This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU Mailutils".
http://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=10adba5274b12a3c27e1a96bb6d934e430ce5f13 The branch, master has been updated via 10adba5274b12a3c27e1a96bb6d934e430ce5f13 (commit) from e57318e7d47f944c420e6bfd931b44185d776cfc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 10adba5274b12a3c27e1a96bb6d934e430ce5f13 Author: Sergey Poznyakoff <g...@gnu.org.ua> Date: Fri Jul 10 11:39:29 2015 +0300 Fix TLS streams Avoid calling gnutls_global_init (via mu_tls_module_init) prior to forking. gnutls_global_init opens at least one file descriptor (/dev/urandom), and closing it will disrupt its operation. Current stable libgnutls (3.3.15) is able to cope with it, but there are plenty of systems running much older versions. * libmailutils/server/msrv.c (mu_m_server_begin): Reset onexit list after forking. * libmu_auth/tls.c (mu_tls_module_init): Don't call mu_init_tls_libs. (_tls_server_open, _tls_client_open): Check return value from mu_init_tls_libs. * imap4d/auth_gsasl.c (auth_gsasl): Use mu_onexit to register onexit functions. * imap4d/imap4d.h (util_atexit): Remove prototype. * imap4d/starttls.c (imap4d_starttls): Don't register mu_deinit_tls_libs: now done by tls library. (starttls_init): Don't call mu_init_tls_libs. * imap4d/util.c (util_atexit): Remove. (util_bye): Update accordingly. * pop3d/extra.c (pop3d_setio): Print informational message after establishing TLS. (pop3d_bye): Don't call mu_deinit_tls_libs: that's done by the library. * pop3d/pop3d.c (main): Don't call mu_init_tls_libs. ----------------------------------------------------------------------- Summary of changes: imap4d/auth_gsasl.c | 6 +++--- imap4d/imap4d.h | 1 - imap4d/starttls.c | 5 +---- imap4d/util.c | 18 ------------------ libmailutils/server/msrv.c | 2 ++ libmu_auth/tls.c | 40 +++++++++++++++++++++++----------------- pop3d/extra.c | 5 +---- pop3d/pop3d.c | 6 +----- 8 files changed, 31 insertions(+), 52 deletions(-) diff --git a/imap4d/auth_gsasl.c b/imap4d/auth_gsasl.c index 2e6f0fd..773f0ed 100644 --- a/imap4d/auth_gsasl.c +++ b/imap4d/auth_gsasl.c @@ -28,9 +28,9 @@ static Gsasl_session *sess_ctx; static void auth_gsasl_capa_init (int disable); static void -finish_session (void) +finish_session (void *ptr) { - gsasl_finish (sess_ctx); + gsasl_finish ((Gsasl_session *)ptr); } static int @@ -171,7 +171,7 @@ auth_gsasl (struct imap4d_auth *ap) mu_stream_unref (newstream[0]); mu_stream_unref (newstream[1]); - util_atexit (finish_session); + mu_onexit (finish_session, sess_ctx); return imap4d_auth_ok; } diff --git a/imap4d/imap4d.h b/imap4d/imap4d.h index 83a49e8..0ca8f19 100644 --- a/imap4d/imap4d.h +++ b/imap4d/imap4d.h @@ -443,7 +443,6 @@ int util_uidvalidity (mu_mailbox_t smbox, unsigned long *uidvp); int util_is_master (void); void util_bye (void); -void util_atexit (void (*fp) (void)); void util_chdir (const char *homedir); int is_atom (const char *s); int util_isdelim (const char *str); diff --git a/imap4d/starttls.c b/imap4d/starttls.c index 70b97bb..1ee3f70 100644 --- a/imap4d/starttls.c +++ b/imap4d/starttls.c @@ -45,8 +45,6 @@ imap4d_starttls (struct imap4d_session *session, if (imap4d_tokbuf_argc (tok) != 2) return io_completion_response (command, RESP_BAD, "Invalid arguments"); - util_atexit (mu_deinit_tls_libs); - status = io_completion_response (command, RESP_OK, "Begin TLS negotiation"); io_flush (); @@ -73,6 +71,7 @@ tls_encryption_on (struct imap4d_session *session) session->tls_mode = tls_no; imap4d_capability_remove (IMAP_CAPA_XTLSREQUIRED); + mu_diag_output (MU_DIAG_INFO, _("TLS established")); } void @@ -80,8 +79,6 @@ starttls_init () { tls_available = mu_check_tls_environment (); if (tls_available) - tls_available = mu_init_tls_libs (1); - if (tls_available) imap4d_capability_add (IMAP_CAPA_STARTTLS); } diff --git a/imap4d/util.c b/imap4d/util.c index afe5f99..90ab8f1 100644 --- a/imap4d/util.c +++ b/imap4d/util.c @@ -273,29 +273,11 @@ util_uidvalidity (mu_mailbox_t smbox, unsigned long *uidvp) return mu_mailbox_uidvalidity (smbox, uidvp); } -static mu_list_t atexit_list; - -void -util_atexit (void (*fp) (void)) -{ - if (!atexit_list) - mu_list_create (&atexit_list); - mu_list_append (atexit_list, (void*)fp); -} - -static int -atexit_run (void *item, void *data) -{ - ((void (*) (void)) item) (); - return 0; -} - void util_bye () { mu_stream_close (iostream); mu_stream_destroy (&iostream); - mu_list_foreach (atexit_list, atexit_run, 0); } void diff --git a/libmailutils/server/msrv.c b/libmailutils/server/msrv.c index 00b37dc..406de09 100644 --- a/libmailutils/server/msrv.c +++ b/libmailutils/server/msrv.c @@ -43,6 +43,7 @@ #include <mailutils/acl.h> #include <mailutils/sockaddr.h> #include <mailutils/url.h> +#include <mailutils/util.h> typedef RETSIGTYPE (*mu_sig_handler_t) (int); @@ -519,6 +520,7 @@ mu_m_server_begin (mu_m_server_t msrv) mu_error (_("failed to become a daemon: %s"), mu_strerror (errno)); exit (EXIT_FAILURE); } + mu_onexit_reset (); } if (msrv->pidfile) diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c index 13ab537..a503814 100644 --- a/libmu_auth/tls.c +++ b/libmu_auth/tls.c @@ -54,9 +54,6 @@ mu_tls_module_init (enum mu_gocs_op op, void *data) break; case mu_gocs_op_flush: -#ifdef WITH_TLS - mu_init_tls_libs (0); -#endif break; } return 0; @@ -125,6 +122,24 @@ _mu_gtls_logger(int level, const char *text) } #endif +void +mu_deinit_tls_libs (void) +{ + if (mu_tls_enable) + { + if (x509_cred) + gnutls_certificate_free_credentials (x509_cred); + gnutls_global_deinit (); + } + mu_tls_enable = 0; +} + +static void +_onexit_deinit (void *ptr MU_ARG_UNUSED) +{ + mu_deinit_tls_libs (); +} + int mu_init_tls_libs (int x509_setup) { @@ -138,6 +153,7 @@ mu_init_tls_libs (int x509_setup) mu_error ("gnutls_global_init: %s", gnutls_strerror (rc)); return 0; } + mu_onexit (_onexit_deinit, NULL); } if (x509_setup && !x509_cred) @@ -161,18 +177,6 @@ mu_init_tls_libs (int x509_setup) return mu_tls_enable; } -void -mu_deinit_tls_libs (void) -{ - if (mu_tls_enable) - { - if (x509_cred) - gnutls_certificate_free_credentials (x509_cred); - gnutls_global_deinit (); - } - mu_tls_enable = 0; -} - static char default_priority_string[] = "NORMAL"; static gnutls_session_t @@ -408,7 +412,8 @@ _tls_server_open (mu_stream_t stream) if (!stream || sp->state != state_init) return EINVAL; - mu_init_tls_libs (1); + if (!mu_init_tls_libs (1)) + return MU_ERR_FAILURE; sp->session = initialize_tls_session (); mu_stream_ioctl (stream, MU_IOCTL_TRANSPORT, MU_IOCTL_OP_GET, transport); @@ -481,7 +486,8 @@ _tls_client_open (mu_stream_t stream) /* FALLTHROUGH */ case state_init: - mu_init_tls_libs (0); + if (!mu_init_tls_libs (0)) + return MU_ERR_FAILURE; prepare_client_session (stream); rc = gnutls_handshake (sp->session); if (rc < 0) diff --git a/pop3d/extra.c b/pop3d/extra.c index ecdc6b8..57aab2d 100644 --- a/pop3d/extra.c +++ b/pop3d/extra.c @@ -158,6 +158,7 @@ pop3d_setio (int ifd, int ofd, int tls) pop3d_abquit (ERR_FILE); } tls_done = 1; + mu_diag_output (MU_DIAG_INFO, _("TLS established")); } else #endif @@ -238,10 +239,6 @@ pop3d_bye () { mu_stream_close (iostream); mu_stream_destroy (&iostream); -#ifdef WITH_TLS - if (tls_available) - mu_deinit_tls_libs (); -#endif /* WITH_TLS */ } void diff --git a/pop3d/pop3d.c b/pop3d/pop3d.c index c515b19..cbcb38b 100644 --- a/pop3d/pop3d.c +++ b/pop3d/pop3d.c @@ -653,11 +653,7 @@ main (int argc, char **argv) #ifdef WITH_TLS tls_available = mu_check_tls_environment (); if (tls_available) - { - tls_available = mu_init_tls_libs (1); - if (tls_available) - enable_stls (); - } + enable_stls (); #endif /* WITH_TLS */ /* Actually run the daemon. */ hooks/post-receive -- GNU Mailutils _______________________________________________ Commit-mailutils mailing list Commit-mailutils@gnu.org https://lists.gnu.org/mailman/listinfo/commit-mailutils
