 	er = event_pollfd = open("/dev/poll", O_RDWR); \
+	if (event_pollfd >= 0) close_on_exec(event_pollfd, CLOSE_ON_EXEC); \
    } while (0)
 #define EVENT_REG_INIT_TEXT	"open /dev/poll"

@@ -425,6 +426,7 @@ static int event_epollfd;		/* epoll handle */

 #define EVENT_REG_INIT_HANDLE(er, n) do { \
 	er = event_epollfd = epoll_create(n); \
+	if (event_epollfd >= 0) close_on_exec(event_epollfd, CLOSE_ON_EXEC); \
    } while (0)
 #define EVENT_REG_INIT_TEXT	"epoll_create"