From: Matthias Andree <matthias.andree@gmx.de>
Date: Wed, 25 May 2011 23:47:41 +0000 (+0200)
Subject: Run S(TART)TLS negotiation under timeout alarm.
X-Git-Url: http://pileus.org/git/?a=commitdiff_plain;h=1e13bb35731999c4668883acd404ede047793e1e;p=~andy%2Ffetchmail

Run S(TART)TLS negotiation under timeout alarm.

Reported missing by Thomas Jarosch.
---

diff --git a/imap.c b/imap.c
index dca3bab9..397b391b 100644
--- a/imap.c
+++ b/imap.c
@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	     * whether TLS is mandatory or opportunistic unless SSLOpen() fails
 	     * (see below). */
 	    if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
-		    && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+		    && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
 			ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-			ctl->server.pollname, &ctl->remotename) != -1)
+			ctl->server.pollname, &ctl->remotename)) != -1)
 	    {
 		/*
 		 * RFC 2595 says this:
@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
 	    } else if (must_tls(ctl)) {
 		/* Config required TLS but we couldn't guarantee it, so we must
 		 * stop. */
+		set_timeout(0);
 		report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
 		return PS_SOCKET;
 	    } else {
+		set_timeout(0);
 		if (outlevel >= O_VERBOSE) {
 		    report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
 		}
diff --git a/pop3.c b/pop3.c
index 3def391b..9cf84944 100644
--- a/pop3.c
+++ b/pop3.c
@@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 		* whether TLS is mandatory or opportunistic unless SSLOpen() fails
 		* (see below). */
 	       if (gen_transact(sock, "STLS") == PS_SUCCESS
-		       && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+		       && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
 			   ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-			   ctl->server.pollname, &ctl->remotename) != -1)
+			   ctl->server.pollname, &ctl->remotename)) != -1)
 	       {
 		   /*
 		    * RFC 2595 says this:
@@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 		    * Now that we're confident in our TLS connection we can
 		    * guarantee a secure capability re-probe.
 		    */
+		   set_timeout(0);
 		   done_capa = FALSE;
 		   ok = capa_probe(sock);
 		   if (ok != PS_SUCCESS) {
@@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 	       } else if (must_tls(ctl)) {
 		   /* Config required TLS but we couldn't guarantee it, so we must
 		    * stop. */
+		   set_timeout(0);
 		   report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
 		   return PS_SOCKET;
 	       } else {
@@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
 		    * allowed til post-authentication), so leave it in an unknown
 		    * state, mark it as such, and check more carefully if things
 		    * go wrong when we try to authenticate. */
+		   set_timeout(0);
 		   connection_may_have_tls_errors = TRUE;
 		   if (outlevel >= O_VERBOSE)
 		   {