diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | runtime/nsd_gtls.c | 7 | ||||
| -rw-r--r-- | runtime/rsyslog.h | 3 | ||||
| -rw-r--r-- | tcpsrv.c | 2 |
4 files changed, 11 insertions, 2 deletions
@@ -1,3 +1,4 @@ +- bugfix: segfault on startup if TLS was used but no CA cert set ---------------------------------------------------------------------------- Version 7.2.8 [v7-stable] 2013-0?-?? - bugfix: potential segfault on startup when builtin module was specified diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 71eafbd2..805b4404 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -2,7 +2,7 @@ * * An implementation of the nsd interface for GnuTLS. * - * Copyright (C) 2007, 2008 Rainer Gerhards and Adiscon GmbH. + * Copyright (C) 2007-2013 Rainer Gerhards and Adiscon GmbH. * * This file is part of the rsyslog runtime library. * @@ -579,6 +579,11 @@ gtlsGlblInit(void) /* sets the trusted cas file */ cafile = glbl.GetDfltNetstrmDrvrCAF(); + if(cafile == NULL) { + errmsg.LogError(0, RS_RET_CA_CERT_MISSING, "error: ca certificate is not set, cannot " + "continue"); + ABORT_FINALIZE(RS_RET_CA_CERT_MISSING); + } dbgprintf("GTLS CA file: '%s'\n", cafile); gnuRet = gnutls_certificate_set_x509_trust_file(xcred, (char*)cafile, GNUTLS_X509_FMT_PEM); if(gnuRet < 0) { diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h index 07d58d68..067164d0 100644 --- a/runtime/rsyslog.h +++ b/runtime/rsyslog.h @@ -3,7 +3,7 @@ * * Begun 2005-09-15 RGerhards * - * Copyright (C) 2005-2008 by Rainer Gerhards and Adiscon GmbH + * Copyright (C) 2005-2013 by Rainer Gerhards and Adiscon GmbH * * This file is part of the rsyslog runtime library. * @@ -393,6 +393,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_INVLD_SETOP = -2305, /**< invalid variable set operation, incompatible type */ RS_RET_RULESET_EXISTS = -2306,/**< ruleset already exists */ RS_RET_DEPRECATED = -2307,/**< deprecated functionality is used */ + RS_RET_CA_CERT_MISSING = -2308,/**< a CA cert is missing where one is required (e.g. TLS) */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ @@ -943,6 +943,8 @@ finalize_it: if(iRet != RS_RET_OK) { if(pThis->pNS != NULL) netstrms.Destruct(&pThis->pNS); + errmsg.LogError(0, iRet, "tcpsrv could not create listener (inputname: '%s')", + (pThis->pszInputName == NULL) ? (uchar*)"*UNSET*" : pThis->pszInputName); } RETiRet; } |