summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
diff options
context:
space:
mode:
authorJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-04-27 16:10:21 +0000
committerJacek Masiulaniec <jacekm@cvs.openbsd.org>2009-04-27 16:10:21 +0000
commitbdf31a7d412ccbd27eca1a1a5b67974888454fb9 (patch)
tree54c9502c7c213a6699480f925cca76111423a2a3 /usr.sbin/smtpd
parent94f23b5da4f804d8c1bec96d6939c985700d86b0 (diff)
Disable EV_READ when setting F_QUIT flag up. Malicious client may
send more commands after QUIT, these must not be processed; ok gilles@
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r--usr.sbin/smtpd/smtp_session.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index 15bfd401ea5..82921b3e57a 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp_session.c,v 1.74 2009/04/24 15:26:59 jacekm Exp $ */
+/* $OpenBSD: smtp_session.c,v 1.75 2009/04/27 16:10:20 jacekm Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -437,6 +437,7 @@ session_rfc5321_quit_handler(struct session *s, char *args)
session_respond(s, "221 %s Closing connection", s->s_env->sc_hostname);
s->s_flags |= F_QUIT;
+ bufferevent_disable(s->s_bev, EV_READ);
return 1;
}
@@ -697,8 +698,9 @@ session_pickup(struct session *s, struct submit_status *ss)
return;
tempfail:
- s->s_flags |= F_QUIT;
session_respond(s, "421 Service temporarily unavailable");
+ s->s_flags |= F_QUIT;
+ bufferevent_disable(s->s_bev, EV_READ);
return;
}
@@ -740,6 +742,7 @@ read:
if (EVBUFFER_LENGTH(bev->input) > SMTP_ANYLINE_MAX) {
session_respond(s, "500 Line too long");
s->s_flags |= F_QUIT;
+ bufferevent_disable(s->s_bev, EV_READ);
}
return;
}
@@ -915,9 +918,10 @@ session_error(struct bufferevent *bev, short event, void *p)
* but set F_QUIT flag so that we destroy it as
* soon as the event lock is removed.
*/
- if (s->s_flags & F_EVLOCKED)
+ if (s->s_flags & F_EVLOCKED) {
s->s_flags |= F_QUIT;
- else
+ bufferevent_disable(s->s_bev, EV_READ);
+ } else
session_destroy(s);
}