From 8e9770348dc4173ab83657ee023c22f479ebb712 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Mon, 24 Jul 2023 13:30:40 +0100
Subject: [PATCH 1/1] GnuTLS: fix crash with "tls_dhparam = none"

---
 doc/doc-txt/ChangeLog         |  4 ++++
 src/src/tls-gnu.c             | 16 +++++++++-------
 test/log/2049                 |  7 +++++++
 test/scripts/2000-GnuTLS/2049 |  8 ++++++++
 4 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3d74d58b0..97c48d887 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -167,6 +167,10 @@ JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
       Found and fixed by Jasen Betts. No testcase for this as my usual text
       editor insists on emitting only valid UTF-8.
 
+JH/32 Fix "tls_dhparam = none" under GnuTLS.  At least with 3.7.9 this gave
+      a null-indireciton SIGSEGV for the receive process.
+
+
 Exim version 4.96
 -----------------
 
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index c3e2d98e8..dd70e73e1 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -727,7 +727,7 @@ file is never present. If two processes both compute some new parameters, you
 waste a bit of effort, but it doesn't seem worth messing around with locking to
 prevent this.
 
-Returns:     OK/DEFER/FAIL
+Returns:     OK/DEFER (expansion issue)/FAIL (requested none)
 */
 
 static int
@@ -765,7 +765,7 @@ else if (Ustrcmp(exp_tls_dhparam, "historic") == 0)
 else if (Ustrcmp(exp_tls_dhparam, "none") == 0)
   {
   DEBUG(D_tls) debug_printf("Requested no DH parameters\n");
-  return OK;
+  return FAIL;
   }
 else if (exp_tls_dhparam[0] != '/')
   {
@@ -2002,10 +2002,10 @@ Returns:          OK/DEFER/FAIL
 */
 
 static int
-tls_set_remaining_x509(exim_gnutls_state_st *state, uschar ** errstr)
+tls_set_remaining_x509(exim_gnutls_state_st * state, uschar ** errstr)
 {
-int rc;
-const host_item *host = state->host;  /* macro should be reconsidered? */
+int rc = OK;
+const host_item * host = state->host;  /* macro should be reconsidered? */
 
 /* Create D-H parameters, or read them from the cache file. This function does
 its own SMTP error messaging. This only happens for the server, TLS D-H ignores
@@ -2014,11 +2014,13 @@ client-side params. */
 if (!state->host)
   {
   if (!dh_server_params)
-    if ((rc = init_server_dh(errstr)) != OK) return rc;
+    if ((rc = init_server_dh(errstr)) == DEFER) return rc;
 
   /* Unnecessary & discouraged with 3.6.0 or later, according to docs.  But without it,
   no DHE- ciphers are advertised. */
-  gnutls_certificate_set_dh_params(state->lib_state.x509_cred, dh_server_params);
+
+  if (rc == OK)
+    gnutls_certificate_set_dh_params(state->lib_state.x509_cred, dh_server_params);
   }
 
 /* Link the credentials to the session. */
diff --git a/test/log/2049 b/test/log/2049
index 883f5502a..e697e8b4f 100644
--- a/test/log/2049
+++ b/test/log/2049
@@ -13,6 +13,9 @@
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => userb@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-000000005vi-0000"
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-000000005vi-0000"
+1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
@@ -37,3 +40,7 @@
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-000000005vi-0000@myhost.test.ex
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 => userb <userb@test.ex> R=server T=local_delivery
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1239, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-000000005vi-0000@myhost.test.ex
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => userx <userx@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
diff --git a/test/scripts/2000-GnuTLS/2049 b/test/scripts/2000-GnuTLS/2049
index e66d952ab..f017e0378 100644
--- a/test/scripts/2000-GnuTLS/2049
+++ b/test/scripts/2000-GnuTLS/2049
@@ -40,4 +40,12 @@ exim -odf userb@test.ex
 Test message
 ****
 killdaemon
+#
+# Check we can survive an explicit request for no DH-params
+exim -DSERVER=server -DDATA=none -bd -oX PORT_D
+****
+exim -odf userx@test.ex
+Test message
+****
+killdaemon
 no_message_check
-- 
2.30.2