From 891f28b43e0871bb47be2d1c301f47912ee6c917 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Wed, 21 Apr 2021 09:15:58 +0100 Subject: [PATCH] ss: proxy: fix conn deref on onward Trying to use the opaque pointer in the handle to point to the conn isn't going to work when we need it to point to the ss handle. Move it to have its on place in the handle. --- lib/secure-streams/private-lib-secure-streams.h | 3 +++ lib/secure-streams/secure-streams-process.c | 5 ++--- lib/secure-streams/secure-streams.c | 2 +- lib/system/metrics/metrics.c | 8 +++++--- .../minimal-secure-streams-testsfail/CMakeLists.txt | 4 ++-- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/secure-streams/private-lib-secure-streams.h b/lib/secure-streams/private-lib-secure-streams.h index 60d30bf4f..a4988ed6d 100644 --- a/lib/secure-streams/private-lib-secure-streams.h +++ b/lib/secure-streams/private-lib-secure-streams.h @@ -39,6 +39,7 @@ typedef enum { SSSEQ_CONNECTED, } lws_ss_seq_state_t; +struct conn; /** * lws_ss_handle_t: publicly-opaque secure stream object implementation @@ -70,6 +71,8 @@ typedef struct lws_ss_handle { struct lws_sequencer *seq; /**< owning sequencer if any */ struct lws *wsi; /**< the stream wsi if any */ + struct conn *conn_if_sspc_onw; + #if defined(LWS_WITH_SSPLUGINS) void *nauthi; /**< the nauth plugin instance data */ void *sauthi; /**< the sauth plugin instance data */ diff --git a/lib/secure-streams/secure-streams-process.c b/lib/secure-streams/secure-streams-process.c index 9edd7a631..abd8c9128 100644 --- a/lib/secure-streams/secure-streams-process.c +++ b/lib/secure-streams/secure-streams-process.c @@ -68,13 +68,12 @@ void lws_proxy_clean_conn_ss(struct lws *wsi) { #if 0 - struct conn *conn; + lws_ss_handle_t *h = (lws_ss_handle_t *)wsi->a.opaque_user_data; + struct conn *conn = h->conn_if_sspc_onw; if (!wsi) return; - conn = (struct conn *)wsi->a.opaque_user_data; - if (conn && conn->ss) conn->ss->wsi = NULL; #endif diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c index 76aca7589..d801da7ff 100644 --- a/lib/secure-streams/secure-streams.c +++ b/lib/secure-streams/secure-streams.c @@ -722,7 +722,7 @@ _lws_ss_client_connect(lws_ss_handle_t *h, int is_retry, void *conn_if_sspc_onw) if (conn_if_sspc_onw) { i.ssl_connection |= LCCSCF_SECSTREAM_PROXY_ONWARD; - // i.opaque_user_data = conn_if_sspc_onw; + h->conn_if_sspc_onw = conn_if_sspc_onw; } diff --git a/lib/system/metrics/metrics.c b/lib/system/metrics/metrics.c index f906bcd40..b7a2accac 100644 --- a/lib/system/metrics/metrics.c +++ b/lib/system/metrics/metrics.c @@ -606,11 +606,13 @@ lws_metrics_hist_bump_describe_wsi(struct lws *wsi, lws_metric_pub_t *pub, h->ssi.streamtype); } else if (wsi->client_proxy_onward) { - struct conn *conn = (struct conn *)wsi->a.opaque_user_data; + lws_ss_handle_t *h = (lws_ss_handle_t *)wsi->a.opaque_user_data; + struct conn *conn = h->conn_if_sspc_onw; if (conn && conn->ss) - p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "ss=\"%s\",", - conn->ss->info.streamtype); + p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), + "ss=\"%s\",", + conn->ss->info.streamtype); } else #endif if (wsi->for_ss) { diff --git a/minimal-examples/secure-streams/minimal-secure-streams-testsfail/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-testsfail/CMakeLists.txt index 824449434..cd194e18d 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-testsfail/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-testsfail/CMakeLists.txt @@ -53,11 +53,11 @@ if (requirements) -i ${CTEST_SOCKET_PATH} -d1039) set_tests_properties(st_sstfproxy PROPERTIES WORKING_DIRECTORY . FIXTURES_SETUP sstfproxy TIMEOUT 800) - add_test(NAME ki_ssproxy COMMAND + add_test(NAME ki_sstfproxy COMMAND ${CMAKE_SOURCE_DIR}/scripts/ctest-background-kill.sh sstfproxy $ -i ${CTEST_SOCKET_PATH}) - set_tests_properties(ki_ssproxy PROPERTIES FIXTURES_CLEANUP sstfproxy) + set_tests_properties(ki_sstfproxy PROPERTIES FIXTURES_CLEANUP sstfproxy) # # the client part that will connect to the proxy