summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorattilamolnar <attilamolnar@hush.com>2012-06-01 04:03:46 +0200
committerattilamolnar <attilamolnar@hush.com>2012-06-01 04:03:46 +0200
commit926c3f82b9b94c59026e9aad29fb8293ba93f94b (patch)
tree7c9985ae518ce26bff16cc59fb72cba37b0e6b14
parent90875afded8d80cc6c61d9f7804c1ba7a74e70a7 (diff)
m_ssl_gnutls Fix crash caused by calling gnutls_dh_params_deinit() when dh_params wasn't inited
Fixes #181 reported by @BlacklightShining
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp28
1 files changed, 19 insertions, 9 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 22c027cfb..689d69580 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -156,6 +156,7 @@ class ModuleSSLGnuTLS : public Module
int dh_bits;
bool cred_alloc;
+ bool dh_alloc;
RandGen randhandler;
CommandStartTLS starttls;
@@ -173,6 +174,7 @@ class ModuleSSLGnuTLS : public Module
gnutls_x509_privkey_init(&x509_key);
cred_alloc = false;
+ dh_alloc = false;
}
void init()
@@ -252,20 +254,25 @@ class ModuleSSLGnuTLS : public Module
int ret;
+ if (dh_alloc)
+ {
+ gnutls_dh_params_deinit(dh_params);
+ dh_alloc = false;
+ }
+
if (cred_alloc)
{
// Deallocate the old credentials
- gnutls_dh_params_deinit(dh_params);
gnutls_certificate_free_credentials(x509_cred);
for(unsigned int i=0; i < x509_certs.size(); i++)
gnutls_x509_crt_deinit(x509_certs[i]);
x509_certs.clear();
}
- else
- cred_alloc = true;
- if((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0)
+ ret = gnutls_certificate_allocate_credentials(&x509_cred);
+ cred_alloc = (ret >= 0);
+ if (!cred_alloc)
ServerInstance->Logs->Log("m_ssl_gnutls",DEBUG, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret));
if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
@@ -300,7 +307,9 @@ class ModuleSSLGnuTLS : public Module
gnutls_certificate_client_set_retrieve_function (x509_cred, cert_callback);
- if((ret = gnutls_dh_params_init(&dh_params)) < 0)
+ ret = gnutls_dh_params_init(&dh_params);
+ dh_alloc = (ret >= 0);
+ if (!dh_alloc)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret));
// This may be on a large (once a day or week) timer eventually.
@@ -324,13 +333,14 @@ class ModuleSSLGnuTLS : public Module
{
for(unsigned int i=0; i < x509_certs.size(); i++)
gnutls_x509_crt_deinit(x509_certs[i]);
- x509_certs.clear();
+
gnutls_x509_privkey_deinit(x509_key);
- if (cred_alloc)
- {
+
+ if (dh_alloc)
gnutls_dh_params_deinit(dh_params);
+ if (cred_alloc)
gnutls_certificate_free_credentials(x509_cred);
- }
+
gnutls_global_deinit();
delete[] sessions;
ServerInstance->GenRandom = &ServerInstance->HandleGenRandom;