Moving to the imapproxy list.
I've been running with these patches in production for a couple days now
with no complaints.
However, my production system is not on OpenSSL 1.1, so that patch
hasn't gotten run-time testing, only compile-time.
I've also attached the patches, so you're not dependent on my github
repository.
On 11/23/2016 06:04 PM, Richard Laager wrote:
> I see you have recently accepted a round of imapproxy patches. I would
> like to bring the following patches to your attention.
>
> So far, these have only passed the "it compiles" test. I'll be testing
> all this code in production in a few days (after the Thanksgiving holiday).
>
> The EGD conditional is backwards:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-egd-ifdef.patch
>
> This fixes a compiler warning about not checking the return value from
> dup():
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/check-dup-return-value.patch
>
> This fixes some missing function definitions:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-missing-definitions.patch
>
> This fixes some warnings about size_t printf formatters. Note, I'm not
> sure how portable the "z" modifer is:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-size_t-formatters.patch
>
> This uses socklen_t instead of int to fix some type mismatch warnings:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-socklen_t-types.patch
>
> This fixes signedness warnings:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/fix-ssl-types.patch
>
> This fixes compiling on OpenSSL 1.1:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/openssl-1.1.patch
>
> Are these variables used? If not, they should be removed rather than
> #ifdef 0'ed as this patch does:
> https://github.com/rlaager/imapproxy-pkg/blob/master/debian/patches/remove-unused-variables.patch
--
Richard
Description: Check dup() return value
I switched to dup2() as well, which combines in the close() call.
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -998,6 +998,7 @@
FILE* fp=NULL;
pid_t pid; /* used just for a fork call */
int i;
+ int j;
/* detach from our parent if necessary */
// NOTE: When started under systemd, the parent PID is already 1, so
@@ -1059,9 +1060,15 @@
strerror(errno));
exit( 1 );
}
- close(2); dup(i);
- close(1); dup(i);
- close(0); dup(i);
+ for(j=0; j <= 2; j++)
+ {
+ if (dup2(i, j) < 0)
+ {
+ syslog(LOG_ERR, "%s: dup2() failed: %s", fn,
+ strerror(errno));
+ exit( 1 );
+ }
+ }
close(i);
}
else
Description: Fix compilation without EGD
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -460,7 +460,7 @@
/* Set up OpenSSL thread protection */
ssl_thread_setup(fn);
-#ifndef HAVE_RAND_EGD
+#ifdef HAVE_RAND_EGD
if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) )
#endif
{
Description: Fix missing definitions
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/include/imapproxy.h
+++ b/include/imapproxy.h
@@ -373,8 +373,12 @@
extern void ICC_Logout( ICC_Struct * );
extern void ICC_Recycle( unsigned int );
extern void ICC_Recycle_Loop( void );
+extern void ICC_Invalidate( ICC_Struct * );
extern void LockMutex( pthread_mutex_t * );
extern void UnLockMutex( pthread_mutex_t * );
+#ifdef HAVE_LIBSSL
+extern int Attempt_STARTTLS( ITD_Struct * );
+#endif
extern void SetDefaultConfigValues(ProxyConfig_Struct *);
extern void SetConfigOptions( char * );
extern void SetLogOptions( void );
--- a/src/becomenonroot.c
+++ b/src/becomenonroot.c
@@ -48,6 +48,7 @@
#include <sys/types.h>
#include <strings.h>
+#include <string.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
Description: Fix size_t formatters
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/imapcommon.c
+++ b/src/imapcommon.c
@@ -1004,7 +1004,7 @@
*/
else if ( LiteralPasswd )
{
- snprintf( SendBuf, BufLen, "A0001 LOGIN %s {%d}\r\n",
+ snprintf( SendBuf, BufLen, "A0001 LOGIN %s {%zd}\r\n",
Username, strlen( Password ) );
if ( IMAP_Write( Server.conn, SendBuf, strlen(SendBuf) ) == -1 )
{
--- a/src/hash.c
+++ b/src/hash.c
@@ -69,7 +69,7 @@
if ( Size > sizeof Hash_Buffer )
{
- syslog(LOG_ERR, "Hash(): Maximum of %d for '%s' exceeds architectural limit of %d", Size, Input_Key, sizeof Hash_Buffer );
+ syslog(LOG_ERR, "Hash(): Maximum of %d for '%s' exceeds architectural limit of %zd", Size, Input_Key, sizeof Hash_Buffer );
exit(1);
}
Description: Fix socklen_t types
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -285,7 +285,7 @@
char f_randfile[ PATH_MAX ];
int listensd; /* socket descriptor we'll bind to */
long clientsd; /* incoming socket descriptor */
- int sockaddrlen;
+ socklen_t sockaddrlen;
struct sockaddr_storage srvaddr;
struct sockaddr_storage cliaddr;
pthread_t ThreadId; /* thread id of each incoming conn */
--- a/src/request.c
+++ b/src/request.c
@@ -702,7 +702,7 @@
char fullServerResponse[BUFSIZE] = "\0\0\0";
int BytesRead;
struct sockaddr_storage cli_addr;
- int sockaddrlen;
+ socklen_t sockaddrlen;
char hostaddr[INET6_ADDRSTRLEN], portstr[NI_MAXSERV];
unsigned int BufLen = BUFSIZE - 1;
@@ -979,7 +979,7 @@
ICD_Struct *conn;
char fullServerResponse[BUFSIZE] = "\0\0\0";
struct sockaddr_storage cli_addr;
- int sockaddrlen;
+ socklen_t sockaddrlen;
char hostaddr[INET6_ADDRSTRLEN], portstr[NI_MAXSERV];
memset( &Server, 0, sizeof Server );
Description: Fix SSL types
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/imapcommon.c
+++ b/src/imapcommon.c
@@ -543,7 +543,7 @@
char AuthBufIndex;
unsigned int BufLen = BUFSIZE - 1;
- char md5pw[MD5_DIGEST_LENGTH];
+ unsigned char md5pw[MD5_DIGEST_LENGTH];
char *tokenptr;
char *endptr;
char *last;
@@ -555,7 +555,7 @@
struct addrinfo *useai;
EVP_MD_CTX mdctx;
- int md_len;
+ unsigned int md_len;
Expiration = PC_Struct.cache_expiration_time;
memset( &Server, 0, sizeof Server );
Description: Fix compilation with OpenSSL 1.1
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-22
--- a/src/main.c
+++ b/src/main.c
@@ -1582,9 +1582,9 @@
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
- switch (ctx->error) {
+ switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
syslog(LOG_NOTICE, "issuer= %s", buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
--- a/src/imapcommon.c
+++ b/src/imapcommon.c
@@ -554,16 +554,24 @@
unsigned int Expiration;
struct addrinfo *useai;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
unsigned int md_len;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX mdctx_;
+#define EVP_MD_CTX_new(x) &mdctx_
+#define EVP_MD_CTX_free(x)
+#endif
+
Expiration = PC_Struct.cache_expiration_time;
memset( &Server, 0, sizeof Server );
/* need to md5 the passwd regardless, so do that now */
- EVP_DigestInit(&mdctx, EVP_md5());
- EVP_DigestUpdate(&mdctx, Password, strlen(Password));
- EVP_DigestFinal(&mdctx, md5pw, &md_len);
+ mdctx = EVP_MD_CTX_new();
+ EVP_DigestInit(mdctx, EVP_md5());
+ EVP_DigestUpdate(mdctx, Password, strlen(Password));
+ EVP_DigestFinal(mdctx, md5pw, &md_len);
+ EVP_MD_CTX_free(mdctx);
/* see if we have a reusable connection available */
ICC_Active = NULL;
Description: Remove unused variables
Author: Richard Laager <rlaa...@wiktel.com>
Forwarded: no
Last-Update: 2016-11-23
--- a/src/main.c
+++ b/src/main.c
@@ -186,10 +186,11 @@
**
*/
-
+#if 0
static char *sourceRevision = "$Revision$";
static char *sourceVersion = "$Id$";
static char *sourceAuthor = "$Author$";
+#endif
#define _REENTRANT
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-imapproxy mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-imapproxy@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.imapproxy
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-imapproxy
