Bug 64802

Summary: lib-src/pop.c may attempt to connect to the wrong host
Product: [Retired] Red Hat Raw Hide Reporter: Jonathan Kamens <jik>
Component: emacsAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-05-15 01:41:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jonathan Kamens 2002-05-13 00:39:45 UTC
FYI:

Date: Sun, 12 May 2002 20:38:25 -0400
From: Jonathan Kamens <jik.ma.us>
To: bug-gnu-emacs
Subject: lib-src/pop.c may attempt to connect to the wrong host

This bug report will be sent to the Free Software Foundation,
not to your local site managers!
Please write in English, because the Emacs maintainers do not have
translators to read other languages for them.

Your bug report will be posted to the bug-gnu-emacs mailing list,
and to the gnu.emacs.bug news group.

In GNU Emacs 21.2.1 (i386-redhat-linux-gnu, X toolkit, Xaw3d scroll bars)
 of 2002-04-08 on porky.devel.redhat.com
configured using `configure  i386-redhat-linux --prefix=/usr --exec-prefix=/usr
--bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
--localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --with-gcc --with-pop --with-sound'
Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: C
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: en_US
  locale-coding-system: iso-latin-1
  default-enable-multibyte-characters: t

Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:

TAhe patch appended below was made against 20.7, but I believe that it
will apply cleanly, or almost cleanly, against the current source tree
as well.

The code in socket_connection in lib-src/pop.c results the host name
of the POP host, then uses getservbyname() to look up the port number,
then iterates through the addresses of the POP host and attempts to
connect to each of them in turn.

The problem with this approach is that getservbyname() may call
gethostbyname() or gethostbyaddr(), e.g., if nsswitch.com says to use
LDAP for service lookups, and thus replace the address information
about the POP host with the address information for some other host,
thus causing the POP connection to go to the wrong host.  I have
seen this failure mode.

The fix for this is to wait to resolve the POP host name until
immediately before trying to connect to it.  I've attached a patch.

  jik

--- lib-src/pop.c.orig	Sun May 12 20:23:32 2002
+++ lib-src/pop.c	Sun May 12 20:27:21 2002
@@ -1067,17 +1067,6 @@
   }
 #endif
 
-  do
-    {
-      hostent = gethostbyname (host);
-      try_count++;
-      if ((! hostent) && ((h_errno != TRY_AGAIN) || (try_count == 5)))
-	{
-	  strcpy (pop_error, "Could not determine POP server's address");
-	  return (-1);
-	}
-    } while (! hostent);
-
   bzero ((char *) &addr, sizeof (addr));
   addr.sin_family = AF_INET;
 
@@ -1127,6 +1116,17 @@
       return (-1);
 	  
     }
+
+  do
+    {
+      hostent = gethostbyname (host);
+      try_count++;
+      if ((! hostent) && ((h_errno != TRY_AGAIN) || (try_count == 5)))
+	{
+	  strcpy (pop_error, "Could not determine POP server's address");
+	  return (-1);
+	}
+    } while (! hostent);
 
   while (*hostent->h_addr_list)
     {

Comment 1 Trond Eivind Glomsrxd 2002-05-14 23:17:20 UTC
Could you attach it to preserve whitespace? TIA.

Comment 2 Jonathan Kamens 2002-05-15 01:39:34 UTC
I don't have the diff around anymore, and I'm not sure its whitespace is
preserved in my E-mail archive, but you should be able to apply it by hand --
note that I am simply moving a block of code from one place to another without
making any changes to it.


Comment 3 Trond Eivind Glomsrxd 2002-08-28 23:50:05 UTC
Should be added to 21.2-18