dovecot-1.1: Check broken ssl-parameters.dat files better and gi...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jan 13 20:13:30 EET 2009
details: http://hg.dovecot.org/dovecot-1.1/rev/8b99cddb6c2f
changeset: 8091:8b99cddb6c2f
user: Timo Sirainen <tss at iki.fi>
date: Tue Jan 13 13:13:19 2009 -0500
description:
Check broken ssl-parameters.dat files better and give a better error message when seeing one.
diffstat:
2 files changed, 21 insertions(+), 2 deletions(-)
src/login-common/Makefile.am | 1 +
src/login-common/ssl-proxy-openssl.c | 22 ++++++++++++++++++++--
diffs (78 lines):
diff -r 7782b2ed9b61 -r 8b99cddb6c2f src/login-common/Makefile.am
--- a/src/login-common/Makefile.am Tue Jan 13 13:12:21 2009 -0500
+++ b/src/login-common/Makefile.am Tue Jan 13 13:13:19 2009 -0500
@@ -4,6 +4,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/lib \
-I$(top_srcdir)/src/lib-auth \
-DPKG_RUNDIR=\""$(rundir)"\" \
+ -DPKG_STATEDIR=\""$(statedir)"\" \
-DSBINDIR=\""$(sbindir)"\"
liblogin_common_a_SOURCES = \
diff -r 7782b2ed9b61 -r 8b99cddb6c2f src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Tue Jan 13 13:12:21 2009 -0500
+++ b/src/login-common/ssl-proxy-openssl.c Tue Jan 13 13:13:19 2009 -0500
@@ -78,6 +78,13 @@ static void ssl_proxy_destroy(struct ssl
static void ssl_proxy_destroy(struct ssl_proxy *proxy);
static void ssl_proxy_unref(struct ssl_proxy *proxy);
+static void ssl_params_corrupted(const char *path)
+{
+ i_fatal("Corrupted SSL parameters file: %s/%s "
+ "(delete it and also the one in %s)",
+ getenv("LOGIN_DIR"), path, PKG_STATEDIR);
+}
+
static void read_next(struct ssl_parameters *params, void *data, size_t size)
{
int ret;
@@ -85,7 +92,7 @@ static void read_next(struct ssl_paramet
if ((ret = read_full(params->fd, data, size)) < 0)
i_fatal("read(%s) failed: %m", params->fname);
if (ret == 0)
- i_fatal("read(%s) failed: Unexpected EOF", params->fname);
+ ssl_params_corrupted(params->fname);
}
static bool read_dh_parameters_next(struct ssl_parameters *params)
@@ -104,7 +111,7 @@ static bool read_dh_parameters_next(stru
/* read data size. */
read_next(params, &len, sizeof(len));
if (len > 1024*100) /* should be enough? */
- i_fatal("Corrupted SSL parameters file: %s", params->fname);
+ ssl_params_corrupted(params->fname);
buf = i_malloc(len);
read_next(params, buf, len);
@@ -117,6 +124,8 @@ static bool read_dh_parameters_next(stru
case 1024:
params->dh_1024 = d2i_DHparams(NULL, &cbuf, len);
break;
+ default:
+ ssl_params_corrupted(params->fname);
}
i_free(buf);
@@ -138,6 +147,8 @@ static void ssl_read_parameters(struct s
static void ssl_read_parameters(struct ssl_parameters *params)
{
struct stat st;
+ ssize_t ret;
+ char c;
bool warned = FALSE;
/* we'll wait until parameter file exists */
@@ -166,6 +177,13 @@ static void ssl_read_parameters(struct s
ssl_free_parameters(params);
while (read_dh_parameters_next(params)) ;
+
+ if ((ret = read_full(params->fd, &c, 1)) < 0)
+ i_fatal("read(%s) failed: %m", params->fname);
+ else if (ret != 0) {
+ /* more data than expected */
+ ssl_params_corrupted(params->fname);
+ }
if (close(params->fd) < 0)
i_error("close() failed: %m");
More information about the dovecot-cvs
mailing list