About Sendmail 8.18.2 CDB implementation
From
kalevi@kalevi@kolttonen.fi (Kalevi Kolttonen) to
comp.mail.sendmail on Sun Feb 1 23:34:41 2026
From Newsgroup: comp.mail.sendmail
Hello!
While investigating Marco Moock's CDB issue, I had to
read some sendmail/map.c code. Line 3138 contains
the following:
dlen = cdb_datalen(cdbmap);
data = malloc(dlen + 1);
cdb_read(cdbmap, data, dlen, cdb_datapos(cdbmap));
data[dlen] = '\0';
I see that the return value of malloc(dlen + 1) is not
properly checked against NULL.
Below that block, the else branch passes on 'data':
return map_rewrite(map, data, dlen, av);
Inspecting map_rewrite(), I am unable to find a
corresponding free() so it might be worth checking
whether there is a memory leak. It is of course more
likely that I am missing something here.
PS. It would be a good addition to the Sendmail docs
that CDB map keys must be downcased before CDB map
creation. After all these years, I was unaware that
makemap DB utility performs this operation unless
overridden by the -f switch.
br,
KK
--- Synchronet 3.21b-Linux NewsLink 1.2
From
Claus =?iso-8859-1?Q?A=DFmann?=@INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org to
comp.mail.sendmail on Tue Feb 3 12:40:52 2026
From Newsgroup: comp.mail.sendmail
Thanks for reporting these problems. A patch is below, please
review/test.
Is it ok to mention your name in the release notes and if so, do
you want to add an affiliation (which)?
diff --git a/sendmail/map.c b/sendmail/map.c
index a42b72e55..50466516d 100644
--- a/sendmail/map.c
+++ b/sendmail/map.c
@@ -3048,7 +3048,7 @@ cdb_map_lookup(map, name, av, statp)
char **av;
int *statp;
{
- char *data;
+ char *data, *result;
struct cdb *cdbmap;
unsigned int klen, dlen;
int st, fd;
@@ -3056,6 +3056,7 @@ cdb_map_lookup(map, name, av, statp)
char buf[MAXPATHLEN];
data = NULL;
+ result = NULL;
cdbmap = map->map_db1;
if (tTd(38, 20))
sm_dprintf("cdb_map_lookup(%s, %s)\n", map->map_mname, name); @@ -3142,14 +3143,22 @@ cdb_map_lookup(map, name, av, statp)
else
{
dlen = cdb_datalen(cdbmap);
- data = malloc(dlen + 1);
+ data = (char *) sm_malloc(dlen + 1);
+ if (NULL == data)
+ {
+ *statp = EX_TEMPFAIL;
+ return NULL;
+ }
cdb_read(cdbmap, data, dlen, cdb_datapos(cdbmap));
data[dlen] = '\0';
}
if (bitset(MF_MATCHONLY, map->map_mflags))
- return map_rewrite(map, name, strlen(name), NULL);
+ result = map_rewrite(map, name, strlen(name), NULL);
else
- return map_rewrite(map, data, dlen, av);
+ result = map_rewrite(map, data, dlen, av);
+
+ SM_FREE(data);
+ return result;
}
/*
--- Synchronet 3.21b-Linux NewsLink 1.2