Gitweb:
http://git.exim.org/exim.git/commitdiff/14c7b357062edf88e350fb95c06847b2c2a2b934
Commit: 14c7b357062edf88e350fb95c06847b2c2a2b934
Parent: 9d6bb16d6af8c4d2c5e2f58d2a6983c03600c35a
Author: Phil Pennock <pdp@???>
AuthorDate: Sun Dec 9 19:23:06 2012 -0500
Committer: Phil Pennock <pdp@???>
CommitDate: Sun Dec 9 19:30:02 2012 -0500
OCSP/SNI: set correct callback.
Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work
had just renamed the variables and theoretically made it more visible.
I still missed it.
The server_sni context initialisation was setting the OCSP status
callback context parameter back on the original server_ctx instead of
the new server_sni context.
I guess OCSP and SNI aren't being used together in Exim much yet.
---
doc/doc-txt/ChangeLog | 5 +++++
src/src/tls-openssl.c | 2 +-
2 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9ed827f..bf81413 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -143,6 +143,11 @@ GF/01 DCC debug and logging tidyup
TF/03 Avoid unnecessary rebuilds of lookup-related code.
+PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+ Bug spotted by Jeremy Harris; was flawed since initial commit.
+ Would have resulted in OCSP responses post-SNI triggering an Exim
+ NULL dereference and crash.
+
Exim version 4.80.1
-------------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 08b92ba..4409935 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -689,7 +689,7 @@ if (cbinfo->server_cipher_list)
if (cbinfo->ocsp_file)
{
SSL_CTX_set_tlsext_status_cb(server_sni, tls_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo);
}
#endif
