From 926c3f82b9b94c59026e9aad29fb8293ba93f94b Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Fri, 1 Jun 2012 04:03:46 +0200 Subject: m_ssl_gnutls Fix crash caused by calling gnutls_dh_params_deinit() when dh_params wasn't inited Fixes #181 reported by @BlacklightShining --- src/modules/extra/m_ssl_gnutls.cpp | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 22c027cfb..689d69580 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -156,6 +156,7 @@ class ModuleSSLGnuTLS : public Module int dh_bits; bool cred_alloc; + bool dh_alloc; RandGen randhandler; CommandStartTLS starttls; @@ -173,6 +174,7 @@ class ModuleSSLGnuTLS : public Module gnutls_x509_privkey_init(&x509_key); cred_alloc = false; + dh_alloc = false; } void init() @@ -252,20 +254,25 @@ class ModuleSSLGnuTLS : public Module int ret; + if (dh_alloc) + { + gnutls_dh_params_deinit(dh_params); + dh_alloc = false; + } + if (cred_alloc) { // Deallocate the old credentials - gnutls_dh_params_deinit(dh_params); gnutls_certificate_free_credentials(x509_cred); for(unsigned int i=0; i < x509_certs.size(); i++) gnutls_x509_crt_deinit(x509_certs[i]); x509_certs.clear(); } - else - cred_alloc = true; - if((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) + ret = gnutls_certificate_allocate_credentials(&x509_cred); + cred_alloc = (ret >= 0); + if (!cred_alloc) ServerInstance->Logs->Log("m_ssl_gnutls",DEBUG, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret)); if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) @@ -300,7 +307,9 @@ class ModuleSSLGnuTLS : public Module gnutls_certificate_client_set_retrieve_function (x509_cred, cert_callback); - if((ret = gnutls_dh_params_init(&dh_params)) < 0) + ret = gnutls_dh_params_init(&dh_params); + dh_alloc = (ret >= 0); + if (!dh_alloc) ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret)); // This may be on a large (once a day or week) timer eventually. @@ -324,13 +333,14 @@ class ModuleSSLGnuTLS : public Module { for(unsigned int i=0; i < x509_certs.size(); i++) gnutls_x509_crt_deinit(x509_certs[i]); - x509_certs.clear(); + gnutls_x509_privkey_deinit(x509_key); - if (cred_alloc) - { + + if (dh_alloc) gnutls_dh_params_deinit(dh_params); + if (cred_alloc) gnutls_certificate_free_credentials(x509_cred); - } + gnutls_global_deinit(); delete[] sessions; ServerInstance->GenRandom = &ServerInstance->HandleGenRandom; -- cgit v1.2.3 From 9289021a512906412de2236521ebde516adbb849 Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Fri, 1 Jun 2012 04:35:52 +0200 Subject: m_ssl_gnutls Only generate DH params when dh_params is inited --- src/modules/extra/m_ssl_gnutls.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 689d69580..6ca876d4c 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -323,6 +323,9 @@ class ModuleSSLGnuTLS : public Module // once a day, once a week or once a month. Depending on the // security requirements. + if (!dh_alloc) + return; + int ret; if((ret = gnutls_dh_params_generate2(dh_params, dh_bits)) < 0) -- cgit v1.2.3