projects
/
silc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Packet streams: avoid double free if silc_id_id2str fails.
[silc.git]
/
lib
/
silccore
/
silcpacket.c
diff --git
a/lib/silccore/silcpacket.c
b/lib/silccore/silcpacket.c
index 89e12a476a31a2b588c79a792021eb6c21f3f657..614dc894650ce0e334051a508d1c052cef6e0d44 100644
(file)
--- a/
lib/silccore/silcpacket.c
+++ b/
lib/silccore/silcpacket.c
@@
-4,7
+4,7
@@
Author: Pekka Riikonen <priikone@silcnet.org>
Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 1997 - 200
7
Pekka Riikonen
+ Copyright (C) 1997 - 200
8
Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@
-306,7
+306,7
@@
static inline SilcBool silc_packet_stream_read(SilcPacketStream ps,
inbuf = silc_dlist_get(ps->sc->inbufs);
if (!inbuf) {
/* Allocate new data input buffer */
inbuf = silc_dlist_get(ps->sc->inbufs);
if (!inbuf) {
/* Allocate new data input buffer */
- inbuf = silc_buffer_alloc(SILC_PACKET_DEFAULT_SIZE * 6
1
);
+ inbuf = silc_buffer_alloc(SILC_PACKET_DEFAULT_SIZE * 6
5
);
if (!inbuf) {
silc_mutex_unlock(ps->lock);
return FALSE;
if (!inbuf) {
silc_mutex_unlock(ps->lock);
return FALSE;
@@
-336,7
+336,6
@@
static inline SilcBool silc_packet_stream_read(SilcPacketStream ps,
silc_mutex_unlock(ps->lock);
if (ret == -1) {
/* Cannot read now, do it later. */
silc_mutex_unlock(ps->lock);
if (ret == -1) {
/* Cannot read now, do it later. */
- silc_buffer_pull(inbuf, silc_buffer_len(inbuf));
return FALSE;
}
return FALSE;
}
@@
-394,7
+393,6
@@
static inline SilcBool silc_packet_stream_read(SilcPacketStream ps,
if (ret == -1) {
/* Cannot read now, do it later. */
if (ret == -1) {
/* Cannot read now, do it later. */
- silc_buffer_pull(inbuf, silc_buffer_len(inbuf));
return FALSE;
}
return FALSE;
}
@@
-623,7
+621,7
@@
void silc_packet_engine_stop(SilcPacketEngine engine)
silc_free(engine);
}
silc_free(engine);
}
-static const char *packet_error[] = {
+static const char *
const
packet_error[] = {
"Cannot read from stream",
"Cannot write to stream",
"Packet MAC failed",
"Cannot read from stream",
"Cannot write to stream",
"Packet MAC failed",
@@
-638,7
+636,7
@@
static const char *packet_error[] = {
const char *silc_packet_error_string(SilcPacketError error)
{
if (error < SILC_PACKET_ERR_READ || error > SILC_PACKET_ERR_NO_MEMORY)
const char *silc_packet_error_string(SilcPacketError error)
{
if (error < SILC_PACKET_ERR_READ || error > SILC_PACKET_ERR_NO_MEMORY)
- return "";
+ return "
<invalid error code>
";
return packet_error[error];
}
return packet_error[error];
}
@@
-655,13
+653,28
@@
SilcDList silc_packet_engine_get_streams(SilcPacketEngine engine)
silc_mutex_lock(engine->lock);
silc_list_start(engine->streams);
silc_mutex_lock(engine->lock);
silc_list_start(engine->streams);
- while ((ps = silc_list_get(engine->streams)))
+ while ((ps = silc_list_get(engine->streams))) {
+ silc_packet_stream_ref(ps);
silc_dlist_add(list, ps);
silc_dlist_add(list, ps);
+ }
silc_mutex_unlock(engine->lock);
return list;
}
silc_mutex_unlock(engine->lock);
return list;
}
+/* Free list returned by silc_packet_engine_get_streams */
+
+void silc_packet_engine_free_streams_list(SilcDList streams)
+{
+ SilcPacketStream ps;
+
+ silc_dlist_start(streams);
+ while ((ps = silc_dlist_get(streams)))
+ silc_packet_stream_unref(ps);
+
+ silc_dlist_uninit(streams);
+}
+
/* Create new packet stream */
SilcPacketStream silc_packet_stream_create(SilcPacketEngine engine,
/* Create new packet stream */
SilcPacketStream silc_packet_stream_create(SilcPacketEngine engine,
@@
-708,20
+721,20
@@
SilcPacketStream silc_packet_stream_create(SilcPacketEngine engine,
(void *)&ps->sc)) {
ps->sc = silc_calloc(1, sizeof(*ps->sc));
if (!ps->sc) {
(void *)&ps->sc)) {
ps->sc = silc_calloc(1, sizeof(*ps->sc));
if (!ps->sc) {
- silc_packet_stream_destroy(ps);
silc_mutex_unlock(engine->lock);
silc_mutex_unlock(engine->lock);
+ silc_packet_stream_destroy(ps);
return NULL;
}
ps->sc->engine = engine;
ps->sc->schedule = schedule;
/* Allocate data input buffer */
return NULL;
}
ps->sc->engine = engine;
ps->sc->schedule = schedule;
/* Allocate data input buffer */
- inbuf = silc_buffer_alloc(SILC_PACKET_DEFAULT_SIZE * 6
1
);
+ inbuf = silc_buffer_alloc(SILC_PACKET_DEFAULT_SIZE * 6
5
);
if (!inbuf) {
silc_free(ps->sc);
ps->sc = NULL;
if (!inbuf) {
silc_free(ps->sc);
ps->sc = NULL;
- silc_packet_stream_destroy(ps);
silc_mutex_unlock(engine->lock);
silc_mutex_unlock(engine->lock);
+ silc_packet_stream_destroy(ps);
return NULL;
}
silc_buffer_reset(inbuf);
return NULL;
}
silc_buffer_reset(inbuf);
@@
-731,8
+744,8
@@
SilcPacketStream silc_packet_stream_create(SilcPacketEngine engine,
silc_buffer_free(inbuf);
silc_free(ps->sc);
ps->sc = NULL;
silc_buffer_free(inbuf);
silc_free(ps->sc);
ps->sc = NULL;
- silc_packet_stream_destroy(ps);
silc_mutex_unlock(engine->lock);
silc_mutex_unlock(engine->lock);
+ silc_packet_stream_destroy(ps);
return NULL;
}
silc_dlist_add(ps->sc->inbufs, inbuf);
return NULL;
}
silc_dlist_add(ps->sc->inbufs, inbuf);
@@
-743,8
+756,8
@@
SilcPacketStream silc_packet_stream_create(SilcPacketEngine engine,
silc_dlist_del(ps->sc->inbufs, inbuf);
silc_free(ps->sc);
ps->sc = NULL;
silc_dlist_del(ps->sc->inbufs, inbuf);
silc_free(ps->sc);
ps->sc = NULL;
- silc_packet_stream_destroy(ps);
silc_mutex_unlock(engine->lock);
silc_mutex_unlock(engine->lock);
+ silc_packet_stream_destroy(ps);
return NULL;
}
}
return NULL;
}
}
@@
-770,6
+783,8
@@
SilcPacketStream silc_packet_stream_create(SilcPacketEngine engine,
return NULL;
}
return NULL;
}
+ SILC_LOG_DEBUG(("Created packet stream %p", ps));
+
return ps;
}
return ps;
}
@@
-870,8
+885,12
@@
void silc_packet_stream_destroy(SilcPacketStream stream)
return;
if (silc_atomic_sub_int8(&stream->refcnt, 1) > 0) {
return;
if (silc_atomic_sub_int8(&stream->refcnt, 1) > 0) {
+ if (stream->destroyed)
+ return;
stream->destroyed = TRUE;
stream->destroyed = TRUE;
+ SILC_LOG_DEBUG(("Marking packet stream %p destroyed", stream));
+
/* Close the underlaying stream */
if (!stream->udp && stream->stream)
silc_stream_close(stream->stream);
/* Close the underlaying stream */
if (!stream->udp && stream->stream)
silc_stream_close(stream->stream);
@@
-882,17
+901,18
@@
void silc_packet_stream_destroy(SilcPacketStream stream)
if (!stream->udp) {
/* Delete from engine */
if (!stream->udp) {
/* Delete from engine */
- engine = stream->sc->engine;
- silc_mutex_lock(engine->lock);
- silc_list_del(engine->streams, stream);
-
- /* Remove per scheduler context, if it is not used anymore */
if (stream->sc) {
if (stream->sc) {
+ engine = stream->sc->engine;
+ silc_mutex_lock(engine->lock);
+ silc_list_del(engine->streams, stream);
+
+ /* Remove per scheduler context, if it is not used anymore */
stream->sc->stream_count--;
if (!stream->sc->stream_count)
silc_hash_table_del(engine->contexts, stream->sc->schedule);
stream->sc->stream_count--;
if (!stream->sc->stream_count)
silc_hash_table_del(engine->contexts, stream->sc->schedule);
+
+ silc_mutex_unlock(engine->lock);
}
}
- silc_mutex_unlock(engine->lock);
/* Destroy the underlaying stream */
if (stream->stream)
/* Destroy the underlaying stream */
if (stream->stream)
@@
-1010,6
+1030,7
@@
static SilcBool silc_packet_stream_link_va(SilcPacketStream stream,
stream->process = silc_dlist_init();
if (!stream->process) {
silc_mutex_unlock(stream->lock);
stream->process = silc_dlist_init();
if (!stream->process) {
silc_mutex_unlock(stream->lock);
+ silc_free(p);
return FALSE;
}
}
return FALSE;
}
}
@@
-1307,12
+1328,13
@@
SilcBool silc_packet_set_ids(SilcPacketStream stream,
if (!src_id && !dst_id)
return FALSE;
if (!src_id && !dst_id)
return FALSE;
- SILC_LOG_DEBUG(("Setting new IDs to packet stream"));
-
silc_mutex_lock(stream->lock);
if (src_id) {
silc_mutex_lock(stream->lock);
if (src_id) {
+ SILC_LOG_DEBUG(("Setting source ID to packet stream %p", stream));
+
silc_free(stream->src_id);
silc_free(stream->src_id);
+ stream->src_id = NULL;
if (!silc_id_id2str(src_id, src_id_type, tmp, sizeof(tmp), &len)) {
silc_mutex_unlock(stream->lock);
return FALSE;
if (!silc_id_id2str(src_id, src_id_type, tmp, sizeof(tmp), &len)) {
silc_mutex_unlock(stream->lock);
return FALSE;
@@
-1327,7
+1349,10
@@
SilcBool silc_packet_set_ids(SilcPacketStream stream,
}
if (dst_id) {
}
if (dst_id) {
+ SILC_LOG_DEBUG(("Setting destination ID to packet stream %p", stream));
+
silc_free(stream->dst_id);
silc_free(stream->dst_id);
+ stream->dst_id = NULL;
if (!silc_id_id2str(dst_id, dst_id_type, tmp, sizeof(tmp), &len)) {
silc_mutex_unlock(stream->lock);
return FALSE;
if (!silc_id_id2str(dst_id, dst_id_type, tmp, sizeof(tmp), &len)) {
silc_mutex_unlock(stream->lock);
return FALSE;
@@
-1352,37
+1377,19
@@
SilcBool silc_packet_get_ids(SilcPacketStream stream,
SilcBool *src_id_set, SilcID *src_id,
SilcBool *dst_id_set, SilcID *dst_id)
{
SilcBool *src_id_set, SilcID *src_id,
SilcBool *dst_id_set, SilcID *dst_id)
{
- if (src_id && stream->src_id) {
- (*src_id).type = stream->src_id_type;
- switch (stream->src_id_type) {
- case SILC_ID_CLIENT:
- (*src_id).u.client_id = *(SilcClientID *)stream->src_id;
- break;
- case SILC_ID_SERVER:
- (*src_id).u.server_id = *(SilcServerID *)stream->src_id;
- break;
- case SILC_ID_CHANNEL:
- (*src_id).u.channel_id = *(SilcChannelID *)stream->src_id;
- break;
- }
- }
+ if (src_id && stream->src_id)
+ if (!silc_id_str2id2(stream->src_id, stream->src_id_len,
+ stream->src_id_type, src_id))
+ return FALSE;
+
if (stream->src_id && src_id_set)
*src_id_set = TRUE;
if (stream->src_id && src_id_set)
*src_id_set = TRUE;
- if (dst_id && stream->dst_id) {
- (*dst_id).type = stream->dst_id_type;
- switch (stream->dst_id_type) {
- case SILC_ID_CLIENT:
- (*dst_id).u.client_id = *(SilcClientID *)stream->dst_id;
- break;
- case SILC_ID_SERVER:
- (*dst_id).u.server_id = *(SilcServerID *)stream->dst_id;
- break;
- case SILC_ID_CHANNEL:
- (*dst_id).u.channel_id = *(SilcChannelID *)stream->dst_id;
- break;
- }
- }
+ if (dst_id && stream->dst_id)
+ if (!silc_id_str2id2(stream->dst_id, stream->dst_id_len,
+ stream->dst_id_type, dst_id))
+ return FALSE;
+
if (stream->dst_id && dst_id_set)
*dst_id_set = TRUE;
if (stream->dst_id && dst_id_set)
*dst_id_set = TRUE;
@@
-1468,14
+1475,6
@@
static inline void silc_packet_send_ctr_increment(SilcPacketStream stream,
unsigned char *iv = silc_cipher_get_iv(cipher);
SilcUInt32 pc1, pc2;
unsigned char *iv = silc_cipher_get_iv(cipher);
SilcUInt32 pc1, pc2;
- /* Increment 64-bit packet counter */
- SILC_GET32_MSB(pc1, iv + 4);
- SILC_GET32_MSB(pc2, iv + 8);
- if (++pc2 == 0)
- ++pc1;
- SILC_PUT32_MSB(pc1, iv + 4);
- SILC_PUT32_MSB(pc2, iv + 8);
-
/* Reset block counter */
memset(iv + 12, 0, 4);
/* Reset block counter */
memset(iv + 12, 0, 4);
@@
-1486,11
+1485,24
@@
static inline void silc_packet_send_ctr_increment(SilcPacketStream stream,
ret_iv[1] = ret_iv[0] + iv[4];
ret_iv[2] = ret_iv[0] ^ ret_iv[1];
ret_iv[3] = ret_iv[0] + ret_iv[2];
ret_iv[1] = ret_iv[0] + iv[4];
ret_iv[2] = ret_iv[0] ^ ret_iv[1];
ret_iv[3] = ret_iv[0] + ret_iv[2];
- SILC_PUT32_MSB(pc2, ret_iv + 4);
+
+ /* Increment 32-bit packet counter */
+ SILC_GET32_MSB(pc1, iv + 8);
+ pc1++;
+ SILC_PUT32_MSB(pc1, ret_iv + 4);
+
SILC_LOG_HEXDUMP(("IV"), ret_iv, 8);
/* Set new nonce to counter block */
SILC_LOG_HEXDUMP(("IV"), ret_iv, 8);
/* Set new nonce to counter block */
- memcpy(iv + 4, ret_iv, 4);
+ memcpy(iv + 4, ret_iv, 8);
+ } else {
+ /* Increment 64-bit packet counter */
+ SILC_GET32_MSB(pc1, iv + 4);
+ SILC_GET32_MSB(pc2, iv + 8);
+ if (++pc2 == 0)
+ ++pc1;
+ SILC_PUT32_MSB(pc1, iv + 4);
+ SILC_PUT32_MSB(pc2, iv + 8);
}
SILC_LOG_HEXDUMP(("Counter Block"), iv, 16);
}
SILC_LOG_HEXDUMP(("Counter Block"), iv, 16);
@@
-1973,8
+1985,8
@@
static inline SilcBool silc_packet_parse(SilcPacket packet)
silc_buffer_len(buffer)), buffer->head,
silc_buffer_headlen(buffer) + silc_buffer_len(buffer));
silc_buffer_len(buffer)), buffer->head,
silc_buffer_headlen(buffer) + silc_buffer_len(buffer));
- SILC_LOG_DEBUG(("Incoming packet type: %d (%s)", packet->type,
- silc_get_packet_name(packet->type)));
+ SILC_LOG_DEBUG(("Incoming packet type: %d (%s)
, flags %d
", packet->type,
+ silc_get_packet_name(packet->type)
, packet->flags
));
return TRUE;
}
return TRUE;
}