X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fdeliver.c;h=c97874a2b6c328bd3d0b1c0598b5a9e7076e6d70;hp=357c60702c05e37b72ce7536f88e365bef17799c;hb=863bd541063e72fcea7305b9d3ee2cb460a6d3d1;hpb=92b0827a90559a266bd00662d842b643ac8bdc81

diff --git a/src/src/deliver.c b/src/src/deliver.c
index 357c60702..c97874a2b 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -944,7 +944,7 @@ for (topaddr = addr; topaddr->parent; topaddr = topaddr->parent) ;
 /* We start with just the local part for pipe, file, and reply deliveries, and
 for successful local deliveries from routers that have the log_as_local flag
 set. File deliveries from filters can be specified as non-absolute paths in
-cases where the transport is goin to complete the path. If there is an error
+cases where the transport is going to complete the path. If there is an error
 before this happens (expansion failure) the local part will not be updated, and
 so won't necessarily look like a path. Add extra text for this case. */
 
@@ -2360,7 +2360,7 @@ if ((pid = fork()) == 0)
 	     )
 	 )
       )
-      log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n",
+      log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s",
 	ret == -1 ? strerror(errno) : "short write");
 
     /* Now any messages */
@@ -2371,7 +2371,7 @@ if ((pid = fork()) == 0)
       if(  (ret = write(pfd[pipe_write], &message_length, sizeof(int))) != sizeof(int)
         || message_length > 0  && (ret = write(pfd[pipe_write], s, message_length)) != message_length
 	)
-        log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n",
+        log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s",
 	  ret == -1 ? strerror(errno) : "short write");
       }
     }
@@ -2402,8 +2402,7 @@ will remain. Afterwards, close the reading end. */
 
 for (addr2 = addr; addr2; addr2 = addr2->next)
   {
-  len = read(pfd[pipe_read], &status, sizeof(int));
-  if (len > 0)
+  if ((len = read(pfd[pipe_read], &status, sizeof(int))) > 0)
     {
     int i;
     uschar **sptr;
@@ -2420,10 +2419,24 @@ for (addr2 = addr; addr2; addr2 = addr2->next)
 
     if (testflag(addr2, af_file))
       {
-      int local_part_length;
-      len = read(pfd[pipe_read], &local_part_length, sizeof(int));
-      len = read(pfd[pipe_read], big_buffer, local_part_length);
-      big_buffer[local_part_length] = 0;
+      int llen;
+      if (  read(pfd[pipe_read], &llen, sizeof(int)) != sizeof(int)
+	 || llen > 64*4	/* limit from rfc 5821, times I18N factor */
+         )
+	{
+	log_write(0, LOG_MAIN|LOG_PANIC, "bad local_part length read"
+	  " from delivery subprocess");
+	break;
+	}
+      /* sanity-checked llen so disable the Coverity error */
+      /* coverity[tainted_data] */
+      if (read(pfd[pipe_read], big_buffer, llen) != llen)
+	{
+	log_write(0, LOG_MAIN|LOG_PANIC, "bad local_part read"
+	  " from delivery subprocess");
+	break;
+	}
+      big_buffer[llen] = 0;
       addr2->local_part = string_copy(big_buffer);
       }
 
@@ -3529,7 +3542,7 @@ while (!done)
       {
 #ifdef SUPPORT_SOCKS
       case '2':	/* proxy information; must arrive before A0 and applies to that addr XXX oops*/
-	proxy_session = TRUE;	/*XXX shouod this be cleared somewhere? */
+	proxy_session = TRUE;	/*XXX should this be cleared somewhere? */
 	if (*ptr == 0)
 	  ptr++;
 	else
@@ -4331,7 +4344,7 @@ for (delivery_count = 0; addr_remote; delivery_count++)
 	  )  )
        && (  !multi_domain
 	  || (  (
-		!tp->expand_multi_domain || (deliver_set_expansions(next), 1),
+		(void)(!tp->expand_multi_domain || ((void)deliver_set_expansions(next), 1)),
 	        exp_bool(addr,
 		    US"transport", next->transport->name, D_transport,
 		    US"multi_domain", next->transport->multi_domain,
@@ -4556,7 +4569,7 @@ for (delivery_count = 0; addr_remote; delivery_count++)
     }
 
   /* Now fork a subprocess to do the remote delivery, but before doing so,
-  ensure that any cached resourses are released so as not to interfere with
+  ensure that any cached resources are released so as not to interfere with
   what happens in the subprocess. */
 
   search_tidyup();
@@ -5555,7 +5568,11 @@ Otherwise it might be needed again. */
 	"journal file\n", big_buffer);
       }
     rewind(jread);
-    journal_fd = fileno(jread);
+    if ((journal_fd = dup(fileno(jread))) < 0)
+      journal_fd = fileno(jread);
+    else
+      (void) fclose(jread);	/* Try to not leak the FILE resource */
+
     /* Panic-dies on error */
     (void)spool_write_header(message_id, SW_DELIVERING, NULL);
     }
@@ -7330,7 +7347,7 @@ while (addr_failed)
   /* Otherwise, handle the sending of a message. Find the error address for
   the first address, then send a message that includes all failed addresses
   that have the same error address. Note the bounce_recipient is a global so
-  that it can be accesssed by $bounce_recipient while creating a customized
+  that it can be accessed by $bounce_recipient while creating a customized
   error message. */
 
   else
@@ -8284,7 +8301,7 @@ if (remove_journal)
     log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", fname,
       strerror(errno));
 
-  /* Move the message off the spool if reqested */
+  /* Move the message off the spool if requested */
 
 #ifdef SUPPORT_MOVE_FROZEN_MESSAGES
   if (deliver_freeze && move_frozen_messages)