Fix: '-' sign incorrectly parsed in hostname ACL, bandlim race condition on configuration reload

2025-02-23 02:25:40 +08:00 · 2021-04-15 12:26:34 +03:00 · 2021-04-15 12:26:34 +03:00 · 681182b1e5
commit 681182b1e5
parent 9fae0082a3
2 changed files with 29 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,6 +11,16 @@
 *.lib
 *.key
 *.pem
+*.so
+bin/3proxy
+bin/proxy
+bin/socks
+bin/tcppm
+bin/udppm
+bin/pop3p
+bin/smtpp
+bin/ftppr
+bin/mycrypt
 bin64/
 dll/
 tmp/
--- a/src/conf.c
+++ b/src/conf.c
@ -793,12 +793,19 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 #endif
        char * slash, *dash;
 	int masklen, addrlen;
+	int res;

 	if((slash = strchr((char *)arg, '/'))) *slash = 0;
 	if((dash = strchr((char *)arg,'-'))) *dash = 0;
 	
-	if(afdetect(arg) == -1) return 1;
-	if(!getip46(46, arg, (struct sockaddr *)&sa)) return 1;
+	if(afdetect(arg) == -1) {
+		if(slash)*slash = '/';
+		if(dash)*dash = '-';
+		return 1;
+	}
+	res = getip46(46, arg, (struct sockaddr *)&sa);
+	if(dash)*dash = '-';
+	if(!res) return 1;
 	memcpy(&dst->ip_from, SAADDR(&sa), SAADDRLEN(&sa));
 	dst->family = *SAFAMILY(&sa);
 	if(dash){
@ -810,6 +817,7 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 	}
 	memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa));
 	if(slash){
+		*slash = '/';
 		addrlen = SAADDRLEN(&sa);
 		masklen = atoi(slash+1);
 		if(masklen < 0 || masklen > (addrlen*8)) return 4;
@ -1154,6 +1162,7 @@ static int h_ace(int argc, unsigned char **argv){
 	case REDIRECT:
 		acl->chains = myalloc(sizeof(struct chain));
 		if(!acl->chains) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(acl->chains, 0, sizeof(struct chain)); 
@ -1177,6 +1186,7 @@ static int h_ace(int argc, unsigned char **argv){
 	case NOCONNLIM:
 		ncl = myalloc(sizeof(struct connlim));
 		if(!ncl) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(ncl, 0, sizeof(struct connlim));
@ -1203,6 +1213,7 @@ static int h_ace(int argc, unsigned char **argv){

 		nbl = myalloc(sizeof(struct bandlim));
 		if(!nbl) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(nbl, 0, sizeof(struct bandlim));
@ -1210,6 +1221,8 @@ static int h_ace(int argc, unsigned char **argv){
 		if(acl->action == BANDLIM) {
 			sscanf((char *)argv[1], "%u", &nbl->rate);
 			if(nbl->rate < 300) {
+				myfree(nbl);
+				freeacl(acl);
 				fprintf(stderr, "Wrong bandwidth specified, line %d\n", linenum);
 				return(4);
 			}
@ -1250,6 +1263,7 @@ static int h_ace(int argc, unsigned char **argv){
 		if(!conf.trafcountfunc) conf.trafcountfunc = trafcountfunc;
 		tl = myalloc(sizeof(struct trafcount));
 		if(!tl) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(tl, 0, sizeof(struct trafcount));
@ -1268,6 +1282,8 @@ static int h_ace(int argc, unsigned char **argv){
 			tl->type = getrotate(*argv[2]);
 			tl->traflim64 =  ((uint64_t)lim)*(1024*1024);
 			if(!tl->traflim64) {
+				myfree(tl);
+				freeacl(acl);
 				fprintf(stderr, "Wrong traffic limit specified, line %d\n", linenum);
 				return(6);
 			}
@ -1786,6 +1802,7 @@ void freeconf(struct extparam *confp){
 confp->bandlimiter = NULL;
 confp->bandlimiterout = NULL;
 confp->bandlimfunc = NULL;
+ confp->bandlimver++;
 pthread_mutex_unlock(&bandlim_mutex);
 pthread_mutex_lock(&connlim_mutex);
 cl = confp->connlimiter;