summaryrefslogtreecommitdiff
path: root/usr.sbin/relayd
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2015-05-02 13:15:25 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2015-05-02 13:15:25 +0000
commit87baf5bd51838b0b742f2d6679ae7176b341104c (patch)
tree56e2e8fabef6bd1696e85e44122b2cca6520613b /usr.sbin/relayd
parent7779b5e91b95097419ac00c882d2b00d525e6117 (diff)
Fix obvious problems with relayd config reload.
- fix a TAILQ corruption because of a use after free - do not reinit the SSL engine since that fails OK sthen, benno
Diffstat (limited to 'usr.sbin/relayd')
-rw-r--r--usr.sbin/relayd/ca.c7
-rw-r--r--usr.sbin/relayd/config.c4
-rw-r--r--usr.sbin/relayd/parse.y12
-rw-r--r--usr.sbin/relayd/relayd.c5
-rw-r--r--usr.sbin/relayd/relayd.h5
5 files changed, 19 insertions, 14 deletions
diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c
index 0b79b62f75b..81f9971771d 100644
--- a/usr.sbin/relayd/ca.c
+++ b/usr.sbin/relayd/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.12 2015/01/22 17:42:09 reyk Exp $ */
+/* $OpenBSD: ca.c,v 1.13 2015/05/02 13:15:24 claudio Exp $ */
/*
* Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -417,12 +417,15 @@ rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
void
ca_engine_init(struct relayd *x_env)
{
- ENGINE *e;
+ ENGINE *e = NULL;
const char *errstr, *name;
if (env == NULL)
env = x_env;
+ if (rsa_default != NULL)
+ return;
+
if ((e = ENGINE_get_default_RSA()) == NULL) {
if ((e = ENGINE_new()) == NULL) {
errstr = "ENGINE_new";
diff --git a/usr.sbin/relayd/config.c b/usr.sbin/relayd/config.c
index 9cfbdca6872..2992df0fc24 100644
--- a/usr.sbin/relayd/config.c
+++ b/usr.sbin/relayd/config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: config.c,v 1.24 2015/01/22 17:42:09 reyk Exp $ */
+/* $OpenBSD: config.c,v 1.25 2015/05/02 13:15:24 claudio Exp $ */
/*
* Copyright (c) 2011 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -142,7 +142,7 @@ config_purge(struct relayd *env, u_int reset)
if (what & CONFIG_TABLES && env->sc_tables != NULL) {
while ((table = TAILQ_FIRST(env->sc_tables)) != NULL)
- purge_table(env->sc_tables, table);
+ purge_table(env, env->sc_tables, table);
env->sc_tablecount = 0;
}
if (what & CONFIG_RDRS && env->sc_rdrs != NULL) {
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 2b58e87ba36..ae83e49ba4b 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.203 2015/02/08 04:50:32 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.204 2015/05/02 13:15:24 claudio Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -531,12 +531,12 @@ rdroptsl : forwardmode TO tablespec interface {
if ($3->conf.check == CHECK_NOCHECK) {
yyerror("table %s has no check", $3->conf.name);
- purge_table(conf->sc_tables, $3);
+ purge_table(conf, conf->sc_tables, $3);
YYERROR;
}
if (rdr->backup) {
yyerror("only one backup table is allowed");
- purge_table(conf->sc_tables, $3);
+ purge_table(conf, conf->sc_tables, $3);
YYERROR;
}
if (rdr->table) {
@@ -1930,7 +1930,7 @@ routeoptsl : ROUTE address '/' NUMBER {
if (router->rt_gwtable) {
yyerror("router %s table already specified",
router->rt_conf.name);
- purge_table(conf->sc_tables, $3);
+ purge_table(conf, conf->sc_tables, $3);
YYERROR;
}
router->rt_gwtable = $3;
@@ -3091,7 +3091,7 @@ table_inherit(struct table *tb)
goto fail;
}
if ((oldtb = table_findbyconf(conf, tb)) != NULL) {
- purge_table(NULL, tb);
+ purge_table(conf, NULL, tb);
return (oldtb);
}
@@ -3134,7 +3134,7 @@ table_inherit(struct table *tb)
return (tb);
fail:
- purge_table(NULL, tb);
+ purge_table(conf, NULL, tb);
return (NULL);
}
diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c
index de921959aaa..729af4bb14e 100644
--- a/usr.sbin/relayd/relayd.c
+++ b/usr.sbin/relayd/relayd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.c,v 1.138 2015/01/22 17:42:09 reyk Exp $ */
+/* $OpenBSD: relayd.c,v 1.139 2015/05/02 13:15:24 claudio Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -546,12 +546,13 @@ parent_dispatch_ca(int fd, struct privsep_proc *p, struct imsg *imsg)
}
void
-purge_table(struct tablelist *head, struct table *table)
+purge_table(struct relayd *env, struct tablelist *head, struct table *table)
{
struct host *host;
while ((host = TAILQ_FIRST(&table->hosts)) != NULL) {
TAILQ_REMOVE(&table->hosts, host, entry);
+ TAILQ_REMOVE(&env->sc_hosts, host, globalentry);
if (event_initialized(&host->cte.ev)) {
event_del(&host->cte.ev);
close(host->cte.s);
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 66bc59a8df6..f9f2a0fb5da 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.208 2015/03/09 17:20:38 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.209 2015/05/02 13:15:24 claudio Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -1253,7 +1253,8 @@ struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, objid_t);
int expand_string(char *, size_t, const char *, const char *);
void translate_string(char *);
void purge_key(char **, off_t);
-void purge_table(struct tablelist *, struct table *);
+void purge_table(struct relayd *, struct tablelist *,
+ struct table *);
void purge_relay(struct relayd *, struct relay *);
char *digeststr(enum digest_type, const u_int8_t *, size_t, char *);
const char *canonicalize_host(const char *, char *, size_t);