Commit 8874f3de authored by Dmitry Frank's avatar Dmitry Frank Committed by Cesanta Bot

Fix simplelink SSL context

It wasn't checked for `NULL`, and on CC3200 NULL dereferencing addresses
doesn't cause a crash, so it worked by pure luck: ctx->ssl_key was 0.
After `mg_` to `miot_` refactoring it's not the case anymore (presumably
because linker arranged objects in a different order), so this bug shown
up.

PUBLISHED_FROM=0f1cc73a078c18432c68ae0f9b14dd06b3bb4279
parent 3c5d48ea
...@@ -12894,19 +12894,22 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) { ...@@ -12894,19 +12894,22 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) {
int sl_set_ssl_opts(struct mg_connection *nc) { int sl_set_ssl_opts(struct mg_connection *nc) {
int err; int err;
struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data; struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
DBG(("%p ssl ctx: %p", nc, ctx));
if (ctx) {
DBG(("%p %s,%s,%s,%s", nc, (ctx->ssl_cert ? ctx->ssl_cert : "-"), DBG(("%p %s,%s,%s,%s", nc, (ctx->ssl_cert ? ctx->ssl_cert : "-"),
(ctx->ssl_key ? ctx->ssl_cert : "-"), (ctx->ssl_key ? ctx->ssl_cert : "-"),
(ctx->ssl_ca_cert ? ctx->ssl_ca_cert : "-"), (ctx->ssl_ca_cert ? ctx->ssl_ca_cert : "-"),
(ctx->ssl_server_name ? ctx->ssl_server_name : "-"))); (ctx->ssl_server_name ? ctx->ssl_server_name : "-")));
if (ctx->ssl_cert != NULL && ctx->ssl_key != NULL) { if (ctx->ssl_cert != NULL && ctx->ssl_key != NULL) {
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET, err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME, ctx->ssl_cert, SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME,
strlen(ctx->ssl_cert)); ctx->ssl_cert, strlen(ctx->ssl_cert));
DBG(("CERTIFICATE_FILE_NAME %s -> %d", ctx->ssl_cert, err)); DBG(("CERTIFICATE_FILE_NAME %s -> %d", ctx->ssl_cert, err));
if (err != 0) return err; if (err != 0) return err;
err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET, err = sl_SetSockOpt(nc->sock, SL_SOL_SOCKET,
SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME, ctx->ssl_key, SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME,
strlen(ctx->ssl_key)); ctx->ssl_key, strlen(ctx->ssl_key));
DBG(("PRIVATE_KEY_FILE_NAME %s -> %d", ctx->ssl_key, nc->err)); DBG(("PRIVATE_KEY_FILE_NAME %s -> %d", ctx->ssl_key, nc->err));
if (err != 0) return err; if (err != 0) return err;
} }
...@@ -12924,11 +12927,14 @@ int sl_set_ssl_opts(struct mg_connection *nc) { ...@@ -12924,11 +12927,14 @@ int sl_set_ssl_opts(struct mg_connection *nc) {
SO_SECURE_DOMAIN_NAME_VERIFICATION, SO_SECURE_DOMAIN_NAME_VERIFICATION,
ctx->ssl_server_name, strlen(ctx->ssl_server_name)); ctx->ssl_server_name, strlen(ctx->ssl_server_name));
DBG(("DOMAIN_NAME_VERIFICATION %s -> %d", ctx->ssl_server_name, err)); DBG(("DOMAIN_NAME_VERIFICATION %s -> %d", ctx->ssl_server_name, err));
/* Domain name verificationw as added in a NWP service pack, older versions /* Domain name verificationw as added in a NWP service pack, older
* return SL_ENOPROTOOPT. There isn't much we can do about it, so we ignore * versions
* return SL_ENOPROTOOPT. There isn't much we can do about it, so we
* ignore
* the error. */ * the error. */
if (err != 0 && err != SL_ENOPROTOOPT) return err; if (err != 0 && err != SL_ENOPROTOOPT) return err;
} }
}
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment