gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正部分TCP处理流程中FD所有权转移有误,导致的fd潜在的double-free。

Browse Source
This commit is contained in:
luqiuwen
2019-09-05 11:37:37 +08:00
parent 021500f42a
commit c9d814e17b
6 changed files with 141 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
platform/src/tcp_stream.cpp
View File

@@ -950,14 +950,15 @@ void ssl_downstream_create_on_success(future_result_t * result, void * user)
{
struct tfe_stream_private * _stream = (struct tfe_stream_private *) user;
struct ssl_stream * downstream = ssl_downstream_create_result_release_stream(result);
struct bufferevent * bev = ssl_downstream_create_result_release_bev(result);
_stream->defer_fd_downstream = 0;
_stream->conn_downstream = __conn_private_create_by_bev(_stream, bev);
_stream->ssl_downstream = downstream;
future_destroy(_stream->future_downstream_create);
_stream->future_downstream_create = NULL;
_stream->defer_fd_downstream = 0;
assert(_stream->conn_downstream != NULL && _stream->conn_upstream != NULL);
@@ -988,19 +989,17 @@ void ssl_downstream_create_on_fail(enum e_future_error err, const char * what, v
void ssl_upstream_create_on_success(future_result_t * result, void * user)
{
struct tfe_stream_private * _stream = (struct tfe_stream_private *) user;
evutil_socket_t fd=-1;
enum ssl_stream_action ssl_action=ssl_upstream_create_result_release_action(result);
if(SSL_ACTION_PASSTHROUGH==ssl_action)
evutil_socket_t fd = -1;
enum ssl_stream_action ssl_action = ssl_upstream_create_result_release_action(result);
if (SSL_ACTION_PASSTHROUGH == ssl_action)
{
_stream->tcp_passthough=1;
fd=ssl_upstream_create_result_release_fd(result);
_stream->conn_upstream=__conn_private_create_by_fd(_stream, fd);
_stream->conn_downstream=__conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
_stream->tcp_passthough = 1;
_stream->conn_upstream = __conn_private_create_by_fd(_stream, _stream->defer_fd_upstream);
_stream->conn_downstream = __conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
__conn_private_enable(_stream->conn_downstream);
__conn_private_enable(_stream->conn_upstream);
}
else if(SSL_ACTION_SHUTDOWN==ssl_action)
else if (SSL_ACTION_SHUTDOWN == ssl_action)
{
tfe_stream_destory(_stream);
}
@@ -1010,7 +1009,8 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
struct bufferevent * bev = ssl_upstream_create_result_release_bev(result);
assert(upstream != NULL && bev != NULL);
/* Create connection ctx by bev */
/* Create connection ctx by bev, fd's ownership is transfer to bev */
_stream->defer_fd_upstream = 0;
_stream->conn_upstream = __conn_private_create_by_bev(_stream, bev);
_stream->ssl_upstream = upstream;
@@ -1024,10 +1024,9 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
ssl_async_downstream_create(_stream->future_downstream_create, _stream->ssl_mgr,
_stream->ssl_upstream, _stream->defer_fd_downstream, &_stream->head);
}
future_destroy(_stream->future_upstream_create);
_stream->future_upstream_create = NULL;
_stream->defer_fd_upstream = 0;
}
void ssl_upstream_create_on_fail(enum e_future_error err, const char * what, void * user)
@@ -1327,13 +1326,21 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
if (_stream->session_type == STREAM_PROTO_PLAIN)
{
_stream->conn_downstream = __conn_private_create_by_fd(_stream, fd_downstream);
if (_stream->conn_downstream != NULL)
{
_stream->defer_fd_downstream = 0;
}
else
{
goto __errout;
}
_stream->conn_upstream = __conn_private_create_by_fd(_stream, fd_upstream);
/* Defer FD has been transfer to conn_downstream/conn_upstream */
_stream->defer_fd_downstream = 0;
_stream->defer_fd_upstream = 0;
if (unlikely(_stream->conn_downstream == NULL || _stream->conn_upstream == NULL))
if (_stream->conn_upstream != NULL)
{
_stream->defer_fd_downstream = 0;
}
else
{
goto __errout;
}
@@ -1364,6 +1371,12 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
return 0;
__errout:
/* The fds not been accept by this function, clear up and release at caller */
_stream->defer_fd_downstream = 0;
_stream->defer_fd_upstream = 0;
_stream->log_fd_downstream = 0;
_stream->log_fd_upstream = 0;
return -1;
}