[Asterisk-code-review] Prevent Undefined Capath Crash (asterisk[13])

Richard Mudgett asteriskteam at digium.com
Thu May 4 20:14:38 CDT 2017 

Richard Mudgett has posted comments on this change. ( https://gerrit.asterisk.org/5583 )

Change subject: Prevent Undefined Capath Crash
......................................................................


Patch Set 1:

> > Oof, You're right, of course. I was typing something different
 > than
 > > I was thinking.
 > >
 > > The root of the issue is that there's nothing requiring capath or
 > > cafile to be defined in ast_tls_read_conf. But cfg->capath is
 > being
 > > checked for changes on an AMI reload (which does a tls_stop and
 > > tls_start, expecting capath to be defined).
 > >
 > > So I could modify the manager caller to ensure it's there, or I
 > > could fix in tcptls itself. This issue sprung up in http as well,
 > > when reloads of the stack were allowed awhile back.
 > >
 > > Is there a preference on where a preferred fix would go?
 > 
 > It looks like main/manager.c is leaking memory in the global
 > ami_tls_cfg struct as well as not initializing the capath and other
 > parameters.  manager_set_defaults() needs to initialize the below
 > strings.  manager_shutdown() needs to release all of the below
 > strings.
 > 
 > char *certfile;
 > char *pvtfile;
 > char *cipher;
 > char *cafile;
 > char *capath;
 > 
 > 
 > __ast_http_load() and http_shutdown() will need to do the same for
 > http_tls_cfg.
 > 
 > I suppose to make sure this is fixed for everyone a struct
 > ast_tls_config set defaults and cleanup is needed and then to make
 > everyone call it instead of inlining the allocations and frees
 > everywhere.

But that refactoring is getting beyond just fixing the crash.

-- 
To view, visit https://gerrit.asterisk.org/5583
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I63ff715d9d9023427543a5b8a4ba7b0d82533c12
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: No

More information about the asterisk-code-review mailing list