mirror of https://github.com/moparisthebest/sslh
fixed getpeername causing sslh to quit
This commit is contained in:
parent
569c71f6b1
commit
f3c5f098ca
|
@ -1,3 +1,9 @@
|
||||||
|
vNEXT:
|
||||||
|
Fixed bugs related to getpeername that would cause
|
||||||
|
sslh to quit erroneously (getpeername can return
|
||||||
|
actual errors if connections are dropped before
|
||||||
|
getting to getpeername).
|
||||||
|
|
||||||
v1.15: 27JUL2013
|
v1.15: 27JUL2013
|
||||||
Added --transparent option for transparent proxying.
|
Added --transparent option for transparent proxying.
|
||||||
See README for iptables magic and capability
|
See README for iptables magic and capability
|
||||||
|
|
15
common.c
15
common.c
|
@ -110,8 +110,10 @@ int bind_peer(int fd, int fd_from)
|
||||||
from.ai_addr = (struct sockaddr*)&ss;
|
from.ai_addr = (struct sockaddr*)&ss;
|
||||||
from.ai_addrlen = sizeof(ss);
|
from.ai_addrlen = sizeof(ss);
|
||||||
|
|
||||||
|
/* getpeername can fail with ENOTCONN if connection was dropped before we
|
||||||
|
* got here */
|
||||||
res = getpeername(fd_from, from.ai_addr, &from.ai_addrlen);
|
res = getpeername(fd_from, from.ai_addr, &from.ai_addrlen);
|
||||||
CHECK_RES_DIE(res, "getpeername");
|
CHECK_RES_RETURN(res, "getpeername");
|
||||||
res = setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &trans, sizeof(trans));
|
res = setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &trans, sizeof(trans));
|
||||||
CHECK_RES_DIE(res, "setsockopt");
|
CHECK_RES_DIE(res, "setsockopt");
|
||||||
res = bind(fd, from.ai_addr, from.ai_addrlen);
|
res = bind(fd, from.ai_addr, from.ai_addrlen);
|
||||||
|
@ -140,8 +142,10 @@ int connect_addr(struct addrinfo *addr, int fd_from, const char* cnx_name)
|
||||||
if (fd == -1) {
|
if (fd == -1) {
|
||||||
log_message(LOG_ERR, "forward to %s failed:socket: %s\n", cnx_name, strerror(errno));
|
log_message(LOG_ERR, "forward to %s failed:socket: %s\n", cnx_name, strerror(errno));
|
||||||
} else {
|
} else {
|
||||||
if (transparent)
|
if (transparent) {
|
||||||
bind_peer(fd, fd_from);
|
res = bind_peer(fd, fd_from);
|
||||||
|
CHECK_RES_RETURN(res, "bind_peer");
|
||||||
|
}
|
||||||
res = connect(fd, a->ai_addr, a->ai_addrlen);
|
res = connect(fd, a->ai_addr, a->ai_addrlen);
|
||||||
if (res == -1) {
|
if (res == -1) {
|
||||||
log_message(LOG_ERR, "forward to %s failed:connect: %s\n",
|
log_message(LOG_ERR, "forward to %s failed:connect: %s\n",
|
||||||
|
@ -380,7 +384,8 @@ void log_connection(struct connection *cnx)
|
||||||
addr.ai_addrlen = sizeof(ss);
|
addr.ai_addrlen = sizeof(ss);
|
||||||
|
|
||||||
res = getpeername(cnx->q[0].fd, addr.ai_addr, &addr.ai_addrlen);
|
res = getpeername(cnx->q[0].fd, addr.ai_addr, &addr.ai_addrlen);
|
||||||
if (res == -1) return; /* that should never happen, right? */
|
if (res == -1) return; /* Can happen if connection drops before we get here.
|
||||||
|
In that case, don't log anything (there is no connection) */
|
||||||
sprintaddr(peer, sizeof(peer), &addr);
|
sprintaddr(peer, sizeof(peer), &addr);
|
||||||
|
|
||||||
addr.ai_addrlen = sizeof(ss);
|
addr.ai_addrlen = sizeof(ss);
|
||||||
|
@ -421,7 +426,7 @@ int check_access_rights(int in_socket, const char* service)
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
res = getpeername(in_socket, &peeraddr, &size);
|
res = getpeername(in_socket, &peeraddr, &size);
|
||||||
CHECK_RES_DIE(res, "getpeername");
|
CHECK_RES_RETURN(res, "getpeername");
|
||||||
|
|
||||||
/* extract peer address */
|
/* extract peer address */
|
||||||
res = getnameinfo(&peeraddr, size, addr_str, sizeof(addr_str), NULL, 0, NI_NUMERICHOST);
|
res = getnameinfo(&peeraddr, size, addr_str, sizeof(addr_str), NULL, 0, NI_NUMERICHOST);
|
||||||
|
|
Loading…
Reference in New Issue