[sr-dev] git:master: tls: safety check for current cipher

Daniel-Constantin Mierla miconda at gmail.com
Thu Aug 4 11:46:24 CEST 2011


Module: sip-router
Branch: master
Commit: 816a0218130782ea86a3cc16feb2a008fe6fff68
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=816a0218130782ea86a3cc16feb2a008fe6fff68

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Thu Aug  4 11:41:32 2011 +0200

tls: safety check for current cipher

- SSL_get_current_cipher(...) may return NULL, in case of the cipher was
  not set yet for the connection
- caused crash when RPC command tls.list was used in such moment
- cipher description is set to 'unknown' for such case
- reported by Francesco Castellano

---

 modules/tls/tls_rpc.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/tls/tls_rpc.c b/modules/tls/tls_rpc.c
index 3fabcf6..1dfa6ac 100644
--- a/modules/tls/tls_rpc.c
+++ b/modules/tls/tls_rpc.c
@@ -133,11 +133,15 @@ static void tls_list(rpc_t* rpc, void* c)
 					"dst_ip", dst_ip,
 					"dst_port", con->rcv.dst_port);
 			if (tls_d) {
-				tls_info = SSL_CIPHER_description(
+				if(SSL_get_current_cipher(tls_d->ssl)) {
+					tls_info = SSL_CIPHER_description(
 									SSL_get_current_cipher(tls_d->ssl),
 									buf, sizeof(buf));
-				len = strlen(buf);
-				if (len && buf[len - 1] == '\n') buf[len - 1] = '\0';
+					len = strlen(buf);
+					if (len && buf[len - 1] == '\n') buf[len - 1] = '\0';
+				} else {
+					tls_info = "unknown";
+				}
 				/* tls data */
 				state = "unknown/error";
 				lock_get(&con->write_lock);




More information about the sr-dev mailing list