[Asterisk-code-review] Prevent Undefined Capath Crash (asterisk[13])

[Richard Mudgett]

Richard Mudgett has posted comments on this change. ( https://gerrit.asterisk.org/5583 )

Change subject: Prevent Undefined Capath Crash
......................................................................


Patch Set 1:

> Oof, You're right, of course. I was typing something different than
 > I was thinking.
 > 
 > The root of the issue is that there's nothing requiring capath or
 > cafile to be defined in ast_tls_read_conf. But cfg->capath is being
 > checked for changes on an AMI reload (which does a tls_stop and
 > tls_start, expecting capath to be defined).
 > 
 > So I could modify the manager caller to ensure it's there, or I
 > could fix in tcptls itself. This issue sprung up in http as well,
 > when reloads of the stack were allowed awhile back.
 > 
 > Is there a preference on where a preferred fix would go?

It looks like main/manager.c is leaking memory in the global ami_tls_cfg struct as well as not initializing the capath and other parameters.  manager_set_defaults() needs to initialize the below strings.  manager_shutdown() needs to release all of the below strings.

	char *certfile;
	char *pvtfile;
	char *cipher;
	char *cafile;
	char *capath;


__ast_http_load() and http_shutdown() will need to do the same for http_tls_cfg.

I suppose to make sure this is fixed for everyone a struct ast_tls_config set defaults and cleanup is needed and then to make everyone call it instead of inlining the allocations and frees everywhere.

-- 
To view, visit https://gerrit.asterisk.org/5583
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I63ff715d9d9023427543a5b8a4ba7b0d82533c12
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: No