[Bug 4017] New: Infinite loop

[bu...@bugzilla.spamassassin.org]

http://bugzilla.spamassassin.org/show_bug.cgi?id=4017

           Summary: Infinite loop
           Product: Spamassassin
           Version: 3.0.0
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: critical
          Priority: P1
         Component: spamassassin
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: pobox@rgrs.com


Spamassassin v3.0.0 appears to be using an excessive amount
of open file descriptors for dns use.  This is likely a bug.
The exact amount depends on the message being processed.
For example, the particular spam I've been testing with
below needs at least 97 open fds to successfully complete.
The process limit is 64.

Once you hit the fd limit, there's the potential of getting
stuck in an infinite loop (i.e. some code continuely retries
opening a file on errno "too many open files").

You can tell if you've hit this bug by the following error
in your procmail log:

    procmail: Rescue of unfiltered data succeeded
    procmail: Timeout, terminating "/usr/local/bin/spamassassin.new"
    procmail: Kernel-lock failed
    procmail: Kernel-unlock failed

Here's a patch:

*** /usr/local/test-sa/lib/site_perl/5.8.0/Mail/SpamAssassin/Util.pm	Mon Sep 13
19:34:05 2004
--- Mail/SpamAssassin/Util.pm	Fri Dec  3 15:31:59 2004
***************
*** 724,766 ****
  
  ###########################################################################
  
- # thanks to http://www2.picante.com:81/~gtaylor/autobuse/ for this
- # code.
  sub secure_tmpfile {
!   my $tmpdir = Mail::SpamAssassin::Util::untaint_file_path(
!                  File::Spec->tmpdir()
!                );
!   if (!$tmpdir) {
!     die "Cannot find a temporary directory! set TMP or TMPDIR in env";
!   }
  
!   my ($reportfile,$tmpfile);
!   my $umask = umask 077;
!   do {
      # we do not rely on the obscurity of this name for security...
      # we use a average-quality PRG since this is all we need
!     my $suffix = join ('',
!                        (0..9, 'A'..'Z','a'..'z')[rand 62,
!                                                  rand 62,
!                                                  rand 62,
!                                                  rand 62,
!                                                  rand 62,
!                                                  rand 62]);
!     $reportfile = File::Spec->catfile(
!                     $tmpdir,
!                     join ('.',
!                       "spamassassin",
!                       $$,
!                       $suffix,
!                       "tmp",
!                     )
!                   );
      # ...rather, we require O_EXCL|O_CREAT to guarantee us proper
      # ownership of our file; read the open(2) man page.
!   } while (! sysopen ($tmpfile, $reportfile, O_RDWR|O_CREAT|O_EXCL, 0600));
!   umask $umask;
  
!   return ($reportfile, $tmpfile);
  }
  
  ###########################################################################
--- 724,766 ----
  
  ###########################################################################
  
  sub secure_tmpfile {
!   my ($reportfile, $suffix, $tmpdir, $tmpfile, $umask);
!   my $count = 0;
! 
!   $tmpdir = Mail::SpamAssassin::Util::untaint_file_path(File::Spec->tmpdir)
!       or die "Cannot find a temporary directory! set TMP or TMPDIR in env";
! 
!   $umask = umask 077;
  
!   while (1) {
      # we do not rely on the obscurity of this name for security...
      # we use a average-quality PRG since this is all we need
!     $suffix = join ('', (0..9,'A'..'Z','a'..'z')[rand 62,
! 						 rand 62,
! 						 rand 62,
! 						 rand 62,
! 						 rand 62,
! 						 rand 62]);
!     $reportfile = File::Spec->catfile($tmpdir, join('.',
! 						    "spamassassin",
! 						    $$,
! 						    $suffix,
! 						    "tmp"));
!     die "Problem creating temporary file" if ++$count > 100_000;
! 
!     next if -e $reportfile;
! 
      # ...rather, we require O_EXCL|O_CREAT to guarantee us proper
      # ownership of our file; read the open(2) man page.
!     sysopen $tmpfile, $reportfile, O_RDWR|O_CREAT|O_EXCL, 0600
! 	or die "Cannot create temporary file \"$reportfile\": $!";
! 
!     last;
!   }
  
!   umask $umask;
!   return($reportfile, $tmpfile);
  }



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4017] Infinite loop

[bu...@bugzilla.spamassassin.org]

http://bugzilla.spamassassin.org/show_bug.cgi?id=4017





------- Additional Comments From pobox@rgrs.com  2004-12-03 15:15 -------
Created an attachment (id=2546)
 --> (http://bugzilla.spamassassin.org/attachment.cgi?id=2546&action=view)
here's the patch




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4017] Infinite loop

[bu...@bugzilla.spamassassin.org]

http://bugzilla.spamassassin.org/show_bug.cgi?id=4017





------- Additional Comments From spamassassin-contrib@msquadrat.de  2004-12-03 15:47 -------
Please use the unified format (diff -u) to create the patch.  Thanks. 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 4017] Infinite loop

[bu...@bugzilla.spamassassin.org]

http://bugzilla.spamassassin.org/show_bug.cgi?id=4017





------- Additional Comments From spamassassin-contrib@msquadrat.de  2004-12-03 15:48 -------
*** Bug 4016 has been marked as a duplicate of this bug. ***



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.