postfix-3.4.20

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 3358a8840f13cf48aa55ab53659d9cdc346c8f85..3ab509d90c73ad20258aa33e05632cc1cccc0208 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -24572,3 +24572,24 @@ Apologies for any names omitted.
         causing unnecessary dnssec_probe activity. The default is now
         "dane" when smtp_tls_security_level is "dane", otherwise it is
         "may". File: global/mail_params.h.
+
+20210411
+
+       Missing null pointer checks (introduced: Postfix 3.4) after
+       an internal I/O error during the smtp(8) to tlsproxy(8)
+       handshake. Found by Coverity, reported by Jaroslav Skarvada.
+       Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c.
+
+       Null pointer bug (introduced: Postfix 3.0) and memory leak
+       (introduced: Postfix 3.4) after an inline: table syntax
+       error in main.cf or master.cf. Found by Coverity, reported
+       by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File:
+       util/dict_inline.c.
+
+       Incomplete null pointer check (introduced: Postfix 2.10)
+       after truncated HaProxy version 1 handshake message. Found
+       by Coverity, reported by Jaroslav Skarvada. Fix by Viktor
+       Dukhovni. File: global/haproxy_srvr.c.
+
+       Missing null pointer check (introduced: Postfix alpha) after
+       null argv[0] value. File: global/mail_task.c.

diff --git a/postfix/src/global/haproxy_srvr.c b/postfix/src/global/haproxy_srvr.c
index db3d0c1da5982700dd1148b1cb9ca82d77e6ffe6..9779985d80dcbe32d1076e2b6195881226610bc6 100644 (file)
--- a/postfix/src/global/haproxy_srvr.c
+++ b/postfix/src/global/haproxy_srvr.c
@@ -59,6 +59,8 @@
 
 static INET_PROTO_INFO *proto_info;
 
+#define STR_OR_NULL(str) ((str) ? (str) : "(null)")
+
 /* haproxy_srvr_parse_lit - extract and validate string literal */
 
 static int haproxy_srvr_parse_lit(const char *str,...)
@@ -68,7 +70,7 @@ static int haproxy_srvr_parse_lit(const char *str,...)
     int     result = -1;
 
     if (msg_verbose)
-       msg_info("haproxy_srvr_parse: %s", str);
+       msg_info("haproxy_srvr_parse: %s", STR_OR_NULL(str));
 
     if (str != 0) {
        va_start(ap, str);
@@ -85,8 +87,10 @@ static int haproxy_srvr_parse_lit(const char *str,...)
 static int haproxy_srvr_parse_proto(const char *str, int *addr_family)
 {
     if (msg_verbose)
-       msg_info("haproxy_srvr_parse: proto=%s", str);
+       msg_info("haproxy_srvr_parse: proto=%s", STR_OR_NULL(str));
 
+    if (str == 0)
+       return (-1);
 #ifdef AF_INET6
     if (strcasecmp(str, "TCP6") == 0) {
        if (strchr((char *) proto_info->sa_family_list, AF_INET6) != 0) {
@@ -110,7 +114,8 @@ static int haproxy_srvr_parse_addr(const char *str, MAI_HOSTADDR_STR *addr,
                                           int addr_family)
 {
     if (msg_verbose)
-       msg_info("haproxy_srvr_parse: addr=%s proto=%d", str, addr_family);
+       msg_info("haproxy_srvr_parse: addr=%s proto=%d",
+                STR_OR_NULL(str), addr_family);
 
     if (str == 0 || strlen(str) >= sizeof(MAI_HOSTADDR_STR))
        return (-1);
@@ -145,7 +150,7 @@ static int haproxy_srvr_parse_addr(const char *str, MAI_HOSTADDR_STR *addr,
 static int haproxy_srvr_parse_port(const char *str, MAI_SERVPORT_STR *port)
 {
     if (msg_verbose)
-       msg_info("haproxy_srvr_parse: port=%s", str);
+       msg_info("haproxy_srvr_parse: port=%s", STR_OR_NULL(str));
     if (str == 0 || strlen(str) >= sizeof(MAI_SERVPORT_STR)
        || !valid_hostport(str, DONT_GRIPE)) {
        return (-1);

diff --git a/postfix/src/global/mail_task.c b/postfix/src/global/mail_task.c
index 543130a6e9da35696f1df590920ce959d4a51b96..733645d380d1aec5330c76cdde06494698ccdedf 100644 (file)
--- a/postfix/src/global/mail_task.c
+++ b/postfix/src/global/mail_task.c
@@ -17,8 +17,8 @@
 /*
 /*     The result is overwritten with each call.
 /*
-/*     A null argv0 argument requests that the current
-/*     result is returned.
+/*     A null argv0 argument requests that the current result is
+/*     returned, or "unknown" when no current result exists.
 /* LICENSE
 /* .ad
 /* .fi
@@ -59,6 +59,8 @@ const char *mail_task(const char *argv0)
     const char *slash;
     const char *tag;
 
+    if (argv0 == 0 && canon_name == 0)
+       argv0 = "unknown";
     if (argv0) {
        if (canon_name == 0)
            canon_name = vstring_alloc(10);

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index fad10e90374c8ed50d49e115c75e944e6fd2c7b8..cb962876e83c8b5cbf31c7417d3828d2eda99294 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20210117"
-#define MAIL_VERSION_NUMBER    "3.4.19"
+#define MAIL_RELEASE_DATE      "20210411"
+#define MAIL_VERSION_NUMBER    "3.4.20"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE      "-" MAIL_RELEASE_DATE

diff --git a/postfix/src/tls/tls_proxy_client_scan.c b/postfix/src/tls/tls_proxy_client_scan.c
index 4c748ae3c163c13a3a5602c5493122ef41e61da4..f2036d198b0981923af6d855e4655025f45c8edc 100644 (file)
--- a/postfix/src/tls/tls_proxy_client_scan.c
+++ b/postfix/src/tls/tls_proxy_client_scan.c
@@ -430,7 +430,8 @@ static int tls_proxy_client_certs_scan(ATTR_SCAN_MASTER_FN scan_fn,
     if (buf)
        vstring_free(buf);
     if (ret != 1) {
-       tls_proxy_client_certs_free(head);
+       if (head)
+           tls_proxy_client_certs_free(head);
        head = 0;
     }
     *(TLS_CERTS **) ptr = head;
@@ -489,7 +490,8 @@ static int tls_proxy_client_pkeys_scan(ATTR_SCAN_MASTER_FN scan_fn,
     if (buf)
        vstring_free(buf);
     if (ret != 1) {
-       tls_proxy_client_pkeys_free(head);
+       if (head)
+           tls_proxy_client_pkeys_free(head);
        head = 0;
     }
     *(TLS_PKEYS **) ptr = head;
@@ -538,7 +540,8 @@ static int tls_proxy_client_tlsa_scan(ATTR_SCAN_MASTER_FN scan_fn,
        ret = (ret == 3 ? 1 : -1);
     }
     if (ret != 1) {
-       tls_proxy_client_tlsa_free(head);
+       if (head)
+           tls_proxy_client_tlsa_free(head);
        head = 0;
     }
     *(TLS_TLSA **) ptr = head;

diff --git a/postfix/src/util/dict_inline.c b/postfix/src/util/dict_inline.c
index a416d7c3d93859f1b3b393f755ec847947fc9d3a..72339b2b2fbb681f2b49a26ec78c6a331f977e5c 100644 (file)
--- a/postfix/src/util/dict_inline.c
+++ b/postfix/src/util/dict_inline.c
@@ -113,9 +113,9 @@ DICT   *dict_inline_open(const char *name, int open_flags, int dict_flags)
     dict = dict_open3(DICT_TYPE_HT, name, open_flags, dict_flags);
     dict_type_override(dict, DICT_TYPE_INLINE);
     while ((nameval = mystrtokq(&cp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
-       if ((nameval[0] != CHARS_BRACE[0]
-            || (err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP)) == 0)
-           && (err = split_qnameval(nameval, &vname, &value)) != 0)
+       if (nameval[0] == CHARS_BRACE[0])
+           err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP);
+       if (err != 0 || (err = split_qnameval(nameval, &vname, &value)) != 0)
            break;
 
        if ((dict->flags & DICT_FLAG_SRC_RHS_IS_FILE) != 0) {