Request a new SSL structure for each TLS session.

Fix a crash reported by Ross L Richardson.

ok gilles@

diff --git a/usr.sbin/smtpd/smtp.h b/usr.sbin/smtpd/smtp.h
index a5eded2..dc91d87 100644 (file)
--- a/usr.sbin/smtpd/smtp.h
+++ b/usr.sbin/smtpd/smtp.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: smtp.h,v 1.2 2018/09/20 11:42:28 eric Exp $   */
+/*     $OpenBSD: smtp.h,v 1.3 2019/09/02 20:05:21 eric Exp $   */
 
 /*
  * Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
@@ -45,7 +45,6 @@ struct smtp_params {
 
        /* TLS options */
        int                      tls_req;       /* requested TLS mode */
-       void                    *tls_ctx;       /* TLS ctx to use */
        int                      tls_verify;    /* need valid server certificate */
 
        /* SMTP options */
@@ -82,11 +81,13 @@ struct smtp_client;
 /* smtp_client.c */
 struct smtp_client *smtp_connect(const struct smtp_params *, void *);
 void smtp_cert_verified(struct smtp_client *, int);
+void smtp_set_tls(struct smtp_client *, void *);
 void smtp_quit(struct smtp_client *);
 void smtp_sendmail(struct smtp_client *, struct smtp_mail *);
 
 /* callbacks */
 void smtp_verify_server_cert(void *, struct smtp_client *, void *);
+void smtp_require_tls(void *, struct smtp_client *);
 void smtp_ready(void *, struct smtp_client *);
 void smtp_failed(void *, struct smtp_client *, int, const char *);
 void smtp_closed(void *, struct smtp_client *);

diff --git a/usr.sbin/smtpd/smtp_client.c b/usr.sbin/smtpd/smtp_client.c
index ac707a1..7a26e95 100644 (file)
--- a/usr.sbin/smtpd/smtp_client.c
+++ b/usr.sbin/smtpd/smtp_client.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: smtp_client.c,v 1.10 2019/06/12 17:42:53 eric Exp $   */
+/*     $OpenBSD: smtp_client.c,v 1.11 2019/09/02 20:05:21 eric Exp $   */
 
 /*
  * Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
@@ -184,6 +184,12 @@ smtp_cert_verified(struct smtp_client *proto, int verified)
        }
 }
 
+void
+smtp_set_tls(struct smtp_client *proto, void *ctx)
+{
+       io_start_tls(proto->io, ctx);
+}
+
 void
 smtp_quit(struct smtp_client *proto)
 {
@@ -500,7 +506,7 @@ smtp_client_response(struct smtp_client *proto, const char *line)
                        smtp_client_state(proto, STATE_AUTH);
                }
                else
-                       io_start_tls(proto->io, proto->params.tls_ctx);
+                       smtp_require_tls(proto->tag, proto);
                break;
 
        case STATE_AUTH_PLAIN:
@@ -610,7 +616,7 @@ smtp_client_io(struct io *io, int evt, void *arg)
        case IO_CONNECTED:
                if (proto->params.tls_req == TLS_SMTPS) {
                        io_set_write(io);
-                       io_start_tls(proto->io, proto->params.tls_ctx);
+                       smtp_require_tls(proto->tag, proto);
                }
                else
                        smtp_client_state(proto, STATE_BANNER);

diff --git a/usr.sbin/smtpd/smtpc.c b/usr.sbin/smtpd/smtpc.c
index 42257b6..66be5fa 100644 (file)
--- a/usr.sbin/smtpd/smtpc.c
+++ b/usr.sbin/smtpd/smtpc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: smtpc.c,v 1.7 2019/09/02 19:17:43 gilles Exp $        */
+/*     $OpenBSD: smtpc.c,v 1.8 2019/09/02 20:05:21 eric Exp $  */
 
 /*
  * Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
@@ -245,12 +245,6 @@ parse_server(char *server)
        if (port == NULL)
                port = "smtp";
 
-       if (params.tls_req != TLS_NO) {
-               params.tls_ctx = ssl_mta_init(NULL, NULL, 0, NULL);
-               if (params.tls_ctx == NULL)
-                       fatal("ssl_mta_init");
-       }
-
        memset(&hints, 0, sizeof(hints));
        hints.ai_family = AF_UNSPEC;
        hints.ai_socktype = SOCK_STREAM;
@@ -342,6 +336,16 @@ smtp_verify_server_cert(void *tag, struct smtp_client *proto, void *ctx)
        smtp_cert_verified(proto, CERT_UNKNOWN);
 }
 
+void
+smtp_require_tls(void *tag, struct smtp_client *proto)
+{
+       void *ctx;
+
+       ctx = ssl_mta_init(NULL, NULL, 0, NULL);
+
+       smtp_set_tls(proto, ctx);
+}
+
 void
 smtp_ready(void *tag, struct smtp_client *proto)
 {