dovecot-1.2: Check broken ssl-parameters.dat files better and gi...

dovecot at dovecot.org dovecot at dovecot.org
Tue Jan 13 20:13:29 EET 2009 

details:   http://hg.dovecot.org/dovecot-1.2/rev/22985329af92
changeset: 8621:22985329af92
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Jan 13 13:13:19 2009 -0500
description:
Check broken ssl-parameters.dat files better and give a better error message when seeing one.

diffstat:

2 files changed, 21 insertions(+), 2 deletions(-)
src/login-common/Makefile.am         |    1 +
src/login-common/ssl-proxy-openssl.c |   22 ++++++++++++++++++++--

diffs (78 lines):

diff -r 9edf4a6e0cdb -r 22985329af92 src/login-common/Makefile.am
--- a/src/login-common/Makefile.am	Tue Jan 13 13:12:21 2009 -0500
+++ b/src/login-common/Makefile.am	Tue Jan 13 13:13:19 2009 -0500
@@ -4,6 +4,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib \
 	-I$(top_srcdir)/src/lib-auth \
 	-DPKG_RUNDIR=\""$(rundir)"\" \
+	-DPKG_STATEDIR=\""$(statedir)"\" \
 	-DSBINDIR=\""$(sbindir)"\"
 
 liblogin_common_a_SOURCES = \
diff -r 9edf4a6e0cdb -r 22985329af92 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Tue Jan 13 13:12:21 2009 -0500
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Jan 13 13:13:19 2009 -0500
@@ -78,6 +78,13 @@ static void ssl_proxy_destroy(struct ssl
 static void ssl_proxy_destroy(struct ssl_proxy *proxy);
 static void ssl_proxy_unref(struct ssl_proxy *proxy);
 
+static void ssl_params_corrupted(const char *path)
+{
+	i_fatal("Corrupted SSL parameters file: %s/%s "
+		"(delete it and also the one in %s)",
+		getenv("LOGIN_DIR"), path, PKG_STATEDIR);
+}
+
 static void read_next(struct ssl_parameters *params, void *data, size_t size)
 {
 	int ret;
@@ -85,7 +92,7 @@ static void read_next(struct ssl_paramet
 	if ((ret = read_full(params->fd, data, size)) < 0)
 		i_fatal("read(%s) failed: %m", params->fname);
 	if (ret == 0)
-		i_fatal("read(%s) failed: Unexpected EOF", params->fname);
+		ssl_params_corrupted(params->fname);
 }
 
 static bool read_dh_parameters_next(struct ssl_parameters *params)
@@ -104,7 +111,7 @@ static bool read_dh_parameters_next(stru
 	/* read data size. */
 	read_next(params, &len, sizeof(len));
 	if (len > 1024*100) /* should be enough? */
-		i_fatal("Corrupted SSL parameters file: %s", params->fname);
+		ssl_params_corrupted(params->fname);
 
 	buf = i_malloc(len);
 	read_next(params, buf, len);
@@ -117,6 +124,8 @@ static bool read_dh_parameters_next(stru
 	case 1024:
 		params->dh_1024 = d2i_DHparams(NULL, &cbuf, len);
 		break;
+	default:
+		ssl_params_corrupted(params->fname);
 	}
 
 	i_free(buf);
@@ -138,6 +147,8 @@ static void ssl_read_parameters(struct s
 static void ssl_read_parameters(struct ssl_parameters *params)
 {
 	struct stat st;
+	ssize_t ret;
+	char c;
 	bool warned = FALSE;
 
 	/* we'll wait until parameter file exists */
@@ -166,6 +177,13 @@ static void ssl_read_parameters(struct s
 
 	ssl_free_parameters(params);
 	while (read_dh_parameters_next(params)) ;
+
+	if ((ret = read_full(params->fd, &c, 1)) < 0)
+		i_fatal("read(%s) failed: %m", params->fname);
+	else if (ret != 0) {
+		/* more data than expected */
+		ssl_params_corrupted(params->fname);
+	}
 
 	if (close(params->fd) < 0)
 		i_error("close() failed: %m");

More information about the dovecot-cvs mailing list