rpms / stunnel

Clone
Source Code
GIT

Files

  1.   82bc113d2f45c89ac18a4e47f929e0bd68f5b572
  2.   SOURCES
  3.   stunnel-5.48-failover-crash.patch
Blob Blame History Raw 
diff -up stunnel-5.48/src/client.c.failover-crash stunnel-5.48/src/client.c
--- stunnel-5.48/src/client.c.failover-crash	2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/client.c	2019-04-03 08:53:22.350538002 +0200
@@ -1431,10 +1431,14 @@ NOEXPORT void idx_cache_save(SSL_SESSION
 
     CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_ADDR]);
     old_addr=SSL_SESSION_get_ex_data(sess, index_session_connect_address);
-    /* we can safely ignore the SSL_SESSION_set_ex_data() failure */
-    SSL_SESSION_set_ex_data(sess, index_session_connect_address, new_addr);
-    CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
-    str_free(old_addr); /* NULL pointers are ignored */
+    if(SSL_SESSION_set_ex_data(sess, index_session_connect_address, new_addr)) {
+        CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
+        str_free(old_addr); /* NULL pointers are ignored */
+    } else { /* failed to store new_addr -> remove it */
+        sslerror("SSL_SESSION_set_ex_data");
+        CRYPTO_THREAD_unlock(stunnel_locks[LOCK_ADDR]);
+        str_free(new_addr); /* NULL pointers are ignored */
+    }
 }
 
 NOEXPORT unsigned idx_cache_retrieve(CLI *c) {
diff -up stunnel-5.48/src/ssl.c.failover-crash stunnel-5.48/src/ssl.c
--- stunnel-5.48/src/ssl.c.failover-crash	2018-04-06 16:25:10.000000000 +0200
+++ stunnel-5.48/src/ssl.c	2019-04-03 09:07:05.586306038 +0200
@@ -39,7 +39,14 @@
 #include "prototypes.h"
 
     /* global OpenSSL initialization: compression, engine, entropy */
-NOEXPORT void cb_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+#if OPENSSL_VERSION_NUMBER>=0x10100000L
+NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+    void *from_d, int idx, long argl, void *argp);
+#else
+NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
+    void *from_d, int idx, long argl, void *argp);
+#endif
+NOEXPORT void cb_free_addr(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
     int idx, long argl, void *argp);
 #ifndef OPENSSL_NO_COMP
 NOEXPORT int compression_init(GLOBAL_OPTIONS *);
@@ -67,7 +74,7 @@ int ssl_init(void) { /* init TLS before
     index_session_authenticated=SSL_SESSION_get_ex_new_index(0,
         "session authenticated", NULL, NULL, NULL);
     index_session_connect_address=SSL_SESSION_get_ex_new_index(0,
-        "session connect address", NULL, NULL, cb_free);
+        "session connect address", NULL, cb_dup_addr, cb_free_addr);
     if(index_ssl_cli<0 || index_ssl_ctx_opt<0 ||
             index_session_authenticated<0 ||
             index_session_connect_address<0) {
@@ -107,7 +114,31 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
 #endif
 #endif
 
-NOEXPORT void cb_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+#if OPENSSL_VERSION_NUMBER>=0x10100000L
+NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+        void *from_d, int idx, long argl, void *argp) {
+#else
+NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
+        void *from_d, int idx, long argl, void *argp) {
+#endif
+    SOCKADDR_UNION *src, *dst;
+    socklen_t len;
+
+    (void)to; /* squash the unused parameter warning */
+    (void)from; /* squash the unused parameter warning */
+    (void)idx; /* squash the unused parameter warning */
+    (void)argl; /* squash the unused parameter warning */
+    s_log(LOG_DEBUG, "Duplicating application specific data for %s",
+        (char *)argp);
+    src=*(void **)from_d;
+    len=addr_len(src);
+    dst=str_alloc_detached((size_t)len);
+    memcpy(dst, src, (size_t)len);
+    *(void **)from_d=dst;
+    return 1;
+}
+
+NOEXPORT void cb_free_addr(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
         int idx, long argl, void *argp) {
     (void)parent; /* squash the unused parameter warning */
     (void)ad; /* squash the unused parameter warning */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation