From 60850fe3e8da936d5b24460f33a1bf8f4d321ace Mon Sep 17 00:00:00 2001 From: madmaxoft Date: Thu, 1 May 2014 15:08:15 +0200 Subject: [PATCH] Fixed crashes in the SSL HTTP connection. --- src/ClientHandle.cpp | 3 ++- src/ClientHandle.h | 2 +- src/HTTPServer/HTTPConnection.cpp | 14 +++++++------- src/HTTPServer/HTTPConnection.h | 12 +++++++++--- src/HTTPServer/SslHTTPConnection.cpp | 10 +++++++--- src/HTTPServer/SslHTTPConnection.h | 2 +- src/OSSupport/SocketThreads.h | 6 ++++-- src/RCONServer.cpp | 8 ++++---- src/RCONServer.h | 2 +- 9 files changed, 36 insertions(+), 23 deletions(-) diff --git a/src/ClientHandle.cpp b/src/ClientHandle.cpp index 2362abe1e..a2bfdd381 100644 --- a/src/ClientHandle.cpp +++ b/src/ClientHandle.cpp @@ -2649,12 +2649,13 @@ void cClientHandle::PacketError(unsigned char a_PacketType) -void cClientHandle::DataReceived(const char * a_Data, size_t a_Size) +bool cClientHandle::DataReceived(const char * a_Data, size_t a_Size) { // Data is received from the client, store it in the buffer to be processed by the Tick thread: m_TimeSinceLastPacket = 0; cCSLock Lock(m_CSIncomingData); m_IncomingData.append(a_Data, a_Size); + return false; } diff --git a/src/ClientHandle.h b/src/ClientHandle.h index 9f8d44129..ac44e43dc 100644 --- a/src/ClientHandle.h +++ b/src/ClientHandle.h @@ -387,7 +387,7 @@ private: void HandleCommandBlockMessage(const char * a_Data, unsigned int a_Length); // cSocketThreads::cCallback overrides: - virtual void DataReceived (const char * a_Data, size_t a_Size) override; // Data is received from the client + virtual bool DataReceived (const char * a_Data, size_t a_Size) override; // Data is received from the client virtual void GetOutgoingData(AString & a_Data) override; // Data can be sent to client virtual void SocketClosed (void) override; // The socket has been closed for any reason }; // tolua_export diff --git a/src/HTTPServer/HTTPConnection.cpp b/src/HTTPServer/HTTPConnection.cpp index 8e95eff2d..b127e7091 100644 --- a/src/HTTPServer/HTTPConnection.cpp +++ b/src/HTTPServer/HTTPConnection.cpp @@ -145,7 +145,7 @@ void cHTTPConnection::Terminate(void) -void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) +bool cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) { switch (m_State) { @@ -163,12 +163,12 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) m_CurrentRequest = NULL; m_State = wcsInvalid; m_HTTPServer.CloseConnection(*this); - return; + return true; } if (m_CurrentRequest->IsInHeaders()) { // The request headers are not yet complete - return; + return false; } // The request has finished parsing its headers successfully, notify of it: @@ -184,13 +184,12 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) // Process the rest of the incoming data into the request body: if (a_Size > BytesConsumed) { - cHTTPConnection::DataReceived(a_Data + BytesConsumed, a_Size - BytesConsumed); + return cHTTPConnection::DataReceived(a_Data + BytesConsumed, a_Size - BytesConsumed); } else { - cHTTPConnection::DataReceived("", 0); // If the request has zero body length, let it be processed right-away + return cHTTPConnection::DataReceived("", 0); // If the request has zero body length, let it be processed right-away } - break; } case wcsRecvBody: @@ -210,7 +209,7 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) { m_State = wcsInvalid; m_HTTPServer.CloseConnection(*this); - return; + return true; } delete m_CurrentRequest; m_CurrentRequest = NULL; @@ -224,6 +223,7 @@ void cHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) break; } } + return false; } diff --git a/src/HTTPServer/HTTPConnection.h b/src/HTTPServer/HTTPConnection.h index fc11f1ba6..6ea8a1ae8 100644 --- a/src/HTTPServer/HTTPConnection.h +++ b/src/HTTPServer/HTTPConnection.h @@ -91,9 +91,15 @@ protected: // cSocketThreads::cCallback overrides: - virtual void DataReceived (const char * a_Data, size_t a_Size) override; // Data is received from the client - virtual void GetOutgoingData(AString & a_Data) override; // Data can be sent to client - virtual void SocketClosed (void) override; // The socket has been closed for any reason + /** Data is received from the client. + Returns true if the connection has been closed as the result of parsing the data. */ + virtual bool DataReceived(const char * a_Data, size_t a_Size) override; + + /** Data can be sent to client */ + virtual void GetOutgoingData(AString & a_Data) override; + + /** The socket has been closed for any reason */ + virtual void SocketClosed(void) override; } ; typedef std::vector cHTTPConnections; diff --git a/src/HTTPServer/SslHTTPConnection.cpp b/src/HTTPServer/SslHTTPConnection.cpp index fff96bb2e..b6b222b47 100644 --- a/src/HTTPServer/SslHTTPConnection.cpp +++ b/src/HTTPServer/SslHTTPConnection.cpp @@ -25,7 +25,7 @@ cSslHTTPConnection::cSslHTTPConnection(cHTTPServer & a_HTTPServer, const cX509Ce -void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) +bool cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) { // If there is outgoing data in the queue, notify the server that it should write it out: if (!m_OutgoingData.empty()) @@ -52,13 +52,17 @@ void cSslHTTPConnection::DataReceived(const char * a_Data, size_t a_Size) int NumRead = m_Ssl.ReadPlain(Buffer, sizeof(Buffer)); if (NumRead > 0) { - super::DataReceived(Buffer, (size_t)NumRead); + if (super::DataReceived(Buffer, (size_t)NumRead)) + { + // The socket has been closed, and the object is already deleted. Bail out. + return true; + } } // If both failed, bail out: if ((BytesWritten == 0) && (NumRead <= 0)) { - return; + return false; } } } diff --git a/src/HTTPServer/SslHTTPConnection.h b/src/HTTPServer/SslHTTPConnection.h index 2a648e8c8..653acbfce 100644 --- a/src/HTTPServer/SslHTTPConnection.h +++ b/src/HTTPServer/SslHTTPConnection.h @@ -36,7 +36,7 @@ protected: cPublicKeyPtr m_PrivateKey; // cHTTPConnection overrides: - virtual void DataReceived (const char * a_Data, size_t a_Size) override; // Data is received from the client + virtual bool DataReceived (const char * a_Data, size_t a_Size) override; // Data is received from the client virtual void GetOutgoingData(AString & a_Data) override; // Data can be sent to client } ; diff --git a/src/OSSupport/SocketThreads.h b/src/OSSupport/SocketThreads.h index 679e374e1..944f5f3bc 100644 --- a/src/OSSupport/SocketThreads.h +++ b/src/OSSupport/SocketThreads.h @@ -63,8 +63,10 @@ public: // Force a virtual destructor in all subclasses: virtual ~cCallback() {} - /** Called when data is received from the remote party */ - virtual void DataReceived(const char * a_Data, size_t a_Size) = 0; + /** Called when data is received from the remote party. + SocketThreads does not care about the return value, others can use it for their specific purpose - + for example HTTPServer uses it to signal if the connection was terminated as a result of the data received. */ + virtual bool DataReceived(const char * a_Data, size_t a_Size) = 0; /** Called when data can be sent to remote party The function is supposed to *set* outgoing data to a_Data (overwrite) */ diff --git a/src/RCONServer.cpp b/src/RCONServer.cpp index d7083ff2b..fd4b26cab 100644 --- a/src/RCONServer.cpp +++ b/src/RCONServer.cpp @@ -169,7 +169,7 @@ cRCONServer::cConnection::cConnection(cRCONServer & a_RCONServer, cSocket & a_So -void cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size) +bool cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size) { // Append data to the buffer: m_Buffer.append(a_Data, a_Size); @@ -187,12 +187,12 @@ void cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size) m_RCONServer.m_SocketThreads.RemoveClient(this); m_Socket.CloseSocket(); delete this; - return; + return false; } if (Length > (int)(m_Buffer.size() + 4)) { // Incomplete packet yet, wait for more data to come - return; + return false; } int RequestID = IntFromBuffer(m_Buffer.data() + 4); @@ -202,7 +202,7 @@ void cRCONServer::cConnection::DataReceived(const char * a_Data, size_t a_Size) m_RCONServer.m_SocketThreads.RemoveClient(this); m_Socket.CloseSocket(); delete this; - return; + return false; } m_Buffer.erase(0, Length + 4); } // while (m_Buffer.size() >= 14) diff --git a/src/RCONServer.h b/src/RCONServer.h index b964852ab..47c746736 100644 --- a/src/RCONServer.h +++ b/src/RCONServer.h @@ -65,7 +65,7 @@ protected: // cSocketThreads::cCallback overrides: - virtual void DataReceived(const char * a_Data, size_t a_Size) override; + virtual bool DataReceived(const char * a_Data, size_t a_Size) override; virtual void GetOutgoingData(AString & a_Data) override; virtual void SocketClosed(void) override;