[exim-cvs] environment grooming

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] environment grooming
Gitweb: https://git.exim.org/exim.git/commitdiff/6b5cbf740022f7f57a425d212499f156b1641d49
Commit:     6b5cbf740022f7f57a425d212499f156b1641d49
Parent:     340cbb7f4ea5185938b16a75cff05dea504a434a
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Oct 14 10:45:32 2019 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Oct 14 15:56:03 2019 +0100


    environment grooming
---
 src/src/environment.c |  3 +++
 src/src/functions.h   |  1 +
 src/src/tls.c         | 29 +++++++++++++++++++++++++++++
 3 files changed, 33 insertions(+)


diff --git a/src/src/environment.c b/src/src/environment.c
index c29cc6c..f3a9066 100644
--- a/src/src/environment.c
+++ b/src/src/environment.c
@@ -59,6 +59,9 @@ else if (Ustrcmp(keep_environment, "*") != 0)
     }
   store_reset(reset_point);
   }
+#ifndef DISABLE_TLS
+tls_clean_env();
+#endif
 if (add_environment)
   {
   uschar * p;
diff --git a/src/src/functions.h b/src/src/functions.h
index 37f6b1b..35600ba 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -48,6 +48,7 @@ extern uschar * tls_cert_fprt_md5(void *);
 extern uschar * tls_cert_fprt_sha1(void *);
 extern uschar * tls_cert_fprt_sha256(void *);


+extern void    tls_clean_env(void);
 extern BOOL    tls_client_start(client_conn_ctx *, smtp_connect_args *,
           void *, tls_support *, uschar **);


diff --git a/src/src/tls.c b/src/src/tls.c
index 796bc6d..63d98c8 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -369,6 +369,35 @@ else if ((subjdn = tls_cert_subject(cert, NULL)))
   }
 return FALSE;
 }
+
+
+/* Environment cleanup: The GnuTLS library spots SSLKEYLOGFILE in the envonment
+and writes a file by that name.  We might make the OpenSSL support do the same,
+in some future release.  Restrict that filename to be under the spool directory.
+
+If the path is absolute, require it starts with the spooldir; otherwise delete
+the env variable.  If relative, prefix the spooldir.
+*/
+void
+tls_clean_env(void)
+{
+uschar * path = US getenv("SSLKEYLOGFILE");
+if (path)
+  if (!*path)
+    unsetenv("SSLKEYLOGFILE");
+  else if (*path != '/')
+    {
+    DEBUG(D_tls)
+      debug_printf("prepending spooldir to  env SSLKEYLOGFILE\n");
+    setenv("SSLKEYLOGFILE", CCS string_sprintf("%s/%s", spool_directory, path), 1);
+    }
+  else if (Ustrncmp(path, spool_directory, Ustrlen(spool_directory)) != 0)
+    {
+    DEBUG(D_tls)
+      debug_printf("removing env SSLKEYLOGFILE: not under spooldir\n");
+    unsetenv("SSLKEYLOGFILE");
+    }
+}
 #endif    /*!DISABLE_TLS*/
 #endif    /*!MACRO_PREDEF*/



This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] OpenSSL: SSLKEYLOGFILE support[exim-cvs] Testsuite: output changes resulting->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)