Skip to content

Misc tweaks #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 7, 2024
Merged

Misc tweaks #122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
00ee9a7
Avoid truncation of SSL_get_verify_result(3) return value
cgzones Oct 3, 2024
8197ee7
Enclose macro parameters
cgzones Oct 3, 2024
54a284c
Avoid stack usage for long living string
cgzones Oct 3, 2024
e1bc521
Free cursor returned from sd_journal_get_cursor(3)
cgzones Oct 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/netlog/netlog-conf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ int config_parse_netlog_remote_address(const char *unit,
return -EINVAL;

m->port = u;
m->server_name = strndupa(rvalue, e-rvalue);
m->server_name = strndup(rvalue, e-rvalue);
if (!m->server_name)
return log_oom();

Expand Down
11 changes: 6 additions & 5 deletions src/netlog/netlog-manager.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@ typedef struct ParseFieldVec {
} ParseFieldVec;

#define PARSE_FIELD_VEC_ENTRY(_field, _target, _target_len) { \
.field = _field, \
.field = (_field), \
.field_len = strlen(_field), \
.target = _target, \
.target_len = _target_len \
.target = (_target), \
.target_len = (_target_len) \
}

static int parse_field(
Expand Down Expand Up @@ -118,7 +118,7 @@ static int parse_fieldv(

static int manager_read_journal_input(Manager *m) {
_cleanup_free_ char *facility = NULL, *identifier = NULL, *priority = NULL, *message = NULL, *pid = NULL,
*hostname = NULL, *structured_data = NULL, *msgid = NULL;
*hostname = NULL, *structured_data = NULL, *msgid = NULL, *cursor = NULL;
size_t hostname_len = 0, identifier_len = 0, message_len = 0, priority_len = 0, facility_len = 0,
structured_data_len = 0, msgid_len = 0, pid_len = 0;
unsigned sev = JOURNAL_DEFAULT_SEVERITY;
Expand All @@ -127,7 +127,6 @@ static int manager_read_journal_input(Manager *m) {
const void *data;
usec_t realtime;
size_t length;
char *cursor;
int r;
const ParseFieldVec fields[] = {
PARSE_FIELD_VEC_ENTRY("_PID=", &pid, &pid_len ),
Expand Down Expand Up @@ -607,6 +606,8 @@ void manager_free(Manager *m) {
free(m->dtls);
free(m->tls);

free(m->server_name);

free(m->last_cursor);
free(m->current_cursor);

Expand Down
23 changes: 12 additions & 11 deletions src/netlog/netlog-tls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ int ssl_verify_certificate_validity(int s, X509_STORE_CTX *store) {
_cleanup_free_ char *pretty = NULL;
union sockaddr_union sa;
int r;
long rc;

assert(store);

Expand All @@ -57,26 +58,26 @@ int ssl_verify_certificate_validity(int s, X509_STORE_CTX *store) {
return 1;
}

r = SSL_get_verify_result(ssl);
if (r != X509_V_OK) {
switch(r) {
rc = SSL_get_verify_result(ssl);
if (rc != X509_V_OK) {
switch(rc) {
case X509_V_ERR_CERT_HAS_EXPIRED: {
switch (m->auth_mode) {
case OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY: {
log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(r));
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
return 0;
}
break;
case OPEN_SSL_CERTIFICATE_AUTH_MODE_WARN: {
log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(r));
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));

return 1;
}
break;
case OPEN_SSL_CERTIFICATE_AUTH_MODE_ALLOW: {
log_debug("TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(r));
log_debug("TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
return 1;
}

Expand All @@ -89,20 +90,20 @@ int ssl_verify_certificate_validity(int s, X509_STORE_CTX *store) {
switch (m->auth_mode) {
case OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY: {
log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(r));
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
return 0;
}
break;
case OPEN_SSL_CERTIFICATE_AUTH_MODE_WARN: {
log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(r));
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));

return 1;
}
break;
case OPEN_SSL_CERTIFICATE_AUTH_MODE_ALLOW: {
log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(r));
"TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
return 1;
}
break;
Expand All @@ -111,12 +112,12 @@ int ssl_verify_certificate_validity(int s, X509_STORE_CTX *store) {
}}
break;
default:
log_error("TLS: Failed to validate remote certificate server=%s: %s. Aborting connection ...", pretty, X509_verify_cert_error_string(r));
log_error("TLS: Failed to validate remote certificate server=%s: %s. Aborting connection ...", pretty, X509_verify_cert_error_string(rc));
return 0;
}
}

log_debug("TLS: SSL ceritificates verified server=%s: %s", pretty, X509_verify_cert_error_string(r));
log_debug("TLS: SSL ceritificates verified server=%s: %s", pretty, X509_verify_cert_error_string(rc));

return 1;
}
Expand Down