Merge pull request #298 from edk0/rejectcache

[solanum.git] / ircd / sslproc.c

diff --git a/ircd/sslproc.c b/ircd/sslproc.c
index f4b8016a2d437685991f65f7fe8d36ca085d26d2..ffea6e89babef2aca35f77eec5eaf6ca3fb7eb8a 100644 (file)
--- a/ircd/sslproc.c
+++ b/ircd/sslproc.c
@@ -171,6 +171,9 @@ restart_ssld(void)
                }
        }
 
+       ssld_spin_count = 0;
+       last_spin = 0;
+       ssld_wait = 0;
        start_ssldaemon(ServerInfo.ssld_count);
 }
 
@@ -352,8 +355,12 @@ ssl_process_zipstats(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 {
        struct Client *server;
        struct ZipStats *zips;
-       char *parv[7];
-       (void) rb_string_to_array(ctl_buf->buf, parv, 6);
+       char *parv[6];
+       int parc = rb_string_to_array(ctl_buf->buf, parv, sizeof(parv));
+
+       if (parc < sizeof(parv))
+               return;
+
        server = find_server(NULL, parv[1]);
        if(server == NULL || server->localClient == NULL || !IsCapable(server, CAP_ZIP))
                return;
@@ -521,7 +528,7 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 
        rb_free(client_p->certfp);
        certfp_string = rb_malloc(method_len + len * 2 + 1);
-       strcpy(certfp_string, method_string);
+       rb_strlcpy(certfp_string, method_string, method_len + len * 2 + 1);
        for(uint32_t i = 0; i < len; i++)
                snprintf(certfp_string + method_len + 2 * i, 3, "%02x",
                                certfp[i]);
@@ -719,13 +726,22 @@ ssl_cmd_write_queue(ssl_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf,
 static void
 send_new_ssl_certs_one(ssl_ctl_t * ctl)
 {
-       size_t len;
+       size_t len = 5;
+
+       if(ServerInfo.ssl_cert)
+               len += strlen(ServerInfo.ssl_cert);
+       else
+               return;
+
+       if(ServerInfo.ssl_private_key)
+               len += strlen(ServerInfo.ssl_private_key);
 
-       len = strlen(ServerInfo.ssl_cert) + strlen(ServerInfo.ssl_private_key) + 5;
        if(ServerInfo.ssl_dh_params)
                len += strlen(ServerInfo.ssl_dh_params);
+
        if(ServerInfo.ssl_cipher_list)
                len += strlen(ServerInfo.ssl_cipher_list);
+
        if(len > sizeof(tmpbuf))
        {
                sendto_realops_snomask(SNO_GENERAL, L_ALL,
@@ -736,12 +752,15 @@ send_new_ssl_certs_one(ssl_ctl_t * ctl)
                     len, sizeof(tmpbuf));
                return;
        }
-       len = snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul,
-                       ServerInfo.ssl_cert, nul,
-                       ServerInfo.ssl_private_key, nul,
-                       ServerInfo.ssl_dh_params != NULL ? ServerInfo.ssl_dh_params : "", nul,
-                       ServerInfo.ssl_cipher_list != NULL ? ServerInfo.ssl_cipher_list : "", nul);
-       ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
+
+       int ret = snprintf(tmpbuf, sizeof(tmpbuf), "K%c%s%c%s%c%s%c%s%c", nul,
+                          ServerInfo.ssl_cert, nul,
+                          ServerInfo.ssl_private_key != NULL ? ServerInfo.ssl_private_key : "", nul,
+                          ServerInfo.ssl_dh_params != NULL ? ServerInfo.ssl_dh_params : "", nul,
+                          ServerInfo.ssl_cipher_list != NULL ? ServerInfo.ssl_cipher_list : "", nul);
+
+       if(ret > 5)
+               ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, (size_t) ret);
 }
 
 static void
@@ -769,6 +788,10 @@ ssld_update_config(void)
        RB_DLINK_FOREACH(ptr, ssl_daemons.head)
        {
                ssl_ctl_t *ctl = ptr->data;
+
+               if (ctl->dead || ctl->shutdown)
+                       continue;
+
                ssld_update_config_one(ctl);
        }
 }