Skip to content

Commit

Permalink
Merge pull request #521 from okhowang/master
Browse files Browse the repository at this point in the history
Fix malformed packet in stream based handler
  • Loading branch information
adubovikov authored Jul 27, 2023
2 parents 00bd5c6 + acdba02 commit 84e92cd
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 46 deletions.
24 changes: 9 additions & 15 deletions server/tcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package input
import (
"bufio"
"encoding/binary"
"io"
"net"
"sync"
"sync/atomic"
Expand Down Expand Up @@ -58,26 +59,19 @@ func (h *HEPInput) serveTCP(addr string) {
}

func (h *HEPInput) handleTCP(c net.Conn) {
h.handleStream(c, "TCP")
}

func (h *HEPInput) handleStream(c net.Conn, protocol string) {
defer func() {
logp.Info("closing TCP connection from %s", c.RemoteAddr())
logp.Info("closing %s connection from %s", protocol, c.RemoteAddr())
err := c.Close()
if err != nil {
logp.Err("%v", err)
}
}()

r := bufio.NewReader(c)
readBytes := func(buffer []byte) (int, error) {
n := uint(0)
for n < uint(len(buffer)) {
nn, err := r.Read(buffer[n:])
n += uint(nn)
if err != nil {
return 0, err
}
}
return int(n), nil
}
for {
if atomic.LoadUint32(&h.stopped) == 1 {
return
Expand All @@ -96,11 +90,11 @@ func (h *HEPInput) handleTCP(c net.Conn) {
return
}
buf := h.buffer.Get().([]byte)
n, err := readBytes(buf[:size])
if err != nil || n > maxPktLen {
n, err := io.ReadFull(r, buf[:size])
if err != nil || n != int(size) {
logp.Warn("%v, unusal packet size with %d bytes", err, n)
atomic.AddUint64(&h.stats.ErrCount, 1)
continue
return
}
h.inputCh <- buf[:n]
atomic.AddUint64(&h.stats.PktCount, 1)
Expand Down
37 changes: 6 additions & 31 deletions server/tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@ package input
import (
"crypto/tls"
"net"
"path/filepath"
"sync"
"sync/atomic"
"time"
"path/filepath"

"github.com/sipcapture/heplify-server/config"
"github.com/negbie/cert"
"github.com/negbie/logp"
"github.com/sipcapture/heplify-server/config"
)

func parseTLSVersion(versionText string ) uint16 {
switch(versionText){
func parseTLSVersion(versionText string) uint16 {
switch versionText {
case "1.0":
logp.Warn("TLS1.0 is not recommended. Use 1.2 or greater where possible")
return tls.VersionTLS10
Expand Down Expand Up @@ -50,7 +50,7 @@ func (h *HEPInput) serveTLS(addr string) {
cPath := config.Setting.TLSCertFolder
minTLSVersion := parseTLSVersion(config.Setting.TLSMinVersion)
// load any existing certs, otherwise generate a new one
ca, err := cert.NewCertificateAuthority( filepath.Join(cPath, "heplify-server") )
ca, err := cert.NewCertificateAuthority(filepath.Join(cPath, "heplify-server"))
if err != nil {
logp.Err("%v", err)
return
Expand Down Expand Up @@ -88,30 +88,5 @@ func (h *HEPInput) serveTLS(addr string) {
}

func (h *HEPInput) handleTLS(c net.Conn) {
defer func() {
logp.Info("closing TLS connection from %s", c.RemoteAddr())
err := c.Close()
if err != nil {
logp.Err("%v", err)
}
}()

for {
if atomic.LoadUint32(&h.stopped) == 1 {
return
}

buf := h.buffer.Get().([]byte)
n, err := c.Read(buf)
if err != nil {
logp.Warn("%v from %s", err, c.RemoteAddr())
return
} else if n > maxPktLen {
logp.Warn("received too big packet with %d bytes", n)
atomic.AddUint64(&h.stats.ErrCount, 1)
continue
}
h.inputCh <- buf[:n]
atomic.AddUint64(&h.stats.PktCount, 1)
}
h.handleStream(c, "TLS")
}

0 comments on commit 84e92cd

Please sign in to comment.