před 5 roky · 05bc297ea7
--- a/src/plugins/SSLPlugin/my_ssl.c
+++ b/src/plugins/SSLPlugin/my_ssl.c
@@ -52,14 +52,14 @@ static size_t bin2hex (const unsigned char* bin, size_t bin_length, char* str, s
 
				 	char *p;
			
 
				 	size_t i;
			
 
				 	
			
 
				-	if ( str_length < ( bin_length+1) ) 
			
 
				+	if ( str_length < ( (bin_length*2)+1) ) 
			
 
				 		return 0; 
			
 
				 
			
 
				 	p = str; 
			
 
				 	for ( i=0; i < bin_length; ++i )  
			
 
				 	{ 
			
 
				-		*p++ = hexMap[*bin >> 4];  
			
 
				-		*p++ = hexMap[*bin & 0xf]; 
			
 
				+		*p++ = hexMap[(*(unsigned char *)bin) >> 4];  
			
 
				+		*p++ = hexMap[(*(unsigned char *)bin) & 0xf]; 
			
 
				 		++bin;
			
 
				 	} 
			
 
				 	
			
@@ -115,10 +115,18 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 
				 	unsigned char p2[] = "3proxy";
			
 
				 	unsigned char p3[] = "3proxy CA";
			
 
				 
			
 
				-	char hash_name_sha1[sizeof(src_cert->sha1_hash)*2 + 1];
			
 
				-	char cache_name[200];
			
 
				+	int hash_size = 20;
			
 
				+	char hash_sha1[20];
			
 
				+	char hash_name_sha1[(20*2) + 1];
			
 
				+	char cache_name[256];
			
 
				 
			
 
				-	bin2hex(src_cert->sha1_hash, sizeof(src_cert->sha1_hash), hash_name_sha1, sizeof(hash_name_sha1));
			
 
				+	err = X509_digest(src_cert, EVP_sha1(), hash_sha1, NULL);
			
 
				+	if(!err){
			
 
				+		X509_free(dst_cert);
			
 
				+		return NULL;
			
 
				+	}
			
 
				+
			
 
				+	bin2hex(hash_sha1, 20, hash_name_sha1, sizeof(hash_name_sha1));
			
 
				 	sprintf(cache_name, "%s%s.pem", cert_path, hash_name_sha1);
			
 
				 	/* check if certificate is already cached */
			
 
				 	fcache = fopen(cache_name, "rb");
			
@@ -153,19 +161,11 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 
				 	}
			
 
				 
			
 
				 
			
 
				-	/* Its self signed so set the issuer name to be the same as the
			
 
				- 	 * subject.
			
 
				-	 */
			
 
				 	err = X509_set_issuer_name(dst_cert, name);
			
 
				 	if(!err){
			
 
				 		X509_free(dst_cert);
			
 
				 		return NULL;
			
 
				 	}
			
 
				-	err = X509_digest(dst_cert, EVP_sha1(), dst_cert->sha1_hash, NULL);
			
 
				-	if(!err){
			
 
				-		X509_free(dst_cert);
			
 
				-		return NULL;
			
 
				-	}
			
 
				 	err = X509_sign(dst_cert, CA_key, EVP_sha256());
			
 
				 	if(!err){
			
 
				 		X509_free(dst_cert);
			
--- a/src/plugins/SSLPlugin/ssl_plugin.c
+++ b/src/plugins/SSLPlugin/ssl_plugin.c
@@ -56,6 +56,7 @@ struct SSLqueue {
 
				 */
			
 
				 static struct SSLqueue *searchSSL(SOCKET s){
			
 
				 	struct SSLqueue *sslq = NULL;
			
 
				+
			
 
				 	pthread_mutex_lock(&ssl_mutex);
			
 
				 	for(sslq = SSLq; sslq; sslq = sslq->next)
			
 
				 		if(sslq->s == s) break;
			
@@ -65,19 +66,21 @@ static struct SSLqueue *searchSSL(SOCKET s){
 
				 
			
 
				 static void addSSL(SOCKET s, SSL_CERT cert, SSL_CONN conn, struct clientparam* param){
			
 
				 	struct SSLqueue *sslq;
			
 
				+
			
 
				 	sslq = (struct SSLqueue *) malloc(sizeof(struct SSLqueue));
			
 
				 	sslq->s = s;
			
 
				 	sslq->cert = cert;
			
 
				 	sslq->conn = conn;
			
 
				+	sslq->param = param;
			
 
				 	pthread_mutex_lock(&ssl_mutex);
			
 
				 	sslq->next = SSLq;
			
 
				-	sslq->param = param;
			
 
				 	SSLq = sslq;
			
 
				 	pthread_mutex_unlock(&ssl_mutex);
			
 
				 }
			
 
				 
			
 
				 int delSSL(SOCKET s){
			
 
				 	struct SSLqueue *sqi, *sqt = NULL;
			
 
				+
			
 
				 	if(!SSLq) return 0;
			
 
				 	pthread_mutex_lock(&ssl_mutex);
			
 
				 	if(SSLq){
			
@@ -113,13 +116,15 @@ static int ssl_send(SOCKET s, const void *msg, size_t len, int flags){
 
				 	struct SSLqueue *sslq;
			
 
				 
			
 
				 	if ((sslq = searchSSL(s))){
			
 
				-		int i=0, res, err;
			
 
				-		do {
			
 
				-			if((res = ssl_write(sslq->conn, (void *)msg, len)) < 0) {
			
 
				-					err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				-					usleep(10*SLEEPTIME);
			
 
				+		int res, err;
			
 
				+		if((res = ssl_write(sslq->conn, (void *)msg, len)) <= 0){
			
 
				+			err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				+			if (err == SSL_ERROR_WANT_WRITE){
			
 
				+				_set_errno(EAGAIN);
			
 
				+				return -1;
			
 
				 			}
			
 
				-		} while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); 
			
 
				+			else _set_errno(err);
			
 
				+		}
			
 
				 		return res;
			
 
				 	}
			
 
				 
			
@@ -135,13 +140,15 @@ static int ssl_sendto(SOCKET s, const void *msg, size_t len, int flags, const st
 
				 	struct SSLqueue *sslq;
			
 
				 
			
 
				 	if ((sslq = searchSSL(s))){
			
 
				-		int i=0, res, err;
			
 
				-		do {
			
 
				-			if((res = ssl_write(sslq->conn, (void *)msg, len)) < 0) {
			
 
				-					err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				-					usleep(10*SLEEPTIME);
			
 
				+		int res, err;
			
 
				+		if((res = ssl_write(sslq->conn, (void *)msg, len)) <= 0) {
			
 
				+			err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				+			if (err == SSL_ERROR_WANT_WRITE){
			
 
				+				_set_errno(EAGAIN);
			
 
				+				return -1;
			
 
				 			}
			
 
				-		} while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); 
			
 
				+			else _set_errno(err);
			
 
				+		}
			
 
				 		return res;
			
 
				 	}
			
 
				 
			
@@ -156,16 +163,17 @@ static int ssl_recvfrom(SOCKET s, void *msg, size_t len, int flags, struct socka
 
				 	struct SSLqueue *sslq;
			
 
				 
			
 
				 	if ((sslq = searchSSL(s))){
			
 
				-		int i=0, res, err;
			
 
				-		do {
			
 
				-			if((res = ssl_read(sslq->conn, (void *)msg, len)) < 0) {
			
 
				-					err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				-					usleep(10*SLEEPTIME);
			
 
				+		int res, err;
			
 
				+		if((res = ssl_read(sslq->conn, (void *)msg, len)) <= 0) {
			
 
				+			err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				+			if (err == SSL_ERROR_WANT_READ) {
			
 
				+				_set_errno(EAGAIN);
			
 
				+				return -1;
			
 
				 			}
			
 
				-		} while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); 
			
 
				+			else _set_errno(err);
			
 
				+		}
			
 
				 		return res;
			
 
				 	}
			
 
				-
			
 
				 	return sso._recvfrom(s, msg, len, flags, from, fromlen);
			
 
				 }
			
 
				 
			
@@ -177,13 +185,15 @@ static int WINAPI ssl_recv(SOCKET s, void *msg, size_t len, int flags){
 
				 	struct SSLqueue *sslq;
			
 
				 
			
 
				 	if ((sslq = searchSSL(s))){
			
 
				-		int i=0, res, err;
			
 
				-		do {
			
 
				-			if((res = ssl_read(sslq->conn, (void *)msg, len)) < 0) {
			
 
				-					err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				-					usleep(10*SLEEPTIME);
			
 
				+		int res, err;
			
 
				+		if((res = ssl_read(sslq->conn, (void *)msg, len)) <= 0) {
			
 
				+			err = SSL_get_error((SSL *)((ssl_conn*)sslq->conn)->ssl, res);
			
 
				+			if (err == SSL_ERROR_WANT_READ) {
			
 
				+				_set_errno(EAGAIN);
			
 
				+				return -1;
			
 
				 			}
			
 
				-		} while (res < 0 && (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) && ++i < 100); 
			
 
				+			else _set_errno(err);
			
 
				+		}
			
 
				 		return res;
			
 
				 	}
			
 
				 
			
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -816,12 +816,16 @@ for(;;){
 
				  if(isconnect && param->redirtype != R_HTTP) {
			
 
				 	socksend(param->clisock, (unsigned char *)proxy_stringtable[8], (int)strlen(proxy_stringtable[8]), conf.timeouts[STRING_S]);
			
 
				 	if(param->redirectfunc) {
			
 
				-		 if(req)myfree(req);
			
 
				-		 if(buf)myfree(buf);
			
 
				-
			
 
				+		if(req)myfree(req);
			
 
				+		if(buf)myfree(buf);
			
 
				 		return (*param->redirectfunc)(param);
			
 
				 	}
			
 
				 	param->res =  mapsocket(param, conf.timeouts[CONNECTION_L]);
			
 
				+	if(param->redirectfunc) {
			
 
				+		if(req)myfree(req);
			
 
				+		if(buf)myfree(buf);
			
 
				+		return (*param->redirectfunc)(param);
			
 
				+	}
			
 
				 	RETURN(param->res);
			
 
				  }