From 38b26921bad5fe24ad747bf9d591330d683728b0 Mon Sep 17 00:00:00 2001 From: Gilles Chehade Date: Thu, 16 May 2013 13:30:04 +0200 Subject: make client socket non blocking to avoid evil client from causing trouble in a SSL handshake. while at it, make event masking a bit more strict to avoid possible bugs --- smtpd/ioev.c | 8 +++++--- smtpd/smtp.c | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/smtpd/ioev.c b/smtpd/ioev.c index fcd24526..5094cc46 100644 --- a/smtpd/ioev.c +++ b/smtpd/ioev.c @@ -678,11 +678,11 @@ io_start_tls(struct io *io, void *ssl) if (mode == IO_WRITE) { io->state = IO_STATE_CONNECT_SSL; SSL_set_connect_state(io->ssl); - io_reset(io, EV_READ | EV_WRITE, io_dispatch_connect_ssl); + io_reset(io, EV_WRITE, io_dispatch_connect_ssl); } else { io->state = IO_STATE_ACCEPT_SSL; SSL_set_accept_state(io->ssl); - io_reset(io, EV_READ | EV_WRITE, io_dispatch_accept_ssl); + io_reset(io, EV_READ, io_dispatch_accept_ssl); } return (0); @@ -856,14 +856,16 @@ io_dispatch_write_ssl(int fd, short event, void *humppa) void io_reload_ssl(struct io *io) { - short ev = EV_READ|EV_WRITE; + short ev = 0; void (*dispatch)(int, short, void*) = NULL; switch (io->state) { case IO_STATE_CONNECT_SSL: + ev = EV_WRITE; dispatch = io_dispatch_connect_ssl; break; case IO_STATE_ACCEPT_SSL: + ev = EV_READ; dispatch = io_dispatch_accept_ssl; break; case IO_STATE_UP: diff --git a/smtpd/smtp.c b/smtpd/smtp.c index 55f87728..a306baac 100644 --- a/smtpd/smtp.c +++ b/smtpd/smtp.c @@ -442,6 +442,7 @@ smtp_accept(int fd, short event, void *p) close(sock); return; } + io_set_blocking(sock, 0); sessions++; stat_increment("smtp.session", 1); -- cgit v1.2.3-59-g8ed1b