Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8621:22985329af92 HEAD
Check broken ssl-parameters.dat files better and give a better error message when seeing one.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 13 Jan 2009 13:13:19 -0500 |
parents | 9edf4a6e0cdb |
children | 2fa464fd3aab |
files | src/login-common/Makefile.am src/login-common/ssl-proxy-openssl.c |
diffstat | 2 files changed, 21 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/Makefile.am Tue Jan 13 13:12:21 2009 -0500 +++ b/src/login-common/Makefile.am Tue Jan 13 13:13:19 2009 -0500 @@ -4,6 +4,7 @@ -I$(top_srcdir)/src/lib \ -I$(top_srcdir)/src/lib-auth \ -DPKG_RUNDIR=\""$(rundir)"\" \ + -DPKG_STATEDIR=\""$(statedir)"\" \ -DSBINDIR=\""$(sbindir)"\" liblogin_common_a_SOURCES = \
--- a/src/login-common/ssl-proxy-openssl.c Tue Jan 13 13:12:21 2009 -0500 +++ b/src/login-common/ssl-proxy-openssl.c Tue Jan 13 13:13:19 2009 -0500 @@ -78,6 +78,13 @@ static void ssl_proxy_destroy(struct ssl_proxy *proxy); static void ssl_proxy_unref(struct ssl_proxy *proxy); +static void ssl_params_corrupted(const char *path) +{ + i_fatal("Corrupted SSL parameters file: %s/%s " + "(delete it and also the one in %s)", + getenv("LOGIN_DIR"), path, PKG_STATEDIR); +} + static void read_next(struct ssl_parameters *params, void *data, size_t size) { int ret; @@ -85,7 +92,7 @@ if ((ret = read_full(params->fd, data, size)) < 0) i_fatal("read(%s) failed: %m", params->fname); if (ret == 0) - i_fatal("read(%s) failed: Unexpected EOF", params->fname); + ssl_params_corrupted(params->fname); } static bool read_dh_parameters_next(struct ssl_parameters *params) @@ -104,7 +111,7 @@ /* read data size. */ read_next(params, &len, sizeof(len)); if (len > 1024*100) /* should be enough? */ - i_fatal("Corrupted SSL parameters file: %s", params->fname); + ssl_params_corrupted(params->fname); buf = i_malloc(len); read_next(params, buf, len); @@ -117,6 +124,8 @@ case 1024: params->dh_1024 = d2i_DHparams(NULL, &cbuf, len); break; + default: + ssl_params_corrupted(params->fname); } i_free(buf); @@ -138,6 +147,8 @@ static void ssl_read_parameters(struct ssl_parameters *params) { struct stat st; + ssize_t ret; + char c; bool warned = FALSE; /* we'll wait until parameter file exists */ @@ -167,6 +178,13 @@ ssl_free_parameters(params); while (read_dh_parameters_next(params)) ; + if ((ret = read_full(params->fd, &c, 1)) < 0) + i_fatal("read(%s) failed: %m", params->fname); + else if (ret != 0) { + /* more data than expected */ + ssl_params_corrupted(params->fname); + } + if (close(params->fd) < 0) i_error("close() failed: %m"); params->fd = -1;