[sslproc] Various fixes

* Properly allow no DH parameters (some backends come with defaults) * If no private key is given, assume it's in the certificate file * Use correct length calculation in buffer for TLS options * Fix compiler warnings regarding uint64_t stats counters
2016-05-03 23:19:06 +00:00 · 2016-05-03 23:19:06 +00:00 · b8cf4b3bf2
commit b8cf4b3bf2
parent 1ea72c8f86
2 changed files with 23 additions and 22 deletions
--- a/src/sslproc.c
+++ b/src/sslproc.c
@ -24,7 +24,6 @@
 #include <ratbox_lib.h>
 #include "stdinc.h"

-
 #include "s_conf.h"
 #include "logger.h"
 #include "listener.h"
@ -37,6 +36,8 @@
 #include "packet.h"

 #define ZIPSTATS_TIME           60
+#define MAXPASSFD               4
+#define READSIZE                1024

 static void collect_zipstats(void *unused);
 static void ssl_read_ctl(rb_fde_t * F, void *data);
@ -45,8 +46,6 @@ static int ssld_count;
 static char tmpbuf[READBUF_SIZE];
 static char nul = '\0';

-#define MAXPASSFD 4
-#define READSIZE 1024
 typedef struct _ssl_ctl_buf
 {
 	rb_dlink_node node;
@ -56,7 +55,6 @@ typedef struct _ssl_ctl_buf
 	int nfds;
 } ssl_ctl_buf_t;

-
 struct _ssl_ctl
 {
 	rb_dlink_node node;
@ -75,7 +73,6 @@ static void send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert,
 static void send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path);
 static void send_certfp_method(ssl_ctl_t *ctl, int method);

-
 static rb_dlink_list ssl_daemons;

 static inline uint32_t
@ -149,7 +146,6 @@ static int ssld_spin_count = 0;
 static time_t last_spin;
 static int ssld_wait = 0;

-
 static void
 ssl_killall(void)
 {
@ -312,10 +308,8 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co
 			send_init_prng(ctl, RB_PRNG_DEFAULT, NULL);
 			send_certfp_method(ctl, ConfigFileEntry.certfp_method);

-			if(ssl_cert != NULL && ssl_private_key != NULL)
-				send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key,
-						       ssl_dh_params != NULL ? ssl_dh_params : "",
-						       ssl_cipher_list != NULL ? ssl_cipher_list : "");
+			if(ssl_cert != NULL)
+				send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key, ssl_dh_params, ssl_cipher_list);
 		}
 		ssl_read_ctl(ctl->F, ctl);
 		ssl_do_pipe(P2, ctl);
@ -386,7 +380,6 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 	exit_client(client_p, client_p, &me, reason);
 }

-
 static void
 ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf)
 {
@ -411,7 +404,6 @@ ssl_process_cipher_string(ssl_ctl_t *ctl, ssl_ctl_buf_t *ctl_buf)
 	}
 }

-
 static void
 ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 {
@ -495,7 +487,6 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl)

 }

-
 static void
 ssl_read_ctl(rb_fde_t * F, void *data)
 {
@ -613,13 +604,22 @@ ssl_cmd_write_queue(ssl_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf,
 	ssl_write_ctl(ctl->F, ctl);
 }

-
 static void
-send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list)
+send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_private_key,
+                       const char *ssl_dh_params, const char *ssl_cipher_list)
 {
 	size_t len;

-	len = strlen(ssl_cert) + strlen(ssl_private_key) + strlen(ssl_dh_params) + 5;
+	if (ssl_private_key == NULL)
+		ssl_private_key = ssl_cert;
+
+	if (ssl_dh_params == NULL)
+		ssl_dh_params = "";
+
+	if (ssl_cipher_list == NULL)
+		ssl_cipher_list = "";
+
+	len = strlen(ssl_cert) + strlen(ssl_private_key) + strlen(ssl_dh_params) + strlen(ssl_cipher_list) + 6;
 	if(len > sizeof(tmpbuf))
 	{
 		sendto_realops_snomask(SNO_GENERAL, L_ALL,
@ -630,9 +630,8 @@ send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert, const char *ssl_pr
 		     len, sizeof(tmpbuf));
 		return;
 	}
-	len = rb_snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert, nul,
-			  ssl_private_key, nul, ssl_dh_params, nul,
-			  ssl_cipher_list != NULL ? ssl_cipher_list : "", nul);
+	len = rb_snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul, ssl_cert,
+	                  nul, ssl_private_key, nul, ssl_dh_params, nul, ssl_cipher_list, nul);
 	ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
 }

@ -678,7 +677,7 @@ void
 send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list)
 {
 	rb_dlink_node *ptr;
-	if(ssl_cert == NULL || ssl_private_key == NULL || ssl_dh_params == NULL)
+	if(ssl_cert == NULL)
 	{
 		ssl_ok = 0;
 		return;
@ -690,7 +689,6 @@ send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char
 	}
 }

-
 ssl_ctl_t *
 start_ssld_accept(rb_fde_t * sslF, rb_fde_t * plainF, uint32_t id)
 {
--- a/ssld/ssld.c
+++ b/ssld/ssld.c
@ -815,7 +815,8 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 		return;

 	rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
-		    conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out);
+		    (unsigned long long) conn->plain_out, (unsigned long long) conn->mod_in,
+		    (unsigned long long) conn->plain_in, (unsigned long long) conn->mod_out);
 	conn->plain_out = 0;
 	conn->plain_in = 0;
 	conn->mod_in = 0;
@ -933,6 +934,8 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
 	dhparam = buf;
 	buf += strlen(dhparam) + 1;
 	cipher_list = buf;
+	if(strlen(key) == 0)
+		key = cert;
 	if(strlen(dhparam) == 0)
 		dhparam = NULL;
 	if(strlen(cipher_list) == 0)