diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-10-14 10:45:32 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-10-14 15:56:03 +0100 |
| commit | 6b5cbf740022f7f57a425d212499f156b1641d49 (patch) | |
| tree | 4ef7d51bf046206daa77eb7004e821300aff3c05 /src | |
| parent | 340cbb7f4ea5185938b16a75cff05dea504a434a (diff) | |
environment grooming
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/environment.c | 3 | ||||
| -rw-r--r-- | src/src/functions.h | 1 | ||||
| -rw-r--r-- | src/src/tls.c | 29 |
3 files changed, 33 insertions, 0 deletions
diff --git a/src/src/environment.c b/src/src/environment.c index c29cc6c8d..f3a90660e 100644 --- a/src/src/environment.c +++ b/src/src/environment.c @@ -59,6 +59,9 @@ else if (Ustrcmp(keep_environment, "*") != 0) } store_reset(reset_point); } +#ifndef DISABLE_TLS +tls_clean_env(); +#endif if (add_environment) { uschar * p; diff --git a/src/src/functions.h b/src/src/functions.h index 37f6b1b6f..35600ba2a 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -48,6 +48,7 @@ extern uschar * tls_cert_fprt_md5(void *); extern uschar * tls_cert_fprt_sha1(void *); extern uschar * tls_cert_fprt_sha256(void *); +extern void tls_clean_env(void); extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *, void *, tls_support *, uschar **); diff --git a/src/src/tls.c b/src/src/tls.c index 796bc6d61..63d98c806 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -369,6 +369,35 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) } return FALSE; } + + +/* Environment cleanup: The GnuTLS library spots SSLKEYLOGFILE in the envonment +and writes a file by that name. We might make the OpenSSL support do the same, +in some future release. Restrict that filename to be under the spool directory. + +If the path is absolute, require it starts with the spooldir; otherwise delete +the env variable. If relative, prefix the spooldir. +*/ +void +tls_clean_env(void) +{ +uschar * path = US getenv("SSLKEYLOGFILE"); +if (path) + if (!*path) + unsetenv("SSLKEYLOGFILE"); + else if (*path != '/') + { + DEBUG(D_tls) + debug_printf("prepending spooldir to env SSLKEYLOGFILE\n"); + setenv("SSLKEYLOGFILE", CCS string_sprintf("%s/%s", spool_directory, path), 1); + } + else if (Ustrncmp(path, spool_directory, Ustrlen(spool_directory)) != 0) + { + DEBUG(D_tls) + debug_printf("removing env SSLKEYLOGFILE: not under spooldir\n"); + unsetenv("SSLKEYLOGFILE"); + } +} #endif /*!DISABLE_TLS*/ #endif /*!MACRO_PREDEF*/ |