[exim-cvs] Fix use of empty log_reject_target. Bug 3039

Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
 
 
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] Fix use of empty log_reject_target. Bug 3039
Gitweb: https://git.exim.org/exim.git/commitdiff/eb09d0da1fb995ad88f9a1c2998766c3e530be68
Commit:     eb09d0da1fb995ad88f9a1c2998766c3e530be68
Parent:     37b849dca4dfd855212a763662825e967a4d77b1
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Nov 7 19:38:22 2023 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Tue Nov 7 19:52:23 2023 +0000


    Fix use of empty log_reject_target.  Bug 3039


    Broken-by: 4243a209fd94
---
 doc/doc-txt/ChangeLog            |  7 ++++++-
 src/src/smtp_in.c                | 25 ++++++++++++++-----------
 test/confs/1115                  | 24 ++++++++++++++++++++++++
 test/log/1115                    |  3 +++
 test/scripts/1100-Basic-TLS/1115 |  7 +++++++
 test/stdout/1115                 |  6 ++++++
 6 files changed, 60 insertions(+), 12 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2ea8caf23..c74c0c0c6 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -16,10 +16,15 @@ JH/02 Bug 3040: Handle error on close of the spool data file during reception.
       this to respond with a temp-reject, wipe spoolfiles, and log the error
       detail.


-JH/03 Bug 3030: fix handling of DNS servfail respons for DANE TLSA.  When hit
+JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA.  When hit
       during a recipient verify callout, a QUIT command was attempted on the
       now-closed callout channel, causing a paniclog entry.


+JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
+      a connection_reject log_selector, under tls_on_connect.  Previously
+      with this combination, when the connect ACL rejected, a spurious
+      paniclog entry was made.
+


 Exim version 4.97
 -----------------
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index c565d522d..e19c86ff8 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2051,16 +2051,19 @@ else DEBUG(D_receive)
 static void
 log_connect_tls_drop(const uschar * what, const uschar * log_msg)
 {
-gstring * g = s_tlslog(NULL);
-uschar * tls = string_from_gstring(g);
-
-log_write(L_connection_reject,
-  log_reject_target, "%s%s%s dropped by %s%s%s",
-  LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"",
-  host_and_ident(TRUE),
-  tls ? tls : US"",
-  what,
-  log_msg ? US": " : US"", log_msg);
+if (log_reject_target)
+  {
+  gstring * g = s_tlslog(NULL);
+  uschar * tls = string_from_gstring(g);
+
+  log_write(L_connection_reject,
+    log_reject_target, "%s%s%s dropped by %s%s%s",
+    LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"",
+    host_and_ident(TRUE),
+    tls ? tls : US"",
+    what,
+    log_msg ? US": " : US"", log_msg);
+  }
 }



@@ -3085,7 +3088,7 @@ else
the connection is not forcibly to be dropped, return 0. Otherwise, log why it
is closing if required and return 2. */ 

-if (log_reject_target != 0)
+if (log_reject_target)
   {
 #ifndef DISABLE_TLS
   gstring * g = s_tlslog(NULL);
diff --git a/test/confs/1115 b/test/confs/1115
new file mode 100644
index 000000000..c6247a4e0
--- /dev/null
+++ b/test/confs/1115
@@ -0,0 +1,24 @@
+# Exim test configuration 1115
+
+SERVER=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+tls_on_connect_ports = PORT_D2
+
+acl_smtp_connect = check_conn
+
+log_selector = +connection_reject
+
+# ----- ACLs -----
+
+begin acl
+
+check_conn:
+  deny    log_reject_target =
+
+# End
diff --git a/test/log/1115 b/test/log/1115
new file mode 100644
index 000000000..d09da31a0
--- /dev/null
+++ b/test/log/1115
@@ -0,0 +1,3 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTPS on port PORT_D2
diff --git a/test/scripts/1100-Basic-TLS/1115 b/test/scripts/1100-Basic-TLS/1115
new file mode 100644
index 000000000..fe53cb15d
--- /dev/null
+++ b/test/scripts/1100-Basic-TLS/1115
@@ -0,0 +1,7 @@
+# server: tls_on_connect and log_reject_target empty
+exim -bd -DSERVER=server -oX PORT_D2
+****
+client-anytls -tls-on-connect 127.0.0.1 PORT_D2
+???*
+****
+killdaemon
diff --git a/test/stdout/1115 b/test/stdout/1115
new file mode 100644
index 000000000..43eac051c
--- /dev/null
+++ b/test/stdout/1115
@@ -0,0 +1,6 @@
+Connecting to 127.0.0.1 port 1226 ... connected
+Attempting to start TLS
+Failed to start TLS
+???*
+Expected EOF read
+End of script


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Wiadomość została wysłana do następujących list mailowych:
exim-cvs
Informacja o liście mailowej | Najbliższe wiadomości		<-[exim-cvs] OpenSSL: fix non-DANE build[exim-cvs] remove "security release"->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)