[PATCH] BUG/MINOR: ssl_sock.c: use PATH_MAX only when defined

Mon, 12 Aug 2013 03:08:50 -0700 

Hi Willy,

We are seeing build failures of 1.5 w/ SSL on Debian's Hurd builder machines
due to the use of PATH_MAX (which is undefined in Hurd) when loading SSL
certificates. You can see the build log here:

https://buildd.debian.org/status/fetch.php?pkg=haproxy&arch=hurd-i386&ver=1.5%7Edev19-1&stamp=1372199388

The attached patch should fix this issue, by modifying the code in 
question to use a dynamically allocated buffer while checking against 
PATH_MAX if appropriate.

Regards,
Apollon

>From 865e8c1ed5bc8dfa61eff6c33e5b59b6a554db96 Mon Sep 17 00:00:00 2001
From: Apollon Oikonomopoulos <apoi...@gmail.com>
Date: Mon, 12 Aug 2013 12:22:26 +0300
Subject: [PATCH] BUG/MINOR: ssl_sock.c: use PATH_MAX only when defined

bind_parse_crt() unconditionally uses PATH_MAX, which is not guaranteed to be
defined by POSIX. In fact, GNU Hurd does not have a limit on path sizes and
thus leaves PATH_MAX undefined, causing OpenSSL-enabled builds on Hurd to fail.

We fix this by using dynamic allocation of the path buffer and checking the
actual path length whenever PATH_MAX is defined.
---
 src/ssl_sock.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ce1712d..655dc77 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2543,17 +2543,25 @@ static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct
 /* parse the "crt" bind keyword */
 static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	char path[PATH_MAX];
+	char *path;
+	size_t path_length;
 	if (!*args[cur_arg + 1]) {
 		memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
 		return ERR_ALERT | ERR_FATAL;
 	}
 
 	if ((*args[cur_arg + 1] != '/' ) && global.crt_base) {
-		if ((strlen(global.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > PATH_MAX) {
+		path_length = strlen(global.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1;
+#ifdef PATH_MAX
+		if (path_length > PATH_MAX) {
 			memprintf(err, "'%s' : path too long", args[cur_arg]);
 			return ERR_ALERT | ERR_FATAL;
 		}
+#endif
+		if ((path = malloc(path_length)) == NULL) {
+			memprintf(err, "'%s' : unable to allocate path buffer", args[cur_arg]);
+			return ERR_ALERT | ERR_FATAL;
+		}
 		sprintf(path, "%s/%s",  global.crt_base, args[cur_arg + 1]);
 		if (ssl_sock_load_cert(path, conf, px, err) > 0)
 			return ERR_ALERT | ERR_FATAL;
-- 
1.7.10.4

Reply via email to