From a4107d73d597a6f8754f7cf5c8c53d2097bea652 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Wed, 18 Apr 2018 19:52:26 -0400 Subject: [PATCH] Add missing index_index() when reloading OCSP responder Also, future-proof index_index() return codes by requiring success to return a positive value. Reviewed-by: Rich Salz --- apps/apps.c | 3 +++ apps/ca.c | 4 ++-- apps/ocsp.c | 5 +++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 5a32dc0a02..6ae85233cc 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1597,6 +1597,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) return retdb; } +/* + * Returns > 0 on success, <= 0 on error + */ int index_index(CA_DB *db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, diff --git a/apps/ca.c b/apps/ca.c index d530cf5cd7..1c053b5702 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -498,7 +498,7 @@ end_of_options: if (db == NULL) goto end; - if (!index_index(db)) + if (index_index(db) <= 0) goto end; if (get_certificate_status(ser_status, db) != 1) @@ -672,7 +672,7 @@ end_of_options: BIO_printf(bio_err, "generating index\n"); } - if (!index_index(db)) + if (index_index(db) <= 0) goto end; /*****************************************************************/ diff --git a/apps/ocsp.c b/apps/ocsp.c index 3c5534af0e..83461c7cb5 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -559,7 +559,7 @@ int ocsp_main(int argc, char **argv) if (ridx_filename != NULL) { rdb = load_index(ridx_filename, NULL); - if (rdb == NULL || !index_index(rdb)) { + if (rdb == NULL || index_index(rdb) <= 0) { ret = 1; goto end; } @@ -582,10 +582,11 @@ redo_accept: if (index_changed(rdb)) { CA_DB *newrdb = load_index(ridx_filename, NULL); - if (newrdb != NULL) { + if (newrdb != NULL && index_index(newrdb) > 0) { free_index(rdb); rdb = newrdb; } else { + free_index(newrdb); log_message(LOG_ERR, "error reloading updated index: %s", ridx_filename); } -- 2.25.1