From 58c09a7fadb47400d4e90a6bf11d86dcc298eea9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 27 Oct 2018 19:28:03 +0100 Subject: [PATCH] Avoid trying to talk TLS over a known-closed channel --- src/src/smtp_in.c | 3 +++ test/log/2000 | 1 - test/log/2001 | 2 -- test/log/2012 | 3 --- test/log/2033 | 1 - test/log/3454 | 1 - test/log/5650 | 2 -- test/log/5651 | 3 --- test/log/5710 | 1 - test/log/5730 | 3 --- test/log/5820 | 2 -- test/log/5881 | 2 -- 12 files changed, 3 insertions(+), 21 deletions(-) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 8c1d3111c..2a83392ac 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -3465,6 +3465,9 @@ if (acl_smtp_notquit && reason) log_msg); } +/* If the connection was dropped, we certainly are no longer talking TLS */ +tls_in.active.sock = -1; + /* Write an SMTP response if we are expected to give one. As the default responses are all internal, they should always fit in the buffer, but code a warning, just in case. Note that string_vformat() still leaves a complete diff --git a/test/log/2000 b/test/log/2000 index 04c72f5eb..616cf971d 100644 --- a/test/log/2000 +++ b/test/log/2000 @@ -8,5 +8,4 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/log/2001 b/test/log/2001 index e5615e223..9671dd51e 100644 --- a/test/log/2001 +++ b/test/log/2001 @@ -9,6 +9,4 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. diff --git a/test/log/2012 b/test/log/2012 index bb6f597db..c3a927c63 100644 --- a/test/log/2012 +++ b/test/log/2012 @@ -27,13 +27,10 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbB-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbC-0005vi-00@myhost.test.ex diff --git a/test/log/2033 b/test/log/2033 index ec4fb4520..772807c7f 100644 --- a/test/log/2033 +++ b/test/log/2033 @@ -14,7 +14,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex diff --git a/test/log/3454 b/test/log/3454 index dc002ff5a..f4dd14d50 100644 --- a/test/log/3454 +++ b/test/log/3454 @@ -2,6 +2,5 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=qqs X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no C=EHLO,STARTTLS,AUTH 1999-03-02 09:44:33 no MAIL in SMTP connection from (foobar) [127.0.0.1] D=qqs A=plain:userx X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no C=EHLO,STARTTLS,EHLO,AUTH,QUIT diff --git a/test/log/5650 b/test/log/5650 index dfe8f4363..4e0585a75 100644 --- a/test/log/5650 +++ b/test/log/5650 @@ -10,10 +10,8 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) diff --git a/test/log/5651 b/test/log/5651 index 56e50ca29..d92044583 100644 --- a/test/log/5651 +++ b/test/log/5651 @@ -31,10 +31,7 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. diff --git a/test/log/5710 b/test/log/5710 index fe0f6ff46..d447e2e60 100644 --- a/test/log/5710 +++ b/test/log/5710 @@ -45,7 +45,6 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server2.example.com" S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/log/5730 b/test/log/5730 index d55498009..b94acbdb6 100644 --- a/test/log/5730 +++ b/test/log/5730 @@ -45,10 +45,7 @@ 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. diff --git a/test/log/5820 b/test/log/5820 index bb16d5e2b..d80e52153 100644 --- a/test/log/5820 +++ b/test/log/5820 @@ -105,7 +105,6 @@ 1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmbR-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for CALLER@danebroken3.test.ex 1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: R=server @@ -120,7 +119,6 @@ 1999-03-02 09:44:33 10HmbX-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmcA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for CALLER@danebroken8.example.com 1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: R=server diff --git a/test/log/5881 b/test/log/5881 index c67bd11f6..914a94910 100644 --- a/test/log/5881 +++ b/test/log/5881 @@ -83,7 +83,6 @@ 1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmbL-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for CALLER@danebroken3.test.ex 1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: R=server @@ -94,7 +93,6 @@ 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 10HmbS-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbR-0005vi-00@myhost.test.ex for CALLER@danebroken8.example.com 1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: R=server -- 2.30.2