From cee3dcbc0f0e002876987a54844e5089622d1fd5 Mon Sep 17 00:00:00 2001
From: Dmitriy Gerasimov <naeper@demlabs.net>
Date: Wed, 21 Jul 2021 12:21:09 +0700
Subject: [PATCH] [!] Memory leaks and UB fixes

---
 dap-sdk/net/core/dap_worker.c                 |  2 +-
 .../server/notify_server/src/dap_notify_srv.c |  2 +-
 dap-sdk/net/stream/ch/dap_stream_ch_pkt.c     | 21 +++++++++++++++++++
 .../net/stream/ch/include/dap_stream_ch_pkt.h |  1 +
 dap-sdk/net/stream/stream/dap_stream.c        |  2 ++
 .../dap_stream_ch_chain_net_srv.c             |  4 +++-
 modules/net/dap_chain_node_dns_client.c       |  1 +
 .../srv/include/dap_chain_net_srv_common.h    |  2 ++
 8 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/dap-sdk/net/core/dap_worker.c b/dap-sdk/net/core/dap_worker.c
index 750cec1fbf..d407da767a 100644
--- a/dap-sdk/net/core/dap_worker.c
+++ b/dap-sdk/net/core/dap_worker.c
@@ -977,7 +977,7 @@ static void s_queue_delete_es_callback( dap_events_socket_t * a_es, void * a_arg
     assert(l_es_handler);
     dap_events_socket_t * l_esocket = (dap_events_socket_t*) l_es_handler->esocket;
     if (dap_events_socket_check_uuid_unsafe (a_es->worker,l_esocket, l_es_handler->uuid)){
-        ((dap_events_socket_t*)a_arg)->flags |= DAP_SOCK_SIGNAL_CLOSE; // Send signal to socket to kill
+        l_esocket->flags |= DAP_SOCK_SIGNAL_CLOSE; // Send signal to socket to kill
     }else{
         log_it(L_INFO, "While we were sending the delete() message, esocket %p has been disconnected", l_esocket);
         DAP_DELETE(l_es_handler);
diff --git a/dap-sdk/net/server/notify_server/src/dap_notify_srv.c b/dap-sdk/net/server/notify_server/src/dap_notify_srv.c
index dc963b3c96..c42380a56e 100644
--- a/dap-sdk/net/server/notify_server/src/dap_notify_srv.c
+++ b/dap-sdk/net/server/notify_server/src/dap_notify_srv.c
@@ -172,9 +172,9 @@ static void s_notify_server_callback_queue(dap_events_socket_t * a_es, void * a_
             dap_events_socket_write_inter(a_es->worker->queue_es_io_input[l_worker_id],l_socket_handler->esocket,
                                       a_arg,l_str_len+1);
         }
-        DAP_DELETE(a_arg);
     }
     pthread_rwlock_unlock(&s_notify_server_clients_mutex);
+    DAP_DELETE(a_arg);
 }
 
 /**
diff --git a/dap-sdk/net/stream/ch/dap_stream_ch_pkt.c b/dap-sdk/net/stream/ch/dap_stream_ch_pkt.c
index c060766e5a..5334a9cb42 100644
--- a/dap-sdk/net/stream/ch/dap_stream_ch_pkt.c
+++ b/dap-sdk/net/stream/ch/dap_stream_ch_pkt.c
@@ -222,6 +222,27 @@ bool dap_stream_ch_check_unsafe(dap_stream_worker_t * a_worker,dap_stream_ch_t *
         return false;
 }
 
+/**
+ * @brief dap_stream_ch_check_uuid_unsafe
+ * @param a_worker
+ * @param a_ch
+ * @param a_uuid
+ * @return
+ */
+bool dap_stream_ch_check_uuid_unsafe(dap_stream_worker_t * a_worker,dap_stream_ch_t * a_ch, uint128_t a_uuid)
+{
+    if (a_ch){
+        if ( a_worker->channels){
+            dap_stream_ch_t * l_ch = NULL;
+            pthread_rwlock_rdlock(&a_worker->channels_rwlock);
+            HASH_FIND(hh_worker,a_worker->channels ,&a_ch, sizeof(a_ch), l_ch );
+            pthread_rwlock_unlock(&a_worker->channels_rwlock);
+            return l_ch == a_ch && dap_uint128_check_equal(l_ch->uuid,a_uuid);
+        }else
+            return false;
+    }else
+        return false;
+}
 
 
 /**
diff --git a/dap-sdk/net/stream/ch/include/dap_stream_ch_pkt.h b/dap-sdk/net/stream/ch/include/dap_stream_ch_pkt.h
index b561c723c4..505285e904 100644
--- a/dap-sdk/net/stream/ch/include/dap_stream_ch_pkt.h
+++ b/dap-sdk/net/stream/ch/include/dap_stream_ch_pkt.h
@@ -55,6 +55,7 @@ size_t dap_stream_ch_pkt_write_f_unsafe(struct dap_stream_ch * a_ch, uint8_t a_t
 size_t dap_stream_ch_pkt_write_unsafe(struct dap_stream_ch * a_ch,  uint8_t a_type, const void * a_data, size_t a_data_size);
 
 bool dap_stream_ch_check_unsafe(dap_stream_worker_t * a_worker,dap_stream_ch_t * a_ch);
+bool dap_stream_ch_check_uuid_unsafe(dap_stream_worker_t * a_worker,dap_stream_ch_t * a_ch, uint128_t a_uuid);
 
 size_t dap_stream_ch_pkt_write_f_mt(dap_stream_worker_t * a_worker , dap_stream_ch_t *a_ch, uint8_t a_type, const char * a_str,...);
 size_t dap_stream_ch_pkt_write_mt(dap_stream_worker_t * a_worker , dap_stream_ch_t *a_ch,  uint8_t a_type, const void * a_data, size_t a_data_size);
diff --git a/dap-sdk/net/stream/stream/dap_stream.c b/dap-sdk/net/stream/stream/dap_stream.c
index 4fcff3a0f3..94269f06b7 100644
--- a/dap-sdk/net/stream/stream/dap_stream.c
+++ b/dap-sdk/net/stream/stream/dap_stream.c
@@ -38,6 +38,7 @@
 #include "dap_common.h"
 #include "dap_timerfd.h"
 
+#include "dap_events.h"
 #include "dap_stream.h"
 #include "dap_stream_pkt.h"
 #include "dap_stream_ch.h"
@@ -789,6 +790,7 @@ static bool s_detect_loose_packet(dap_stream_t * a_stream)
 
 static bool s_keepalive_cb( void )
 {
+    dap_worker_t * l_worker = dap_events_worker_get_auto();
   dap_stream_t  *l_stream, *tmp;
   pthread_mutex_lock( &s_mutex_keepalive_list );
   stream_pkt_hdr_t l_pkt = {0};
diff --git a/modules/channel/chain-net-srv/dap_stream_ch_chain_net_srv.c b/modules/channel/chain-net-srv/dap_stream_ch_chain_net_srv.c
index 6a45d7919a..076b9113b1 100644
--- a/modules/channel/chain-net-srv/dap_stream_ch_chain_net_srv.c
+++ b/modules/channel/chain-net-srv/dap_stream_ch_chain_net_srv.c
@@ -146,7 +146,8 @@ static bool s_grace_period_control(dap_chain_net_srv_grace_t *a_grace)
     dap_chain_net_srv_t * l_srv = NULL;
     dap_stream_ch_t *l_ch = a_grace->ch;
 
-    if (!dap_stream_ch_check_unsafe(a_grace->stream_worker, l_ch))
+
+    if (!dap_stream_ch_check_uuid_unsafe(a_grace->stream_worker, l_ch, a_grace->ch_uuid))
         goto free_exit;
 
     dap_chain_net_srv_stream_session_t *l_srv_session = l_ch && l_ch->stream && l_ch->stream->session ?
@@ -438,6 +439,7 @@ void s_stream_ch_packet_in(dap_stream_ch_t* a_ch , void* a_arg)
                 memcpy(l_grace->request, l_ch_pkt->data, l_ch_pkt->hdr.size);
                 l_grace->request_size = l_ch_pkt->hdr.size;
                 l_grace->ch = a_ch;
+                l_grace->ch_uuid = a_ch->uuid;
                 l_grace->stream_worker = a_ch->stream_worker;
                 s_grace_period_control(l_grace);
             } break;
diff --git a/modules/net/dap_chain_node_dns_client.c b/modules/net/dap_chain_node_dns_client.c
index 3b7df7f5ac..7fe4614c07 100644
--- a/modules/net/dap_chain_node_dns_client.c
+++ b/modules/net/dap_chain_node_dns_client.c
@@ -161,6 +161,7 @@ static bool s_dns_client_esocket_timeout_callback(void * a_arg)
 
         dap_events_socket_remove_and_delete_unsafe( l_es, false);
     }
+    DAP_DELETE(l_es_handler);
     return false;
 }
 
diff --git a/modules/net/srv/include/dap_chain_net_srv_common.h b/modules/net/srv/include/dap_chain_net_srv_common.h
index 69238b2983..398e181fcb 100755
--- a/modules/net/srv/include/dap_chain_net_srv_common.h
+++ b/modules/net/srv/include/dap_chain_net_srv_common.h
@@ -186,6 +186,8 @@ typedef struct dap_chain_net_srv_usage dap_chain_net_srv_usage_t;
 typedef struct dap_chain_net_srv_grace {
     dap_stream_worker_t *stream_worker;
     dap_stream_ch_t *ch;
+    dap_events_socket_t * esocket;
+    uint128_t ch_uuid;
     dap_chain_net_srv_usage_t *usage;
     dap_stream_ch_chain_net_srv_pkt_request_t *request;
     size_t request_size;
-- 
GitLab