Fix possible crash when DH parameters are not provided

[solanum.git] / ssld / ssld.c

diff --git a/ssld/ssld.c b/ssld/ssld.c
index 6eb942c2175b30e378064f6d565a9c61b754308d..9349100405723d4b576698bd251dc6439b04f076 100644 (file)
--- a/ssld/ssld.c
+++ b/ssld/ssld.c
@@ -152,7 +152,7 @@ static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
 static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
 static const char *remote_closed = "Remote host closed the connection";
 static bool ssld_ssl_ok;
-static int certfp_method = RB_SSL_CERTFP_METH_SHA1;
+static int certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1;
 #ifdef HAVE_LIBZ
 static bool zlib_ok = true;
 #else
@@ -686,17 +686,28 @@ ssl_send_cipher(conn_t *conn)
 static void
 ssl_send_certfp(conn_t *conn)
 {
-       uint8_t buf[9 + RB_SSL_CERTFP_LEN];
+       uint8_t buf[13 + RB_SSL_CERTFP_LEN];
 
-       int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method);
+       int len = rb_get_ssl_certfp(conn->mod_fd, &buf[13], certfp_method);
        if (!len)
                return;
 
        lrb_assert(len <= RB_SSL_CERTFP_LEN);
        buf[0] = 'F';
        uint32_to_buf(&buf[1], conn->id);
-       uint32_to_buf(&buf[5], len);
-       mod_cmd_write_queue(conn->ctl, buf, 9 + len);
+       uint32_to_buf(&buf[5], certfp_method);
+       uint32_to_buf(&buf[9], len);
+       mod_cmd_write_queue(conn->ctl, buf, 13 + len);
+}
+
+static void
+ssl_send_open(conn_t *conn)
+{
+       uint8_t buf[5];
+
+       buf[0] = 'O';
+       uint32_to_buf(&buf[1], conn->id);
+       mod_cmd_write_queue(conn->ctl, buf, 5);
 }
 
 static void
@@ -706,10 +717,11 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen
 
        if(status == RB_OK)
        {
-               conn_mod_read_cb(conn->mod_fd, conn);
-               conn_plain_read_cb(conn->plain_fd, conn);
                ssl_send_cipher(conn);
                ssl_send_certfp(conn);
+               ssl_send_open(conn);
+               conn_mod_read_cb(conn->mod_fd, conn);
+               conn_plain_read_cb(conn->plain_fd, conn);
                return;
        }
        /* ircd doesn't care about the reason for this */
@@ -724,10 +736,11 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
 
        if(status == RB_OK)
        {
-               conn_mod_read_cb(conn->mod_fd, conn);
-               conn_plain_read_cb(conn->plain_fd, conn);
                ssl_send_cipher(conn);
                ssl_send_certfp(conn);
+               ssl_send_open(conn);
+               conn_mod_read_cb(conn->mod_fd, conn);
+               conn_plain_read_cb(conn->plain_fd, conn);
        }
        else if(status == RB_ERR_TIMEOUT)
                close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
@@ -824,31 +837,6 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
        mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
 }
 
-static void
-change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
-{
-       uint32_t id = buf_to_uint32(&ctlb->buf[1]);
-       uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
-       conn_t *conn = conn_find_by_id(id);
-       lrb_assert(conn != NULL);
-       if(conn == NULL)
-       {
-               uint8_t buf[256];
-               int len;
-
-               buf[0] = 'D';
-               uint32_to_buf(&buf[1], newid);
-               sprintf((char *) &buf[5], "connid %d does not exist", id);
-               len = (strlen((char *) &buf[5]) + 1) + 5;
-               mod_cmd_write_queue(ctl, buf, len);
-
-               return;
-       }
-       rb_dlinkDelete(&conn->node, connid_hash(conn->id));
-       SetZipSSL(conn);
-       conn->id = newid;
-}
-
 #ifdef HAVE_LIBZ
 static void
 zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
@@ -908,18 +896,6 @@ zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 }
 #endif
 
-static void
-init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
-{
-       char *path;
-       prng_seed_t seed_type;
-
-       seed_type = (prng_seed_t) ctl_buf->buf[1];
-       path = (char *) &ctl_buf->buf[2];
-       rb_init_prng(path, seed_type);
-}
-
-
 static void
 ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
 {
@@ -932,10 +908,10 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
        key = buf;
        buf += strlen(key) + 1;
        dhparam = buf;
-       if(strlen(dhparam) == 0)
-               dhparam = NULL;
        buf += strlen(dhparam) + 1;
        cipher_list = buf;
+       if(strlen(dhparam) == 0)
+               dhparam = NULL;
        if(strlen(cipher_list) == 0)
                cipher_list = NULL;
 
@@ -1025,7 +1001,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl)
                        }
                case 'C':
                        {
-                               if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
+                               if (ctl_buf->buflen != 5)
                                {
                                        cleanup_bad_message(ctl, ctl_buf);
                                        break;
@@ -1041,7 +1017,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl)
                        }
                case 'F':
                        {
-                               if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
+                               if (ctl_buf->buflen != 5)
                                {
                                        cleanup_bad_message(ctl, ctl_buf);
                                        break;
@@ -1059,9 +1035,6 @@ mod_process_cmd_recv(mod_ctl_t * ctl)
                                ssl_new_keys(ctl, ctl_buf);
                                break;
                        }
-               case 'I':
-                       init_prng(ctl, ctl_buf);
-                       break;
                case 'S':
                        {
                                process_stats(ctl, ctl_buf);
@@ -1232,6 +1205,7 @@ main(int argc, char **argv)
        setup_signals();
        rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
        rb_init_rawbuffers(1024);
+       rb_init_prng(NULL, RB_PRNG_DEFAULT);
        ssld_ssl_ok = rb_supports_ssl();
        mod_ctl = rb_malloc(sizeof(mod_ctl_t));
        mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");