From 1ac00dbaf1f8a8e30f0c4483e93cec02e8ea56a5 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 7 Feb 2011 00:00:00 -0500
Subject: [PATCH] postfix-2.9-20110207

---
 postfix/HISTORY                   |  5 +++++
 postfix/src/global/mail_version.h |  2 +-
 postfix/src/global/smtp_stream.c  |  1 +
 postfix/src/smtpd/smtpd.c         |  1 +
 postfix/src/tls/tls.h             |  5 +++--
 postfix/src/tls/tls_server.c      | 26 ++++++++++++++------------
 postfix/src/tlsproxy/tlsproxy.c   | 13 +------------
 7 files changed, 26 insertions(+), 27 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 64021a07d..2fed267d6 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -16571,3 +16571,8 @@ Apologies for any names omitted.
 	responses more gracefully, i.e. without losing synchronization.
 	Files: smtpd/smtpd_chat.c, smtpd/smtpd_proxy.c, smtp/smtp_chat.c,
 	smtpstone/smtp-source.c.
+
+20110207
+
+	Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
+	>= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 9a12c01a5..cb4348fcb 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110205"
+#define MAIL_RELEASE_DATE	"20110207"
 #define MAIL_VERSION_NUMBER	"2.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/smtp_stream.c b/postfix/src/global/smtp_stream.c
index 84de8348c..1fb967d85 100644
--- a/postfix/src/global/smtp_stream.c
+++ b/postfix/src/global/smtp_stream.c
@@ -326,6 +326,7 @@ int     smtp_get(VSTRING *vp, VSTREAM *stream, ssize_t bound, int flags)
 	while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
 	    vstring_truncate(vp, VSTRING_LEN(vp) - 1);
 	VSTRING_TERMINATE(vp);
+	/* FALLTRHOUGH */
 
 	/*
 	 * Partial line: just read the remainder later. If we ran into EOF,
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 2c569f254..979b4e67f 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -4029,6 +4029,7 @@ static void smtpd_start_tls(SMTPD_STATE *state)
 	TLS_SERVER_START(&props,
 			 ctx = smtpd_tls_ctx,
 			 stream = state->client,
+			 fd = -1,
 			 log_level = var_smtpd_tls_loglevel,
 			 timeout = var_smtpd_starttls_tmout,
 			 requirecert = requirecert,
diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index 6e18badbd..5a06d8bd7 100644
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -268,6 +268,7 @@ typedef struct {
 typedef struct {
     TLS_APPL_STATE *ctx;		/* TLS application context */
     VSTREAM *stream;			/* Client stream */
+    int     fd;				/* Event-driven file descriptor */
     int     log_level;			/* TLS log level */
     int     timeout;			/* TLS handshake timeout */
     int     requirecert;		/* Insist on client cert? */
@@ -293,10 +294,10 @@ extern TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *);
     ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
     ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
 
-#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \
+#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11) \
     tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
     ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
-    ((props)->a8), ((props)->a9), ((props)->a10), (props)))
+    ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), (props)))
 
  /*
   * tls_session.c
diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index 8792f7102..f764a5a39 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -89,7 +89,8 @@
 /*	SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
 /*
 /*	To maintain control over TLS I/O, an event-driven server
-/*	invokes tls_server_start() with a null VSTREAM argument.
+/*	invokes tls_server_start() with a null VSTREAM argument and
+/*	with an fd argument that specifies the I/O file descriptor.
 /*	Then, tls_server_start() performs all the necessary
 /*	preparations before the TLS handshake and returns a partially
 /*	populated TLS context. The event-driven application is then
@@ -657,6 +658,18 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
      */
     SSL_set_accept_state(TLScontext->con);
 
+    /*
+     * Connect the SSL connection with the network socket.
+     */
+    if (SSL_set_fd(TLScontext->con, props->stream == 0 ? props->fd :
+		   vstream_fileno(props->stream)) != 1) {
+	msg_info("SSL_set_fd error to %s", props->namaddr);
+	tls_print_errors();
+	uncache_session(app_ctx->ssl_ctx, TLScontext);
+	tls_free_context(TLScontext);
+	return (0);
+    }
+
     /*
      * If the debug level selected is high enough, all of the data is dumped:
      * 3 will dump the SSL negotiation, 4 will dump everything.
@@ -675,17 +688,6 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
     if (props->stream == 0)
 	return (TLScontext);
 
-    /*
-     * Connect the SSL connection with the network socket.
-     */
-    if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) {
-	msg_info("SSL_set_fd error to %s", props->namaddr);
-	tls_print_errors();
-	uncache_session(app_ctx->ssl_ctx, TLScontext);
-	tls_free_context(TLScontext);
-	return (0);
-    }
-
     /*
      * Turn on non-blocking I/O so that we can enforce timeouts on network
      * I/O.
diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c
index d52205262..3c6b3c6c9 100644
--- a/postfix/src/tlsproxy/tlsproxy.c
+++ b/postfix/src/tlsproxy/tlsproxy.c
@@ -687,6 +687,7 @@ static void tlsp_start_tls(TLSP_STATE *state)
 	TLS_SERVER_START(&props,
 			 ctx = tlsp_server_ctx,
 			 stream = (VSTREAM *) 0,/* unused */
+			 fd = state->ciphertext_fd,
 			 log_level = var_tlsp_tls_loglevel,
 			 timeout = 0,		/* unused */
 			 requirecert = (var_tlsp_tls_req_ccert
@@ -702,18 +703,6 @@ static void tlsp_start_tls(TLSP_STATE *state)
 	return;
     }
 
-    /*
-     * This program will do the ciphertext I/O, not libtls. In the future,
-     * the above event-driven engine may be factored out as a libtls library
-     * module.
-     */
-    if (SSL_set_fd(state->tls_context->con, state->ciphertext_fd) != 1) {
-	msg_info("SSL_set_fd error to %s", state->remote_endpt);
-	tls_print_errors();
-	tlsp_state_free(state);
-	return;
-    }
-
     /*
      * XXX Do we care about TLS session rate limits? Good postscreen(8)
      * clients will occasionally require the tlsproxy to renew their