diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-11-29 19:48:36 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-11-29 19:48:36 +0000 |
| commit | cb9860db5188d28b9299e555c4ada9747d132a90 (patch) | |
| tree | 05419a09d37144adcc66e6f0754e12512b8a328e /usr.sbin/ldapd | |
| parent | 2b3cfb2e4e71e58182145bba0fbf9ddf6c71f54f (diff) | |
Fix cert and key path inference for absolute paths
ldapd infers certificate and key paths from the configured certificate
string. It appends ".crt" and ".key", respectively, and in the case of
a relative path it also prepends "/etc/ldap/certs/". A logic error
results in prepending "/etc/ldap/certs/" also for absolute paths. Avoid
this by making the whole thing readable at the cost of a bit of verbosity.
Problem reported by Maksim Rodin on misc@, thanks!
Initial fix from me, committing an improved version on behalf of martijn.
ok jmatthew, tb
Diffstat (limited to 'usr.sbin/ldapd')
| -rw-r--r-- | usr.sbin/ldapd/parse.y | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/usr.sbin/ldapd/parse.y b/usr.sbin/ldapd/parse.y index bf27aa7a256..c003b3fcb6a 100644 --- a/usr.sbin/ldapd/parse.y +++ b/usr.sbin/ldapd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.36 2020/06/24 07:20:47 tb Exp $ */ +/* $OpenBSD: parse.y,v 1.37 2020/11/29 19:48:35 tb Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martinh@openbsd.org> @@ -1279,12 +1279,17 @@ load_certfile(struct ldapd_config *env, const char *name, u_int8_t flags, goto err; } - if ((name[0] == '/' && - !bsnprintf(certfile, sizeof(certfile), "%s.crt", name)) || - !bsnprintf(certfile, sizeof(certfile), "/etc/ldap/certs/%s.crt", - name)) { - log_warn("load_certfile: path truncated"); - goto err; + if (name[0] == '/') { + if (!bsnprintf(certfile, sizeof(certfile), "%s.crt", name)) { + log_warn("load_certfile: path truncated"); + goto err; + } + } else { + if (!bsnprintf(certfile, sizeof(certfile), + "/etc/ldap/certs/%s.crt", name)) { + log_warn("load_certfile: path truncated"); + goto err; + } } log_debug("loading certificate file %s", certfile); @@ -1298,12 +1303,17 @@ load_certfile(struct ldapd_config *env, const char *name, u_int8_t flags, goto err; } - if ((name[0] == '/' && - !bsnprintf(certfile, sizeof(certfile), "%s.key", name)) || - !bsnprintf(certfile, sizeof(certfile), "/etc/ldap/certs/%s.key", - name)) { - log_warn("load_certfile: path truncated"); - goto err; + if (name[0] == '/') { + if (!bsnprintf(certfile, sizeof(certfile), "%s.key", name)) { + log_warn("load_certfile: path truncated"); + goto err; + } + } else { + if (!bsnprintf(certfile, sizeof(certfile), + "/etc/ldap/certs/%s.key", name)) { + log_warn("load_certfile: path truncated"); + goto err; + } } log_debug("loading key file %s", certfile); |