net_imap: Abort if node disconnects in middle of FETCH response.

InterLinked1 · InterLinked1 · commit f7afdf4584bd · 2025-03-27T08:56:54.000-04:00
Previously, the cleanup label in process_fetch did not break out
of the loop, so even though we had detected a node disconnect, we
would still loop and try to write out the entire FETCH response
(which could potentially be quite long). On I/O error, we now
correctly abort immediately, as was originally intended.
diff --git a/nets/net_imap/imap.h b/nets/net_imap/imap.h
@@ -170,13 +170,14 @@ extern int imap_debug_level;
 		__imap_parallel_reply(imap, fmt, ## __VA_ARGS__); \
 	}
 
-#define __imap_parallel_reply(imap, fmt, ...) imap_debug(4, "%p <= " fmt, imap, ## __VA_ARGS__); bbs_node_any_fd_writef(imap->node, imap->node->wfd, fmt, ## __VA_ARGS__);
+/* Use statement expressions so caller can check the return value of write */
+#define __imap_parallel_reply(imap, fmt, ...) ({ imap_debug(4, "%p <= " fmt, imap, ## __VA_ARGS__); bbs_node_any_fd_writef(imap->node, imap->node->wfd, fmt, ## __VA_ARGS__); })
+#define _imap_reply_nolock_fd(imap, fd, fmt, ...) ({ imap_debug(4, "%p <= " fmt, imap, ## __VA_ARGS__); bbs_node_fd_writef(imap->node, fd, fmt, ## __VA_ARGS__); })
+#define _imap_reply_nolock_fd_lognewline(imap, fd, fmt, ...) ({ imap_debug(4, "%p <= " fmt "\r\n", imap, ## __VA_ARGS__); bbs_node_fd_writef(imap->node, fd, fmt, ## __VA_ARGS__); })
 
-#define _imap_reply_nolock_fd(imap, fd, fmt, ...) imap_debug(4, "%p <= " fmt, imap, ## __VA_ARGS__); bbs_node_fd_writef(imap->node, fd, fmt, ## __VA_ARGS__);
-#define _imap_reply_nolock_fd_lognewline(imap, fd, fmt, ...) imap_debug(4, "%p <= " fmt "\r\n", imap, ## __VA_ARGS__); bbs_node_fd_writef(imap->node, fd, fmt, ## __VA_ARGS__);
-#define _imap_reply_nolock(imap, fmt, ...) _imap_reply_nolock_fd(imap, imap->node->wfd, fmt, ## __VA_ARGS__);
+#define _imap_reply_nolock(imap, fmt, ...) _imap_reply_nolock_fd(imap, imap->node->wfd, fmt, ## __VA_ARGS__)
 #define _imap_reply(imap, fmt, ...) _imap_reply_nolock(imap, fmt, ## __VA_ARGS__)
-#define imap_send_nocrlf(imap, fmt, ...) _imap_reply_nolock_fd_lognewline(imap, imap->node->wfd, fmt, ## __VA_ARGS__);
+#define imap_send_nocrlf(imap, fmt, ...) _imap_reply_nolock_fd_lognewline(imap, imap->node->wfd, fmt, ## __VA_ARGS__)
 #define imap_send(imap, fmt, ...) _imap_reply(imap, "%s " fmt "\r\n", "*", ## __VA_ARGS__)
 #define imap_reply(imap, fmt, ...) do { \
 	bbs_assert(!imap->finalized_response); \
diff --git a/nets/net_imap/imap_server_fetch.c b/nets/net_imap/imap_server_fetch.c
@@ -776,9 +776,12 @@ static int process_fetch_finalize(struct imap_session *imap, struct fetch_reques
 		}
 	}
 
-	imap_send_nocrlf(imap, /* Start the IMAP response, and ensure no CR LF is automatically added. */
+	if (imap_send_nocrlf(imap, /* Start the IMAP response, and ensure no CR LF is automatically added. */
 		"* %d " /* Number after FETCH is always a message sequence number, not UID, even if usinguid */
-		"FETCH (%s", seqno, response); /* No closing paren, we do that at the very end */
+		"FETCH (%s", seqno, response) < 0) { /* No closing paren, we do that at the very end */
+		res = -1;
+		goto cleanup;
+	}
 
 	/* Now, send anything that could be a large, variable amount of data.
 	 * All of these will use a format literal / multiline response */
@@ -950,21 +953,21 @@ static int process_fetch(struct imap_session *imap, int usinguid, struct fetch_r
 		int markseen, recent;
 
 		if (entry->d_type != DT_REG || !strcmp(entry->d_name, ".") || !strcmp(entry->d_name, "..")) {
-			goto cleanup;
+			goto next;
 		}
 		msguid = imap_msg_in_range(imap, ++seqno, entry->d_name, sequences, usinguid, &error);
 		if (!msguid) {
-			goto cleanup;
+			goto next;
 		}
 		if (fetchreq->changedsince) {
 			if (parse_modseq_from_filename(entry->d_name, &modseq)) {
-				goto cleanup;
+				goto next;
 			}
 			if (modseq <= fetchreq->changedsince) {
 #ifdef EXTRA_DEBUG
 				bbs_debug(5, "modseq %lu older than CHANGEDSINCE %lu\n", modseq, fetchreq->changedsince);
 #endif
-				goto cleanup; /* Older than specified CHANGEDSINCE */
+				goto next; /* Older than specified CHANGEDSINCE */
 			}
 		}
 		/* At this point, the message is a match. Fetch everything we're supposed to for it. */
@@ -997,19 +1000,19 @@ static int process_fetch(struct imap_session *imap, int usinguid, struct fetch_r
 		 */
 		recent = (unsigned int) seqno >= imap->minrecent && (unsigned int) seqno <= imap->maxrecent;
 		if (fetchreq->flags && process_fetch_flags(imap, entry->d_name, markseen, recent, response, sizeof(response), &buf, &len)) {
-			goto cleanup;
+			goto next;
 		}
 		if (fetchreq->rfc822size && process_fetch_size(entry->d_name, response, sizeof(response), &buf, &len)) {
-			goto cleanup;
+			goto next;
 		}
 		if (fetchreq->modseq && process_fetch_modseq(entry->d_name, response, sizeof(response), &buf, &len, &modseq)) {
-			goto cleanup;
+			goto next;
 		}
 		if (fetchreq->internaldate && process_fetch_internaldate(fullname, response, sizeof(response), &buf, &len)) {
-			goto cleanup;
+			goto next;
 		}
 		if (fetchreq->envelope && process_fetch_envelope(fullname, response, sizeof(response), &buf, &len)) {
-			goto cleanup;
+			goto next;
 		}
 
 		/* Handle the header/body stuff and actually send the response. */
@@ -1020,10 +1023,16 @@ static int process_fetch(struct imap_session *imap, int usinguid, struct fetch_r
 			mark_seen(imap, seqno, fullname, entry->d_name); /* No need to goto cleanup if we fail, we do anyways */
 		}
 
+next:
 		fetched++;
+		free(entry);
+		continue;
 
 cleanup:
+		/* For example, if there was an I/O error during the FETCH response, abort immediately.
+		 * This is not uncommon - a client could exit in the middle of a FETCH 1:* */
 		free(entry);
+		break;
 	}
 	free(entries);
 	if (!fetched) {

Original file line number	Diff line number	Diff line change
`@@ -776,9 +776,12 @@ static int process_fetch_finalize(struct imap_session *imap, struct fetch_reques`
`776`	`776`	`}`
`777`	`777`	`}`
`778`	`778`
`779`		`- imap_send_nocrlf(imap, /* Start the IMAP response, and ensure no CR LF is automatically added. */`
	`779`	`+ if (imap_send_nocrlf(imap, /* Start the IMAP response, and ensure no CR LF is automatically added. */`
`780`	`780`	`"* %d " /* Number after FETCH is always a message sequence number, not UID, even if usinguid */`
`781`		`- "FETCH (%s", seqno, response); /* No closing paren, we do that at the very end */`
	`781`	`+ "FETCH (%s", seqno, response) < 0) { /* No closing paren, we do that at the very end */`
	`782`	`+ res = -1;`
	`783`	`+ goto cleanup;`
	`784`	`+ }`
`782`	`785`
`783`	`786`	`/* Now, send anything that could be a large, variable amount of data.`
`784`	`787`	`* All of these will use a format literal / multiline response */`
`@@ -950,21 +953,21 @@ static int process_fetch(struct imap_session *imap, int usinguid, struct fetch_r`
`950`	`953`	`int markseen, recent;`
`951`	`954`
`952`	`955`	`if (entry->d_type != DT_REG \|\| !strcmp(entry->d_name, ".") \|\| !strcmp(entry->d_name, "..")) {`
`953`		`- goto cleanup;`
	`956`	`+ goto next;`
`954`	`957`	`}`
`955`	`958`	`msguid = imap_msg_in_range(imap, ++seqno, entry->d_name, sequences, usinguid, &error);`
`956`	`959`	`if (!msguid) {`
`957`		`- goto cleanup;`
	`960`	`+ goto next;`
`958`	`961`	`}`
`959`	`962`	`if (fetchreq->changedsince) {`
`960`	`963`	`if (parse_modseq_from_filename(entry->d_name, &modseq)) {`
`961`		`- goto cleanup;`
	`964`	`+ goto next;`
`962`	`965`	`}`
`963`	`966`	`if (modseq <= fetchreq->changedsince) {`
`964`	`967`	`#ifdef EXTRA_DEBUG`
`965`	`968`	`bbs_debug(5, "modseq %lu older than CHANGEDSINCE %lu\n", modseq, fetchreq->changedsince);`
`966`	`969`	`#endif`
`967`		`- goto cleanup; /* Older than specified CHANGEDSINCE */`
	`970`	`+ goto next; /* Older than specified CHANGEDSINCE */`
`968`	`971`	`}`
`969`	`972`	`}`
`970`	`973`	`/* At this point, the message is a match. Fetch everything we're supposed to for it. */`
`@@ -997,19 +1000,19 @@ static int process_fetch(struct imap_session *imap, int usinguid, struct fetch_r`
`997`	`1000`	`*/`
`998`	`1001`	`recent = (unsigned int) seqno >= imap->minrecent && (unsigned int) seqno <= imap->maxrecent;`
`999`	`1002`	`if (fetchreq->flags && process_fetch_flags(imap, entry->d_name, markseen, recent, response, sizeof(response), &buf, &len)) {`
`1000`		`- goto cleanup;`
	`1003`	`+ goto next;`
`1001`	`1004`	`}`
`1002`	`1005`	`if (fetchreq->rfc822size && process_fetch_size(entry->d_name, response, sizeof(response), &buf, &len)) {`
`1003`		`- goto cleanup;`
	`1006`	`+ goto next;`
`1004`	`1007`	`}`
`1005`	`1008`	`if (fetchreq->modseq && process_fetch_modseq(entry->d_name, response, sizeof(response), &buf, &len, &modseq)) {`
`1006`		`- goto cleanup;`
	`1009`	`+ goto next;`
`1007`	`1010`	`}`
`1008`	`1011`	`if (fetchreq->internaldate && process_fetch_internaldate(fullname, response, sizeof(response), &buf, &len)) {`
`1009`		`- goto cleanup;`
	`1012`	`+ goto next;`
`1010`	`1013`	`}`
`1011`	`1014`	`if (fetchreq->envelope && process_fetch_envelope(fullname, response, sizeof(response), &buf, &len)) {`
`1012`		`- goto cleanup;`
	`1015`	`+ goto next;`
`1013`	`1016`	`}`
`1014`	`1017`
`1015`	`1018`	`/* Handle the header/body stuff and actually send the response. */`
`@@ -1020,10 +1023,16 @@ static int process_fetch(struct imap_session *imap, int usinguid, struct fetch_r`
`1020`	`1023`	`mark_seen(imap, seqno, fullname, entry->d_name); /* No need to goto cleanup if we fail, we do anyways */`
`1021`	`1024`	`}`
`1022`	`1025`
	`1026`	`+next:`
`1023`	`1027`	`fetched++;`
	`1028`	`+ free(entry);`
	`1029`	`+ continue;`
`1024`	`1030`
`1025`	`1031`	`cleanup:`
	`1032`	`+ /* For example, if there was an I/O error during the FETCH response, abort immediately.`
	`1033`	`+ * This is not uncommon - a client could exit in the middle of a FETCH 1:* */`
`1026`	`1034`	`free(entry);`
	`1035`	`+ break;`
`1027`	`1036`	`}`
`1028`	`1037`	`free(entries);`
`1029`	`1038`	`if (!fetched) {`