From 6e7f45157416294218cde966f60c784c68b6e0ef Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 28 Jun 2021 12:54:53 +0100 Subject: [PATCH] Add alloc_pkt() and free_pkt() helpers Signed-off-by: David Woodhouse --- array.c | 12 ++++++------ cstp.c | 10 +++++----- dtls.c | 4 ++-- esp.c | 12 ++++++------ gpst.c | 10 +++++----- library.c | 8 ++++---- mainloop.c | 6 +++--- oncp.c | 12 ++++++------ openconnect-internal.h | 11 +++++++++++ ppp.c | 14 +++++++------- pulse.c | 8 ++++---- ssl.c | 4 ++-- 12 files changed, 61 insertions(+), 50 deletions(-) diff --git a/array.c b/array.c index 736e0f8c..1aba7bda 100644 --- a/array.c +++ b/array.c @@ -791,7 +791,7 @@ int array_connect(struct openconnect_info *vpninfo) } buf_free(reqbuf); - free(vpninfo->cstp_pkt); + free_pkt(vpninfo, vpninfo->cstp_pkt); vpninfo->cstp_pkt = NULL; vpninfo->ip_info.mtu = 1400; @@ -821,7 +821,7 @@ int array_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) int len; if (!vpninfo->cstp_pkt) { - vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + receive_mtu); + vpninfo->cstp_pkt = alloc_pkt(vpninfo, receive_mtu); if (!vpninfo->cstp_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -908,7 +908,7 @@ int array_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) /* Don't free the 'special' packets */ if (vpninfo->current_ssl_pkt != &dpd_pkt && vpninfo->current_ssl_pkt != &nodtls_pkt) - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); vpninfo->current_ssl_pkt = NULL; } @@ -1056,7 +1056,7 @@ int array_dtls_mainloop(struct openconnect_info *vpninfo, int *timeout, int read * may be in active use while we attempt to connect DTLS. * So use vpninfo->dtls_pkt for this. */ if (!vpninfo->dtls_pkt) - vpninfo->dtls_pkt = malloc(sizeof(struct pkt) + receive_mtu); + vpninfo->dtls_pkt = alloc_pkt(vpninfo, receive_mtu); if (!vpninfo->dtls_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); dtls_close(vpninfo); @@ -1166,7 +1166,7 @@ int array_dtls_mainloop(struct openconnect_info *vpninfo, int *timeout, int read unsigned char *buf; if (!vpninfo->dtls_pkt) { - vpninfo->dtls_pkt = malloc(sizeof(struct pkt) + len); + vpninfo->dtls_pkt = alloc_pkt(vpninfo, len); if (!vpninfo->dtls_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -1277,7 +1277,7 @@ int array_dtls_mainloop(struct openconnect_info *vpninfo, int *timeout, int read vpn_progress(vpninfo, PRG_TRACE, _("Sent DTLS packet of %d bytes; DTLS send returned %d\n"), this->len, ret); - free(this); + free_pkt(vpninfo, this); } return work_done; diff --git a/cstp.c b/cstp.c index 7e7916a6..6582097a 100644 --- a/cstp.c +++ b/cstp.c @@ -715,8 +715,8 @@ int cstp_connect(struct openconnect_info *vpninfo) /* If *any* compression is enabled, we'll need a deflate_pkt to compress into */ if (deflate_bufsize > vpninfo->deflate_pkt_size) { - free(vpninfo->deflate_pkt); - vpninfo->deflate_pkt = malloc(sizeof(struct pkt) + deflate_bufsize); + free_pkt(vpninfo, vpninfo->deflate_pkt); + vpninfo->deflate_pkt = alloc_pkt(vpninfo, deflate_bufsize); if (!vpninfo->deflate_pkt) { vpninfo->deflate_pkt_size = 0; vpn_progress(vpninfo, PRG_ERR, @@ -921,7 +921,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) int len, payload_len; if (!vpninfo->cstp_pkt) { - vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + receive_mtu); + vpninfo->cstp_pkt = alloc_pkt(vpninfo, receive_mtu); if (!vpninfo->cstp_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -1071,12 +1071,12 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) } /* Don't free the 'special' packets */ if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt) { - free(vpninfo->pending_deflated_pkt); + free_pkt(vpninfo, vpninfo->pending_deflated_pkt); vpninfo->pending_deflated_pkt = NULL; } else if (vpninfo->current_ssl_pkt != &dpd_pkt && vpninfo->current_ssl_pkt != &dpd_resp_pkt && vpninfo->current_ssl_pkt != &keepalive_pkt) - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); vpninfo->current_ssl_pkt = NULL; } diff --git a/dtls.c b/dtls.c index 310969e1..389bd0d0 100644 --- a/dtls.c +++ b/dtls.c @@ -275,7 +275,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) unsigned char *buf; if (!vpninfo->dtls_pkt) { - vpninfo->dtls_pkt = malloc(sizeof(struct pkt) + len); + vpninfo->dtls_pkt = alloc_pkt(vpninfo, len); if (!vpninfo->dtls_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -448,7 +448,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) vpn_progress(vpninfo, PRG_TRACE, _("Sent DTLS packet of %d bytes; DTLS send returned %d\n"), this->len, ret); - free(this); + free_pkt(vpninfo, this); } return work_done; diff --git a/esp.c b/esp.c index e5230c28..72151cd6 100644 --- a/esp.c +++ b/esp.c @@ -156,7 +156,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) struct pkt *pkt; if (!vpninfo->dtls_pkt) { - vpninfo->dtls_pkt = malloc(sizeof(struct pkt) + len); + vpninfo->dtls_pkt = alloc_pkt(vpninfo, len); if (!vpninfo->dtls_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -244,7 +244,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) } } if (pkt->data[len - 1] == 0x05) { - struct pkt *newpkt = malloc(sizeof(*pkt) + receive_mtu + vpninfo->pkt_trailer); + struct pkt *newpkt = alloc_pkt(vpninfo, receive_mtu + vpninfo->pkt_trailer); int newlen = receive_mtu; if (!newpkt) { vpn_progress(vpninfo, PRG_ERR, @@ -255,7 +255,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) pkt->data, &pkt->len) || pkt->len) { vpn_progress(vpninfo, PRG_ERR, _("LZO decompression of ESP packet failed\n")); - free(newpkt); + free_pkt(vpninfo, newpkt); continue; } newpkt->len = receive_mtu - newlen; @@ -344,7 +344,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) len = construct_esp_packet(vpninfo, this, 0); if (len < 0) { /* Should we disable ESP? */ - free(this); + free_pkt(vpninfo, this); work_done = 1; continue; } @@ -378,7 +378,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) unmonitor_write_fd(vpninfo, dtls); vpninfo->deflate_pkt = NULL; } - free(this); + free_pkt(vpninfo, this); work_done = 1; } @@ -399,7 +399,7 @@ void esp_close(struct openconnect_info *vpninfo) if (vpninfo->dtls_state > DTLS_DISABLED) vpninfo->dtls_state = DTLS_SLEEPING; if (vpninfo->deflate_pkt) { - free(vpninfo->deflate_pkt); + free_pkt(vpninfo, vpninfo->deflate_pkt); vpninfo->deflate_pkt = NULL; } } diff --git a/gpst.c b/gpst.c index 72ee1fc6..fd44f23b 100644 --- a/gpst.c +++ b/gpst.c @@ -1128,7 +1128,7 @@ int gpst_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) int len, payload_len; if (!vpninfo->cstp_pkt) { - vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + receive_mtu); + vpninfo->cstp_pkt = alloc_pkt(vpninfo, receive_mtu); if (!vpninfo->cstp_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -1239,7 +1239,7 @@ int gpst_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) } /* Don't free the 'special' packets */ if (vpninfo->current_ssl_pkt != &dpd_pkt) - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); vpninfo->current_ssl_pkt = NULL; } @@ -1379,14 +1379,14 @@ int gpst_esp_send_probes(struct openconnect_info *vpninfo) plen = sizeof(struct ip6_hdr) + icmplen; else plen = sizeof(struct ip) + icmplen; - struct pkt *pkt = malloc(sizeof(*pkt) + plen + vpninfo->pkt_trailer); + struct pkt *pkt = alloc_pkt(vpninfo, plen + vpninfo->pkt_trailer); if (!pkt) return -ENOMEM; if (vpninfo->dtls_fd == -1) { int fd = udp_connect(vpninfo); if (fd < 0) { - free(pkt); + free_pkt(vpninfo, pkt); return fd; } /* We are not connected until we get an ESP packet back */ @@ -1496,7 +1496,7 @@ int gpst_esp_send_probes(struct openconnect_info *vpninfo) vpn_progress(vpninfo, PRG_DEBUG, _("Failed to send ESP probe\n")); } - free(pkt); + free_pkt(vpninfo, pkt); vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started); diff --git a/library.c b/library.c index 29d4abd6..8e43f367 100644 --- a/library.c +++ b/library.c @@ -687,10 +687,10 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo) inflateEnd(&vpninfo->inflate_strm); deflateEnd(&vpninfo->deflate_strm); - free(vpninfo->deflate_pkt); - free(vpninfo->tun_pkt); - free(vpninfo->dtls_pkt); - free(vpninfo->cstp_pkt); + free_pkt(vpninfo, vpninfo->deflate_pkt); + free_pkt(vpninfo, vpninfo->tun_pkt); + free_pkt(vpninfo, vpninfo->dtls_pkt); + free_pkt(vpninfo, vpninfo->cstp_pkt); free(vpninfo->bearer_token); free(vpninfo); } diff --git a/mainloop.c b/mainloop.c index 6cafe7eb..834b5be2 100644 --- a/mainloop.c +++ b/mainloop.c @@ -53,7 +53,7 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) if (!tun_is_up(vpninfo)) { /* no tun yet; clear any queued packets */ while ((this = dequeue_packet(&vpninfo->incoming_queue))) - free(this); + free_pkt(vpninfo, this); return 0; } @@ -64,7 +64,7 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) int len = vpninfo->ip_info.mtu; if (!out_pkt) { - out_pkt = malloc(sizeof(struct pkt) + len + vpninfo->pkt_trailer); + out_pkt = alloc_pkt(vpninfo, len + vpninfo->pkt_trailer); if (!out_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -104,7 +104,7 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) vpninfo->stats.rx_pkts++; vpninfo->stats.rx_bytes += this->len; - free(this); + free_pkt(vpninfo, this); } /* Work is not done if we just got rid of packets off the queue */ return work_done; diff --git a/oncp.c b/oncp.c index 1c90918d..58d7ad3d 100644 --- a/oncp.c +++ b/oncp.c @@ -730,7 +730,7 @@ int oncp_connect(struct openconnect_info *vpninfo) buf_free(reqbuf); vpninfo->partial_rec_size = 0; - free(vpninfo->cstp_pkt); + free_pkt(vpninfo, vpninfo->cstp_pkt); vpninfo->cstp_pkt = NULL; return ret; @@ -858,7 +858,7 @@ int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) len = receive_mtu + vpninfo->pkt_trailer; if (!vpninfo->cstp_pkt) { - vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + len); + vpninfo->cstp_pkt = alloc_pkt(vpninfo, len); if (!vpninfo->cstp_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -1080,7 +1080,7 @@ int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) } /* Don't free the 'special' packets */ if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt) { - free(vpninfo->pending_deflated_pkt); + free_pkt(vpninfo, vpninfo->pending_deflated_pkt); vpninfo->pending_deflated_pkt = NULL; } else if (vpninfo->current_ssl_pkt == &esp_enable_pkt) { /* Only set the ESP state to connected and actually start @@ -1091,7 +1091,7 @@ int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) vpninfo->dtls_state = DTLS_ESTABLISHED; work_done = 1; } else { - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); } vpninfo->current_ssl_pkt = NULL; } @@ -1254,7 +1254,7 @@ int oncp_esp_send_probes(struct openconnect_info *vpninfo) monitor_except_fd(vpninfo, dtls); } - pkt = malloc(sizeof(*pkt) + 1 + vpninfo->pkt_trailer); + pkt = alloc_pkt(vpninfo, 1 + vpninfo->pkt_trailer); if (!pkt) return -ENOMEM; @@ -1267,7 +1267,7 @@ int oncp_esp_send_probes(struct openconnect_info *vpninfo) send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0) < 0) vpn_progress(vpninfo, PRG_DEBUG, _("Failed to send ESP probe\n")); } - free(pkt); + free_pkt(vpninfo, pkt); vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started); diff --git a/openconnect-internal.h b/openconnect-internal.h index 06f4cec9..63afa4b8 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -388,6 +388,17 @@ static inline void init_pkt_queue(struct pkt_q *q) q->tail = &q->head; } + +static inline struct pkt *alloc_pkt(struct openconnect_info *vpninfo, int len) +{ + return malloc(sizeof(struct pkt) + len); +} + +static inline void free_pkt(struct openconnect_info *vpninfo, struct pkt *pkt) +{ + free(pkt); +} + #define TLS_OVERHEAD 5 /* packet + header */ #define DTLS_OVERHEAD (1 /* packet + header */ + 13 /* DTLS header */ + \ 20 /* biggest supported MAC (SHA1) */ + 32 /* biggest supported IV (AES-256) */ + \ diff --git a/ppp.c b/ppp.c index 05e88a28..59007c8d 100644 --- a/ppp.c +++ b/ppp.c @@ -888,7 +888,7 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int dtls, /* Drop any failed outgoing packet from previous connection; * we need to reconfigure before we can send data packets. */ - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); vpninfo->current_ssl_pkt = NULL; vpninfo->partial_rec_size = 0; ppp->ppp_state = PPPS_ESTABLISH; @@ -1089,7 +1089,7 @@ static int ppp_mainloop(struct openconnect_info *vpninfo, int dtls, int len, payload_len, next_len; if (!vpninfo->cstp_pkt) { - vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + receive_mtu); + vpninfo->cstp_pkt = alloc_pkt(vpninfo, receive_mtu); if (!vpninfo->cstp_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -1333,7 +1333,7 @@ static int ppp_mainloop(struct openconnect_info *vpninfo, int dtls, * full sized packet so it can remain in vpninfo->cstp_pkt and be reused * for receiving the next packet, if it's something other than data and * doesn't get queued and freed. */ - this = vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + receive_mtu); + this = vpninfo->cstp_pkt = alloc_pkt(vpninfo, receive_mtu); if (!this) return -ENOMEM; eh = this->data - rsv_hdr_size; @@ -1384,7 +1384,7 @@ static int ppp_mainloop(struct openconnect_info *vpninfo, int dtls, return 1; } - free(this); + free_pkt(vpninfo, this); vpninfo->current_ssl_pkt = NULL; } @@ -1469,7 +1469,7 @@ static int ppp_mainloop(struct openconnect_info *vpninfo, int dtls, proto == PPP_LCP ? ASYNCMAP_LCP : ppp->out_asyncmap); if (!this) return 1; /* XX */ - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); vpninfo->current_ssl_pkt = this; } @@ -1676,7 +1676,7 @@ int ppp_udp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readabl * may be in active use while we attempt to connect DTLS. * So use vpninfo->dtls_pkt for this. */ if (!vpninfo->dtls_pkt) - vpninfo->dtls_pkt = malloc(sizeof(struct pkt) + receive_mtu); + vpninfo->dtls_pkt = alloc_pkt(vpninfo, receive_mtu); if (!vpninfo->dtls_pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); dtls_close(vpninfo); @@ -1707,7 +1707,7 @@ int ppp_udp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readabl } else if (ret > 0) { vpninfo->dtls_state = DTLS_ESTABLISHED; vpninfo->dtls_pkt = NULL; - free(this); + free_pkt(vpninfo, this); /* We are going to take over the PPP now; reset the TCP one */ ret = ppp_reset(vpninfo); diff --git a/pulse.c b/pulse.c index 280cc4a3..534bed13 100644 --- a/pulse.c +++ b/pulse.c @@ -2581,7 +2581,7 @@ int pulse_connect(struct openconnect_info *vpninfo) monitor_read_fd(vpninfo, ssl); monitor_except_fd(vpninfo, ssl); - free(vpninfo->cstp_pkt); + free_pkt(vpninfo, vpninfo->cstp_pkt); vpninfo->cstp_pkt = NULL; return ret; @@ -2611,7 +2611,7 @@ int pulse_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) int len, payload_len; if (!pkt) { - pkt = vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + receive_mtu); + pkt = vpninfo->cstp_pkt = alloc_pkt(vpninfo, receive_mtu); if (!pkt) { vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n")); break; @@ -2798,10 +2798,10 @@ int pulse_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) } /* Don't free the 'special' packets */ if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt) { - free(vpninfo->pending_deflated_pkt); + free_pkt(vpninfo, vpninfo->pending_deflated_pkt); vpninfo->pending_deflated_pkt = NULL; } else - free(vpninfo->current_ssl_pkt); + free_pkt(vpninfo, vpninfo->current_ssl_pkt); vpninfo->current_ssl_pkt = NULL; } diff --git a/ssl.c b/ssl.c index a6697386..d5b33da4 100644 --- a/ssl.c +++ b/ssl.c @@ -1131,9 +1131,9 @@ int ssl_reconnect(struct openconnect_info *vpninfo) timeout = vpninfo->reconnect_timeout; interval = vpninfo->reconnect_interval; - free(vpninfo->dtls_pkt); + free_pkt(vpninfo, vpninfo->dtls_pkt); vpninfo->dtls_pkt = NULL; - free(vpninfo->tun_pkt); + free_pkt(vpninfo, vpninfo->tun_pkt); vpninfo->tun_pkt = NULL; while (1) { -- 2.51.0