From: Wietse Venema Date: Sun, 30 Aug 2020 05:00:00 +0000 (-0500) Subject: postfix-3.5.7 X-Git-Tag: v3.5.7^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7c10fd0b0c0224df90b494152f263a780eab944;p=thirdparty%2Fpostfix.git postfix-3.5.7 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index e0cdef260..21d532adb 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24819,3 +24819,18 @@ Apologies for any names omitted. the system-wide OpenSSL configuration of allowed TLS protocol versions, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry. File: tls/tls_server.c. + +20200821 + + Bugfix (introduced: Postfix 3.4, already fixed in Postfix + 3.6): tlsproxy(8) was using the wrong DANE macro for + connections with DANE trust anchors or with non-DANE trust + anchors (WTF: Thorsten Habich found this bug in the use + case that has nothing to do with DANE). This resulted in a + global certificate verify function pointer race, between + TLS handshakes that use TLS trust achors and handshakes + that use PKI. No memory was corrupted in the course of all + this. Viktor Dukhovni. File: tlsproxy/tlsproxy.c. + + Cleanup: the posttls-finger '-X' option reported a false + conflict with '-r'. File: posttls-finger/posttls-finger.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4feb5a317..c228121b8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200726" -#define MAIL_VERSION_NUMBER "3.5.6" +#define MAIL_RELEASE_DATE "20200830" +#define MAIL_VERSION_NUMBER "3.5.7" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c index c142d43f5..a3a9946d3 100644 --- a/postfix/src/posttls-finger/posttls-finger.c +++ b/postfix/src/posttls-finger/posttls-finger.c @@ -1988,7 +1988,7 @@ static void parse_options(STATE *state, int argc, char *argv[]) msg_fatal("bad '-a' option value: %s", state->options.addr_pref); #ifdef USE_TLS - if (state->tlsproxy_mode && state->reconnect) + if (state->tlsproxy_mode && state->reconnect >= 0) msg_fatal("The -X and -r options are mutually exclusive"); #endif diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 7aad011be..aba583f2c 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -998,8 +998,17 @@ static int tlsp_client_start_pre_handshake(TLSP_STATE *state) state->client_start_props->fd = state->ciphertext_fd; /* These predicates and warning belong inside tls_client_start(). */ if (!tls_dane_avail() /* mandatory side effects!! */ - &&TLS_DANE_BASED(state->client_start_props->tls_level)) - msg_warn("%s: DANE requested, but not available", + + /* + * Why not test for TLS_DANE_BASED()? Because the tlsproxy(8) client has + * already converted its DANE TLSA records into trust anchors, and + * therefore TLS_DANE_HASTA() will be true instead. That exercises the + * code path that updates the shared SSL_CTX with custom X.509 + * verification callbacks for trust anchors. + */ + &&TLS_DANE_HASTA(state->client_start_props->dane)) + msg_warn("%s: DANE or local trust anchor based chain" + " verification requested, but not available", state->client_start_props->namaddr); else state->tls_context = tls_client_start(state->client_start_props); @@ -1427,7 +1436,15 @@ static void tlsp_get_request_event(int event, void *context) } state->appl_state = tlsp_client_init(state->tls_params, state->client_init_props, - TLS_DANE_BASED(state->client_start_props->tls_level)); + + /* + * Why not test for TLS_DANE_BASED()? Because the tlsproxy(8) client + * has already converted its DANE TLSA records into trust anchors, + * and therefore TLS_DANE_HASTA() will be true instead. That + * exercises the code path that updates the shared SSL_CTX with + * custom X.509 verification callbacks for trust anchors. + */ + TLS_DANE_HASTA(state->client_start_props->dane) != 0); ready = state->appl_state != 0; break; case TLS_PROXY_FLAG_ROLE_SERVER: