From e45fc33a388415f383ca77878c8264efadee75ce Mon Sep 17 00:00:00 2001 From: claudio Date: Mon, 1 Jan 2018 15:01:09 +0000 Subject: [PATCH] RSA_private_{en,de}crypt() can fail and will return -1 in that case. Check for this in the ca process and return a valid answer to the relay process. This fixes rsae_send_imsg poll timeouts blocking relay processes as seen by Mischa Peters and myself. OK benno@ --- usr.sbin/relayd/ca.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c index 48e068e4c6b..3797e900061 100644 --- a/usr.sbin/relayd/ca.c +++ b/usr.sbin/relayd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.31 2017/11/28 00:20:23 claudio Exp $ */ +/* $OpenBSD: ca.c,v 1.32 2018/01/01 15:01:09 claudio Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -266,9 +266,15 @@ ca_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg) break; } + if (cko.cko_tlen == -1) { + char buf[256]; + log_warnx("%s: %s", __func__, + ERR_error_string(ERR_get_error(), buf)); + } + iov[c].iov_base = &cko; iov[c++].iov_len = sizeof(cko); - if (cko.cko_tlen) { + if (cko.cko_tlen > 0) { iov[c].iov_base = to; iov[c++].iov_len = cko.cko_tlen; } @@ -381,12 +387,12 @@ rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa, IMSG_SIZE_CHECK(&imsg, (&cko)); memcpy(&cko, imsg.data, sizeof(cko)); - if (IMSG_DATA_SIZE(&imsg) != - (sizeof(cko) + cko.cko_tlen)) - fatalx("data size"); ret = cko.cko_tlen; - if (ret) { + if (ret > 0) { + if (IMSG_DATA_SIZE(&imsg) != + (sizeof(cko) + ret)) + fatalx("data size"); toptr = (u_char *)imsg.data + sizeof(cko); memcpy(to, toptr, ret); } -- 2.20.1