Skip to content

Commit caad1eb

Browse files
toxehafanasyev
andauthored
fix: critical bugs in DNS proxy (#201)
- main.c: fix NULL pointer dereference in https_resp_cb() — req was used before NULL check, and FLOG also dereferenced NULL req->tx_id - main.c: fix potential crash in get_host_from_uri() — strlen(host) was called before checking curl_url_get() return code, host could be NULL - dns_server_tcp.c: fix data corruption on EAGAIN — sent += len was executed with len == -1 when EAGAIN/EWOULDBLOCK occurred, causing negative offset; added continue to skip the addition - dns_server_tcp.c: fix format string mismatches in FLOG() calls — format had 2 specifiers but 4 arguments were passed (ipstr, port, strerror, errno); changed format to include all 4 arguments - dns_server_tcp.c: fix typo 'listaning' -> 'listening' - https_client.c: remove deprecated CURLPIPE_HTTP1 (since libcurl 7.62.0), keep only CURLPIPE_MULTIPLEX Co-authored-by: afanasyev <aafanasev@rtk-soft.ru>
1 parent 67ecae0 commit caad1eb

File tree

3 files changed

+16
-13
lines changed

3 files changed

+16
-13
lines changed

src/dns_server_tcp.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -257,17 +257,17 @@ static int get_tcp_listen_sock(struct addrinfo *listen_addrinfo) {
257257
}
258258

259259
if (listen(sock, LISTEN_BACKLOG) == -1) {
260-
FLOG("Error listaning on %s:%d TCP: %s (%d)", ipstr, port,
260+
FLOG("Error listening on %s:%d TCP: %s (%d)", ipstr, port,
261261
strerror(errno), errno);
262262
}
263263

264264
int flags = fcntl(sock, F_GETFL, 0);
265265
if (flags == -1) {
266-
FLOG("Error getting TCP socket flags: %s (%d)", ipstr, port,
266+
FLOG("Error getting TCP socket flags on %s:%d: %s (%d)", ipstr, port,
267267
strerror(errno), errno);
268268
}
269269
if (fcntl(sock, F_SETFL, flags | O_NONBLOCK) == -1) {
270-
FLOG("Error setting TCP socket to non-blocking: %s (%d)", ipstr, port,
270+
FLOG("Error setting TCP socket to non-blocking on %s:%d: %s (%d)", ipstr, port,
271271
strerror(errno), errno);
272272
}
273273

@@ -344,6 +344,7 @@ void dns_server_tcp_respond(dns_server_tcp_t *d,
344344
remove_client(client);
345345
return;
346346
}
347+
continue;
347348
}
348349
sent += len;
349350

src/https_client.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -659,7 +659,7 @@ static void https_client_multi_init(https_client_t *c, struct curl_slist *header
659659
c->curlm = curl_multi_init(); // if fails, first setopt will fail
660660
c->header_list = header_list;
661661

662-
ASSERT_CURL_MULTI_SETOPT(c->curlm, CURLMOPT_PIPELINING, CURLPIPE_HTTP1 | CURLPIPE_MULTIPLEX);
662+
ASSERT_CURL_MULTI_SETOPT(c->curlm, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
663663
ASSERT_CURL_MULTI_SETOPT(c->curlm, CURLMOPT_MAX_TOTAL_CONNECTIONS, HTTPS_CONNECTION_LIMIT);
664664
ASSERT_CURL_MULTI_SETOPT(c->curlm, CURLMOPT_MAX_HOST_CONNECTIONS, HTTPS_CONNECTION_LIMIT);
665665
ASSERT_CURL_MULTI_SETOPT(c->curlm, CURLMOPT_SOCKETDATA, c);

src/main.c

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -58,13 +58,15 @@ static int hostname_from_url(const char* url_in,
5858
if (rc == CURLUE_OK) {
5959
char *host = NULL;
6060
rc = curl_url_get(url, CURLUPART_HOST, &host, 0);
61-
const size_t host_len = strlen(host);
62-
if (rc == CURLUE_OK && host_len < hostname_len &&
63-
host[0] != '[' && host[host_len-1] != ']' && // skip IPv6 address
64-
!is_ipv4_address(host)) {
65-
strncpy(hostname, host, hostname_len-1);
66-
hostname[hostname_len-1] = '\0';
67-
res = 1; // success
61+
if (rc == CURLUE_OK && host != NULL) {
62+
const size_t host_len = strlen(host);
63+
if (host_len < hostname_len &&
64+
host[0] != '[' && host[host_len-1] != ']' && // skip IPv6 address
65+
!is_ipv4_address(host)) {
66+
strncpy(hostname, host, hostname_len-1);
67+
hostname[hostname_len-1] = '\0';
68+
res = 1; // success
69+
}
6870
}
6971
curl_free(host);
7072
}
@@ -88,10 +90,10 @@ static void sigpipe_cb(struct ev_loop __attribute__((__unused__)) *loop,
8890

8991
static void https_resp_cb(void *data, char *buf, size_t buflen) {
9092
request_t *req = (request_t *)data;
91-
DLOG("Received response for id: %hX, len: %zu", req->tx_id, buflen);
9293
if (req == NULL) {
93-
FLOG("%04hX: data NULL", req->tx_id);
94+
FLOG("data NULL, buflen: %zu", buflen);
9495
}
96+
DLOG("Received response for id: %hX, len: %zu", req->tx_id, buflen);
9597
if (buf != NULL) { // May be NULL for timeout, DNS failure, or something similar.
9698
if (buflen < DNS_HEADER_LENGTH) {
9799
WLOG("%04hX: Malformed response received, too short: %u", req->tx_id, buflen);

0 commit comments

Comments
 (0)