Merge pull request #298 from edk0/rejectcache

[solanum.git] / ircd / sslproc.c

diff --git a/ircd/sslproc.c b/ircd/sslproc.c
index 51e594a9dd82ecaec0dc80a99f74f3cbf5d3e1db..ffea6e89babef2aca35f77eec5eaf6ca3fb7eb8a 100644 (file)
--- a/ircd/sslproc.c
+++ b/ircd/sslproc.c
@@ -33,6 +33,7 @@
 #include "client.h"
 #include "send.h"
 #include "packet.h"
+#include "certfp.h"
 
 #define ZIPSTATS_TIME           60
 
@@ -170,6 +171,9 @@ restart_ssld(void)
                }
        }
 
+       ssld_spin_count = 0;
+       last_spin = 0;
+       ssld_wait = 0;
        start_ssldaemon(ServerInfo.ssld_count);
 }
 
@@ -351,8 +355,12 @@ ssl_process_zipstats(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 {
        struct Client *server;
        struct ZipStats *zips;
-       char *parv[7];
-       (void) rb_string_to_array(ctl_buf->buf, parv, 6);
+       char *parv[6];
+       int parc = rb_string_to_array(ctl_buf->buf, parv, sizeof(parv));
+
+       if (parc < sizeof(parv))
+               return;
+
        server = find_server(NULL, parv[1]);
        if(server == NULL || server->localClient == NULL || !IsCapable(server, CAP_ZIP))
                return;
@@ -393,13 +401,11 @@ ssl_process_open_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 
        if(client_p->localClient->ssl_callback)
        {
-               CNCB *hdl = client_p->localClient->ssl_callback;
-               void *data = client_p->localClient->ssl_data;
+               SSL_OPEN_CB *hdl = client_p->localClient->ssl_callback;
 
                client_p->localClient->ssl_callback = NULL;
-               client_p->localClient->ssl_data = NULL;
 
-               hdl(client_p->localClient->F, RB_OK, data);
+               hdl(client_p, RB_OK);
        }
 }
 
@@ -428,16 +434,15 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
        /* if there is still a pending callback, call it now */
        if(client_p->localClient->ssl_callback)
        {
-               CNCB *hdl = client_p->localClient->ssl_callback;
-               void *data = client_p->localClient->ssl_data;
+               SSL_OPEN_CB *hdl = client_p->localClient->ssl_callback;
 
                client_p->localClient->ssl_callback = NULL;
-               client_p->localClient->ssl_data = NULL;
-
-               hdl(client_p->localClient->F, RB_ERROR_SSL, data);
 
-               /* the callback should have exited the client */
-               return;
+               if (hdl(client_p, RB_ERROR_SSL))
+               {
+                       /* the callback has exited the client */
+                       return;
+               }
        }
 
        if(IsAnyServer(client_p) || IsRegistered(client_p))
@@ -502,17 +507,19 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 
        switch (certfp_method) {
        case RB_SSL_CERTFP_METH_CERT_SHA1:
+               method_string = CERTFP_PREFIX_CERT_SHA1;
+               break;
        case RB_SSL_CERTFP_METH_CERT_SHA256:
+               method_string = CERTFP_PREFIX_CERT_SHA256;
+               break;
        case RB_SSL_CERTFP_METH_CERT_SHA512:
-               method_string = "";
+               method_string = CERTFP_PREFIX_CERT_SHA512;
                break;
-
-       /* These names are copied from RFC 7218 */
        case RB_SSL_CERTFP_METH_SPKI_SHA256:
-               method_string = "SPKI:SHA2-256:";
+               method_string = CERTFP_PREFIX_SPKI_SHA256;
                break;
        case RB_SSL_CERTFP_METH_SPKI_SHA512:
-               method_string = "SPKI:SHA2-512:";
+               method_string = CERTFP_PREFIX_SPKI_SHA512;
                break;
        default:
                return;
@@ -521,7 +528,7 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 
        rb_free(client_p->certfp);
        certfp_string = rb_malloc(method_len + len * 2 + 1);
-       strcpy(certfp_string, method_string);
+       rb_strlcpy(certfp_string, method_string, method_len + len * 2 + 1);
        for(uint32_t i = 0; i < len; i++)
                snprintf(certfp_string + method_len + 2 * i, 3, "%02x",
                                certfp[i]);
@@ -719,13 +726,22 @@ ssl_cmd_write_queue(ssl_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf,
 static void
 send_new_ssl_certs_one(ssl_ctl_t * ctl)
 {
-       size_t len;
+       size_t len = 5;
+
+       if(ServerInfo.ssl_cert)
+               len += strlen(ServerInfo.ssl_cert);
+       else
+               return;
+
+       if(ServerInfo.ssl_private_key)
+               len += strlen(ServerInfo.ssl_private_key);
 
-       len = strlen(ServerInfo.ssl_cert) + strlen(ServerInfo.ssl_private_key) + 5;
        if(ServerInfo.ssl_dh_params)
                len += strlen(ServerInfo.ssl_dh_params);
+
        if(ServerInfo.ssl_cipher_list)
                len += strlen(ServerInfo.ssl_cipher_list);
+
        if(len > sizeof(tmpbuf))
        {
                sendto_realops_snomask(SNO_GENERAL, L_ALL,
@@ -736,12 +752,15 @@ send_new_ssl_certs_one(ssl_ctl_t * ctl)
                     len, sizeof(tmpbuf));
                return;
        }
-       len = snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul,
-                       ServerInfo.ssl_cert, nul,
-                       ServerInfo.ssl_private_key, nul,
-                       ServerInfo.ssl_dh_params != NULL ? ServerInfo.ssl_dh_params : "", nul,
-                       ServerInfo.ssl_cipher_list != NULL ? ServerInfo.ssl_cipher_list : "", nul);
-       ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
+
+       int ret = snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul,
+                          ServerInfo.ssl_cert, nul,
+                          ServerInfo.ssl_private_key != NULL ? ServerInfo.ssl_private_key : "", nul,
+                          ServerInfo.ssl_dh_params != NULL ? ServerInfo.ssl_dh_params : "", nul,
+                          ServerInfo.ssl_cipher_list != NULL ? ServerInfo.ssl_cipher_list : "", nul);
+
+       if(ret > 5)
+               ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, (size_t) ret);
 }
 
 static void
@@ -769,6 +788,10 @@ ssld_update_config(void)
        RB_DLINK_FOREACH(ptr, ssl_daemons.head)
        {
                ssl_ctl_t *ctl = ptr->data;
+
+               if (ctl->dead || ctl->shutdown)
+                       continue;
+
                ssld_update_config_one(ctl);
        }
 }