SSLPlugin race condition fix

+ minor corrections to PCREPlugin
2025-02-23 02:25:40 +08:00 · 2015-03-02 21:05:29 +03:00 · 2015-03-02 21:05:29 +03:00 · 522e6732fe
commit 522e6732fe
parent 7951de875a
5 changed files with 42 additions and 21 deletions
--- a/Makefile.msvc
+++ b/Makefile.msvc
@ -14,7 +14,7 @@ LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib 
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
 LIBSOLD = libeay32MT.lib ssleay32MT.lib
 LIBEXT = .lib                                                                                               
 LNOUT = /out:
@ -26,7 +26,7 @@ REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin SSLPlugin
 VERFILE = $(VERFILE)

 include Makefile.inc
--- a/src/plugins/PCREPlugin/pcre_plugin.c
+++ b/src/plugins/PCREPlugin/pcre_plugin.c
@ -229,12 +229,12 @@ static int h_pcre(int argc, unsigned char **argv){
 	struct filter *newf;
 	char *replace = NULL;
 	
-	if(!strcmp(argv[2], "allow")) action = PASS;
-	else if(!strcmp(argv[2], "deny")) action = REJECT;
-	else if(!strcmp(argv[2], "remove")) action = REMOVE;
-	else if(!strcmp(argv[2], "dunno")) action = CONTINUE;
+	if(!strncmp(argv[2], "allow",5)) action = PASS;
+	else if(!strncmp(argv[2], "deny",4)) action = REJECT;
+	else if(!strncmp(argv[2], "remove",6)) action = REMOVE;
+	else if(!strncmp(argv[2], "dunno",5)) action = CONTINUE;
 	else return 1;
-	if(!strcmp(argv[0], "pcre_rewrite")) {
+	if(!strncmp(argv[0], "pcre_rewrite", 12)) {
 		int i,j;
 		offset = 5;
 		replace = pl->mystrdup(argv[4]);
@ -266,6 +266,7 @@ static int h_pcre(int argc, unsigned char **argv){
 		replace[j] = 0;
 	}
 	if(!(acl = pl->make_ace(argc - offset, argv + offset))) return 2;
+	acl->nolog = (strstr(argv[2],"log") == 0);
 	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
 		re = pcre_compile((char *)argv[3], pcre_options, &errptr, &offset, NULL);
 		if(!re) {
--- a/src/plugins/SSLPlugin/my_ssl.c
+++ b/src/plugins/SSLPlugin/my_ssl.c
@ -8,6 +8,9 @@
 #include <memory.h>
 #include <errno.h>
 #include <fcntl.h>
+#ifndef _WIN32
+#include <sys/file.h>
+#endif

 #include <openssl/crypto.h>
 #include <openssl/x509.h>
@ -110,20 +113,23 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)
 	static char hash_name[sizeof(src_cert->sha1_hash)*2 + 1];
 	static char cache_name[200];

-	pthread_mutex_lock(&ssl_file_mutex);
 	bin2hex(src_cert->sha1_hash, sizeof(src_cert->sha1_hash), hash_name, sizeof(hash_name));
 	sprintf(cache_name, "%s%s.pem", cert_path, hash_name);
 	/* check if certificate is already cached */
 	fcache = fopen(cache_name, "rb");
 	if ( fcache != NULL ) {
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_SH);
+#endif
 		dst_cert = PEM_read_X509(fcache, &dst_cert, NULL, NULL);
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_UN);
+#endif
 		fclose(fcache);
 		if ( dst_cert != NULL ){
-			pthread_mutex_unlock(&ssl_file_mutex);
 			return dst_cert;
 		}
 	}
-	pthread_mutex_unlock(&ssl_file_mutex);

 	/* proceed if certificate is not cached */
 	dst_cert = X509_dup(src_cert);
@ -163,13 +169,17 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert)

 	/* write to cache */

-	pthread_mutex_lock(&ssl_file_mutex);
 	fcache = fopen(cache_name, "wb");
 	if ( fcache != NULL ) {
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_EX);
+#endif
 		PEM_write_X509(fcache, dst_cert);
+#ifndef _WIN32
+		flock(fileno(fcache), LOCK_UN);
+#endif
 		fclose(fcache);
 	}
-	pthread_mutex_unlock(&ssl_file_mutex);
 	return dst_cert;
 }

@ -212,6 +222,10 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, SSL_CERT *server_cert, char **errSSL)
 	}

 	cert = SSL_get_peer_certificate(conn->ssl);     
+	if(!cert) {
+		ssl_conn_free(conn);
+		return NULL;
+	}

 	/* TODO: Verify certificate */

@ -312,10 +326,14 @@ void ssl_conn_free(SSL_CONN connection)
 {
 	ssl_conn *conn = (ssl_conn *) connection;

-	SSL_shutdown(conn->ssl);
-	SSL_free(conn->ssl);
-	SSL_CTX_free(conn->ctx);
-	free(conn);
+	if(conn){
+		if(conn->ssl){
+			SSL_shutdown(conn->ssl);
+			SSL_free(conn->ssl);
+		}
+		if(conn->ctx) SSL_CTX_free(conn->ctx);
+		free(conn);
+	}
 }

 void _ssl_cert_free(SSL_CERT cert)
--- a/src/plugins/SSLPlugin/ssl_plugin.c
+++ b/src/plugins/SSLPlugin/ssl_plugin.c
@ -53,13 +53,15 @@ struct SSLqueue {


 /*
- Todo: use hashtable
+ TO DO: use hashtable
 */
 static struct SSLqueue *searchSSL(SOCKET s){
-	struct SSLqueue *sslq;
+	struct SSLqueue *sslq = NULL;
+	pthread_mutex_lock(&ssl_mutex);
 	for(sslq = SSLq; sslq; sslq = sslq->next)
-		if(sslq->s == s) return sslq;
-	return NULL;
+		if(sslq->s == s) break;
+	pthread_mutex_lock(&ssl_mutex);
+	return sslq;
 }

 static void addSSL(SOCKET s, SSL_CERT cert, SSL_CONN conn, struct clientparam* param){
--- a/src/version.h
+++ b/src/version.h
@ -1,2 +1,2 @@
 #define VERSION "3proxy-0.8b-devel"
-#define BUILDDATE "150216013249"
+#define BUILDDATE "150302205552"