From 41ca930e58bba05eb50ac5e265cb0ef8f4533000 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Wed, 8 Apr 2020 13:15:18 +0200 Subject: [PATCH] BUG/MINOR: ssl: trailing slashes in directory names wrongly cached The crtlist_load_cert_dir() caches the directory name without trailing slashes when ssl_sock_load_cert_list_file() tries to lookup without cleaning the trailing slashes. This bug leads to creating the crtlist twice and prevents to remove correctly a crtlist_entry since it exists in the serveral crtlists created by accident. Move the trailing slashes cleanup in ssl_sock_load_cert_list_file() to fix the problem. This bug was introduced by 6be66ec ("MINOR: ssl: directories are loaded like crt-list") --- src/ssl_sock.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 14ee25199..f58a1c0d5 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4560,10 +4560,6 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct int j; #endif - /* strip trailing slashes, including first one */ - for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--) - *end = 0; - dir = malloc(sizeof(*dir) + strlen(path) + 1); if (dir == NULL) { memprintf(err, "not enough memory"); @@ -4980,6 +4976,7 @@ int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_con struct crtlist_entry *entry = NULL; struct bind_conf_list *bind_conf_node = NULL; int cfgerr = 0; + char *end; bind_conf_node = malloc(sizeof(*bind_conf_node)); if (!bind_conf_node) { @@ -4990,6 +4987,10 @@ int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_con bind_conf_node->next = NULL; bind_conf_node->bind_conf = bind_conf; + /* strip trailing slashes, including first one */ + for (end = file + strlen(file) - 1; end >= file && *end == '/'; end--) + *end = 0; + /* look for an existing crtlist or create one */ eb = ebst_lookup(&crtlists_tree, file); if (eb) {