From: Jeremy Harris Date: Tue, 7 Nov 2023 19:38:22 +0000 (+0000) Subject: Fix use of empty log_reject_target. Bug 3039 X-Git-Tag: exim-4.98-RC0~134 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/eb09d0da1fb995ad88f9a1c2998766c3e530be68?hp=37b849dca4dfd855212a763662825e967a4d77b1 Fix use of empty log_reject_target. Bug 3039 Broken-by: 4243a209fd94 --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2ea8caf23..c74c0c0c6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -16,10 +16,15 @@ JH/02 Bug 3040: Handle error on close of the spool data file during reception. this to respond with a temp-reject, wipe spoolfiles, and log the error detail. -JH/03 Bug 3030: fix handling of DNS servfail respons for DANE TLSA. When hit +JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA. When hit during a recipient verify callout, a QUIT command was attempted on the now-closed callout channel, causing a paniclog entry. +JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with + a connection_reject log_selector, under tls_on_connect. Previously + with this combination, when the connect ACL rejected, a spurious + paniclog entry was made. + Exim version 4.97 ----------------- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index c565d522d..e19c86ff8 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2051,16 +2051,19 @@ else DEBUG(D_receive) static void log_connect_tls_drop(const uschar * what, const uschar * log_msg) { -gstring * g = s_tlslog(NULL); -uschar * tls = string_from_gstring(g); - -log_write(L_connection_reject, - log_reject_target, "%s%s%s dropped by %s%s%s", - LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"", - host_and_ident(TRUE), - tls ? tls : US"", - what, - log_msg ? US": " : US"", log_msg); +if (log_reject_target) + { + gstring * g = s_tlslog(NULL); + uschar * tls = string_from_gstring(g); + + log_write(L_connection_reject, + log_reject_target, "%s%s%s dropped by %s%s%s", + LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"", + host_and_ident(TRUE), + tls ? tls : US"", + what, + log_msg ? US": " : US"", log_msg); + } } @@ -3085,7 +3088,7 @@ else the connection is not forcibly to be dropped, return 0. Otherwise, log why it is closing if required and return 2. */ -if (log_reject_target != 0) +if (log_reject_target) { #ifndef DISABLE_TLS gstring * g = s_tlslog(NULL); diff --git a/test/confs/1115 b/test/confs/1115 new file mode 100644 index 000000000..c6247a4e0 --- /dev/null +++ b/test/confs/1115 @@ -0,0 +1,24 @@ +# Exim test configuration 1115 + +SERVER= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +tls_on_connect_ports = PORT_D2 + +acl_smtp_connect = check_conn + +log_selector = +connection_reject + +# ----- ACLs ----- + +begin acl + +check_conn: + deny log_reject_target = + +# End diff --git a/test/log/1115 b/test/log/1115 new file mode 100644 index 000000000..d09da31a0 --- /dev/null +++ b/test/log/1115 @@ -0,0 +1,3 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTPS on port PORT_D2 diff --git a/test/scripts/1100-Basic-TLS/1115 b/test/scripts/1100-Basic-TLS/1115 new file mode 100644 index 000000000..fe53cb15d --- /dev/null +++ b/test/scripts/1100-Basic-TLS/1115 @@ -0,0 +1,7 @@ +# server: tls_on_connect and log_reject_target empty +exim -bd -DSERVER=server -oX PORT_D2 +**** +client-anytls -tls-on-connect 127.0.0.1 PORT_D2 +???* +**** +killdaemon diff --git a/test/stdout/1115 b/test/stdout/1115 new file mode 100644 index 000000000..43eac051c --- /dev/null +++ b/test/stdout/1115 @@ -0,0 +1,6 @@ +Connecting to 127.0.0.1 port 1226 ... connected +Attempting to start TLS +Failed to start TLS +???* +Expected EOF read +End of script