From 8a96565d99f69f3dfa40484fc550a0a0f01921e4 Mon Sep 17 00:00:00 2001
From: Soner Tari <sonertari@gmail.com>
Date: Wed, 6 May 2020 12:15:43 +0300
Subject: [PATCH] Zero out msg buf as in sslsplit

https://github.com/droe/sslsplit/commit/ce5f409dbe9353ebcfc4f8eeb8dd30e039f4be3b
("Zero all bytes when passing file descriptors over AF_UNIX sockets",
2018-11-12)

Also, bufferevent_getfd() returns -1 if no file descriptor is associated
with the bufferevent.
---
 src/opts.c                | 3 +--
 src/protossl.c            | 5 ++++-
 src/sys.c                 | 5 ++---
 tests/testproxy/lp/opts.c | 3 +--
 tests/testproxy/lp/sys.c  | 5 ++---
 5 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/opts.c b/src/opts.c
index 1ee72d9..3149ade 100644
--- a/src/opts.c
+++ b/src/opts.c
@@ -2768,9 +2768,8 @@ global_set_option(global_t *global, const char *argv0, const char *optarg,
 		retval = set_global_option(global, argv0, name, value, natengine, 0, NULL);
 	}
 
-	if (line) {
+	if (line)
 		free(line);
-	}
 	return retval;
 }
 
diff --git a/src/protossl.c b/src/protossl.c
index 4bd31b8..00cd168 100644
--- a/src/protossl.c
+++ b/src/protossl.c
@@ -1065,7 +1065,10 @@ protossl_bufferevent_free_and_close_fd(struct bufferevent *bev, pxy_conn_ctx_t *
 #endif /* DEBUG_PROXY */
 
 	SSL_free(ssl);
-	evutil_closesocket(fd);
+	/* bufferevent_getfd() returns -1 if no file descriptor is associated
+	 * with the bufferevent */
+	if (fd >= 0)
+		evutil_closesocket(fd);
 }
 
 void
diff --git a/src/sys.c b/src/sys.c
index 7459217..271bfc2 100644
--- a/src/sys.c
+++ b/src/sys.c
@@ -767,8 +767,6 @@ sys_sendmsgfd(int sock, void *buf, size_t bufsz, int fd)
 	char cmsgbuf[CMSG_SPACE(sizeof(int))];
 	ssize_t n;
 
-	memset(cmsgbuf, 0, sizeof(cmsgbuf));
-
 	iov.iov_base = buf;
 	iov.iov_len = bufsz;
 
@@ -776,10 +774,12 @@ sys_sendmsgfd(int sock, void *buf, size_t bufsz, int fd)
 	msg.msg_namelen = 0;
 	msg.msg_iov = &iov;
 	msg.msg_iovlen = 1;
+	msg.msg_flags = 0;
 
 	if (fd != -1) {
 		msg.msg_control = cmsgbuf;
 		msg.msg_controllen = sizeof(cmsgbuf);
+		memset(cmsgbuf, 0, sizeof(cmsgbuf));
 
 		cmsg = CMSG_FIRSTHDR(&msg);
 		if (!cmsg)
@@ -1042,4 +1042,3 @@ sys_rand32(void) {
 }
 
 /* vim: set noet ft=c: */
-
diff --git a/tests/testproxy/lp/opts.c b/tests/testproxy/lp/opts.c
index ffad08c..37debbf 100644
--- a/tests/testproxy/lp/opts.c
+++ b/tests/testproxy/lp/opts.c
@@ -684,9 +684,8 @@ opts_set_option(opts_t *opts, const char *argv0, const char *optarg)
 		retval = set_option(opts, argv0, name, value, 0);
 	}
 
-	if (line) {
+	if (line)
 		free(line);
-	}
 	return retval;
 }
 
diff --git a/tests/testproxy/lp/sys.c b/tests/testproxy/lp/sys.c
index 41bfdb2..6f38749 100644
--- a/tests/testproxy/lp/sys.c
+++ b/tests/testproxy/lp/sys.c
@@ -584,8 +584,6 @@ sys_sendmsgfd(int sock, void *buf, size_t bufsz, int fd)
 	char cmsgbuf[CMSG_SPACE(sizeof(int))];
 	ssize_t n;
 
-	memset(cmsgbuf, 0, sizeof(cmsgbuf));
-
 	iov.iov_base = buf;
 	iov.iov_len = bufsz;
 
@@ -593,10 +591,12 @@ sys_sendmsgfd(int sock, void *buf, size_t bufsz, int fd)
 	msg.msg_namelen = 0;
 	msg.msg_iov = &iov;
 	msg.msg_iovlen = 1;
+	msg.msg_flags = 0;
 
 	if (fd != -1) {
 		msg.msg_control = cmsgbuf;
 		msg.msg_controllen = sizeof(cmsgbuf);
+		memset(cmsgbuf, 0, sizeof(cmsgbuf));
 
 		cmsg = CMSG_FIRSTHDR(&msg);
 		if (!cmsg)
@@ -675,4 +675,3 @@ sys_recvmsgfd(int sock, void *buf, size_t bufsz, int *pfd)
 }
 
 /* vim: set noet ft=c: */
-