Fixed SMTP session reuse bug

2016-03-01 18:45:55 +01:00 · 2016-03-01 18:45:55 +01:00 · 90b401d80f
commit 90b401d80f
parent 59ab75ee1c
2 changed files with 256 additions and 1 deletions
--- a/sendmail-8.15.2-smtp-session-reuse-fix.patch
+++ b/sendmail-8.15.2-smtp-session-reuse-fix.patch
@ -0,0 +1,249 @@
+diff -ru a/sendmail/deliver.c b/sendmail/deliver.c
+--- a/sendmail/deliver.c	2016-02-29 06:01:55.000000000 -0800
+++ b/sendmail/deliver.c	2016-02-29 06:02:06.000000000 -0800
+@@ -6274,8 +6274,7 @@
+ 				tlslogerr(LOG_WARNING, "client");
+ 		}
+ 
+-		SSL_free(clt_ssl);
+-		clt_ssl = NULL;
+		SM_SSL_FREE(clt_ssl);
+ 		return EX_SOFTWARE;
+ 	}
+ 	mci->mci_ssl = clt_ssl;
+@@ -6287,8 +6286,7 @@
+ 		return EX_OK;
+ 
+ 	/* failure */
+-	SSL_free(clt_ssl);
+-	clt_ssl = NULL;
+	SM_SSL_FREE(clt_ssl);
+ 	return EX_SOFTWARE;
+ }
+ /*
+@@ -6309,7 +6307,7 @@
+ 
+ 	if (!bitset(MCIF_TLSACT, mci->mci_flags))
+ 		return EX_OK;
+-	r = endtls(mci->mci_ssl, "client");
+	r = endtls(&mci->mci_ssl, "client");
+ 	mci->mci_flags &= ~MCIF_TLSACT;
+ 	return r;
+ }
+diff -ru a/sendmail/macro.c b/sendmail/macro.c
+--- a/sendmail/macro.c	2016-02-29 06:01:55.000000000 -0800
+++ b/sendmail/macro.c	2016-02-29 06:02:06.000000000 -0800
+@@ -362,6 +362,33 @@
+ }
+ 
+ /*
+**  MACTABCLEAR -- clear entire macro table
+**
+**	Parameters:
+**		mac -- Macro table.
+**
+**	Returns:
+**		none.
+**
+**	Side Effects:
+**		clears entire mac structure including rpool pointer!
+*/
+
+void
+mactabclear(mac)
+	MACROS_T *mac;
+{
+	int i;
+
+	if (mac->mac_rpool == NULL)
+	{
+		for (i = 0; i < MAXMACROID; i++)
+	    		SM_FREE_CLR(mac->mac_table[i]);
+	}
+	memset((char *) mac, '\0', sizeof(*mac));
+}
+
+/*
+ **  MACDEFINE -- bind a macro name to a value
+ **
+ **	Set a macro to a value, with fancy storage management.
+diff -ru a/sendmail/mci.c b/sendmail/mci.c
+--- a/sendmail/mci.c	2016-02-29 06:01:55.000000000 -0800
+++ b/sendmail/mci.c	2016-02-29 06:02:06.000000000 -0800
+@@ -25,6 +25,7 @@
+ 						  int, bool));
+ static bool	mci_load_persistent __P((MCI *));
+ static void	mci_uncache __P((MCI **, bool));
+static void	mci_clear __P((MCI *));
+ static int	mci_lock_host_statfile __P((MCI *));
+ static int	mci_read_persistent __P((SM_FILE_T *, MCI *));
+ 
+@@ -253,6 +254,7 @@
+ 	SM_FREE_CLR(mci->mci_status);
+ 	SM_FREE_CLR(mci->mci_rstatus);
+ 	SM_FREE_CLR(mci->mci_heloname);
+ 	mci_clear(mci);
+ 	if (mci->mci_rpool != NULL)
+ 	{
+ 		sm_rpool_free(mci->mci_rpool);
+@@ -315,6 +317,41 @@
+ }
+ 
+ /*
+**  MCI_CLEAR -- clear mci
+**
+**	Parameters:
+**		mci -- the connection to clear.
+**
+**	Returns:
+**		none.
+*/
+
+static void
+mci_clear(mci)
+	MCI *mci;
+{
+	if (mci == NULL)
+		return;
+
+	mci->mci_maxsize = 0;
+	mci->mci_min_by = 0;
+	mci->mci_deliveries = 0;
+#if SASL
+	if (bitset(MCIF_AUTHACT, mci->mci_flags))
+		sasl_dispose(&mci->mci_conn);
+#endif
+#if STARTTLS
+	if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL)
+		SM_SSL_FREE(mci->mci_ssl);
+#endif
+
+	/* which flags to preserve? */
+	mci->mci_flags &= MCIF_CACHED;
+	mactabclear(&mci->mci_macro);
+}
+
+
+/*
+ **  MCI_GET -- get information about a particular host
+ **
+ **	Parameters:
+@@ -419,6 +456,7 @@
+ 			mci->mci_errno = 0;
+ 			mci->mci_exitstat = EX_OK;
+ 		}
+	 	mci_clear(mci);
+ 	}
+ 
+ 	return mci;
+diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h
+--- a/sendmail/sendmail.h	2016-02-29 06:01:55.000000000 -0800
+++ b/sendmail/sendmail.h	2016-02-29 06:02:06.000000000 -0800
+@@ -1186,6 +1186,7 @@
+ #define macid(name)  macid_parse(name, NULL)
+ extern char	*macname __P((int));
+ extern char	*macvalue __P((int, ENVELOPE *));
+extern void	mactabclear __P((MACROS_T *));
+ extern int	rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **));
+ extern int	rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int));
+ extern void	setclass __P((int, char *));
+@@ -2002,7 +2003,15 @@
+ extern void	setclttls __P((bool));
+ extern bool	initsrvtls __P((bool));
+ extern int	tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool));
+-extern int	endtls __P((SSL *, char *));
+#define SM_SSL_FREE(ssl)			\
+	do {					\
+		if (ssl != NULL)		\
+		{				\
+			SSL_free(ssl);		\
+			ssl = NULL;		\
+		}				\
+	} while (0)
+extern int	endtls __P((SSL **, char *));
+ extern void	tlslogerr __P((int, const char *));
+ 
+ 
+diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
+--- a/sendmail/srvrsmtp.c	2016-02-29 06:01:55.000000000 -0800
+++ b/sendmail/srvrsmtp.c	2016-02-29 06:02:06.000000000 -0800
+@@ -2122,8 +2122,7 @@
+ 			if (get_tls_se_options(e, srv_ssl, true) != 0)
+ 			{
+ 				message("454 4.3.3 TLS not available: error setting options");
+-				SSL_free(srv_ssl);
+-				srv_ssl = NULL;
+				SM_SSL_FREE(srv_ssl);
+ 				goto tls_done;
+ 			}
+ 
+@@ -2145,8 +2144,7 @@
+ 			    SSL_set_wfd(srv_ssl, wfd) <= 0)
+ 			{
+ 				message("454 4.3.3 TLS not available: error set fd");
+-				SSL_free(srv_ssl);
+-				srv_ssl = NULL;
+				SM_SSL_FREE(srv_ssl);
+ 				goto tls_done;
+ 			}
+ 			if (!smtps)
+@@ -2188,8 +2186,7 @@
+ 						tlslogerr(LOG_WARNING, "server");
+ 				}
+ 				tls_ok_srv = false;
+-				SSL_free(srv_ssl);
+-				srv_ssl = NULL;
+				SM_SSL_FREE(srv_ssl);
+ 
+ 				/*
+ 				**  according to the next draft of
+@@ -3416,7 +3413,7 @@
+ 			/* shutdown TLS connection */
+ 			if (tls_active)
+ 			{
+-				(void) endtls(srv_ssl, "server");
+				(void) endtls(&srv_ssl, "server");
+ 				tls_active = false;
+ 			}
+ #endif /* STARTTLS */
+diff -ru a/sendmail/tls.c b/sendmail/tls.c
+--- a/sendmail/tls.c	2016-02-29 06:01:55.000000000 -0800
+++ b/sendmail/tls.c	2016-02-29 06:02:06.000000000 -0800
+@@ -1624,7 +1624,7 @@
+ **  ENDTLS -- shutdown secure connection
+ **
+ **	Parameters:
+-**		ssl -- SSL connection information.
+**		pssl -- pointer to TLS session context
+ **		side -- server/client (for logging).
+ **
+ **	Returns:
+@@ -1632,12 +1632,16 @@
+ */
+ 
+ int
+-endtls(ssl, side)
+-	SSL *ssl;
+endtls(pssl, side)
+	SSL **pssl;
+ 	char *side;
+ {
+ 	int ret = EX_OK;
+	SSL *ssl;
+ 
+	SM_REQUIRE(pssl != NULL);
+ 	ret = EX_OK;
+	ssl = *pssl;
+ 	if (ssl != NULL)
+ 	{
+ 		int r;
+@@ -1703,8 +1707,7 @@
+ 			ret = EX_SOFTWARE;
+ 		}
+ # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */
+-		SSL_free(ssl);
+-		ssl = NULL;
+		SM_SSL_FREE(*pssl);
+ 	}
+ 	return ret;
+ }
--- a/sendmail.spec
+++ b/sendmail.spec
@ -17,7 +17,7 @@
 Summary: A widely used Mail Transport Agent (MTA)
 Name: sendmail
 Version: 8.15.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: Sendmail
 Group: System Environment/Daemons
 URL: http://www.sendmail.org/
@ -84,6 +84,8 @@ Patch23: sendmail-8.14.8-sasl2-in-etc.patch
 # upstream reserved option ID 0xe7 for testing of this new feature, #576643
 Patch25: sendmail-8.15.2-qos.patch
 Patch26: sendmail-8.15.2-libmilter-socket-activation.patch
+# patch provided by upstream
+Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: tcp_wrappers-devel
 BuildRequires: libdb-devel
@ -206,6 +208,7 @@ cp devtools/M4/UNIX/{,shared}library.m4
 %patch23 -p1 -b .sasl2-in-etc
 %patch25 -p1 -b .qos
 %patch26 -p1 -b .libmilter-socket-activation
+%patch27 -p1 -b .smtp-session-reuse-fix

 for f in RELEASE_NOTES contrib/etrn.0; do
 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@ -700,6 +703,9 @@ fi
 %endif

 %changelog
+* Tue Mar  1 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-6
+- Fixed SMTP session reuse bug
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 8.15.2-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild