mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-2.9-20110207

Browse Source
This commit is contained in:
Wietse Venema 2011-02-07 00:00:00 -05:00 committed by Viktor Dukhovni
parent 45966d7b77
commit 1ac00dbaf1
7 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
postfix/HISTORY
View File

@ -16571,3 +16571,8 @@ Apologies for any names omitted.
responses more gracefully, i.e. without losing synchronization. responses more gracefully, i.e. without losing synchronization.
Files: smtpd/smtpd_chat.c, smtpd/smtpd_proxy.c, smtp/smtp_chat.c, Files: smtpd/smtpd_chat.c, smtpd/smtpd_proxy.c, smtp/smtp_chat.c,
smtpstone/smtp-source.c. smtpstone/smtp-source.c.
20110207
Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
>= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20110205" #define MAIL_RELEASE_DATE "20110207"
#define MAIL_VERSION_NUMBER "2.9" #define MAIL_VERSION_NUMBER "2.9"
#ifdef SNAPSHOT #ifdef SNAPSHOT

1
postfix/src/global/smtp_stream.c
View File

@ -326,6 +326,7 @@ int smtp_get(VSTRING *vp, VSTREAM *stream, ssize_t bound, int flags)
while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r') while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r')
vstring_truncate(vp, VSTRING_LEN(vp) - 1); vstring_truncate(vp, VSTRING_LEN(vp) - 1);
VSTRING_TERMINATE(vp); VSTRING_TERMINATE(vp);
/* FALLTRHOUGH */
/* /*
* Partial line: just read the remainder later. If we ran into EOF, * Partial line: just read the remainder later. If we ran into EOF,

1
postfix/src/smtpd/smtpd.c
View File

@ -4029,6 +4029,7 @@ static void smtpd_start_tls(SMTPD_STATE *state)
TLS_SERVER_START(&props, TLS_SERVER_START(&props,
ctx = smtpd_tls_ctx, ctx = smtpd_tls_ctx,
stream = state->client, stream = state->client,
fd = -1,
log_level = var_smtpd_tls_loglevel, log_level = var_smtpd_tls_loglevel,
timeout = var_smtpd_starttls_tmout, timeout = var_smtpd_starttls_tmout,
requirecert = requirecert, requirecert = requirecert,

5
postfix/src/tls/tls.h
View File

@ -268,6 +268,7 @@ typedef struct {
typedef struct { typedef struct {
TLS_APPL_STATE *ctx; /* TLS application context */ TLS_APPL_STATE *ctx; /* TLS application context */
VSTREAM *stream; /* Client stream */ VSTREAM *stream; /* Client stream */
int fd; /* Event-driven file descriptor */
int log_level; /* TLS log level */ int log_level; /* TLS log level */
int timeout; /* TLS handshake timeout */ int timeout; /* TLS handshake timeout */
int requirecert; /* Insist on client cert? */ int requirecert; /* Insist on client cert? */
@ -293,10 +294,10 @@ extern TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *);
((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \ ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props))) ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \ #define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11) \
tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \ tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), (props))) ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), (props)))
/* /*
* tls_session.c * tls_session.c

26
postfix/src/tls/tls_server.c
View File

@ -89,7 +89,8 @@
/* SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown(). /* SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
/* /*
/* To maintain control over TLS I/O, an event-driven server /* To maintain control over TLS I/O, an event-driven server
/* invokes tls_server_start() with a null VSTREAM argument. /* invokes tls_server_start() with a null VSTREAM argument and
/* with an fd argument that specifies the I/O file descriptor.
/* Then, tls_server_start() performs all the necessary /* Then, tls_server_start() performs all the necessary
/* preparations before the TLS handshake and returns a partially /* preparations before the TLS handshake and returns a partially
/* populated TLS context. The event-driven application is then /* populated TLS context. The event-driven application is then
@ -657,6 +658,18 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
*/ */
SSL_set_accept_state(TLScontext->con); SSL_set_accept_state(TLScontext->con);
/*
* Connect the SSL connection with the network socket.
*/
if (SSL_set_fd(TLScontext->con, props->stream == 0 ? props->fd :
vstream_fileno(props->stream)) != 1) {
msg_info("SSL_set_fd error to %s", props->namaddr);
tls_print_errors();
uncache_session(app_ctx->ssl_ctx, TLScontext);
tls_free_context(TLScontext);
return (0);
}
/* /*
* If the debug level selected is high enough, all of the data is dumped: * If the debug level selected is high enough, all of the data is dumped:
* 3 will dump the SSL negotiation, 4 will dump everything. * 3 will dump the SSL negotiation, 4 will dump everything.
@ -675,17 +688,6 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
if (props->stream == 0) if (props->stream == 0)
return (TLScontext); return (TLScontext);
/*
* Connect the SSL connection with the network socket.
*/
if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) {
msg_info("SSL_set_fd error to %s", props->namaddr);
tls_print_errors();
uncache_session(app_ctx->ssl_ctx, TLScontext);
tls_free_context(TLScontext);
return (0);
}
/* /*
* Turn on non-blocking I/O so that we can enforce timeouts on network * Turn on non-blocking I/O so that we can enforce timeouts on network
* I/O. * I/O.

13
postfix/src/tlsproxy/tlsproxy.c
View File

@ -687,6 +687,7 @@ static void tlsp_start_tls(TLSP_STATE *state)
TLS_SERVER_START(&props, TLS_SERVER_START(&props,
ctx = tlsp_server_ctx, ctx = tlsp_server_ctx,
stream = (VSTREAM *) 0,/* unused */ stream = (VSTREAM *) 0,/* unused */
fd = state->ciphertext_fd,
log_level = var_tlsp_tls_loglevel, log_level = var_tlsp_tls_loglevel,
timeout = 0, /* unused */ timeout = 0, /* unused */
requirecert = (var_tlsp_tls_req_ccert requirecert = (var_tlsp_tls_req_ccert
@ -702,18 +703,6 @@ static void tlsp_start_tls(TLSP_STATE *state)
return; return;
} }
/*
* This program will do the ciphertext I/O, not libtls. In the future,
* the above event-driven engine may be factored out as a libtls library
* module.
*/
if (SSL_set_fd(state->tls_context->con, state->ciphertext_fd) != 1) {
msg_info("SSL_set_fd error to %s", state->remote_endpt);
tls_print_errors();
tlsp_state_free(state);
return;
}
/* /*
* XXX Do we care about TLS session rate limits? Good postscreen(8) * XXX Do we care about TLS session rate limits? Good postscreen(8)
* clients will occasionally require the tlsproxy to renew their * clients will occasionally require the tlsproxy to renew their