diff options
| -rw-r--r-- | bin/sh/miscbltin.c | 2 | ||||
| -rw-r--r-- | contrib/dma/conf.c | 7 | ||||
| -rw-r--r-- | contrib/dma/dma.conf | 3 | ||||
| -rw-r--r-- | contrib/dma/dma.h | 1 | ||||
| -rw-r--r-- | contrib/dma/net.c | 2 | ||||
| -rw-r--r-- | sys/security/mac_do/mac_do.c | 16 | ||||
| -rw-r--r-- | tests/sys/mac/do/invalid_configs.sh | 14 |
7 files changed, 35 insertions, 10 deletions
diff --git a/bin/sh/miscbltin.c b/bin/sh/miscbltin.c index f96f96ba43d2..d75d33902458 100644 --- a/bin/sh/miscbltin.c +++ b/bin/sh/miscbltin.c @@ -516,7 +516,7 @@ static const struct limits limits[] = { { "umtx shared locks", (char *)0, RLIMIT_UMTXP, 1, 'o' }, #endif #ifdef RLIMIT_PIPEBUF - { "pipebuf", (char *)0, RLIMIT_PIPEBUF, 1024, 'y' }, + { "pipebuf", "kbytes", RLIMIT_PIPEBUF, 1024, 'y' }, #endif #ifdef RLIMIT_VMM { "virtual machines", (char *)0, RLIMIT_VMM, 1, 'V' }, diff --git a/contrib/dma/conf.c b/contrib/dma/conf.c index 13cfac7a6de4..947e0a6cdec1 100644 --- a/contrib/dma/conf.c +++ b/contrib/dma/conf.c @@ -198,6 +198,8 @@ parse_conf(const char *config_path) config.authpath= data; else if (strcmp(word, "CERTFILE") == 0 && data != NULL) config.certfile = data; + else if (strcmp(word, "LMTP") == 0 && data == NULL) + config.features |= LMTP; else if (strcmp(word, "MAILNAME") == 0 && data != NULL) config.mailname = data; else if (strcmp(word, "MASQUERADE") == 0 && data != NULL) { @@ -257,5 +259,10 @@ parse_conf(const char *config_path) /* NOTREACHED */ } + if ((config.features & LMTP) && (config.features & (TLS_OPP | STARTTLS | SECURETRANSFER))) { + errlogx(EX_CONFIG, "%s: LMTP does not support TLS", config_path); + /* NOTREACHED */ + } + fclose(conf); } diff --git a/contrib/dma/dma.conf b/contrib/dma/dma.conf index fa95fc1a0c22..e5f414b235bf 100644 --- a/contrib/dma/dma.conf +++ b/contrib/dma/dma.conf @@ -68,3 +68,6 @@ # Directly forward the mail to the SMARTHOST bypassing aliases and local delivery #NULLCLIENT + +# Use LMTP instead of SMTP for relaying +#LMTP diff --git a/contrib/dma/dma.h b/contrib/dma/dma.h index 9e7f6cd2c431..ae03075c0892 100644 --- a/contrib/dma/dma.h +++ b/contrib/dma/dma.h @@ -70,6 +70,7 @@ #define FULLBOUNCE 0x040 /* Bounce the full message */ #define TLS_OPP 0x080 /* Opportunistic STARTTLS */ #define NULLCLIENT 0x100 /* Nullclient support */ +#define LMTP 0x400 /* Use LMTP instead of SMTP with the relay */ #ifndef CONF_PATH #error Please define CONF_PATH diff --git a/contrib/dma/net.c b/contrib/dma/net.c index 0079875a22e0..02a31e9673a7 100644 --- a/contrib/dma/net.c +++ b/contrib/dma/net.c @@ -390,7 +390,7 @@ int perform_server_greeting(int fd, struct smtp_features* features) { Send EHLO XXX allow HELO fallback */ - send_remote_command(fd, "EHLO %s", hostname()); + send_remote_command(fd, "%s %s", config.features & LMTP ? "LHLO" : "EHLO", hostname()); char buffer[EHLO_RESPONSE_SIZE]; memset(buffer, 0, sizeof(buffer)); diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 93f2084d1c93..7bb3e2a150c5 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -390,6 +390,7 @@ toast_rules(struct rules *const rules) free(rule->gids, M_MAC_DO); free(rule, M_MAC_DO); } + STAILQ_INIT(head); } static inline void @@ -1071,13 +1072,13 @@ einval: /* * Parse rules specification and produce rule structures out of it. * - * Must be called with '*parse_error' set to NULL. Returns 0 on success, with - * '*rulesp' made to point to a 'struct rule' representing the rules. On error, - * the returned value is non-zero and '*rulesp' is unchanged. If 'string' has - * length greater or equal to MAX_RULE_STRING_SIZE, ENAMETOOLONG is returned. If - * it is not in the expected format, EINVAL is returned. If an error is - * returned, '*parse_error' is set to point to a 'struct parse_error' giving an - * error message for the problem. + * Must be called with '*parse_error' set to NULL. Returns 0 on success, + * filling the passed '*rules' with 'struct rule' objects. On error, the + * returned value is non-zero, and '*rules' may have been changed. If 'string' + * has length greater or equal to MAX_RULE_STRING_SIZE, ENAMETOOLONG is + * returned. If it is not in the expected format, EINVAL is returned. If an + * error is returned, '*parse_error' is set to point to a 'struct parse_error' + * giving an error message for the problem. * * Expected format: A >-colon-separated list of rules of the form * "<from>><target>" (for backwards compatibility, a semi-colon ":" is accepted @@ -1123,7 +1124,6 @@ parse_rules(const char *const string, struct rules *const rules, error = parse_single_rule(rule, rules, parse_error); if (error != 0) { (*parse_error)->pos += rule - copy; - toast_rules(rules); goto error; } } diff --git a/tests/sys/mac/do/invalid_configs.sh b/tests/sys/mac/do/invalid_configs.sh index d1a9eb8c1e96..91e38a0055c0 100644 --- a/tests/sys/mac/do/invalid_configs.sh +++ b/tests/sys/mac/do/invalid_configs.sh @@ -72,6 +72,19 @@ rules_wrong_separator_body() sysctl_set_and_check_fails_rules "uid=1001>gid=0:gid=1001>gid=5" } +# Added after observing a panic() in this situation because of a double-free +# after introduction of "exec_paths". +atf_test_case non_first_rule_unparseable +non_first_rule_unparseable_head() +{ + atf_set descr "Non-first rule wrong" +} + +non_first_rule_unparseable_body() +{ + sysctl_set_and_check_fails_rules "gid=1001>uid=0;hello" +} + atf_init_test_cases() { @@ -83,4 +96,5 @@ atf_init_test_cases() atf_add_test_case rule_user_names_fail atf_add_test_case rule_group_names_fail atf_add_test_case rules_wrong_separator + atf_add_test_case non_first_rule_unparseable } |