Skip to content

Commit 6c020a3

Browse files
douzzerdouzzer
authored
Merge pull request #82 from JeremiahM37/fenrir-fixes-2
Correctness and memory-safety hardening across lock, route, and config paths
2 parents 066f3e2 + e23825b commit 6c020a3

9 files changed

Lines changed: 250 additions & 39 deletions

File tree

src/actions.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -425,7 +425,11 @@ WOLFSENTRY_LOCAL wolfsentry_errcode_t wolfsentry_action_list_insert_after(
425425
}
426426
ret = wolfsentry_action_list_insert_after_1(WOLFSENTRY_CONTEXT_ARGS_OUT, action_list, action, point_action);
427427
ret2 = wolfsentry_action_drop_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, point_action, NULL /* action_results */);
428-
WOLFSENTRY_RERETURN_IF_ERROR(ret2);
428+
/* a drop-reference failure here leaks one refcount on point_action, but
429+
* don't promote it to the caller's return code: the insert result is the
430+
* caller-visible outcome, and returning ret2 would invite a bogus rollback.
431+
*/
432+
WOLFSENTRY_WARN_ON_FAILURE(ret2);
429433
if (ret < 0) {
430434
WOLFSENTRY_WARN_ON_FAILURE(wolfsentry_action_drop_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, action, NULL /* action_results */));
431435
WOLFSENTRY_ERROR_UNLOCK_AND_RERETURN(ret);

src/addr_families.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -773,6 +773,8 @@ static wolfsentry_errcode_t wolfsentry_addr_family_ntop_1(
773773
{ *family_name = "HYLINK"; WOLFSENTRY_RETURN_OK; }
774774
case WOLFSENTRY_AF_LINK:
775775
{ *family_name = "LINK"; WOLFSENTRY_RETURN_OK; }
776+
case WOLFSENTRY_AF_LINK64:
777+
{ *family_name = "LINK64"; WOLFSENTRY_RETURN_OK; }
776778
case WOLFSENTRY_AF_COIP:
777779
{ *family_name = "COIP"; WOLFSENTRY_RETURN_OK; }
778780
case WOLFSENTRY_AF_CNT:

src/events.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -348,7 +348,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_event_get_config(WOLFSENTRY_CONTE
348348
WOLFSENTRY_SHARED_OR_RETURN();
349349

350350
ret = wolfsentry_event_get_1(WOLFSENTRY_CONTEXT_ARGS_OUT, label, label_len, &event);
351-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
351+
WOLFSENTRY_UNLOCK_AND_RERETURN_IF_ERROR(ret);
352352
if (event->config == NULL)
353353
ret = wolfsentry_eventconfig_get_1(WOLFSENTRY_CONTEXT_ARGS_OUT, &wolfsentry->config, config);
354354
else
@@ -363,7 +363,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_event_update_config(WOLFSENTRY_CO
363363
WOLFSENTRY_MUTEX_OR_RETURN();
364364

365365
ret = wolfsentry_event_get_1(WOLFSENTRY_CONTEXT_ARGS_OUT, label, label_len, &event);
366-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
366+
WOLFSENTRY_UNLOCK_AND_RERETURN_IF_ERROR(ret);
367367

368368
if (event->config == NULL) {
369369
if ((event->config = (struct wolfsentry_eventconfig_internal *)WOLFSENTRY_MALLOC(sizeof *event->config)) == NULL)
@@ -618,7 +618,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_event_set_aux_event(
618618
WOLFSENTRY_MUTEX_OR_RETURN();
619619

620620
ret = wolfsentry_event_get_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, event_label, event_label_len, &event);
621-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
621+
WOLFSENTRY_UNLOCK_AND_RERETURN_IF_ERROR(ret);
622622
if (WOLFSENTRY_CHECK_BITS(event->flags, WOLFSENTRY_EVENT_FLAG_IS_SUBEVENT)) {
623623
ret = WOLFSENTRY_ERROR_ENCODE(INCOMPATIBLE_STATE);
624624
goto out;
@@ -697,7 +697,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_event_action_list_start(
697697
}
698698

699699
if (w_a_l == NULL)
700-
WOLFSENTRY_ERROR_UNLOCK_AND_RETURN(INVALID_ARG);
700+
WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
701701

702702
*cursor = (struct wolfsentry_action_list_ent *)w_a_l->header.head;
703703
if (*cursor == NULL)

src/json/load_config.c

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1711,6 +1711,9 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_init_ex(
17111711
struct wolfsentry_json_process_state **jps)
17121712
{
17131713
wolfsentry_errcode_t ret;
1714+
#ifdef WOLFSENTRY_THREADSAFE
1715+
int locked = 0;
1716+
#endif
17141717
static const JSON_CALLBACKS json_callbacks = {
17151718
#ifdef WOLFSENTRY_HAVE_DESIGNATED_INITIALIZERS
17161719
.process =
@@ -1720,15 +1723,15 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_init_ex(
17201723

17211724
static const JSON_CONFIG default_json_config = {
17221725
#ifdef WOLFSENTRY_HAVE_DESIGNATED_INITIALIZERS
1723-
.max_total_len = 0,
1726+
.max_total_len = WOLFSENTRY_MAX_JSON_TOTAL_LEN,
17241727
.max_total_values = 0,
17251728
.max_number_len = 20,
17261729
.max_string_len = WOLFSENTRY_KV_MAX_VALUE_BYTES,
17271730
.max_key_len = WOLFSENTRY_MAX_LABEL_BYTES,
17281731
.max_nesting_level = WOLFSENTRY_MAX_JSON_NESTING,
17291732
.flags = JSON_NOSCALARROOT
17301733
#else
1731-
0,
1734+
WOLFSENTRY_MAX_JSON_TOTAL_LEN,
17321735
0,
17331736
20,
17341737
WOLFSENTRY_KV_MAX_VALUE_BYTES,
@@ -1760,44 +1763,49 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_init_ex(
17601763
#ifdef WOLFSENTRY_HAVE_JSON_DOM
17611764
(*jps)->dom_parser_flags |= JSON_DOM_DUPKEY_ABORT;
17621765
#else
1763-
WOLFSENTRY_ERROR_RETURN(IMPLEMENTATION_MISSING);
1766+
{ ret = WOLFSENTRY_ERROR_ENCODE(IMPLEMENTATION_MISSING); goto out; }
17641767
#endif
17651768
}
17661769
if (WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_JSON_DOM_DUPKEY_USEFIRST)) {
17671770
#ifdef WOLFSENTRY_HAVE_JSON_DOM
17681771
(*jps)->dom_parser_flags |= JSON_DOM_DUPKEY_USEFIRST;
17691772
#else
1770-
WOLFSENTRY_ERROR_RETURN(IMPLEMENTATION_MISSING);
1773+
{ ret = WOLFSENTRY_ERROR_ENCODE(IMPLEMENTATION_MISSING); goto out; }
17711774
#endif
17721775
}
17731776
if (WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_JSON_DOM_DUPKEY_USELAST)) {
17741777
#ifdef WOLFSENTRY_HAVE_JSON_DOM
17751778
(*jps)->dom_parser_flags |= JSON_DOM_DUPKEY_USELAST;
17761779
#else
1777-
WOLFSENTRY_ERROR_RETURN(IMPLEMENTATION_MISSING);
1780+
{ ret = WOLFSENTRY_ERROR_ENCODE(IMPLEMENTATION_MISSING); goto out; }
17781781
#endif
17791782
}
17801783
if (WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_JSON_DOM_MAINTAINDICTORDER)) {
17811784
#ifdef WOLFSENTRY_HAVE_JSON_DOM
17821785
(*jps)->dom_parser_flags |= JSON_DOM_MAINTAINDICTORDER;
17831786
#else
1784-
WOLFSENTRY_ERROR_RETURN(IMPLEMENTATION_MISSING);
1787+
{ ret = WOLFSENTRY_ERROR_ENCODE(IMPLEMENTATION_MISSING); goto out; }
17851788
#endif
17861789
}
17871790

17881791
#ifdef WOLFSENTRY_THREADSAFE
17891792
if ((! WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_DRY_RUN|WOLFSENTRY_CONFIG_LOAD_FLAG_LOAD_THEN_COMMIT)) ||
17901793
(thread == NULL))
17911794
{
1792-
WOLFSENTRY_MUTEX_OR_RETURN();
1793-
} else if (WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_DRY_RUN))
1794-
WOLFSENTRY_SHARED_OR_RETURN();
1795-
else {
1795+
if ((ret = WOLFSENTRY_MUTEX_EX(wolfsentry)) < 0)
1796+
goto out;
1797+
} else if (WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_DRY_RUN)) {
1798+
/* thread == NULL is already routed to the mutex path above. */
1799+
if ((ret = WOLFSENTRY_SHARED_EX(wolfsentry)) < 0)
1800+
goto out;
1801+
} else {
17961802
ret = WOLFSENTRY_PROMOTABLE_EX(wolfsentry);
1797-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
1803+
if (ret < 0)
1804+
goto out;
17981805
if (WOLFSENTRY_SUCCESS_CODE_IS(ret, LOCK_OK_AND_GOT_RESV))
17991806
(*jps)->got_reservation = 1;
18001807
}
1808+
locked = 1;
18011809
#endif
18021810

18031811
(*jps)->wolfsentry_actual = wolfsentry;
@@ -1834,7 +1842,8 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_init_ex(
18341842

18351843
/* initialize with defaults already set in context, particularly to pick up route_private_data* fields. */
18361844
ret = wolfsentry_defaultconfig_get(JPSP_WOLFSENTRY_CONTEXT_ARGS_OUT, &(*jps)->default_config);
1837-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
1845+
if (ret < 0)
1846+
goto out;
18381847

18391848
if (! WOLFSENTRY_MASKIN_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_DRY_RUN|WOLFSENTRY_CONFIG_LOAD_FLAG_NO_FLUSH|WOLFSENTRY_CONFIG_LOAD_FLAG_LOAD_THEN_COMMIT)) {
18401849
if (WOLFSENTRY_CHECK_BITS(load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_FLUSH_ONLY_ROUTES)) {
@@ -1856,7 +1865,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_init_ex(
18561865

18571866
if (ret < 0) {
18581867
#ifdef WOLFSENTRY_THREADSAFE
1859-
{
1868+
if (locked) {
18601869
wolfsentry_errcode_t _lock_ret;
18611870
if ((*jps)->got_reservation)
18621871
_lock_ret = wolfsentry_context_unlock_and_abandon_reservation(wolfsentry, thread);

src/kv.c

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -434,7 +434,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_kv_render_value(
434434
*out_len = snprintf(out, out_space, "%.10f", WOLFSENTRY_KV_V_FLOAT(kv));
435435
break;
436436
case WOLFSENTRY_KV_STRING: {
437-
#ifndef HAVE_JSON_DOM
437+
#ifndef WOLFSENTRY_HAVE_JSON_DOM
438438
*out_len = snprintf(out, out_space, "\"%.*s\"", (int)WOLFSENTRY_KV_V_STRING_LEN(kv), WOLFSENTRY_KV_V_STRING(kv));
439439
break;
440440
#else
@@ -517,8 +517,11 @@ WOLFSENTRY_LOCAL wolfsentry_errcode_t wolfsentry_kv_clone(
517517
if (WOLFSENTRY_KV_TYPE(&src_kv_pair->kv) == WOLFSENTRY_KV_JSON) {
518518
int ret = json_value_clone(WOLFSENTRY_CONTEXT_ARGS_OUT_EX(wolfsentry_get_allocator(dest_context)),
519519
&src_kv_pair->kv.a.v_json, &(*new_kv_pair)->kv.a.v_json);
520-
if (ret < 0)
520+
if (ret < 0) {
521+
WOLFSENTRY_FREE_1(dest_context->hpi.allocator, *new_kv_pair);
522+
*new_kv_pair = NULL;
521523
WOLFSENTRY_ERROR_RERETURN(wolfsentry_centijson_errcode_translate(ret));
524+
}
522525
}
523526
#endif
524527

src/lwip/packet_filter_glue.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1228,7 +1228,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_install_lwip_filter_icmp_callback
12281228
WOLFSENTRY_MUTEX_OR_RETURN();
12291229
if (icmp_mask) {
12301230
wolfsentry_errcode_t ret = wolfsentry_cleanup_push(WOLFSENTRY_CONTEXT_ARGS_OUT, wolfsentry_cleanup_lwip_filter_callbacks, NULL);
1231-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
1231+
WOLFSENTRY_UNLOCK_AND_RERETURN_IF_ERROR(ret);
12321232
}
12331233
#endif
12341234
#if LWIP_ICMP
@@ -1270,7 +1270,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_install_lwip_filter_tcp_callback(
12701270
WOLFSENTRY_MUTEX_OR_RETURN();
12711271
if (tcp_mask) {
12721272
wolfsentry_errcode_t ret = wolfsentry_cleanup_push(WOLFSENTRY_CONTEXT_ARGS_OUT, wolfsentry_cleanup_lwip_filter_callbacks, NULL);
1273-
WOLFSENTRY_RERETURN_IF_ERROR(ret);
1273+
WOLFSENTRY_UNLOCK_AND_RERETURN_IF_ERROR(ret);
12741274
tcp_filter(tcp_filter_with_wolfsentry);
12751275
/* make sure wolfSentry sees the close/reset events that balance earlier
12761276
* accepts, for concurrent-connection accounting purposes.

src/routes.c

Lines changed: 32 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -583,10 +583,10 @@ static void wolfsentry_route_update_flags_1(
583583

584584
static void wolfsentry_route_free_1(
585585
WOLFSENTRY_CONTEXT_ARGS_IN,
586-
struct wolfsentry_eventconfig_internal *config,
586+
size_t route_private_data_alignment,
587587
struct wolfsentry_route *route)
588588
{
589-
if (config->config.route_private_data_alignment == 0)
589+
if (route_private_data_alignment == 0)
590590
WOLFSENTRY_FREE(route);
591591
else
592592
WOLFSENTRY_FREE_ALIGNED(route);
@@ -599,6 +599,10 @@ static wolfsentry_errcode_t wolfsentry_route_drop_reference_1(
599599
wolfsentry_action_res_t *action_results)
600600
{
601601
struct wolfsentry_eventconfig_internal *config = (route->parent_event && route->parent_event->config) ? route->parent_event->config : &wolfsentry->config;
602+
/* snapshot the alignment before dropping the event reference, since the
603+
* event (and its config) may be freed by the drop.
604+
*/
605+
size_t route_private_data_alignment = config->config.route_private_data_alignment;
602606
wolfsentry_errcode_t ret;
603607
wolfsentry_refcount_t refs_left;
604608
if (route->header.refcount == 0)
@@ -612,7 +616,7 @@ static wolfsentry_errcode_t wolfsentry_route_drop_reference_1(
612616
WOLFSENTRY_RETURN_OK;
613617
if (route->parent_event)
614618
WOLFSENTRY_WARN_ON_FAILURE(wolfsentry_event_drop_reference(WOLFSENTRY_CONTEXT_ARGS_OUT, route->parent_event, NULL /* action_results */));
615-
wolfsentry_route_free_1(WOLFSENTRY_CONTEXT_ARGS_OUT, config, route);
619+
wolfsentry_route_free_1(WOLFSENTRY_CONTEXT_ARGS_OUT, route_private_data_alignment, route);
616620
if (action_results)
617621
WOLFSENTRY_SET_BITS(*action_results, WOLFSENTRY_ACTION_RES_DEALLOCATED);
618622
WOLFSENTRY_RETURN_OK;
@@ -995,7 +999,7 @@ static wolfsentry_errcode_t wolfsentry_route_new(
995999
WOLFSENTRY_ERROR_RETURN(SYS_RESOURCE_FAILED);
9961000
ret = wolfsentry_route_init(parent_event, remote, local, flags, (int)config->config.route_private_data_size, new_size, *new);
9971001
if (ret < 0) {
998-
wolfsentry_route_free_1(WOLFSENTRY_CONTEXT_ARGS_OUT, config, *new);
1002+
wolfsentry_route_free_1(WOLFSENTRY_CONTEXT_ARGS_OUT, config->config.route_private_data_alignment, *new);
9991003
*new = NULL;
10001004
} else {
10011005
if (parent_event != NULL) {
@@ -1054,7 +1058,7 @@ static wolfsentry_errcode_t wolfsentry_route_new_by_exports(
10541058
WOLFSENTRY_ERROR_RETURN(SYS_RESOURCE_FAILED);
10551059
ret = wolfsentry_route_init_by_exports(parent_event, route_exports, config->config.route_private_data_size, new_size, *new);
10561060
if (ret < 0) {
1057-
wolfsentry_route_free_1(WOLFSENTRY_CONTEXT_ARGS_OUT, config, *new);
1061+
wolfsentry_route_free_1(WOLFSENTRY_CONTEXT_ARGS_OUT, config->config.route_private_data_alignment, *new);
10581062
*new = NULL;
10591063
} else {
10601064
if (parent_event != NULL) {
@@ -1174,7 +1178,7 @@ WOLFSENTRY_LOCAL wolfsentry_errcode_t wolfsentry_route_clone(
11741178
#ifdef WOLFSENTRY_THREADSAFE
11751179
thread,
11761180
#endif
1177-
config, *new_route);
1181+
config->config.route_private_data_alignment, *new_route);
11781182
WOLFSENTRY_ERROR_RERETURN(ret);
11791183
}
11801184
WOLFSENTRY_REFCOUNT_INCREMENT((*new_route)->parent_event->header.refcount, ret);
@@ -1330,7 +1334,7 @@ static wolfsentry_errcode_t wolfsentry_route_insert_1(
13301334

13311335
if (route_to_insert->flags & WOLFSENTRY_ROUTE_FLAG_SA_FAMILY_WILDCARD) {
13321336
if ((route_table->last_af_wildcard_route == NULL) ||
1333-
(wolfsentry_route_key_cmp_1(route_to_insert, route_table->last_af_wildcard_route, 0 /* match_wildcards_p */, NULL /* inexact_matches */) < 0))
1337+
(wolfsentry_route_key_cmp_1(route_to_insert, route_table->last_af_wildcard_route, 0 /* match_wildcards_p */, NULL /* inexact_matches */) > 0))
13341338
{
13351339
route_table->last_af_wildcard_route = route_to_insert;
13361340
}
@@ -1987,6 +1991,9 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_route_table_default_policy_set(
19871991
{
19881992
if (WOLFSENTRY_MASKOUT_BITS(default_policy, WOLFSENTRY_ROUTE_DEFAULT_POLICY_MASK) != WOLFSENTRY_ACTION_RES_NONE)
19891993
WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
1994+
if ((default_policy != WOLFSENTRY_ACTION_RES_NONE) &&
1995+
(! WOLFSENTRY_MASKIN_BITS(default_policy, WOLFSENTRY_ACTION_RES_ACCEPT | WOLFSENTRY_ACTION_RES_REJECT)))
1996+
WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
19901997
WOLFSENTRY_MUTEX_OR_RETURN();
19911998
table->default_policy = default_policy;
19921999
if (table == wolfsentry->routes)
@@ -2162,10 +2169,19 @@ static wolfsentry_errcode_t wolfsentry_route_delete_0(
21622169
wolfsentry_route_update_flags_1(route, WOLFSENTRY_ROUTE_FLAG_NONE, WOLFSENTRY_ROUTE_FLAG_IN_TABLE, &flags_before, &flags_after);
21632170
}
21642171

2165-
if ((ret = wolfsentry_table_ent_delete_1(WOLFSENTRY_CONTEXT_ARGS_OUT, &route->header)) < 0) {
2166-
wolfsentry_route_flags_t flags_before, flags_after;
2167-
wolfsentry_route_update_flags_1(route, WOLFSENTRY_ROUTE_FLAG_IN_TABLE, WOLFSENTRY_ROUTE_FLAG_NONE, &flags_before, &flags_after);
2168-
WOLFSENTRY_ERROR_RERETURN(ret);
2172+
/* snapshot linked-list neighbor before delete_1 nullifies prev/next. */
2173+
{
2174+
struct wolfsentry_route *prev_route = (struct wolfsentry_route *)route->header.prev;
2175+
if ((ret = wolfsentry_table_ent_delete_1(WOLFSENTRY_CONTEXT_ARGS_OUT, &route->header)) < 0) {
2176+
wolfsentry_route_flags_t flags_before, flags_after;
2177+
wolfsentry_route_update_flags_1(route, WOLFSENTRY_ROUTE_FLAG_IN_TABLE, WOLFSENTRY_ROUTE_FLAG_NONE, &flags_before, &flags_after);
2178+
WOLFSENTRY_ERROR_RERETURN(ret);
2179+
}
2180+
if (route_table->last_af_wildcard_route == route) {
2181+
while (prev_route && ! (prev_route->flags & WOLFSENTRY_ROUTE_FLAG_SA_FAMILY_WILDCARD))
2182+
prev_route = (struct wolfsentry_route *)prev_route->header.prev;
2183+
route_table->last_af_wildcard_route = prev_route;
2184+
}
21692185
}
21702186

21712187
#ifdef WOLFSENTRY_ADDR_BITMASK_MATCHING
@@ -2191,9 +2207,6 @@ static wolfsentry_errcode_t wolfsentry_route_delete_0(
21912207
WOLFSENTRY_WARN("wolfsentry_action_list_dispatch for wolfsentry_route_delete_0 returned " WOLFSENTRY_ERROR_FMT "\n", WOLFSENTRY_ERROR_FMT_ARGS(ret));
21922208
}
21932209

2194-
if (route_table->last_af_wildcard_route == route)
2195-
route_table->last_af_wildcard_route = (struct wolfsentry_route *)route->header.prev;
2196-
21972210
{
21982211
wolfsentry_priority_t effective_priority = route->parent_event ? route->parent_event->priority : 0;
21992212
if (effective_priority == route_table->highest_priority_route_in_table) {
@@ -2490,7 +2503,9 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_0(
24902503
(void)ret;
24912504
}
24922505

2493-
if (! (current_rule_route_flags & WOLFSENTRY_ROUTE_FLAG_DONT_COUNT_CURRENT_CONNECTIONS)) {
2506+
if ((! (current_rule_route_flags & WOLFSENTRY_ROUTE_FLAG_DONT_COUNT_CURRENT_CONNECTIONS)) &&
2507+
(config->config.max_connection_count > 0))
2508+
{
24942509
if (*action_results & WOLFSENTRY_ACTION_RES_CONNECT) {
24952510
if (rule_route->meta.connection_count >= config->config.max_connection_count) {
24962511
*action_results |= WOLFSENTRY_ACTION_RES_REJECT;
@@ -3904,7 +3919,7 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_route_format_address(
39043919
WOLFSENTRY_RETURN_OK;
39053920
}
39063921

3907-
if (sa_family == WOLFSENTRY_AF_LINK) {
3922+
if (sa_family == WOLFSENTRY_AF_LINK || sa_family == WOLFSENTRY_AF_LINK64) {
39083923
unsigned int i;
39093924
if ((addr_bits >> 3) * 3 > (size_t)*buflen)
39103925
WOLFSENTRY_ERROR_RETURN(BUFFER_TOO_SMALL);
@@ -4431,7 +4446,7 @@ static wolfsentry_errcode_t wolfsentry_route_render_address(WOLFSENTRY_CONTEXT_A
44314446
WOLFSENTRY_RETURN_OK;
44324447
}
44334448

4434-
if (sa_family == WOLFSENTRY_AF_LINK) {
4449+
if (sa_family == WOLFSENTRY_AF_LINK || sa_family == WOLFSENTRY_AF_LINK64) {
44354450
unsigned int i;
44364451
for (i=0; i < (addr_bits >> 3); ++i) {
44374452
if (fprintf(f, "%s%02x", i ? ":" : "", (unsigned int)addr[i]) < 0)

0 commit comments

Comments
 (0)