Timo Sirainen [Fri, 15 Aug 2014 12:22:46 +0000 (15:22 +0300)]
istream-chain: Support using io_add_istream() for the chain stream.
The callback is notified whenever new streams are added to the chain.
It's currently not possible to have nonblocking istreams added to the chain
and the callback being called when they have new data, but it would be
possible to implement as well if needed at some point.
Phil Carmody [Fri, 15 Aug 2014 12:02:59 +0000 (15:02 +0300)]
pop3: satisfy some strict parsing rules in RFC 1939
"Commands in the POP3 consist of a case-insensitive keyword, possibly
followed by one or more arguments. All commands are terminated by a
CRLF pair. Keywords and arguments consist of printable ASCII
characters. Keywords and arguments are each separated by a single
SPACE character."
"A server MUST respond to an unrecognized, unimplemented, or
syntactically invalid command by responding with a negative status
indicator."
Therefore the following commands must be rejected:
LIST 2600Hz
LIST 99 red balloons
TOP 1 2 buckle-my-shoe
Phil Carmody [Fri, 15 Aug 2014 12:02:59 +0000 (15:02 +0300)]
pop3: fix msgnum/size parsers
The outer if()s are completely unnecessary, and permit `num'
to remain uninitialised. Spotted by clang's static analysis.
Note that the lack of a parameter from a broken client is no longer
treated as "0". Before the bug was introduced:
DELE
-ERR There's no message 0.
After this patch:
DELE
-ERR Invalid message number:
Timo Sirainen [Fri, 15 Aug 2014 11:41:03 +0000 (14:41 +0300)]
Handle "out of disk space" and "out of user quota" as separate cases.
"Out of disk space" is a temporary error that should be logged as error and
the failure should be sent to user as "Internal server error".
Obsolete the use of MAIL_ERROR_NOSPACE and MAIL_ERRSTR_NO_SPACE. Use the
clearer MAIL_ERROR_NOQUOTA and MAIL_ERRSTR_NO_QUOTA instead.
Phil Carmody [Wed, 13 Aug 2014 10:34:22 +0000 (13:34 +0300)]
lib-http: server_request/connection - improve encapsulation
It just feels a bit dirty having the request mess around with the
connection's internals, have the connection manage its linked lists
itself. No functional changes.
Timo Sirainen [Tue, 12 Aug 2014 15:48:03 +0000 (18:48 +0300)]
virtual plugin: Optimized syncing a large number of physical mailboxes.
Especially when the number of mails was large the old code took a lot of CPU
time. Based on patch by Teemu Huovila.
Timo Sirainen [Tue, 12 Aug 2014 10:12:01 +0000 (13:12 +0300)]
lib-http server: Delay calling the request's destroy callback until handle_request() callback is finished.
This simplifies the code in the handle_request() so it doesn't need to keep
track of whether the response is already submitted or not.
Timo Sirainen [Tue, 12 Aug 2014 09:39:46 +0000 (12:39 +0300)]
fts-lucene: If lucene-indexes dir is unexpectedly lost, rescan when expunge log update fails.
This mainly fixes a repeating error about failing to open the expunge log.
It should happen only if dovecot.index thinks that the mailbox is indexed
while in reality the entire lucene-indexes directory doesn't exist.
Timo Sirainen [Mon, 11 Aug 2014 16:30:15 +0000 (19:30 +0300)]
ostream-buffer: Allow modifying the buffer outside ostream, unless o_stream_seek() is used.
Now we'll just append to the end of the buffer instead of forcibly trying to
write at the offset where the last ostream write ended.
Timo Sirainen [Mon, 11 Aug 2014 12:54:43 +0000 (15:54 +0300)]
lib: io_stream_copy() no longer attempts to read full block sizes from input.
Although that may be more efficient for writing (to files), it causes
unnecessary work for the input stream. The writing part should also be
optimized anyway if the caller corks the output stream.
Timo Sirainen [Mon, 11 Aug 2014 12:45:21 +0000 (15:45 +0300)]
lib-http: Don't leak memory if HTTP client disconnects unexpectedly.
http_server_connection_disconnect() has several cleanup calls, which weren't
done because closed=TRUE was set explicitly and that skipped the cleanup.
Timo Sirainen [Sat, 9 Aug 2014 07:10:34 +0000 (10:10 +0300)]
doveadm fs put: Added -h <hash> parameter to specify the file's hash.
The hash (in hex) is automatically detected to be either MD5 or SHA256 based
on its size. If the fs backend doesn't support the hash it'll fail.
Otherwise it'll make sure that the written file matches the given hash.
Timo Sirainen [Fri, 8 Aug 2014 13:20:31 +0000 (16:20 +0300)]
fts: Added fts_no_autofuzzy setting to require exact matches for found results.
This is done by using the FTS search results as only filters on which the
regular non-FTS search is done.
Timo Sirainen [Fri, 8 Aug 2014 10:46:05 +0000 (13:46 +0300)]
lib-storage: mailbox_get_*status(STATUS_HIGHESTMODSEQ) now enables CONDSTORE feature.
This makes sure that the highestmodseq is added to the mailbox list index if
not already there.
Timo Sirainen [Fri, 8 Aug 2014 10:32:08 +0000 (13:32 +0300)]
virtual: Make sure modseqs are always enabled for backend mailboxes.
mailbox_get_status() wasn't adding a missing highestmodseq otherwise to the
mailbox list index.
Timo Sirainen [Wed, 6 Aug 2014 13:39:27 +0000 (16:39 +0300)]
auth: passdb static assumed that missing "password" field meant empty password
Missing password should be an error unless nopassword is set. If an empty
password is wanted then "password=" can be used.
Timo Sirainen [Tue, 5 Aug 2014 15:43:31 +0000 (17:43 +0200)]
lib-http server: Require handle_request() to either send a response or reference the request.
This should make it more difficult to accidentally forget to send a
response and cause a hang.
Currently this assert-crashes, although it would have been possible to make
it return some internal error instead also.
Timo Sirainen [Tue, 5 Aug 2014 14:07:25 +0000 (16:07 +0200)]
lib-http server: Removed "bool close" parameters in favor of _close() functions.
Most callers don't want to close the connection so it's an extra parameter
usually. Also it's difficult to remember what the TRUE/FALSE means so it's
easy to cause bugs by copy&pasting the code.
http_server_request_fail() will also now forcibly close the connection if
conn->input_broken is set.
Phil Carmody [Wed, 30 Jul 2014 12:01:29 +0000 (15:01 +0300)]
lib: test-data-stack - add some fatal tests.
Extra caution is necessary as data-stack is such a fundamental component.
All of the brokenness that we add must be undone as soon as possible, or
there will be an endless loop of catastrophic errors. In order to avoid
that, at least try to detect some issues, and abort as quickly as possible.
Alas, due to the reliance of these tests on DEBUG code, if that's not set,
this test is a no-op.
Phil Carmody [Wed, 30 Jul 2014 12:01:29 +0000 (15:01 +0300)]
lib-test: permit tests of fatal conditions
Some functions have no mechanism of reporting an error, and mustn't continue,
so fatality is the only way out. (E.g. memory allocation failures.)
This addition is for those situations. Semantics of failure tests are very
different from normal tests:
- The test function must have the following prototype:
enum fatal_test_state test_fatal_things(int index);
- The index it will be called with starts at 0, and increments each time.
- It must call test_start() at the start of its first call.
- Apart from its final call, it must call a function it expects to trap the
fatal error handler. If that fails to trap, it must return FATAL_TEST_FAILURE
- After returning FATAL_TEST_FAILURE, it will continue to be called as normal.
- When there are no more tests to perform, it must clean up, call test_end()
and return FATAL_TEST_FINISHED. It will not be called again.
- If it detects errors in this protocol, it must not i_assert(), as that will
be treated as an expected fatal, it must return FATAL_TEST_ABORT. It will
then not be called again. It must not call test_end() in this case.
Timo Sirainen [Tue, 29 Jul 2014 14:27:24 +0000 (17:27 +0300)]
quota: Avoid assert-crash in Maildir++ quota if backend doesn't support control dirs.
We'll delay looking up the control dir until we've checked that the storage
is Maildir.
Timo Sirainen [Tue, 29 Jul 2014 10:58:10 +0000 (13:58 +0300)]
mbox: Fixed infinite looping and other incorrectness in istream-raw-mbox.
This was caused by the recent istream invalidation checks in
i_stream_get_data().
Phil Carmody [Mon, 28 Jul 2014 13:49:47 +0000 (16:49 +0300)]
lib-imap: imap-utf7 - reject encoded simple ASCII
"Modified BASE64 MUST NOT be used to represent any printing US-ASCII
character which can represent itself."
"The character "&" (0x26) is represented by the two-octet sequence "&-""
Therefore any mBASE64 sequence containing any character between 0x20 and
0x7e is invalid.
Phil Carmody [Mon, 28 Jul 2014 13:49:47 +0000 (16:49 +0300)]
lib-imap: imap-utf7 - reject bogus characters in the mUTF7
Only 0x20..0x7e are permitted, as "All other characters (octet values
0x00-0x1f and 0x7f-0xff) are represented in modified BASE64, ...".
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib-test: make internal helpers static
These functions should only be called from within test_run(), as some of the
test-suite sanity checks can be subvirted if these are exposed.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: compile time checks for buffer creation
Ensure the data buffer has as much space as the size parameter claims.
This uses the strictest test GCC provides - the smallest containing object,
and returning 0 for unknown size.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - start sentry checks immediately after the reserved buffer
Our sentries are written with byte-precision, no need to round up before
doing the checks.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - fix incorrect pointer comparison in t_try_realloc in DEBUG builds
When trying to work out if it's a valid realloc, we need to remember
that in DEBUG builds, we have hidden a size value (in a MEM_ALIGNED
space) before the pointer we return.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - fix realloc/lowwater bug
If DEBUG is enabled, then it can try to look past the low-water mark
as the low-water mark wasn't moved during successful reallocs. This
condition is detected, and causes a panic.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - pull common code out of if/else branches in t_malloc_real
Once the new block is set up nicely empty for use, it can be used exactly
like an old block that has enough space - so just merge the code paths.
(This changeset best viewed ignoring whitespace.)
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - reorder full current block code
Make the "enough space" and "block is full" branches in t_malloc_real
have the same code structure for parallelism. The 'block' variable is only
needed very locally, so shrink its scope, and avoid its use once it is
assigned to current_block, use that instead. Compacter readable expressions
have been favoured at the expense of longer lines (which will soon shrink).
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - helper macro for requested/allocated size
Rather than #if/#else/#endif around such calculations, or even
having the possibility to mistype such expressions, just extract
the calculation into a helper macro defined appropriately for
the DEBUG mode.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - disambiguate sizes in t_pop_verify
In DEBUG mode, the allocated size is bigger than the requested size, so
rename the variable to reflect its real meaning, and move it into a
tighter scope in the process.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: test-data-stack - too important a library not to be thrashed hard
OK, it's thrashed a bit by other tests such as aqueue, str, etc., but these
tests attempt to probe all corner cases given detailed knowledge of the
limits of the block/frame implementation.
At the moment, no realloc functionality is tested, as with DEBUG builds
they would fail very noisily.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: data-stack - enable tighter sanity checks on stack_block allocations
The canary doesn't have to be NULL. That's only effective if it will be read
and dereferenced as a pointer. If used as an integer, it's a perfectly boring
one, and not likely to draw attention to itself.
Once the canary is in place, at least in debug mode, we can check it in
every function as a sanity check.
Make our poison stand out from other poison used elsewhere in the code.
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: add rudementary statistics gathering to data-stack debugging
These currently just enhance the overly-large alloc_size warning
message in t_malloc_real() to show what the history of allocations
is. New warnings look like this:
Warning: Growing data stack by 32768 as 'test_run_funcs' reaches 16416 bytes from 202 allocations.
Future possible directions:
t_malloc_real() could be further modified to identify badly-behaved
regions of code that allocate lots of smaller blocks as it happens
(which might be noisy). t_pop() could be modified to detect such code
after it exits its block (so just one warning per instance of
misbehaviour).
Phil Carmody [Mon, 28 Jul 2014 13:45:33 +0000 (16:45 +0300)]
lib: add identifying markers to data-stack frames
Add a string parameter to t_push() so that in DEBUG mode,
misbehaviour inside a stack level can be blamed on someone.
Default the T_BEGIN macro to automatigally use __FUNCTION__ or
__FILE__:__LINE__ as that identifier, therefore no clients of
those macros need to change.
ioloop used t_push() directly as it wanted customised diagnostic
strings. To preserve this friendliness, also introduce a t_push_named()
which takes a format string with paramters.
Apart from the unused paramter, a non-DEBUG build should see no
changes.
Timo Sirainen [Mon, 28 Jul 2014 12:14:17 +0000 (15:14 +0300)]
lib-storage: Don't allow '/' for filesystem based mailbox list backends if their internal separator isn't '/'.
Basically this means that Maildir++ shouldn't be allowed to create mailboxes
with '/' in the name.
Timo Sirainen [Fri, 11 Jul 2014 09:10:02 +0000 (12:10 +0300)]
lib: Added fd=-1 assert to i_close_fd() macro.
This way we'll see clearly where it fails, instead of just seeing assert in
close_keep_errno() without an easy way to see where it crashed.
projects / thirdparty / dovecot / core.git / log
