From c57309a50444d858c0a2dc1581846a850d78a9ad Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 11 Jan 2022 11:21:45 +0000
Subject: [PATCH] BSD: fix resource leak

---
 doc/doc-txt/ChangeLog | 4 ++++
 src/src/tls.c         | 9 +++++----
 test/runtest          | 1 +
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e7c7085..5673994 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -65,6 +65,10 @@ JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
 
 JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
 
+JH/15 Fix a resource leak in *BSD.  An off-by-one error resulted in the daemon
+      failing to close the certificates directory, every hour or any time it
+      was touched.
+
 
 Exim version 4.95
 -----------------
diff --git a/src/src/tls.c b/src/src/tls.c
index d5d11bc..e6b1bf7 100644
--- a/src/src/tls.c
+++ b/src/src/tls.c
@@ -185,8 +185,8 @@ for (;;)
     {
     if ((fd1 = open(CCS filename, O_RDONLY | O_NOFOLLOW)) < 0)
       { s = US"open file"; goto bad; }
-    DEBUG(D_tls) debug_printf("watch file '%s'\n", filename);
-    EV_SET(&kev[++kev_used],
+    DEBUG(D_tls) debug_printf("watch file '%s':\t%d\n", filename, fd1);
+    EV_SET(&kev[kev_used++],
 	(uintptr_t)fd1,
 	EVFILT_VNODE,
 	EV_ADD | EV_ENABLE | EV_ONESHOT,
@@ -196,8 +196,8 @@ for (;;)
 	NULL);
     cnt++;
     }
-  DEBUG(D_tls) debug_printf("watch dir  '%s'\n", s);
-  EV_SET(&kev[++kev_used],
+  DEBUG(D_tls) debug_printf("watch dir  '%s':\t%d\n", s, fd2);
+  EV_SET(&kev[kev_used++],
 	(uintptr_t)fd2,
 	EVFILT_VNODE,
 	EV_ADD | EV_ENABLE | EV_ONESHOT,
@@ -320,6 +320,7 @@ if (tls_watch_fd < 0) return;
 /* Close the files we had open for kevent */
 for (int i = 0; i < kev_used; i++)
   {
+  DEBUG(D_tls) debug_printf("closing watch fd: %d\n", (int) kev[i].ident);
   (void) close((int) kev[i].ident);
   kev[i].ident = (uintptr_t)-1;
   }
diff --git a/test/runtest b/test/runtest
index 0f883e8..3d5a975 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1108,6 +1108,7 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /^watch dir/;
     next if /^watch file .*\/usr\/local/;
     next if /^watch file .*\/etc\/ssl/;
+    next if /^closing watch fd:/;
 
     # TLS preload
     # there happen in different orders for OpenSSL/GnuTLS/noTLS
-- 
1.9.1