Re: relayd: crash with two listen on (one is ssl)
This has been commited, thanks!
Erik Lax(e...@halon.se) on 2013.11.19 22:40:38 +0100:
Hi,
In relayd, if a relay is configured with two listen on directives, one
with ssl and one without. In the relay_inherit function the ssl pointers
(cert and key) are copied to the latter, and used/freed even if F_SSL is
not set. This causes a double free later in purge_relay.
relay http {
listen on 127.0.0.1 port 4433 ssl
listen on 127.0.0.1 port 8080
forward with ssl to 127.0.0.1 port 443
}
There following patch fixes this.
--- usr.sbin/relayd/parse.y.orig Tue Nov 19 22:10:48 2013
+++ usr.sbin/relayd/parse.y Tue Nov 19 22:09:41 2013
@@ -2809,6 +2809,12 @@
rb-rl_conf.port = rc.port;
rb-rl_conf.flags =
(ra-rl_conf.flags ~F_SSL) | (rc.flags F_SSL);
+ if (!(rb-rl_conf.flags F_SSL)) {
+ rb-rl_ssl_cert = NULL;
+ rb-rl_conf.ssl_cert_len = 0;
+ rb-rl_ssl_key = NULL;
+ rb-rl_conf.ssl_key_len = 0;
+ }
TAILQ_INIT(rb-rl_tables);
rb-rl_conf.id = ++last_relay_id;
--
relayd: crash with two listen on (one is ssl)
Hi,
In relayd, if a relay is configured with two listen on directives, one
with ssl and one without. In the relay_inherit function the ssl pointers
(cert and key) are copied to the latter, and used/freed even if F_SSL is
not set. This causes a double free later in purge_relay.
relay http {
listen on 127.0.0.1 port 4433 ssl
listen on 127.0.0.1 port 8080
forward with ssl to 127.0.0.1 port 443
}
There following patch fixes this.
--- usr.sbin/relayd/parse.y.origTue Nov 19 22:10:48 2013
+++ usr.sbin/relayd/parse.y Tue Nov 19 22:09:41 2013
@@ -2809,6 +2809,12 @@
rb-rl_conf.port = rc.port;
rb-rl_conf.flags =
(ra-rl_conf.flags ~F_SSL) | (rc.flags F_SSL);
+ if (!(rb-rl_conf.flags F_SSL)) {
+ rb-rl_ssl_cert = NULL;
+ rb-rl_conf.ssl_cert_len = 0;
+ rb-rl_ssl_key = NULL;
+ rb-rl_conf.ssl_key_len = 0;
+ }
TAILQ_INIT(rb-rl_tables);
rb-rl_conf.id = ++last_relay_id;
