untrusted comment: verify with openbsd-71-base.pub

untrusted comment: verify with openbsd-71-base.pub
RWR2eHwZTOEiTWM/33Xm16jI5aUA39RftbJHCAj5QCd7hGjClCJlGYAbshlU/LBcZFHELpT3Di5cxQgQnZud+b8QFl9R5XVsUQI=

OpenBSD 7.1 errata 011, September 26, 2022:

In smtpd(8), possible use-after-free if TLS handshake fails for
outbound connections.

Apply by doing:
signify -Vep /etc/signify/openbsd-71-base.pub -x 011_smtpd.patch.sig \
-m - | (cd /usr/src && patch -p0)

And then rebuild and install smtpd:
cd /usr/src/usr.sbin/smtpd
make obj
make
make install

Index: usr.sbin/smtpd/mta_session.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v
retrieving revision 1.146
diff -u -p -r1.146 mta_session.c
--- usr.sbin/smtpd/mta_session.c 18 Feb 2022 17:02:06 -0000 1.146
+++ usr.sbin/smtpd/mta_session.c 22 Sep 2022 20:44:35 -0000
@@ -1212,6 +1212,8 @@ mta_io(struct io *io, int evt, void *arg
if (s->use_smtps) {
io_set_write(io);
mta_tls_init(s);
+ if (s->flags & MTA_FREE)
+ mta_free(s);
}
else {
mta_enter_state(s, MTA_BANNER);
@@ -1568,7 +1570,7 @@ mta_tls_init(struct mta_session *s)

if ((tls = tls_client()) == NULL) {
log_info("%016"PRIx64" mta closing reason=tls-failure", s->id);
- mta_free(s);
+ s->flags |= MTA_FREE;
return;
}

@@ -1582,14 +1584,14 @@ mta_tls_init(struct mta_session *s)
if (tls_configure(tls, remote->tls_config) == -1) {
log_info("%016"PRIx64" mta closing reason=tls-failure", s->id);
tls_free(tls);
- mta_free(s);
+ s->flags |= MTA_FREE;
return;
}

if (io_connect_tls(s->io, tls, s->mxname) == -1) {
log_info("%016"PRIx64" mta closing reason=tls-connect-failed", s->id);
tls_free(tls);
- mta_free(s);
+ s->flags |= MTA_FREE;
}
}