Fix crash after TLS channel shutdown

[exim.git] / src / src / tls-openssl.c
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c

index f3ea6b28bfb7ff8d313305b92297b236a93f4033..e219f5cc15f19a56f1864d1c6ef44ade8116c36b 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2790,7 +2790,7 @@ if (SSL_SESSION_is_resumable(ss))         /* 1.1.1 */
    {
    int len = i2d_SSL_SESSION(ss, NULL);
    int dlen = sizeof(dbdata_tls_session) + len;
-  dbdata_tls_session * dt = store_get(dlen);
+  dbdata_tls_session * dt = store_get(dlen, TRUE);
    uschar * s = dt->session;
    open_db dbblock, * dbm_file;
  
@@ -2908,7 +2908,7 @@ BOOL require_ocsp = FALSE;
  
  rc = store_pool;
  store_pool = POOL_PERM;
-exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx));
+exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx), FALSE);
  exim_client_ctx->corked = NULL;
  store_pool = rc;
  
@@ -3189,32 +3189,10 @@ switch(error)
    case SSL_ERROR_ZERO_RETURN:
      DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
  
-    receive_getc = smtp_getc;
-    receive_getbuf = smtp_getbuf;
-    receive_get_cache = smtp_get_cache;
-    receive_ungetc = smtp_ungetc;
-    receive_feof = smtp_feof;
-    receive_ferror = smtp_ferror;
-    receive_smtp_buffered = smtp_buffered;
-
      if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN)
           SSL_shutdown(server_ssl);
  
-#ifndef DISABLE_OCSP
-    sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
-    server_static_cbinfo->verify_stack = NULL;
-#endif
-    SSL_free(server_ssl);
-    SSL_CTX_free(server_ctx);
-    server_ctx = NULL;
-    server_ssl = NULL;
-    tls_in.active.sock = -1;
-    tls_in.active.tls_ctx = NULL;
-    tls_in.bits = 0;
-    tls_in.cipher = NULL;
-    tls_in.peerdn = NULL;
-    tls_in.sni = NULL;
-
+    tls_close(NULL, TLS_NO_SHUTDOWN);
      return FALSE;
  
    /* Handle genuine errors */
@@ -3395,14 +3373,14 @@ a store reset there, so use POOL_PERM. */
  
  if ((more || corked))
    {
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
    int save_pool = store_pool;
    store_pool = POOL_PERM;
  #endif
  
    corked = string_catn(corked, buff, len);
  
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifdef SUPPORT_PIPE_CONNECT
    store_pool = save_pool;
  #endif
  
@@ -3503,14 +3481,25 @@ if (shutdown)
      }
    }
  
-#ifndef DISABLE_OCSP
  if (!o_ctx)            /* server side */
    {
+#ifndef DISABLE_OCSP
    sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
    server_static_cbinfo->verify_stack = NULL;
-  }
  #endif
  
+  receive_getc =       smtp_getc;
+  receive_getbuf =     smtp_getbuf;
+  receive_get_cache =  smtp_get_cache;
+  receive_ungetc =     smtp_ungetc;
+  receive_feof =       smtp_feof;
+  receive_ferror =     smtp_ferror;
+  receive_smtp_buffered = smtp_buffered;
+  tls_in.active.tls_ctx = NULL;
+  tls_in.sni = NULL;
+  /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */
+  }
+
  SSL_CTX_free(*ctxp);
  SSL_free(*sslp);
  *ctxp = NULL;