diff options
| author | Andrei Belov <defan@nginx.com> | 2021-11-18 17:04:04 +0300 |
|---|---|---|
| committer | Andrei Belov <defan@nginx.com> | 2021-11-18 17:04:04 +0300 |
| commit | b400ccd1aa8eeb6a5de1707e0bb8c3d417fe69b7 (patch) | |
| tree | 60ff49ffc16ef7cb3aad1beb2d78f051a8794cdf /src/nxt_cert.c | |
| parent | fafd44166d9e835e91a4c5668048308ce99a62bd (diff) | |
| parent | b77895d1c7d6cd4826ac7427c91baa95b998a912 (diff) | |
| download | unit-b400ccd1aa8eeb6a5de1707e0bb8c3d417fe69b7.tar.gz unit-b400ccd1aa8eeb6a5de1707e0bb8c3d417fe69b7.tar.bz2 | |
Merged with the default branch.1.26.0-1
Diffstat (limited to 'src/nxt_cert.c')
| -rw-r--r-- | src/nxt_cert.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/nxt_cert.c b/src/nxt_cert.c index 1806bc19..01d413e0 100644 --- a/src/nxt_cert.c +++ b/src/nxt_cert.c @@ -1135,7 +1135,17 @@ nxt_cert_store_get_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) port = nxt_runtime_port_find(task->thread->runtime, msg->port_msg.pid, msg->port_msg.reply_port); - if (port == NULL) { + if (nxt_slow_path(port == NULL)) { + nxt_alert(task, "process port not found (pid %PI, reply_port %d)", + msg->port_msg.pid, msg->port_msg.reply_port); + return; + } + + if (nxt_slow_path(port->type != NXT_PROCESS_CONTROLLER + && port->type != NXT_PROCESS_ROUTER)) + { + nxt_alert(task, "process %PI cannot store certificates", + msg->port_msg.pid); return; } @@ -1206,10 +1216,23 @@ nxt_cert_store_delete_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) { u_char *p; nxt_str_t name; + nxt_port_t *ctl_port; nxt_runtime_t *rt; nxt_file_name_t *path; rt = task->thread->runtime; + ctl_port = rt->port_by_type[NXT_PROCESS_CONTROLLER]; + + if (nxt_slow_path(ctl_port == NULL)) { + nxt_alert(task, "controller port not found"); + return; + } + + if (nxt_slow_path(nxt_recv_msg_cmsg_pid(msg) != ctl_port->pid)) { + nxt_alert(task, "process %PI cannot delete certificates", + nxt_recv_msg_cmsg_pid(msg)); + return; + } if (nxt_slow_path(rt->certs.start == NULL)) { nxt_alert(task, "no certificates storage directory"); |