Fix double free in silcd.

[silc.git] / apps / silcd / server_util.c
diff --git a/apps/silcd/server_util.c b/apps/silcd/server_util.c

index 545ec504320478204ed4152f74d6123711f880a1..74ce18ba2902866107148517f3f961fe645dd714 100644 (file)
--- a/apps/silcd/server_util.c
+++ b/apps/silcd/server_util.c
@@ -4,7 +4,7 @@
  
    Author: Pekka Riikonen <priikone@silcnet.org>
  
-  Copyright (C) 1997 - 2005, 2007 Pekka Riikonen
+  Copyright (C) 1997 - 2008 Pekka Riikonen
  
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -162,17 +162,15 @@ SilcBool silc_server_remove_clients_by_server(SilcServer server,
  
    if (server_signoff) {
      idp = silc_id_payload_encode(entry->id, SILC_ID_SERVER);
-    if (idp) {
-      argv = silc_realloc(argv, sizeof(*argv) * (argc + 1));
-      argv_lens = silc_realloc(argv_lens,  sizeof(*argv_lens) * (argc + 1));
-      argv_types = silc_realloc(argv_types, sizeof(*argv_types) * (argc + 1));
-      argv[argc] = silc_calloc(silc_buffer_len(idp), sizeof(*argv[0]));
-      memcpy(argv[argc], idp->data, silc_buffer_len(idp));
-      argv_lens[argc] = silc_buffer_len(idp);
-      argv_types[argc] = argc + 1;
-      argc++;
-      silc_buffer_free(idp);
-    }
+    argv = silc_realloc(argv, sizeof(*argv) * (argc + 1));
+    argv_lens = silc_realloc(argv_lens,  sizeof(*argv_lens) * (argc + 1));
+    argv_types = silc_realloc(argv_types, sizeof(*argv_types) * (argc + 1));
+    argv[argc] = silc_calloc(silc_buffer_len(idp), sizeof(*argv[0]));
+    memcpy(argv[argc], idp->data, silc_buffer_len(idp));
+    argv_lens[argc] = silc_buffer_len(idp);
+    argv_types[argc] = argc + 1;
+    argc++;
+    silc_buffer_free(idp);
    }
  
    if (silc_idcache_get_all(server->local_list->clients, &list)) {
@@ -230,6 +228,8 @@ SilcBool silc_server_remove_clients_by_server(SilcServer server,
         client->mode = 0;
         client->router = NULL;
         client->connection = NULL;
+       client->data.created = silc_time();
+       silc_dlist_del(server->expired_clients, client);
         silc_dlist_add(server->expired_clients, client);
        } else {
         silc_idlist_del_data(client);
@@ -291,6 +291,8 @@ SilcBool silc_server_remove_clients_by_server(SilcServer server,
         client->mode = 0;
         client->router = NULL;
         client->connection = NULL;
+       client->data.created = silc_time();
+       silc_dlist_del(server->expired_clients, client);
         silc_dlist_add(server->expired_clients, client);
        } else {
         silc_idlist_del_data(client);
@@ -415,10 +417,8 @@ silc_server_update_clients_by_real_server(SilcServer server,
            since the server is local. */
         if (!local) {
           SILC_LOG_DEBUG(("Moving client to local list"));
-         silc_idcache_add(server->local_list->clients, client_cache->name,
-                          client_cache->id, client_cache->context);
-         silc_idcache_del_by_context(server->global_list->clients, client,
-                                     NULL);
+         silc_idcache_move(server->global_list->clients,
+                           server->local_list->clients, client_cache);
         }
         server_entry = server_entry->router;
        } else {
@@ -427,20 +427,16 @@ silc_server_update_clients_by_real_server(SilcServer server,
            since the server is local. */
         if (server_entry->server_type != SILC_BACKUP_ROUTER && !local) {
           SILC_LOG_DEBUG(("Moving client to local list"));
-         silc_idcache_add(server->local_list->clients, client_cache->name,
-                          client_cache->id, client_cache->context);
-         silc_idcache_del_by_context(server->global_list->clients, client,
-                                     NULL);
+         silc_idcache_move(server->global_list->clients,
+                           server->local_list->clients, client_cache);
  
         } else if (server->server_type == SILC_BACKUP_ROUTER && local) {
           /* If we are backup router and this client is on local list, we
              must move it to global list, as it is not currently local to
              us (we are not primary). */
           SILC_LOG_DEBUG(("Moving client to global list"));
-         silc_idcache_add(server->global_list->clients, client_cache->name,
-                          client_cache->id, client_cache->context);
-         silc_idcache_del_by_context(server->local_list->clients, client,
-                                     NULL);
+         silc_idcache_move(server->local_list->clients,
+                           server->global_list->clients, client_cache);
         }
        }
  
@@ -467,10 +463,8 @@ silc_server_update_clients_by_real_server(SilcServer server,
            since the server is global. */
         if (local) {
           SILC_LOG_DEBUG(("Moving client to global list"));
-         silc_idcache_add(server->global_list->clients, client_cache->name,
-                          client_cache->id, client_cache->context);
-         silc_idcache_del_by_context(server->local_list->clients, client,
-                                     NULL);
+         silc_idcache_move(server->local_list->clients,
+                           server->global_list->clients, client_cache);
         }
         server_entry = server_entry->router;
        } else {
@@ -479,10 +473,8 @@ silc_server_update_clients_by_real_server(SilcServer server,
            since the server is global. */
         if (server_entry->server_type != SILC_BACKUP_ROUTER && local) {
           SILC_LOG_DEBUG(("Moving client to global list"));
-         silc_idcache_add(server->global_list->clients, client_cache->name,
-                          client_cache->id, client_cache->context);
-         silc_idcache_del_by_context(server->local_list->clients, client,
-                                     NULL);
+         silc_idcache_move(server->local_list->clients,
+                           server->global_list->clients, client_cache);
         }
        }
        return server_entry;
@@ -1009,7 +1001,7 @@ SilcUInt32 silc_server_num_sockets_by_ip(SilcServer server, const char *ip,
  
    silc_dlist_start(server->conns);
    while ((conn = silc_dlist_get(server->conns))) {
-    if (!conn->sock)
+    if (!conn->sock || !silc_packet_stream_is_valid(conn->sock))
        continue;
      silc_socket_stream_get_info(silc_packet_stream_get_stream(conn->sock),
                                 NULL, NULL, &ipaddr, NULL);
@@ -1035,7 +1027,7 @@ silc_server_find_socket_by_host(SilcServer server,
  
    silc_dlist_start(server->conns);
    while ((conn = silc_dlist_get(server->conns))) {
-    if (!conn->sock)
+    if (!conn->sock || !silc_packet_stream_is_valid(conn->sock))
        continue;
      idata = silc_packet_get_context(conn->sock);
      silc_socket_stream_get_info(silc_packet_stream_get_stream(conn->sock),
@@ -1056,19 +1048,29 @@ silc_server_find_socket_by_host(SilcServer server,
  SilcUInt32 silc_server_num_sockets_by_remote(SilcServer server,
                                              const char *ip,
                                              const char *hostname,
-                                            SilcUInt16 port)
+                                            SilcUInt16 port,
+                                            SilcConnectionType type)
  {
    SilcServerConnection conn;
+  SilcIDListData idata;
+  SilcConnectionType t = SILC_CONN_UNKNOWN;
    int count = 0;
  
    if (!ip && !hostname)
      return 0;
  
+  SILC_LOG_DEBUG(("Num connections %d", silc_dlist_count(server->conns)));
+
    silc_dlist_start(server->conns);
    while ((conn = silc_dlist_get(server->conns))) {
+    if (conn->sock) {
+      idata = silc_packet_get_context(conn->sock);
+      if (idata)
+       t = idata->conn_type;
+    }
      if (((ip && !strcmp(conn->remote_host, ip)) ||
          (hostname && !strcmp(conn->remote_host, hostname))) &&
-       conn->remote_port == port)
+       conn->remote_port == port && t == type)
        count++;
    }
  
@@ -1114,6 +1116,13 @@ SilcPublicKey silc_server_get_public_key(SilcServer server,
    silc_skr_find(server->repository, server->schedule,
                 find, find_callback, &public_key);
  
+#ifdef SILC_DEBUG
+  if (public_key)
+    SILC_LOG_DEBUG(("Found public key"));
+  else
+    SILC_LOG_DEBUG(("Public key not found"));
+#endif /* SILC_DEBUG */
+
    return public_key;
  }
  
@@ -1190,6 +1199,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
        silc_server_disconnect_remote(server, sock,
                                     SILC_STATUS_ERR_BAD_VERSION,
                                     "You support too old protocol version");
+      silc_server_free_sock_user_data(server, sock, NULL);
        return FALSE;
      }
  
@@ -1201,6 +1211,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
        silc_server_disconnect_remote(server, sock,
                                     SILC_STATUS_ERR_BAD_VERSION,
                                     "You support too old software version");
+      silc_server_free_sock_user_data(server, sock, NULL);
        return FALSE;
      }
  
@@ -1212,6 +1223,7 @@ SilcBool silc_server_connection_allowed(SilcServer server,
        silc_server_disconnect_remote(server, sock,
                                     SILC_STATUS_ERR_BAD_VERSION,
                                     "Your software is not supported");
+      silc_server_free_sock_user_data(server, sock, NULL);
        return FALSE;
      }
    }
@@ -1225,20 +1237,25 @@ SilcBool silc_server_connection_allowed(SilcServer server,
                   global->connections_max_per_host);
  
    if (max_hosts && conn_number >= max_hosts) {
+    SILC_LOG_DEBUG(("Server is full, %d >= %d", conn_number, max_hosts));
      SILC_LOG_INFO(("Server is full, closing %s (%s) connection",
                    hostname, ip));
      silc_server_disconnect_remote(server, sock,
                                   SILC_STATUS_ERR_RESOURCE_LIMIT,
                                   "Server is full, try again later");
+    silc_server_free_sock_user_data(server, sock, NULL);
      return FALSE;
    }
  
    if (num_sockets >= max_per_host) {
+    SILC_LOG_DEBUG(("Too many connections, %d >= %d", num_sockets,
+                   max_per_host));
      SILC_LOG_INFO(("Too many connections from %s (%s), closing connection",
                    hostname, ip));
      silc_server_disconnect_remote(server, sock,
                                   SILC_STATUS_ERR_RESOURCE_LIMIT,
                                   "Too many connections from your host");
+    silc_server_free_sock_user_data(server, sock, NULL);
      return FALSE;
    }
  
@@ -1530,8 +1547,17 @@ void silc_server_kill_client(SilcServer server,
    if (remote_client->connection) {
      /* Remove locally conneted client */
      SilcPacketStream sock = remote_client->connection;
-    silc_server_free_client_data(server, sock, remote_client, FALSE, NULL);
-    silc_server_close_connection(server, sock);
+
+    if (sock)
+      silc_packet_stream_ref(sock);
+
+    silc_server_free_sock_user_data(server, sock, NULL);
+
+    if (sock) {
+      silc_packet_set_context(sock, NULL);
+      silc_server_close_connection(server, sock);
+      silc_packet_stream_unref(sock);
+    }
    } else {
      /* Update statistics */
      server->stat.clients--;
@@ -1553,6 +1579,7 @@ void silc_server_kill_client(SilcServer server,
      }
  
      /* Remove remote client */
+    silc_dlist_del(server->expired_clients, remote_client);
      silc_idlist_del_data(remote_client);
      if (!silc_idlist_del_client(server->global_list, remote_client)) {
        /* Remove this client from watcher list if it is */
@@ -1745,10 +1772,11 @@ SilcBool silc_server_inviteban_match(SilcServer server, SilcHashTable list,
                                      SilcUInt8 type, void *check)
  {
    unsigned char *tmp = NULL;
-  SilcUInt32 len = 0, t;
+  SilcUInt32 len = 0;
    SilcHashTableList htl;
    SilcBuffer entry, idp = NULL, pkp = NULL;
    SilcBool ret = FALSE;
+  void *t;
  
    SILC_LOG_DEBUG(("Matching invite/ban"));
  
@@ -1778,13 +1806,14 @@ SilcBool silc_server_inviteban_match(SilcServer server, SilcHashTable list,
    /* Compare the list */
    silc_hash_table_list(list, &htl);
    while (silc_hash_table_get(&htl, (void *)&t, (void *)&entry)) {
-    if (type == t) {
+    if (type == SILC_PTR_TO_32(t)) {
        if (type == 1) {
         if (silc_string_match(entry->data, tmp)) {
           ret = TRUE;
           break;
         }
-      } else if (!memcmp(entry->data, tmp, len)) {
+      } else if (silc_buffer_len(entry) == len &&
+                !memcmp(entry->data, tmp, len)) {
         ret = TRUE;
         break;
        }
@@ -1808,6 +1837,7 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  {
    unsigned char *tmp;
    SilcUInt32 type, len;
+  void *ptype;
    SilcBuffer tmp2;
    SilcHashTableList htl;
  
@@ -1834,8 +1864,9 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  
         /* Check if the string is added already */
         silc_hash_table_list(list, &htl);
-       while (silc_hash_table_get(&htl, (void *)&type, (void *)&tmp2)) {
-         if (type == 1 && silc_string_match(tmp2->data, tmp)) {
+       while (silc_hash_table_get(&htl, (void *)&ptype, (void *)&tmp2)) {
+         if (SILC_PTR_TO_32(ptype) == 1 &&
+             silc_string_match(tmp2->data, tmp)) {
             tmp = NULL;
             break;
           }
@@ -1865,8 +1896,8 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  
         /* Check if the public key is in the list already */
         silc_hash_table_list(list, &htl);
-       while (silc_hash_table_get(&htl, (void *)&type, (void *)&tmp2)) {
-         if (type == 2 && !memcmp(tmp2->data, tmp, len)) {
+       while (silc_hash_table_get(&htl, (void *)&ptype, (void *)&tmp2)) {
+         if (SILC_PTR_TO_32(ptype) == 2 && !memcmp(tmp2->data, tmp, len)) {
             tmp = NULL;
             break;
           }
@@ -1885,8 +1916,8 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  
         /* Check if the ID is in the list already */
         silc_hash_table_list(list, &htl);
-       while (silc_hash_table_get(&htl, (void *)&type, (void *)&tmp2)) {
-         if (type == 3 && !memcmp(tmp2->data, tmp, len)) {
+       while (silc_hash_table_get(&htl, (void *)&ptype, (void *)&tmp2)) {
+         if (SILC_PTR_TO_32(ptype) == 3 && !memcmp(tmp2->data, tmp, len)) {
             tmp = NULL;
             break;
           }
@@ -1924,8 +1955,9 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  
         /* Delete from the list */
         silc_hash_table_list(list, &htl);
-       while (silc_hash_table_get(&htl, (void *)&type, (void *)&tmp2)) {
-         if (type == 1 && silc_string_match(tmp2->data, tmp)) {
+       while (silc_hash_table_get(&htl, (void *)&ptype, (void *)&tmp2)) {
+         if (SILC_PTR_TO_32(ptype) == 1 &&
+             silc_string_match(tmp2->data, tmp)) {
             silc_hash_table_del_by_context(list, (void *)1, tmp2);
             break;
           }
@@ -1945,8 +1977,8 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  
         /* Delete from the invite list */
         silc_hash_table_list(list, &htl);
-       while (silc_hash_table_get(&htl, (void *)&type, (void *)&tmp2)) {
-         if (type == 2 && !memcmp(tmp2->data, tmp, len)) {
+       while (silc_hash_table_get(&htl, (void *)&ptype, (void *)&tmp2)) {
+         if (SILC_PTR_TO_32(ptype) == 2 && !memcmp(tmp2->data, tmp, len)) {
             silc_hash_table_del_by_context(list, (void *)2, tmp2);
             break;
           }
@@ -1958,8 +1990,8 @@ SilcBool silc_server_inviteban_process(SilcServer server,
  
         /* Delete from the invite list */
         silc_hash_table_list(list, &htl);
-       while (silc_hash_table_get(&htl, (void *)&type, (void *)&tmp2)) {
-         if (type == 3 && !memcmp(tmp2->data, tmp, len)) {
+       while (silc_hash_table_get(&htl, (void *)&ptype, (void *)&tmp2)) {
+         if (SILC_PTR_TO_32(ptype) == 3 && !memcmp(tmp2->data, tmp, len)) {
             silc_hash_table_del_by_context(list, (void *)3, tmp2);
             break;
           }
@@ -1989,7 +2021,7 @@ void silc_server_create_connections(SilcServer server)
    silc_schedule_task_del_by_callback(server->schedule,
                                      silc_server_connect_to_router);
    silc_schedule_task_add_timeout(server->schedule,
-                                silc_server_connect_to_router, server, 0, 1);
+                                silc_server_connect_to_router, server, 1, 0);
  }
  
  static void
@@ -2089,6 +2121,8 @@ SilcBuffer silc_server_get_channel_pk_list(SilcServer server,
    silc_hash_table_list(channel->channel_pubkeys, &htl);
    while (silc_hash_table_get(&htl, NULL, (void *)&pk)) {
      pkp = silc_public_key_payload_encode(pk);
+    if (!pkp)
+      continue;
      list = silc_argument_payload_encode_one(list, pkp->data,
                                             silc_buffer_len(pkp),
                                             announce ? 0x03 :