From: Wietse Venema Date: Tue, 11 Sep 2007 05:00:00 +0000 (-0500) Subject: postfix-2.5-20070911 X-Git-Tag: v2.5.0-RC1~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b357c4824525258b329b5f2028053300b5772ad0;p=thirdparty%2Fpostfix.git postfix-2.5-20070911 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 06f5b7cbf..8c7acdf96 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13693,3 +13693,22 @@ Apologies for any names omitted. delivery agent performs final delivery. This changes the status in DSN "success" messages from "relayed" into "delivered". File: pipe/pipe.c. + +20070904-6 + + Feature: stress-adaptive behavior. When a "public" network + service runs into an "all processes are busy" condition, + the master(8) daemon logs a warning, restarts the service, + and runs it with "-o stress=yes" on the command line (normally + it runs the service with "-o stress="). This can be used + to make main.cf parameter settings stress dependent. + Examples: "smtpd_timeout = ${stress?10}${stress:300}" and + "smtpd_hard_error_limit = ${stress?1}${stress:20}". Files: + master/master_avail.c, master/master_spawn.c, master/master_ent.c. + +20070911 + + Bugfix (introduced Postfix 2.2.11): certificate with + unparsable canonical name caused the SMTPD policy client + to allocate zero-length memory, triggering an assertion + that it shouldn't do such things. File: smtpd/smtpd_check.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 69d2600ab..7a6526d90 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -17,6 +17,27 @@ Incompatibility with Postfix 2.3 and earlier If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4 before proceeding. +Major changes with Postfix snapshot 20070911 +============================================ + +Stress-adaptive behavior. When a "public" network service runs into +an "all processes are busy" condition, the master(8) daemon logs a +warning, restarts the service, and runs it with "-o stress=yes" on +the command line (under normal conditions it runs the service with +"-o stress=" on the command line). This can be used to make main.cf +parameter settings stress dependent, for example: + +/etc/postfix/main.cf: + smtpd_timeout = ${stress?10}${stress:300} + smtpd_hard_error_limit = ${stress?1}${stress:20} + +Translation: under conditions of stress, use an smtpd_timeout value +of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 +instead of 20. The syntax is explained in the postconf(5) manpage. + +This feature needs further configuration and documentation, but is +already useful in its present form. + Major changes with Postfix snapshot 20070724 ============================================ diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index 61d865ca5..539ef320f 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -122,67 +122,69 @@ PIPE(8) PIPE(8) tus notification) messages, and changes it from "relayed" into "delivered". + This feature is available as of Postfix 2.5. + h Fold the command-line $recipient address domain part (text to the right of the right- - most @ character) to lower case; fold the + most @ character) to lower case; fold the entire command-line $domain and $nexthop - host or domain information to lower case. + host or domain information to lower case. This is recommended for delivery via UUCP. - q Quote white space and other special charac- + q Quote white space and other special charac- ters in the command-line $sender and $recip- ient address localparts (text to the left of the right-most @ character), according to an - 8-bit transparent version of RFC 822. This - is recommended for delivery via UUCP or + 8-bit transparent version of RFC 822. This + is recommended for delivery via UUCP or BSMTP. - The result is compatible with the address - parsing of command-line recipients by the + The result is compatible with the address + parsing of command-line recipients by the Postfix sendmail(1) mail submission command. - The q flag affects only entire addresses, + The q flag affects only entire addresses, not the partial address information from the - $user, $extension or $mailbox command-line + $user, $extension or $mailbox command-line macros. u Fold the command-line $recipient address - localpart (text to the left of the right- - most @ character) to lower case. This is + localpart (text to the left of the right- + most @ character) to lower case. This is recommended for delivery via UUCP. . Prepend "." to lines starting with ".". This is needed by, for example, BSMTP software. - > Prepend ">" to lines starting with "From ". + > Prepend ">" to lines starting with "From ". This is expected by, for example, UUCP soft- ware. null_sender=replacement (default: MAILER-DAEMON) Replace the null sender address (typically used for - delivery status notifications) with the specified + delivery status notifications) with the specified text when expanding the $sender command-line macro, and when generating a From_ or Return-Path: message header. - If the null sender replacement text is a non-empty - string then it is affected by the q flag for + If the null sender replacement text is a non-empty + string then it is affected by the q flag for address quoting in command-line arguments. The null sender replacement text may be empty; this - form is recommended for content filters that feed + form is recommended for content filters that feed mail back into Postfix. The empty sender address is - not affected by the q flag for address quoting in + not affected by the q flag for address quoting in command-line arguments. Caution: a null sender address is easily mis-parsed - by naive software. For example, when the pipe(8) + by naive software. For example, when the pipe(8) daemon executes a command such as: command -f$sender -- $recipient (bad) the command will mis-parse the -f option value when - the sender address is a null string. For correct + the sender address is a null string. For correct parsing, specify $sender as an argument by itself: command -f $sender -- $recipient (good) @@ -190,240 +192,240 @@ PIPE(8) PIPE(8) This feature is available as of Postfix 2.3. size=size_limit (optional) - Don't deliver messages that exceed this size limit + Don't deliver messages that exceed this size limit (in bytes); return them to the sender instead. user=username (required) user=username:groupname Execute the external command with the rights of the - specified username. The software refuses to exe- - cute commands with root privileges, or with the - privileges of the mail system owner. If groupname - is specified, the corresponding group ID is used + specified username. The software refuses to exe- + cute commands with root privileges, or with the + privileges of the mail system owner. If groupname + is specified, the corresponding group ID is used instead of the group ID of username. argv=command... (required) - The command to be executed. This must be specified + The command to be executed. This must be specified as the last command attribute. The command is exe- cuted directly, i.e. without interpretation of - shell meta characters by a shell command inter- + shell meta characters by a shell command inter- preter. In the command argument vector, the following macros are recognized and replaced with correspond- - ing information from the Postfix queue manager + ing information from the Postfix queue manager delivery request. - In addition to the form ${name}, the forms $name - and $(name) are also recognized. Specify $$ where + In addition to the form ${name}, the forms $name + and $(name) are also recognized. Specify $$ where a single $ is wanted. ${client_address} This macro expands to the remote client net- work address. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${client_helo} This macro expands to the remote client HELO command parameter. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${client_hostname} - This macro expands to the remote client + This macro expands to the remote client hostname. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${client_protocol} This macro expands to the remote client pro- tocol. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${domain} - This macro expands to the domain portion of + This macro expands to the domain portion of the recipient address. For example, with an - address user+foo@domain the domain is + address user+foo@domain the domain is domain. - This information is modified by the h flag + This information is modified by the h flag for case folding. - This is available in Postfix 2.5 and later. + This is available in Postfix 2.5 and later. ${extension} - This macro expands to the extension part of - a recipient address. For example, with an + This macro expands to the extension part of + a recipient address. For example, with an address user+foo@domain the extension is foo. - A command-line argument that contains - ${extension} expands into as many command- + A command-line argument that contains + ${extension} expands into as many command- line arguments as there are recipients. - This information is modified by the u flag + This information is modified by the u flag for case folding. ${mailbox} - This macro expands to the complete local - part of a recipient address. For example, - with an address user+foo@domain the mailbox + This macro expands to the complete local + part of a recipient address. For example, + with an address user+foo@domain the mailbox is user+foo. - A command-line argument that contains - ${mailbox} expands to as many command-line + A command-line argument that contains + ${mailbox} expands to as many command-line arguments as there are recipients. - This information is modified by the u flag + This information is modified by the u flag for case folding. ${nexthop} This macro expands to the next-hop hostname. - This information is modified by the h flag + This information is modified by the h flag for case folding. ${recipient} This macro expands to the complete recipient address. - A command-line argument that contains + A command-line argument that contains ${recipient} expands to as many command-line arguments as there are recipients. - This information is modified by the hqu + This information is modified by the hqu flags for quoting and case folding. ${sasl_method} - This macro expands to the SASL authentica- - tion mechanism used during the reception of - the message. An empty string is passed if - the message has been received without SASL + This macro expands to the SASL authentica- + tion mechanism used during the reception of + the message. An empty string is passed if + the message has been received without SASL authentication. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${sasl_sender} - This macro expands to the SASL sender name - (i.e. the original submitter as per RFC - 4954) used during the reception of the mes- + This macro expands to the SASL sender name + (i.e. the original submitter as per RFC + 4954) used during the reception of the mes- sage. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${sasl_username} - This macro expands to the SASL user name + This macro expands to the SASL user name used during the reception of the message. An - empty string is passed if the message has + empty string is passed if the message has been received without SASL authentication. - This is available in Postfix 2.2 and later. + This is available in Postfix 2.2 and later. ${sender} - This macro expands to the envelope sender + This macro expands to the envelope sender address. By default, the null sender address - expands to MAILER-DAEMON; this can be - changed with the null_sender attribute, as + expands to MAILER-DAEMON; this can be + changed with the null_sender attribute, as described above. - This information is modified by the q flag + This information is modified by the q flag for quoting. ${size} - This macro expands to Postfix's idea of the - message size, which is an approximation of + This macro expands to Postfix's idea of the + message size, which is an approximation of the size of the message as delivered. ${user} This macro expands to the username part of a - recipient address. For example, with an + recipient address. For example, with an address user+foo@domain the username part is user. - A command-line argument that contains - ${user} expands into as many command-line + A command-line argument that contains + ${user} expands into as many command-line arguments as there are recipients. - This information is modified by the u flag + This information is modified by the u flag for case folding. STANDARDS RFC 3463 (Enhanced status codes) DIAGNOSTICS - Command exit status codes are expected to follow the con- - ventions defined in <sysexits.h>. Exit status 0 means + Command exit status codes are expected to follow the con- + ventions defined in <sysexits.h>. Exit status 0 means normal successful completion. - Postfix version 2.3 and later support RFC 3463-style - enhanced status codes. If a command terminates with a - non-zero exit status, and the command output begins with + Postfix version 2.3 and later support RFC 3463-style + enhanced status codes. If a command terminates with a + non-zero exit status, and the command output begins with an enhanced status code, this status code takes precedence over the non-zero exit status. - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager + Problems and transactions are logged to syslogd(8). Cor- + rupted message files are marked so that the queue manager can move them to the corrupt queue for further inspection. SECURITY - This program needs a dual personality 1) to access the - private Postfix queue and IPC mechanisms, and 2) to exe- + This program needs a dual personality 1) to access the + private Postfix queue and IPC mechanisms, and 2) to exe- cute external commands as the specified user. It is there- fore security sensitive. CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as pipe(8) - processes run for only a limited amount of time. Use the + Changes to main.cf are picked up automatically as pipe(8) + processes run for only a limited amount of time. Use the command "postfix reload" to speed up a change. - The text below provides only a parameter summary. See + The text below provides only a parameter summary. See postconf(5) for more details including examples. RESOURCE AND RATE CONTROLS - In the text below, transport is the first field in a mas- + In the text below, transport is the first field in a mas- ter.cf entry. transport_destination_concurrency_limit ($default_destina- tion_concurrency_limit) Limit the number of parallel deliveries to the same - destination, for delivery via the named transport. + destination, for delivery via the named transport. The limit is enforced by the Postfix queue manager. transport_destination_recipient_limit ($default_destina- tion_recipient_limit) - Limit the number of recipients per message deliv- - ery, for delivery via the named transport. The + Limit the number of recipients per message deliv- + ery, for delivery via the named transport. The limit is enforced by the Postfix queue manager. transport_time_limit ($command_time_limit) - Limit the time for delivery to external command, + Limit the time for delivery to external command, for delivery via the named transport. The limit is enforced by the pipe delivery agent. - Postfix 2.4 and later support a suffix that speci- - fies the time unit: s (seconds), m (minutes), h + Postfix 2.4 and later support a suffix that speci- + fies the time unit: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is seconds. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal + The maximal number of digits after the decimal point when logging sub-second delay values. export_environment (see 'postconf -d' output) - The list of environment variables that a Postfix + The list of environment variables that a Postfix process will export to non-Postfix processes. ipc_timeout (3600s) @@ -435,25 +437,25 @@ PIPE(8) PIPE(8) and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. recipient_delimiter (empty) @@ -464,8 +466,8 @@ PIPE(8) PIPE(8) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". SEE ALSO @@ -477,7 +479,7 @@ PIPE(8) PIPE(8) syslogd(8), system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 370491807..8f4fa8535 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -115,6 +115,8 @@ Indicate that the external command performs final delivery. This flag affects the status reported in "success" DSN (delivery status notification) messages, and changes it from "relayed" into "delivered". +.sp +This feature is available as of Postfix 2.5. .IP \fBh\fR Fold the command-line \fB$recipient\fR address domain part (text to the right of the right-most \fB@\fR character) to diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 193f17bd4..19fd0c0c9 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20070824" +#define MAIL_RELEASE_DATE "20070911" #define MAIL_VERSION_NUMBER "2.5" #ifdef SNAPSHOT diff --git a/postfix/src/master/Makefile.in b/postfix/src/master/Makefile.in index d8230c1b7..15a547777 100644 --- a/postfix/src/master/Makefile.in +++ b/postfix/src/master/Makefile.in @@ -130,6 +130,7 @@ master_ent.o: ../../include/host_port.h master_ent.o: ../../include/inet_addr_host.h master_ent.o: ../../include/inet_addr_list.h master_ent.o: ../../include/iostuff.h +master_ent.o: ../../include/mail_conf.h master_ent.o: ../../include/mail_params.h master_ent.o: ../../include/mail_proto.h master_ent.o: ../../include/msg.h @@ -189,6 +190,7 @@ master_sig.o: master_sig.c master_spawn.o: ../../include/argv.h master_spawn.o: ../../include/binhash.h master_spawn.o: ../../include/events.h +master_spawn.o: ../../include/mail_conf.h master_spawn.o: ../../include/msg.h master_spawn.o: ../../include/mymalloc.h master_spawn.o: ../../include/sys_defs.h diff --git a/postfix/src/master/master.h b/postfix/src/master/master.h index 8470a189d..0ed354d28 100644 --- a/postfix/src/master/master.h +++ b/postfix/src/master/master.h @@ -47,6 +47,8 @@ typedef struct MASTER_SERV { int max_proc; /* upper bound on # processes */ char *path; /* command pathname */ struct ARGV *args; /* argument vector */ + char *stress_param_val; /* stress value: "yes" or empty */ + time_t stress_expire_time; /* stress pulse stretcher */ int avail_proc; /* idle processes */ int total_proc; /* number of processes */ int throttle_delay; /* failure recovery parameter */ diff --git a/postfix/src/master/master_avail.c b/postfix/src/master/master_avail.c index b697d9240..6008ca19f 100644 --- a/postfix/src/master/master_avail.c +++ b/postfix/src/master/master_avail.c @@ -26,6 +26,10 @@ /* available process, or this module causes a new process to be /* created to service the request. /* +/* When the service runs out of process slots, a warning is logged. +/* When the service is eligible for stress-mode operation, servers +/* are restarted and new servers are created with stress mode enabled. +/* /* master_avail_listen() ensures that someone monitors the service's /* listen socket for connection requests (as long as resources /* to handle connection requests are available). This function may @@ -76,6 +80,7 @@ static void master_avail_event(int event, char *context) { MASTER_SERV *serv = (MASTER_SERV *) context; + time_t now; int n; if (event == 0) /* XXX Can this happen? */ @@ -84,6 +89,30 @@ static void master_avail_event(int event, char *context) for (n = 0; n < serv->listen_fd_count; n++) event_disable_readwrite(serv->listen_fd[n]); } else { + + /* + * When all servers for a public internet service are busy, we start + * creating server processes with "-o stress=yes" on the command + * line, and keep creating such processes until the process count is + * below the limit for at least 1000 seconds. This provides a minimal + * solution that can be adopted into legacy and stable Postfix + * releases. + * + * This is not the right place to update serv->stress_param_val in + * response to stress level changes. Doing so would would contaminate + * the "postfix reload" code with stress management implementation + * details, creating a source of future bugs. Instead, we update + * simple counters or flags here, and use their values to determine + * the proper serv->stress_param_val value when exec-ing a server + * process. + */ + if (serv->stress_param_val != 0 + && !MASTER_LIMIT_OK(serv->max_proc, serv->total_proc + 1)) { + now = event_time(); + if (serv->stress_expire_time < now) + master_restart_service(serv); + serv->stress_expire_time = now + 1000; + } master_spawn(serv); } } @@ -120,6 +149,9 @@ void master_avail_listen(MASTER_SERV *serv) serv->ext_name, serv->name, serv->max_proc); msg_warn("to avoid this condition, increase the process count " "in master.cf or reduce the service time per client"); + if (serv->stress_param_val) + msg_warn("see http://www.postfix.org/STRESS_README.html for " + "examples of stress-adapting configuration settings"); } } } diff --git a/postfix/src/master/master_conf.c b/postfix/src/master/master_conf.c index 55ab4e929..98f7f73d3 100644 --- a/postfix/src/master/master_conf.c +++ b/postfix/src/master/master_conf.c @@ -134,6 +134,7 @@ void master_config(void) SWAP(char *, serv->ext_name, entry->ext_name); SWAP(char *, serv->path, entry->path); SWAP(ARGV *, serv->args, entry->args); + SWAP(char *, serv->stress_param_val, entry->stress_param_val); master_restart_service(serv); free_master_ent(entry); } diff --git a/postfix/src/master/master_ent.c b/postfix/src/master/master_ent.c index 82db2f0c9..5eb60f545 100644 --- a/postfix/src/master/master_ent.c +++ b/postfix/src/master/master_ent.c @@ -94,6 +94,7 @@ #include #include #include +#include /* Local stuff. */ @@ -511,6 +512,14 @@ MASTER_SERV *get_master_ent() argv_add(serv->args, "-u", (char *) 0); if (chroot) argv_add(serv->args, "-c", (char *) 0); + if ((serv->flags & MASTER_FLAG_LOCAL_ONLY) == 0) { + argv_add(serv->args, "-o", "stress=" CONFIG_BOOL_YES, (char *) 0); + serv->stress_param_val = + serv->args->argv[serv->args->argc - 1] + sizeof("stress=") - 1; + serv->stress_param_val[0] = 0; + } else + serv->stress_param_val = 0; + serv->stress_expire_time = 0; if (serv->listen_fd_count > 1) argv_add(serv->args, "-s", vstring_str(vstring_sprintf(junk, "%d", serv->listen_fd_count)), diff --git a/postfix/src/master/master_spawn.c b/postfix/src/master/master_spawn.c index 672a9ba2a..fadf90f2e 100644 --- a/postfix/src/master/master_spawn.c +++ b/postfix/src/master/master_spawn.c @@ -70,6 +70,10 @@ #include #include +/* Global library. */ + +#include + /* Application-specific. */ #include "master_proto.h" @@ -177,6 +181,10 @@ void master_spawn(MASTER_SERV *serv) * connection and run the requested command. Leave child stderr * alone. Disable exit handlers: they should be executed by the * parent only. + * + * When we reach the process limit on a public internet service, we + * create stress-mode processes until the process count stays below + * the limit for some amount of time. See master_avail_listen(). */ case 0: msg_cleanup((void (*) (void)) 0); /* disable exit handler */ @@ -216,6 +224,8 @@ void master_spawn(MASTER_SERV *serv) vstring_sprintf(env_gen, "%s=%o", MASTER_GEN_NAME, master_generation); if (putenv(vstring_str(env_gen)) < 0) msg_fatal("%s: putenv: %m", myname); + if (serv->stress_param_val && serv->stress_expire_time > event_time()) + serv->stress_param_val[0] = CONFIG_BOOL_YES[0]; execvp(serv->path, serv->args->argv); msg_fatal("%s: exec %s: %m", myname, serv->path); diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index 1e87b7948..07696f50c 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -105,6 +105,8 @@ /* This flag affects the status reported in "success" DSN /* (delivery status notification) messages, and changes it /* from "relayed" into "delivered". +/* .sp +/* This feature is available as of Postfix 2.5. /* .IP \fBh\fR /* Fold the command-line \fB$recipient\fR address domain part /* (text to the right of the right-most \fB@\fR character) to diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index 6089f093f..870c168b5 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -901,7 +901,8 @@ static void smtp_connect_remote(SMTP_STATE *state, const char *nexthop, } smtp_cleanup_session(state); } else { - msg_info("%s (port %d)", STR(why->reason), ntohs(port)); + /* The reason already includes the IP address and TCP port. */ + msg_info("%s", STR(why->reason)); } /* Insert: test if we must skip the remaining MX hosts. */ } diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 6a3e14351..ec9d7a911 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -3328,7 +3328,7 @@ static int check_policy_service(SMTPD_STATE *state, const char *server, coded_CN_buf = 0; \ coded_CN = ""; \ } else { \ - coded_CN_buf = vstring_alloc(strlen(CN)); \ + coded_CN_buf = vstring_alloc(strlen(CN) + 1); \ xtext_quote(coded_CN_buf, CN, ""); \ coded_CN = STR(coded_CN_buf); \ } \