From de41aff0511cad420dd1936b23dce61e04ce6ab4 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 14 Dec 2019 14:47:16 +0000 Subject: [PATCH 1/1] Zero smtp context structure after allocation --- doc/doc-txt/ChangeLog | 3 ++ src/src/transports/smtp.c | 39 ++++++++++++------------ src/src/verify.c | 5 ++- test/log/2102 | 4 --- test/scripts/4062-pipe-conn-openssl/4062 | 2 +- 5 files changed, 27 insertions(+), 26 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 032bfc917..ac4d57af9 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -45,6 +45,9 @@ JH/11 Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive should both provide the file and set the option. Also enforce no DMARC verification for command-line sourced messages. +JH/12 Fix an uninitialised flag in early-pipelining. Previously connections + could, depending on the platform, hang at the STARTTLS response. + Exim version 4.93 ----------------- diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 7d60d2e14..99b793bb5 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -946,7 +946,6 @@ else return TRUE; } dbfn_close(dbm_file); - memset(&sx->ehlo_resp, 0, sizeof(ehlo_resp_precis)); } return FALSE; } @@ -1951,39 +1950,39 @@ sx->conn_args.ob = ob; sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0; sx->smtps = strcmpic(ob->protocol, US"smtps") == 0; -sx->ok = FALSE; +/* sx->ok = FALSE; */ sx->send_rset = TRUE; sx->send_quit = TRUE; sx->setting_up = TRUE; sx->esmtp = TRUE; -sx->esmtp_sent = FALSE; +/* sx->esmtp_sent = FALSE; */ #ifdef SUPPORT_I18N -sx->utf8_needed = FALSE; +/* sx->utf8_needed = FALSE; */ #endif sx->dsn_all_lasthop = TRUE; #ifdef SUPPORT_DANE -sx->conn_args.dane = FALSE; +/* sx->conn_args.dane = FALSE; */ sx->dane_required = verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK; #endif #ifndef DISABLE_PIPE_CONNECT -sx->early_pipe_active = sx->early_pipe_ok = FALSE; -sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0; -sx->pending_BANNER = sx->pending_EHLO = FALSE; +/* sx->early_pipe_active = sx->early_pipe_ok = FALSE; */ +/* sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0; */ +/* sx->pending_BANNER = sx->pending_EHLO = sx->pending_MAIL = FALSE; */ #endif if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999; -sx->peer_offered = 0; -sx->avoid_option = 0; +/* sx->peer_offered = 0; */ +/* sx->avoid_option = 0; */ sx->igquotstr = US""; if (!sx->helo_data) sx->helo_data = ob->helo_data; #ifdef EXPERIMENTAL_DSN_INFO -sx->smtp_greeting = NULL; -sx->helo_response = NULL; +/* sx->smtp_greeting = NULL; */ +/* sx->helo_response = NULL; */ #endif smtp_command = US"initial connection"; -sx->buffer[0] = '\0'; +/* sx->buffer[0] = '\0'; */ /* Set up the buffer for reading SMTP response packets. */ @@ -1997,9 +1996,9 @@ sx->inblock.ptrend = sx->inbuffer; sx->outblock.buffer = sx->outbuffer; sx->outblock.buffersize = sizeof(sx->outbuffer); sx->outblock.ptr = sx->outbuffer; -sx->outblock.cmd_count = 0; -sx->outblock.authenticating = FALSE; -sx->outblock.conn_args = NULL; +/* sx->outblock.cmd_count = 0; */ +/* sx->outblock.authenticating = FALSE; */ +/* sx->outblock.conn_args = NULL; */ /* Reset the parameters of a TLS session. */ @@ -3457,13 +3456,13 @@ struct timeval start_delivery_time; BOOL pass_message = FALSE; uschar *message = NULL; uschar new_message_id[MESSAGE_ID_LENGTH + 1]; - smtp_context * sx = store_get(sizeof(*sx), TRUE); /* tainted, for the data buffers */ gettimeofday(&start_delivery_time, NULL); suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */ *message_defer = FALSE; +memset(sx, 0, sizeof(*sx)); sx->addrlist = addrlist; sx->conn_args.host = host; sx->conn_args.host_af = host_af, @@ -3471,7 +3470,7 @@ sx->port = defport; sx->conn_args.interface = interface; sx->helo_data = NULL; sx->conn_args.tblock = tblock; -sx->verify = FALSE; +/* sx->verify = FALSE; */ sx->sync_addr = sx->first_addr = addrlist; /* Get the channel set up ready for a message (MAIL FROM being the next @@ -3540,9 +3539,9 @@ always has a sequence number greater than one. */ if (continue_hostname && continue_sequence == 1) { sx->peer_offered = smtp_peer_options; - sx->pending_MAIL = FALSE; + /* sx->pending_MAIL = FALSE; */ sx->ok = TRUE; - sx->next_addr = NULL; + /* sx->next_addr = NULL; */ for (address_item * addr = addrlist; addr; addr = addr->next) addr->transport_return = PENDING_OK; diff --git a/src/src/verify.c b/src/src/verify.c index e12c3f46c..deca5bc6c 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -574,6 +574,7 @@ else { smtp_transport_options_block *ob = (smtp_transport_options_block *)addr->transport->options_block; + smtp_context * sx = NULL; /* The information wasn't available in the cache, so we have to do a real callout and save the result in the cache for next time, unless no_cache is set, @@ -630,7 +631,6 @@ coding means skipping this whole loop and doing the append separately. */ int host_af; int port = 25; uschar * interface = NULL; /* Outgoing interface to use; NULL => any */ - smtp_context * sx = store_get(sizeof(*sx), TRUE); /* tainted buffers */ if (!host->address) { @@ -670,6 +670,9 @@ coding means skipping this whole loop and doing the append separately. */ log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, addr->message); + if (!sx) sx = store_get(sizeof(*sx), TRUE); /* tainted buffers */ + memset(sx, 0, sizeof(*sx)); + sx->addrlist = addr; sx->conn_args.host = host; sx->conn_args.host_af = host_af, diff --git a/test/log/2102 b/test/log/2102 index 91761cd68..dfcfc1b67 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -41,11 +41,7 @@ 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY= 1999-03-02 09:44:33 cipher: TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 cipher_ TLS1.x:ke_RSA_WITH_ci_mac -<<<<<<< HEAD 1999-03-02 09:44:33 ver: TLS1.x -======= -1999-03-02 09:44:33 ver: TLSv1.x ->>>>>>> 4.next 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server2.example.com" S=sss 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 Our cert SN: diff --git a/test/scripts/4062-pipe-conn-openssl/4062 b/test/scripts/4062-pipe-conn-openssl/4062 index 87b156c6c..bd0fe5725 100644 --- a/test/scripts/4062-pipe-conn-openssl/4062 +++ b/test/scripts/4062-pipe-conn-openssl/4062 @@ -1,4 +1,4 @@ -# starttls +# early-pipe & starttls # # Not attempted without a cache entry exim -bd -DSERVER=server -oX PORT_D -- 2.30.2