diff options
| author | amesgen <amesgen@amesgen.de> | 2022-06-10 02:29:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-09 17:29:58 -0700 |
| commit | 81cd50405f9fa682dc3907f9b19b4e264c5760a9 (patch) | |
| tree | 504b80d6ca4ce59cc8e7a425bb6b88a93ea90103 | |
| parent | 56dc51a8227f31b19cec1616cbdaaf19e08fda76 (diff) | |
Don't drop the config builder when setting a client verifier (#263)
Otherwise, we get a double free when building a config from a config
builder.
| -rw-r--r-- | src/rustls.h | 6 | ||||
| -rw-r--r-- | src/server.rs | 14 |
2 files changed, 8 insertions, 12 deletions
diff --git a/src/rustls.h b/src/rustls.h index 0709ed6..ba0a828 100644 --- a/src/rustls.h +++ b/src/rustls.h @@ -1122,20 +1122,18 @@ rustls_result rustls_server_config_builder_new_custom(const struct rustls_suppor * Create a rustls_server_config_builder for TLS sessions that require * valid client certificates. The passed rustls_client_cert_verifier may * be used in several builders. - * If input is NULL, this will return NULL. * For memory lifetime, see rustls_server_config_builder_new. */ -void rustls_server_config_builder_set_client_verifier(struct rustls_server_config_builder *config_builder, +void rustls_server_config_builder_set_client_verifier(struct rustls_server_config_builder *builder, const struct rustls_client_cert_verifier *verifier); /** * Create a rustls_server_config_builder for TLS sessions that accept * valid client certificates, but do not require them. The passed * rustls_client_cert_verifier_optional may be used in several builders. - * If input is NULL, this will return NULL. * For memory lifetime, see rustls_server_config_builder_new. */ -void rustls_server_config_builder_set_client_verifier_optional(struct rustls_server_config_builder *config_builder, +void rustls_server_config_builder_set_client_verifier_optional(struct rustls_server_config_builder *builder, const struct rustls_client_cert_verifier_optional *verifier); /** diff --git a/src/server.rs b/src/server.rs index fb4bad4..b10261e 100644 --- a/src/server.rs +++ b/src/server.rs @@ -162,35 +162,33 @@ impl rustls_server_config_builder { /// Create a rustls_server_config_builder for TLS sessions that require /// valid client certificates. The passed rustls_client_cert_verifier may /// be used in several builders. - /// If input is NULL, this will return NULL. /// For memory lifetime, see rustls_server_config_builder_new. #[no_mangle] pub extern "C" fn rustls_server_config_builder_set_client_verifier( - config_builder: *mut rustls_server_config_builder, + builder: *mut rustls_server_config_builder, verifier: *const rustls_client_cert_verifier, ) { ffi_panic_boundary! { - let mut config_builder = *try_box_from_ptr!(config_builder); + let builder: &mut ServerConfigBuilder = try_mut_from_ptr!(builder); let verifier: Arc<AllowAnyAuthenticatedClient> = try_arc_from_ptr!(verifier); - config_builder.verifier = verifier; + builder.verifier = verifier; } } /// Create a rustls_server_config_builder for TLS sessions that accept /// valid client certificates, but do not require them. The passed /// rustls_client_cert_verifier_optional may be used in several builders. - /// If input is NULL, this will return NULL. /// For memory lifetime, see rustls_server_config_builder_new. #[no_mangle] pub extern "C" fn rustls_server_config_builder_set_client_verifier_optional( - config_builder: *mut rustls_server_config_builder, + builder: *mut rustls_server_config_builder, verifier: *const rustls_client_cert_verifier_optional, ) { ffi_panic_boundary! { - let mut config_builder = *try_box_from_ptr!(config_builder); + let builder: &mut ServerConfigBuilder = try_mut_from_ptr!(builder); let verifier: Arc<AllowAnyAnonymousOrAuthenticatedClient> = try_arc_from_ptr!(verifier); - config_builder.verifier = verifier; + builder.verifier = verifier; } } |