From 3eb0bcd7a112a70bbdd61bedde4878ceae4e1297 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 1 Jan 2021 13:25:29 +0000
Subject: [PATCH] FreeBSD: harden against ClamAV connection errors

---
 src/src/malware.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/src/malware.c b/src/src/malware.c
index 2883f225a..dfa8e2b4b 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -272,8 +272,19 @@ static inline int
 m_tcpsocket(const uschar * hostname, unsigned int port,
 	host_item * host, uschar ** errstr, const blob * fastopen_blob)
 {
-return ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5,
+int fd = ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5,
 			  host, errstr, fastopen_blob);
+#ifdef EXIM_TFO_FREEBSD
+/* Under some fault conditions, FreeBSD 12.2 seen to send a (non-TFO) SYN
+and, getting no response, wait for a long time.  Impose a 5s max. */
+if (fd >= 0)
+  {
+  struct timeval tv = {.tv_sec = 5};
+  fd_set fds;
+  FD_ZERO(fds); FD_SET(fd, &fds); (void) select(fd+1, NULL, &fds, NULL, &tv);
+  }
+#endif
+return fd;
 }
 #endif
 
-- 
2.30.2