Timo Sirainen [Thu, 12 Jun 2014 22:30:14 +0000 (01:30 +0300)]
lib-storage: Fixed parsing corrupted mailbox list index header.
Duplicate IDs should have caused an error instead of being silently ignored.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 22:20:25 +0000 (01:20 +0300)]
lib-otp: OTP_MAX_WORD_LEN wasn't actually enforced, any word lengths could have been used.
Doesn't look like this could have caused any real problems.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 22:11:24 +0000 (01:11 +0300)]
fts: Improved doveadm fts dump for corrupted expunge log
Although we may still be trying to allocate up to 2 GB of memory, but at
least no more than that now.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 22:02:48 +0000 (01:02 +0300)]
lib: Fixed file_dotlock_replace(flags=DOTLOCK_REPLACE_FLAG_VERIFY_OWNER|DOTLOCK_REPLACE_FLAG_DONT_CLOSE_FD)
The verification check failed because fd was already set to -1 by that time.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 21:51:44 +0000 (00:51 +0300)]
imapc: Avoid crashing if server happens to send invalid resp-text-codes.
If [KEY VALUE] is missing the VALUE, just set it to "" instead of NULL.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 21:30:27 +0000 (00:30 +0300)]
auth: Invalid userdb passwd-file and userdb templates may have caused crashes.
Using just "key" parameter instead of "key=value" usually worked, but for
some keys the code assumed that there was a value and it dereferenced NULL.
We'll solve this by just using value="" instead of value=NULL.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 21:09:23 +0000 (00:09 +0300)]
lib: Changed net_geterror() to return errno instead of -1 if getsockopt() fails.
None of the callers were actually checking for the -1 error value but
instead just passing it to strerror(). Since this error should just about
never happen it's better to just return a usable return value than try to
remember to handle errors that can't normally even happen.
Found by Coverity
Timo Sirainen [Thu, 12 Jun 2014 20:16:40 +0000 (23:16 +0300)]
configure: Don't actually run the test to see if inotify works.
It's definitely no longer needed in modern Linux systems and the test itself
can also unintentionally fail sometimes.
Timo Sirainen [Thu, 12 Jun 2014 09:51:34 +0000 (12:51 +0300)]
lib: Changed hash_table_remove() "key not found" panic to be in a macro itself.
This makes it much easier to find out where such crashes are coming from.
Since this breaks the ABI in such a many places the ABI version number was
increased immediately..
Phil Carmody [Mon, 9 Jun 2014 20:02:52 +0000 (23:02 +0300)]
lib: fix numpack overflow checking
As on broken input, bits may grow without limit, so << bits becomes
Undefined Behaviour. Add a simple check to the while loop to prevent
this.
Also, the (presumably) final byte adds something to the bit length,
so include that in the tally. If we didn't get to a final byte due
to the above while() condition, then this extra addition does no harm
Now we can precisely check for overflow conditions. Note that 64 bits
is perfectly OK, only 65+ is an overflow.
Note - no longer moving *p if there was a decode error.
Expand the test suite to check for overflow cases. Also checked for
short-input cases too, while I was there.
Phil Carmody [Mon, 9 Jun 2014 20:02:52 +0000 (23:02 +0300)]
lib-test: test_assert helper for loops
If you're repeatedly testing the same expression in a loop, it's
good to know where you are in the loop. Add an additional parameter
for these cases.
Phil Carmody [Mon, 9 Jun 2014 20:02:52 +0000 (23:02 +0300)]
lib: bit twiddles
bits_requiredXX() gives the number of bits required to store an unsigned
integer. Here, XX is 8, 16, 32, 64, reperesenting the size of the operand.
It belongs in the same file as nearest_power(), which makes most sense
in a separate bit twiddles file. Universal enough to stay in lib.h by
inclusion.
Phil Carmody [Mon, 9 Jun 2014 19:59:59 +0000 (22:59 +0300)]
lib: Fix MEM_ALIGN to cope with huge allocations
Attempting to allocate 2^32+1 bytes will look like it succeeds, as MEM_ALIGN
will set alloc_size = 8. The caller will then think it's got 4 gig to play
with.
e.g. t_malloc0 will wipe vast areas of memory before segfaulting, which might
include useful information we'd like in a corefile.
Timo Sirainen [Mon, 9 Jun 2014 19:53:16 +0000 (22:53 +0300)]
lib-index: modseq -> {log file, offset} lookup often ignored dovecot.index.log.2
This caused the code to think that the modseq was too old and fall back into
slower sync.
So this change should fix the dsync "Modseq .. nom longer in transaction
log" warnings as well as improve IMAP QRESYNC efficiency.
Timo Sirainen [Mon, 9 Jun 2014 15:15:51 +0000 (18:15 +0300)]
lib: Added some kind of a unit test for hash table.
Just try out some insert+deletes randomly. Mainly I wrote this to check if
there is some obvious problem, but looks like not.
Timo Sirainen [Mon, 9 Jun 2014 12:11:50 +0000 (15:11 +0300)]
lib-ssl-iostream: Implement get_used_size() method.
Previously we were always returning that we didn't have anything buffered,
which could have caused huge memory usage (or malloc failures) with its
users (e.g. dsync).
Timo Sirainen [Thu, 5 Jun 2014 10:43:11 +0000 (13:43 +0300)]
lib-storage: Mailbox list index updating didn't check properly if modseq tracking is enabled.
mail_index_modseq_enable() can be enabled (e.g. by virtual plugin) without
enabling MAILBOX_FEATURE_CONDSTORE.
(Actually the MAILBOX_FEATURE_* probably should be removed from lib-storage
entirely. They're too much of an IMAP feature.)
Timo Sirainen [Thu, 5 Jun 2014 10:38:36 +0000 (13:38 +0300)]
maildir: Mailbox list index refreshing shouldn't check cur/new dirs with maildir_very_dirty_syncs=yes
The recent mailbox_list_index_very_dirty_syncs change broke this. Just
because maildir_very_dirty_syncs=yes, it doesn't mean that
mailbox_list_index_very_dirty_syncs=yes also.
Timo Sirainen [Thu, 5 Jun 2014 08:30:19 +0000 (11:30 +0300)]
*-login: Flush SSL output when logging out.
The BYE and LOGOUT replies weren't being sent when they were sent from
imap-login process (before logging in).
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: make uid_lookup_idx hold a sequence number, not a 0-based C array index
Rename it to _seq, and make it hold values 1.. rather than 0.. . Several
uses of the value are simplified by this change, and none are made more
confusing, so I think it helps improve maintainability of the code.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: use _REC_AT_SEQ not _MAP_IDX in view_sync_get_log_lost_changes
Shifting i and j up by one to use in the new macro means we don't
need the +1's in the calls to view_sync_apply_lost_changes and
mail_index_map_lookup_keywords. Rename them as seq variables too.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: use _REC_AT_SEQ not _MAP_IDX in loops over every record
Just change the loop bounds from [0..count) to [1..count], and make the
loop variale explicitly a seq.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: trivial robomatic migration from _MAP_IDX to new helper
All users which have a '-1' in their MAIL_INDEX_MAP_IDX have been changed
to the new mail_index_rec_at_seq() helper using this sed script:
$ sed -ie 's/MAIL_INDEX_MAP_IDX(\([^,]*[^)]*[^ ]\) \?- \?1)/MAIL_INDEX_REC_AT_SEQ(\1)/' src/lib-index/*.[ch]
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: new helper macro with more user-friendly semantics
As the record ids range from 1..records_count, but the data is
stored as if in a C-style 0-based array, current clients of
MAIL_INDEX_MAP_IDX() must subtract 1 from the index themselved.
New MAIL_INDEX_REC_AT_SEQ() macro does the subtraction for you,
it gives you (the address of) the record from a seq number.
Uglified users of the former will be migrated to the latter.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: optimise memmoves in expunge, only move each region once
Rather than shifting things back and back and back with potentially O(N^2)
(more precisely O(count*rec_count')) work factor, move each slice of memory
only once, directly where we want it to end up (O(rec_count') work factor).
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: trivial paranoia check in expunge loop
We will later be moving the zone between the current seqs and the
(end of the) previous seqs - this check ensures that the range is
indeed monotonic, and thus that zone is positive in size. It can
be zero right at the start, if the first seqs is (1,...)
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: Preparatory HACK - reverse the loop order in the expunge
This is the final step before the actual optimisation of the memmoves.
HACK, as it it de-optimises the moves so as much as possible gets moved
as many times as possible. It clears the path for a later patch which
optimises them far better.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: explicitly inline contents of sync_expunge()
To later optimise the memmoves, we will need to be aware of previous seqs.
It's easier to just have the guts inlined, so too much state doesn't need
to be passed around.
For review, this change is best viewed with a whitespace-insensitive diff,
to verify that the new contents of the loop are identical to the contents of
the now-absorbed function.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: call all expunge handlers first
Firstly, the init checking only needs to be done once. More importantly,
moving this preparatory stage into its own per-seqs loop means there's
less to juggle when we optimise the memmoving loop in subequent patches.
Phil Carmody [Mon, 2 Jun 2014 11:50:34 +0000 (14:50 +0300)]
mail-index: move expunge handler init into helper function
Preparatory for later optimisation patches where the call to this will
be lifted out of the expunge(seq1,seq2) inner function and done once
for the whole range of seqs in one go.
Timo Sirainen [Mon, 2 Jun 2014 01:16:08 +0000 (04:16 +0300)]
director: If we detect that a user is being proxied to multiple backends, disconnect wrong connections.
Especially IMAP connections can otherwise stay alive for a long time and
cause problems.
Timo Sirainen [Wed, 28 May 2014 01:20:58 +0000 (04:20 +0300)]
lib-storage: "Message has no NUL characters" flag was being set wrong to cache file.
Only the first MIME part was checked for its existence.
When this flag was wrong, IMAP FETCH may have returned NUL characters
instead of converting them to 0x80 character. This apparently caused Outlook
to hang.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
auth: checkpassword callback callback type bike-shedding
This change doesn't change the compiler's (gcc) view on the correctness of
the code. It moves sparse's attention of where the potential issues are
though. Sparse used to complain about dodgy function pointer conversions on
both the way out (passing the callback function pointer), and on the way in
(entering the callback). Making the callback not lie about what it receives
gets rid of the way in warnings, but adds warnings as we pass the new
function pointer out. However, it already complains about that call anyway.
So it complains about 6 things in 3 functions rather than 6 things in 6
functions.
Of dubious worth, but it at least reduces the number of lines you need to
inspect to verify correctness.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
imap: use human-readable helper macro in remote_ip_is_usable
More readable, but helpfully shuts up sparse which complained about some
constants being long.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
imap: cmd_getmetadata_stream_continue returns bool, not int
The behaviour is unchanged, but we shouldn't pretend that -1 is different
from TRUE in a boolean context. Its only caller only cares about whether
it's 0 or not.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
indexer: fix indexer_queue_cancel_all behaviour
-1 is TRUE. Presumably -1 was intended to be passed to the callbacks via
indexer_queue_request_status_int(), not 100.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
auth: master-connection - bail on malformed list
If master is not communicating to us in a syntax we understand, just ask for
it to be unplugged. This changes the behaviour in this error case.
Previously, we returned -1, which is TRUE when converted to a boolean, and
thus this changes the error semantics, and may be horribly wrong. However,
the i_error()s in auth_master_input_line follow the same pattern.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
auth: set_credentials callback being passed an enum, not a bool
This changes the behaviour, as the error case is now mapped onto FALSE.
All non-zero values of course get squashed into true. Found by sparse.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
lib-otp: cast to the correct type of function pointer
sparse complains about the result of the F() cast being the wrong type
for the initialisation, which is true. So just cast to the right type
in the first place.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
imap: fix missing-command check
It's impossible for the command's pointer to be NULL at this point.
Previously, the command_find() would have returned NULL, but this check
presumably short-circuits that search in the trivial case, so has some
real use.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
auth: sparse static cleanup, and some const cleanup
All the consts that are added to pointers represent deep const semantics.
There are other shallow consts that I've not added, as sometimes it's
better to not be const than have something you rely on change when you
think it won't.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
lib: pair VA_COPY with va_end
A va_copy creates a initialised va_list, as if a va_start had been done on it.
Therefore, pedantically, a va_end should also be done on it. On most platforms
this is a no-op, and for those where it isn't, the pairing is important.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
fts: parser-html - parser can fail on attributes='with values in single quotes'
If that value were to contain an odd number of double quotes, then the
HTML_STATE_TAG_(D)QUOTED state would be entered and not exited.
The two quoting types behave basically the same, so just add two new cases
and duplicate the state transition code.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
fts: parser-html - parse_tag_name returns wrong value for comments
This function returns 1 more than the number of additional
characters to be swallowed up by the state transition.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
fts: parser-html - parse_tag_name really does return an integer not a bool
It seems to return 1 more than the number of additional characters
(after '<') are swallowed up by the state change, not a bool. This
would imply that '3' is wrong.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
lib-storage: functions returning bool actually return ints
Their return values are compared as if they are at least tri-state
(-ve, 0, +ve), so really aren't bools at all.
Note - this should cause the code to change in behaviour, and thus might
introduce regressions as previously all non-zeroes would have been mapped
to 1.
Phil Carmody [Tue, 27 May 2014 18:17:34 +0000 (21:17 +0300)]
lib-storage: context's dotlock_last_stale really is bool
It's only ever read as if it's a bool, so it really is a bool. Fix a write
treating it as an int.
Timo Sirainen [Thu, 22 May 2014 01:12:05 +0000 (18:12 -0700)]
lib-storage: Added mailbox_list_index_very_dirty_syncs setting.
This setting assumes that the mailbox list index is up to date and uses it
without stat()ing backend mailbox files/dirs. (As a possible future TODO it
might be useful to still do the stat()ing, but only rarely.)
Timo Sirainen [Thu, 15 May 2014 20:41:55 +0000 (23:41 +0300)]
lib-imap: Use case-insensitive comparisons everywhere for imap_id_send setting parsing.
"os" and "os-version" were case-sensitive while others were not.
Patch by Apple.
projects / thirdparty / dovecot / core.git / log
