Harden code
This commit is contained in:
Quentin Dufour
parent
ba8dcc53ab
commit
99c06ccc8d
4 changed files with 29 additions and 5 deletions
|
|
@ -300,7 +300,7 @@ int on_err(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdinfo) {
|
||||||
// 3. If appears in the read waiting queue, remove it
|
// 3. If appears in the read waiting queue, remove it
|
||||||
g_queue_remove_all (app_ctx->read_waiting, &(fdinfo->fd));
|
g_queue_remove_all (app_ctx->read_waiting, &(fdinfo->fd));
|
||||||
|
|
||||||
return 1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void algo_naive(struct algo_skel* as) {
|
void algo_naive(struct algo_skel* as) {
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ void init_tcp_client(struct donar_client_ctx* ctx, int i) {
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
fdinfo.fd = create_tcp_client("127.0.0.1", "9050");
|
fdinfo.fd = create_tcp_client("127.0.0.1", "9050");
|
||||||
|
perror("1");
|
||||||
if (fdinfo.fd < 0) goto failed_socks5;
|
if (fdinfo.fd < 0) goto failed_socks5;
|
||||||
ctx->client_sock[i].fd = fdinfo.fd;
|
ctx->client_sock[i].fd = fdinfo.fd;
|
||||||
ctx->client_sock[i].state = SOCKS5_STATE_NEW;
|
ctx->client_sock[i].state = SOCKS5_STATE_NEW;
|
||||||
|
|
@ -25,6 +26,7 @@ void init_tcp_client(struct donar_client_ctx* ctx, int i) {
|
||||||
evt_core_add_fd (&(ctx->evts), &fdinfo);
|
evt_core_add_fd (&(ctx->evts), &fdinfo);
|
||||||
//@FIXME: We suppose that we will be able to do the whole write at once which is wrong
|
//@FIXME: We suppose that we will be able to do the whole write at once which is wrong
|
||||||
err = socks5_handshake_syn(fdinfo.fd);
|
err = socks5_handshake_syn(fdinfo.fd);
|
||||||
|
perror("2");
|
||||||
if (err) goto failed_socks5;
|
if (err) goto failed_socks5;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
@ -57,16 +59,21 @@ int configure_tcp_clients(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdin
|
||||||
case SOCKS5_STATE_NEW:
|
case SOCKS5_STATE_NEW:
|
||||||
//@FIXME: We suppose that we will be able to do the whole read at once which is wrong
|
//@FIXME: We suppose that we will be able to do the whole read at once which is wrong
|
||||||
err = socks5_handshake_ack (fdinfo->fd);
|
err = socks5_handshake_ack (fdinfo->fd);
|
||||||
|
perror("3");
|
||||||
if (err < 0) goto on_socks5_err;
|
if (err < 0) goto on_socks5_err;
|
||||||
//@FIXME: We suppose that we will be able to do the whole write at once which is wrong too
|
//@FIXME: We suppose that we will be able to do the whole write at once which is wrong too
|
||||||
err = socks5_connect_dns(fdinfo->fd, target_host, app_ctx->ports[pos]);
|
err = socks5_connect_dns(fdinfo->fd, target_host, app_ctx->ports[pos]);
|
||||||
|
perror("4");
|
||||||
if (err < 0) goto on_socks5_err;
|
if (err < 0) goto on_socks5_err;
|
||||||
app_ctx->client_sock[pos].state = SOCKS5_STATE_ACK;
|
app_ctx->client_sock[pos].state = SOCKS5_STATE_ACK;
|
||||||
printf("Socket %d/%d %s:%d is connecting...\n", pos+1, CLIENT_PORT_SIZE, target_host, app_ctx->ports[pos]);
|
printf("Socket %d/%d %s:%d is connecting...\n", pos+1, CLIENT_PORT_SIZE, target_host, app_ctx->ports[pos]);
|
||||||
break;
|
break;
|
||||||
case SOCKS5_STATE_ACK:
|
case SOCKS5_STATE_ACK:
|
||||||
//@FIXME: We suppose that we will be able to do the whole read at once which is wrong too
|
//@FIXME: We suppose that we will be able to do the whole read at once which is wrong too
|
||||||
|
perror("5");
|
||||||
err = socks5_reply (fdinfo->fd);
|
err = socks5_reply (fdinfo->fd);
|
||||||
|
fprintf(stderr, "captured err: %d\n", err);
|
||||||
|
perror("6");
|
||||||
if (err < 0) goto on_socks5_err;
|
if (err < 0) goto on_socks5_err;
|
||||||
app_ctx->client_sock[pos].state = SOCKS5_STATE_RDY;
|
app_ctx->client_sock[pos].state = SOCKS5_STATE_RDY;
|
||||||
int sock1, sock2;
|
int sock1, sock2;
|
||||||
|
|
@ -74,7 +81,9 @@ int configure_tcp_clients(struct evt_core_ctx* ctx, struct evt_core_fdinfo* fdin
|
||||||
sock2 = dup(fdinfo->fd);
|
sock2 = dup(fdinfo->fd);
|
||||||
if (sock1 < 0 || sock2 < 0) goto on_socks5_err;
|
if (sock1 < 0 || sock2 < 0) goto on_socks5_err;
|
||||||
void* fdcat = evt_core_rm_fd (ctx, fdinfo->fd);
|
void* fdcat = evt_core_rm_fd (ctx, fdinfo->fd);
|
||||||
if (fdcat == NULL) goto on_socks5_err;
|
if (fdcat == NULL) {
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
struct evt_core_fdinfo fdinfo = {0};
|
struct evt_core_fdinfo fdinfo = {0};
|
||||||
struct evt_core_cat cat = {0};
|
struct evt_core_cat cat = {0};
|
||||||
|
|
@ -107,6 +116,7 @@ on_socks5_err:
|
||||||
perror("An error occured while connecting to an Onion Service");
|
perror("An error occured while connecting to an Onion Service");
|
||||||
app_ctx->client_sock[pos].state = SOCKS5_STATE_ERR;
|
app_ctx->client_sock[pos].state = SOCKS5_STATE_ERR;
|
||||||
evt_core_rm_fd (ctx, fdinfo->fd);
|
evt_core_rm_fd (ctx, fdinfo->fd);
|
||||||
|
perror("0");
|
||||||
sleep(2);
|
sleep(2);
|
||||||
init_tcp_client (app_ctx, pos);
|
init_tcp_client (app_ctx, pos);
|
||||||
return 1;
|
return 1;
|
||||||
|
|
@ -119,6 +129,7 @@ void donar_client(struct donar_client_ctx* ctx, struct algo_skel* algo,
|
||||||
.app_ctx = ctx,
|
.app_ctx = ctx,
|
||||||
.free_app_ctx = NULL,
|
.free_app_ctx = NULL,
|
||||||
.cb = configure_tcp_clients,
|
.cb = configure_tcp_clients,
|
||||||
|
.err_cb = NULL,
|
||||||
.name = "configure-socks5",
|
.name = "configure-socks5",
|
||||||
.flags = EPOLLIN | EPOLLET,
|
.flags = EPOLLIN | EPOLLET,
|
||||||
.socklist = NULL
|
.socklist = NULL
|
||||||
|
|
|
||||||
|
|
@ -112,7 +112,10 @@ struct evt_core_cat* evt_core_rm_fd(struct evt_core_ctx* ctx, int fd) {
|
||||||
// 2. Update category
|
// 2. Update category
|
||||||
for (int i = 0; i < cat->socklist->len; i++) {
|
for (int i = 0; i < cat->socklist->len; i++) {
|
||||||
if (g_array_index(cat->socklist, struct evt_core_fdinfo*, i) == fdinfo) {
|
if (g_array_index(cat->socklist, struct evt_core_fdinfo*, i) == fdinfo) {
|
||||||
printf("Remove fd\n");
|
if (fdinfo->fd != fd) {
|
||||||
|
fprintf(stderr, "Logic error in updating file descriptor list\n");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
g_array_remove_index(cat->socklist, i);
|
g_array_remove_index(cat->socklist, i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
14
src/socks5.c
14
src/socks5.c
|
|
@ -39,8 +39,14 @@ int socks5_handshake_ack(int sock) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int socks5_reply(int sock) {
|
int socks5_reply(int sock) {
|
||||||
|
int res;
|
||||||
struct server_reply sr = {0};
|
struct server_reply sr = {0};
|
||||||
read_entity(sock, &sr, sizeof(uint8_t) * 4);
|
res = read_entity(sock, &sr, sizeof(uint8_t) * 4);
|
||||||
|
if (res == -1) {
|
||||||
|
perror("read_entity");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
switch(sr.atyp) {
|
switch(sr.atyp) {
|
||||||
case ATYP_IPV4:
|
case ATYP_IPV4:
|
||||||
if (read_entity(sock, sr.bind_addr.ipv4, sizeof(uint8_t) * 4) == -1)
|
if (read_entity(sock, sr.bind_addr.ipv4, sizeof(uint8_t) * 4) == -1)
|
||||||
|
|
@ -60,7 +66,11 @@ int socks5_reply(int sock) {
|
||||||
fprintf(stderr, "Unsupported ATYP in server reply\n");
|
fprintf(stderr, "Unsupported ATYP in server reply\n");
|
||||||
return -128;
|
return -128;
|
||||||
}
|
}
|
||||||
read_entity(sock, &sr.port, sizeof(uint16_t));
|
res = read_entity(sock, &sr.port, sizeof(uint16_t));
|
||||||
|
if (res == -1) {
|
||||||
|
perror("read_entity");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
if (sr.rep < 0 || sr.rep > 0x08) {
|
if (sr.rep < 0 || sr.rep > 0x08) {
|
||||||
fprintf(stderr, "Invalid reply field\n");
|
fprintf(stderr, "Invalid reply field\n");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue