diff --git a/Makefile.msvc b/Makefile.msvc index 84fe8ec..da95036 100644 --- a/Makefile.msvc +++ b/Makefile.msvc @@ -14,7 +14,7 @@ LN = link LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386 DLFLAGS = /DLL DLSUFFICS = .dll -LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib +LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib LIBSOLD = libeay32MT.lib ssleay32MT.lib LIBEXT = .lib LNOUT = /out: @@ -26,7 +26,7 @@ REMOVECOMMAND = del 2>NUL >NUL TYPECOMMAND = type COMPATLIBS = MAKEFILE = Makefile.msvc -PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin +PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin SSLPlugin VERFILE = $(VERFILE) include Makefile.inc diff --git a/src/plugins/PCREPlugin/pcre_plugin.c b/src/plugins/PCREPlugin/pcre_plugin.c index e2ca258..f04d9c1 100644 --- a/src/plugins/PCREPlugin/pcre_plugin.c +++ b/src/plugins/PCREPlugin/pcre_plugin.c @@ -229,12 +229,12 @@ static int h_pcre(int argc, unsigned char **argv){ struct filter *newf; char *replace = NULL; - if(!strcmp(argv[2], "allow")) action = PASS; - else if(!strcmp(argv[2], "deny")) action = REJECT; - else if(!strcmp(argv[2], "remove")) action = REMOVE; - else if(!strcmp(argv[2], "dunno")) action = CONTINUE; + if(!strncmp(argv[2], "allow",5)) action = PASS; + else if(!strncmp(argv[2], "deny",4)) action = REJECT; + else if(!strncmp(argv[2], "remove",6)) action = REMOVE; + else if(!strncmp(argv[2], "dunno",5)) action = CONTINUE; else return 1; - if(!strcmp(argv[0], "pcre_rewrite")) { + if(!strncmp(argv[0], "pcre_rewrite", 12)) { int i,j; offset = 5; replace = pl->mystrdup(argv[4]); @@ -266,6 +266,7 @@ static int h_pcre(int argc, unsigned char **argv){ replace[j] = 0; } if(!(acl = pl->make_ace(argc - offset, argv + offset))) return 2; + acl->nolog = (strstr(argv[2],"log") == 0); if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){ re = pcre_compile((char *)argv[3], pcre_options, &errptr, &offset, NULL); if(!re) { diff --git a/src/plugins/SSLPlugin/my_ssl.c b/src/plugins/SSLPlugin/my_ssl.c index d3a4799..0e7bca7 100644 --- a/src/plugins/SSLPlugin/my_ssl.c +++ b/src/plugins/SSLPlugin/my_ssl.c @@ -8,6 +8,9 @@ #include #include #include +#ifndef _WIN32 +#include +#endif #include #include @@ -110,20 +113,23 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert) static char hash_name[sizeof(src_cert->sha1_hash)*2 + 1]; static char cache_name[200]; - pthread_mutex_lock(&ssl_file_mutex); bin2hex(src_cert->sha1_hash, sizeof(src_cert->sha1_hash), hash_name, sizeof(hash_name)); sprintf(cache_name, "%s%s.pem", cert_path, hash_name); /* check if certificate is already cached */ fcache = fopen(cache_name, "rb"); if ( fcache != NULL ) { +#ifndef _WIN32 + flock(fileno(fcache), LOCK_SH); +#endif dst_cert = PEM_read_X509(fcache, &dst_cert, NULL, NULL); +#ifndef _WIN32 + flock(fileno(fcache), LOCK_UN); +#endif fclose(fcache); if ( dst_cert != NULL ){ - pthread_mutex_unlock(&ssl_file_mutex); return dst_cert; } } - pthread_mutex_unlock(&ssl_file_mutex); /* proceed if certificate is not cached */ dst_cert = X509_dup(src_cert); @@ -163,13 +169,17 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert) /* write to cache */ - pthread_mutex_lock(&ssl_file_mutex); fcache = fopen(cache_name, "wb"); if ( fcache != NULL ) { +#ifndef _WIN32 + flock(fileno(fcache), LOCK_EX); +#endif PEM_write_X509(fcache, dst_cert); +#ifndef _WIN32 + flock(fileno(fcache), LOCK_UN); +#endif fclose(fcache); } - pthread_mutex_unlock(&ssl_file_mutex); return dst_cert; } @@ -212,6 +222,10 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, SSL_CERT *server_cert, char **errSSL) } cert = SSL_get_peer_certificate(conn->ssl); + if(!cert) { + ssl_conn_free(conn); + return NULL; + } /* TODO: Verify certificate */ @@ -312,10 +326,14 @@ void ssl_conn_free(SSL_CONN connection) { ssl_conn *conn = (ssl_conn *) connection; - SSL_shutdown(conn->ssl); - SSL_free(conn->ssl); - SSL_CTX_free(conn->ctx); - free(conn); + if(conn){ + if(conn->ssl){ + SSL_shutdown(conn->ssl); + SSL_free(conn->ssl); + } + if(conn->ctx) SSL_CTX_free(conn->ctx); + free(conn); + } } void _ssl_cert_free(SSL_CERT cert) diff --git a/src/plugins/SSLPlugin/ssl_plugin.c b/src/plugins/SSLPlugin/ssl_plugin.c index 3889f1e..172969c 100644 --- a/src/plugins/SSLPlugin/ssl_plugin.c +++ b/src/plugins/SSLPlugin/ssl_plugin.c @@ -53,13 +53,15 @@ struct SSLqueue { /* - Todo: use hashtable + TO DO: use hashtable */ static struct SSLqueue *searchSSL(SOCKET s){ - struct SSLqueue *sslq; + struct SSLqueue *sslq = NULL; + pthread_mutex_lock(&ssl_mutex); for(sslq = SSLq; sslq; sslq = sslq->next) - if(sslq->s == s) return sslq; - return NULL; + if(sslq->s == s) break; + pthread_mutex_lock(&ssl_mutex); + return sslq; } static void addSSL(SOCKET s, SSL_CERT cert, SSL_CONN conn, struct clientparam* param){ diff --git a/src/version.h b/src/version.h index 383b4b6..a97b453 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ #define VERSION "3proxy-0.8b-devel" -#define BUILDDATE "150216013249" +#define BUILDDATE "150302205552"