From 681182b1e59142cc60d12c6112c057dc46414a17 Mon Sep 17 00:00:00 2001
From: Vladimir Dubrovin <3proxy@3proxy.ru>
Date: Thu, 15 Apr 2021 12:26:34 +0300
Subject: [PATCH] Fix: '-' sign incorrectly parsed in hostname ACL, bandlim
 race condition on configuration reload

---
 .gitignore | 10 ++++++++++
 src/conf.c | 21 +++++++++++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 83ed143..b562c58 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,16 @@
 *.lib
 *.key
 *.pem
+*.so
+bin/3proxy
+bin/proxy
+bin/socks
+bin/tcppm
+bin/udppm
+bin/pop3p
+bin/smtpp
+bin/ftppr
+bin/mycrypt
 bin64/
 dll/
 tmp/
diff --git a/src/conf.c b/src/conf.c
index d9430a9..d1ebec1 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -793,12 +793,19 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 #endif
         char * slash, *dash;
 	int masklen, addrlen;
+	int res;
 
 	if((slash = strchr((char *)arg, '/'))) *slash = 0;
 	if((dash = strchr((char *)arg,'-'))) *dash = 0;
 	
-	if(afdetect(arg) == -1) return 1;
-	if(!getip46(46, arg, (struct sockaddr *)&sa)) return 1;
+	if(afdetect(arg) == -1) {
+		if(slash)*slash = '/';
+		if(dash)*dash = '-';
+		return 1;
+	}
+	res = getip46(46, arg, (struct sockaddr *)&sa);
+	if(dash)*dash = '-';
+	if(!res) return 1;
 	memcpy(&dst->ip_from, SAADDR(&sa), SAADDRLEN(&sa));
 	dst->family = *SAFAMILY(&sa);
 	if(dash){
@@ -810,6 +817,7 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 	}
 	memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa));
 	if(slash){
+		*slash = '/';
 		addrlen = SAADDRLEN(&sa);
 		masklen = atoi(slash+1);
 		if(masklen < 0 || masklen > (addrlen*8)) return 4;
@@ -1154,6 +1162,7 @@ static int h_ace(int argc, unsigned char **argv){
 	case REDIRECT:
 		acl->chains = myalloc(sizeof(struct chain));
 		if(!acl->chains) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(acl->chains, 0, sizeof(struct chain)); 
@@ -1177,6 +1186,7 @@ static int h_ace(int argc, unsigned char **argv){
 	case NOCONNLIM:
 		ncl = myalloc(sizeof(struct connlim));
 		if(!ncl) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(ncl, 0, sizeof(struct connlim));
@@ -1203,6 +1213,7 @@ static int h_ace(int argc, unsigned char **argv){
 
 		nbl = myalloc(sizeof(struct bandlim));
 		if(!nbl) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(nbl, 0, sizeof(struct bandlim));
@@ -1210,6 +1221,8 @@ static int h_ace(int argc, unsigned char **argv){
 		if(acl->action == BANDLIM) {
 			sscanf((char *)argv[1], "%u", &nbl->rate);
 			if(nbl->rate < 300) {
+				myfree(nbl);
+				freeacl(acl);
 				fprintf(stderr, "Wrong bandwidth specified, line %d\n", linenum);
 				return(4);
 			}
@@ -1250,6 +1263,7 @@ static int h_ace(int argc, unsigned char **argv){
 		if(!conf.trafcountfunc) conf.trafcountfunc = trafcountfunc;
 		tl = myalloc(sizeof(struct trafcount));
 		if(!tl) {
+			freeacl(acl);
 			return(21);
 		}
 		memset(tl, 0, sizeof(struct trafcount));
@@ -1268,6 +1282,8 @@ static int h_ace(int argc, unsigned char **argv){
 			tl->type = getrotate(*argv[2]);
 			tl->traflim64 =  ((uint64_t)lim)*(1024*1024);
 			if(!tl->traflim64) {
+				myfree(tl);
+				freeacl(acl);
 				fprintf(stderr, "Wrong traffic limit specified, line %d\n", linenum);
 				return(6);
 			}
@@ -1786,6 +1802,7 @@ void freeconf(struct extparam *confp){
  confp->bandlimiter = NULL;
  confp->bandlimiterout = NULL;
  confp->bandlimfunc = NULL;
+ confp->bandlimver++;
  pthread_mutex_unlock(&bandlim_mutex);
  pthread_mutex_lock(&connlim_mutex);
  cl = confp->connlimiter;