X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f0ce96bbcfba66911b5ab36719638a52474301a9..beb5d85c7d378d48dda18a3ad8fab0599a75edc1:/src/src/daemon.c

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 83131fa1d..50c202c56 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -128,11 +128,30 @@ if (smtp_out) smtp_printf("421 %s\r\n", FALSE, smtp_msg);
 /*************************************************
 *************************************************/
 
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+static void
+unlink_notifier_socket(void)
+{
+uschar * s = expand_string(notifier_socket);
+DEBUG(D_any) debug_printf("unlinking notifier socket %s\n", s);
+Uunlink(s);
+}
+#endif
+
+
 static void
 close_daemon_sockets(int daemon_notifier_fd,
   int * listen_sockets, int listen_socket_count)
 {
-if (daemon_notifier_fd >= 0) (void) close(daemon_notifier_fd);
+if (daemon_notifier_fd >= 0)
+  {
+  (void) close(daemon_notifier_fd);
+  daemon_notifier_fd = -1;
+#ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+  unlink_notifier_socket();
+#endif
+  }
+
 for (int i = 0; i < listen_socket_count; i++) (void) close(listen_sockets[i]);
 }
 
@@ -963,6 +982,7 @@ daemon_die(void)
 {
 int pid;
 
+DEBUG(D_any) debug_printf("SIGTERM seen\n");
 #if !defined(DISABLE_TLS) && (defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT))
 tls_watch_invalidate();
 #endif
@@ -972,11 +992,7 @@ if (daemon_notifier_fd >= 0)
   close(daemon_notifier_fd);
   daemon_notifier_fd = -1;
 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
-    {
-    uschar * s = expand_string(notifier_socket);
-    DEBUG(D_any) debug_printf("unlinking notifier socket %s\n", s);
-    Uunlink(s);
-    }
+  unlink_notifier_socket();
 #endif
   }
 
@@ -1426,6 +1442,7 @@ if (f.daemon_listen && !f.inetd_wait_mode)
 
   list = tls_in.on_connect_ports;
   sep = 0;
+  /* the list isn't expanded so cannot be tainted.  If it ever is we will trap here */
   while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
     if (!isdigit(*s))
       {
@@ -2430,6 +2447,11 @@ for (;;)
 
       if (accept_socket >= 0)
         {
+#ifdef TCP_QUICKACK /* Avoid pure-ACKs while in tls protocol pingpong phase */
+	/* Unfortunately we cannot be certain to do this before a TLS-on-connect
+	Client Hello arrives and is acked. We do it as early as possible. */
+	(void) setsockopt(accept_socket, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
         if (inetd_wait_timeout)
           last_connection_time = time(NULL);
         handle_smtp_call(listen_sockets, listen_socket_count, accept_socket,