From 99c06ccc8d9c3f5a5ff123eabaf2230aa4f04b78 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 5 Mar 2019 16:57:14 +0100 Subject: [PATCH] Harden code --- src/algo_naive.c | 2 +- src/donar_client.c | 13 ++++++++++++- src/evt_core.c | 5 ++++- src/socks5.c | 14 ++++++++++++-- 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/algo_naive.c b/src/algo_naive.c index b391634..40d220c 100644 --- a/src/algo_naive.c +++ b/src/algo_naive.c @@ -300,7 +300,7 @@ int on_err(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) { // 3. If appears in the read waiting queue, remove it g_queue_remove_all (app_ctx->read_waiting, &(fdinfo->fd)); - return 1; + return 0; } void algo_naive(struct algo_skel* as) { diff --git a/src/donar_client.c b/src/donar_client.c index 7145ffd..6ac5d8f 100644 --- a/src/donar_client.c +++ b/src/donar_client.c @@ -18,6 +18,7 @@ void init_tcp_client(struct donar_client_ctx* ctx, int i) { while (1) { fdinfo.fd = create_tcp_client("127.0.0.1", "9050"); + perror("1"); if (fdinfo.fd < 0) goto failed_socks5; ctx->client_sock[i].fd = fdinfo.fd; ctx->client_sock[i].state = SOCKS5_STATE_NEW; @@ -25,6 +26,7 @@ void init_tcp_client(struct donar_client_ctx* ctx, int i) { evt_core_add_fd (&(ctx->evts), &fdinfo); //@FIXME: We suppose that we will be able to do the whole write at once which is wrong err = socks5_handshake_syn(fdinfo.fd); + perror("2"); if (err) goto failed_socks5; break; @@ -57,16 +59,21 @@ int configure_tcp_clients(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdin case SOCKS5_STATE_NEW: //@FIXME: We suppose that we will be able to do the whole read at once which is wrong err = socks5_handshake_ack (fdinfo->fd); + perror("3"); if (err < 0) goto on_socks5_err; //@FIXME: We suppose that we will be able to do the whole write at once which is wrong too err = socks5_connect_dns(fdinfo->fd, target_host, app_ctx->ports[pos]); + perror("4"); if (err < 0) goto on_socks5_err; app_ctx->client_sock[pos].state = SOCKS5_STATE_ACK; printf("Socket %d/%d %s:%d is connecting...\n", pos+1, CLIENT_PORT_SIZE, target_host, app_ctx->ports[pos]); break; case SOCKS5_STATE_ACK: //@FIXME: We suppose that we will be able to do the whole read at once which is wrong too + perror("5"); err = socks5_reply (fdinfo->fd); + fprintf(stderr, "captured err: %d\n", err); + perror("6"); if (err < 0) goto on_socks5_err; app_ctx->client_sock[pos].state = SOCKS5_STATE_RDY; int sock1, sock2; @@ -74,7 +81,9 @@ int configure_tcp_clients(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdin sock2 = dup(fdinfo->fd); if (sock1 < 0 || sock2 < 0) goto on_socks5_err; void* fdcat = evt_core_rm_fd (ctx, fdinfo->fd); - if (fdcat == NULL) goto on_socks5_err; + if (fdcat == NULL) { + exit(EXIT_FAILURE); + } struct evt_core_fdinfo fdinfo = {0}; struct evt_core_cat cat = {0}; @@ -107,6 +116,7 @@ on_socks5_err: perror("An error occured while connecting to an Onion Service"); app_ctx->client_sock[pos].state = SOCKS5_STATE_ERR; evt_core_rm_fd (ctx, fdinfo->fd); + perror("0"); sleep(2); init_tcp_client (app_ctx, pos); return 1; @@ -119,6 +129,7 @@ void donar_client(struct donar_client_ctx* ctx, struct algo_skel* algo, .app_ctx = ctx, .free_app_ctx = NULL, .cb = configure_tcp_clients, + .err_cb = NULL, .name = "configure-socks5", .flags = EPOLLIN | EPOLLET, .socklist = NULL diff --git a/src/evt_core.c b/src/evt_core.c index c87680b..4ef18af 100644 --- a/src/evt_core.c +++ b/src/evt_core.c @@ -112,7 +112,10 @@ struct evt_core_cat* evt_core_rm_fd(struct evt_core_ctx* ctx, int fd) { // 2. Update category for (int i = 0; i < cat->socklist->len; i++) { if (g_array_index(cat->socklist, struct evt_core_fdinfo*, i) == fdinfo) { - printf("Remove fd\n"); + if (fdinfo->fd != fd) { + fprintf(stderr, "Logic error in updating file descriptor list\n"); + exit(EXIT_FAILURE); + } g_array_remove_index(cat->socklist, i); } } diff --git a/src/socks5.c b/src/socks5.c index 925b1f8..2e450e1 100644 --- a/src/socks5.c +++ b/src/socks5.c @@ -39,8 +39,14 @@ int socks5_handshake_ack(int sock) { } int socks5_reply(int sock) { + int res; struct server_reply sr = {0}; - read_entity(sock, &sr, sizeof(uint8_t) * 4); + res = read_entity(sock, &sr, sizeof(uint8_t) * 4); + if (res == -1) { + perror("read_entity"); + exit(EXIT_FAILURE); + } + switch(sr.atyp) { case ATYP_IPV4: if (read_entity(sock, sr.bind_addr.ipv4, sizeof(uint8_t) * 4) == -1) @@ -60,7 +66,11 @@ int socks5_reply(int sock) { fprintf(stderr, "Unsupported ATYP in server reply\n"); return -128; } - read_entity(sock, &sr.port, sizeof(uint16_t)); + res = read_entity(sock, &sr.port, sizeof(uint16_t)); + if (res == -1) { + perror("read_entity"); + exit(EXIT_FAILURE); + } if (sr.rep < 0 || sr.rep > 0x08) { fprintf(stderr, "Invalid reply field\n");