Home Verkennen Help
Inloggen
cturan
/
3proxy
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

Fix: '-' sign incorrectly parsed in hostname ACL, bandlim race condition on configuration reload

Vladimir Dubrovin 4 jaren geleden
bovenliggende
9fae0082a3
commit
681182b1e5
2 gewijzigde bestanden met toevoegingen van 29 en 2 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 10 0
      .gitignore
  2. 19 2
      src/conf.c

+ 10 - 0
.gitignore
Bestand weergeven 

@@ -11,6 +11,16 @@
 
 *.lib
 
 *.key
 
 *.pem
 
+*.so
 
+bin/3proxy
 
+bin/proxy
 
+bin/socks
 
+bin/tcppm
 
+bin/udppm
 
+bin/pop3p
 
+bin/smtpp
 
+bin/ftppr
 
+bin/mycrypt
 
 bin64/
 
 dll/
 
 tmp/

+ 19 - 2
src/conf.c
Bestand weergeven 

@@ -793,12 +793,19 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 
 #endif
 
         char * slash, *dash;
 
 	int masklen, addrlen;
 
+	int res;
 
 
 	if((slash = strchr((char *)arg, '/'))) *slash = 0;
 
 	if((dash = strchr((char *)arg,'-'))) *dash = 0;
 
 	
-	if(afdetect(arg) == -1) return 1;
 
-	if(!getip46(46, arg, (struct sockaddr *)&sa)) return 1;
 
+	if(afdetect(arg) == -1) {
 
+		if(slash)*slash = '/';
 
+		if(dash)*dash = '-';
 
+		return 1;
 
+	}
 
+	res = getip46(46, arg, (struct sockaddr *)&sa);
 
+	if(dash)*dash = '-';
 
+	if(!res) return 1;
 
 	memcpy(&dst->ip_from, SAADDR(&sa), SAADDRLEN(&sa));
 
 	dst->family = *SAFAMILY(&sa);
 
 	if(dash){
 
@@ -810,6 +817,7 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 
 	}
 
 	memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa));
 
 	if(slash){
 
+		*slash = '/';
 
 		addrlen = SAADDRLEN(&sa);
 
 		masklen = atoi(slash+1);
 
 		if(masklen < 0 || masklen > (addrlen*8)) return 4;
 
@@ -1154,6 +1162,7 @@ static int h_ace(int argc, unsigned char **argv){
 
 	case REDIRECT:
 
 		acl->chains = myalloc(sizeof(struct chain));
 
 		if(!acl->chains) {
 
+			freeacl(acl);
 
 			return(21);
 
 		}
 
 		memset(acl->chains, 0, sizeof(struct chain)); 
@@ -1177,6 +1186,7 @@ static int h_ace(int argc, unsigned char **argv){
 
 	case NOCONNLIM:
 
 		ncl = myalloc(sizeof(struct connlim));
 
 		if(!ncl) {
 
+			freeacl(acl);
 
 			return(21);
 
 		}
 
 		memset(ncl, 0, sizeof(struct connlim));
 
@@ -1203,6 +1213,7 @@ static int h_ace(int argc, unsigned char **argv){
 
 
 		nbl = myalloc(sizeof(struct bandlim));
 
 		if(!nbl) {
 
+			freeacl(acl);
 
 			return(21);
 
 		}
 
 		memset(nbl, 0, sizeof(struct bandlim));
 
@@ -1210,6 +1221,8 @@ static int h_ace(int argc, unsigned char **argv){
 
 		if(acl->action == BANDLIM) {
 
 			sscanf((char *)argv[1], "%u", &nbl->rate);
 
 			if(nbl->rate < 300) {
 
+				myfree(nbl);
 
+				freeacl(acl);
 
 				fprintf(stderr, "Wrong bandwidth specified, line %d\n", linenum);
 
 				return(4);
 
 			}
 
@@ -1250,6 +1263,7 @@ static int h_ace(int argc, unsigned char **argv){
 
 		if(!conf.trafcountfunc) conf.trafcountfunc = trafcountfunc;
 
 		tl = myalloc(sizeof(struct trafcount));
 
 		if(!tl) {
 
+			freeacl(acl);
 
 			return(21);
 
 		}
 
 		memset(tl, 0, sizeof(struct trafcount));
 
@@ -1268,6 +1282,8 @@ static int h_ace(int argc, unsigned char **argv){
 
 			tl->type = getrotate(*argv[2]);
 
 			tl->traflim64 =  ((uint64_t)lim)*(1024*1024);
 
 			if(!tl->traflim64) {
 
+				myfree(tl);
 
+				freeacl(acl);
 
 				fprintf(stderr, "Wrong traffic limit specified, line %d\n", linenum);
 
 				return(6);
 
 			}
 
@@ -1786,6 +1802,7 @@ void freeconf(struct extparam *confp){
 
  confp->bandlimiter = NULL;
 
  confp->bandlimiterout = NULL;
 
  confp->bandlimfunc = NULL;
 
+ confp->bandlimver++;
 
  pthread_mutex_unlock(&bandlim_mutex);
 
  pthread_mutex_lock(&connlim_mutex);
 
  cl = confp->connlimiter;