From 60850fe3e8da936d5b24460f33a1bf8f4d321ace Mon Sep 17 00:00:00 2001
From: madmaxoft <github@xoft.cz>
Date: Thu, 1 May 2014 15:08:15 +0200
Subject: [PATCH] Fixed crashes in the SSL HTTP connection.

---
 src/ClientHandle.cpp                 |  3 ++-
 src/ClientHandle.h                   |  2 +-
 src/HTTPServer/HTTPConnection.cpp    | 14 +++++++-------
 src/HTTPServer/HTTPConnection.h      | 12 +++++++++---
 src/HTTPServer/SslHTTPConnection.cpp | 10 +++++++---
 src/HTTPServer/SslHTTPConnection.h   |  2 +-
 src/OSSupport/SocketThreads.h        |  6 ++++--
 src/RCONServer.cpp                   |  8 ++++----
 src/RCONServer.h                     |  2 +-
 9 files changed, 36 insertions(+), 23 deletions(-)

diff --git a/src/ClientHandle.cpp b/src/ClientHandle.cpp
index 2362abe1e..a2bfdd381 100644
--- a/src/ClientHandle.cpp
+++ b/src/ClientHandle.cpp
@@ -2649,12 +2649,13 @@ void cClientHandle::PacketError(unsigned char a_PacketType)
 
 
 
-void cClientHandle::DataReceived(const char * a_Data, size_t a_Size)
+bool cClientHandle::DataReceived(const char * a_Data, size_t a_Size)
 {
 	// Data is received from the client, store it in the buffer to be processed by the Tick thread:
 	m_TimeSinceLastPacket = 0;
 	cCSLock Lock(m_CSIncomingData);
 	m_IncomingData.append(a_Data, a_Size);
+	return false;
 }
 
 
diff --git a/src/ClientHandle.h b/src/ClientHandle.h
index 9f8d44129..ac44e43dc 100644
--- a/src/ClientHandle.h
+++ b/src/ClientHandle.h
@@ -387,7 +387,7 @@ private:
 	void HandleCommandBlockMessage(const char * a_Data, unsigned int a_Length);
 	
 	// cSocketThreads::cCallback overrides:
-	virtual void DataReceived   (const char * a_Data, size_t a_Size) override;  // Data is received from the client
+	virtual bool DataReceived   (const char * a_Data, size_t a_Size) override;  // Data is received from the client
 	virtual void GetOutgoingData(AString & a_Data) override;  // Data can be sent to client
 	virtual void SocketClosed   (void) override;  // The socket has been closed for any reason
 };										// tolua_export
diff --git a/src/HTTPServer/HTTPConnection.cpp b/src/HTTPServer/HTTPConnection.cpp
index 8e95eff2d..b127e7091 100644
--- a/src/HTTPServer/HTTPConnection.cpp
+++ b/src/HTTPServer/HTTPConnection.cpp
@@ -145,7 +145,7 @@ void cHTTPConnection::Terminate(void)
 
 
 
-void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
+bool cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 {
 	switch (m_State)
 	{
@@ -163,12 +163,12 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 				m_CurrentRequest = NULL;
 				m_State = wcsInvalid;
 				m_HTTPServer.CloseConnection(*this);
-				return;
+				return true;
 			}
 			if (m_CurrentRequest->IsInHeaders())
 			{
 				// The request headers are not yet complete
-				return;
+				return false;
 			}
 			
 			// The request has finished parsing its headers successfully, notify of it:
@@ -184,13 +184,12 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 			// Process the rest of the incoming data into the request body:
 			if (a_Size > BytesConsumed)
 			{
-				cHTTPConnection::DataReceived(a_Data + BytesConsumed, a_Size - BytesConsumed);
+				return cHTTPConnection::DataReceived(a_Data + BytesConsumed, a_Size - BytesConsumed);
 			}
 			else
 			{
-				cHTTPConnection::DataReceived("", 0);  // If the request has zero body length, let it be processed right-away
+				return cHTTPConnection::DataReceived("", 0);  // If the request has zero body length, let it be processed right-away
 			}
-			break;
 		}
 
 		case wcsRecvBody:
@@ -210,7 +209,7 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 				{
 					m_State = wcsInvalid;
 					m_HTTPServer.CloseConnection(*this);
-					return;
+					return true;
 				}
 				delete m_CurrentRequest;
 				m_CurrentRequest = NULL;
@@ -224,6 +223,7 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 			break;
 		}
 	}
+	return false;
 }
 
 
diff --git a/src/HTTPServer/HTTPConnection.h b/src/HTTPServer/HTTPConnection.h
index fc11f1ba6..6ea8a1ae8 100644
--- a/src/HTTPServer/HTTPConnection.h
+++ b/src/HTTPServer/HTTPConnection.h
@@ -91,9 +91,15 @@ protected:
 	
 	
 	// cSocketThreads::cCallback overrides:
-	virtual void DataReceived   (const char * a_Data, size_t a_Size) override;  // Data is received from the client
-	virtual void GetOutgoingData(AString & a_Data) override;  // Data can be sent to client
-	virtual void SocketClosed   (void) override;  // The socket has been closed for any reason
+	/** Data is received from the client.
+	Returns true if the connection has been closed as the result of parsing the data. */
+	virtual bool DataReceived(const char * a_Data, size_t a_Size) override;
+	
+	/** Data can be sent to client */
+	virtual void GetOutgoingData(AString & a_Data) override;
+	
+	/** The socket has been closed for any reason */
+	virtual void SocketClosed(void) override;
 } ;
 
 typedef std::vector<cHTTPConnection *> cHTTPConnections;
diff --git a/src/HTTPServer/SslHTTPConnection.cpp b/src/HTTPServer/SslHTTPConnection.cpp
index fff96bb2e..b6b222b47 100644
--- a/src/HTTPServer/SslHTTPConnection.cpp
+++ b/src/HTTPServer/SslHTTPConnection.cpp
@@ -25,7 +25,7 @@ cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509Ce
 
 
 
-void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
+bool cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 {
 	// If there is outgoing data in the queue, notify the server that it should write it out:
 	if (!m_OutgoingData.empty())
@@ -52,13 +52,17 @@ void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size)
 		int NumRead = m_Ssl.ReadPlain(Buffer, sizeof(Buffer));
 		if (NumRead > 0)
 		{
-			super::DataReceived(Buffer, (size_t)NumRead);
+			if (super::DataReceived(Buffer, (size_t)NumRead))
+			{
+				// The socket has been closed, and the object is already deleted. Bail out.
+				return true;
+			}
 		}
 		
 		// If both failed, bail out:
 		if ((BytesWritten == 0) && (NumRead <= 0))
 		{
-			return;
+			return false;
 		}
 	}
 }
diff --git a/src/HTTPServer/SslHTTPConnection.h b/src/HTTPServer/SslHTTPConnection.h
index 2a648e8c8..653acbfce 100644
--- a/src/HTTPServer/SslHTTPConnection.h
+++ b/src/HTTPServer/SslHTTPConnection.h
@@ -36,7 +36,7 @@ protected:
 	cPublicKeyPtr m_PrivateKey;
 	
 	// cHTTPConnection overrides:
-	virtual void DataReceived   (const char * a_Data, size_t a_Size) override;  // Data is received from the client
+	virtual bool DataReceived   (const char * a_Data, size_t a_Size) override;  // Data is received from the client
 	virtual void GetOutgoingData(AString & a_Data) override;  // Data can be sent to client
 } ;
 
diff --git a/src/OSSupport/SocketThreads.h b/src/OSSupport/SocketThreads.h
index 679e374e1..944f5f3bc 100644
--- a/src/OSSupport/SocketThreads.h
+++ b/src/OSSupport/SocketThreads.h
@@ -63,8 +63,10 @@ public:
 		// Force a virtual destructor in all subclasses:
 		virtual ~cCallback() {}
 		
-		/** Called when data is received from the remote party */
-		virtual void DataReceived(const char * a_Data, size_t a_Size) = 0;
+		/** Called when data is received from the remote party.
+		SocketThreads does not care about the return value, others can use it for their specific purpose -
+		for example HTTPServer uses it to signal if the connection was terminated as a result of the data received. */
+		virtual bool DataReceived(const char * a_Data, size_t a_Size) = 0;
 		
 		/** Called when data can be sent to remote party
 		The function is supposed to *set* outgoing data to a_Data (overwrite) */
diff --git a/src/RCONServer.cpp b/src/RCONServer.cpp
index d7083ff2b..fd4b26cab 100644
--- a/src/RCONServer.cpp
+++ b/src/RCONServer.cpp
@@ -169,7 +169,7 @@ cRCONServer::cConnection::cConnection(cRCONServer & a_RCONServer, cSocket & a_So
 
 
 
-void cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size)
+bool cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size)
 {
 	// Append data to the buffer:
 	m_Buffer.append(a_Data, a_Size);
@@ -187,12 +187,12 @@ void cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size)
 			m_RCONServer.m_SocketThreads.RemoveClient(this);
 			m_Socket.CloseSocket();
 			delete this;
-			return;
+			return false;
 		}
 		if (Length > (int)(m_Buffer.size() + 4))
 		{
 			// Incomplete packet yet, wait for more data to come
-			return;
+			return false;
 		}
 		
 		int RequestID  = IntFromBuffer(m_Buffer.data() + 4);
@@ -202,7 +202,7 @@ void cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size)
 			m_RCONServer.m_SocketThreads.RemoveClient(this);
 			m_Socket.CloseSocket();
 			delete this;
-			return;
+			return false;
 		}
 		m_Buffer.erase(0, Length + 4);
 	}  // while (m_Buffer.size() >= 14)
diff --git a/src/RCONServer.h b/src/RCONServer.h
index b964852ab..47c746736 100644
--- a/src/RCONServer.h
+++ b/src/RCONServer.h
@@ -65,7 +65,7 @@ protected:
 		
 
 		// cSocketThreads::cCallback overrides:
-		virtual void DataReceived(const char * a_Data, size_t a_Size) override;
+		virtual bool DataReceived(const char * a_Data, size_t a_Size) override;
 		virtual void GetOutgoingData(AString & a_Data) override;
 		virtual void SocketClosed(void) override;