Commit 8874f3de authored by Dmitry Frank's avatar Dmitry Frank Committed by Cesanta Bot

Fix simplelink SSL context

It wasn't checked for `NULL`, and on CC3200 NULL dereferencing addresses
doesn't cause a crash, so it worked by pure luck: ctx->ssl_key was 0.
After `mg_` to `miot_` refactoring it's not the case anymore (presumably
because linker arranged objects in a different order), so this bug shown
up.

PUBLISHED_FROM=0f1cc73a078c18432c68ae0f9b14dd06b3bb4279
parent 3c5d48ea
...@@ -12894,40 +12894,46 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) { ...@@ -12894,40 +12894,46 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) {
int sl_set_ssl_opts(struct mg_connection *nc) { int sl_set_ssl_opts(struct mg_connection *nc) {
int err; int err;
struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data; struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
DBG(("%p %s,%s,%s,%s", nc, (ctx->ssl_cert ? ctx->ssl_cert : "-"), DBG(("%p ssl ctx: %p", nc, ctx));
(ctx->ssl_key ? ctx->ssl_cert : "-"),
(ctx->ssl_ca_cert ? ctx->ssl_ca_cert : "-"), if (ctx) {
(ctx->ssl_server_name ? ctx->ssl_server_name : "-"))); DBG(("%p %s,%s,%s,%s", nc, (ctx->ssl_cert ? ctx->ssl_cert : "-"),
if (ctx->ssl_cert != NULL && ctx->ssl_key != NULL) { (ctx->ssl_key ? ctx->ssl_cert : "-"),
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET, (ctx->ssl_ca_cert ? ctx->ssl_ca_cert : "-"),
SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME, ctx->ssl_cert, (ctx->ssl_server_name ? ctx->ssl_server_name : "-")));
strlen(ctx->ssl_cert)); if (ctx->ssl_cert != NULL && ctx->ssl_key != NULL) {
DBG(("CERTIFICATE_FILE_NAME %s -> %d", ctx->ssl_cert, err));
if (err != 0) return err;
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME, ctx->ssl_key,
strlen(ctx->ssl_key));
DBG(("PRIVATE_KEY_FILE_NAME %s -> %d", ctx->ssl_key, nc->err));
if (err != 0) return err;
}
if (ctx->ssl_ca_cert != NULL) {
if (ctx->ssl_ca_cert[0] != '\0') {
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET, err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SL_SO_SECURE_FILES_CA_FILE_NAME, ctx->ssl_ca_cert, SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME,
strlen(ctx->ssl_ca_cert)); ctx->ssl_cert, strlen(ctx->ssl_cert));
DBG(("CA_FILE_NAME %s -> %d", ctx->ssl_ca_cert, err)); DBG(("CERTIFICATE_FILE_NAME %s -> %d", ctx->ssl_cert, err));
if (err != 0) return err;
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME,
ctx->ssl_key, strlen(ctx->ssl_key));
DBG(("PRIVATE_KEY_FILE_NAME %s -> %d", ctx->ssl_key, nc->err));
if (err != 0) return err; if (err != 0) return err;
} }
} if (ctx->ssl_ca_cert != NULL) {
if (ctx->ssl_server_name != NULL) { if (ctx->ssl_ca_cert[0] != '\0') {
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET, err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SO_SECURE_DOMAIN_NAME_VERIFICATION, SL_SO_SECURE_FILES_CA_FILE_NAME, ctx->ssl_ca_cert,
ctx->ssl_server_name, strlen(ctx->ssl_server_name)); strlen(ctx->ssl_ca_cert));
DBG(("DOMAIN_NAME_VERIFICATION %s -> %d", ctx->ssl_server_name, err)); DBG(("CA_FILE_NAME %s -> %d", ctx->ssl_ca_cert, err));
/* Domain name verificationw as added in a NWP service pack, older versions if (err != 0) return err;
* return SL_ENOPROTOOPT. There isn't much we can do about it, so we ignore }
* the error. */ }
if (err != 0 && err != SL_ENOPROTOOPT) return err; if (ctx->ssl_server_name != NULL) {
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SO_SECURE_DOMAIN_NAME_VERIFICATION,
ctx->ssl_server_name, strlen(ctx->ssl_server_name));
DBG(("DOMAIN_NAME_VERIFICATION %s -> %d", ctx->ssl_server_name, err));
/* Domain name verificationw as added in a NWP service pack, older
* versions
* return SL_ENOPROTOOPT. There isn't much we can do about it, so we
* ignore
* the error. */
if (err != 0 && err != SL_ENOPROTOOPT) return err;
}
} }
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment