[Asterisk-code-review] Prevent Undefined Capath Crash (asterisk[13])
Richard Mudgett
asteriskteam at digium.com
Thu May 4 19:38:34 CDT 2017
Richard Mudgett has posted comments on this change. ( https://gerrit.asterisk.org/5583 )
Change subject: Prevent Undefined Capath Crash
......................................................................
Patch Set 1:
> Oof, You're right, of course. I was typing something different than
> I was thinking.
>
> The root of the issue is that there's nothing requiring capath or
> cafile to be defined in ast_tls_read_conf. But cfg->capath is being
> checked for changes on an AMI reload (which does a tls_stop and
> tls_start, expecting capath to be defined).
>
> So I could modify the manager caller to ensure it's there, or I
> could fix in tcptls itself. This issue sprung up in http as well,
> when reloads of the stack were allowed awhile back.
>
> Is there a preference on where a preferred fix would go?
It looks like main/manager.c is leaking memory in the global ami_tls_cfg struct as well as not initializing the capath and other parameters. manager_set_defaults() needs to initialize the below strings. manager_shutdown() needs to release all of the below strings.
char *certfile;
char *pvtfile;
char *cipher;
char *cafile;
char *capath;
__ast_http_load() and http_shutdown() will need to do the same for http_tls_cfg.
I suppose to make sure this is fixed for everyone a struct ast_tls_config set defaults and cleanup is needed and then to make everyone call it instead of inlining the allocations and frees everywhere.
--
To view, visit https://gerrit.asterisk.org/5583
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I63ff715d9d9023427543a5b8a4ba7b0d82533c12
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: No
More information about the asterisk-code-review
mailing list