search

liudf0716 / xfrpc

The xfrpc project is a lightweight implementation of the FRP client written in C language for OpenWRT and IoT systems. It is designed to provide an efficient solution for resource-constrained devices such as OpenWRT routers and IoT devices, which often have limited ROM and RAM space.
GNU General Public License v3.0
719 stars 90 forks source link

Segmentation fault in http mode #31

Closed JimLee1996 closed 1 year ago

JimLee1996 commented 1 year ago

Running on k2p padavan xfrpc: 2.1.606

config:

[common]
server_addr = 192.168.2.2
server_port = 7000
token = ***

[Router-747d245360cd]
type = http
local_port = 80
custom_domains = 747d245360cd.frp.example.com

logs:

K2P:/tmp # ./xfrpc -c /etc/storage/frpc.ini -f -d 7
[7][Mon Jan 23 16:01:48 2023][6940](config.c:328) Reading configuration file '/etc/storage/frpc.ini'
[7][Mon Jan 23 16:01:48 2023][6940](config.c:95) Section[common]: {server_addr:192.168.2.2, server_port:7000, auth_token:***, interval:30, timeout:90}
[7][Mon Jan 23 16:01:48 2023][6940](config.c:120) Proxy service 0: {name:Router-747d245360cd, local_port:80, type:http}
[7][Mon Jan 23 16:01:48 2023][6940](login.c:104) working in router
[6][Mon Jan 23 16:01:48 2023][6940](control.c:653) connect server [192.168.2.2:7000]...
[7][Mon Jan 23 16:01:48 2023][6940](control.c:615) xfrp server connected
[7][Mon Jan 23 16:01:48 2023][6940](control.c:690) send plain msg ----> [o: { "version": "0.43.0", "hostname": "", "os": "Linux", "arch": "mips", "user": "", "privilege_key": "0f35985cc07ead44460f1a54f37ce1de", "timestamp": 1674460908, "run_id": "747D245360CD", "pool_count": 1, "metas": null }]
[7][Mon Jan 23 16:01:48 2023][6940](control.c:627) start keep_control_alive
[7][Mon Jan 23 16:01:48 2023][6940](login.c:129) xfrp login response: run_id: [747D245360CD], version: [0.45.0]
[3][Mon Jan 23 16:01:48 2023][6940](control.c:445) login success! login_len 67 len 76 ilen 0
[7][Mon Jan 23 16:01:48 2023][6940](control.c:317) recv eas1238 iv data
[6][Mon Jan 23 16:01:48 2023][6940](control.c:159) Start xfrp proxy services ...
[7][Mon Jan 23 16:01:48 2023][6940](control.c:790) control proxy client: [Type 112 : proxy_name Router-747d245360cd : msg_len 279]
[7][Mon Jan 23 16:01:48 2023][6940](control.c:128) new client through tcp mux: 5
[7][Mon Jan 23 16:01:48 2023][6940](control.c:690) send plain msg ----> [w: { "run_id": "747D245360CD" }]

.........

[7][Mon Jan 23 16:08:46 2023][6997](client.c:182) free client 103
[7][Mon Jan 23 16:08:46 2023][6997](control.c:398) proxy service [Router-747d245360cd] [(null):80] start work connection. remain data length 0
[7][Mon Jan 23 16:08:46 2023][6997](client.c:137) proxy server [192.168.2.2:-1] <---> client [127.0.0.1:80]
[7][Mon Jan 23 16:08:46 2023][6997](client.c:78) what [128] client [105] connected : Operation now in progress
[7][Mon Jan 23 16:08:46 2023][6997](control.c:128) new client through tcp mux: 113
[7][Mon Jan 23 16:08:46 2023][6997](control.c:690) send plain msg ----> [w: { "run_id": "747D245360CD" }]
[7][Mon Jan 23 16:08:46 2023][6997](control.c:128) new client through tcp mux: 115
[7][Mon Jan 23 16:08:46 2023][6997](control.c:690) send plain msg ----> [w: { "run_id": "747D245360CD" }]
[7][Mon Jan 23 16:08:46 2023][6997](control.c:398) proxy service [Router-747d245360cd] [(null):80] start work connection. remain data length 0
[7][Mon Jan 23 16:08:46 2023][6997](client.c:137) proxy server [192.168.2.2:-1] <---> client [127.0.0.1:80]
[7][Mon Jan 23 16:08:46 2023][6997](client.c:78) what [128] client [107] connected : Operation now in progress
[7][Mon Jan 23 16:08:46 2023][6997](client.c:72) xfrpc proxy close connect server [(null):80] stream_id 107: Operation now in progress
[7][Mon Jan 23 16:08:46 2023][6997](tcpmux.c:266) free stream 107
[7][Mon Jan 23 16:08:46 2023][6997](client.c:182) free client 107
[7][Mon Jan 23 16:08:46 2023][6997](client.c:72) xfrpc proxy close connect server [(null):80] stream_id 105: Operation now in progress
[7][Mon Jan 23 16:08:46 2023][6997](tcpmux.c:266) free stream 105
[7][Mon Jan 23 16:08:46 2023][6997](client.c:182) free client 105
Segmentation fault
JimLee1996 commented 1 year ago

gdb debug info

Starting program: /home/jim/src/router/xfrpc/build/xfrpc -c frpc.ini -f
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[6][Tue Jan 24 18:02:54 2023][3500368](control.c:653) connect server [frp.h1b.top:7000]...
[3][Tue Jan 24 18:02:54 2023][3500368](control.c:445) login success! login_len 67 len 76 ilen 0
[6][Tue Jan 24 18:02:54 2023][3500368](control.c:159) Start xfrp proxy services ...

Program received signal SIGSEGV, Segmentation fault.
0x000055555556a3c9 in incr_send_window (bev=0x0, tmux_hdr=0x555555581160 <tmux_hdr>, flags=4, stream=0x5555556996c0) at /home/jim/src/router/xfrpc/tcpmux.c:371
371             if (stream->send_window == 0) bufferevent_enable(bev, EV_READ);
liudf0716 commented 1 year ago

@JimLee1996 It seems because bev object is already free. I thought I had already fixed this bug. In this case, in my opinion, there should be a check not only on whether stream is NULL or not, but also on bev.

JimLee1996 commented 1 year ago

I reproduce this bug by insert 

printf("%p\n", stream);
printf("%d\n", stream->id); # segfault

between this two lines It seems to be relevant to stream pointing to an invalid address.

Also, it is better to check bev at the same time.

liudf0716 commented 1 year ago

@JimLee1996 very good