Merge pull request #1674 from G10h4ck/pqissludp_fixup

Fix double free crash in ~pqissludp()
This commit is contained in:
csoler 2019-10-15 08:39:49 +02:00 committed by GitHub
commit 438966979b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 86 deletions

View File

@ -1078,7 +1078,7 @@ int pqissl::SSL_Connection_Complete()
/* if we are passive - then accept! */
int err;
if (sslmode)
if (sslmode == PQISSL_ACTIVE)
{
#ifdef PQISSL_LOG_DEBUG
rslog(RSL_DEBUG_BASIC, pqisslzone, "--------> Active Connect! Client side.");

View File

@ -3,7 +3,8 @@
* *
* libretroshare: retroshare core library *
* *
* Copyright 2004-2006 by Robert Fernie <retroshare@lunamutt.com> *
* Copyright (C) 2004-2006 Robert Fernie <retroshare@lunamutt.com> *
* Copyright (C) 2015-2019 Gioacchino Mazzurco <gio@altermundi.net> *
* *
* This program is free software: you can redistribute it and/or modify *
* it under the terms of the GNU Lesser General Public License as *
@ -50,38 +51,21 @@ static const uint32_t PQI_SSLUDP_DEF_CONN_PERIOD = 300; /* 5 minutes? */
/********** PQI SSL UDP STUFF **************************************/
pqissludp::pqissludp(PQInterface *parent, p3LinkMgr *lm) :
pqissl(NULL, parent, lm), tou_bio(NULL),// listen_checktime(0),
pqissl(nullptr, parent, lm), tou_bio(nullptr),
mConnectPeriod(PQI_SSLUDP_DEF_CONN_PERIOD), mConnectFlags(0),
mConnectBandwidth(0)
{
RS_STACK_MUTEX(mSslMtx);
mConnectBandwidth(0), mConnectProxyAddr(), mConnectSrcAddr() {}
sockaddr_storage_clear(remote_addr);
sockaddr_storage_clear(mConnectProxyAddr);
sockaddr_storage_clear(mConnectSrcAddr);
}
pqissludp::~pqissludp()
{
rslog(RSL_ALERT, pqissludpzone,
"pqissludp::~pqissludp -> destroying pqissludp");
/* must call reset from here, so that the
* virtual functions will still work.
* -> as they stop working in base class destructor.
/*
* No need to call reset() here as it will be called in the upper class,
* pqissludp::reset_locked() just reset a few members to 0 that (that will be
* deleted anyway when this destructor ends), so pqissl::reset_locked() that is
* called by in parent class destructor will do just fine.
*
* This means that reset() will be called twice, but this should
* be harmless.
* DISCLAIMER: do not double free tou_bio here, as it is implicitely freed
* by SSL_free(...) in pqissl::reset()
*/
stoplistening(); /* remove from p3proxy listenqueue */
reset();
pqissludp::~pqissludp() = default;
RS_STACK_MUTEX(mSslMtx);
if (tou_bio) // this should be in the reset?
BIO_free(tou_bio);
}
int pqissludp::reset_locked()
{
@ -203,7 +187,7 @@ int pqissludp::Initiate_Connection()
out += sockaddr_storage_tostring(remote_addr);
out += " ";
if (sslmode)
if (sslmode == PQISSL_ACTIVE)
{
out += "ACTIVE Connect (SSL_Connect)";
}
@ -430,30 +414,6 @@ int pqissludp::net_internal_SSL_set_fd(SSL *ssl, int fd)
return 1;
}
int pqissludp::net_internal_fcntl_nonblock(int /*fd*/)
{
rslog(RSL_DEBUG_BASIC, pqissludpzone,
"pqissludp::net_internal_fcntl_nonblock()");
return 0;
}
// listen fns call the udpproxy.
int pqissludp::listen()
{
rslog(RSL_DEBUG_BASIC, pqissludpzone, "pqissludp::listen() (NULLOP)");
return 1; //udpproxy->listen();
}
int pqissludp::stoplistening()
{
rslog(RSL_DEBUG_BASIC, pqissludpzone, "pqissludp::stoplistening() (NULLOP)");
return 1; //udpproxy->stoplistening();
}
bool pqissludp::connect_parameter(uint32_t type, uint32_t value)
{
{

View File

@ -3,7 +3,8 @@
* *
* libretroshare: retroshare core library *
* *
* Copyright 2004-2006 by Robert Fernie. *
* Copyright (C) 2004-2006 Robert Fernie <retroshare@lunamutt.com> *
* Copyright (C) 2015-2019 Gioacchino Mazzurco <gio@altermundi.net> *
* *
* This program is free software: you can redistribute it and/or modify *
* it under the terms of the GNU Lesser General Public License as *
@ -19,42 +20,31 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>. *
* *
*******************************************************************************/
#ifndef MRK_PQI_SSL_UDP_HEADER
#define MRK_PQI_SSL_UDP_HEADER
// operating system specific network header.
#include "pqi/pqinetwork.h"
#pragma once
#include <string>
#include <map>
#include "pqi/pqissl.h"
#include "pqi/pqinetwork.h"
#include "util/rsdebug.h"
/* So pqissludp is the special firewall breaking protocol.
* This class will implement the basics of streaming
* ssl over udp using a tcponudp library....
* and a small extension to ssl.
/**
* @brief pqissludp is the special NAT traversal protocol.
* This class will implement the basics of streaming ssl over udp using a
* tcponudp library.
* It provides a NetBinInterface, which is primarily inherited from pqissl.
* Some methods are override all others are identical.
*/
class pqissludp;
class cert;
/* This provides a NetBinInterface, which is
* primarily inherited from pqissl.
* fns declared here are different -> all others are identical.
*/
class pqissludp: public pqissl
{
public:
pqissludp(PQInterface *parent, p3LinkMgr *lm);
~pqissludp() override;
virtual ~pqissludp();
// NetInterface.
// listen fns call the udpproxy.
virtual int listen();
virtual int stoplistening();
int listen() override { return 1; }
int stoplistening() override { return 1; }
virtual bool connect_parameter(uint32_t type, uint32_t value);
virtual bool connect_additional_address(uint32_t type, const struct sockaddr_storage &addr);
@ -83,20 +73,18 @@ protected:
*/
virtual int net_internal_close(int fd);
virtual int net_internal_SSL_set_fd(SSL *ssl, int fd);
virtual int net_internal_fcntl_nonblock(int fd);
virtual int net_internal_fcntl_nonblock(int /*fd*/) { return 0; }
private:
BIO *tou_bio; // specific to ssludp.
//long listen_checktime;
uint32_t mConnectPeriod;
uint32_t mConnectFlags;
uint32_t mConnectBandwidth;
struct sockaddr_storage mConnectProxyAddr;
struct sockaddr_storage mConnectSrcAddr;
};
#endif // MRK_PQI_SSL_UDP_HEADER
RS_SET_CONTEXT_DEBUG_LEVEL(2)
};