[exim-cvs] Prevent TLS rebinding in LDAP connections

Pàgina inicial
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
A: exim-cvs
Assumpte: [exim-cvs] Prevent TLS rebinding in LDAP connections
Gitweb: http://git.exim.org/exim.git/commitdiff/a30a8861ef512a88394517f713f1e66b486e5c7c
Commit:     a30a8861ef512a88394517f713f1e66b486e5c7c
Parent:     2d07a2158e07fbaddd52e734fcbaeff44bf61919
Author:     Todd Lyons <tlyons@???>
AuthorDate: Wed Sep 4 13:22:51 2013 -0700
Committer:  Todd Lyons <tlyons@???>
CommitDate: Sun Sep 22 09:21:37 2013 -0700


    Prevent TLS rebinding in LDAP connections


    Bugzilla 1375
---
 doc/doc-txt/ChangeLog  |    3 +++
 src/src/lookups/ldap.c |    5 ++++-
 2 files changed, 7 insertions(+), 1 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9fb00a7..9d9f17d 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -220,6 +220,9 @@ JH/16 Fix comparisons for 64b.  Bugzilla 1385.
 TL/09 Add expansion variable $authenticated_fail_id to keep track of
       last id that failed so it may be referenced in subsequent ACL's.


+TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
+      Alexander Miroch.
+


Exim version 4.80.1
-------------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 40345ba..f121bce 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -81,6 +81,7 @@ typedef struct ldap_connection {
uschar *password;
BOOL bound;
int port;
+ BOOL is_start_tls_called;
LDAP *ld;
} LDAP_CONNECTION;

@@ -493,6 +494,7 @@ if (lcp == NULL)
lcp->port = port;
lcp->ld = ld;
lcp->next = ldap_connections;
+ lcp->is_start_tls_called = FALSE;
ldap_connections = lcp;
}

@@ -519,7 +521,7 @@ if (!lcp->bound ||
   {
   DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
     (lcp->bound)? "re-" : "", user, password);
-  if (eldap_start_tls)
+  if (eldap_start_tls && !lcp->is_start_tls_called)
     {
 #if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
     /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
@@ -533,6 +535,7 @@ if (!lcp->bound ||
           " %s", host, porttext, rc, ldap_err2string(rc));
       goto RETURN_ERROR;
       }
+    lcp->is_start_tls_called = TRUE;
 #else
     DEBUG(D_lookup)
       debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");