From: Jeremy Harris Date: Sun, 6 Sep 2020 11:15:10 +0000 (+0100) Subject: GnuTLS: clear errno before any data i/o op, so error logging does not see stale values X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/d52a8ce8499fbb88f4670623df9f52d3e790292b?ds=inline;hp=bc2767e61d9d31d2fb05078b0214d84d5e68d23d GnuTLS: clear errno before any data i/o op, so error logging does not see stale values --- diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index bfe40b205..03af7d7dc 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -3167,6 +3167,7 @@ DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, buf sigalrm_seen = FALSE; if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout); +errno = 0; do inbytes = gnutls_record_recv(state->session, state->xfer_buffer, MIN(ssl_xfer_buffer_size, lim)); @@ -3327,6 +3328,7 @@ DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, len=" SIZE_T_FMT ")\n", state->session, buff, len); +errno = 0; do inbytes = gnutls_record_recv(state->session, buff, len); while (inbytes == GNUTLS_E_AGAIN); @@ -3390,6 +3392,7 @@ while (left > 0) DEBUG(D_tls) debug_printf("gnutls_record_send(session=%p, buffer=%p, left=" SIZE_T_FMT ")\n", state->session, buff, left); + errno = 0; do outbytes = gnutls_record_send(state->session, buff, left); while (outbytes == GNUTLS_E_AGAIN); diff --git a/test/log/2029 b/test/log/2029 index b22a98af7..6d1107c7d 100644 --- a/test/log/2029 +++ b/test/log/2029 @@ -1,5 +1,5 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated.: syscall: No such file or directory +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP connection lost after final dot H=[127.0.0.1] P=smtps diff --git a/test/log/3454 b/test/log/3454 index 634fc42de..f14671d0d 100644 --- a/test/log/3454 +++ b/test/log/3454 @@ -1,6 +1,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated.: syscall: Permission denied +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=qqs X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C=EHLO,STARTTLS,AUTH 1999-03-02 09:44:33 no MAIL in SMTP connection from (foobar) [127.0.0.1] D=qqs A=plain:userx X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C=EHLO,STARTTLS,EHLO,AUTH,QUIT diff --git a/test/log/5651 b/test/log/5651 index bcd662f5b..af1de34ed 100644 --- a/test/log/5651 +++ b/test/log/5651 @@ -12,7 +12,7 @@ 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate revoked 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) +1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate invalid ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D @@ -34,4 +34,4 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad diff --git a/test/log/5670 b/test/log/5670 index 23213f3e7..9936c8592 100644 --- a/test/log/5670 +++ b/test/log/5670 @@ -21,4 +21,4 @@ 1999-03-02 09:44:33 acl_mail: ocsp in status: 1 (notresp) 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): The TLS connection was non-properly terminated.: syscall: Permission denied +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): The TLS connection was non-properly terminated. diff --git a/test/log/5730 b/test/log/5730 index 6582d7591..732ed954e 100644 --- a/test/log/5730 +++ b/test/log/5730 @@ -21,8 +21,8 @@ 1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 1 (notresp) 1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate revoked 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate invalid ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D @@ -48,4 +48,4 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad