From 0da1fdb2d2093cee9688cb66fcc2eb4a8f5818af Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sat, 2 Sep 2017 08:27:55 +0200 Subject: [PATCH] Fix possible crash in /STATS due to change from yesterday. Other than that, some minor style and real things. --- src/crashreport.c | 2 +- src/modules/m_server.c | 2 +- src/modules/m_stats.c | 2 +- src/ssl.c | 12 +++++++++--- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/crashreport.c b/src/crashreport.c index 5a2604e01..bdefbed1f 100644 --- a/src/crashreport.c +++ b/src/crashreport.c @@ -492,7 +492,7 @@ int crashreport_send(char *fname) SSL *ssl = NULL; BIO *socket = NULL; int xfr = 0; - char *errstr; + char *errstr = NULL; filesize = getfilesize(fname); if (filesize < 0) diff --git a/src/modules/m_server.c b/src/modules/m_server.c index 46750dff3..0bd65a4df 100644 --- a/src/modules/m_server.c +++ b/src/modules/m_server.c @@ -331,7 +331,7 @@ skip_host_check: /* Verify the SSL certificate (if requested) */ if (link->verify_certificate) { - char *errstr; + char *errstr = NULL; if (!IsSSL(cptr)) { diff --git a/src/modules/m_stats.c b/src/modules/m_stats.c index 79a1b7fe4..75c7f0616 100644 --- a/src/modules/m_stats.c +++ b/src/modules/m_stats.c @@ -1224,7 +1224,7 @@ int stats_set(aClient *sptr, char *para) sptr->name, SafePrint(iConf.ssl_options->key_file)); sendto_one(sptr, ":%s %i %s :ssl::trusted-ca-file: %s", me.name, RPL_TEXT, sptr->name, SafePrint(iConf.ssl_options->trusted_ca_file)); - sendto_one(sptr, ":%s %i %s :ssl::options: %s %s", me.name, RPL_TEXT, sptr->name, + sendto_one(sptr, ":%s %i %s :ssl::options: %s", me.name, RPL_TEXT, sptr->name, iConf.ssl_options->options & SSLFLAG_FAILIFNOCERT ? "FAILIFNOCERT" : ""); sendto_one(sptr, ":%s %i %s :options::show-opermotd: %d", me.name, RPL_TEXT, sptr->name, SHOWOPERMOTD); diff --git a/src/ssl.c b/src/ssl.c index 39619d5fb..68ff0c152 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -869,7 +869,12 @@ SSLOptions *FindSSLOptionsForUser(aClient *acptr) return sslopt; } -/** Verify certificate and make sure the certificate is valid for 'hostname'. */ +/** Verify certificate and make sure the certificate is valid for 'hostname'. + * @param ssl: The SSL structure of the client or server + * @param hostname: The hostname we should expect the certificate to be valid for + * @param errstr: Error will be stored in here (optional) + * @returns Returns 1 on success and 0 on error. + */ int verify_certificate(SSL *ssl, char *hostname, char **errstr) { static char buf[512]; @@ -878,7 +883,7 @@ int verify_certificate(SSL *ssl, char *hostname, char **errstr) *buf = '\0'; - if (*errstr) + if (errstr) *errstr = NULL; /* default */ if (!ssl) @@ -927,7 +932,8 @@ int verify_certificate(SSL *ssl, char *hostname, char **errstr) /* Certificate is verified but is issued for a different hostname */ snprintf(buf, sizeof(buf), "Certificate '%s' is not valid for hostname '%s'", certificate_name(ssl), hostname); - *errstr = buf; + if (errstr) + *errstr = buf; return 0; }