diff options
author | Gilles Chehade <gilles@poolp.org> | 2013-05-16 13:30:04 +0200 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2013-05-16 13:31:08 +0200 |
commit | 38b26921bad5fe24ad747bf9d591330d683728b0 (patch) | |
tree | 3f7b11a9f178f71c153990c2bbb0c6c5d3d60e7b | |
parent | Merge branch 'master' into portable (diff) | |
download | OpenSMTPD-38b26921bad5fe24ad747bf9d591330d683728b0.tar.xz OpenSMTPD-38b26921bad5fe24ad747bf9d591330d683728b0.zip |
make client socket non blocking to avoid evil client from causing
trouble in a SSL handshake. while at it, make event masking a bit
more strict to avoid possible bugs
-rw-r--r-- | smtpd/ioev.c | 8 | ||||
-rw-r--r-- | smtpd/smtp.c | 1 |
2 files changed, 6 insertions, 3 deletions
diff --git a/smtpd/ioev.c b/smtpd/ioev.c index fcd24526..5094cc46 100644 --- a/smtpd/ioev.c +++ b/smtpd/ioev.c @@ -678,11 +678,11 @@ io_start_tls(struct io *io, void *ssl) if (mode == IO_WRITE) { io->state = IO_STATE_CONNECT_SSL; SSL_set_connect_state(io->ssl); - io_reset(io, EV_READ | EV_WRITE, io_dispatch_connect_ssl); + io_reset(io, EV_WRITE, io_dispatch_connect_ssl); } else { io->state = IO_STATE_ACCEPT_SSL; SSL_set_accept_state(io->ssl); - io_reset(io, EV_READ | EV_WRITE, io_dispatch_accept_ssl); + io_reset(io, EV_READ, io_dispatch_accept_ssl); } return (0); @@ -856,14 +856,16 @@ io_dispatch_write_ssl(int fd, short event, void *humppa) void io_reload_ssl(struct io *io) { - short ev = EV_READ|EV_WRITE; + short ev = 0; void (*dispatch)(int, short, void*) = NULL; switch (io->state) { case IO_STATE_CONNECT_SSL: + ev = EV_WRITE; dispatch = io_dispatch_connect_ssl; break; case IO_STATE_ACCEPT_SSL: + ev = EV_READ; dispatch = io_dispatch_accept_ssl; break; case IO_STATE_UP: diff --git a/smtpd/smtp.c b/smtpd/smtp.c index 55f87728..a306baac 100644 --- a/smtpd/smtp.c +++ b/smtpd/smtp.c @@ -442,6 +442,7 @@ smtp_accept(int fd, short event, void *p) close(sock); return; } + io_set_blocking(sock, 0); sessions++; stat_increment("smtp.session", 1); |