Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix srv_dst EOF on outbound connection before connection establishment, free conn, also move i/o debug lines to prevent segfault due to already freed srv_dst

Browse Source 
Remove squid header lines only in children
pull/13/head
Soner Tari 7 years ago
parent 2411f79582
commit dd7bf7b277
2 changed files with 38 additions and 28 deletions
Show Stats Download Patch File Download Diff File

54
pxyconn.c
Unescape Escape View File

@ -1501,15 +1501,15 @@ pxy_http_reqhdr_filter_line(const char *line, pxy_conn_ctx_t *ctx, int child)
}
return newhdr;
} else if (!strncasecmp(line, "Accept-Encoding:", 16) ||
!strncasecmp(line, "Keep-Alive:", 11) ||
!strncasecmp(line, "Keep-Alive:", 11)) {
return NULL;
} else if (child && (!strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN) ||
!strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN) ||
// @attention flickr keeps redirecting to https with 301 unless we remove the Via line of squid
// Apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
!strncasecmp(line, "Via:", 4) ||
// Also do not send the loopback address to the Internet
!strncasecmp(line, "X-Forwarded-For:", 16)) {
return NULL;
} else if (child && (!strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN) ||
!strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN))) {
!strncasecmp(line, "X-Forwarded-For:", 16))) {
return NULL;
} else if (line[0] == '\0') {
ctx->seen_req_header = 1;
@ -2881,7 +2881,7 @@ leave:
}
static void
pxy_print_ssl_error(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
pxy_print_ssl_error(struct bufferevent *bev, UNUSED pxy_conn_ctx_t *ctx)
{
unsigned long sslerr;
@ -3026,28 +3026,31 @@ pxy_bev_eventcb(struct bufferevent *bev, short events, void *arg)
if (events & BEV_EVENT_EOF) {
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_bev_eventcb: EOF %s fd=%d\n", event_name, ctx->fd);
#ifdef DEBUG_PROXY
if (OPTS_DEBUG(ctx->opts)) {
log_dbg_printf("evbuffer size at EOF: "
"i:%zu o:%zu i:%zu o:%zu\n",
evbuffer_get_length(
bufferevent_get_input(bev)),
evbuffer_get_length(
bufferevent_get_output(bev)),
evbuffer_get_length(
bufferevent_get_input(other->bev)),
evbuffer_get_length(
bufferevent_get_output(other->bev))
);
}
#endif /* DEBUG_PROXY */
if (bev == ctx->srv_dst.bev) {
bufferevent_free_and_close_fd(ctx->srv_dst.bev, ctx);
ctx->srv_dst.bev = NULL;
ctx->srv_dst.closed = 1;
// bufferevent_free_and_close_fd(ctx->srv_dst.bev, ctx);
// ctx->srv_dst.bev = NULL;
// ctx->srv_dst.closed = 1;
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_bev_eventcb: EOF on outbound connection before connection establishment, fd=%d\n", ctx->fd);
pxy_conn_free(ctx, 1);
return;
} else {
#ifdef DEBUG_PROXY
if (OPTS_DEBUG(ctx->opts)) {
log_dbg_printf("evbuffer size at EOF: "
"i:%zu o:%zu i:%zu o:%zu\n",
evbuffer_get_length(
bufferevent_get_input(bev)),
evbuffer_get_length(
bufferevent_get_output(bev)),
evbuffer_get_length(
bufferevent_get_input(other->bev)),
evbuffer_get_length(
bufferevent_get_output(other->bev))
);
}
#endif /* DEBUG_PROXY */
// @todo How to handle the following case?
if (!ctx->connected) {
log_dbg_printf("EOF on outbound connection before "
"connection establishment\n");
@ -3183,6 +3186,7 @@ pxy_bev_eventcb_child(struct bufferevent *bev, short events, void *arg)
if (!ctx->connected) {
log_dbg_printf("EOF on outbound connection before "
"connection establishment\n");
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>=================================== pxy_bev_eventcb_child: EOF on outbound connection before connection establishment, fd=%d, pfd=%d\n", ctx->fd, parent->fd);
evutil_closesocket(ctx->fd);
other->closed = 1;
} else if (!other->closed) {

12
pxysslshut.c
Unescape Escape View File

@ -90,6 +90,7 @@ pxy_ssl_shutdown_cb(evutil_socket_t fd, UNUSED short what, void *arg)
{
pxy_ssl_shutdown_ctx_t *ctx = arg;
struct timeval retry_delay = {0, 100};
// struct timeval retry_delay = {0, 500};
short want = 0;
int rv, sslerr;
@ -116,18 +117,23 @@ pxy_ssl_shutdown_cb(evutil_socket_t fd, UNUSED short what, void *arg)
switch ((sslerr = SSL_get_error(ctx->ssl, rv))) {
case SSL_ERROR_WANT_READ:
want = EV_READ;
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_ssl_shutdown_cb: SSL_ERROR_WANT_READ, retries=%d, fd=%d\n", ctx->retries, fd);
goto retry;
case SSL_ERROR_WANT_WRITE:
want = EV_WRITE;
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_ssl_shutdown_cb: SSL_ERROR_WANT_WRITE, retries=%d, fd=%d\n", ctx->retries, fd);
goto retry;
case SSL_ERROR_ZERO_RETURN:
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_ssl_shutdown_cb: SSL_ERROR_ZERO_RETURN, retries=%d, fd=%d\n", ctx->retries, fd);
goto retry;
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_ssl_shutdown_cb: SSL_ERROR_SYSCALL or SSL_ERROR_SSL, retries=%d, fd=%d\n", ctx->retries, fd);
goto complete;
default:
log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_ssl_shutdown_cb: default, retries=%d, fd=%d\n", ctx->retries, fd);
log_err_printf("Unhandled SSL_shutdown() "
"error %i. Closing fd.\n", sslerr);
"error %i. Closing fd, fd=%d\n", sslerr, fd);
goto complete;
}
goto complete;
@ -135,7 +141,7 @@ pxy_ssl_shutdown_cb(evutil_socket_t fd, UNUSED short what, void *arg)
retry:
if (ctx->retries++ >= 50) {
log_err_printf("Failed to shutdown SSL connection cleanly: "
"Max retries reached. Closing fd.\n");
"Max retries reached. Closing fd, fd=%d\n", fd);
goto complete;
}
ctx->ev = event_new(ctx->evbase, fd, want, pxy_ssl_shutdown_cb, ctx);
@ -144,7 +150,7 @@ retry:
return;
}
log_err_printf("Failed to shutdown SSL connection cleanly: "
"Cannot create event. Closing fd.\n");
"Cannot create event. Closing fd, fd=%d\n", fd);
complete:
if (OPTS_DEBUG(ctx->opts)) {

Write Preview
Loading…
Cancel
Save