我正在使用OpenSSL库保护网络消息的安全,但是由于某些原因,它似乎并不总是有效。实际上,大多数时候它不起作用。当我运行编译后的代码并连接到套接字时,大多数情况下,它也只是在子代中运行主进程的代码,但有时它会运行子代指令。令人讨厌的是,这不是它应该工作的方式,孩子应该一直处理客户端(handle_client(newfd))之后应该退出。一个有趣的部分是,如果我从子指令中删除handle_client(newfd)行并在其中放置一些小内容(如printf("test")),则该子程序会按需工作,并打印测试并在此之后退出。这是fork()中的某种限制,还是我不应该在孩子中运行这么多的代码?或者是其他东西?任何帮助将是真正的应用!
main.c:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <netdb.h>
#include <sys/wait.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <string.h>
#include <fcntl.h>
#include "json.h"
#include "create_socket.h"
#include "get_addr.h"
#include "handle_income.h"
#include "handle_client.h"
int main(void) {
int newfd;
struct sockaddr_storage their_addr;
char s[INET6_ADDRSTRLEN];
pid_t pid;
unsigned int cpc = 0;
int listenfd = create_socket("8069");
if (listenfd < 0)
exit(1);
while(1) {
socklen_t sin_size = sizeof their_addr;
if ((newfd = accept(listenfd, (struct sockaddr *)&their_addr, &sin_size)) == -1)
continue;
inet_ntop(their_addr.ss_family,
get_addr((struct sockaddr *)&their_addr), s, sizeof s);
printf("conn %s siz %d\n", s, (int) sin_size); //REMOVE
if ((pid = fork()) < 0) {
exit(1);
} else if (pid == 0) {
close(listenfd);
handle_client(newfd);
exit(0);
}
printf("child %d\n", (int) pid); //REMOVE
cpc++;
while(cpc) {
pid = waitpid((pid_t) -1, NULL, WNOHANG);
if (pid < 0)
exit(1);
else if (pid == 0)
break;
else
cpc--;
}
}
EVP_cleanup();
exit(0);
}
handle_client.h:
#define READ_SIZE 32
void handle_client(int newfd) {
char *buffer = NULL;
char *tmp_buffer = malloc(READ_SIZE);
unsigned long buffer_size = 0;
unsigned long received = 0;
int status = 0;
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
SSL_CTX *sslctx = SSL_CTX_new(SSLv23_server_method());
if (sslctx) {
SSL_CTX_set_ecdh_auto(sslctx, 1);
if ((SSL_CTX_use_certificate_file(sslctx, "/ssl-cert.pem", SSL_FILETYPE_PEM)) > 0) {
if ((SSL_CTX_use_PrivateKey_file(sslctx, "/ssl-key.pem", SSL_FILETYPE_PEM)) > 0) {
SSL *ssl = SSL_new(sslctx);
SSL_set_fd(ssl, newfd);
if (SSL_accept(ssl) > 0) {
fcntl(newfd, F_SETFL, fcntl(newfd, F_GETFL, 0) | O_NONBLOCK);
do {
if (received >= buffer_size) {
char *tmp;
buffer_size += READ_SIZE;
if ((tmp = realloc(buffer, buffer_size)) == NULL) {
break;
} else {
buffer = tmp;
}
}
status = SSL_read(ssl, tmp_buffer, READ_SIZE);
if (status > 0) {
received += status;
strncat(buffer, tmp_buffer, status);
} else {
ERR_print_errors_fp(stderr);
}
} while (status > 0);
free(tmp_buffer);
buffer[received] = 0;
if (received < buffer_size) {
buffer = realloc(buffer, received);
}
printf("%s\n", buffer); //REMOVE
char *response = handle_income(buffer);
SSL_write(ssl, response, strlen(response));
printf("%s\n", response); //REMOVE
}
SSL_free(ssl);
}
}
}
SSL_CTX_free(sslctx);
close(newfd);
}
最佳答案
可能还有其他问题,但是您应该修复以下缓冲区溢出错误,并检查它是否也解决了可见问题:SSL_read的返回值可能小于READ_SIZE。因此,下一段代码被破坏了。
例如,当第一个SSL_read()返回例如16,而下一个调用返回32(= READ_SIZE)时,就会出现问题。在第二个buffer调用期间分配的strncat大小为32,因此在strncat()期间可能发生缓冲区溢出。
if (received >= buffer_size) {
char *tmp;
buffer_size += READ_SIZE;
if ((tmp = realloc(buffer, buffer_size)) == NULL) {
break;
} else {
buffer = tmp;
}
}
status = SSL_read(ssl, tmp_buffer, READ_SIZE);
if (status > 0) {
received += status;
strncat(buffer, tmp_buffer, status);
}
...
strncat调用可能还有其他问题。字符串的空终止符需要一个额外的字节。从手册页:目标的大小必须至少为strlen(dest)+ n + 1