Главная Обзор Помощь
Вход
cturan
/
3proxy
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

SSLPlugin race condition fix

+ minor corrections to PCREPlugin
z3APA3A 11 лет назад
Родитель
7951de875a
Сommit
522e6732fe
5 измененных файлов с 42 добавлено и 21 удалено
Разделённый вид Показать статистику Diff
  1. 2 2
      Makefile.msvc
  2. 6 5
      src/plugins/PCREPlugin/pcre_plugin.c
  3. 27 9
      src/plugins/SSLPlugin/my_ssl.c
  4. 6 4
      src/plugins/SSLPlugin/ssl_plugin.c
  5. 1 1
      src/version.h

+ 2 - 2
Makefile.msvc
Просмотреть файл 

@@ -14,7 +14,7 @@ LN = link
 
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
 
 DLFLAGS = /DLL
 
 DLSUFFICS = .dll
 
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib 
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
 
 LIBSOLD = libeay32MT.lib ssleay32MT.lib
 
 LIBEXT = .lib                                                                                               
 LNOUT = /out:
 
@@ -26,7 +26,7 @@ REMOVECOMMAND = del 2>NUL >NUL
 
 TYPECOMMAND = type
 
 COMPATLIBS =
 
 MAKEFILE = Makefile.msvc
 
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin
 
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin SSLPlugin
 
 VERFILE = $(VERFILE)
 
 
 include Makefile.inc

+ 6 - 5
src/plugins/PCREPlugin/pcre_plugin.c
Просмотреть файл 

@@ -229,12 +229,12 @@ static int h_pcre(int argc, unsigned char **argv){
 
 	struct filter *newf;
 
 	char *replace = NULL;
 
 	
-	if(!strcmp(argv[2], "allow")) action = PASS;
 
-	else if(!strcmp(argv[2], "deny")) action = REJECT;
 
-	else if(!strcmp(argv[2], "remove")) action = REMOVE;
 
-	else if(!strcmp(argv[2], "dunno")) action = CONTINUE;
 
+	if(!strncmp(argv[2], "allow",5)) action = PASS;
 
+	else if(!strncmp(argv[2], "deny",4)) action = REJECT;
 
+	else if(!strncmp(argv[2], "remove",6)) action = REMOVE;
 
+	else if(!strncmp(argv[2], "dunno",5)) action = CONTINUE;
 
 	else return 1;
 
-	if(!strcmp(argv[0], "pcre_rewrite")) {
 
+	if(!strncmp(argv[0], "pcre_rewrite", 12)) {
 
 		int i,j;
 
 		offset = 5;
 
 		replace = pl->mystrdup(argv[4]);
 
@@ -266,6 +266,7 @@ static int h_pcre(int argc, unsigned char **argv){
 
 		replace[j] = 0;
 
 	}
 
 	if(!(acl = pl->make_ace(argc - offset, argv + offset))) return 2;
 
+	acl->nolog = (strstr(argv[2],"log") == 0);
 
 	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
 
 		re = pcre_compile((char *)argv[3], pcre_options, &errptr, &offset, NULL);
 
 		if(!re) {

+ 27 - 9
src/plugins/SSLPlugin/my_ssl.c
Просмотреть файл 

@@ -8,6 +8,9 @@
 
 #include <memory.h>
 
 #include <errno.h>
 
 #include <fcntl.h>
 
+#ifndef _WIN32
 
+#include <sys/file.h>
 
+#endif
 
 
 #include <openssl/crypto.h>
 
 #include <openssl/x509.h>
 
@@ -110,20 +113,23 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 
 	static char hash_name[sizeof(src_cert->sha1_hash)*2 + 1];
 
 	static char cache_name[200];
 
 
-	pthread_mutex_lock(&ssl_file_mutex);
 
 	bin2hex(src_cert->sha1_hash, sizeof(src_cert->sha1_hash), hash_name, sizeof(hash_name));
 
 	sprintf(cache_name, "%s%s.pem", cert_path, hash_name);
 
 	/* check if certificate is already cached */
 
 	fcache = fopen(cache_name, "rb");
 
 	if ( fcache != NULL ) {
 
+#ifndef _WIN32
 
+		flock(fileno(fcache), LOCK_SH);
 
+#endif
 
 		dst_cert = PEM_read_X509(fcache, &dst_cert, NULL, NULL);
 
+#ifndef _WIN32
 
+		flock(fileno(fcache), LOCK_UN);
 
+#endif
 
 		fclose(fcache);
 
 		if ( dst_cert != NULL ){
 
-			pthread_mutex_unlock(&ssl_file_mutex);
 
 			return dst_cert;
 
 		}
 
 	}
 
-	pthread_mutex_unlock(&ssl_file_mutex);
 
 
 	/* proceed if certificate is not cached */
 
 	dst_cert = X509_dup(src_cert);
 
@@ -163,13 +169,17 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 
 
 	/* write to cache */
 
 
-	pthread_mutex_lock(&ssl_file_mutex);
 
 	fcache = fopen(cache_name, "wb");
 
 	if ( fcache != NULL ) {
 
+#ifndef _WIN32
 
+		flock(fileno(fcache), LOCK_EX);
 
+#endif
 
 		PEM_write_X509(fcache, dst_cert);
 
+#ifndef _WIN32
 
+		flock(fileno(fcache), LOCK_UN);
 
+#endif
 
 		fclose(fcache);
 
 	}
 
-	pthread_mutex_unlock(&ssl_file_mutex);
 
 	return dst_cert;
 
 }
 
 
@@ -212,6 +222,10 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, SSL_CERT *server_cert, char **errSSL)
 
 	}
 
 
 	cert = SSL_get_peer_certificate(conn->ssl);     
+	if(!cert) {
 
+		ssl_conn_free(conn);
 
+		return NULL;
 
+	}
 
 
 	/* TODO: Verify certificate */
 
 
@@ -312,10 +326,14 @@ void ssl_conn_free(SSL_CONN connection)
 
 {
 
 	ssl_conn *conn = (ssl_conn *) connection;
 
 
-	SSL_shutdown(conn->ssl);
 
-	SSL_free(conn->ssl);
 
-	SSL_CTX_free(conn->ctx);
 
-	free(conn);
 
+	if(conn){
 
+		if(conn->ssl){
 
+			SSL_shutdown(conn->ssl);
 
+			SSL_free(conn->ssl);
 
+		}
 
+		if(conn->ctx) SSL_CTX_free(conn->ctx);
 
+		free(conn);
 
+	}
 
 }
 
 
 void _ssl_cert_free(SSL_CERT cert)

+ 6 - 4
src/plugins/SSLPlugin/ssl_plugin.c
Просмотреть файл 

@@ -53,13 +53,15 @@ struct SSLqueue {
 
 
 
 /*
 
- Todo: use hashtable
 
+ TO DO: use hashtable
 
 */
 
 static struct SSLqueue *searchSSL(SOCKET s){
 
-	struct SSLqueue *sslq;
 
+	struct SSLqueue *sslq = NULL;
 
+	pthread_mutex_lock(&ssl_mutex);
 
 	for(sslq = SSLq; sslq; sslq = sslq->next)
 
-		if(sslq->s == s) return sslq;
 
-	return NULL;
 
+		if(sslq->s == s) break;
 
+	pthread_mutex_lock(&ssl_mutex);
 
+	return sslq;
 
 }
 
 
 static void addSSL(SOCKET s, SSL_CERT cert, SSL_CONN conn, struct clientparam* param){

+ 1 - 1
src/version.h
Просмотреть файл 

@@ -1,2 +1,2 @@
 
 #define VERSION "3proxy-0.8b-devel"
 
-#define BUILDDATE "150216013249"
 
+#define BUILDDATE "150302205552"