From dfd8bbac808cce90fc4b9aca8ecff32ff71491bd Mon Sep 17 00:00:00 2001 From: Pierre-Yves Ritschard Date: Tue, 29 May 2007 00:48:05 +0000 Subject: move the ssl cipher suite string to a (small) static charbuf, this will make it easier to send the struct over the socket. --- usr.sbin/hoststated/hoststated.h | 4 ++-- usr.sbin/hoststated/parse.y | 15 ++++++++++----- usr.sbin/hoststated/relay.c | 9 +++------ 3 files changed, 15 insertions(+), 13 deletions(-) (limited to 'usr.sbin/hoststated') diff --git a/usr.sbin/hoststated/hoststated.h b/usr.sbin/hoststated/hoststated.h index a7b4ee77358..036ce7aec4f 100644 --- a/usr.sbin/hoststated/hoststated.h +++ b/usr.sbin/hoststated/hoststated.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hoststated.h,v 1.46 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: hoststated.h,v 1.47 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard @@ -455,7 +455,7 @@ struct protocol { u_int8_t tcpipttl; u_int8_t tcpipminttl; u_int8_t sslflags; - char *sslciphers; + char sslciphers[32]; char name[MAX_NAME_SIZE]; int cache; enum prototype type; diff --git a/usr.sbin/hoststated/parse.y b/usr.sbin/hoststated/parse.y index d970d01e43f..88c1c1c93a1 100644 --- a/usr.sbin/hoststated/parse.y +++ b/usr.sbin/hoststated/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.43 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: parse.y,v 1.44 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -558,8 +558,9 @@ proto : PROTO STRING { p->type = RELAY_PROTO_TCP; p->tcpflags = TCPFLAG_DEFAULT; p->sslflags = SSLFLAG_DEFAULT; - p->sslciphers = NULL; p->tcpbacklog = RELAY_BACKLOG; + (void)strlcpy(p->sslciphers, SSLCIPHERS_DEFAULT, + sizeof(p->sslciphers)); if (last_proto_id == INT_MAX) { yyerror("too many protocols defined"); YYERROR; @@ -712,9 +713,13 @@ sslflags_l : sslflags comma sslflags_l sslflags : SESSION CACHE sslcache { proto->cache = $3; } | CIPHERS STRING { - proto->sslciphers = strdup($2); - if (proto->sslciphers == NULL) - fatal("out of memory"); + if (strlcpy(proto->sslciphers, $2, + sizeof(proto->sslciphers)) >= + sizeof(proto->sslciphers)) { + yyerror("sslciphers truncated"); + free($2); + YYERROR; + } free($2); } | NO flag { proto->sslflags &= ~($2); } diff --git a/usr.sbin/hoststated/relay.c b/usr.sbin/hoststated/relay.c index 88a2a84e292..47f44a8c9aa 100644 --- a/usr.sbin/hoststated/relay.c +++ b/usr.sbin/hoststated/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.31 2007/05/29 00:21:10 pyr Exp $ */ +/* $OpenBSD: relay.c,v 1.32 2007/05/29 00:48:04 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter @@ -1951,7 +1951,7 @@ relay_ssl_ctx_create(struct relay *rlay) { struct protocol *proto = rlay->proto; SSL_CTX *ctx; - char certfile[PATH_MAX], hbuf[128], *ciphers = NULL; + char certfile[PATH_MAX], hbuf[128]; ctx = SSL_CTX_new(SSLv23_method()); if (ctx == NULL) @@ -1980,10 +1980,7 @@ relay_ssl_ctx_create(struct relay *rlay) if ((proto->sslflags & SSLFLAG_TLSV1) == 0) SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); - /* Change the default SSL cipher suite, if specified */ - if ((ciphers = proto->sslciphers) == NULL) - ciphers = SSLCIPHERS_DEFAULT; - if (!SSL_CTX_set_cipher_list(ctx, ciphers)) + if (!SSL_CTX_set_cipher_list(ctx, proto->sslciphers)) goto err; if (relay_host(&rlay->conf.ss, hbuf, sizeof(hbuf)) == NULL) -- cgit v1.2.3