From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 3 Apr 2021 19:56:50 +0000 (+0100)
Subject: TLS: harden error-detection in TLS proxy process
X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/5a8f5d724bbfd81cb2b89540e395359aaedc6c17

TLS: harden error-detection in TLS proxy process
---

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index ca589b0be..c6099f960 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -3368,11 +3368,15 @@ for (int fd_bits = 3; fd_bits; )
       goto done;
       }
 
+    /* For errors where not readable, bomb out */
+
     if (FD_ISSET(tls_out.active.sock, &efds) || FD_ISSET(pfd[0], &efds))
       {
       DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
 	FD_ISSET(pfd[0], &efds) ? "proxy" : "tls");
-      goto done;
+      if (!(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds)))
+	goto done;
+      DEBUG(D_transport) debug_printf("- but also readable; no exit yet\n");
       }
     }
   while (rc < 0 || !(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds)));