summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
diff options
context:
space:
mode:
authorGilles Chehade <gilles@cvs.openbsd.org>2009-04-12 16:03:02 +0000
committerGilles Chehade <gilles@cvs.openbsd.org>2009-04-12 16:03:02 +0000
commitee4905d78c46b10cd92ab53f77ffe60633c5639f (patch)
tree7fcce11b4f3f4b22463fe26efd71dca4bcdb69f0 /usr.sbin/smtpd
parentaae7d916d860cc4ad9d379d122066f0727313465 (diff)
Code assumed the certificate name to always match the interface name, even
when a certificate name was explicitely provided. This would cause imsg to fatal() because with some configurations, it would look for the wrong name in the ssl tree and would fail to find the proper cert. issue spotted by Gregory Edigarov <gregory.edigarov@gmail.com>, I found the fix just a few minutes ago when I succeeded to reproduce the issue...
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r--usr.sbin/smtpd/parse.y39
1 files changed, 24 insertions, 15 deletions
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 1e7473bdb77..8d58b555fd9 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.31 2009/04/09 19:49:34 jacekm Exp $ */
+/* $OpenBSD: parse.y,v 1.32 2009/04/12 16:03:01 gilles Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -92,12 +92,12 @@ struct mapel_list *contents = NULL;
struct listener *host_v4(const char *, in_port_t);
struct listener *host_v6(const char *, in_port_t);
-int host_dns(const char *, struct listenerlist *,
+int host_dns(const char *, const char *, struct listenerlist *,
int, in_port_t, u_int8_t);
-int host(const char *, struct listenerlist *,
+int host(const char *, const char *, struct listenerlist *,
+ int, in_port_t, u_int8_t);
+int interface(const char *, const char *, struct listenerlist *,
int, in_port_t, u_int8_t);
-int interface(const char *, struct listenerlist *, int, in_port_t,
- u_int8_t);
typedef struct {
union {
@@ -277,9 +277,9 @@ main : QUEUE INTERVAL interval {
}
}
- if (! interface($3, &conf->sc_listeners,
+ if (! interface($3, cert, &conf->sc_listeners,
MAX_LISTEN, $4, flags)) {
- if (host($3, &conf->sc_listeners,
+ if (host($3, cert, &conf->sc_listeners,
MAX_LISTEN, $4, flags) <= 0) {
yyerror("invalid virtual ip or interface: %s", $3);
free($6);
@@ -1473,7 +1473,7 @@ host_v6(const char *s, in_port_t port)
}
int
-host_dns(const char *s, struct listenerlist *al, int max, in_port_t port,
+host_dns(const char *s, const char *cert, struct listenerlist *al, int max, in_port_t port,
u_int8_t flags)
{
struct addrinfo hints, *res0, *res;
@@ -1505,7 +1505,9 @@ host_dns(const char *s, struct listenerlist *al, int max, in_port_t port,
h->flags = flags;
h->ss.ss_family = res->ai_family;
h->ssl = NULL;
- (void)strlcpy(h->ssl_cert_name, s, sizeof(h->ssl_cert_name));
+ h->ssl_cert_name[0] = '\0';
+ if (cert != NULL)
+ (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
if (res->ai_family == AF_INET) {
sain = (struct sockaddr_in *)&h->ss;
@@ -1533,7 +1535,7 @@ host_dns(const char *s, struct listenerlist *al, int max, in_port_t port,
}
int
-host(const char *s, struct listenerlist *al, int max, in_port_t port,
+host(const char *s, const char *cert, struct listenerlist *al, int max, in_port_t port,
u_int8_t flags)
{
struct listener *h;
@@ -1548,17 +1550,20 @@ host(const char *s, struct listenerlist *al, int max, in_port_t port,
h->port = port;
h->flags = flags;
h->ssl = NULL;
- (void)strlcpy(h->ssl_cert_name, s, sizeof(h->ssl_cert_name));
+ h->ssl_cert_name[0] = '\0';
+ if (cert != NULL)
+ (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
+
TAILQ_INSERT_HEAD(al, h, entry);
return (1);
}
- return (host_dns(s, al, max, port, flags));
+ return (host_dns(s, cert, al, max, port, flags));
}
int
-interface(const char *s, struct listenerlist *al, int max, in_port_t port,
+interface(const char *s, const char *cert, struct listenerlist *al, int max, in_port_t port,
u_int8_t flags)
{
struct ifaddrs *ifap, *p;
@@ -1586,7 +1591,9 @@ interface(const char *s, struct listenerlist *al, int max, in_port_t port,
h->port = port;
h->flags = flags;
h->ssl = NULL;
- (void)strlcpy(h->ssl_cert_name, s, sizeof(h->ssl_cert_name));
+ h->ssl_cert_name[0] = '\0';
+ if (cert != NULL)
+ (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
ret = 1;
TAILQ_INSERT_HEAD(al, h, entry);
@@ -1604,7 +1611,9 @@ interface(const char *s, struct listenerlist *al, int max, in_port_t port,
h->port = port;
h->flags = flags;
h->ssl = NULL;
- (void)strlcpy(h->ssl_cert_name, s, sizeof(h->ssl_cert_name));
+ h->ssl_cert_name[0] = '\0';
+ if (cert != NULL)
+ (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
ret = 1;
TAILQ_INSERT_HEAD(al, h, entry);