From 9844d1887bba4d3f4df4f0e91e6a0a9f266ba23e Mon Sep 17 00:00:00 2001 From: Anthony Minessale Date: Fri, 17 Mar 2017 13:47:35 -0500 Subject: [PATCH] FS-10150: [freeswitch-core] Reduce writes to closed ssl sockets #resolve Conflicts: libs/libks/src/kws.c libs/sofia-sip/.update --- libs/sofia-sip/.update | 2 +- libs/sofia-sip/libsofia-sip-ua/tport/ws.c | 136 +++++++++++----------- src/mod/endpoints/mod_verto/ws.c | 34 +++--- 3 files changed, 90 insertions(+), 82 deletions(-) diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update index 5337a4a890..e24a7c97f1 100644 --- a/libs/sofia-sip/.update +++ b/libs/sofia-sip/.update @@ -1 +1 @@ -Thu Feb 9 17:36:33 CST 2017 +Mon Mar 20 17:03:26 CDT 2017 diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c index 6db2523320..71b862ac62 100644 --- a/libs/sofia-sip/libsofia-sip-ua/tport/ws.c +++ b/libs/sofia-sip/libsofia-sip-ua/tport/ws.c @@ -14,7 +14,7 @@ #define ms_sleep(x) usleep( x * 1000); #else #define ms_sleep(x) Sleep( x ); -#endif +#endif #ifdef _MSC_VER /* warning C4706: assignment within conditional expression*/ @@ -29,11 +29,11 @@ static struct ws_globals_s ws_globals; #ifndef WSS_STANDALONE -void init_ssl(void) +void init_ssl(void) { SSL_library_init(); } -void deinit_ssl(void) +void deinit_ssl(void) { return; } @@ -107,13 +107,13 @@ void init_ssl(void) { assert(ws_globals.ssl_ctx); /* Disable SSLv2 */ - SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_SSLv2); /* Disable SSLv3 */ - SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv3); + SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_SSLv3); /* Disable TLSv1 */ - SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_TLSv1); /* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */ - SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ws_globals.ssl_ctx, SSL_OP_NO_COMPRESSION); /* set the local certificate from CertFile */ SSL_CTX_use_certificate_file(ws_globals.ssl_ctx, ws_globals.cert, SSL_FILETYPE_PEM); /* set the private key from KeyFile */ @@ -166,28 +166,28 @@ static int cheezy_get_var(char *data, char *name, char *buf, size_t buflen) e = strchr(v, '\n'); } } - + if (v && e) { int cplen; size_t len = e - v; - + if (len > buflen - 1) { cplen = buflen -1; } else { cplen = len; } - + strncpy(buf, v, cplen); *(buf+cplen) = '\0'; return 1; } - + } } return 0; } -static int b64encode(unsigned char *in, size_t ilen, unsigned char *out, size_t olen) +static int b64encode(unsigned char *in, size_t ilen, unsigned char *out, size_t olen) { int y=0,bytes=0; size_t x=0; @@ -231,7 +231,7 @@ static void sha1_digest(char *digest, unsigned char *in) SHA1Update(&sha, in, strlen(in)); SHA1Final(&sha, digest); } -#else +#else static void sha1_digest(unsigned char *digest, char *in) { @@ -269,18 +269,18 @@ int ws_handshake(wsh_t *wsh) } } - if (bytes > wsh->buflen -1) { + if (bytes < 0 || bytes > wsh->buflen -1) { goto err; } *(wsh->buffer + wsh->datalen) = '\0'; - + if (strncasecmp(wsh->buffer, "GET ", 4)) { goto err; } - + p = wsh->buffer + 4; - + e = strchr(p, ' '); if (!e) { goto err; @@ -293,11 +293,11 @@ int ws_handshake(wsh_t *wsh) cheezy_get_var(wsh->buffer, "Sec-WebSocket-Key", key, sizeof(key)); cheezy_get_var(wsh->buffer, "Sec-WebSocket-Version", version, sizeof(version)); cheezy_get_var(wsh->buffer, "Sec-WebSocket-Protocol", proto, sizeof(proto)); - + if (!*key) { goto err; } - + snprintf(input, sizeof(input), "%s%s", key, WEBSOCKET_GUID); sha1_digest(output, input); b64encode((unsigned char *)output, SHA1_HASH_SIZE, (unsigned char *)b64, sizeof(b64)); @@ -306,7 +306,7 @@ int ws_handshake(wsh_t *wsh) snprintf(proto_buf, sizeof(proto_buf), "Sec-WebSocket-Protocol: %s\r\n", proto); } - snprintf(respond, sizeof(respond), + snprintf(respond, sizeof(respond), "HTTP/1.1 101 Switching Protocols\r\n" "Upgrade: websocket\r\n" "Connection: Upgrade\r\n" @@ -328,11 +328,13 @@ int ws_handshake(wsh_t *wsh) if (!wsh->stay_open) { - snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n" - "Sec-WebSocket-Version: 13\r\n\r\n"); - respond[511] = 0; + if (bytes > 0) { + snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n" + "Sec-WebSocket-Version: 13\r\n\r\n"); + respond[511] = 0; - ws_raw_write(wsh, respond, strlen(respond)); + ws_raw_write(wsh, respond, strlen(respond)); + } ws_close(wsh, WS_NONE); } @@ -355,7 +357,7 @@ ssize_t ws_raw_read(wsh_t *wsh, void *data, size_t bytes, int block) if (r == -1) { err = SSL_get_error(wsh->ssl, r); - + if (err == SSL_ERROR_WANT_READ) { if (!block) { r = -2; @@ -390,7 +392,7 @@ ssize_t ws_raw_read(wsh_t *wsh, void *data, size_t bytes, int block) } } } while (r == -1 && xp_is_blocking(xp_errno()) && wsh->x < 1000); - + end: if (wsh->x >= 10000 || (block && wsh->x >= 1000)) { @@ -404,7 +406,7 @@ ssize_t ws_raw_read(wsh_t *wsh, void *data, size_t bytes, int block) if (r >= 0) { wsh->x = 0; } - + return r; } @@ -436,13 +438,13 @@ ssize_t ws_raw_write(wsh_t *wsh, void *data, size_t bytes) if (ssl_err) { r = ssl_err * -1; } - + return r; } do { r = send(wsh->sock, (void *)((unsigned char *)data + wrote), bytes - wrote, 0); - + if (r > 0) { wrote += r; } @@ -450,9 +452,9 @@ ssize_t ws_raw_write(wsh_t *wsh, void *data, size_t bytes) if (sanity < 2000) { ms_sleep(1); } - + } while (--sanity > 0 && ((r == -1 && xp_is_blocking(xp_errno())) || (wsh->block && wrote < bytes))); - + //if (r<0) { //printf("wRITE FAIL: %s\n", strerror(errno)); //} @@ -538,7 +540,7 @@ int establish_logical_layer(wsh_t *wsh) if (code == 0) { return -1; } - + if (code < 0) { if (code == -1 && SSL_get_error(wsh->ssl, code) != SSL_ERROR_WANT_READ) { return -1; @@ -558,11 +560,11 @@ int establish_logical_layer(wsh_t *wsh) } } while (wsh->sanity > 0); - + if (!wsh->sanity) { return -1; } - + } while (!wsh->down && !wsh->handshake) { @@ -580,7 +582,7 @@ int establish_logical_layer(wsh_t *wsh) } wsh->logical_established = 1; - + return 0; } @@ -641,7 +643,7 @@ void ws_destroy(wsh_t *wsh) if (wsh->down > 1) { return; } - + wsh->down = 2; if (wsh->write_buffer) { @@ -667,15 +669,15 @@ void ws_destroy(wsh_t *wsh) } -ssize_t ws_close(wsh_t *wsh, int16_t reason) +ssize_t ws_close(wsh_t *wsh, int16_t reason) { - + if (wsh->down) { return -1; } wsh->down = 1; - + if (wsh->uri) { free(wsh->uri); wsh->uri = NULL; @@ -703,7 +705,7 @@ ssize_t ws_close(wsh_t *wsh, int16_t reason) wsh->sock = ws_sock_invalid; return reason * -1; - + } @@ -722,7 +724,7 @@ uint64_t ntoh64(uint64_t val) ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) { - + ssize_t need = 2; char *maskp; int ll = 0; @@ -748,20 +750,22 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) } if (!wsh->handshake) { - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } if ((wsh->datalen = ws_raw_read(wsh, wsh->buffer, 9, wsh->block)) < 0) { if (wsh->datalen == -2) { return -2; } - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } - + if (wsh->datalen < need) { - if ((wsh->datalen += ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK)) < need) { + ssize_t bytes = ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK); + + if (bytes < 0 || (wsh->datalen += bytes) < need) { /* too small - protocol err */ - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } } @@ -783,7 +787,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) { int fin = (wsh->buffer[0] >> 7) & 1; int mask = (wsh->buffer[1] >> 7) & 1; - + if (!fin && *oc != WSOC_CONTINUATION) { frag = 1; @@ -793,17 +797,17 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (mask) { need += 4; - + if (need > wsh->datalen) { /* too small - protocol err */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } } wsh->plen = wsh->buffer[1] & 0x7f; wsh->payload = &wsh->buffer[2]; - + if (wsh->plen == 127) { uint64_t *u64; int more = 0; @@ -817,16 +821,16 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) more = ws_raw_read(wsh, wsh->buffer + wsh->datalen, need - wsh->datalen, WS_BLOCK); - if (more < need - wsh->datalen) { + if (more < 0 || more < need - wsh->datalen) { *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } else { wsh->datalen += more; } } - + u64 = (uint64_t *) wsh->payload; wsh->payload += 8; wsh->plen = ntoh64(*u64); @@ -838,7 +842,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (need > wsh->datalen) { /* too small - protocol err */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } u16 = (uint16_t *) wsh->payload; @@ -856,14 +860,14 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (need < 0) { /* invalid read - protocol err .. */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } blen = wsh->body - wsh->bbuffer; if (need + blen > (ssize_t)wsh->bbuflen) { void *tmp; - + wsh->bbuflen = need + blen + wsh->rplen; if ((tmp = realloc(wsh->bbuffer, wsh->bbuflen))) { @@ -876,25 +880,25 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) } wsh->rplen = wsh->plen - need; - + if (wsh->rplen) { memcpy(wsh->body, wsh->payload, wsh->rplen); } - + while(need) { ssize_t r = ws_raw_read(wsh, wsh->body + wsh->rplen, need, WS_BLOCK); if (r < 1) { /* invalid read - protocol err .. */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } wsh->datalen += r; wsh->rplen += r; need -= r; } - + if (mask && maskp) { ssize_t i; @@ -902,7 +906,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) wsh->body[i] ^= maskp[i % 4]; } } - + if (*oc == WSOC_PING) { ws_write_frame(wsh, WSOC_PONG, wsh->body, wsh->rplen); @@ -918,7 +922,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) } *data = (uint8_t *)wsh->bbuffer; - + //printf("READ[%ld][%d]-----------------------------:\n[%s]\n-------------------------------\n", wsh->packetlen, *oc, (char *)*data); @@ -966,7 +970,7 @@ ssize_t ws_write_frame(wsh_t *wsh, ws_opcode_t oc, void *data, size_t bytes) hdr[1] = 127; hlen += 8; - + u64 = (uint64_t *) &hdr[2]; *u64 = hton64(bytes); } @@ -981,17 +985,17 @@ ssize_t ws_write_frame(wsh_t *wsh, ws_opcode_t oc, void *data, size_t bytes) abort(); } } - + bp = (uint8_t *) wsh->write_buffer; memcpy(bp, (void *) &hdr[0], hlen); memcpy(bp + hlen, data, bytes); - + raw_ret = ws_raw_write(wsh, bp, (hlen + bytes)); if (raw_ret != (ssize_t) (hlen + bytes)) { return raw_ret; } - + return bytes; } diff --git a/src/mod/endpoints/mod_verto/ws.c b/src/mod/endpoints/mod_verto/ws.c index a6fe8781c9..018648884a 100644 --- a/src/mod/endpoints/mod_verto/ws.c +++ b/src/mod/endpoints/mod_verto/ws.c @@ -269,7 +269,7 @@ int ws_handshake(wsh_t *wsh) } } - if (bytes > wsh->buflen -1) { + if (bytes < 0 || bytes > wsh->buflen -1) { goto err; } @@ -328,11 +328,13 @@ int ws_handshake(wsh_t *wsh) if (!wsh->stay_open) { - snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n" - "Sec-WebSocket-Version: 13\r\n\r\n"); - respond[511] = 0; + if (bytes > 0) { + snprintf(respond, sizeof(respond), "HTTP/1.1 400 Bad Request\r\n" + "Sec-WebSocket-Version: 13\r\n\r\n"); + respond[511] = 0; - ws_raw_write(wsh, respond, strlen(respond)); + ws_raw_write(wsh, respond, strlen(respond)); + } ws_close(wsh, WS_NONE); } @@ -748,20 +750,22 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) } if (!wsh->handshake) { - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } if ((wsh->datalen = ws_raw_read(wsh, wsh->buffer, 9, wsh->block)) < 0) { if (wsh->datalen == -2) { return -2; } - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } if (wsh->datalen < need) { - if ((wsh->datalen += ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK)) < need) { + ssize_t bytes = ws_raw_read(wsh, wsh->buffer + wsh->datalen, 9 - wsh->datalen, WS_BLOCK); + + if (bytes < 0 || (wsh->datalen += bytes) < need) { /* too small - protocol err */ - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } } @@ -797,7 +801,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (need > wsh->datalen) { /* too small - protocol err */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } } @@ -817,9 +821,9 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) more = ws_raw_read(wsh, wsh->buffer + wsh->datalen, need - wsh->datalen, WS_BLOCK); - if (more < need - wsh->datalen) { + if (more < 0 || more < need - wsh->datalen) { *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } else { wsh->datalen += more; } @@ -838,7 +842,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (need > wsh->datalen) { /* too small - protocol err */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } u16 = (uint16_t *) wsh->payload; @@ -856,7 +860,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (need < 0) { /* invalid read - protocol err .. */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } blen = wsh->body - wsh->bbuffer; @@ -887,7 +891,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data) if (r < 1) { /* invalid read - protocol err .. */ *oc = WSOC_CLOSE; - return ws_close(wsh, WS_PROTO_ERR); + return ws_close(wsh, WS_NONE); } wsh->datalen += r;