BUG/MINOR: ssl: trailing slashes in directory names wrongly cached

The crtlist_load_cert_dir() caches the directory name without trailing
slashes when ssl_sock_load_cert_list_file() tries to lookup without
cleaning the trailing slashes.

This bug leads to creating the crtlist twice and prevents to remove
correctly a crtlist_entry since it exists in the serveral crtlists
created by accident.

Move the trailing slashes cleanup in ssl_sock_load_cert_list_file() to
fix the problem.

This bug was introduced by 6be66ec ("MINOR: ssl: directories are loaded
like crt-list")

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 14ee25199dc0d86cf913d3244fcf4d358086902d..f58a1c0d5b333c09323398dc8a4e67cf221a80b0 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4560,10 +4560,6 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
        int j;
 #endif
 
-       /* strip trailing slashes, including first one */
-       for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
-               *end = 0;
-
        dir = malloc(sizeof(*dir) + strlen(path) + 1);
        if (dir == NULL) {
                memprintf(err, "not enough memory");
@@ -4980,6 +4976,7 @@ int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_con
        struct crtlist_entry *entry = NULL;
        struct bind_conf_list *bind_conf_node = NULL;
        int cfgerr = 0;
+       char *end;
 
        bind_conf_node = malloc(sizeof(*bind_conf_node));
        if (!bind_conf_node) {
@@ -4990,6 +4987,10 @@ int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_con
        bind_conf_node->next = NULL;
        bind_conf_node->bind_conf = bind_conf;
 
+       /* strip trailing slashes, including first one */
+       for (end = file + strlen(file) - 1; end >= file && *end == '/'; end--)
+               *end = 0;
+
        /* look for an existing crtlist or create one */
        eb = ebst_lookup(&crtlists_tree, file);
        if (eb) {