On Fri, Aug 25, 2017 at 09:33:14AM +0200, Karl-Andre' Skevik wrote:
> >Synopsis: SSL requests crashes relayd if "return error style" is ""
> >Category: system
> >Environment:
> System : OpenBSD 6.1
> Details : OpenBSD 6.1-current (GENERIC.MP) #7: Tue Aug 15 21:08:10
> MDT 2017
>
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> Architecture: OpenBSD.amd64
> Machine : amd64
> >Description:
>
> If the "return error style" keyword value for some reason is set to "",
> relayd appears to coredump and exit upon receiving a SSL request.
>
> Reproduced with latest CVS version of relayd.
This should fix it and avoids keeping the bad pointer value passed in
over imsg if an error occurs.
Index: config.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/config.c,v
retrieving revision 1.32
diff -u -p -r1.32 config.c
--- config.c 27 May 2017 08:33:25 -0000 1.32
+++ config.c 30 Aug 2017 11:15:23 -0000
@@ -603,7 +603,7 @@ config_setproto(struct relayd *env, stru
if (proto->style != NULL) {
iov[c].iov_base = proto->style;
- iov[c++].iov_len = strlen(proto->style);
+ iov[c++].iov_len = strlen(proto->style) + 1;
}
proc_composev(ps, id, IMSG_CFG_PROTO, iov, c);
@@ -680,8 +680,9 @@ config_getproto(struct relayd *env, stru
s = sizeof(*proto);
styl = IMSG_DATA_SIZE(imsg) - s;
+ proto->style = NULL;
if (styl > 0) {
- if ((proto->style = get_string(p + s, styl)) == NULL) {
+ if ((proto->style = get_string(p + s, styl - 1)) == NULL) {
free(proto);
return (-1);
}
