gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Close #81 单一IP域命中,未拷贝动作参数,导致段错误。

Browse Source 
* 修正request header命中监测,request body命中redirect/block/replace动作后,优先级执行出错。
This commit is contained in:
zhengchao
2018-11-14 17:58:51 +08:00
parent 3030282bc6
commit a223599d52
1 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
plugin/business/pangu-http/src/pangu_http.cpp
View File

@@ -546,7 +546,7 @@ static inline int action_cmp(enum pangu_action a1, enum pangu_action a2)
//enforce_rules[0] contains execute action. //enforce_rules[0] contains execute action.
static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit, static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit,
struct Maat_rule_t ** enforce_rules, size_t * n_enforce) struct Maat_rule_t ** enforce_rules, size_t * n_enforce, char** enforce_para)
{ {
size_t n_monit = 0, exist_enforce_num = 0, i = 0; size_t n_monit = 0, exist_enforce_num = 0, i = 0;
const struct Maat_rule_t * prior_rule = hit_rules; const struct Maat_rule_t * prior_rule = hit_rules;
@@ -603,9 +603,25 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
} }
else else
{ {
memcpy(*enforce_rules + exist_enforce_num, prior_rule, sizeof(struct Maat_rule_t)); memmove(*enforce_rules+1, *enforce_rules, exist_enforce_num*sizeof(struct Maat_rule_t));
memcpy(*enforce_rules, prior_rule, sizeof(struct Maat_rule_t));
memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct Maat_rule_t)); memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct Maat_rule_t));
} }
if(*enforce_para!=NULL)
{
free(*enforce_para);
}
size_t __serv_def_len = (size_t)prior_rule->serv_def_len;
*enforce_para = ALLOC(char, __serv_def_len);
if (__serv_def_len > MAX_SERVICE_DEFINE_LEN)
{
Maat_read_rule(g_pangu_rt->maat,prior_rule, MAAT_RULE_SERV_DEFINE, *enforce_para, __serv_def_len);
}
else
{
strcpy(*enforce_para, prior_rule->service_defined);
}
return prior_action; return prior_action;
} }
@@ -940,23 +956,9 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
if (hit_cnt > 0) if (hit_cnt > 0)
{ {
ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->enforce_para);
if (ctx->action == PG_ACTION_WHITELIST) goto __out; if (ctx->action == PG_ACTION_WHITELIST) goto __out;
size_t __serv_def_len = (size_t)ctx->enforce_rules[0].serv_def_len;
ctx->enforce_para = ALLOC(char, __serv_def_len);
if (__serv_def_len > MAX_SERVICE_DEFINE_LEN)
{
read_rule_ret = Maat_read_rule(g_pangu_rt->maat, &ctx->enforce_rules[0], MAAT_RULE_SERV_DEFINE,
ctx->enforce_para, ctx->enforce_rules[0].serv_def_len);
assert(read_rule_ret == ctx->enforce_rules[0].serv_def_len);
}
else
{
strcpy(ctx->enforce_para, ctx->enforce_rules[0].service_defined);
}
if (hit_cnt > 1) if (hit_cnt > 1)
{ {
p = buff; p = buff;
@@ -1258,7 +1260,7 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
if (hit_cnt > 0) if (hit_cnt > 0)
{ {
ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce); ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->enforce_para);
} }
if (ctx->action == PG_ACTION_WHITELIST) if (ctx->action == PG_ACTION_WHITELIST)
{ {