From patchwork Thu Dec 29 18:27:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2962 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp4151994dyk; Thu, 29 Dec 2022 10:28:33 -0800 (PST) X-Google-Smtp-Source: AMrXdXsNDw32QlGxhFruONAmYarrReWmP31FrMa+a+4iD2F+KBY6geooXsrkwbfplGE3rjkAYNVH X-Received: by 2002:a05:6a00:1f0d:b0:573:d183:4218 with SMTP id be13-20020a056a001f0d00b00573d1834218mr43572837pfb.10.1672338513510; Thu, 29 Dec 2022 10:28:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672338513; cv=none; d=google.com; s=arc-20160816; b=dBpGU8BXyUv9OXROZLlICzW5Nb3yJuYP5Z9Ouamskj/3VKGCCpFCsFpOUW85x0yvT6 DzpddXVBBZko+l7cXRQKVi1NNShUPZ3fhQUr83oREVf6AR4jysPBiIiiNdCgvKAQq+pw kZE3fjyCKytrjA8BArrRdi0U4ILTHZFIzdCbiLDbrD19ccmOK6TK58V7o7W6WnNw1/2m +JsqffVCAXDN1kE51RBWmUtbOxe1eoJNmymm7UqVn7e2BCHR3fB8yl/BWt3pP7J/pf4N qF7Kbye7LW+8/ozsusIpnMVZ0ASC4mroPM7dUEy/PYIKAneooC0w6ZiDffZJui+gBD2j oEQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=aKTOqgxpPVjX6caDjMu6mhZwDIVPhoK3AWtNLbvk8mA=; b=BNJjHC4rexSxc3z0bebq2GW52JHqDK4GOxawnKd9On1D0CU1+DDSsSon05IaDj1K4j k7t/cqg23JXOf5S7FaoqAwdF6vquQ4DhldLl8UV80YCMgmz1n8psMY/r1Ac6w1N4HZWI pjAZtzE4MZ/uFUVxGOm8nIGNwQP/Biui1SEzVoaa7YQzDq6/1Im8WsHgeWDjDNJNnRvD CIJ8hd/hJCOzDvXNTBs6CdvW0pYSlTWoXNydZii9WqgnxL4bUuLp2N/fnfqNdCEdhRPE TDwawv7933qe/j//9rjmIjpRPpYAYDJJ3cFkbO3+AlG5ssxBjGemIUcE/hKs7d35S3Cn F2Tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Hxby+P9R; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GbgtmFk2; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=EiYRb5Mg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id n27-20020aa7985b000000b0056e8f32463esi18956725pfq.322.2022.12.29.10.28.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Dec 2022 10:28:33 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Hxby+P9R; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GbgtmFk2; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=EiYRb5Mg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pAxdU-0002QJ-Rf; Thu, 29 Dec 2022 18:28:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pAxdU-0002QD-I0 for openvpn-devel@lists.sourceforge.net; Thu, 29 Dec 2022 18:28:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zBsZRWYK9zIultkfj7JhnRJ7xxNzMqCI4XF+15G+Sxo=; b=Hxby+P9RB7wPIsTm07nYXs77P8 qcRUKBjYgh3LRh010GJeAJE44xWTf69PT22PbCwD4Fbs6XiPD1Mg5YRl0yYbLlx1X0R8NZ9v33w+C DhMg6rg2riIRGHRdB+5R7ci+XuiKaZpZuIr0310tAa+rdMC7XGfTyo+16pgOu5Q4tpZ0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zBsZRWYK9zIultkfj7JhnRJ7xxNzMqCI4XF+15G+Sxo=; b=GbgtmFk2wEqL/hYvcPbUzLDBLJ +nH2lK7rulrOHZPSlR0BJ8aQB61jGeA7qFYHnmOLk9T2aWkaKH5JYmgm7yWJNwNqnnu56O1cB9VMP 7L4G5haOuJNF51IdaZouF4VEQyMJJplTYnO+1V9WSJX+qJuiJv04FrglqZoMebObKowk=; Received: from mail-il1-f179.google.com ([209.85.166.179]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pAxdT-00GPiU-SE for openvpn-devel@lists.sourceforge.net; Thu, 29 Dec 2022 18:28:12 +0000 Received: by mail-il1-f179.google.com with SMTP id o8so10137787ilq.6 for ; Thu, 29 Dec 2022 10:28:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zBsZRWYK9zIultkfj7JhnRJ7xxNzMqCI4XF+15G+Sxo=; b=EiYRb5MgHVGrIgXdYgn32riEiBWiaNVWsdMBg6/3+SgBYnwSPdyWZlX6dJ5o4rnKTY sm0hSoXGGHnr3yz3mX5hkBy+gHYKs4+45ugk65FtG5b53m2ag4nDfu4hGlsTetIzDP+y vwYPEHwfZINBfTUOdBVJyOjj1K2mj/NPFW+C1h3+L2rtHm1U1pEs1zCiOaiqiNC5s0vf ZMr+6RYa2uxC6o/LLot597kq84Y1QUFFdhoRm6qMp+IXOv1+83yq4i+RMISrLPQTAU9L dXKWcxUQ+JvBzoFbXr44ODOYfJBJ9CdrnSFEVFR0lj5vJT6Cg2EvBx2CcZ2tW965h0NE UPFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zBsZRWYK9zIultkfj7JhnRJ7xxNzMqCI4XF+15G+Sxo=; b=zFXMTCmo8mWnBtbg9t4oxIxy14ThKG6zpPnsyRdN8az3vaNmvn3u/O+kwK0d8yKbdL RGyDDyjXqEH2bixgH7/6vAMVyGUmKTALqZSXTToZyBDL7jXtUuDLpAhXO3x3lkBEY5g/ olITVw16K5Fe3io7MfnnRNoAIeJcGRa00NHUBo2YHYUcJSNyrbboimY75upLJifDo5Ug dEE//iz1V3fPaYndLaYiNT8xuU/c0iAG1l0NTRSps3tbtGI9JhE0ITXfVl1cSzS/ToL7 OAF/ZjaeRHQDZCY8e+ZDy3n0Sh+dIYVL5ONoTs5mj7ii6zjwLTXPKXcfPG1MuUw8XUzE V3xQ== X-Gm-Message-State: AFqh2ko2YATPkJXZOdCzIDP3KV3afmqUtg9jPWD0vvJqm92axXHUkbEk L7NKDO5ResABsFLP4s+ngGwbhK6dKKECUA== X-Received: by 2002:a92:c008:0:b0:30c:3065:7d3e with SMTP id q8-20020a92c008000000b0030c30657d3emr42053ild.2.1672338486133; Thu, 29 Dec 2022 10:28:06 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id o11-20020a056e02092b00b0030c2667fe17sm973492ilt.80.2022.12.29.10.28.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Dec 2022 10:28:05 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Thu, 29 Dec 2022 13:27:39 -0500 Message-Id: <20221229182739.1477336-2-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221229182739.1477336-1-selva.nair@gmail.com> References: <20221229182739.1477336-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Several handles from openvpn.exe are duplicated in the service for registering ring buffer memory maps with the driver. These handles are not required after registration, as all access is through hand [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.179 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.179 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1pAxdT-00GPiU-SE Subject: [Openvpn-devel] [PATCH 2/2] Cleanup: Close duplicated handles in interactive service X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753574029222686846?= X-GMAIL-MSGID: =?utf-8?q?1753574029222686846?= From: Selva Nair Several handles from openvpn.exe are duplicated in the service for registering ring buffer memory maps with the driver. These handles are not required after registration, as all access is through handles in openvpn.exe. Only the map base address (send_ring, rceive_ring) need be retained for later unmapping. Use local variables for duplicated handles and close them soon after use. The struct ring_buffer_handles_t is renamed to ring_buffer_maps_t as there are no handles in there any longer. Signed-off-by: Selva Nair Acked-by: Lev Stipakov --- src/openvpnserv/interactive.c | 69 +++++++++++++++++------------------ 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 8476738c..47ddd4e8 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -105,14 +105,9 @@ typedef struct { } block_dns_data_t; typedef struct { - HANDLE send_ring_handle; - HANDLE receive_ring_handle; - HANDLE send_tail_moved; - HANDLE receive_tail_moved; - HANDLE device; struct tun_ring *send_ring; struct tun_ring *receive_ring; -} ring_buffer_handles_t; +} ring_buffer_maps_t; static DWORD @@ -179,15 +174,10 @@ OvpnUnmapViewOfFile(struct tun_ring **ring) } static void -CloseRingBufferHandles(ring_buffer_handles_t *ring_buffer_handles) +UnmapRingBuffer(ring_buffer_maps_t *ring_buffer_maps) { - CloseHandleEx(&ring_buffer_handles->device); - CloseHandleEx(&ring_buffer_handles->receive_tail_moved); - CloseHandleEx(&ring_buffer_handles->send_tail_moved); - OvpnUnmapViewOfFile(&ring_buffer_handles->send_ring); - OvpnUnmapViewOfFile(&ring_buffer_handles->receive_ring); - CloseHandleEx(&ring_buffer_handles->receive_ring_handle); - CloseHandleEx(&ring_buffer_handles->send_ring_handle); + OvpnUnmapViewOfFile(&ring_buffer_maps->send_ring); + OvpnUnmapViewOfFile(&ring_buffer_maps->receive_ring); } static HANDLE @@ -1333,16 +1323,19 @@ OvpnDuplicateHandle(HANDLE ovpn_proc, HANDLE orig_handle, HANDLE *new_handle) } static DWORD -DuplicateAndMapRing(HANDLE ovpn_proc, HANDLE orig_handle, HANDLE *new_handle, struct tun_ring **ring) +DuplicateAndMapRing(HANDLE ovpn_proc, HANDLE orig_handle, struct tun_ring **ring) { DWORD err = ERROR_SUCCESS; - err = OvpnDuplicateHandle(ovpn_proc, orig_handle, new_handle); + HANDLE dup_handle = NULL; + + err = OvpnDuplicateHandle(ovpn_proc, orig_handle, &dup_handle); if (err != ERROR_SUCCESS) { return err; } - *ring = (struct tun_ring *)MapViewOfFile(*new_handle, FILE_MAP_ALL_ACCESS, 0, 0, sizeof(struct tun_ring)); + *ring = (struct tun_ring *)MapViewOfFile(dup_handle, FILE_MAP_ALL_ACCESS, 0, 0, sizeof(struct tun_ring)); + CloseHandleEx(&dup_handle); if (*ring == NULL) { err = GetLastError(); @@ -1359,65 +1352,71 @@ HandleRegisterRingBuffers(const register_ring_buffers_message_t *rrb, HANDLE ovp { DWORD err = 0; - ring_buffer_handles_t *ring_buffer_handles = RemoveListItem(&(*lists)[undo_ring_buffer], CmpAny, NULL); + ring_buffer_maps_t *ring_buffer_maps = RemoveListItem(&(*lists)[undo_ring_buffer], CmpAny, NULL); - if (ring_buffer_handles) + if (ring_buffer_maps) { - CloseRingBufferHandles(ring_buffer_handles); + UnmapRingBuffer(ring_buffer_maps); } - else if ((ring_buffer_handles = calloc(1, sizeof(*ring_buffer_handles))) == NULL) + else if ((ring_buffer_maps = calloc(1, sizeof(*ring_buffer_maps))) == NULL) { return ERROR_OUTOFMEMORY; } - err = OvpnDuplicateHandle(ovpn_proc, rrb->device, &ring_buffer_handles->device); + HANDLE device = NULL; + HANDLE send_tail_moved = NULL; + HANDLE receive_tail_moved = NULL; + + err = OvpnDuplicateHandle(ovpn_proc, rrb->device, &device); if (err != ERROR_SUCCESS) { goto out; } - err = DuplicateAndMapRing(ovpn_proc, rrb->send_ring_handle, &ring_buffer_handles->send_ring_handle, &ring_buffer_handles->send_ring); + err = DuplicateAndMapRing(ovpn_proc, rrb->send_ring_handle, &ring_buffer_maps->send_ring); if (err != ERROR_SUCCESS) { goto out; } - err = DuplicateAndMapRing(ovpn_proc, rrb->receive_ring_handle, &ring_buffer_handles->receive_ring_handle, &ring_buffer_handles->receive_ring); + err = DuplicateAndMapRing(ovpn_proc, rrb->receive_ring_handle, &ring_buffer_maps->receive_ring); if (err != ERROR_SUCCESS) { goto out; } - err = OvpnDuplicateHandle(ovpn_proc, rrb->send_tail_moved, &ring_buffer_handles->send_tail_moved); + err = OvpnDuplicateHandle(ovpn_proc, rrb->send_tail_moved, &send_tail_moved); if (err != ERROR_SUCCESS) { goto out; } - err = OvpnDuplicateHandle(ovpn_proc, rrb->receive_tail_moved, &ring_buffer_handles->receive_tail_moved); + err = OvpnDuplicateHandle(ovpn_proc, rrb->receive_tail_moved, &receive_tail_moved); if (err != ERROR_SUCCESS) { goto out; } - if (!register_ring_buffers(ring_buffer_handles->device, ring_buffer_handles->send_ring, - ring_buffer_handles->receive_ring, - ring_buffer_handles->send_tail_moved, ring_buffer_handles->receive_tail_moved)) + if (!register_ring_buffers(device, ring_buffer_maps->send_ring, + ring_buffer_maps->receive_ring, + send_tail_moved, receive_tail_moved)) { err = GetLastError(); MsgToEventLog(M_SYSERR, TEXT("Could not register ring buffers")); goto out; } - err = AddListItem(&(*lists)[undo_ring_buffer], ring_buffer_handles); + err = AddListItem(&(*lists)[undo_ring_buffer], ring_buffer_maps); out: - if (err != ERROR_SUCCESS && ring_buffer_handles) + if (err != ERROR_SUCCESS && ring_buffer_maps) { - CloseRingBufferHandles(ring_buffer_handles); - free(ring_buffer_handles); + UnmapRingBuffer(ring_buffer_maps); + free(ring_buffer_maps); } - + CloseHandleEx(&device); + CloseHandleEx(&send_tail_moved); + CloseHandleEx(&receive_tail_moved); return err; } @@ -1600,7 +1599,7 @@ Undo(undo_lists_t *lists) break; case undo_ring_buffer: - CloseRingBufferHandles(item->data); + UnmapRingBuffer(item->data); break; case _undo_type_max: