summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-10-14 10:45:32 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2019-10-14 15:56:03 +0100
commit6b5cbf740022f7f57a425d212499f156b1641d49 (patch)
tree4ef7d51bf046206daa77eb7004e821300aff3c05
parent340cbb7f4ea5185938b16a75cff05dea504a434a (diff)
environment grooming
-rw-r--r--src/src/environment.c3
-rw-r--r--src/src/functions.h1
-rw-r--r--src/src/tls.c29
3 files changed, 33 insertions, 0 deletions
diff --git a/src/src/environment.c b/src/src/environment.c
index c29cc6c8d..f3a90660e 100644
--- a/src/src/environment.c
+++ b/src/src/environment.c
@@ -59,6 +59,9 @@ else if (Ustrcmp(keep_environment, "*") != 0)
}
store_reset(reset_point);
}
+#ifndef DISABLE_TLS
+tls_clean_env();
+#endif
if (add_environment)
{
uschar * p;
diff --git a/src/src/functions.h b/src/src/functions.h
index 37f6b1b6f..35600ba2a 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -48,6 +48,7 @@ extern uschar * tls_cert_fprt_md5(void *);
extern uschar * tls_cert_fprt_sha1(void *);
extern uschar * tls_cert_fprt_sha256(void *);
+extern void tls_clean_env(void);
extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *,
void *, tls_support *, uschar **);
diff --git a/src/src/tls.c b/src/src/tls.c
index 796bc6d61..63d98c806 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -369,6 +369,35 @@ else if ((subjdn = tls_cert_subject(cert, NULL)))
}
return FALSE;
}
+
+
+/* Environment cleanup: The GnuTLS library spots SSLKEYLOGFILE in the envonment
+and writes a file by that name. We might make the OpenSSL support do the same,
+in some future release. Restrict that filename to be under the spool directory.
+
+If the path is absolute, require it starts with the spooldir; otherwise delete
+the env variable. If relative, prefix the spooldir.
+*/
+void
+tls_clean_env(void)
+{
+uschar * path = US getenv("SSLKEYLOGFILE");
+if (path)
+ if (!*path)
+ unsetenv("SSLKEYLOGFILE");
+ else if (*path != '/')
+ {
+ DEBUG(D_tls)
+ debug_printf("prepending spooldir to env SSLKEYLOGFILE\n");
+ setenv("SSLKEYLOGFILE", CCS string_sprintf("%s/%s", spool_directory, path), 1);
+ }
+ else if (Ustrncmp(path, spool_directory, Ustrlen(spool_directory)) != 0)
+ {
+ DEBUG(D_tls)
+ debug_printf("removing env SSLKEYLOGFILE: not under spooldir\n");
+ unsetenv("SSLKEYLOGFILE");
+ }
+}
#endif /*!DISABLE_TLS*/
#endif /*!MACRO_PREDEF*/