diff options
| author | Sam Varshavchik | 2022-01-15 09:35:42 -0500 |
|---|---|---|
| committer | Sam Varshavchik | 2022-01-15 09:35:42 -0500 |
| commit | 6d54a8a93311b6bb0eedae79cf4bde01d0955708 (patch) | |
| tree | f19ef3b113bf73af119f0bb2e3cbf5f10648be51 /tcpd | |
| parent | ba64de5232d3b0124e540124fcded55f8c4d42ab (diff) | |
| download | courier-libs-6d54a8a93311b6bb0eedae79cf4bde01d0955708.tar.bz2 | |
Set an ALARM timer to kill libcouriertls.
Diffstat (limited to 'tcpd')
| -rw-r--r-- | tcpd/libcouriertls.c | 6 | ||||
| -rw-r--r-- | tcpd/starttls.c | 17 |
2 files changed, 22 insertions, 1 deletions
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c index 39c7d49..7c42f19 100644 --- a/tcpd/libcouriertls.c +++ b/tcpd/libcouriertls.c @@ -67,11 +67,15 @@ struct proto_ops { #define SSL_OP_NO_RENEGOTIATION 0 #endif +#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0 +#endif + struct proto_ops op_list[] = { #ifdef SSL_OP_NO_TLSv1 #ifdef SSL_OP_NO_TLSv1_1 - { "TLSv1.2++", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION }, + { "TLSv1.2++", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION|SSL_OP_CIPHER_SERVER_PREFERENCE}, { "TLSv1.2+", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 }, { "TLSv1.2", &SSLv23_method, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 }, #endif diff --git a/tcpd/starttls.c b/tcpd/starttls.c index 76fcf3b..6e6229b 100644 --- a/tcpd/starttls.c +++ b/tcpd/starttls.c @@ -20,6 +20,7 @@ #include <stdlib.h> #include <ctype.h> #include <netdb.h> +#include <signal.h> #if HAVE_DIRENT_H #include <dirent.h> #define NAMLEN(dirent) strlen((dirent)->d_name) @@ -526,6 +527,21 @@ static int connect_completed(ssl_handle ssl, int fd) return (1); } +static void child_handler() +{ + alarm(10); +} + +static void trapexit() +{ + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + + sa.sa_handler=child_handler; + sigaction(SIGCHLD, &sa, NULL); +} + static int dossl(int fd, int argn, int argc, char **argv) { ssl_context ctx; @@ -563,6 +579,7 @@ static int dossl(int fd, int argn, int argc, char **argv) } startclient(argn, argc, argv, fd, &stdin_fd, &stdout_fd); + trapexit(); if (username) libmail_changeusername(username, 0); |