From: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue, 30 Aug 2011 17:56:56 +0000 (+0200)
Subject: Prevent read_rsa_public_key() from returning an uninitialized RSA structure.
X-Git-Tag: release-1.0.17~30
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=e838289683c0039fac0ae6172d40b4177c17911b;hp=0f2aa4bd8b698608876bec141c5aef1aa619730b

Prevent read_rsa_public_key() from returning an uninitialized RSA structure.

In case the config file could not be opened a new but unitialized RSA structure
would be returned, causing a segmentation fault later on. This would only
happen in the case that the config file could be opened before, but not when
read_rsa_public_key() was called. This situation could occur when the --user
option was used, and the config files were not readable by the specified user.
---

diff --git a/src/net_setup.c b/src/net_setup.c
index f18e3bfe..c4337ccc 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -113,11 +113,14 @@ bool read_rsa_public_key(connection_t *c) {
 	xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
 	fp = fopen(fname, "r");
 
-	if(fp) {
-		c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
-		fclose(fp);
+	if(!fp) {
+		logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
+		free(fname);
+		return;
 	}
 
+	c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
+	fclose(fp);
 	free(fname);
 
 	if(c->rsa_key)
@@ -128,12 +131,15 @@ bool read_rsa_public_key(connection_t *c) {
 	xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
 	fp = fopen(fname, "r");
 
-	if(fp) {
-		c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
-//		RSA_blinding_on(c->rsa_key, NULL);
-		fclose(fp);
+	if(!fp) {
+		logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
+		free(fname);
+		return;
 	}
 
+	c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+//	RSA_blinding_on(c->rsa_key, NULL);
+	fclose(fp);
 	free(fname);
 
 	if(c->rsa_key)