From cde5350336e28c599ec956724d9dc9130f6946da Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 2 Sep 2019 20:05:21 +0000 Subject: [PATCH] Request a new SSL structure for each TLS session. Fix a crash reported by Ross L Richardson. ok gilles@ --- usr.sbin/smtpd/smtp.h | 5 +++-- usr.sbin/smtpd/smtp_client.c | 12 +++++++++--- usr.sbin/smtpd/smtpc.c | 18 +++++++++++------- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/usr.sbin/smtpd/smtp.h b/usr.sbin/smtpd/smtp.h index a5eded2ff1e..dc91d878940 100644 --- a/usr.sbin/smtpd/smtp.h +++ b/usr.sbin/smtpd/smtp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp.h,v 1.2 2018/09/20 11:42:28 eric Exp $ */ +/* $OpenBSD: smtp.h,v 1.3 2019/09/02 20:05:21 eric Exp $ */ /* * Copyright (c) 2018 Eric Faurot @@ -45,7 +45,6 @@ struct smtp_params { /* TLS options */ int tls_req; /* requested TLS mode */ - void *tls_ctx; /* TLS ctx to use */ int tls_verify; /* need valid server certificate */ /* SMTP options */ @@ -82,11 +81,13 @@ struct smtp_client; /* smtp_client.c */ struct smtp_client *smtp_connect(const struct smtp_params *, void *); void smtp_cert_verified(struct smtp_client *, int); +void smtp_set_tls(struct smtp_client *, void *); void smtp_quit(struct smtp_client *); void smtp_sendmail(struct smtp_client *, struct smtp_mail *); /* callbacks */ void smtp_verify_server_cert(void *, struct smtp_client *, void *); +void smtp_require_tls(void *, struct smtp_client *); void smtp_ready(void *, struct smtp_client *); void smtp_failed(void *, struct smtp_client *, int, const char *); void smtp_closed(void *, struct smtp_client *); diff --git a/usr.sbin/smtpd/smtp_client.c b/usr.sbin/smtpd/smtp_client.c index ac707a1210f..7a26e954113 100644 --- a/usr.sbin/smtpd/smtp_client.c +++ b/usr.sbin/smtpd/smtp_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_client.c,v 1.10 2019/06/12 17:42:53 eric Exp $ */ +/* $OpenBSD: smtp_client.c,v 1.11 2019/09/02 20:05:21 eric Exp $ */ /* * Copyright (c) 2018 Eric Faurot @@ -184,6 +184,12 @@ smtp_cert_verified(struct smtp_client *proto, int verified) } } +void +smtp_set_tls(struct smtp_client *proto, void *ctx) +{ + io_start_tls(proto->io, ctx); +} + void smtp_quit(struct smtp_client *proto) { @@ -500,7 +506,7 @@ smtp_client_response(struct smtp_client *proto, const char *line) smtp_client_state(proto, STATE_AUTH); } else - io_start_tls(proto->io, proto->params.tls_ctx); + smtp_require_tls(proto->tag, proto); break; case STATE_AUTH_PLAIN: @@ -610,7 +616,7 @@ smtp_client_io(struct io *io, int evt, void *arg) case IO_CONNECTED: if (proto->params.tls_req == TLS_SMTPS) { io_set_write(io); - io_start_tls(proto->io, proto->params.tls_ctx); + smtp_require_tls(proto->tag, proto); } else smtp_client_state(proto, STATE_BANNER); diff --git a/usr.sbin/smtpd/smtpc.c b/usr.sbin/smtpd/smtpc.c index 42257b646a5..66be5fa389b 100644 --- a/usr.sbin/smtpd/smtpc.c +++ b/usr.sbin/smtpd/smtpc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpc.c,v 1.7 2019/09/02 19:17:43 gilles Exp $ */ +/* $OpenBSD: smtpc.c,v 1.8 2019/09/02 20:05:21 eric Exp $ */ /* * Copyright (c) 2018 Eric Faurot @@ -245,12 +245,6 @@ parse_server(char *server) if (port == NULL) port = "smtp"; - if (params.tls_req != TLS_NO) { - params.tls_ctx = ssl_mta_init(NULL, NULL, 0, NULL); - if (params.tls_ctx == NULL) - fatal("ssl_mta_init"); - } - memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; @@ -342,6 +336,16 @@ smtp_verify_server_cert(void *tag, struct smtp_client *proto, void *ctx) smtp_cert_verified(proto, CERT_UNKNOWN); } +void +smtp_require_tls(void *tag, struct smtp_client *proto) +{ + void *ctx; + + ctx = ssl_mta_init(NULL, NULL, 0, NULL); + + smtp_set_tls(proto, ctx); +} + void smtp_ready(void *tag, struct smtp_client *proto) { -- 2.20.1