# HG changeset patch # User Timo Sirainen # Date 1231870399 18000 # Node ID 22985329af92ace6575d54deab104af71ec84f53 # Parent 9edf4a6e0cdb74affba8e121dd89d5fd3fe76a22 Check broken ssl-parameters.dat files better and give a better error message when seeing one. diff -r 9edf4a6e0cdb -r 22985329af92 src/login-common/Makefile.am --- a/src/login-common/Makefile.am Tue Jan 13 13:12:21 2009 -0500 +++ b/src/login-common/Makefile.am Tue Jan 13 13:13:19 2009 -0500 @@ -4,6 +4,7 @@ -I$(top_srcdir)/src/lib \ -I$(top_srcdir)/src/lib-auth \ -DPKG_RUNDIR=\""$(rundir)"\" \ + -DPKG_STATEDIR=\""$(statedir)"\" \ -DSBINDIR=\""$(sbindir)"\" liblogin_common_a_SOURCES = \ diff -r 9edf4a6e0cdb -r 22985329af92 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Tue Jan 13 13:12:21 2009 -0500 +++ b/src/login-common/ssl-proxy-openssl.c Tue Jan 13 13:13:19 2009 -0500 @@ -78,6 +78,13 @@ static void ssl_proxy_destroy(struct ssl_proxy *proxy); static void ssl_proxy_unref(struct ssl_proxy *proxy); +static void ssl_params_corrupted(const char *path) +{ + i_fatal("Corrupted SSL parameters file: %s/%s " + "(delete it and also the one in %s)", + getenv("LOGIN_DIR"), path, PKG_STATEDIR); +} + static void read_next(struct ssl_parameters *params, void *data, size_t size) { int ret; @@ -85,7 +92,7 @@ if ((ret = read_full(params->fd, data, size)) < 0) i_fatal("read(%s) failed: %m", params->fname); if (ret == 0) - i_fatal("read(%s) failed: Unexpected EOF", params->fname); + ssl_params_corrupted(params->fname); } static bool read_dh_parameters_next(struct ssl_parameters *params) @@ -104,7 +111,7 @@ /* read data size. */ read_next(params, &len, sizeof(len)); if (len > 1024*100) /* should be enough? */ - i_fatal("Corrupted SSL parameters file: %s", params->fname); + ssl_params_corrupted(params->fname); buf = i_malloc(len); read_next(params, buf, len); @@ -117,6 +124,8 @@ case 1024: params->dh_1024 = d2i_DHparams(NULL, &cbuf, len); break; + default: + ssl_params_corrupted(params->fname); } i_free(buf); @@ -138,6 +147,8 @@ static void ssl_read_parameters(struct ssl_parameters *params) { struct stat st; + ssize_t ret; + char c; bool warned = FALSE; /* we'll wait until parameter file exists */ @@ -167,6 +178,13 @@ ssl_free_parameters(params); while (read_dh_parameters_next(params)) ; + if ((ret = read_full(params->fd, &c, 1)) < 0) + i_fatal("read(%s) failed: %m", params->fname); + else if (ret != 0) { + /* more data than expected */ + ssl_params_corrupted(params->fname); + } + if (close(params->fd) < 0) i_error("close() failed: %m"); params->fd = -1;