Hide Forgot
Description of problem: One of my systems created endless, high frequent log messages (up to 6000 messages per second) like | Aug 4 08:08:53 ... Unable to set close-on-exec on connfd (Bad file descriptor) | Aug 4 08:08:53 ... Unable to set close-on-exec on connfd (Bad file descriptor) This is caused by sendmail-8.14.3-milterfdleaks.patch which uses 'connfd' without validating it: | connfd = accept(listenfd, (struct sockaddr *) &cliaddr, | &clilen); | ... | + if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 || | + fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1) | + { | + smi_log(SMI_LOG_WARN, | + "%s: Unable to set close-on-exec on connfd (%s)", | + smfi->xxfi_name, sm_errstring(errno)); There is an (unknown) underlying problem which is unrelated to this patch. But the fcntl() operations should not be executed before validating 'connfd'. Handling of bad 'connfd' descriptor is done later in the milter code so that no further actions should be done in this case by the patch. Version-Release number of selected component (if applicable): sendmail-8.14.4-8.el6.x86_64
Created attachment 602450 [details] Proposed fix The problem seems to be elsewhere, but we could fix it.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux.
Created attachment 694372 [details] Patch against 8.14.6 (Rawhide) Proposed patch looks sane. Here's the patch I'm using in my local build for 8.14.6 (almost identical to the Rawhide package) on Fedora 18 for the last week or so. Haven't seen any problems with it.
Patch reviewed by QA and confirmed to fix issue on customer side. Sanity and regression suite ran on all archs. VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1299.html