From 07457764d98b4c0a206945d34b49274582285e12 Mon Sep 17 00:00:00 2001 From: Radkesvat <134321679+radkesvat@users.noreply.github.com> Date: Sun, 26 May 2024 19:50:30 +0000 Subject: [PATCH] rework checks and add some missing checks --- tunnels/client/openssl/openssl_client.c | 13 +++----- tunnels/client/reality/reality_client.c | 41 ++++++++++--------------- tunnels/client/reverse/reverse_client.c | 2 -- tunnels/client/wolfssl/wolfssl_client.c | 13 +++----- tunnels/server/openssl/openssl_server.c | 4 +-- tunnels/server/reality/reality_server.c | 13 +++----- tunnels/server/wolfssl/wolfssl_server.c | 4 +-- 7 files changed, 33 insertions(+), 57 deletions(-) diff --git a/tunnels/client/openssl/openssl_client.c b/tunnels/client/openssl/openssl_client.c index 2588f8b2..1cf9a669 100644 --- a/tunnels/client/openssl/openssl_client.c +++ b/tunnels/client/openssl/openssl_client.c @@ -70,14 +70,9 @@ static void flushWriteQueue(tunnel_t *self, context_t *c) { oss_client_con_state_t *cstate = CSTATE(c); - while (contextQueueLen(cstate->queue) > 0) + while (contextQueueLen(cstate->queue) > 0 && isAlive(c->line)) { self->upStream(self, contextQueuePop(cstate->queue)); - - if (! isAlive(c->line)) - { - return; - } } } @@ -98,7 +93,7 @@ static void upStream(tunnel_t *self, context_t *c) enum sslstatus status; int len = (int) bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { int n = SSL_write(cstate->ssl, rawBuf(c->payload), len); status = getSslStatus(cstate->ssl, n); @@ -242,7 +237,7 @@ static void downStream(tunnel_t *self, context_t *c) int len = (int) bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { n = BIO_write(cstate->rbio, rawBuf(c->payload), len); @@ -321,7 +316,7 @@ static void downStream(tunnel_t *self, context_t *c) reuseBuffer(getContextBufferPool(c), buf); } - if (!cstate->handshake_completed && SSL_is_init_finished(cstate->ssl) ) + if (! cstate->handshake_completed && SSL_is_init_finished(cstate->ssl)) { LOGD("OpensslClient: Tls handshake complete"); cstate->handshake_completed = true; diff --git a/tunnels/client/reality/reality_client.c b/tunnels/client/reality/reality_client.c index 1c3555e6..3c5cf141 100644 --- a/tunnels/client/reality/reality_client.c +++ b/tunnels/client/reality/reality_client.c @@ -72,38 +72,31 @@ static enum sslstatus getSslStatus(SSL *ssl, int n) static void cleanup(tunnel_t *self, context_t *c) { reality_client_con_state_t *cstate = CSTATE(c); - if (cstate != NULL) + if (cstate->handshake_completed) { - if (cstate->handshake_completed) - { - destroyBufferStream(cstate->read_stream); - } - EVP_CIPHER_CTX_free(cstate->encryption_context); - EVP_CIPHER_CTX_free(cstate->decryption_context); - EVP_MD_CTX_free(cstate->sign_context); - EVP_MD_free(cstate->msg_digest); - EVP_PKEY_free(cstate->sign_key); + destroyBufferStream(cstate->read_stream); + } + EVP_CIPHER_CTX_free(cstate->encryption_context); + EVP_CIPHER_CTX_free(cstate->decryption_context); + EVP_MD_CTX_free(cstate->sign_context); + EVP_MD_free(cstate->msg_digest); + EVP_PKEY_free(cstate->sign_key); - SSL_free(cstate->ssl); /* free the SSL object and its BIO's */ - destroyContextQueue(cstate->queue); + SSL_free(cstate->ssl); /* free the SSL object and its BIO's */ + destroyContextQueue(cstate->queue); - free(cstate); - CSTATE_MUT(c) = NULL; - } + free(cstate); + CSTATE_MUT(c) = NULL; } static void flushWriteQueue(tunnel_t *self, context_t *c) { reality_client_con_state_t *cstate = CSTATE(c); - while (contextQueueLen(cstate->queue) > 0) + while (contextQueueLen(cstate->queue) > 0 && isAlive(c->line)) { self->upStream(self, contextQueuePop(cstate->queue)); - if (! isAlive(c->line)) - { - return; - } } } @@ -139,7 +132,7 @@ static void upStream(tunnel_t *self, context_t *c) } else { - while (bufLen(buf) > 0) + while (bufLen(buf) > 0 && isAlive(c->line)) { const uint16_t remain = (uint16_t) min(bufLen(buf), chunk_size); shift_buffer_t *chunk = shallowSliceBuffer(buf, remain); @@ -253,7 +246,7 @@ static void downStream(tunnel_t *self, context_t *c) bufferStreamPush(cstate->read_stream, c->payload); c->payload = NULL; uint8_t tls_header[1 + 2 + 2]; - while (bufferStreamLen(cstate->read_stream) >= kTLSHeaderlen) + while (bufferStreamLen(cstate->read_stream) >= kTLSHeaderlen && isAlive(c->line)) { bufferStreamViewBytesAt(cstate->read_stream, 0, tls_header, kTLSHeaderlen); uint16_t length = ntohs(*(uint16_t *) (tls_header + 3)); @@ -261,7 +254,7 @@ static void downStream(tunnel_t *self, context_t *c) { shift_buffer_t *buf = bufferStreamRead(cstate->read_stream, kTLSHeaderlen + length); bool is_tls_applicationdata = ((uint8_t *) rawBuf(buf))[0] == kTLS12ApplicationData; - bool is_tls_33 = ((uint16_t *) (((uint8_t *) rawBuf(buf)) + 1))[0] == kTLSVersion12; + bool is_tls_33 = ((uint16_t *) (((uint8_t *) rawBuf(buf)) + 1))[0] == kTLSVersion12; shiftr(buf, kTLSHeaderlen); @@ -294,7 +287,7 @@ static void downStream(tunnel_t *self, context_t *c) int len = (int) bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { n = BIO_write(cstate->rbio, rawBuf(c->payload), len); diff --git a/tunnels/client/reverse/reverse_client.c b/tunnels/client/reverse/reverse_client.c index a4fd316a..b35d79be 100644 --- a/tunnels/client/reverse/reverse_client.c +++ b/tunnels/client/reverse/reverse_client.c @@ -20,7 +20,6 @@ static void upStream(tunnel_t *self, context_t *c) } else { - if (c->fin) { const unsigned int tid = c->line->tid; @@ -176,7 +175,6 @@ static void startReverseClient(htimer_t *timer) tunnel_t *self = hevent_userdata(timer); for (unsigned int i = 0; i < workers_count; i++) { - initiateConnect(self, i, true); } diff --git a/tunnels/client/wolfssl/wolfssl_client.c b/tunnels/client/wolfssl/wolfssl_client.c index 65a72ee1..c89da846 100644 --- a/tunnels/client/wolfssl/wolfssl_client.c +++ b/tunnels/client/wolfssl/wolfssl_client.c @@ -70,14 +70,9 @@ static void flushWriteQueue(tunnel_t *self, context_t *c) { wssl_client_con_state_t *cstate = CSTATE(c); - while (contextQueueLen(cstate->queue) > 0) + while (contextQueueLen(cstate->queue) > 0 && isAlive(c->line)) { self->upStream(self, contextQueuePop(cstate->queue)); - - if (! isAlive(c->line)) - { - return; - } } } @@ -98,7 +93,7 @@ static void upStream(tunnel_t *self, context_t *c) enum sslstatus status; int len = (int) bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { int n = SSL_write(cstate->ssl, rawBuf(c->payload), len); status = getSslStatus(cstate->ssl, n); @@ -242,7 +237,7 @@ static void downStream(tunnel_t *self, context_t *c) int len = (int) bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { n = BIO_write(cstate->rbio, rawBuf(c->payload), len); @@ -446,7 +441,7 @@ tunnel_t *newWolfSSLClient(node_instance_context_t *instance_info) getBoolFromJsonObjectOrDefault(&(state->verify), settings, "verify", true); - getStringFromJsonObjectOrDefault(&(state->alpn), settings, "alpn","http/1.1"); + getStringFromJsonObjectOrDefault(&(state->alpn), settings, "alpn", "http/1.1"); ssl_param->verify_peer = state->verify ? 1 : 0; ssl_param->endpoint = kSslClient; diff --git a/tunnels/server/openssl/openssl_server.c b/tunnels/server/openssl/openssl_server.c index 2a75b525..8e919628 100644 --- a/tunnels/server/openssl/openssl_server.c +++ b/tunnels/server/openssl/openssl_server.c @@ -186,7 +186,7 @@ static void upStream(tunnel_t *self, context_t *c) int n; unsigned int len = bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { n = BIO_write(cstate->rbio, rawBuf(c->payload), (int) len); @@ -457,7 +457,7 @@ static void downStream(tunnel_t *self, context_t *c) exit(1); } int len = (int) bufLen(c->payload); - while (len) + while (len > 0 && isAlive(c->line)) { int n = SSL_write(cstate->ssl, rawBuf(c->payload), len); status = getSslstatus(cstate->ssl, n); diff --git a/tunnels/server/reality/reality_server.c b/tunnels/server/reality/reality_server.c index eb0d0c1e..e86b8173 100644 --- a/tunnels/server/reality/reality_server.c +++ b/tunnels/server/reality/reality_server.c @@ -101,7 +101,7 @@ static void upStream(tunnel_t *self, context_t *c) uint8_t tls_header[1 + 2 + 2]; bufferStreamPush(cstate->read_stream, newShallowShiftBuffer(buf)); - while (bufferStreamLen(cstate->read_stream) >= kTLSHeaderlen) + while (bufferStreamLen(cstate->read_stream) >= kTLSHeaderlen && isAlive(c->line)) { bufferStreamViewBytesAt(cstate->read_stream, 0, tls_header, kTLSHeaderlen); uint16_t length = ntohs(*(uint16_t *) (tls_header + 3)); @@ -169,7 +169,7 @@ static void upStream(tunnel_t *self, context_t *c) c->payload = NULL; authorized:; uint8_t tls_header[1 + 2 + 2]; - while (bufferStreamLen(cstate->read_stream) >= kTLSHeaderlen) + while (bufferStreamLen(cstate->read_stream) >= kTLSHeaderlen && isAlive(c->line)) { bufferStreamViewBytesAt(cstate->read_stream, 0, tls_header, kTLSHeaderlen); uint16_t length = ntohs(*(uint16_t *) (tls_header + 3)); @@ -177,7 +177,7 @@ static void upStream(tunnel_t *self, context_t *c) { shift_buffer_t *buf = bufferStreamRead(cstate->read_stream, kTLSHeaderlen + length); bool is_tls_applicationdata = ((uint8_t *) rawBuf(buf))[0] == kTLS12ApplicationData; - bool is_tls_33 = ((uint16_t *) (((uint8_t *) rawBuf(buf)) + 1))[0] == kTLSVersion12; + bool is_tls_33 = ((uint16_t *) (((uint8_t *) rawBuf(buf)) + 1))[0] == kTLSVersion12; shiftr(buf, kTLSHeaderlen); @@ -195,11 +195,6 @@ static void upStream(tunnel_t *self, context_t *c) context_t *plain_data_ctx = newContextFrom(c); plain_data_ctx->payload = buf; self->up->upStream(self->up, plain_data_ctx); - if (! isAlive(c->line)) - { - destroyContext(c); - return; - } } else { @@ -284,7 +279,7 @@ static void downStream(tunnel_t *self, context_t *c) } else { - while (bufLen(buf) > 0) + while (bufLen(buf) > 0 && isAlive(c->line)) { const uint16_t remain = (uint16_t) min(bufLen(buf), chunk_size); shift_buffer_t *chunk = shallowSliceBuffer(buf, remain); diff --git a/tunnels/server/wolfssl/wolfssl_server.c b/tunnels/server/wolfssl/wolfssl_server.c index 492c54f2..8430d2cb 100644 --- a/tunnels/server/wolfssl/wolfssl_server.c +++ b/tunnels/server/wolfssl/wolfssl_server.c @@ -181,7 +181,7 @@ static void upStream(tunnel_t *self, context_t *c) int n; int len = (int) bufLen(c->payload); - while (len > 0) + while (len > 0 && isAlive(c->line)) { n = BIO_write(cstate->rbio, rawBuf(c->payload), len); @@ -447,7 +447,7 @@ static void downStream(tunnel_t *self, context_t *c) exit(1); } int len = (int) bufLen(c->payload); - while (len) + while (len && isAlive(c->line)) { int n = SSL_write(cstate->ssl, rawBuf(c->payload), len); status = getSslstatus(cstate->ssl, n);