summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGilles Chehade <gilles@poolp.org>2013-05-16 13:30:04 +0200
committerGilles Chehade <gilles@poolp.org>2013-05-16 13:31:08 +0200
commit38b26921bad5fe24ad747bf9d591330d683728b0 (patch)
tree3f7b11a9f178f71c153990c2bbb0c6c5d3d60e7b
parentMerge branch 'master' into portable (diff)
downloadOpenSMTPD-38b26921bad5fe24ad747bf9d591330d683728b0.tar.xz
OpenSMTPD-38b26921bad5fe24ad747bf9d591330d683728b0.zip
make client socket non blocking to avoid evil client from causing
trouble in a SSL handshake. while at it, make event masking a bit more strict to avoid possible bugs
-rw-r--r--smtpd/ioev.c8
-rw-r--r--smtpd/smtp.c1
2 files changed, 6 insertions, 3 deletions
diff --git a/smtpd/ioev.c b/smtpd/ioev.c
index fcd24526..5094cc46 100644
--- a/smtpd/ioev.c
+++ b/smtpd/ioev.c
@@ -678,11 +678,11 @@ io_start_tls(struct io *io, void *ssl)
if (mode == IO_WRITE) {
io->state = IO_STATE_CONNECT_SSL;
SSL_set_connect_state(io->ssl);
- io_reset(io, EV_READ | EV_WRITE, io_dispatch_connect_ssl);
+ io_reset(io, EV_WRITE, io_dispatch_connect_ssl);
} else {
io->state = IO_STATE_ACCEPT_SSL;
SSL_set_accept_state(io->ssl);
- io_reset(io, EV_READ | EV_WRITE, io_dispatch_accept_ssl);
+ io_reset(io, EV_READ, io_dispatch_accept_ssl);
}
return (0);
@@ -856,14 +856,16 @@ io_dispatch_write_ssl(int fd, short event, void *humppa)
void
io_reload_ssl(struct io *io)
{
- short ev = EV_READ|EV_WRITE;
+ short ev = 0;
void (*dispatch)(int, short, void*) = NULL;
switch (io->state) {
case IO_STATE_CONNECT_SSL:
+ ev = EV_WRITE;
dispatch = io_dispatch_connect_ssl;
break;
case IO_STATE_ACCEPT_SSL:
+ ev = EV_READ;
dispatch = io_dispatch_accept_ssl;
break;
case IO_STATE_UP:
diff --git a/smtpd/smtp.c b/smtpd/smtp.c
index 55f87728..a306baac 100644
--- a/smtpd/smtp.c
+++ b/smtpd/smtp.c
@@ -442,6 +442,7 @@ smtp_accept(int fd, short event, void *p)
close(sock);
return;
}
+ io_set_blocking(sock, 0);
sessions++;
stat_increment("smtp.session", 1);