diff options
| author | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2007-05-29 00:48:05 +0000 |
|---|---|---|
| committer | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2007-05-29 00:48:05 +0000 |
| commit | dfd8bbac808cce90fc4b9aca8ecff32ff71491bd (patch) | |
| tree | 5349c29623289b9ae297025ef2b8a8ee3e71a8f6 /usr.sbin | |
| parent | 3ed6844641caad4ef22b8e261bfa7b0edc0dc8c9 (diff) | |
move the ssl cipher suite string to a (small) static charbuf,
this will make it easier to send the struct over the socket.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/hoststated/hoststated.h | 4 | ||||
| -rw-r--r-- | usr.sbin/hoststated/parse.y | 15 | ||||
| -rw-r--r-- | usr.sbin/hoststated/relay.c | 9 | ||||
| -rw-r--r-- | usr.sbin/relayd/parse.y | 15 | ||||
| -rw-r--r-- | usr.sbin/relayd/relay.c | 9 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.h | 4 |
6 files changed, 30 insertions, 26 deletions
diff --git a/usr.sbin/hoststated/hoststated.h b/usr.sbin/hoststated/hoststated.h index a7b4ee77358..036ce7aec4f 100644 --- a/usr.sbin/hoststated/hoststated.h +++ b/usr.sbin/hoststated/hoststated.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hoststated.h,v 1.46 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: hoststated.h,v 1.47 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -455,7 +455,7 @@ struct protocol { u_int8_t tcpipttl; u_int8_t tcpipminttl; u_int8_t sslflags; - char *sslciphers; + char sslciphers[32]; char name[MAX_NAME_SIZE]; int cache; enum prototype type; diff --git a/usr.sbin/hoststated/parse.y b/usr.sbin/hoststated/parse.y index d970d01e43f..88c1c1c93a1 100644 --- a/usr.sbin/hoststated/parse.y +++ b/usr.sbin/hoststated/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.43 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: parse.y,v 1.44 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -558,8 +558,9 @@ proto : PROTO STRING { p->type = RELAY_PROTO_TCP; p->tcpflags = TCPFLAG_DEFAULT; p->sslflags = SSLFLAG_DEFAULT; - p->sslciphers = NULL; p->tcpbacklog = RELAY_BACKLOG; + (void)strlcpy(p->sslciphers, SSLCIPHERS_DEFAULT, + sizeof(p->sslciphers)); if (last_proto_id == INT_MAX) { yyerror("too many protocols defined"); YYERROR; @@ -712,9 +713,13 @@ sslflags_l : sslflags comma sslflags_l sslflags : SESSION CACHE sslcache { proto->cache = $3; } | CIPHERS STRING { - proto->sslciphers = strdup($2); - if (proto->sslciphers == NULL) - fatal("out of memory"); + if (strlcpy(proto->sslciphers, $2, + sizeof(proto->sslciphers)) >= + sizeof(proto->sslciphers)) { + yyerror("sslciphers truncated"); + free($2); + YYERROR; + } free($2); } | NO flag { proto->sslflags &= ~($2); } diff --git a/usr.sbin/hoststated/relay.c b/usr.sbin/hoststated/relay.c index 88a2a84e292..47f44a8c9aa 100644 --- a/usr.sbin/hoststated/relay.c +++ b/usr.sbin/hoststated/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.31 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: relay.c,v 1.32 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -1951,7 +1951,7 @@ relay_ssl_ctx_create(struct relay *rlay) { struct protocol *proto = rlay->proto; SSL_CTX *ctx; - char certfile[PATH_MAX], hbuf[128], *ciphers = NULL; + char certfile[PATH_MAX], hbuf[128]; ctx = SSL_CTX_new(SSLv23_method()); if (ctx == NULL) @@ -1980,10 +1980,7 @@ relay_ssl_ctx_create(struct relay *rlay) if ((proto->sslflags & SSLFLAG_TLSV1) == 0) SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); - /* Change the default SSL cipher suite, if specified */ - if ((ciphers = proto->sslciphers) == NULL) - ciphers = SSLCIPHERS_DEFAULT; - if (!SSL_CTX_set_cipher_list(ctx, ciphers)) + if (!SSL_CTX_set_cipher_list(ctx, proto->sslciphers)) goto err; if (relay_host(&rlay->conf.ss, hbuf, sizeof(hbuf)) == NULL) diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index d970d01e43f..88c1c1c93a1 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.43 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: parse.y,v 1.44 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -558,8 +558,9 @@ proto : PROTO STRING { p->type = RELAY_PROTO_TCP; p->tcpflags = TCPFLAG_DEFAULT; p->sslflags = SSLFLAG_DEFAULT; - p->sslciphers = NULL; p->tcpbacklog = RELAY_BACKLOG; + (void)strlcpy(p->sslciphers, SSLCIPHERS_DEFAULT, + sizeof(p->sslciphers)); if (last_proto_id == INT_MAX) { yyerror("too many protocols defined"); YYERROR; @@ -712,9 +713,13 @@ sslflags_l : sslflags comma sslflags_l sslflags : SESSION CACHE sslcache { proto->cache = $3; } | CIPHERS STRING { - proto->sslciphers = strdup($2); - if (proto->sslciphers == NULL) - fatal("out of memory"); + if (strlcpy(proto->sslciphers, $2, + sizeof(proto->sslciphers)) >= + sizeof(proto->sslciphers)) { + yyerror("sslciphers truncated"); + free($2); + YYERROR; + } free($2); } | NO flag { proto->sslflags &= ~($2); } diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 88a2a84e292..47f44a8c9aa 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.31 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: relay.c,v 1.32 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -1951,7 +1951,7 @@ relay_ssl_ctx_create(struct relay *rlay) { struct protocol *proto = rlay->proto; SSL_CTX *ctx; - char certfile[PATH_MAX], hbuf[128], *ciphers = NULL; + char certfile[PATH_MAX], hbuf[128]; ctx = SSL_CTX_new(SSLv23_method()); if (ctx == NULL) @@ -1980,10 +1980,7 @@ relay_ssl_ctx_create(struct relay *rlay) if ((proto->sslflags & SSLFLAG_TLSV1) == 0) SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); - /* Change the default SSL cipher suite, if specified */ - if ((ciphers = proto->sslciphers) == NULL) - ciphers = SSLCIPHERS_DEFAULT; - if (!SSL_CTX_set_cipher_list(ctx, ciphers)) + if (!SSL_CTX_set_cipher_list(ctx, proto->sslciphers)) goto err; if (relay_host(&rlay->conf.ss, hbuf, sizeof(hbuf)) == NULL) diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index ed67b456dcc..c92d9391560 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.46 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: relayd.h,v 1.47 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -455,7 +455,7 @@ struct protocol { u_int8_t tcpipttl; u_int8_t tcpipminttl; u_int8_t sslflags; - char *sslciphers; + char sslciphers[32]; char name[MAX_NAME_SIZE]; int cache; enum prototype type; |