From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 14 Oct 2023 18:35:34 +0000 (+0100)
Subject: fdatasync the spool data file
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/690bc2ce8c7f0a76f01d03b5b158b0d64abbc86a

fdatasync the spool data file
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index a7b8b68c7..b72819fb4 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -63,6 +63,10 @@ JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
       accept that in (normal) CRLF mode; this has been raised as a possible
       attack scenario (under the name "smtp smuggling").
 
+JH/13 Add an fdatasync call for the received message data file in spool, before
+      loggging reception and sending the SMTP ack.  Previously we only flushed
+      the stdio buffer so there was still the possibility of a disk error.
+
 
 
 Exim version 4.97
diff --git a/src/src/exim.h b/src/src/exim.h
index ccf14f0fd..699b39165 100644
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -569,7 +569,7 @@ requires various things that are set therein. */
 #endif
 
 #ifdef ENABLE_DISABLE_FSYNC
-# define EXIMfsync(f) (disable_fsync? 0 : fsync(f))
+# define EXIMfsync(f) (disable_fsync ? 0 : fsync(f))
 #else
 # define EXIMfsync(f) fsync(f)
 #endif
diff --git a/src/src/receive.c b/src/src/receive.c
index ae7045068..63aded09f 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -4052,7 +4052,15 @@ else
 
 receive_messagecount++;
 
-if (fflush(spool_data_file))
+if (  fflush(spool_data_file)
+#if _POSIX_C_SOURCE >= 199309L || _XOPEN_SOURCE >= 500
+# ifdef ENABLE_DISABLE_FSYNC
+   || !disable_fsync && fdatasync(data_fd)
+# else
+   || fdatasync(data_fd)
+# endif
+#endif
+   )
   {
   errmsg = string_sprintf("Spool write error: %s", strerror(errno));
   log_write(0, LOG_MAIN, "%s\n", errmsg);