[exim-dev] [Bug 2018] proxy protocol is not supported on smt…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: admin
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 2018] proxy protocol is not supported on smtps (direct SSL/TLS) connections
https://bugs.exim.org/show_bug.cgi?id=2018

Git Commit <git@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED


--- Comment #16 from Git Commit <git@???> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/da88acaeb7d76e5312c8ea799951470eaa5eca0f

commit da88acaeb7d76e5312c8ea799951470eaa5eca0f
Author:     Phil Pennock <pdp@???>
AuthorDate: Tue Jan 31 22:15:55 2017 -0500
Commit:     Phil Pennock <pdp@???>
CommitDate: Tue Jan 31 22:15:55 2017 -0500


    handle proxy protocol v2 safely as well.


    we had test suite failures (test suite success!) because proxy protocol
    v2 (ppv2) wasn't being detected; by only reading 12 octets, the >= 16
    check was failing.  but in fact i had previously only fixed reading
    "only enough" for ppv1.


    handling both ppv1 and ppv2 is complicated because the minimum valid
    length for ppv1 is 15 octets but for ppv2 the size to read is in the
    15th and 16th octets.


    so refactored a little and we now use a total of 3 reads for the ppv2
    case (assuming no fragmentation, etc; we'll actually keep reading now
    instead of aborting) to get the entire ppv2 header of exactly the right
    size, so that tls handshake immediately following the pp header is not
    also swallowed.


    fixes: 2018
    tested: manually, tls and non-tls, ppv1 and ppv2, all ways.
    release: should be cherry-picked into 4.89rc series
----
 doc/doc-txt/ChangeLog |   2 +
 src/src/smtp_in.c     | 128 +++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 103 insertions(+), 27 deletions(-)


--
You are receiving this mail because:
You are on the CC list for the bug.