On Sat, Oct 25, 2014 at 04:38:44PM +0200, Michael Str?der wrote:
> BTW: postfix 2.11.3 even seg faults when using a unknown keyword:
>
> Oct 25 16:33:37 srv1 postfix/smtp[27839]: warning: smtp_tls_policy_maps,
> next-hop destination "example.com": invalid attribute name: "CAfile"
> Oct 25 14:33:37 srv1 pdns_recursor[2944]: 1 [46459] answer to question
> 'mxint01.1and1.com.|A': 2 answers, 0 additional, took 3 packets, 0 throttled,
> 0 timeouts, 0 tcp connections, rcode=0
> Oct 25 16:33:37 srv1 kernel: [427484.427118] smtp[27839]: segfault at 4 ip
> b772123b sp bfd7c320 error 4 in smtp[b7715000+19000]
Right malformed policy table entries don't set the TLS level to
"invalid" as they should. The attached patch fixes this problem
for Postfix 2.11 and 2.12 snapshots.
--
Viktor.
>From 7e32dd18210973d831125ae295b2355affacf135 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <[email protected]>
Date: Sat, 25 Oct 2014 14:17:24 -0400
Subject: [PATCH 1/1] Bugfix: Set tls level to invalid when site level is
invalid
---
src/smtp/smtp_tls_policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/smtp/smtp_tls_policy.c b/src/smtp/smtp_tls_policy.c
index f280810..e2bb559 100644
--- a/src/smtp/smtp_tls_policy.c
+++ b/src/smtp/smtp_tls_policy.c
@@ -519,6 +519,7 @@ static void *policy_create(const char *unused_key, void
*context)
case TLS_LEV_NOTFOUND:
break;
case TLS_LEV_INVALID:
+ tls->level = site_level;
return ((void *) tls);
}
--
1.9.3 (Apple Git-50)
