X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/22a7eb21aaf6d6858503890bb05c376fd6e37049..c6a290f4d8df3734b3cdc2232b4334ff8386c1da:/src/src/tls.c diff --git a/src/src/tls.c b/src/src/tls.c index e6bf1c8d3..d5d11bcea 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -3,7 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ -/* Copyright (c) The Exim Maintainers 2020 */ +/* Copyright (c) The Exim Maintainers 2020 - 2021 */ /* See the file NOTICE for conditions of use and distribution. */ /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is @@ -158,8 +158,8 @@ return FALSE; # endif # ifdef EXIM_HAVE_KEVENT { -uschar * s; -int fd1, fd2, i, cnt = 0; +uschar * s, * t; +int fd1, fd2, i, j, cnt = 0; struct stat sb; #ifdef OpenBSD struct kevent k_dummy; @@ -209,11 +209,14 @@ for (;;) if (!(S_ISLNK(sb.st_mode))) break; - s = store_get(1024, FALSE); - if ((i = readlink(CCS filename, (void *)s, 1024)) < 0) { s = US"readlink"; goto bad; } - filename = s; - *(s += i) = '\0'; - store_release_above(s+1); + t = store_get(1024, FALSE); + Ustrncpy(t, s, 1022); + j = Ustrlen(s); + t[j++] = '/'; + if ((i = readlink(CCS filename, (void *)(t+j), 1023-j)) < 0) { s = US"readlink"; goto bad; } + filename = t; + *(t += i+j) = '\0'; + store_release_above(t+1); } #ifdef OpenBSD @@ -222,7 +225,7 @@ if (kevent(tls_watch_fd, &kev[kev_used-cnt], cnt, &k_dummy, 1, &ts) >= 0) #else if (kevent(tls_watch_fd, &kev[kev_used-cnt], cnt, NULL, 0, NULL) >= 0) return TRUE; -#endiv +#endif s = US"kevent"; bad: @@ -356,11 +359,18 @@ opt_unset_or_noexpand(const uschar * opt) -/* Called every time round the daemon loop */ +/* Called every time round the daemon loop. -void +If we reloaded fd-watcher, return the old watch fd +having modified the global for the new one. Otherwise +return -1. +*/ + +int tls_daemon_tick(void) { +int old_watch_fd = tls_watch_fd; + tls_per_lib_daemon_tick(); #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT) if (tls_creds_expire && time(NULL) >= tls_creds_expire) @@ -372,6 +382,7 @@ if (tls_creds_expire && time(NULL) >= tls_creds_expire) DEBUG(D_tls) debug_printf("selfsign cert rotate\n"); tls_creds_expire = 0; tls_daemon_creds_reload(); + return old_watch_fd; } else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5) { @@ -383,8 +394,10 @@ else if (tls_watch_trigger_time && time(NULL) >= tls_watch_trigger_time + 5) DEBUG(D_tls) debug_printf("watch triggered\n"); tls_watch_trigger_time = tls_creds_expire = 0; tls_daemon_creds_reload(); + return old_watch_fd; } #endif +return -1; } /* Called once at daemon startup */ @@ -457,6 +470,9 @@ Returns: the character int tls_ungetc(int ch) { +if (ssl_xfer_buffer_lwm <= 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in tls_ungetc"); + ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; return ch; } @@ -669,7 +685,6 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) return FALSE; } - /* Environment cleanup: The GnuTLS library uses SSLKEYLOGFILE in the environment and writes a file by that name. Our OpenSSL code does the same, using keying info from the library API.