repo: tlswrap
action: commit
revision: 
path_from: 
revision_from: 3886de05a6b20ead48ba41759fc17b6334a0a474:
path_to: 
revision_to:
git.thebackupbox.net
tlswrap
git clone git://git.thebackupbox.net/tlswrap
commit 3886de05a6b20ead48ba41759fc17b6334a0a474
Author: epoch 
Date:   Sat Sep 10 06:54:38 2022 +0000

    made buffer larger, setvbuf on stdio just in case it mattered. shouldnt hurt. extra deubg output to whatever is connected to tlswrap. close the associated filedescriptors when the read end has EOFd

diff --git a/tlswrap.c b/tlswrap.c
index eeb9d05d7c13a22f4cdaf54c6b137389a5b20a41..
index ..0f98200a10999a90e6bd95853c5338b2a754d701 100644
--- a/tlswrap.c
+++ b/tlswrap.c
@@ -185,6 +185,9 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) {
 }

 int main(int argc,char *argv[]) {
+  setvbuf(stdin, NULL, _IONBF, 0);
+  setvbuf(stdout, NULL, _IONBF, 0);
+  setvbuf(stderr, NULL, _IONBF, 0);
   syslog(LOG_DAEMON|LOG_DEBUG,"started");
   struct sockaddr_in6 sa6;
   char ra[NI_MAXHOST],rp[NI_MAXSERV];
@@ -330,7 +333,7 @@ int main(int argc,char *argv[]) {
   //fprintf(stderr,"made it here\n");
   syslog(LOG_DAEMON|LOG_DEBUG,"accepted a connection!");
   size_t r;
-  char buffer[9001];
+  char buffer[65535];//fuck it. let's make it big.

   if(servername && servername[0]) {
     setenv("SSL_TLS_SNI",servername,1);
@@ -357,6 +360,12 @@ int main(int argc,char *argv[]) {
     close(c[1]);
     dup2(x,3);//we're passing this to the child ONLY so it can do getpeername and stuff. this can probably be closed.
     execv(argv[0],argv);
+    printf("[!!!] server-side tlswrap configuration error.\n");
+    printf("[!!!] failed to execute subprocess.\n");
+    for(;*argv;argv++) {
+      printf("[!!!] argv: %s\n",*argv);
+    }
+    return 0;
   }
   if(child == -1) {
     syslog(LOG_DAEMON|LOG_WARNING,"failed to fork");
@@ -378,12 +387,12 @@ int main(int argc,char *argv[]) {
   close(a[0]);
   close(b[1]);
   close(c[1]);
-  syslog(LOG_DAEMON|LOG_DEBUG,"entering select loop");
+  //syslog(LOG_DAEMON|LOG_DEBUG,"entering select loop");
   //fprintf(stderr,"made it here\n");
   for(;FD_ISSET(b[0],&master) || FD_ISSET(c[0],&master);) { //a select() brick that reads from ssl and writes to subprocess and reads from subprocess and writes to ssl
     readfs=master;
     if((j=select(fdmax+1,&readfs,0,0,tout)) == -1 ) {
-      syslog(LOG_DAEMON|LOG_ERR,"giving up. error'd in select");
+      //syslog(LOG_DAEMON|LOG_ERR,"giving up. error'd in select");
       break;
     }
     if(FD_ISSET(0,&readfs)) {
@@ -393,6 +402,8 @@ int main(int argc,char *argv[]) {
           syslog(LOG_DAEMON|LOG_ERR,"write failed. -_-");
         }
         FD_CLR(0,&master);
+	close(a[1]);
+	close(0);
       } else {
         syslog(LOG_DAEMON|LOG_DEBUG,"SSL read? %d msg: %s",r,ERR_error_string(ERR_get_error(),NULL));
         syslog(LOG_DAEMON|LOG_DEBUG,"read %d bytes from ssl!",r);
@@ -405,6 +416,8 @@ int main(int argc,char *argv[]) {
       if((r2=read(b[0],buffer,sizeof(buffer))) <= 0) {
         syslog(LOG_DAEMON|LOG_DEBUG,"subprocess stdout done.");
         FD_CLR(b[0],&master);
+	close(b[0]);
+	close(1);
       } else {
         syslog(LOG_DAEMON|LOG_DEBUG,"read %d bytes from subprocess!",r2);
         if(SSL_write(ssl,buffer,r2) <= 0) {

-----END OF PAGE-----