SSLPlugin race condition fix

+ minor corrections to PCREPlugin

Makefile.msvc

@@ -14,7 +14,7 @@ LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib 
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
 LIBSOLD = libeay32MT.lib ssleay32MT.lib
 LIBEXT = .lib                                                                                               
 LNOUT = /out:
@@ -26,7 +26,7 @@ REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin SSLPlugin
 VERFILE = $(VERFILE)
 
 include Makefile.inc

src/plugins/PCREPlugin/pcre_plugin.c

@@ -229,12 +229,12 @@ static int h_pcre(int argc, unsigned char **argv){
 	struct filter *newf;
 	char *replace = NULL;
 	
-	if(!strcmp(argv[2], "allow")) action = PASS;
-	else if(!strcmp(argv[2], "deny")) action = REJECT;
-	else if(!strcmp(argv[2], "remove")) action = REMOVE;
-	else if(!strcmp(argv[2], "dunno")) action = CONTINUE;
+	if(!strncmp(argv[2], "allow",5)) action = PASS;
+	else if(!strncmp(argv[2], "deny",4)) action = REJECT;
+	else if(!strncmp(argv[2], "remove",6)) action = REMOVE;
+	else if(!strncmp(argv[2], "dunno",5)) action = CONTINUE;
 	else return 1;
-	if(!strcmp(argv[0], "pcre_rewrite")) {
+	if(!strncmp(argv[0], "pcre_rewrite", 12)) {
 		int i,j;
 		offset = 5;
 		replace = pl->mystrdup(argv[4]);
@@ -266,6 +266,7 @@ static int h_pcre(int argc, unsigned char **argv){
 		replace[j] = 0;
 	}
 	if(!(acl = pl->make_ace(argc - offset, argv + offset))) return 2;
+	acl->nolog = (strstr(argv[2],"log") == 0);
 	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
 		re = pcre_compile((char *)argv[3], pcre_options, &errptr, &offset, NULL);
 		if(!re) {

src/plugins/SSLPlugin/my_ssl.c

@@ -8,6 +8,9 @@
 #include <memory.h>
 #include <errno.h>
 #include <fcntl.h>
+#ifndef _WIN32
+#include <sys/file.h>
+#endif
 
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
@@ -110,20 +113,23 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 	static char hash_name[sizeof(src_cert->sha1_hash)*2 + 1];
 	static char cache_name[200];
 
-	pthread_mutex_lock(&ssl_file_mutex);
 	bin2hex(src_cert->sha1_hash, sizeof(src_cert->sha1_hash), hash_name, sizeof(hash_name));
 	sprintf(cache_name, "%s%s.pem", cert_path, hash_name);
 	/* check if certificate is already cached */
 	fcache = fopen(cache_name, "rb");
 	if ( fcache != NULL ) {
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_SH);
+#endif
 		dst_cert = PEM_read_X509(fcache, &dst_cert, NULL, NULL);
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_UN);
+#endif
 		fclose(fcache);
 		if ( dst_cert != NULL ){
-			pthread_mutex_unlock(&ssl_file_mutex);
 			return dst_cert;
 		}
 	}
-	pthread_mutex_unlock(&ssl_file_mutex);
 
 	/* proceed if certificate is not cached */
 	dst_cert = X509_dup(src_cert);
@@ -163,13 +169,17 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 
 	/* write to cache */
 
-	pthread_mutex_lock(&ssl_file_mutex);
 	fcache = fopen(cache_name, "wb");
 	if ( fcache != NULL ) {
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_EX);
+#endif
 		PEM_write_X509(fcache, dst_cert);
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_UN);
+#endif
 		fclose(fcache);
 	}
-	pthread_mutex_unlock(&ssl_file_mutex);
 	return dst_cert;
 }
 
@@ -212,6 +222,10 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, SSL_CERT *server_cert, char **errSSL)
 	}
 
 	cert = SSL_get_peer_certificate(conn->ssl);     
+	if(!cert) {
+		ssl_conn_free(conn);
+		return NULL;
+	}
 
 	/* TODO: Verify certificate */
 
@@ -312,10 +326,14 @@ void ssl_conn_free(SSL_CONN connection)
 {
 	ssl_conn *conn = (ssl_conn *) connection;
 
-	SSL_shutdown(conn->ssl);
-	SSL_free(conn->ssl);
-	SSL_CTX_free(conn->ctx);
-	free(conn);
+	if(conn){
+		if(conn->ssl){
+			SSL_shutdown(conn->ssl);
+			SSL_free(conn->ssl);
+		}
+		if(conn->ctx) SSL_CTX_free(conn->ctx);
+		free(conn);
+	}
 }
 
 void _ssl_cert_free(SSL_CERT cert)

src/plugins/SSLPlugin/ssl_plugin.c

@@ -53,13 +53,15 @@ struct SSLqueue {
 
 
 /*
- Todo: use hashtable
+ TO DO: use hashtable
 */
 static struct SSLqueue *searchSSL(SOCKET s){
-	struct SSLqueue *sslq;
+	struct SSLqueue *sslq = NULL;
+	pthread_mutex_lock(&ssl_mutex);
 	for(sslq = SSLq; sslq; sslq = sslq->next)
-		if(sslq->s == s) return sslq;
-	return NULL;
+		if(sslq->s == s) break;
+	pthread_mutex_lock(&ssl_mutex);
+	return sslq;
 }
 
 static void addSSL(SOCKET s, SSL_CERT cert, SSL_CONN conn, struct clientparam* param){

src/version.h

@@ -1,2 +1,2 @@
 #define VERSION "3proxy-0.8b-devel"
-#define BUILDDATE "150216013249"
+#define BUILDDATE "150302205552"