-TADDR_MATCH_LIST
-TADDR_PATTERN
-TALIAS_TOKEN
--TALLOWED_PARENT
+-TALLOWED_PREFIX
-TANVIL_CLNT
-TANVIL_LOCAL
-TANVIL_MAX
-TMOCK_APPL_STATUS
-TMOCK_EXPECT
-TMOCK_OPEN_AS_REQ
+-TMOCK_SERVER
-TMOCK_SPAWN_CMD_REQ
-TMOCK_STAT_REQ
-TMOCK_UNIX_SERVER
-Tssize_t
-Tssl_cipher_stack_t
-Tssl_comp_stack_t
--Tstat
-Ttime_t
-Ttlsa_filter
-Tuint16_t
anvil/anvil.c, global/anvil_clnt.[hc], proto/postconf.proto,
mantools/postlink.
+20260516
+
+ Cleanup: moved a "mask &= ~TLS_LOG_TRACE" statement whose effect
+ was never used. File:tls/tls_misc.c.
+
+ Safety: future-proofing (posttls-finger.c) and fail-closed
+ (tls_misc.c).
+
+ Re-indented the source code after deleting 'stat' and adding
+ missing types to .indent.pro.
+
TODO
Reorganize PTEST_LIB, PMOCK_LIB, TESTLIB, TESTLIBS, etc.
smtpd smtpd c tls tls h tls tls_client c tls tls_misc c
smtp smtp c smtp smtp_params c smtp smtp_proto c
tlsproxy tlsproxy c tlsproxy tlsproxy_client c
+ postscreen postscreen c postscreen postscreen_tls_conf c
+ anvil anvil c global anvil_clnt hc proto postconf proto
};
test_server_main(argc, argv, test_driver,
- CA_TEST_MAIN_INT_TABLE(int_table),
- CA_TEST_MAIN_STR_TABLE(str_table),
- CA_TEST_MAIN_TIME_TABLE(time_table),
- CA_TEST_MAIN_NBOOL_TABLE(nbool_table),
- 0);
+ CA_TEST_MAIN_INT_TABLE(int_table),
+ CA_TEST_MAIN_STR_TABLE(str_table),
+ CA_TEST_MAIN_TIME_TABLE(time_table),
+ CA_TEST_MAIN_NBOOL_TABLE(nbool_table),
+ 0);
exit(0);
}
tp = argv_alloc(5);
while ((prefix = mystrtok(&bp, CHARS_COMMA_SP)) != 0) {
if (*prefix != '/') {
- (void) decline_request_with("relative pathname",prefix);
+ (void) decline_request_with("relative pathname", prefix);
continue;
}
/* Trim trailing '/'. */
-#ifndef _ALLOWED_PARENT_H_INCLUDED_
-#define _ALLOWED_PARENT_H_INCLUDED_
+#ifndef _ALLOWED_PREFIX_H_INCLUDED_
+#define _ALLOWED_PREFIX_H_INCLUDED_
/*++
/* NAME
int anvil_clnt_lookup(ANVIL_CLNT *anvil_clnt, const char *service,
const char *addr, int *count, int *rate,
- int *msgs, int *rcpts, int *newtls,
- int *auths, int *tlstrs)
+ int *msgs, int *rcpts, int *newtls,
+ int *auths, int *tlstrs)
{
char *ident = ANVIL_IDENT(service, addr);
int status;
if (unlink(cfpath) < 0)
ptest_error(t, "unlink %s: %m", cfpath);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
/*
* End protocol v2 definitions from haproxy/include/types/connection.h.
*/
-#endif /* HAPROXY_SRVR_INTERNAL */
+#endif /* HAPROXY_SRVR_INTERNAL */
/* LICENSE
/* .ad
if (*np->want_log == 0) {
if (got_code != np->want_code) {
ptest_error(t, "got code \"%d\", want \"%d\"(%s)",
- got_code, np->want_code,
- str_hfrom_format_code(np->want_code));
+ got_code, np->want_code,
+ str_hfrom_format_code(np->want_code));
}
}
});
if (*cp->want_log == 0) {
if (strcmp(got_name, cp->want_name) != 0) {
ptest_error(t, "got name: \"%s\", want: \"%s\"",
- got_name, cp->want_name);
+ got_name, cp->want_name);
}
}
});
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20260514"
+#define MAIL_RELEASE_DATE "20260516"
#define MAIL_VERSION_NUMBER "3.12"
#ifdef SNAPSHOT
escape_order(got_escaped,
string_or_null(map_search_from_create->search_order)),
escape_order(want_escaped,
- string_or_null(tp->want_search_order)));
+ string_or_null(tp->want_search_order)));
}
});
}
"known pathname suffix", non_leg_type));
}
non_leg_index_path = concatenate(name, non_leg_suffix, (char *) 0);
- stat_res = stat (non_leg_index_path, &st);
+ stat_res = stat(non_leg_index_path, &st);
saved_errno = errno;
myfree(non_leg_index_path);
setup_common_mock_open_info();
var_cache_db_type = "lmdb";
capture = msg_capt_create(100);
- var_nbdb_log_redirect = want_logging != 0;
+ var_nbdb_log_redirect = want_logging != 0;
/*
* Verify that 'btree' redirects to $default_cache_db_type ('lmdb').
/*
* What ASCII characters are allowed in the 'charset' or 'encoding' tokens
- * of an encoded-word. 202604 Claude: in the macro expansion replace
- * several instances of 'ch' with 'c'.
+ * of an encoded-word. 202604 Claude: in the macro expansion replace several
+ * instances of 'ch' with 'c'.
*/
#define RFC2047_ESPECIALS_STR "()<>@,;:\\\"/[]?.="
#define RFC2047_ALLOWED_TOKEN_CHAR(c) \
"encoder called with empty charset name\n"
},
{"validates_charset_length", test_rfc2047_encode,
- RFC2047_HEADER_CONTEXT_COMMENT, /* charset= */
+ RFC2047_HEADER_CONTEXT_COMMENT, /* charset= */
"1234567890123456789012345678901234567890",
"testme", 0, " ", NO_OUTPUT, "rfc2047_code: warning: rfc2047_encode: "
"unreasonable charset name: "
* the client may have connected to this service before the file was
* indexed.
*/
- if (stat (STR(new_idx_path), &new_idx_st) == 0 && new_idx_st.st_size > 0) {
+ if (stat(STR(new_idx_path), &new_idx_st) == 0 && new_idx_st.st_size > 0) {
msg_info("target file '%s' already exists, skipping this request",
STR(new_idx_path));
return (NBDB_STAT_OK);
* the owner's (uid, gid) to run the postmap or postalias command with.
*/
vstring_sprintf(leg_idx_path, "%s%s", source_path, NBDB_LEGACY_SUFFIX);
- if (stat (STR(leg_idx_path), &leg_idx_st) < 0) {
+ if (stat(STR(leg_idx_path), &leg_idx_st) < 0) {
vstring_sprintf(why, "look up status for legacy indexed file '%s': %m",
STR(leg_idx_path));
return (NBDB_STAT_ERROR);
* and will reject the request if the source has unsafe permissions for
* the uid that we would run postmap or postalias with.
*/
- if (stat (source_path, &source_st) < 0) {
+ if (stat(source_path, &source_st) < 0) {
vstring_sprintf(why, "look up status for source file '%s': %m",
source_path);
return (NBDB_STAT_ERROR);
*/
vstring_strcpy(parent_dir_buf, source_path);
parent_dir = dirname(STR(parent_dir_buf));
- if (stat (parent_dir, &parent_dir_st) < 0) {
+ if (stat(parent_dir, &parent_dir_st) < 0) {
vstring_sprintf(why, "look up status for parent directory '%s': %m",
parent_dir);
return (NBDB_STAT_ERROR);
/* nbdb_safe_for_uid - owned by the user or root, not group or other writable */
-bool nbdb_safe_for_uid(uid_t uid, const struct stat *st)
+bool nbdb_safe_for_uid(uid_t uid, const struct stat * st)
{
/*
/* nbdb_safe_to_index_as_legacy_index_owner - OK to run postmap/postalias */
bool nbdb_safe_to_index_as_legacy_index_owner(
- const char *source_path, const struct stat *source_st,
- const char *leg_idx_path, const struct stat *leg_idx_st,
- const char *parent_dir, const struct stat *parent_dir_st,
+ const char *source_path, const struct stat * source_st,
+ const char *leg_idx_path, const struct stat * leg_idx_st,
+ const char *parent_dir, const struct stat * parent_dir_st,
VSTRING *why)
{
uid_t runas_uid;
const char *dnsbl_sites; /* postscreen_dnsbl_sites */
const char *req_addr; /* in dnsblog request */
struct dnsbl_data dnsbl_data[MAX_DNSBL_SITES];
- int want_ttl; /* effective TTL */
+ int want_ttl; /* effective TTL */
int want_score; /* sum of weights */
};
dp[n].res_ttl),
ATTR_TYPE_END);
mock_server_interact(mp[n], serialized_req,
- serialized_resp);
+ serialized_resp);
vstring_free(serialized_req);
vstring_free(serialized_resp);
}
psc_smtpd_helo_reply = mystrdup(STR(psc_temp));
/*
- * STARTTLS support. This affects the EHLO greeting. */
+ * STARTTLS support. This affects the EHLO greeting.
+ */
psc_tls_pre_jail();
/*
* Initialize the EHLO reply. Once for plaintext sessions, and once for
* TLS sessions.
*/
- psc_smtpd_format_ehlo_reply(psc_temp, psc_ehlo_discard_mask
+ psc_smtpd_format_ehlo_reply(psc_temp, psc_ehlo_discard_mask
| (psc_tls_ready ? 0 : EHLO_MASK_STARTTLS));
psc_smtpd_ehlo_reply_plain = mystrdup(STR(psc_temp));
#ifdef USE_TLS
TLS_SERVER_PARAMS psc_tls_params;
TLS_SERVER_INIT_PROPS psc_init_props;
+
#endif
/*
cipher_grade = cipher_grade,
cipher_exclusions = STR(cipher_exclusions),
mdalg = var_psc_tls_fpt_dgst,
- trace_size_limit = var_psc_tls_trace_size_limit,
+ trace_size_limit = var_psc_tls_trace_size_limit,
trace_peer = state->smtp_client_addr);
return (true);
}
#if defined(USE_TLS) && defined(HAVE_SSL_TRACE)
static BIO *posttls_trace_open(void *, const char *);
+
#endif
#define HNAME(addr) (addr->qname)
if (state->trace_file == 0) {
VSTRING *path = vstring_alloc(64);
+ /* Cheap defense against future change to reuse the path buffer. */
+ VSTRING_RESET(path);
bio = tls_trace_create_file(path, trace_peer);
state->trace_file = vstring_export(path);
if (bio == 0) {
state->level = TLS_LEV_DANE;
state->mxinsec_level = TLS_LEV_DANE;
state->tlsproxy_mode = 0;
- state->trace_file = 0; /* lazily constructed at trace_open */
+ state->trace_file = 0; /* lazily constructed */
#else
#define TLSOPTS ""
state->level = TLS_LEV_NONE;
#include <msg_jmp.h>
/*
- * Private state. But it has to be caller-visible
-because msg_setjmp() cannot be a function.
+ * Private state. But it has to be caller-visible because msg_setjmp()
+ * cannot be a function.
*/
MSG_JMP_BUF *msg_jmp_bufp;
expect_ptest_log_event(t, "this is a forced 'Missing log event' error");
}
-static void ptest_nested_logging(PTEST_CTX * t, const PTEST_CASE * unused)
+static void ptest_nested_logging(PTEST_CTX *t, const PTEST_CASE *unused)
{
expect_ptest_log_event(t, "top-level");
msg_warn("this is a top-level event");
STR(iter->host));
return (0);
}
- break;
+ break;
case SMTP_REQTLS_POLICY_ACT_OPP_TLS:
if (tls->level == TLS_LEV_NONE) {
if (state->tls_stats)
#endif
ffail_type = 0,
dane = state->tls->dane,
- trace_size_limit = var_smtp_tls_trace_size_limit,
+ trace_size_limit = var_smtp_tls_trace_size_limit,
trace_peer = STR(iter->addr));
/*
#endif
ffail_type = state->tls->ext_policy_failure,
dane = state->tls->dane,
- trace_size_limit = var_smtp_tls_trace_size_limit,
+ trace_size_limit = var_smtp_tls_trace_size_limit,
trace_open = 0,
trace_arg = 0,
trace_peer = STR(iter->addr));
{
const char *ext_policy = "inline:{{foo.xn--1xa.example = opportunistic}} enforce";
const struct QUERY_REPLY qr[] = {
- {"foo.xn--1xa.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
- {"foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
- {"x.foo.xn--1xa.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
- {"x.foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
- {"example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
- {0},
+ {"foo.xn--1xa.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
+ {"foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
+ {"x.foo.xn--1xa.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
+ {"x.foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
+ {"example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
+ {0},
};
SMTP_REQTLS_POLICY *int_policy;
const struct QUERY_REPLY *qp;
int_policy = smtp_reqtls_policy_parse(test_origin, ext_policy);
for (qp = qr; qp->query; qp++) {
- got = smtp_reqtls_policy_eval(int_policy, qp->query);
- if (got != qp->reply) {
- msg_warn("got result '%d', want: '%d'", got, qp->reply);
- errors++;
- }
+ got = smtp_reqtls_policy_eval(int_policy, qp->query);
+ if (got != qp->reply) {
+ msg_warn("got result '%d', want: '%d'", got, qp->reply);
+ errors++;
+ }
}
smtp_reqtls_policy_free(int_policy);
return (errors == 0);
{
const char *ext_policy = "inline:{{foo.xn--1xa.example = opportunistic}} disable";
const struct QUERY_REPLY qr[] = {
- {"foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
- {"foo.-\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
- {"example", SMTP_REQTLS_POLICY_ACT_DISABLE},
- {0},
+ {"foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
+ {"foo.-\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
+ {"example", SMTP_REQTLS_POLICY_ACT_DISABLE},
+ {0},
};
SMTP_REQTLS_POLICY *int_policy;
const struct QUERY_REPLY *qp;
int_policy = smtp_reqtls_policy_parse(test_origin, ext_policy);
for (qp = qr; qp->query; qp++) {
- got = smtp_reqtls_policy_eval(int_policy, qp->query);
- if (got != qp->reply) {
- msg_warn("got result '%d', want: '%d'", got, qp->reply);
- errors++;
- }
+ got = smtp_reqtls_policy_eval(int_policy, qp->query);
+ if (got != qp->reply) {
+ msg_warn("got result '%d', want: '%d'", got, qp->reply);
+ errors++;
+ }
}
smtp_reqtls_policy_free(int_policy);
return (errors == 0);
cipher_grade = cipher_grade,
cipher_exclusions = STR(cipher_exclusions),
mdalg = var_smtpd_tls_fpt_dgst,
- trace_size_limit = var_smtpd_tls_trace_size_limit,
+ trace_size_limit = var_smtpd_tls_trace_size_limit,
trace_peer = state->addr);
/*
/* make_attr - serialize attribute list */
-VSTRING *make_attr(ATTR_VPRINT_COMMON_FN vprint_fn, int flags, ...)
+VSTRING *make_attr(ATTR_VPRINT_COMMON_FN vprint_fn, int flags,...)
{
static const char myname[] = "make_attr";
VSTRING *res = vstring_alloc(100);
const char *what, const char *got, const char *want)
{
if (got == 0 && want == 0) {
- return (1);
+ return (1);
} else if (got == 0 || want == 0) {
- if (t)
- ptest_error(t, "%s:%d: %s: got '%s', want '%s'",
- file, line, what, STR_OR_NULL(got),
- STR_OR_NULL(want));
- return (0);
+ if (t)
+ ptest_error(t, "%s:%d: %s: got '%s', want '%s'",
+ file, line, what, STR_OR_NULL(got),
+ STR_OR_NULL(want));
+ return (0);
}
if (strcmp(got, want) != 0) {
if (t)
#include <ptest.h>
typedef struct PTEST_CASE {
- const char *testname; /* Human-readable description */
+ const char *testname; /* Human-readable description */
void (*action) (PTEST_CTX *t, const struct PTEST_CASE *);
} PTEST_CASE;
static void test_eq_flags(PTEST_CTX *t, const PTEST_CASE *unused)
{
-int got = FLAG_ONE;
-int want = FLAG_ONE | FLAG_TWO;
+ int got = FLAG_ONE;
+ int want = FLAG_ONE | FLAG_TWO;
expect_ptest_error(t, "got 'one', want 'one|two'");
if (eq_flags(t, "flags", got, want, flags_to_string)
DNS_RR *make_dns_rr(const char *qname, const char *rname, unsigned type,
unsigned class, unsigned ttl,
unsigned dnssec_valid, unsigned pref,
- unsigned weight, unsigned port,
+ unsigned weight, unsigned port,
void *data, size_t data_len)
{
DNS_RR *rr;
* The missing expectation is intentional. Do not count this as an error.
*/
expect_ptest_error(t, "unexpected call: "
- "hostname_to_sockaddr_pf(\"notexist\", 0, \"smtp\", ");
+ "hostname_to_sockaddr_pf(\"notexist\", 0, \"smtp\", ");
/*
* Invoke the mock and verify results.
*/
#define eq_servent(...) _eq_servent(__FILE__, __LINE__, __VA_ARGS__)
-extern int _eq_servent(const char *, int,PTEST_CTX *,
+extern int _eq_servent(const char *, int, PTEST_CTX *,
const char *, struct servent *,
struct servent *);
/* mock_server_interact - set up request and/or response */
void mock_server_interact(MOCK_SERVER *mp,
- const VSTRING *req,
- const VSTRING *resp)
+ const VSTRING *req,
+ const VSTRING *resp)
{
const char myname[] = "mock_server_interact";
VSTRING *want_req; /* serialized request, may be null */
VSTRING *resp; /* serialized response, may be null */
VSTRING *iobuf; /* I/O buffer */
- struct MOCK_SERVER *next; /* chain of unconnected servers */
- struct MOCK_SERVER *prev; /* chain of unconnected servers */
+ struct MOCK_SERVER *next; /* chain of unconnected servers */
+ struct MOCK_SERVER *prev; /* chain of unconnected servers */
} MOCK_SERVER;
#define MOCK_SERVER_FLAG_CONNECTED (1<<0)
extern MOCK_SERVER *mock_unix_server_create(const char *);
extern void mock_server_interact(MOCK_SERVER *, const VSTRING *,
- const VSTRING *);
+ const VSTRING *);
extern void mock_server_free(MOCK_SERVER *);
extern void mock_server_free_void_ptr(void *);
REQUEST_READ_EVENT(session_state.fd, read_event, &session_state, 1);
event_loop(1);
if (session_state.error != 0) {
- /* already reported */
+ /* already reported */
} else if (VSTRING_LEN(session_state.resp_buf) != strlen(REQUEST_VAL)) {
- ptest_error(t, "got resp_buf length %ld, want %ld",
- (long) VSTRING_LEN(session_state.resp_buf),
- (long) strlen(REQUEST_VAL));
+ ptest_error(t, "got resp_buf length %ld, want %ld",
+ (long) VSTRING_LEN(session_state.resp_buf),
+ (long) strlen(REQUEST_VAL));
} else if (session_state.resp_len != strlen(REQUEST_VAL)) {
- ptest_error(t, "got resp_len %d, want %ld",
- session_state.resp_len, (long) strlen(REQUEST_VAL));
+ ptest_error(t, "got resp_len %d, want %ld",
+ session_state.resp_len, (long) strlen(REQUEST_VAL));
} else if (strcmp(vstring_str(session_state.resp_buf), REQUEST_VAL) != 0) {
- ptest_error(t, "got resp_buf '%s', want '%s'",
- vstring_str(session_state.resp_buf), REQUEST_VAL);
+ ptest_error(t, "got resp_buf '%s', want '%s'",
+ vstring_str(session_state.resp_buf), REQUEST_VAL);
}
/*
REQUEST_READ_EVENT(session_state.fd, read_event, &session_state, 1);
event_loop(1);
if (session_state.error != 0) {
- /* already reported */
+ /* already reported */
} else if (VSTRING_LEN(session_state.resp_buf) != strlen(REQUEST_VAL)) {
- ptest_error(t, "got resp_buf length %ld, want %ld",
- (long) VSTRING_LEN(session_state.resp_buf),
- (long) strlen(REQUEST_VAL));
+ ptest_error(t, "got resp_buf length %ld, want %ld",
+ (long) VSTRING_LEN(session_state.resp_buf),
+ (long) strlen(REQUEST_VAL));
} else if (session_state.resp_len != strlen(REQUEST_VAL)) {
- ptest_error(t, "got resp_len %d, want %ld",
- session_state.resp_len, (long) strlen(REQUEST_VAL));
+ ptest_error(t, "got resp_len %d, want %ld",
+ session_state.resp_len, (long) strlen(REQUEST_VAL));
} else if (strcmp(vstring_str(session_state.resp_buf), REQUEST_VAL) != 0) {
- ptest_error(t, "got resp_buf '%s', wamt '%s'",
- vstring_str(session_state.resp_buf), REQUEST_VAL);
+ ptest_error(t, "got resp_buf '%s', wamt '%s'",
+ vstring_str(session_state.resp_buf), REQUEST_VAL);
}
/*
/* stat - mock stat() implementation */
-int stat(const char *path, struct stat *st) {
+int stat(const char *path, struct stat * st)
+{
MOCK_STAT_REQ *mock_info;
if ((mock_info = (MOCK_STAT_REQ *) htable_find(mock_stat_table, path)) == 0)
const char *cipher_exclusions;
const char *mdalg; /* default message digest algorithm */
int trace_size_limit; /* TLS protocol trace size limit */
- BIO *(*trace_open) (void *, const char *); /* override dest */
+ BIO *(*trace_open) (void *, const char *); /* override dest */
void *trace_arg; /* opaque trace_open argument */
char *trace_peer; /* Printable peer IP address */
} TLS_SERVER_START_PROPS;
msg_warn("%s: ignoring \"trace\" log level: "
"SSL_trace() is not available in this build",
log_param);
- mask &= ~TLS_LOG_TRACE;
}
+ mask &= ~TLS_LOG_TRACE; /* Never used */
}
#endif
return (mask);
BIO *bio = TLScontext->trace_bio;
/*
- * trace_size_limit <= 0 means either tracing is off (never started)
- * or we already crossed the budget and emitted the truncation marker.
+ * trace_size_limit <= 0 means either tracing is off (never started) or
+ * we already crossed the budget and emitted the truncation marker.
* Either way, do not write further.
*/
if (bio == 0 || TLScontext->trace_size_limit <= 0)
if (anvil_clnt_tlstr(client, "any", "any", &rate) == ANVIL_STAT_OK) {
ret = rate <= tls_trace_rate_limit;
} else {
- ret = true;
+ ret = false;
}
anvil_clnt_free(client);
} else {
ret = true;
}
return (ret);
-}
+}
/* tls_trace_create_qfile - default trace destination for daemons */
/* tls_trace_create_file - trace destination for CLI or daemon */
-BIO *tls_trace_create_file(VSTRING *path, const char *trace_peer)
+BIO *tls_trace_create_file(VSTRING *path, const char *trace_peer)
{
struct timeval tv;
struct tm *lt;
/*
* Release the protocol trace, if one was opened. Order matters:
- * SSL_free() above can still drive the message callback during
- * teardown (close-notify processing in particular), so trace_bio
- * must stay valid until after SSL_free() returns. Closing it
- * first would let tls_msg_callback() write through a freed BIO.
- *
+ * SSL_free() above can still drive the message callback during teardown
+ * (close-notify processing in particular), so trace_bio must stay valid
+ * until after SSL_free() returns. Closing it first would let
+ * tls_msg_callback() write through a freed BIO.
+ *
* Always BIO_flush() before close, so any stdio buffering inside
* BIO_new_fp() lands on disk before the FILE * is fclose()d. An
- * application override may release the BIO; otherwise BIO_free_all
- * walks the chain and (with BIO_CLOSE) closes the underlying file.
+ * application override may release the BIO; otherwise BIO_free_all walks
+ * the chain and (with BIO_CLOSE) closes the underlying file.
*/
if (TLScontext->trace_bio != 0) {
(void) BIO_flush(TLScontext->trace_bio);
BIO_free_all(TLScontext->trace_bio);
TLScontext->trace_bio = 0;
}
-
if (TLScontext->namaddr)
myfree(TLScontext->namaddr);
if (TLScontext->serverid)
(void) eq_attr(t, "tls_proxy_client_init_serialize",
got_serialized_init_props, ref_serialized_init_props);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
vstring_free(ref_serialized_init_props);
vstring_free(got_serialized_init_props);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
SEND_ATTR_INT(VAR_TLS_DAEMON_RAND_BYTES,
params->tls_daemon_rand_bytes),
SEND_ATTR_INT(VAR_TLS_APPEND_DEF_CA,
- params->tls_append_def_CA),
+ params->tls_append_def_CA),
SEND_ATTR_INT(VAR_TLS_PREEMPT_CLIST,
- params->tls_preempt_clist),
+ params->tls_preempt_clist),
SEND_ATTR_INT(VAR_TLS_MULTI_WILDCARD,
- params->tls_multi_wildcard),
+ params->tls_multi_wildcard),
SEND_ATTR_INT(VAR_TLS_FAST_SHUTDOWN,
- params->tls_fast_shutdown),
+ params->tls_fast_shutdown),
ATTR_TYPE_END));
}
(void) eq_attr(t, "tls_proxy_client_param_serialize",
got_serialized_params, ref_serialized_params);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
vstring_free(want_client_params_serialized);
vstring_free(got_client_params_serialized);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
vstring_free(ref_serialized_params);
vstring_free(got_serialized_params);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
/* tls_proxy_server_init_from_string - deserialize TLS_SERVER_INIT_PROPS */
TLS_SERVER_INIT_PROPS *tls_proxy_server_init_from_string(
- ATTR_SCAN_COMMON_FN scan_fn,
- VSTRING *buf)
+ ATTR_SCAN_COMMON_FN scan_fn,
+ VSTRING *buf)
{
const char myname[] = "tls_proxy_server_init_from_string";
TLS_SERVER_INIT_PROPS *props = 0;
VSTREAM *mp;
if ((mp = vstream_memopen(buf, O_RDONLY)) == 0
- || scan_fn(mp, ATTR_FLAG_NONE,
- RECV_ATTR_FUNC(tls_proxy_server_init_scan,
- (void *) &props),
- ATTR_TYPE_END) != 1
- || vstream_fclose(mp) != 0)
- msg_fatal("%s: can't deserialize properties: %m", myname);
+ || scan_fn(mp, ATTR_FLAG_NONE,
+ RECV_ATTR_FUNC(tls_proxy_server_init_scan,
+ (void *) &props),
+ ATTR_TYPE_END) != 1
+ || vstream_fclose(mp) != 0)
+ msg_fatal("%s: can't deserialize properties: %m", myname);
return (props);
}
char *var_smtpd_tls_loglevel;
int var_smtpd_tls_ccert_vd;
static char *cache_type;
-bool var_smtpd_tls_set_sessid;
+bool var_smtpd_tls_set_sessid;
char *var_smtpd_tls_chain_files;
char *var_smtpd_tls_cert_file;
char *var_smtpd_tls_key_file;
var_smtpd_tls_eecdh = DEF_SMTPD_TLS_EECDH;
var_smtpd_tls_proto = DEF_SMTPD_TLS_PROTO;
ask_ccert = 1,
- var_smtpd_tls_fpt_dgst = DEF_SMTPD_TLS_FPT_DGST;
+ var_smtpd_tls_fpt_dgst = DEF_SMTPD_TLS_FPT_DGST;
}
static void setup_reference_unserialized_init_props(TLS_SERVER_INIT_PROPS *props)
(void) eq_attr(t, "tls_proxy_server_init_serialize",
got_serialized_init_props, ref_serialized_init_props);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
vstring_free(ref_serialized_init_props);
vstring_free(got_serialized_init_props);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
(void) eq_attr(t, "tls_proxy_server_param_serialize",
got_serialized_params, ref_serialized_params);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
vstring_free(want_server_params_serialized);
vstring_free(got_server_params_serialized);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
vstring_free(ref_serialized_params);
vstring_free(got_serialized_params);
#else
- ptest_skip(t);
+ ptest_skip(t);
#endif
}
/* update_error_state - safely stash away error state */
static void update_error_state(X509_STORE_CTX *ctx, TLS_SESS_STATE *TLScontext,
- int depth, const X509 *errorcert, int errorcode)
+ int depth, const X509 *errorcert, int errorcode)
{
/*
if (TLScontext->errorcert != 0)
X509_free((X509 *) TLScontext->errorcert);
if (errorcert != 0)
- X509_up_ref((X509 *) errorcert);
+ X509_up_ref((X509 *) errorcert);
TLScontext->errorcert = errorcert;
TLScontext->errorcode = errorcode;
TLScontext->errordepth = depth;
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
-/*
+/*
/* Wietse Venema
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
-/*
+/*
/* Wietse Venema
/* porcupine.org
/*--*/
/*
* Sanity check. 202604 Claude: avoid expression 'first + how_many'.
*/
- if (first < 0 || how_many < 0 || first > argvp->argc
+ if (first < 0 || how_many < 0 || first > argvp->argc
|| how_many > argvp->argc - first)
msg_panic("argv_delete bad range: (start=%ld count=%ld)",
(long) first, (long) how_many);
extern ARGV *argv_qsort(ARGV *, ARGV_COMPAR_FN);
extern ARGV *argv_uniq(ARGV *, ARGV_COMPAR_FN);
extern void argv_add(ARGV *,...);
+
#if 0
extern void argv_addn(ARGV *,...);
+
#endif
extern ARGV *argv_addv(ARGV *, const char *const *);
extern void argv_terminate(ARGV *);
* dict_stream(3)
*/
extern VSTREAM *dict_stream_open(const char *dict_type, const char *mapname,
- int open_flags, int dict_flags, struct stat *st, VSTRING **why);
+ int open_flags, int dict_flags, struct stat * st, VSTRING **why);
/* LICENSE
/* .ad
char *dict_name;
DICT *dict;
- if ((dict_name = split_at(saved_dict_spec, ':')) == 0
+ if ((dict_name = split_at(saved_dict_spec, ':')) == 0
|| *saved_dict_spec == 0 || *dict_name == 0) {
dict = dict_surrogate(dict_spec, "", open_flags, dict_flags,
"open dictionary: expecting \"type:name\" form instead of \"%s\"",
if (dict_load_file_xt(TEST_DICT, TEST_CONF_PATH) == 0)
msg_fatal("open %s: %m", TEST_CONF_PATH);
if ((meta_dir = dict_lookup(TEST_DICT, META_DIR_KEY)) == 0
- || (shlib_dir = dict_lookup(TEST_DICT, SHLIB_DIR_KEY)) == 0)
- msg_fatal("unusable file: %s", TEST_CONF_PATH);
+ || (shlib_dir = dict_lookup(TEST_DICT, SHLIB_DIR_KEY)) == 0)
+ msg_fatal("unusable file: %s", TEST_CONF_PATH);
path = concatenate(meta_dir, "/", "dynamicmaps.cf",
#ifdef SHLIB_VERSION
".", SHLIB_VERSION,
dict_type, dict_type);
return (0);
}
- if (stat (dp->soname, &st) < 0) {
+ if (stat(dp->soname, &st) < 0) {
msg_warn("unsupported dictionary type: %s (%s: %m)",
dict_type, dp->soname);
return (0);
/* inet_connect_one - try to connect to one address */
-static int inet_connect_one(struct addrinfo * res, int block_mode, int timeout)
+static int inet_connect_one(struct addrinfo *res, int block_mode, int timeout)
{
int sock;
int hostname_to_sockaddr_pf(const char *hostname, int pf,
const char *service, int socktype,
- struct addrinfo ** res)
+ struct addrinfo **res)
{
#ifdef EMULATE_IPV4_ADDRINFO
/* hostaddr_to_sockaddr - printable address to binary address form */
int hostaddr_to_sockaddr(const char *hostaddr, const char *service,
- int socktype, struct addrinfo ** res)
+ int socktype, struct addrinfo **res)
{
#ifdef EMULATE_IPV4_ADDRINFO
/* freeaddrinfo - release storage */
-void freeaddrinfo(struct addrinfo * ai)
+void freeaddrinfo(struct addrinfo *ai)
{
struct addrinfo *ap;
struct addrinfo *next;
char *cp = saved_input;
int n;
- for (n = 0; /* See below */; n++) {
+ for (n = 0; /* See below */ ; n++) {
got = mystrtok(&cp, CHARS_SPACE);
if (!match_one(t, got, tp->want[n]) || got == 0)
break;
char *cp = saved_input;
int n;
- for (n = 0; /* See below */; n++) {
+ for (n = 0; /* See below */ ; n++) {
got = mystrtokq(&cp, CHARS_SPACE, CHARS_BRACE);
if (!match_one(t, got, tp->want[n]) || got == 0)
break;
char *cp = saved_input;
int n;
- for (n = 0; /* See below */; n++) {
+ for (n = 0; /* See below */ ; n++) {
got = mystrtokdq(&cp, CHARS_SPACE);
if (!match_one(t, got, tp->want[n]) || got == 0)
break;
expect_ptest_log_event(t,
"#comment after other text is not allowed");
- for (n = 0; /* See below */; n++) {
+ for (n = 0; /* See below */ ; n++) {
got = mystrtok_cw(&cp, CHARS_SPACE, "test");
if (!match_one(t, got, tp->want[n]) || got == 0)
break;
expect_ptest_log_event(t,
"#comment after other text is not allowed");
- for (n = 0; /* See below */; n++) {
+ for (n = 0; /* See below */ ; n++) {
got = mystrtokq_cw(&cp, CHARS_SPACE, CHARS_BRACE, "test");
if (!match_one(t, got, tp->want[n]) || got == 0)
break;
expect_ptest_log_event(t,
"#comment after other text is not allowed");
- for (n = 0; /* See below */; n++) {
+ for (n = 0; /* See below */ ; n++) {
got = mystrtokdq_cw(&cp, CHARS_SPACE, "test");
if (!match_one(t, got, tp->want[n]) || got == 0)
break;
msg_fatal("close server fd");
return (0);
}
+
#else
int main(int argc, char **argv)
{
return (0);
}
+
#endif
*/
#ifndef NO_MOCK_WRAPPERS
extern int wrap_getaddrinfo(const char *, const char *,
- const struct addrinfo *,
- struct addrinfo **);
+ const struct addrinfo *,
+ struct addrinfo **);
extern void wrap_freeaddrinfo(struct addrinfo *);
extern int wrap_getnameinfo(const struct sockaddr *, socklen_t, char *,
- size_t, char *, size_t, int);
+ size_t, char *, size_t, int);
#define getaddrinfo wrap_getaddrinfo
#define freeaddrinfo wrap_freeaddrinfo
/* wrap_stat - mockable wrapper */
-int wrap_stat(const char *path, struct stat *st)
+int wrap_stat(const char *path, struct stat * st)
{
#undef stat
- return (stat (path, st));
+ return (stat(path, st));
}
/* wrap_lstat - mockable wrapper */
-int wrap_lstat(const char *path, struct stat *st)
+int wrap_lstat(const char *path, struct stat * st)
{
#undef lstat
return (lstat(path, st));
projects / thirdparty / postfix.git / commitdiff
