Moving to the imapproxy list.

I've been running with these patches in production for a couple days now
with no complaints.

However, my production system is not on OpenSSL 1.1, so that patch
hasn't gotten run-time testing, only compile-time.

I've also attached the patches, so you're not dependent on my github
repository.

On 11/23/2016 06:04 PM, Richard Laager wrote:
> I see you have recently accepted a round of imapproxy patches. I would
> like to bring the following patches to your attention.
> 
> So far, these have only passed the "it compiles" test. I'll be testing
> all this code in production in a few days (after the Thanksgiving holiday).
> 
> The EGD conditional is backwards:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-egd-ifdef.patch
> 
> This fixes a compiler warning about not checking the return value from
> dup():
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/check-dup-return-value.patch
> 
> This fixes some missing function definitions:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-missing-definitions.patch
> 
> This fixes some warnings about size_t printf formatters. Note, I'm not
> sure how portable the "z" modifer is:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-size_t-formatters.patch
> 
> This uses socklen_t instead of int to fix some type mismatch warnings:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-socklen_t-types.patch
> 
> This fixes signedness warnings:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-ssl-types.patch
> 
> This fixes compiling on OpenSSL 1.1:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/openssl-1.1.patch
> 
> Are these variables used? If not, they should be removed rather than
> #ifdef 0'ed as this patch does:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/remove-unused-variables.patch

-- 
Richard
Description: Check dup() return value
 I switched to dup2() as well, which combines in the close() call.
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -998,6 +998,7 @@
  FILE* fp=NULL;
  pid_t pid;                         /* used just for a fork call */
  int i;
+ int j;
 
     /* detach from our parent if necessary */
     // NOTE: When started under systemd, the parent PID is already 1, so
@@ -1059,9 +1060,15 @@
 		strerror(errno));
 		exit( 1 );
 	}
-	close(2); dup(i);
-	close(1); dup(i);
-	close(0); dup(i);
+	for(j=0; j <= 2; j++)
+	{
+		if (dup2(i, j) < 0)
+		{
+			syslog(LOG_ERR, "%s: dup2() failed: %s", fn,
+				strerror(errno));
+			exit( 1 );
+		}
+	}
 	close(i);
     }
     else
Description: Fix compilation without EGD
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -460,7 +460,7 @@
     /* Set up OpenSSL thread protection */
     ssl_thread_setup(fn);
 
-#ifndef HAVE_RAND_EGD
+#ifdef HAVE_RAND_EGD
     if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) ) 
 #endif
     {
Description: Fix missing definitions
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/include/imapproxy.h
+++ b/include/imapproxy.h
@@ -373,8 +373,12 @@
 extern void ICC_Logout( ICC_Struct * );
 extern void ICC_Recycle( unsigned int );
 extern void ICC_Recycle_Loop( void );
+extern void ICC_Invalidate( ICC_Struct * );
 extern void LockMutex( pthread_mutex_t * );
 extern void UnLockMutex( pthread_mutex_t * );
+#ifdef HAVE_LIBSSL
+extern int Attempt_STARTTLS( ITD_Struct * );
+#endif
 extern void SetDefaultConfigValues(ProxyConfig_Struct *);
 extern void SetConfigOptions( char * );
 extern void SetLogOptions( void );
--- a/src/becomenonroot.c
+++ b/src/becomenonroot.c
@@ -48,6 +48,7 @@
 
 #include <sys/types.h>
 #include <strings.h>
+#include <string.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <stdio.h>
Description: Fix size_t formatters
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/imapcommon.c
+++ b/src/imapcommon.c
@@ -1004,7 +1004,7 @@
      */
     else if ( LiteralPasswd )
     {
-	snprintf( SendBuf, BufLen, "A0001 LOGIN %s {%d}\r\n", 
+	snprintf( SendBuf, BufLen, "A0001 LOGIN %s {%zd}\r\n",
 		  Username, strlen( Password ) );
 	if ( IMAP_Write( Server.conn, SendBuf, strlen(SendBuf) ) == -1 )
 	{
--- a/src/hash.c
+++ b/src/hash.c
@@ -69,7 +69,7 @@
 
   if ( Size > sizeof Hash_Buffer )
   {
-    syslog(LOG_ERR, "Hash(): Maximum of %d for '%s' exceeds architectural limit of %d", Size, Input_Key, sizeof Hash_Buffer );
+    syslog(LOG_ERR, "Hash(): Maximum of %d for '%s' exceeds architectural limit of %zd", Size, Input_Key, sizeof Hash_Buffer );
     exit(1);
   }
 
Description: Fix socklen_t types
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -285,7 +285,7 @@
     char f_randfile[ PATH_MAX ];
     int listensd;                      /* socket descriptor we'll bind to */
     long clientsd;                     /* incoming socket descriptor */
-    int sockaddrlen;                       
+    socklen_t sockaddrlen;
     struct sockaddr_storage srvaddr;
     struct sockaddr_storage cliaddr;
     pthread_t ThreadId;                /* thread id of each incoming conn */
--- a/src/request.c
+++ b/src/request.c
@@ -702,7 +702,7 @@
     char fullServerResponse[BUFSIZE] = "\0\0\0";
     int BytesRead;
     struct sockaddr_storage cli_addr;
-    int sockaddrlen;
+    socklen_t sockaddrlen;
     char hostaddr[INET6_ADDRSTRLEN], portstr[NI_MAXSERV];
     
     unsigned int BufLen = BUFSIZE - 1;
@@ -979,7 +979,7 @@
     ICD_Struct *conn;
     char fullServerResponse[BUFSIZE] = "\0\0\0";
     struct sockaddr_storage cli_addr;
-    int sockaddrlen;
+    socklen_t sockaddrlen;
     char hostaddr[INET6_ADDRSTRLEN], portstr[NI_MAXSERV];
 
     memset( &Server, 0, sizeof Server );
Description: Fix SSL types
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/imapcommon.c
+++ b/src/imapcommon.c
@@ -543,7 +543,7 @@
     char AuthBufIndex;
 
     unsigned int BufLen = BUFSIZE - 1;
-    char md5pw[MD5_DIGEST_LENGTH];
+    unsigned char md5pw[MD5_DIGEST_LENGTH];
     char *tokenptr;
     char *endptr;
     char *last;
@@ -555,7 +555,7 @@
     struct addrinfo *useai;
 
     EVP_MD_CTX mdctx;
-    int md_len;
+    unsigned int md_len;
 
     Expiration = PC_Struct.cache_expiration_time;
     memset( &Server, 0, sizeof Server );
Description: Fix compilation with OpenSSL 1.1
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -1582,9 +1582,9 @@
 	    verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
 	}
     }
-    switch (ctx->error) {
+    switch (err) {
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
+	X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
 	syslog(LOG_NOTICE, "issuer= %s", buf);
 	break;
     case X509_V_ERR_CERT_NOT_YET_VALID:
--- a/src/imapcommon.c
+++ b/src/imapcommon.c
@@ -554,16 +554,24 @@
     unsigned int Expiration;
     struct addrinfo *useai;
 
-    EVP_MD_CTX mdctx;
+    EVP_MD_CTX *mdctx;
     unsigned int md_len;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_MD_CTX mdctx_;
+#define EVP_MD_CTX_new(x) &mdctx_
+#define EVP_MD_CTX_free(x)
+#endif
+
     Expiration = PC_Struct.cache_expiration_time;
     memset( &Server, 0, sizeof Server );
     
     /* need to md5 the passwd regardless, so do that now */
-    EVP_DigestInit(&mdctx, EVP_md5());
-    EVP_DigestUpdate(&mdctx, Password, strlen(Password));
-    EVP_DigestFinal(&mdctx, md5pw, &md_len);
+    mdctx = EVP_MD_CTX_new();
+    EVP_DigestInit(mdctx, EVP_md5());
+    EVP_DigestUpdate(mdctx, Password, strlen(Password));
+    EVP_DigestFinal(mdctx, md5pw, &md_len);
+    EVP_MD_CTX_free(mdctx);
     
     /* see if we have a reusable connection available */
     ICC_Active = NULL;
Description: Remove unused variables
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-23
--- a/src/main.c
+++ b/src/main.c
@@ -186,10 +186,11 @@
 **
 */
 
-
+#if 0
 static char *sourceRevision = "$Revision$";
 static char *sourceVersion = "$Id$";
 static char *sourceAuthor = "$Author$";
+#endif
 
 #define _REENTRANT
 
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-imapproxy mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-imapproxy@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.imapproxy
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy

Reply via email to