From 9d3d7518fd72d52a27ad38403f1dc3eea2be0e0e Mon Sep 17 00:00:00 2001 From: Sebijk Date: Fri, 28 Feb 2025 00:42:52 +0100 Subject: [PATCH 1/5] openssl to 3.4.1, mariadb connector to 3.4.4, set build env to ubuntu 22.04. --- docker/Dockerfile | 17 +++++++++-------- src/buildno | 2 +- src/dist/CMakeLists.txt | 4 ++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index d877b46..d2f78ee 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,26 +1,27 @@ -FROM ubuntu:xenial AS build-stage +FROM ubuntu:jammy AS build-stage ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ apt-get install -y build-essential git cmake autoconf libtool pkg-config \ - zlib1g-dev libncurses5-dev php7.0-cli wget + zlib1g-dev libncurses5-dev php-cli wget RUN mkdir -p /buildenv/include WORKDIR /src/buildenv -RUN wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz -RUN tar xzf openssl-1.1.1w.tar.gz -RUN cd openssl-1.1.1w && ./config --prefix=/buildenv shared && make -j && make install && cd .. +RUN wget https://github.com/openssl/openssl/releases/download/openssl-3.4.1/openssl-3.4.1.tar.gz +RUN tar xzf openssl-3.4.1.tar.gz +RUN cd openssl-3.4.1 && ./config --prefix=/buildenv --openssldir=/buildenv --libdir=lib shared && make -j && make install && cd .. +RUN cd /buildenv && ln -s lib64 lib && cd .. RUN wget https://invisible-mirror.net/archives/dialog/dialog-1.3-20160828.tgz RUN tar xzf dialog-1.3-20160828.tgz RUN cd dialog-1.3-20160828 && ./configure --disable-widec --prefix=/buildenv && make -j && make install && cp dlg_config.h dialog.h /buildenv/include && cd .. -RUN wget https://dlm.mariadb.com/3677127/Connectors/c/connector-c-3.3.8/mariadb-connector-c-3.3.8-src.tar.gz -RUN tar xzf mariadb-connector-c-3.3.8-src.tar.gz -RUN cd mariadb-connector-c-3.3.8-src && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/buildenv .. && make -j && make install && cd .. +RUN wget https://dlm.mariadb.com/4047871/Connectors/c/connector-c-3.4.4/mariadb-connector-c-3.4.4-src.tar.gz +RUN tar xzf mariadb-connector-c-3.4.4-src.tar.gz +RUN cd mariadb-connector-c-3.4.4-src && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/buildenv .. && make -j && make install && cd .. RUN wget http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-8.45.tar.gz RUN tar xzf pcre-8.45.tar.gz diff --git a/src/buildno b/src/buildno index 6de8f79..36bba9a 100644 --- a/src/buildno +++ b/src/buildno @@ -1 +1 @@ -3306 +3310 diff --git a/src/dist/CMakeLists.txt b/src/dist/CMakeLists.txt index 3f8f3e5..d7a08c7 100644 --- a/src/dist/CMakeLists.txt +++ b/src/dist/CMakeLists.txt @@ -87,13 +87,13 @@ add_custom_command( add_custom_command( TARGET ${NAME}-copy COMMAND ${CMAKE_COMMAND} -E copy - /buildenv/lib/libssl.so.*.* + /buildenv/lib/libssl.so.* ${CMAKE_CURRENT_BINARY_DIR}/package/libs/ ) add_custom_command( TARGET ${NAME}-copy COMMAND ${CMAKE_COMMAND} -E copy - /buildenv/lib/libcrypto.so.*.* + /buildenv/lib/libcrypto.so.* ${CMAKE_CURRENT_BINARY_DIR}/package/libs/ ) add_dependencies(${NAME}-copy b1gmailserver bms-queue setup) From 4d110c66bae84c06d9e1b6632eff33a1d6c79e28 Mon Sep 17 00:00:00 2001 From: Patrick Schlangen Date: Mon, 10 Mar 2025 12:58:36 +0000 Subject: [PATCH 2/5] Attempt to fix OpenSSL linking --- docker/Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index d2f78ee..b299da2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -12,8 +12,7 @@ WORKDIR /src/buildenv RUN wget https://github.com/openssl/openssl/releases/download/openssl-3.4.1/openssl-3.4.1.tar.gz RUN tar xzf openssl-3.4.1.tar.gz -RUN cd openssl-3.4.1 && ./config --prefix=/buildenv --openssldir=/buildenv --libdir=lib shared && make -j && make install && cd .. -RUN cd /buildenv && ln -s lib64 lib && cd .. +RUN cd openssl-3.4.1 && ./config --prefix=/buildenv --openssldir=/buildenv/usr/ssl --libdir=lib shared && make -j && make -j install && cd .. RUN wget https://invisible-mirror.net/archives/dialog/dialog-1.3-20160828.tgz RUN tar xzf dialog-1.3-20160828.tgz @@ -21,7 +20,7 @@ RUN cd dialog-1.3-20160828 && ./configure --disable-widec --prefix=/buildenv && RUN wget https://dlm.mariadb.com/4047871/Connectors/c/connector-c-3.4.4/mariadb-connector-c-3.4.4-src.tar.gz RUN tar xzf mariadb-connector-c-3.4.4-src.tar.gz -RUN cd mariadb-connector-c-3.4.4-src && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/buildenv .. && make -j && make install && cd .. +RUN cd mariadb-connector-c-3.4.4-src && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/buildenv -DOPENSSL_ROOT_DIR=/buildenv .. && make -j && make install && cd .. RUN wget http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-8.45.tar.gz RUN tar xzf pcre-8.45.tar.gz @@ -29,7 +28,7 @@ RUN cd pcre-8.45 && ./configure --prefix=/buildenv --enable-shared --disable-sta COPY ./src /src/b1gmailserver WORKDIR /src/b1gmailserver/build -RUN cmake -DCMAKE_INSTALL_PREFIX=/buildenv -DCMAKE_BUILD_TYPE=Release .. && make -j && make dist +RUN cmake -DCMAKE_INSTALL_PREFIX=/buildenv -DOPENSSL_ROOT_DIR=/buildenv -DCMAKE_BUILD_TYPE=Release .. && make -j && make dist FROM scratch AS export-stage COPY --from=build-stage /src/b1gmailserver/build/dist/*.run / From 341c83ab8f49c59f2dcbef53cc0855601b60a31a Mon Sep 17 00:00:00 2001 From: Patrick Schlangen Date: Mon, 10 Mar 2025 13:22:04 +0000 Subject: [PATCH 3/5] docker: Disable tests during OpenSSL build --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index b299da2..b4d4740 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -12,7 +12,7 @@ WORKDIR /src/buildenv RUN wget https://github.com/openssl/openssl/releases/download/openssl-3.4.1/openssl-3.4.1.tar.gz RUN tar xzf openssl-3.4.1.tar.gz -RUN cd openssl-3.4.1 && ./config --prefix=/buildenv --openssldir=/buildenv/usr/ssl --libdir=lib shared && make -j && make -j install && cd .. +RUN cd openssl-3.4.1 && ./config --prefix=/buildenv --openssldir=/buildenv/usr/ssl --libdir=lib no-tests shared && make -j && make -j install && cd .. RUN wget https://invisible-mirror.net/archives/dialog/dialog-1.3-20160828.tgz RUN tar xzf dialog-1.3-20160828.tgz From 2df58c6bf76a6a3512643b7f79c89b2738e82946 Mon Sep 17 00:00:00 2001 From: Patrick Schlangen Date: Mon, 10 Mar 2025 13:22:36 +0000 Subject: [PATCH 4/5] Fix compiler warning, address OpenSSL deprecation warnings - Remove tls_dh code in favor of OpenSSL's auto mode - Use new hashing API - Add missing return value checks --- src/CMakeLists.txt | 1 - src/core/servicesession.cpp | 4 + src/core/tls_dh.cpp | 191 ------------------------------------ src/core/tls_dh.h | 33 ------- src/core/utils.cpp | 97 +++++------------- src/core/utils.h | 3 - src/http/http.cpp | 4 +- src/io.cpp | 4 + src/main.cpp | 5 +- src/make_win32.bat | 2 - src/sendmail/socket.cpp | 2 +- 11 files changed, 37 insertions(+), 309 deletions(-) delete mode 100644 src/core/tls_dh.cpp delete mode 100644 src/core/tls_dh.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 7de5f58..edbafcb 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -53,7 +53,6 @@ set(SOURCES core/socket.cpp core/sqlite.cpp core/threadpool.cpp - core/tls_dh.cpp core/utils.cpp core/win_compat.cpp http/http.cpp diff --git a/src/core/servicesession.cpp b/src/core/servicesession.cpp index 22fb9cc..f6072f0 100644 --- a/src/core/servicesession.cpp +++ b/src/core/servicesession.cpp @@ -275,6 +275,10 @@ int ServiceSession::vprintf(const char *str, va_list list) #ifndef WIN32 char *szSSLString = NULL; result = vasprintf(&szSSLString, str, list); + if (result < 0) + { + return result; + } #else int result = _vscprintf(str, list); char *szSSLString = (char *)malloc(result+1); diff --git a/src/core/tls_dh.cpp b/src/core/tls_dh.cpp deleted file mode 100644 index 5245a98..0000000 --- a/src/core/tls_dh.cpp +++ /dev/null @@ -1,191 +0,0 @@ -/* - * b1gMailServer - * Copyright (c) 2002-2022 - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - */ - -#include - -DH *get_dh512() -{ - static unsigned char dh512_p[]={ - 0x8C,0x1D,0xDF,0xC3,0xDA,0xB9,0x4F,0x9E,0xC5,0x7D,0x39,0x23, - 0xB3,0x7D,0x11,0x5D,0x3A,0xB7,0x68,0x60,0x99,0x58,0x08,0xB0, - 0xCC,0x31,0x2B,0x62,0xA8,0x66,0xCB,0x16,0x2C,0x72,0xF1,0x9D, - 0xBF,0xF5,0x2D,0x79,0x04,0x3C,0x9E,0xF5,0x06,0x64,0x0E,0xBB, - 0xDE,0x84,0xB5,0x1D,0x5A,0x27,0xCE,0xCE,0x65,0xDF,0xE3,0xF4, - 0x39,0x80,0x67,0x43, - }; - static unsigned char dh512_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - BIGNUM *p = BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - BIGNUM *g = BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); - - if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { - DH_free(dh); - BN_free(p); - BN_free(g); - } - - return(dh); -} - -DH *get_dh1024() -{ - static unsigned char dh1024_p[]={ - 0xDB,0xFC,0xC5,0x2F,0x68,0x2B,0x0E,0xDD,0xB4,0x95,0x79,0x96, - 0xF9,0x08,0x15,0x0D,0x76,0x1C,0xE7,0x0A,0x4D,0xC1,0x74,0xDC, - 0x76,0x53,0xCF,0x01,0x0A,0xCD,0xB1,0x27,0xD2,0xA3,0xB0,0x42, - 0xA3,0x8F,0xF4,0x68,0x7A,0x45,0x6C,0x2F,0x97,0x61,0x1F,0xE9, - 0x50,0xE2,0x68,0xED,0x95,0xD6,0x2D,0x86,0xBD,0xFD,0x31,0xD2, - 0x7D,0xDB,0xC1,0x82,0xF5,0x66,0x2A,0x34,0xB3,0x2B,0xAF,0x28, - 0x3A,0x5D,0x35,0x5D,0x92,0xEA,0x53,0x03,0xD0,0x9C,0x92,0xDD, - 0xF1,0x50,0xC5,0xF0,0x41,0x40,0xED,0x84,0x41,0xB3,0x2A,0x23, - 0xA8,0xBC,0x55,0x4C,0xB6,0x0C,0xFE,0x1E,0x0A,0xA8,0x0C,0x14, - 0xCD,0xCA,0x63,0xE7,0x60,0xD4,0x52,0x0F,0xB3,0x1B,0x58,0x89, - 0xA8,0x45,0x6F,0xBD,0xA4,0x0C,0x8F,0x33, - }; - static unsigned char dh1024_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - BIGNUM *p = BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); - BIGNUM *g = BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); - - if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { - DH_free(dh); - BN_free(p); - BN_free(g); - } - - return(dh); -} - -DH *get_dh2048() -{ - static unsigned char dh2048_p[]={ - 0xB6,0x9E,0x2F,0xC8,0x1E,0x5D,0xCD,0x2B,0x6A,0x70,0xED,0x4C, - 0xDA,0x44,0x8D,0x22,0xA9,0x0A,0x33,0x05,0x6F,0xBF,0xCE,0xA4, - 0x3C,0xCA,0x9E,0xDF,0x3C,0x12,0x7A,0x9A,0xEA,0x12,0x61,0xFA, - 0x54,0xBB,0x02,0xD5,0xD2,0x24,0x1D,0xB7,0x99,0x19,0x60,0x13, - 0x72,0xB9,0x57,0x0F,0x28,0xFA,0xB6,0xA6,0xBA,0x18,0x81,0x5A, - 0x1A,0x3D,0xF6,0xCC,0x95,0xD7,0xB0,0x7F,0x11,0xE9,0xFF,0xEF, - 0xCC,0xA4,0x33,0x21,0xC0,0xE3,0xF4,0x15,0x58,0x08,0x99,0xAA, - 0x57,0xC6,0x6D,0xC9,0x93,0xAE,0x10,0x60,0xD7,0x10,0x18,0xC8, - 0x13,0xAB,0x99,0x05,0x97,0xF3,0x78,0xA3,0xD4,0xD2,0x22,0xFE, - 0x85,0x3F,0xBE,0x8D,0x62,0xAA,0xFC,0x9D,0x80,0x27,0xD9,0x75, - 0x3C,0x0D,0xAD,0xF1,0x88,0x32,0x06,0x81,0x97,0x3F,0x53,0xC0, - 0x0F,0x0A,0xDB,0x2A,0xD0,0xD3,0x40,0xCA,0x37,0x64,0xD4,0x1B, - 0xCC,0xFF,0xAC,0xB0,0xFD,0x7E,0xE3,0x8D,0x3C,0xD3,0xEF,0x0E, - 0xDA,0x87,0xFD,0xEC,0x8B,0x35,0x0D,0x42,0x42,0x62,0x42,0x6B, - 0xC9,0x82,0x20,0x0C,0x46,0x5B,0xAE,0x26,0x92,0x06,0x30,0x22, - 0x70,0x57,0x20,0xCC,0xD3,0xF5,0x5C,0x5A,0x5C,0xCD,0x05,0x7A, - 0xFC,0x1A,0x59,0x38,0x4E,0xEA,0x89,0x75,0x18,0x30,0xEF,0xB8, - 0x3A,0x1E,0x55,0x2A,0xC7,0xC0,0x46,0x38,0x98,0x51,0x90,0xFC, - 0xE7,0x07,0xCC,0xE5,0x50,0x17,0xB2,0x38,0x2F,0xF4,0x3B,0xF8, - 0x8E,0xFD,0xCC,0x7B,0xF8,0xA8,0xB3,0xB2,0x64,0x5F,0x23,0xDD, - 0xA9,0xD5,0x4D,0x3E,0xCA,0x22,0xD1,0x74,0xCD,0x42,0x03,0xBE, - 0x77,0x7D,0x71,0xFB, - }; - static unsigned char dh2048_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - BIGNUM *p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - BIGNUM *g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - - if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { - DH_free(dh); - BN_free(p); - BN_free(g); - } - - return(dh); -} - -DH *get_dh4096() -{ - static unsigned char dh4096_p[]={ - 0xDC,0x18,0x67,0x07,0x1E,0x87,0x19,0xC6,0x6A,0xC1,0x4D,0x8A, - 0x90,0xB4,0x7A,0x77,0xE3,0x06,0xB4,0x30,0xCA,0x7D,0xF4,0x77, - 0x15,0x85,0xD1,0x6F,0xF8,0x4C,0xEC,0x46,0xA0,0xA3,0x1C,0x99, - 0x0C,0x78,0xB3,0x72,0x84,0x24,0x25,0x07,0x87,0xB9,0xC5,0xA6, - 0xC5,0x46,0xBF,0x40,0x63,0x4E,0x2A,0x68,0xAE,0xA2,0x39,0xBC, - 0xC9,0x19,0xFB,0x38,0x4B,0xCA,0xE6,0xBB,0xA7,0x8A,0x2E,0xC9, - 0xFB,0x7A,0xF8,0x87,0x97,0xB8,0x3D,0x01,0x85,0x8A,0x35,0xC5, - 0xDC,0x5D,0x49,0xA9,0x55,0x0F,0x04,0xB3,0xDE,0x54,0x3D,0x29, - 0x8F,0xB5,0xE2,0x45,0x27,0xF2,0xFD,0x34,0x78,0x84,0x5A,0xF4, - 0x8A,0xD5,0x83,0xEF,0x7D,0xCD,0xA1,0x17,0x77,0xAD,0xA5,0x1F, - 0xA3,0xDE,0x19,0xAF,0x5B,0x3F,0x06,0xF2,0x0C,0xA4,0xEB,0x49, - 0x55,0x90,0x19,0x49,0x3A,0x14,0x3C,0x9C,0x4A,0x29,0x95,0xE2, - 0x1B,0x8B,0xF1,0xF8,0xB9,0x64,0x35,0x5D,0xE8,0x6E,0xC3,0x7E, - 0x11,0x73,0x5F,0x40,0x7D,0xDC,0xF0,0x08,0x85,0x2C,0xB0,0xC2, - 0xB1,0xEA,0x21,0x77,0x68,0xB3,0x9E,0xA6,0xC4,0x20,0x2D,0x9D, - 0x07,0x00,0x94,0xCC,0xE6,0xDC,0x2F,0xFB,0x24,0x6D,0x4E,0x6C, - 0xC4,0x8E,0x64,0x0A,0xE3,0xFB,0x1D,0x37,0xFE,0x6B,0xB7,0x27, - 0x15,0x89,0xFD,0x00,0x48,0x91,0xA7,0x38,0xD2,0xD2,0x5A,0x06, - 0xD7,0x37,0x16,0xE6,0x71,0x69,0xB7,0x1C,0x49,0x31,0xE2,0x68, - 0x3A,0x90,0xAA,0x08,0x7F,0x7E,0x50,0xCE,0x12,0x74,0x0F,0x80, - 0xB5,0x8F,0xDE,0xC7,0x8B,0x9D,0x13,0x7D,0x49,0x6C,0x77,0x84, - 0x14,0x4B,0xBC,0x42,0x37,0xE6,0xF3,0x83,0x0D,0xDB,0x2B,0xC4, - 0x8C,0x6C,0x27,0xDC,0x31,0xB8,0x59,0x35,0x08,0x19,0x27,0xCF, - 0xE8,0xAA,0xA9,0xF0,0x12,0x18,0x7A,0x65,0x68,0x88,0xEE,0xF1, - 0x63,0x45,0x67,0x2D,0xBB,0x60,0xE8,0xC8,0xEA,0x83,0x61,0x16, - 0x92,0x3D,0xFF,0x5A,0x6E,0xB5,0x60,0x82,0x84,0x95,0xEF,0x5B, - 0xA9,0x39,0x5E,0x5C,0x1F,0x95,0x0A,0x10,0x66,0x91,0x1B,0x45, - 0x3D,0xD3,0x79,0xDD,0x91,0xBA,0x55,0x37,0xB1,0xDB,0x8E,0x22, - 0x58,0x67,0x83,0xD9,0x11,0x99,0x83,0x40,0x3C,0xE0,0x1B,0x7E, - 0x00,0x05,0xE1,0xE7,0xB5,0x46,0x76,0x4F,0xF6,0xE6,0xDE,0x27, - 0x65,0xA7,0xFC,0x11,0x24,0xD1,0x66,0x9D,0xF2,0x7F,0x2C,0xE0, - 0xF9,0xE5,0xA2,0x51,0x42,0x2A,0x73,0x36,0xA8,0xC4,0x69,0x6D, - 0x83,0x8F,0xE0,0x36,0xFB,0xEB,0xF7,0x57,0xFF,0x76,0x0A,0x83, - 0xF1,0xC2,0xA6,0xBD,0xBB,0x0E,0x2E,0x17,0x80,0xFF,0x8D,0xDB, - 0x5E,0xD9,0x1F,0x5E,0x41,0x5B,0x66,0x44,0x53,0x01,0xD7,0x19, - 0x16,0x17,0xFA,0xB5,0xB1,0x93,0x80,0x60,0x27,0xF6,0x24,0x6B, - 0xF7,0x81,0x91,0x47,0x63,0xE4,0xBD,0x43,0x30,0x36,0xAF,0x28, - 0xE5,0xF2,0x35,0x74,0x56,0xA0,0x74,0x8C,0xC9,0xF9,0x18,0x7F, - 0x0E,0x85,0x0F,0xB8,0x7B,0x09,0x69,0x56,0x1C,0x0B,0x6D,0x33, - 0x65,0xEC,0xD0,0xB2,0x04,0x7A,0x44,0x16,0x64,0x42,0x1F,0x6E, - 0x05,0x1F,0xEB,0xFB,0x8E,0xAD,0xAD,0x5D,0x31,0xA5,0xD7,0x21, - 0x25,0x53,0xB4,0x26,0xA3,0x2D,0x4D,0xAE,0xE9,0xF0,0x0D,0x54, - 0x60,0xEA,0xF4,0x91,0x4D,0x8C,0x5E,0xAB, - }; - static unsigned char dh4096_g[]={ - 0x02, - }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - BIGNUM *p = BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL); - BIGNUM *g = BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL); - - if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { - DH_free(dh); - BN_free(p); - BN_free(g); - } - - return(dh); -} diff --git a/src/core/tls_dh.h b/src/core/tls_dh.h deleted file mode 100644 index 107cac0..0000000 --- a/src/core/tls_dh.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * b1gMailServer - * Copyright (c) 2002-2022 - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - */ - -#ifndef _CORE_TLS_DH_H -#define _CORE_TLS_DH_H - -#ifndef HEADER_DH_H -#include -#endif - -DH *get_dh512(); -DH *get_dh1024(); -DH *get_dh2048(); -DH *get_dh4096(); - -#endif diff --git a/src/core/utils.cpp b/src/core/utils.cpp index 02c2953..ac2667d 100644 --- a/src/core/utils.cpp +++ b/src/core/utils.cpp @@ -37,8 +37,7 @@ #include #include - -#include +#include #include @@ -296,55 +295,6 @@ void IPAddress::toCharBuff(char *buffer, int bufferLength) const } } -static DH *g_dh512 = NULL, *g_dh1024 = NULL, *g_dh2048 = NULL, *g_dh4096 = NULL; - -static DH *TLS_DHCallback(SSL *s, int is_export, int keylength) -{ - DH *result = NULL; - int type = EVP_PKEY_NONE; - - EVP_PKEY *pkey = SSL_get_privatekey(s); - if(pkey != NULL) - type = EVP_PKEY_base_id(pkey); - - if(type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) - { - keylength = EVP_PKEY_bits(pkey); - } - - switch(keylength) - { - case 512: - if(g_dh512 == NULL) - g_dh512 = get_dh512(); - result = g_dh512; - break; - - case 1024: - if(g_dh1024 == NULL) - g_dh1024 = get_dh1024(); - result = g_dh1024; - break; - - case 2048: - if(g_dh2048 == NULL) - g_dh2048 = get_dh2048(); - result = g_dh2048; - break; - - case 4096: - if(g_dh4096 == NULL) - g_dh4096 = get_dh4096(); - result = g_dh4096; - break; - - default: - break; - }; - - return(result); -} - string Utils::GetAPNSTopic() { string result, errMsg = "Unknown error"; @@ -575,7 +525,10 @@ int Utils::AddAbusePoint(int userID, int type, const char *comment, ...) va_start(list, comment); char *formattedComment = NULL; #ifndef WIN32 - vasprintf(&formattedComment, comment, list); + if (vasprintf(&formattedComment, comment, list) < 0) + { + return(0); + } #else int formattedCommentLength = _vscprintf(comment, list); formattedComment = new char[formattedCommentLength+1]; @@ -1985,15 +1938,6 @@ bool Utils::SetSocketRecvTimeout(int sock, int seconds) #endif } -void Utils::SetTLSDHParams(SSL_CTX *ssl_ctx, const char *dhPath) -{ - SSL_CTX_set_tmp_dh_callback(ssl_ctx, TLS_DHCallback); - - EC_KEY *ecDH = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - SSL_CTX_set_tmp_ecdh(ssl_ctx, ecDH); - EC_KEY_free(ecDH); -} - string Utils::CertHash() { #ifndef WIN32 @@ -2032,17 +1976,22 @@ string Utils::CertHash() if(i2d_X509(x509, &tmp) == length) { - unsigned char hash[SHA256_DIGEST_LENGTH]; - SHA256_CTX sha256; - SHA256_Init(&sha256); - SHA256_Update(&sha256, buffer, length); - SHA256_Final(hash, &sha256); - - char hexBuff[3]; - for(unsigned int i=0; i hash(EVP_MD_size(EVP_sha256())); + + if (EVP_DigestInit_ex(sha256, EVP_sha256(), nullptr) && EVP_DigestUpdate(sha256, buffer, length) && EVP_DigestFinal_ex(sha256, hash.data(), nullptr)) + { + char hexBuff[3]; + for(std::size_t i=0; i < hash.size(); i++) + { + snprintf(hexBuff, 3, "%02X", hash[i]); + result.append(hexBuff); + } + } + + EVP_MD_CTX_free(sha256); } } @@ -2095,8 +2044,7 @@ bool Utils::BeginTLS(SSL_CTX *ssl_ctx, char *szErrorOut, int iTimeout) string keyPath = string(szPath) + string("tls\\server.key"), certPath = string(szPath) + string("tls\\server.cert"), - chainCertPath = string(szPath) + string("tls\\chain.cert"), - dhPath = string(szPath) + string("tls\\dh.pem"); + chainCertPath = string(szPath) + string("tls\\chain.cert"); #endif if((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == 0) @@ -2179,8 +2127,7 @@ bool Utils::BeginTLS(SSL_CTX *ssl_ctx, char *szErrorOut, int iTimeout) return(false); } - this->SetTLSDHParams(ssl_ctx, dhPath.c_str()); - + SSL_CTX_set_dh_auto(ssl_ctx, 1); SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, 0); if((ssl = SSL_new(ssl_ctx)) == 0) diff --git a/src/core/utils.h b/src/core/utils.h index ef3f3d1..ef0c3d8 100644 --- a/src/core/utils.h +++ b/src/core/utils.h @@ -285,9 +285,6 @@ namespace Core // get SHA256 hash over cert in DER format string CertHash(); - // set TLS DH params - void SetTLSDHParams(SSL_CTX *ssl_ctx, const char *dhPath); - // get core features bitmask int GetCoreFeatures(); diff --git a/src/http/http.cpp b/src/http/http.cpp index 2f3dfea..1f96294 100644 --- a/src/http/http.cpp +++ b/src/http/http.cpp @@ -231,12 +231,12 @@ void HTTP::ProcessRequest() if(strcmp(cfg->Get("user_space_add"), "1") == 0) { - db->Query("SELECT bm60_users.id, bm60_users.traffic_up, bm60_users.traffic_down, bm60_gruppen.traffic+bm60_users.traffic_add AS traffic, bm60_gruppen.wd_open_kbs, bm60_gruppen.id FROM bm60_users,bm60_gruppen WHERE bm60_users.email='%q' AND bm60_gruppen.id=bm60_users.gruppe AND bm60_gruppen.share='yes' AND bm60_gruppen.webdisk>0", + res = db->Query("SELECT bm60_users.id, bm60_users.traffic_up, bm60_users.traffic_down, bm60_gruppen.traffic+bm60_users.traffic_add AS traffic, bm60_gruppen.wd_open_kbs, bm60_gruppen.id FROM bm60_users,bm60_gruppen WHERE bm60_users.email='%q' AND bm60_gruppen.id=bm60_users.gruppe AND bm60_gruppen.share='yes' AND bm60_gruppen.webdisk>0", szSearchUser); } else { - db->Query("SELECT bm60_users.id, bm60_users.traffic_up, bm60_users.traffic_down, bm60_gruppen.traffic, bm60_gruppen.wd_open_kbs, bm60_gruppen.id FROM bm60_users,bm60_gruppen WHERE bm60_users.email='%q' AND bm60_gruppen.id=bm60_users.gruppe AND bm60_gruppen.share='yes' AND bm60_gruppen.webdisk>0", + res = db->Query("SELECT bm60_users.id, bm60_users.traffic_up, bm60_users.traffic_down, bm60_gruppen.traffic, bm60_gruppen.wd_open_kbs, bm60_gruppen.id FROM bm60_users,bm60_gruppen WHERE bm60_users.email='%q' AND bm60_gruppen.id=bm60_users.gruppe AND bm60_gruppen.share='yes' AND bm60_gruppen.webdisk>0", szSearchUser); } MYSQL_ROW row; diff --git a/src/io.cpp b/src/io.cpp index e97a73d..f084dca 100644 --- a/src/io.cpp +++ b/src/io.cpp @@ -270,6 +270,10 @@ int my_vprintf(const char *str, va_list list) #ifndef WIN32 char *szSSLString = NULL; result = vasprintf(&szSSLString, str, list); + if (result < 0) + { + return result; + } #else int result = _vscprintf(str, list); char *szSSLString = (char *)malloc(result+1); diff --git a/src/main.cpp b/src/main.cpp index 13fe8b8..601c1c6 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -184,7 +184,10 @@ int main(int argc, char *argv[]) } #ifndef WIN32 - chdir("/opt/b1gmailserver"); + if (chdir("/opt/b1gmailserver") != 0) + { + throw Core::Exception("Failed to chdir to /opt/b1gmailserver!"); + } const char *szGroupName = cfg->Get("group"); if(szGroupName != NULL) diff --git a/src/make_win32.bat b/src/make_win32.bat index 0818fb6..a88cdc7 100644 --- a/src/make_win32.bat +++ b/src/make_win32.bat @@ -96,8 +96,6 @@ cl.exe %CLPARAMS% /Foobj\mysql_result.obj /c core/mysql_result.cpp if ERRORLEVEL 1 exit /B 1 cl.exe %CLPARAMS% /Foobj\utils.obj /c core/utils.cpp if ERRORLEVEL 1 exit /B 1 -cl.exe %CLPARAMS% /Foobj\tls_dh.obj /c core/tls_dh.cpp -if ERRORLEVEL 1 exit /B 1 cl.exe %CLPARAMS% /Foobj\socket.obj /c core/socket.cpp if ERRORLEVEL 1 exit /B 1 cl.exe %CLPARAMS% /Foobj\process.obj /c core/process.cpp diff --git a/src/sendmail/socket.cpp b/src/sendmail/socket.cpp index e0486db..d7d03b6 100644 --- a/src/sendmail/socket.cpp +++ b/src/sendmail/socket.cpp @@ -153,7 +153,7 @@ int Socket::PrintF(const char *szFormat, ...) char *szStr = NULL; result = vasprintf(&szStr, szFormat, arglist); - if(szStr == NULL) + if(result < 0 || szStr == NULL) return(0); int iResult = this->Write(szStr, result); From db49c78642b87b7196873a03d4dd895f8f8ac51e Mon Sep 17 00:00:00 2001 From: Patrick Schlangen Date: Mon, 10 Mar 2025 13:24:59 +0000 Subject: [PATCH 5/5] docker: Invoke ldd to show b1gmailserver lib dependencies --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index b4d4740..23ba37a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -28,7 +28,7 @@ RUN cd pcre-8.45 && ./configure --prefix=/buildenv --enable-shared --disable-sta COPY ./src /src/b1gmailserver WORKDIR /src/b1gmailserver/build -RUN cmake -DCMAKE_INSTALL_PREFIX=/buildenv -DOPENSSL_ROOT_DIR=/buildenv -DCMAKE_BUILD_TYPE=Release .. && make -j && make dist +RUN cmake -DCMAKE_INSTALL_PREFIX=/buildenv -DOPENSSL_ROOT_DIR=/buildenv -DCMAKE_BUILD_TYPE=Release .. && make -j && ldd ./b1gmailserver && make dist FROM scratch AS export-stage COPY --from=build-stage /src/b1gmailserver/build/dist/*.run /