upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-02 12:59:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1274: automatically trim chroot path from dnscrypt key/cert paths (from

Browse source 
Manu Bretelle).


git-svn-id: file:///svn/unbound/trunk@4204 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Ralph Dolmans 2017-06-01 09:51:05 +00:00
parent 401e456a17
commit b93fd4e0c9
2 changed files with 29 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
dnscrypt/dnscrypt.c
View file

@ -266,6 +266,25 @@ dnsc_read_from_file(char *fname, char *buf, size_t count)
return 0;
}
/**
* Given an absolute path on the original root, returns the absolute path
* within the chroot. If chroot is disabled, the path is not modified.
* No char * is malloced so there is no need to free this.
* \param[in] cfg the configuration.
* \param[in] path the path from the original root.
* \return the path from inside the chroot.
*/
static char *
dnsc_chroot_path(struct config_file *cfg, char *path)
{
char *nm;
nm = path;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
return nm;
}
/**
* Parse certificates files provided by the configuration and load them into
* dnsc_env.
@ -278,6 +297,7 @@ dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg)
{
struct config_strlist *head;
size_t signed_cert_id;
char *nm;
env->signed_certs_count = 0U;
for (head = cfg->dnscrypt_provider_cert; head; head = head->next) {
@ -288,8 +308,9 @@ dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg)
signed_cert_id = 0U;
for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) {
nm = dnsc_chroot_path(cfg, head->str);
if(dnsc_read_from_file(
head->str,
nm,
(char *)(env->signed_certs + signed_cert_id),
sizeof(struct SignedCert)) != 0) {
fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno));
@ -415,6 +436,7 @@ dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
{
struct config_strlist *head;
size_t keypair_id;
char *nm;
env->keypairs_count = 0U;
for (head = cfg->dnscrypt_secret_key; head; head = head->next) {
@ -426,8 +448,9 @@ dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
keypair_id = 0U;
for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) {
char fingerprint[80];
nm = dnsc_chroot_path(cfg, head->str);
if(dnsc_read_from_file(
head->str,
nm,
(char *)(env->keypairs[keypair_id].crypt_secretkey),
crypto_box_SECRETKEYBYTES) != 0) {
fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno));

4
doc/Changelog
View file

@ -1,3 +1,7 @@
1 June 2017: Ralph
- Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
(from Manu Bretelle).
1 June 2017: Wouter
- Fix fastopen EPIPE fallthrough to perform connect.