SSL (patch 5 code)

[Bear Giles]

Oops.  Forgot the patch!



-- Attached file included as plaintext by Ecartis --
-- Desc: /tmp/inn5

Index: inn/nnrpd/tls.c
diff -c inn/nnrpd/tls.c:1.3 inn/nnrpd/tls.c:1.4
*** inn/nnrpd/tls.c:1.3	Sun May 26 11:50:13 2002
--- inn/nnrpd/tls.c	Sun May 26 12:03:18 2002
***************
*** 30,35 ****
--- 30,36 ----
  #include <string.h>
  #include <syslog.h>
  #include <sys/uio.h>
+ #include <sys/stat.h>
  
  /* taken from lib/parsedate.c */
  #ifndef WRITEV_USE_ALLOCA
***************
*** 417,422 ****
--- 418,425 ----
  
  static int set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file)
  {
+ 	struct stat buf;
+ 
      if (cert_file != NULL) {
  	if (SSL_CTX_use_certificate_file(ctx, cert_file,
  					 SSL_FILETYPE_PEM) <= 0) {
***************
*** 425,430 ****
--- 428,446 ----
  	}
  	if (key_file == NULL)
  	    key_file = cert_file;
+ 
+ 	/* check ownership and permissions of key file */
+ 	if (lstat(key_file, &buf) == -1) {
+ 	    syslog(L_ERROR, "unable to stat private key '%s'", cert_file);
+ 	    return (0);
+ 	}
+ 	if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) != 0 ||
+ 	    buf.st_uid != getuid()) {
+ 	    syslog(L_ERROR, "bad ownership or permissions on private key '%s'", 
+ 		  cert_file);
+ 	    return (0);
+ 	}
+ 
  	if (SSL_CTX_use_PrivateKey_file(ctx, key_file,
  					SSL_FILETYPE_PEM) <= 0) {
  	    syslog(L_ERROR, "unable to get private key from '%s'", key_file);