Fixed SMTP session reuse bug
This commit is contained in:
		
							parent
							
								
									59ab75ee1c
								
							
						
					
					
						commit
						90b401d80f
					
				
							
								
								
									
										249
									
								
								sendmail-8.15.2-smtp-session-reuse-fix.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										249
									
								
								sendmail-8.15.2-smtp-session-reuse-fix.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,249 @@ | ||||
| diff -ru a/sendmail/deliver.c b/sendmail/deliver.c
 | ||||
| --- a/sendmail/deliver.c	2016-02-29 06:01:55.000000000 -0800
 | ||||
| +++ b/sendmail/deliver.c	2016-02-29 06:02:06.000000000 -0800
 | ||||
| @@ -6274,8 +6274,7 @@
 | ||||
|  				tlslogerr(LOG_WARNING, "client"); | ||||
|  		} | ||||
|   | ||||
| -		SSL_free(clt_ssl);
 | ||||
| -		clt_ssl = NULL;
 | ||||
| +		SM_SSL_FREE(clt_ssl);
 | ||||
|  		return EX_SOFTWARE; | ||||
|  	} | ||||
|  	mci->mci_ssl = clt_ssl; | ||||
| @@ -6287,8 +6286,7 @@
 | ||||
|  		return EX_OK; | ||||
|   | ||||
|  	/* failure */ | ||||
| -	SSL_free(clt_ssl);
 | ||||
| -	clt_ssl = NULL;
 | ||||
| +	SM_SSL_FREE(clt_ssl);
 | ||||
|  	return EX_SOFTWARE; | ||||
|  } | ||||
|  /* | ||||
| @@ -6309,7 +6307,7 @@
 | ||||
|   | ||||
|  	if (!bitset(MCIF_TLSACT, mci->mci_flags)) | ||||
|  		return EX_OK; | ||||
| -	r = endtls(mci->mci_ssl, "client");
 | ||||
| +	r = endtls(&mci->mci_ssl, "client");
 | ||||
|  	mci->mci_flags &= ~MCIF_TLSACT; | ||||
|  	return r; | ||||
|  } | ||||
| diff -ru a/sendmail/macro.c b/sendmail/macro.c
 | ||||
| --- a/sendmail/macro.c	2016-02-29 06:01:55.000000000 -0800
 | ||||
| +++ b/sendmail/macro.c	2016-02-29 06:02:06.000000000 -0800
 | ||||
| @@ -362,6 +362,33 @@
 | ||||
|  } | ||||
|   | ||||
|  /* | ||||
| +**  MACTABCLEAR -- clear entire macro table
 | ||||
| +**
 | ||||
| +**	Parameters:
 | ||||
| +**		mac -- Macro table.
 | ||||
| +**
 | ||||
| +**	Returns:
 | ||||
| +**		none.
 | ||||
| +**
 | ||||
| +**	Side Effects:
 | ||||
| +**		clears entire mac structure including rpool pointer!
 | ||||
| +*/
 | ||||
| +
 | ||||
| +void
 | ||||
| +mactabclear(mac)
 | ||||
| +	MACROS_T *mac;
 | ||||
| +{
 | ||||
| +	int i;
 | ||||
| +
 | ||||
| +	if (mac->mac_rpool == NULL)
 | ||||
| +	{
 | ||||
| +		for (i = 0; i < MAXMACROID; i++)
 | ||||
| +	    		SM_FREE_CLR(mac->mac_table[i]);
 | ||||
| +	}
 | ||||
| +	memset((char *) mac, '\0', sizeof(*mac));
 | ||||
| +}
 | ||||
| +
 | ||||
| +/*
 | ||||
|  **  MACDEFINE -- bind a macro name to a value | ||||
|  ** | ||||
|  **	Set a macro to a value, with fancy storage management. | ||||
| diff -ru a/sendmail/mci.c b/sendmail/mci.c
 | ||||
| --- a/sendmail/mci.c	2016-02-29 06:01:55.000000000 -0800
 | ||||
| +++ b/sendmail/mci.c	2016-02-29 06:02:06.000000000 -0800
 | ||||
| @@ -25,6 +25,7 @@
 | ||||
|  						  int, bool)); | ||||
|  static bool	mci_load_persistent __P((MCI *)); | ||||
|  static void	mci_uncache __P((MCI **, bool)); | ||||
| +static void	mci_clear __P((MCI *));
 | ||||
|  static int	mci_lock_host_statfile __P((MCI *)); | ||||
|  static int	mci_read_persistent __P((SM_FILE_T *, MCI *)); | ||||
|   | ||||
| @@ -253,6 +254,7 @@
 | ||||
|  	SM_FREE_CLR(mci->mci_status); | ||||
|  	SM_FREE_CLR(mci->mci_rstatus); | ||||
|  	SM_FREE_CLR(mci->mci_heloname); | ||||
| + 	mci_clear(mci);
 | ||||
|  	if (mci->mci_rpool != NULL) | ||||
|  	{ | ||||
|  		sm_rpool_free(mci->mci_rpool); | ||||
| @@ -315,6 +317,41 @@
 | ||||
|  } | ||||
|   | ||||
|  /* | ||||
| +**  MCI_CLEAR -- clear mci
 | ||||
| +**
 | ||||
| +**	Parameters:
 | ||||
| +**		mci -- the connection to clear.
 | ||||
| +**
 | ||||
| +**	Returns:
 | ||||
| +**		none.
 | ||||
| +*/
 | ||||
| +
 | ||||
| +static void
 | ||||
| +mci_clear(mci)
 | ||||
| +	MCI *mci;
 | ||||
| +{
 | ||||
| +	if (mci == NULL)
 | ||||
| +		return;
 | ||||
| +
 | ||||
| +	mci->mci_maxsize = 0;
 | ||||
| +	mci->mci_min_by = 0;
 | ||||
| +	mci->mci_deliveries = 0;
 | ||||
| +#if SASL
 | ||||
| +	if (bitset(MCIF_AUTHACT, mci->mci_flags))
 | ||||
| +		sasl_dispose(&mci->mci_conn);
 | ||||
| +#endif
 | ||||
| +#if STARTTLS
 | ||||
| +	if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL)
 | ||||
| +		SM_SSL_FREE(mci->mci_ssl);
 | ||||
| +#endif
 | ||||
| +
 | ||||
| +	/* which flags to preserve? */
 | ||||
| +	mci->mci_flags &= MCIF_CACHED;
 | ||||
| +	mactabclear(&mci->mci_macro);
 | ||||
| +}
 | ||||
| +
 | ||||
| +
 | ||||
| +/*
 | ||||
|  **  MCI_GET -- get information about a particular host | ||||
|  ** | ||||
|  **	Parameters: | ||||
| @@ -419,6 +456,7 @@
 | ||||
|  			mci->mci_errno = 0; | ||||
|  			mci->mci_exitstat = EX_OK; | ||||
|  		} | ||||
| +	 	mci_clear(mci);
 | ||||
|  	} | ||||
|   | ||||
|  	return mci; | ||||
| diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h
 | ||||
| --- a/sendmail/sendmail.h	2016-02-29 06:01:55.000000000 -0800
 | ||||
| +++ b/sendmail/sendmail.h	2016-02-29 06:02:06.000000000 -0800
 | ||||
| @@ -1186,6 +1186,7 @@
 | ||||
|  #define macid(name)  macid_parse(name, NULL) | ||||
|  extern char	*macname __P((int)); | ||||
|  extern char	*macvalue __P((int, ENVELOPE *)); | ||||
| +extern void	mactabclear __P((MACROS_T *));
 | ||||
|  extern int	rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **)); | ||||
|  extern int	rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int)); | ||||
|  extern void	setclass __P((int, char *)); | ||||
| @@ -2002,7 +2003,15 @@
 | ||||
|  extern void	setclttls __P((bool)); | ||||
|  extern bool	initsrvtls __P((bool)); | ||||
|  extern int	tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); | ||||
| -extern int	endtls __P((SSL *, char *));
 | ||||
| +#define SM_SSL_FREE(ssl)			\
 | ||||
| +	do {					\
 | ||||
| +		if (ssl != NULL)		\
 | ||||
| +		{				\
 | ||||
| +			SSL_free(ssl);		\
 | ||||
| +			ssl = NULL;		\
 | ||||
| +		}				\
 | ||||
| +	} while (0)
 | ||||
| +extern int	endtls __P((SSL **, char *));
 | ||||
|  extern void	tlslogerr __P((int, const char *)); | ||||
|   | ||||
|   | ||||
| diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
 | ||||
| --- a/sendmail/srvrsmtp.c	2016-02-29 06:01:55.000000000 -0800
 | ||||
| +++ b/sendmail/srvrsmtp.c	2016-02-29 06:02:06.000000000 -0800
 | ||||
| @@ -2122,8 +2122,7 @@
 | ||||
|  			if (get_tls_se_options(e, srv_ssl, true) != 0) | ||||
|  			{ | ||||
|  				message("454 4.3.3 TLS not available: error setting options"); | ||||
| -				SSL_free(srv_ssl);
 | ||||
| -				srv_ssl = NULL;
 | ||||
| +				SM_SSL_FREE(srv_ssl);
 | ||||
|  				goto tls_done; | ||||
|  			} | ||||
|   | ||||
| @@ -2145,8 +2144,7 @@
 | ||||
|  			    SSL_set_wfd(srv_ssl, wfd) <= 0) | ||||
|  			{ | ||||
|  				message("454 4.3.3 TLS not available: error set fd"); | ||||
| -				SSL_free(srv_ssl);
 | ||||
| -				srv_ssl = NULL;
 | ||||
| +				SM_SSL_FREE(srv_ssl);
 | ||||
|  				goto tls_done; | ||||
|  			} | ||||
|  			if (!smtps) | ||||
| @@ -2188,8 +2186,7 @@
 | ||||
|  						tlslogerr(LOG_WARNING, "server"); | ||||
|  				} | ||||
|  				tls_ok_srv = false; | ||||
| -				SSL_free(srv_ssl);
 | ||||
| -				srv_ssl = NULL;
 | ||||
| +				SM_SSL_FREE(srv_ssl);
 | ||||
|   | ||||
|  				/* | ||||
|  				**  according to the next draft of | ||||
| @@ -3416,7 +3413,7 @@
 | ||||
|  			/* shutdown TLS connection */ | ||||
|  			if (tls_active) | ||||
|  			{ | ||||
| -				(void) endtls(srv_ssl, "server");
 | ||||
| +				(void) endtls(&srv_ssl, "server");
 | ||||
|  				tls_active = false; | ||||
|  			} | ||||
|  #endif /* STARTTLS */ | ||||
| diff -ru a/sendmail/tls.c b/sendmail/tls.c
 | ||||
| --- a/sendmail/tls.c	2016-02-29 06:01:55.000000000 -0800
 | ||||
| +++ b/sendmail/tls.c	2016-02-29 06:02:06.000000000 -0800
 | ||||
| @@ -1624,7 +1624,7 @@
 | ||||
|  **  ENDTLS -- shutdown secure connection | ||||
|  ** | ||||
|  **	Parameters: | ||||
| -**		ssl -- SSL connection information.
 | ||||
| +**		pssl -- pointer to TLS session context
 | ||||
|  **		side -- server/client (for logging). | ||||
|  ** | ||||
|  **	Returns: | ||||
| @@ -1632,12 +1632,16 @@
 | ||||
|  */ | ||||
|   | ||||
|  int | ||||
| -endtls(ssl, side)
 | ||||
| -	SSL *ssl;
 | ||||
| +endtls(pssl, side)
 | ||||
| +	SSL **pssl;
 | ||||
|  	char *side; | ||||
|  { | ||||
|  	int ret = EX_OK; | ||||
| +	SSL *ssl;
 | ||||
|   | ||||
| +	SM_REQUIRE(pssl != NULL);
 | ||||
| + 	ret = EX_OK;
 | ||||
| +	ssl = *pssl;
 | ||||
|  	if (ssl != NULL) | ||||
|  	{ | ||||
|  		int r; | ||||
| @@ -1703,8 +1707,7 @@
 | ||||
|  			ret = EX_SOFTWARE; | ||||
|  		} | ||||
|  # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ | ||||
| -		SSL_free(ssl);
 | ||||
| -		ssl = NULL;
 | ||||
| +		SM_SSL_FREE(*pssl);
 | ||||
|  	} | ||||
|  	return ret; | ||||
|  } | ||||
| @ -17,7 +17,7 @@ | ||||
| Summary: A widely used Mail Transport Agent (MTA) | ||||
| Name: sendmail | ||||
| Version: 8.15.2 | ||||
| Release: 5%{?dist} | ||||
| Release: 6%{?dist} | ||||
| License: Sendmail | ||||
| Group: System Environment/Daemons | ||||
| URL: http://www.sendmail.org/ | ||||
| @ -84,6 +84,8 @@ Patch23: sendmail-8.14.8-sasl2-in-etc.patch | ||||
| # upstream reserved option ID 0xe7 for testing of this new feature, #576643 | ||||
| Patch25: sendmail-8.15.2-qos.patch | ||||
| Patch26: sendmail-8.15.2-libmilter-socket-activation.patch | ||||
| # patch provided by upstream | ||||
| Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch | ||||
| Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) | ||||
| BuildRequires: tcp_wrappers-devel | ||||
| BuildRequires: libdb-devel | ||||
| @ -206,6 +208,7 @@ cp devtools/M4/UNIX/{,shared}library.m4 | ||||
| %patch23 -p1 -b .sasl2-in-etc | ||||
| %patch25 -p1 -b .qos | ||||
| %patch26 -p1 -b .libmilter-socket-activation | ||||
| %patch27 -p1 -b .smtp-session-reuse-fix | ||||
| 
 | ||||
| for f in RELEASE_NOTES contrib/etrn.0; do | ||||
| 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} && | ||||
| @ -700,6 +703,9 @@ fi | ||||
| %endif | ||||
| 
 | ||||
| %changelog | ||||
| * Tue Mar  1 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-6 | ||||
| - Fixed SMTP session reuse bug | ||||
| 
 | ||||
| * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 8.15.2-5 | ||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user