mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 23:42:34 +00:00
Solve a problem with overlapping socket and openssl parameters
This commit is contained in:
parent
072377c68c
commit
e78e911cbb
3 changed files with 100 additions and 14 deletions
8
CHANGES
8
CHANGES
|
@ -1,5 +1,13 @@
|
||||||
|
|
||||||
Corrections:
|
Corrections:
|
||||||
|
The per address parameters for OpenSSL overlapped in memory with socket
|
||||||
|
parameters. Magically this did not seem to cause problems except on
|
||||||
|
MacOS Catalina that reported errors like:
|
||||||
|
socat[3458] E Select(7, &0x80, NULL, NULL, {140392884396544.000000}):
|
||||||
|
Invalid argument
|
||||||
|
Test: OPENSSL_PARA_OVERLAP
|
||||||
|
Thanks to Ryo Ota for reporting this bug.
|
||||||
|
|
||||||
Fixed a few minor coding issues
|
Fixed a few minor coding issues
|
||||||
|
|
||||||
Testing:
|
Testing:
|
||||||
|
|
60
test.sh
60
test.sh
|
@ -14980,6 +14980,66 @@ PORT=$((PORT+1))
|
||||||
N=$((N+1))
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
|
# Test if the problem with overlapping internal parameters of sockets and
|
||||||
|
# openssl are fixed
|
||||||
|
NAME=OPENSSL_PARA_OVERLAP
|
||||||
|
case "$TESTS" in
|
||||||
|
*%$N%*|*%functions%*|*%bugs%*|*%socket%*|*%ip4%*|*%tcp%*|*%tcp4%*|*%openssl%*|*%$NAME%*)
|
||||||
|
TEST="$NAME: test diverse of socket,openssl params"
|
||||||
|
# That bug had not many effects; the simplest to use is possible SIGSEGV on
|
||||||
|
# close when option accept-timeout with fractional seconds was applied
|
||||||
|
if ! eval $NUMCOND; then :;
|
||||||
|
elif ! testfeats openssl >/dev/null; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}OPENSSL not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
elif ! type openssl >/dev/null 2>&1; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}openssl executable not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
elif ! testfeats tcp ip4 >/dev/null || ! runsip4 >/dev/null; then
|
||||||
|
$PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv4 not available${NORMAL}\n" $N
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
listCANT="$listCANT $N"
|
||||||
|
else
|
||||||
|
gentestcert testsrv
|
||||||
|
tf="$td/test$N.stdout"
|
||||||
|
te="$td/test$N.stderr"
|
||||||
|
tdiff="$td/test$N.diff"
|
||||||
|
trc0="$td/test$N.rc0"
|
||||||
|
da="test$N $(date) $RANDOM"
|
||||||
|
CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,pf=ip4,$REUSEADDR,accept-timeout=4.5,$SOCAT_EGD,cert=testsrv.crt,key=testsrv.key,verify=0 PIPE"
|
||||||
|
CMD1="$TRACE $SOCAT $opts /dev/null OPENSSL-CONNECT:$LOCALHOST:$PORT,pf=ip4,verify=0,$SOCAT_EGD"
|
||||||
|
printf "test $F_n $TEST... " $N
|
||||||
|
$CMD0 >/dev/null 2>"${te}0" || echo $? >$trc0 &
|
||||||
|
pid0=$!
|
||||||
|
waittcp4port $PORT 1
|
||||||
|
$CMD1 >"${tf}1" 2>"${te}1"
|
||||||
|
rc1=$?
|
||||||
|
sleep 0.5
|
||||||
|
kill $pid0 2>/dev/null; wait
|
||||||
|
if [ $rc1 -ne 0 ]; then
|
||||||
|
$PRINTF "$CANT\n"
|
||||||
|
numCANT=$((numCANT+1))
|
||||||
|
elif [ ! -e $trc0 ]; then
|
||||||
|
$PRINTF "$OK\n"
|
||||||
|
numOK=$((numOK+1))
|
||||||
|
else
|
||||||
|
$PRINTF "$FAILED\n"
|
||||||
|
echo "$CMD0 &" >&2
|
||||||
|
cat "${te}0" >&2
|
||||||
|
echo "$CMD1" >&2
|
||||||
|
cat "${te}1" >&2
|
||||||
|
numFAIL=$((numFAIL+1))
|
||||||
|
listFAIL="$listFAIL $N"
|
||||||
|
fi
|
||||||
|
fi # NUMCOND
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
PORT=$((PORT+1))
|
||||||
|
N=$((N+1))
|
||||||
|
|
||||||
|
|
||||||
##################################################################################
|
##################################################################################
|
||||||
#=================================================================================
|
#=================================================================================
|
||||||
# here come tests that might affect your systems integrity. Put normal tests
|
# here come tests that might affect your systems integrity. Put normal tests
|
||||||
|
|
46
xio.h
46
xio.h
|
@ -115,6 +115,23 @@ extern xioopts_t xioopts;
|
||||||
|
|
||||||
#define MAXARGV 8
|
#define MAXARGV 8
|
||||||
|
|
||||||
|
#if _WITH_IP4 || _WITH_IP6
|
||||||
|
struct para_ip {
|
||||||
|
unsigned int res_opts[2]; /* bits to be set in _res.options are
|
||||||
|
at [0], bits to be cleared are at [1] */
|
||||||
|
bool dosourceport; /* check the source port of incoming connection or packets */
|
||||||
|
uint16_t sourceport; /* host byte order */
|
||||||
|
bool lowport;
|
||||||
|
#if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
|
||||||
|
bool dolibwrap;
|
||||||
|
char *libwrapname;
|
||||||
|
char *tcpwrap_etc;
|
||||||
|
char *hosts_allow_table;
|
||||||
|
char *hosts_deny_table;
|
||||||
|
#endif
|
||||||
|
} ;
|
||||||
|
#endif /* _WITH_IP4 || _WITH_IP6 */
|
||||||
|
|
||||||
/* a non-dual file descriptor */
|
/* a non-dual file descriptor */
|
||||||
typedef struct single {
|
typedef struct single {
|
||||||
enum xiotag tag; /* see enum xiotag */
|
enum xiotag tag; /* see enum xiotag */
|
||||||
|
@ -181,6 +198,7 @@ typedef struct single {
|
||||||
} bipipe;
|
} bipipe;
|
||||||
#if _WITH_SOCKET
|
#if _WITH_SOCKET
|
||||||
struct {
|
struct {
|
||||||
|
/* keep a consistent copy in openssl part !!! */
|
||||||
struct timeval connect_timeout; /* how long to hang in connect() */
|
struct timeval connect_timeout; /* how long to hang in connect() */
|
||||||
#if WITH_LISTEN
|
#if WITH_LISTEN
|
||||||
struct timeval accept_timeout; /* how long to wait for incoming connection */
|
struct timeval accept_timeout; /* how long to wait for incoming connection */
|
||||||
|
@ -190,21 +208,9 @@ typedef struct single {
|
||||||
bool dorange;
|
bool dorange;
|
||||||
struct xiorange range; /* restrictions for peer address */
|
struct xiorange range; /* restrictions for peer address */
|
||||||
#if _WITH_IP4 || _WITH_IP6
|
#if _WITH_IP4 || _WITH_IP6
|
||||||
struct {
|
struct para_ip ip;
|
||||||
unsigned int res_opts[2]; /* bits to be set in _res.options are
|
|
||||||
at [0], bits to be cleared are at [1] */
|
|
||||||
bool dosourceport; /* check the source port of incoming connection or packets */
|
|
||||||
uint16_t sourceport; /* host byte order */
|
|
||||||
bool lowport;
|
|
||||||
#if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
|
|
||||||
bool dolibwrap;
|
|
||||||
char *libwrapname;
|
|
||||||
char *tcpwrap_etc;
|
|
||||||
char *hosts_allow_table;
|
|
||||||
char *hosts_deny_table;
|
|
||||||
#endif
|
|
||||||
} ip;
|
|
||||||
#endif /* _WITH_IP4 || _WITH_IP6 */
|
#endif /* _WITH_IP4 || _WITH_IP6 */
|
||||||
|
/* up to here, keep consistent copy in openssl part !!! */
|
||||||
#if WITH_UNIX
|
#if WITH_UNIX
|
||||||
struct {
|
struct {
|
||||||
bool tight;
|
bool tight;
|
||||||
|
@ -231,7 +237,19 @@ typedef struct single {
|
||||||
#endif /* WITH_READLINE */
|
#endif /* WITH_READLINE */
|
||||||
#if WITH_OPENSSL
|
#if WITH_OPENSSL
|
||||||
struct {
|
struct {
|
||||||
|
/* copy of the para.socket structure without un !!! */
|
||||||
struct timeval connect_timeout; /* how long to hang in connect() */
|
struct timeval connect_timeout; /* how long to hang in connect() */
|
||||||
|
#if WITH_LISTEN
|
||||||
|
struct timeval accept_timeout; /* how long to wait for incoming connection */
|
||||||
|
#endif
|
||||||
|
union sockaddr_union la; /* local socket address */
|
||||||
|
bool null_eof; /* with dgram: empty packet means EOF */
|
||||||
|
bool dorange;
|
||||||
|
struct xiorange range; /* restrictions for peer address */
|
||||||
|
#if _WITH_IP4 || _WITH_IP6
|
||||||
|
struct para_ip ip;
|
||||||
|
#endif /* _WITH_IP4 || _WITH_IP6 */
|
||||||
|
/* end of the para.socket structure copy */
|
||||||
SSL_CTX* ctx; /* for freeing on close */
|
SSL_CTX* ctx; /* for freeing on close */
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
#if HAVE_SSL_CTX_set_min_proto_version || defined(SSL_CTX_set_min_proto_version)
|
#if HAVE_SSL_CTX_set_min_proto_version || defined(SSL_CTX_set_min_proto_version)
|
||||||
|
|
Loading…
Reference in a new issue