git.exim.org Git - exim.git/commit

author	Phil Pennock <pdp@exim.org>
	Wed, 1 Feb 2017 03:15:55 +0000 (22:15 -0500)
committer	Phil Pennock <pdp@exim.org>
	Thu, 2 Feb 2017 21:04:57 +0000 (16:04 -0500)
commit	33a1a1bf0dc7d8202f09fda79e5a496645bbeb3b
tree	4a906a146d2a933f41058fd0fde65f295fb92fb1	tree \| snapshot
parent	ab5ea82dc0f52a4aad8ea9b99cc82545be525ae0	commit \| diff

Handle Proxy Protocol v2 safely as well.

We had test suite failures (test suite success!) because Proxy Protocol
v2 (PPv2) wasn't being detected; by only reading 12 octets, the >= 16
check was failing. But in fact I had previously only fixed reading
"only enough" for PPv1.

Handling both PPv1 and PPv2 is complicated because the minimum valid
length for PPv1 is 15 octets but for PPv2 the size to read is in the
15th and 16th octets.

So refactored a little and we now use a total of 3 reads for the PPv2
case (assuming no fragmentation, etc; we'll actually keep reading now
instead of aborting) to get the entire PPv2 header of exactly the right
size, so that TLS handshake immediately following the PP header is not
also swallowed.

Fixes: 2018
Tested: manually, TLS and non-TLS, PPv1 and PPv2, all ways.
Release: should be cherry-picked into 4.89RC series
(cherry picked from commit da88acaeb7d76e5312c8ea799951470eaa5eca0f)

doc/doc-txt/ChangeLog		diff \| blob \| history
src/src/smtp_in.c		diff \| blob \| history