From 2c8c228728571a8c463724b270c772607b8dc22b Mon Sep 17 00:00:00 2001 From: claudio Date: Sat, 2 May 2015 13:15:24 +0000 Subject: [PATCH] Fix obvious problems with relayd config reload. - fix a TAILQ corruption because of a use after free - do not reinit the SSL engine since that fails OK sthen, benno --- usr.sbin/relayd/ca.c | 7 +++++-- usr.sbin/relayd/config.c | 4 ++-- usr.sbin/relayd/parse.y | 12 ++++++------ usr.sbin/relayd/relayd.c | 5 +++-- usr.sbin/relayd/relayd.h | 5 +++-- 5 files changed, 19 insertions(+), 14 deletions(-) diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c index 0b79b62f75b..81f9971771d 100644 --- a/usr.sbin/relayd/ca.c +++ b/usr.sbin/relayd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.12 2015/01/22 17:42:09 reyk Exp $ */ +/* $OpenBSD: ca.c,v 1.13 2015/05/02 13:15:24 claudio Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -417,12 +417,15 @@ rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) void ca_engine_init(struct relayd *x_env) { - ENGINE *e; + ENGINE *e = NULL; const char *errstr, *name; if (env == NULL) env = x_env; + if (rsa_default != NULL) + return; + if ((e = ENGINE_get_default_RSA()) == NULL) { if ((e = ENGINE_new()) == NULL) { errstr = "ENGINE_new"; diff --git a/usr.sbin/relayd/config.c b/usr.sbin/relayd/config.c index 9cfbdca6872..2992df0fc24 100644 --- a/usr.sbin/relayd/config.c +++ b/usr.sbin/relayd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.24 2015/01/22 17:42:09 reyk Exp $ */ +/* $OpenBSD: config.c,v 1.25 2015/05/02 13:15:24 claudio Exp $ */ /* * Copyright (c) 2011 - 2014 Reyk Floeter @@ -142,7 +142,7 @@ config_purge(struct relayd *env, u_int reset) if (what & CONFIG_TABLES && env->sc_tables != NULL) { while ((table = TAILQ_FIRST(env->sc_tables)) != NULL) - purge_table(env->sc_tables, table); + purge_table(env, env->sc_tables, table); env->sc_tablecount = 0; } if (what & CONFIG_RDRS && env->sc_rdrs != NULL) { diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 2b58e87ba36..ae83e49ba4b 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.203 2015/02/08 04:50:32 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.204 2015/05/02 13:15:24 claudio Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -531,12 +531,12 @@ rdroptsl : forwardmode TO tablespec interface { if ($3->conf.check == CHECK_NOCHECK) { yyerror("table %s has no check", $3->conf.name); - purge_table(conf->sc_tables, $3); + purge_table(conf, conf->sc_tables, $3); YYERROR; } if (rdr->backup) { yyerror("only one backup table is allowed"); - purge_table(conf->sc_tables, $3); + purge_table(conf, conf->sc_tables, $3); YYERROR; } if (rdr->table) { @@ -1930,7 +1930,7 @@ routeoptsl : ROUTE address '/' NUMBER { if (router->rt_gwtable) { yyerror("router %s table already specified", router->rt_conf.name); - purge_table(conf->sc_tables, $3); + purge_table(conf, conf->sc_tables, $3); YYERROR; } router->rt_gwtable = $3; @@ -3091,7 +3091,7 @@ table_inherit(struct table *tb) goto fail; } if ((oldtb = table_findbyconf(conf, tb)) != NULL) { - purge_table(NULL, tb); + purge_table(conf, NULL, tb); return (oldtb); } @@ -3134,7 +3134,7 @@ table_inherit(struct table *tb) return (tb); fail: - purge_table(NULL, tb); + purge_table(conf, NULL, tb); return (NULL); } diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index de921959aaa..729af4bb14e 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.138 2015/01/22 17:42:09 reyk Exp $ */ +/* $OpenBSD: relayd.c,v 1.139 2015/05/02 13:15:24 claudio Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -546,12 +546,13 @@ parent_dispatch_ca(int fd, struct privsep_proc *p, struct imsg *imsg) } void -purge_table(struct tablelist *head, struct table *table) +purge_table(struct relayd *env, struct tablelist *head, struct table *table) { struct host *host; while ((host = TAILQ_FIRST(&table->hosts)) != NULL) { TAILQ_REMOVE(&table->hosts, host, entry); + TAILQ_REMOVE(&env->sc_hosts, host, globalentry); if (event_initialized(&host->cte.ev)) { event_del(&host->cte.ev); close(host->cte.s); diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 66bc59a8df6..f9f2a0fb5da 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.208 2015/03/09 17:20:38 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.209 2015/05/02 13:15:24 claudio Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter @@ -1253,7 +1253,8 @@ struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, objid_t); int expand_string(char *, size_t, const char *, const char *); void translate_string(char *); void purge_key(char **, off_t); -void purge_table(struct tablelist *, struct table *); +void purge_table(struct relayd *, struct tablelist *, + struct table *); void purge_relay(struct relayd *, struct relay *); char *digeststr(enum digest_type, const u_int8_t *, size_t, char *); const char *canonicalize_host(const char *, char *, size_t); -- 2.20.1