summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2016-10-23 14:09:55 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2016-10-23 14:09:55 +0100
commitad7fc6eb6895ff40cc9998d157d1401bbf43c35e (patch)
tree939e7a630d161d795bf990fa2e31db9211861edc
parent18f1b2f3f8829931ac096942ff2d1ef85ab5f891 (diff)
Fix bug with aborted server TLS connection, under GnuTLS
Longstanding, but exposed by 60d10ce
-rw-r--r--doc/doc-txt/ChangeLog6
-rw-r--r--src/src/daemon.c22
-rw-r--r--src/src/tls-gnu.c6
3 files changed, 24 insertions, 10 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1267d75dc..1fdfc126e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -120,6 +120,12 @@ PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
PP/02 Unbreak build via pkg-config with new hash support when crypto headers
are not in the system include path.
+JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
+ GnuTLS, when a sennsion startup failed (eg because the client disconnected)
+ Exim did stdio operations after fclose. This was exposed by a recent
+ change which nulled out the file handle after the fclose.
+
+
Exim version 4.87
-----------------
diff --git a/src/src/daemon.c b/src/src/daemon.c
index 60275c02d..dc49eeb85 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -385,10 +385,10 @@ if (pid == 0)
likely what it depends on.) */
smtp_active_hostname = primary_hostname;
- if (raw_active_hostname != NULL)
+ if (raw_active_hostname)
{
- uschar *nah = expand_string(raw_active_hostname);
- if (nah == NULL)
+ uschar * nah = expand_string(raw_active_hostname);
+ if (!nah)
{
if (!expand_string_forcedfail)
{
@@ -402,7 +402,7 @@ if (pid == 0)
_exit(EXIT_FAILURE);
}
}
- else if (nah[0] != 0) smtp_active_hostname = nah;
+ else if (*nah) smtp_active_hostname = nah;
}
/* Initialize the queueing flags */
@@ -518,11 +518,15 @@ if (pid == 0)
}
else
{
- int i;
- uschar * buf[128];
- mac_smtp_fflush();
- /* drain socket, for clean TCP FINs */
- for(i = 16; read(fileno(smtp_in), buf, sizeof(buf)) > 0 && i > 0; ) i--;
+ if (smtp_out)
+ {
+ int i;
+ uschar buf[128];
+
+ mac_smtp_fflush();
+ /* drain socket, for clean TCP FINs */
+ for(i = 16; read(fileno(smtp_in), buf, sizeof(buf)) > 0 && i > 0; ) i--;
+ }
search_tidyup();
smtp_log_no_mail(); /* Log no mail if configured */
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 7ddd7a724..9afaa8fea 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1827,13 +1827,17 @@ if (rc != GNUTLS_E_SUCCESS)
until the server times out. */
if (sigalrm_seen)
+ {
tls_error(US"gnutls_handshake", "timed out", NULL);
+ gnutls_db_remove_session(state->session);
+ }
else
{
tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL);
(void) gnutls_alert_send_appropriate(state->session, rc);
+ gnutls_deinit(state->session);
millisleep(500);
- shutdown(state->fd_in, SHUT_WR);
+ shutdown(state->fd_out, SHUT_WR);
for (rc = 1024; fgetc(smtp_in) != EOF && rc > 0; ) rc--; /* drain skt */
(void)fclose(smtp_out);
(void)fclose(smtp_in);