From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 17 Dec 2008 11:58:32 +0000 (+0100)
Subject: There is a deadlock situation when ud-mailgate gets a mail claiming to be from
X-Git-Tag: userdir-ldap-0.3.56
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=00994f78b1ff7fcd9481a3fd1559f1a77157adbb

There is a deadlock situation when ud-mailgate gets a mail claiming to be from
itself:
 - ud-mailgate opens and locks the replay cache
 - verification of the mail fails for whatever reason
 - a reply is sent (to itself)
 - exim tries to deliver the mail by directly calling ud-mailgate
 - ud-mailgate tries to acquire the lock -> deadlock
Fix this by changing when we open the replay cache, and unlock it as soon as we
are done.
---

diff --git a/debian/changelog b/debian/changelog
index d444941..5430cfc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+userdir-ldap (0.3.56) unstable; urgency=low
+
+  * There is a deadlock situation when ud-mailgate gets a mail claiming
+    to be from itself:
+    - ud-mailgate opens and locks the replay cache
+    - verification of the mail fails for whatever reason
+    - a reply is sent (to itself)
+    - exim tries to deliver the mail by directly calling ud-mailgate
+    - ud-mailgate tries to acquire the lock -> deadlock
+    Fix this by changing when we open the replay cache, and unlock it
+    as soon as we are done.
+
+ -- Peter Palfrader <weasel@debian.org>  Wed, 17 Dec 2008 12:54:10 +0100
+
 userdir-ldap (0.3.55) unstable; urgency=low
 
   [ Joey Schulze ]
diff --git a/ud-mailgate b/ud-mailgate
index 1c9f998..a3a21a8 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -668,8 +668,6 @@ try:
    # Startup the replay cache
    ErrType = EX_TEMPFAIL;
    ErrMsg = "Failed to initialize the replay cache:";
-   RC = ReplayCache(ReplayCacheFile);
-   RC.Clean();
 
    # Get the email 
    ErrType = EX_PERMFAIL;
@@ -704,12 +702,6 @@ try:
    else:
       PlainText = Res[3];   
 
-   # Check the signature against the replay cache
-   ErrMsg = "The replay cache rejected your message. Check your clock!";
-   Rply = RC.Check(Res[1]);
-   if Rply != None:
-      raise Error, Rply;
-
    # Connect to the ldap server
    ErrType = EX_TEMPFAIL;
    ErrMsg = "An error occured while performing the LDAP lookup";
@@ -726,7 +718,17 @@ try:
    if len(Attrs) != 1:
       raise Error, "Oddly your key fingerprint is assigned to more than one account.."
 
+
+   # Check the signature against the replay cache
+   RC = ReplayCache(ReplayCacheFile);
+   RC.Clean();
+   ErrMsg = "The replay cache rejected your message. Check your clock!";
+   Rply = RC.Check(Res[1]);
+   if Rply != None:
+      RC.close()
+      raise Error, Rply;
    RC.Add(Res[1]);
+   RC.close()
 
    # Determine the sender address
    ErrMsg = "A problem occured while trying to formulate the reply";