fetchmail-6.3.20 (not yet released):
-# SECURITY FIXES
-* Fetchmail's socket timeout handling was incomplete. Network outages in the
- wrong phase of a communication, combined with unlucky operating systems and
- their defaults, could cause fetchmail to hang for extended amounts of time.
- Freezes for beyond a week were reported by Thomas Jarosch. Fetchmail sets
- UNIX- and Internet-domain socket send and receive timeouts now.
- This fixes a hang during STARTTLS negotiation reported by Thomas Jarosch.
-
# CHANGES
* fetchmail now always uses its own MD5 implementation. The library and header
variants are too diverse, and we've been bitten before -- and configure
--- /dev/null
+- fix STARTTLS timeouts by setting socket timings
+ possibly using a different structure than an int to save the fd
+ and SSL context -- and then also timeout?
+ Or just make set_timeout take an optional fd, which, when != -1,
+ also sets the socket timeouts?
+
+- make SSLv2 removal dependent on openssl configuration
+ (see Debian FTBFS bug for how to detect that in configure)
+
+- make --with-ssl default?
+
{
SIGHANDLERTYPE alrmsave;
char reply[MSGBUFSIZE], *i;
- int tmo = (mytimeout >= mintimeout) ? mytimeout : mintimeout;
/* set an alarm for smtp ok */
alrmsave = set_signal_handler(SIGALRM, null_signal_handler);
- set_timeout(tmo);
- SockTimeout(sock, tmo);
+ set_timeout(mytimeout >= mintimeout ? mytimeout : mintimeout);
smtp_response[0] = '\0';
}
#endif /* HAVE_SOCKETPAIR */
-static int setsocktimeout(int sock, int which, int timeout) {
- struct timeval tv;
- int rc;
-
- tv.tv_sec = timeout;
- tv.tv_usec = 0;
- rc = setsockopt(sock, SOL_SOCKET, which, &tv, sizeof(tv));
- if (rc) {
- report(stderr, GT_("setsockopt(%d, SOL_SOCKET) failed: %s\n"), sock, strerror(errno));
- }
- return rc;
-}
-
-/** Configure socket options such as send/receive timeout at the socket
- * level, to avoid network-induced stalls.
- */
-int SockTimeout(int sock, int timeout)
-{
- int err = 0;
-
- if (setsocktimeout(sock, SO_RCVTIMEO, timeout)) err = 1;
- if (setsocktimeout(sock, SO_SNDTIMEO, timeout)) err = 1;
- return err;
-}
-
/** Set socket to SO_KEEPALIVE. \return 0 for success. */
int SockKeepalive(int sock) {
int keepalive = 1;
*/
mailserver_socket_temp = sock;
- SockTimeout(sock, mytimeout);
if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0)
{
int olderr = errno;
continue;
}
- SockTimeout(i, mytimeout);
SockKeepalive(i);
/* Save socket descriptor.
#endif
vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
- SockTimeout(sock, mytimeout);
return SockWrite(sock, buf, strlen(buf));
+
}
#ifdef SSL_ENABLE
/** Create a new client socket; returns -1 on error */
int SockOpen(const char *host, const char *service, const char *plugin, struct addrinfo **);
-/** Sets the send/receive timeouts for socket \a sock to \a timeout
- * seconds. \return zero on success. */
-int SockTimeout(int sock, int timeout);
/**
Get a string terminated by an '\n' (matches interface of fgets).
char *sp, *tp;
set_timeout(mytimeout);
- SockTimeout(sock, mytimeout);
if ((n = SockRead(sock, buf, sizeof(buf)-1)) == -1) {
set_timeout(0);
free(line);
while (protocol->delimited || len > 0)
{
set_timeout(mytimeout);
- SockTimeout(sock, mytimeout);
/* XXX FIXME: for undelimited protocols that ship the size, such
* as IMAP, we might want to use the count of remaining characters
* instead of the buffer size -- not for fetchmail 6.3.X though */
va_end(ap);
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
- SockTimeout(sock, mytimeout);
SockWrite(sock, buf, strlen(buf));
if (outlevel >= O_MONITOR)
phase = SERVER_WAIT;
set_timeout(mytimeout);
- SockTimeout(sock, mytimeout);
if (SockRead(sock, buf, size) == -1)
{
set_timeout(0);
phase = SERVER_WAIT;
set_timeout(mytimeout);
- SockTimeout(sock, mytimeout);
rr = SockRead(sock, buf + n, size - n);
set_timeout(0);
phase = oldphase;
va_end(ap);
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
- SockTimeout(sock, mytimeout);
ok = SockWrite(sock, buf, strlen(buf));
if (ok == -1 || (size_t)ok != strlen(buf)) {
/* short write, bail out */