summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2017-01-31 22:15:55 -0500
committerPhil Pennock <pdp@exim.org>2017-01-31 22:15:55 -0500
commitda88acaeb7d76e5312c8ea799951470eaa5eca0f (patch)
treeb6feaf37a957688b302e701d0c051a4618df95e2 /doc
parent829dd84217ed9c32fda88a4ca2cb20b41c950f1e (diff)
Handle Proxy Protocol v2 safely as well.
We had test suite failures (test suite success!) because Proxy Protocol v2 (PPv2) wasn't being detected; by only reading 12 octets, the >= 16 check was failing. But in fact I had previously only fixed reading "only enough" for PPv1. Handling both PPv1 and PPv2 is complicated because the minimum valid length for PPv1 is 15 octets but for PPv2 the size to read is in the 15th and 16th octets. So refactored a little and we now use a total of 3 reads for the PPv2 case (assuming no fragmentation, etc; we'll actually keep reading now instead of aborting) to get the entire PPv2 header of exactly the right size, so that TLS handshake immediately following the PP header is not also swallowed. Fixes: 2018 Tested: manually, TLS and non-TLS, PPv1 and PPv2, all ways. Release: should be cherry-picked into 4.89RC series
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-txt/ChangeLog2
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 69c778966..03c031106 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -77,6 +77,8 @@ PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
instead leave the unprompted TLS handshake in socket buffer for the
TLS library to consume.
+PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
+
Exim version 4.88
-----------------