X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/184e88237dea64ce48076cdd0184612d057cbafd..1ac6b2e7857d7b6645dbd09047c4c2ac3b6cef1d:/src/src/transports/pipe.c

diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c
index 3021194ae..fe94e8575 100644
--- a/src/src/transports/pipe.c
+++ b/src/src/transports/pipe.c
@@ -1,10 +1,8 @@
-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.12 2007/01/08 10:50:20 ph10 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2007 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -41,6 +39,8 @@ optionlist pipe_transport_options[] = {
       (void *)offsetof(pipe_transport_options_block, escape_string) },
   { "freeze_exec_fail",  opt_bool,
       (void *)offsetof(pipe_transport_options_block, freeze_exec_fail) },
+  { "freeze_signal",     opt_bool,
+      (void *)offsetof(pipe_transport_options_block, freeze_signal) },
   { "ignore_status",     opt_bool,
       (void *)offsetof(pipe_transport_options_block, ignore_status) },
   { "log_defer_output",  opt_bool | opt_public,
@@ -57,6 +57,8 @@ optionlist pipe_transport_options[] = {
       (void *)offsetof(pipe_transport_options_block, message_suffix) },
   { "path",              opt_stringptr,
       (void *)offsetof(pipe_transport_options_block, path) },
+  { "permit_coredump",   opt_bool,
+      (void *)offsetof(pipe_transport_options_block, permit_coredump) },
   { "pipe_as_creator",   opt_bool | opt_public,
       (void *)offsetof(transport_instance, deliver_as_creator) },
   { "restrict_to_path",  opt_bool,
@@ -109,7 +111,9 @@ pipe_transport_options_block pipe_transport_option_defaults = {
   60*60,          /* timeout */
   0,              /* options */
   FALSE,          /* freeze_exec_fail */
+  FALSE,          /* freeze_signal */
   FALSE,          /* ignore_status */
+  FALSE,          /* permit_coredump */
   FALSE,          /* restrict_to_path */
   FALSE,          /* timeout_defer */
   FALSE,          /* use_shell */
@@ -127,7 +131,7 @@ pipe_transport_options_block pipe_transport_option_defaults = {
 /* Called for each delivery in the privileged state, just before the uid/gid
 are changed and the main entry point is called. In a system that supports the
 login_cap facilities, this function is used to set the class resource limits
-for the user.
+for the user.  It may also re-enable coredumps.
 
 Arguments:
   tblock     points to the transport instance
@@ -170,6 +174,24 @@ if (ob->use_classresources)
   }
 #endif
 
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+  {
+  struct rlimit rl;
+  rl.rlim_cur = RLIM_INFINITY;
+  rl.rlim_max = RLIM_INFINITY;
+  if (setrlimit(RLIMIT_CORE, &rl) < 0)
+    {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+    if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+      log_write(0, LOG_MAIN,
+          "delivery setrlimit(RLIMIT_CORE, RLIM_INFINITY) failed: %s",
+          strerror(errno));
+    }
+  }
+#endif
+
 return OK;
 }
 
@@ -727,14 +749,19 @@ if (outpid == 0)
   while ((rc = read(fd_out, big_buffer, big_buffer_size)) > 0)
     {
     if (addr->return_file >= 0)
-      write(addr->return_file, big_buffer, rc);
+      if(write(addr->return_file, big_buffer, rc) != rc)
+        DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
     count += rc;
     if (count > ob->max_output)
       {
-      uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
       DEBUG(D_transport) debug_printf("Too much output from pipe - killed\n");
       if (addr->return_file >= 0)
-        write(addr->return_file, message, Ustrlen(message));
+	{
+        uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
+        rc = Ustrlen(message);
+        if(write(addr->return_file, message, rc) != rc)
+          DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
+	}
       killpg(pid, SIGKILL);
       break;
       }
@@ -924,14 +951,35 @@ if ((rc = child_close(pid, timeout)) != 0)
       "transport: %s%s", tblock->name, strerror(errno), tmsg);
     }
 
+  /* Since the transport_filter timed out we assume it has sent the child process
+  a malformed or incomplete data stream.  Kill off the child process
+  and prevent checking its exit status as it will has probably exited in error.
+  This prevents the transport_filter timeout message from getting overwritten
+  by the exit error which is not the cause of the problem. */
+
+  else if (transport_filter_timed_out)
+    {
+    killpg(pid, SIGKILL);
+    kill(outpid, SIGKILL);
+    }
+
   /* Either the process completed, but yielded a non-zero (necessarily
   positive) status, or the process was terminated by a signal (rc will contain
   the negation of the signal number). Treat killing by signal as failure unless
-  status is being ignored. */
+  status is being ignored. By default, the message is bounced back, unless
+  freeze_signal is set, in which case it is frozen instead. */
 
   else if (rc < 0)
     {
-    if (!ob->ignore_status)
+    if (ob->freeze_signal)
+      {
+      addr->transport_return = DEFER;
+      addr->special_action = SPECIAL_FREEZE;
+      addr->message = string_sprintf("Child process of %s transport (running "
+        "command \"%s\") was terminated by signal %d (%s)%s", tblock->name, cmd,
+        -rc, os_strsignal(-rc), tmsg);
+      }
+    else if (!ob->ignore_status)
       {
       addr->transport_return = FAIL;
       addr->message = string_sprintf("Child process of %s transport (running "