diff --git a/.clang-tidy b/.clang-tidy index ae49d65..baca00d 100644 --- a/.clang-tidy +++ b/.clang-tidy @@ -1,5 +1,7 @@ --- Checks: 'clang-diagnostic-*, + ,-clang-diagnostic-ignored-optimization-argument, + ,-cplusplus.InnerPointer, ,clang-analyzer-*, ,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling, ,-clang-analyzer-security.insecureAPI.strcpy, @@ -7,6 +9,7 @@ Checks: 'clang-diagnostic-*, ,bugprone-*, ,-bugprone-easily-swappable-parameters, ,performance-*, + ,-performance-no-int-to-ptr, ,readability-*, ,-readability-braces-around-statements, ,-readability-identifier-length, @@ -15,8 +18,8 @@ Checks: 'clang-diagnostic-*, ,-readability-function-cognitive-complexity, ,-readability-uppercase-literal-suffix, ,modernize-*, - ,-modernize-use-trailing-return-type, ,-modernize-use-auto, - ,-cplusplus.InnerPointer, - ,-clang-diagnostic-ignored-optimization-argument, + ,-modernize-avoid-c-arrays, + ,-modernize-redundant-void-arg, + ,-modernize-use-trailing-return-type, ' diff --git a/src/apps/common/ns_turn_utils.c b/src/apps/common/ns_turn_utils.c index 6a30df9..d6908b1 100644 --- a/src/apps/common/ns_turn_utils.c +++ b/src/apps/common/ns_turn_utils.c @@ -112,39 +112,60 @@ int turn_mutex_unlock(const turn_mutex *mutex) { } int turn_mutex_init(turn_mutex *mutex) { - if (mutex) { - mutex->data = MAGIC_CODE; - mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); - pthread_mutex_init((pthread_mutex_t *)mutex->mutex, NULL); - return 0; - } else { + if (!mutex) { return -1; } + + mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); + if (!(mutex->mutex)) { + perror("Cannot allocate mutex"); + return -1; + } + + if (pthread_mutex_init((pthread_mutex_t *)mutex->mutex, NULL) != 0) { + perror("Cannot init mutex"); + free(mutex->mutex); + mutex->mutex = NULL; + return -1; + } + + mutex->data = MAGIC_CODE; + return 0; } int turn_mutex_init_recursive(turn_mutex *mutex) { - int ret = -1; - if (mutex) { - pthread_mutexattr_t attr; - if (pthread_mutexattr_init(&attr) < 0) { - perror("Cannot init mutex attr"); - } else { - if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE) < 0) { - perror("Cannot set type on mutex attr"); - } else { - mutex->data = MAGIC_CODE; - mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); - if ((ret = pthread_mutex_init((pthread_mutex_t *)mutex->mutex, &attr)) < 0) { - perror("Cannot init mutex"); - mutex->data = 0; - free(mutex->mutex); - mutex->mutex = NULL; - } - } - pthread_mutexattr_destroy(&attr); - } + if (!mutex) { + return -1; } - return ret; + + pthread_mutexattr_t attr; + if (pthread_mutexattr_init(&attr) != 0) { + perror("Cannot init mutex attr"); + return -1; + } + + if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE) != 0) { + perror("Cannot set type on mutex attr"); + return -1; + } + + mutex->mutex = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); + if (!(mutex->mutex)) { + perror("Cannot allocate mutex"); + return -1; + } + + if (pthread_mutex_init((pthread_mutex_t *)mutex->mutex, &attr) != 0) { + perror("Cannot init mutex"); + free(mutex->mutex); + mutex->mutex = NULL; + return -1; + } + + pthread_mutexattr_destroy(&attr); + + mutex->data = MAGIC_CODE; + return 0; } int turn_mutex_destroy(turn_mutex *mutex) { @@ -280,7 +301,7 @@ static void get_date(char *s, size_t sz) { void set_logfile(const char *fn) { if (fn) { log_lock(); - if (strcmp(fn, log_fn_base)) { + if (strcmp(fn, log_fn_base) != 0) { reset_rtpprintf(); STRCPY(log_fn_base, fn); } @@ -501,7 +522,7 @@ void rollover_logfile(void) { char logf[FILE_STR_LEN]; set_log_file_name(log_fn_base, logf); - if (strcmp(log_fn, logf)) { + if (strcmp(log_fn, logf) != 0) { fclose(_rtpfile); log_fn[0] = 0; _rtpfile = fopen(logf, "w"); diff --git a/src/apps/natdiscovery/natdiscovery.c b/src/apps/natdiscovery/natdiscovery.c index ee28d94..0dcb00e 100644 --- a/src/apps/natdiscovery/natdiscovery.c +++ b/src/apps/natdiscovery/natdiscovery.c @@ -165,7 +165,6 @@ static int stunclient_receive(int sockfd, ioa_addr *local_addr, ioa_addr *reflex { int len = 0; stun_buffer buf; - uint8_t *ptr = buf.buf; int recvd = 0; const int to_recv = sizeof(buf.buf); struct timeval tv; @@ -176,10 +175,9 @@ static int stunclient_receive(int sockfd, ioa_addr *local_addr, ioa_addr *reflex setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval)); do { - len = recv(sockfd, ptr, to_recv - recvd, 0); + len = recv(sockfd, buf.buf, to_recv - recvd, 0); if (len > 0) { recvd += len; - ptr += len; break; } } while (len < 0 && socket_eintr()); @@ -377,8 +375,8 @@ static int stunclient_send(stun_buffer *buf, int sockfd, ioa_addr *local_addr, i } { - int len = 0; - int slen = get_ioa_addr_len(remote_addr); + ssize_t len = 0; + uint32_t slen = get_ioa_addr_len(remote_addr); do { len = sendto(sockfd, buf->buf, buf->len, 0, (struct sockaddr *)remote_addr, (socklen_t)slen); @@ -403,9 +401,8 @@ static int stunclient_receive(stun_buffer *buf, int sockfd, ioa_addr *local_addr int ret = 0; { - int len = 0; - uint8_t *ptr = buf->buf; - int recvd = 0; + ssize_t len = 0; + ssize_t recvd = 0; const int to_recv = sizeof(buf->buf); struct timeval tv; @@ -415,10 +412,9 @@ static int stunclient_receive(stun_buffer *buf, int sockfd, ioa_addr *local_addr setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval)); do { - len = recv(sockfd, ptr, to_recv - recvd, 0); + len = recv(sockfd, buf->buf, to_recv - recvd, 0); if (len > 0) { recvd += len; - ptr += len; break; } } while (len < 0 && socket_eintr()); @@ -780,13 +776,11 @@ int main(int argc, char **argv) { } if (rfc5780) { if (!addr_any(&other_addr)) { - int res = 0; - res = run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780, 1, 1, - padding); + int res = run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780, 1, 1, + padding); if (!res) { discoveryresult("NAT with Endpoint Independent Filtering!"); } else { - res = 0; res = run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780, 0, 1, padding); if (!res) { diff --git a/src/apps/peer/mainudpserver.c b/src/apps/peer/mainudpserver.c index f872615..b96be38 100644 --- a/src/apps/peer/mainudpserver.c +++ b/src/apps/peer/mainudpserver.c @@ -29,13 +29,13 @@ */ #include "apputils.h" +#include "ns_turn_defs.h" // for NULL, STRCPY #include "ns_turn_utils.h" #include "udpserver.h" #include #include #include -#include #if defined(_MSC_VER) #include #else diff --git a/src/apps/peer/udpserver.c b/src/apps/peer/udpserver.c index c09c22f..d45ed61 100644 --- a/src/apps/peer/udpserver.c +++ b/src/apps/peer/udpserver.c @@ -44,10 +44,10 @@ static void udp_server_input_handler(evutil_socket_t fd, short what, void *arg) ioa_addr *addr = (ioa_addr *)arg; - int len = 0; - int slen = get_ioa_addr_len(addr); stun_buffer buffer; ioa_addr remote_addr; + uint32_t slen = get_ioa_addr_len(addr); + ssize_t len = 0; do { len = recvfrom(fd, buffer.buf, sizeof(buffer.buf) - 1, 0, (struct sockaddr *)&remote_addr, (socklen_t *)&slen); diff --git a/src/apps/relay/acme.c b/src/apps/relay/acme.c index 3fec2ab..5ead7b8 100644 --- a/src/apps/relay/acme.c +++ b/src/apps/relay/acme.c @@ -18,10 +18,9 @@ static int is_acme_req(char *req, size_t len) { static const char *A = " - 0123456789 ABCDEFGHIJKLMNOPQRSTUVWXYZ " " _ abcdefghijklmnopqrstuvwxyz "; - int c, i, k; // Check first request line. Should be like: GET path HTTP/1.x - if (strncmp(req, GET_ACME_PREFIX, GET_ACME_PREFIX_LEN)) { + if (strncmp(req, GET_ACME_PREFIX, GET_ACME_PREFIX_LEN) != 0) { return -1; } // Usually (for LE) the "method path" is 32 + 43 = 55 chars. But other @@ -31,24 +30,24 @@ static int is_acme_req(char *req, size_t len) { if (len > 131) { len = 131; } - for (i = GET_ACME_PREFIX_LEN; i < (int)len; i++) { + for (size_t i = GET_ACME_PREFIX_LEN; i < len; i++) { // find the end of the path if (req[i] != ' ') { continue; } // consider path < 10 chars invalid. Also we wanna see a "trailer". - if (i < (GET_ACME_PREFIX_LEN + 10) || strncmp(req + i, " HTTP/1.", 8)) { + if (i < (GET_ACME_PREFIX_LEN + 10) || strncmp(req + i, " HTTP/1.", 8) != 0) { return -2; } // finally check for allowed chars - for (k = GET_ACME_PREFIX_LEN; k < i; k++) { - c = req[k]; + for (size_t k = GET_ACME_PREFIX_LEN; k < i; k++) { + const char c = req[k]; if ((c > 127) || (A[c] == ' ')) { return -3; } } // all checks passed: sufficient for us to answer with a redirect - return i; + return (int)i; } return -4; // end of path not found } @@ -57,11 +56,11 @@ int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle static const char *HTML = "301 Moved Permanently\

301 Moved Permanently

"; char http_response[1024]; - size_t plen, rlen; if (url == NULL || url[0] == '\0' || req == NULL || s == 0) { return 1; } + size_t plen; if (len < (GET_ACME_PREFIX_LEN + 32) || len > (512 - GET_ACME_PREFIX_LEN) || (plen = is_acme_req(req, len)) < (GET_ACME_PREFIX_LEN + 1)) { return 2; @@ -78,7 +77,7 @@ int try_acme_redirect(char *req, size_t len, const char *url, ioa_socket_handle "\r\n%s", strlen(HTML), url, req + GET_ACME_PREFIX_LEN, HTML); - rlen = strlen(http_response); + size_t rlen = strlen(http_response); #ifdef LIBEV_OK ioa_network_buffer_handle nbh_acme = ioa_network_buffer_allocate(s->e); diff --git a/src/apps/relay/dtls_listener.c b/src/apps/relay/dtls_listener.c index d6452dc..38eff03 100644 --- a/src/apps/relay/dtls_listener.c +++ b/src/apps/relay/dtls_listener.c @@ -68,7 +68,7 @@ struct dtls_listener_relay_server_info { ioa_socket_handle udp_listen_s; ur_addr_map *children_ss; /* map of socket children on remote addr */ struct message_to_relay sm; - int slen0; + size_t slen0; ioa_engine_new_connection_event_handler connect_cb; }; @@ -141,8 +141,10 @@ static void calculate_cookie(SSL *ssl, unsigned char *cookie_secret, unsigned in } static int generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { - unsigned char *buffer, result[EVP_MAX_MD_SIZE]; - unsigned int length = 0, resultlength; + unsigned char *buffer; + unsigned char result[EVP_MAX_MD_SIZE]; + unsigned int length = 0; + unsigned int resultlength; ioa_addr peer; unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; @@ -653,13 +655,13 @@ start_udp_cycle: ioa_addr orig_addr; int ttl = 0; int tos = 0; - int slen = server->slen0; + socklen_t slen = server->slen0; udp_recvfrom(fd, &orig_addr, &(server->addr), buffer, (int)sizeof(buffer), &ttl, &tos, server->e->cmsg, eflags, &errcode); // try again... do { bsize = recvfrom(fd, ioa_network_buffer_data(elem), ioa_network_buffer_get_capacity_udp(), flags, - (struct sockaddr *)&(server->sm.m.sm.nd.src_addr), (socklen_t *)&slen); + (struct sockaddr *)&(server->sm.m.sm.nd.src_addr), &slen); } while (bsize < 0 && socket_eintr()); conn_reset = is_connreset(); diff --git a/src/apps/relay/http_server.c b/src/apps/relay/http_server.c index 1e7f08c..2ded1f7 100644 --- a/src/apps/relay/http_server.c +++ b/src/apps/relay/http_server.c @@ -56,23 +56,24 @@ static void write_http_echo(ioa_socket_handle s) { if (s && !ioa_socket_tobeclosed(s)) { SOCKET_APP_TYPE sat = get_ioa_socket_app_type(s); if ((sat == HTTP_CLIENT_SOCKET) || (sat == HTTPS_CLIENT_SOCKET)) { - ioa_network_buffer_handle nbh_http = ioa_network_buffer_allocate(s->e); - size_t len_http = ioa_network_buffer_get_size(nbh_http); - uint8_t *data = ioa_network_buffer_data(nbh_http); - char data_http[1025]; char content_http[1025]; - const char *title = "TURN Server"; + const char *const title = "TURN Server"; snprintf(content_http, sizeof(content_http) - 1, "\r\n\r\n \r\n %s\r\n \r\n \r\n " "%s
use https connection for the admin session\r\n \r\n\r\n", title, title); - snprintf( - data_http, sizeof(data_http) - 1, - "HTTP/1.0 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: %d\r\n\r\n%.906s", - TURN_SOFTWARE, (int)strlen(content_http), content_http); - len_http = strlen(data_http); - memcpy(data, data_http, len_http); - ioa_network_buffer_set_size(nbh_http, len_http); + + char data_http[1025]; + snprintf(data_http, sizeof(data_http) - 1, + "HTTP/1.0 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: " + "%zu\r\n\r\n%.906s", + TURN_SOFTWARE, strlen(content_http), content_http); + + ioa_network_buffer_handle nbh_http = ioa_network_buffer_allocate(s->e); + char *data = ioa_network_buffer_data(nbh_http); + + strcpy(data, data_http); + ioa_network_buffer_set_size(nbh_http, strlen(data_http)); send_data_from_ioa_socket_nbh(s, NULL, nbh_http, TTL_IGNORE, TOS_IGNORE, NULL); } } diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 5064f61..a4dece9 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -1793,7 +1793,7 @@ unsigned char *base64decode(const void *b64_decode_this, int decode_this_many_by int decoded_byte_index = 0; // Index where the next base64_decoded byte should be written. while (0 < BIO_read(b64_bio, base64_decoded + decoded_byte_index, 1)) { // Read byte-by-byte. decoded_byte_index++; // Increment the index until read of BIO decoded data is complete. - } // Once we're done reading decoded data, BIO_read returns -1 even though there's no error. + } // Once we're done reading decoded data, BIO_read returns -1 even though there's no error. BIO_free_all(b64_bio); // Destroys all BIOs in chain, starting with b64 (i.e. the 1st one). return base64_decoded; // Returns base-64 decoded data with trailing null terminator. diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index 43378af..f3ff5fa 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -1056,7 +1056,7 @@ static void setup_barriers(void) { #if !defined(TURN_NO_THREAD_BARRIERS) { - if (pthread_barrier_init(&barrier, NULL, barrier_count) < 0) { + if (pthread_barrier_init(&barrier, NULL, barrier_count) != 0) { perror("barrier init"); } } @@ -1131,7 +1131,7 @@ static void setup_socket_per_endpoint_udp_listener_servers(void) { /* Aux UDP servers */ for (i = 0; i < turn_params.aux_servers_list.size; i++) { - int index = i; + size_t index = i; if (!turn_params.no_udp || !turn_params.no_dtls) { @@ -1663,8 +1663,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int &turn_params.ip_blacklist, send_socket_to_relay, &turn_params.secure_stun, &turn_params.mobility, turn_params.server_relay, send_turn_session_info, send_https_socket, allocate_bps, turn_params.oauth, turn_params.oauth_server_name, turn_params.acme_redirect, turn_params.allocation_default_address_family, - &turn_params.log_binding, &turn_params.stun_backward_compatibility, - &turn_params.respond_http_unsupported); + &turn_params.log_binding, &turn_params.stun_backward_compatibility, &turn_params.respond_http_unsupported); if (to_set_rfc5780) { set_rfc5780(&(rs->server), get_alt_addr, send_message_from_listener_to_client); } diff --git a/src/apps/relay/prom_server.c b/src/apps/relay/prom_server.c index 2fd2b8d..82b0faa 100644 --- a/src/apps/relay/prom_server.c +++ b/src/apps/relay/prom_server.c @@ -200,8 +200,6 @@ void start_prometheus_server(void) { } TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "prometheus collector started successfully\n"); - - return; } void prom_set_finished_traffic(const char *realm, const char *user, unsigned long rsvp, unsigned long rsvb, diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c index 3d421f9..0be2288 100644 --- a/src/apps/relay/turn_admin_server.c +++ b/src/apps/relay/turn_admin_server.c @@ -348,7 +348,7 @@ static void cli_print_ip_range_list(struct cli_session *cs, ip_range_list_t *val size_t i; for (i = 0; i < value->ranges_number; ++i) { if (value->rs[i].realm[0]) { - if (cs->realm[0] && strcmp(cs->realm, value->rs[i].realm)) { + if (cs->realm[0] && strcmp(cs->realm, value->rs[i].realm) != 0) { continue; } else { myprintf(cs, " %s: %s (%s)%s\n", name, value->rs[i].str, value->rs[i].realm, sc); @@ -440,11 +440,11 @@ static bool print_session(ur_map_key_type key, ur_map_value_type value, void *ar struct cli_session *cs = csarg->cs; struct turn_session_info *tsi = (struct turn_session_info *)value; - if (cs->realm[0] && strcmp(cs->realm, tsi->realm)) { + if (cs->realm[0] && strcmp(cs->realm, tsi->realm) != 0) { return false; } - if (cs->origin[0] && strcmp(cs->origin, tsi->origin)) { + if (cs->origin[0] && strcmp(cs->origin, tsi->origin) != 0) { return false; } @@ -487,7 +487,7 @@ static bool print_session(ur_map_key_type key, ur_map_value_type value, void *ar } else { if (csarg->username[0]) { if (csarg->exact_match) { - if (strcmp((char *)tsi->username, csarg->username)) { + if (strcmp((char *)tsi->username, csarg->username) != 0) { return false; } } else { @@ -1942,7 +1942,7 @@ static const char *change_ip_addr_html(int dynamic, const char *kind, const char realm = ""; } - if (current_realm()[0] && strcmp(current_realm(), realm)) { + if (current_realm()[0] && strcmp(current_realm(), realm) != 0) { // delete forbidden } else { char *eip = evhttp_encode_uri(ip); @@ -1963,7 +1963,7 @@ static void https_print_ip_range_list(struct str_buffer *sb, ip_range_list_t *va char buffer[1025]; for (i = 0; i < value->ranges_number; ++i) { if (value->rs[i].realm[0]) { - if (current_eff_realm()[0] && strcmp(current_eff_realm(), value->rs[i].realm)) { + if (current_eff_realm()[0] && strcmp(current_eff_realm(), value->rs[i].realm) != 0) { continue; } else { sbprintf(sb, " %s %s [%s] %s\r\n", name, value->rs[i].str, value->rs[i].realm, diff --git a/src/apps/relay/turn_ports.c b/src/apps/relay/turn_ports.c index b17141b..4fa306f 100644 --- a/src/apps/relay/turn_ports.c +++ b/src/apps/relay/turn_ports.c @@ -93,12 +93,12 @@ static void turnports_randomize(turnports *tp) { uint16_t port1 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size))); uint16_t port2 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)turn_random()) % ((unsigned long)size))); if (port1 != port2) { - int pos1 = tp->status[port1]; - int pos2 = tp->status[port2]; - int tmp = (int)tp->status[port1]; + uint32_t pos1 = tp->status[port1]; + uint32_t pos2 = tp->status[port2]; + uint32_t tmp = tp->status[port1]; tp->status[port1] = tp->status[port2]; - tp->status[port2] = (uint32_t)tmp; - tmp = (int)tp->ports[pos1]; + tp->status[port2] = tmp; + tmp = tp->ports[pos1]; tp->ports[pos1] = tp->ports[pos2]; tp->ports[pos2] = (uint16_t)tmp; } @@ -213,44 +213,44 @@ void turnports_release(turnports *tp, uint16_t port) { } int turnports_allocate_even(turnports *tp, int allocate_rtcp, uint64_t *reservation_token) { - if (tp) { - TURN_MUTEX_LOCK(&tp->mutex); - uint16_t size = turnports_size(tp); - if (size > 1) { - uint16_t i = 0; - for (i = 0; i < size; i++) { - int port = turnports_allocate(tp); - if (port & 0x00000001) { - turnports_release(tp, port); + if (!tp) { + return -1; + } + + TURN_MUTEX_LOCK(&tp->mutex); + uint16_t size = turnports_size(tp); + if (size > 1) { + for (uint16_t i = 0; i < size; i++) { + int port = turnports_allocate(tp); + if (port & 0x00000001) { + turnports_release(tp, port); + } else { + if (!allocate_rtcp) { + TURN_MUTEX_UNLOCK(&tp->mutex); + return port; } else { - if (!allocate_rtcp) { + int rtcp_port = port + 1; + if ((rtcp_port > tp->range_stop) || !turnports_is_available(tp, rtcp_port)) { + turnports_release(tp, port); + } else { + tp->status[port] = TPS_TAKEN_EVEN; + tp->status[rtcp_port] = TPS_TAKEN_ODD; + if (reservation_token) { + uint16_t *v16 = (uint16_t *)reservation_token; + uint32_t *v32 = (uint32_t *)reservation_token; + v16[0] = (uint16_t)(tp->ports[(uint16_t)(tp->low & 0x0000FFFF)]); + v16[1] = (uint16_t)(tp->ports[(uint16_t)(tp->high & 0x0000FFFF)]); + v32[1] = (uint32_t)turn_random(); + } TURN_MUTEX_UNLOCK(&tp->mutex); return port; - } else { - int rtcp_port = port + 1; - if (rtcp_port > tp->range_stop) { - turnports_release(tp, port); - } else if (!turnports_is_available(tp, rtcp_port)) { - turnports_release(tp, port); - } else { - tp->status[port] = TPS_TAKEN_EVEN; - tp->status[rtcp_port] = TPS_TAKEN_ODD; - if (reservation_token) { - uint16_t *v16 = (uint16_t *)reservation_token; - uint32_t *v32 = (uint32_t *)reservation_token; - v16[0] = (uint16_t)(tp->ports[(uint16_t)(tp->low & 0x0000FFFF)]); - v16[1] = (uint16_t)(tp->ports[(uint16_t)(tp->high & 0x0000FFFF)]); - v32[1] = (uint32_t)turn_random(); - } - TURN_MUTEX_UNLOCK(&tp->mutex); - return port; - } } } } } - TURN_MUTEX_UNLOCK(&tp->mutex); } + TURN_MUTEX_UNLOCK(&tp->mutex); + return -1; } diff --git a/src/apps/relay/userdb.h b/src/apps/relay/userdb.h index 4de3a8d..14ddecb 100644 --- a/src/apps/relay/userdb.h +++ b/src/apps/relay/userdb.h @@ -187,7 +187,7 @@ void add_to_secrets_list(secrets_list_t *sl, const char *elem); int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, uint8_t *uname, uint8_t *realm, hmackey_t key, ioa_network_buffer_handle nbh); -uint8_t *start_user_check(turnserver_id id, turn_credential_type ct, int in_oauth, int *out_oauth, uint8_t *uname, +uint8_t *start_user_check(turnserver_id id, turn_credential_type ct, int in_oauth, int *out_oauth, uint8_t *usname, uint8_t *realm, get_username_resume_cb resume, ioa_net_data *in_buffer, uint64_t ctxkey, int *postpone_reply); int check_new_allocation_quota(uint8_t *username, int oauth, uint8_t *realm); diff --git a/src/apps/rfc5769/rfc5769check.c b/src/apps/rfc5769/rfc5769check.c index 0ea946b..b839015 100644 --- a/src/apps/rfc5769/rfc5769check.c +++ b/src/apps/rfc5769/rfc5769check.c @@ -57,8 +57,8 @@ void print_field5769(const char *name, const void *f0, size_t len); void print_field5769(const char *name, const void *f0, size_t len) { const unsigned char *f = (const unsigned char *)f0; printf("\nfield %s %lu==>>\n", name, (unsigned long)len); - size_t i; - for (i = 0; i < len; ++i) { + + for (size_t i = 0; i < len; ++i) { printf("\\x%02x", (unsigned int)f[i]); } printf("\n<<==field %s\n", name); @@ -67,8 +67,6 @@ void print_field5769(const char *name, const void *f0, size_t len) { static int check_oauth(void) { const char server_name[33] = "blackdow.carleon.gov"; - size_t i_encs; - const char long_term_key[33] = "HGkj32KJGiuy098sdfaqbNjOiaz71923"; size_t ltp_output_length = 0; @@ -89,7 +87,7 @@ static int check_oauth(void) { { { - for (i_encs = 0; encs[i_encs]; ++i_encs) { + for (size_t i_encs = 0; encs[i_encs]; ++i_encs) { printf("oauth token %s:", encs[i_encs]); if (print_extra) { @@ -158,7 +156,7 @@ static int check_oauth(void) { } } - if (strcmp((char *)ot.enc_block.mac_key, (char *)dot.enc_block.mac_key)) { + if (0 != strcmp((char *)ot.enc_block.mac_key, (char *)dot.enc_block.mac_key)) { fprintf(stderr, "%s: wrong mac key: %s, must be %s\n", __FUNCTION__, (char *)dot.enc_block.mac_key, (char *)ot.enc_block.mac_key); goto err; @@ -353,15 +351,13 @@ int main(int argc, const char **argv) { printf("failure: length %d, must be %d\n", (int)len, (int)(sizeof(reqltc) - 1)); exit(-1); } - if (memcmp(buf, reqltc, len)) { + if (memcmp(buf, reqltc, len) != 0) { printf("failure: wrong message content\n"); { - int lines = 29; - int line = 0; - int col = 0; - int cols = 4; - for (line = 0; line < lines; line++) { - for (col = 0; col < cols; col++) { + size_t const lines = 29; + size_t const cols = 4; + for (size_t line = 0; line < lines; line++) { + for (size_t col = 0; col < cols; col++) { uint8_t c = buf[line * 4 + col]; printf(" %2x", (int)c); } @@ -562,10 +558,8 @@ int main(int argc, const char **argv) { } } - { - if (check_oauth() < 0) { - exit(-1); - } + if (check_oauth() < 0) { + exit(-1); } return 0; diff --git a/src/apps/stunclient/stunclient.c b/src/apps/stunclient/stunclient.c index f82937e..4a5db9f 100644 --- a/src/apps/stunclient/stunclient.c +++ b/src/apps/stunclient/stunclient.c @@ -62,37 +62,36 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, bool change_port, int padding) { ioa_addr remote_addr; - int new_udp_fd = -1; memset((void *)&remote_addr, 0, sizeof(ioa_addr)); if (make_ioa_addr((const uint8_t *)rip, rport, &remote_addr) < 0) { - err(-1, NULL); + err(-1, nullptr); } if (udp_fd < 0) { udp_fd = socket(remote_addr.ss.sa_family, SOCK_DGRAM, 0); if (udp_fd < 0) { - err(-1, NULL); + err(-1, nullptr); } if (!addr_any(&real_local_addr)) { if (addr_bind(udp_fd, &real_local_addr, 0, 1, UDP_SOCKET) < 0) { - err(-1, NULL); + err(-1, nullptr); } } } + int new_udp_fd = -1; if (response_port >= 0) { - new_udp_fd = socket(remote_addr.ss.sa_family, SOCK_DGRAM, 0); if (new_udp_fd < 0) { - err(-1, NULL); + err(-1, nullptr); } addr_set_port(&real_local_addr, response_port); if (addr_bind(new_udp_fd, &real_local_addr, 0, 1, UDP_SOCKET) < 0) { - err(-1, NULL); + err(-1, nullptr); } } @@ -105,10 +104,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, rpa.setResponsePort((uint16_t)response_port); try { req.addAttr(rpa); - } catch (turn::WrongStunAttrFormatException &ex1) { + } catch (turn::WrongStunAttrFormatException const &ex1) { printf("Wrong rp attr format\n"); exit(-1); - } catch (turn::WrongStunBufferFormatException &ex2) { + } catch (turn::WrongStunBufferFormatException const &ex2) { printf("Wrong stun buffer format (1)\n"); exit(-1); } catch (...) { @@ -122,10 +121,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, cra.setChangePort(change_port); try { req.addAttr(cra); - } catch (turn::WrongStunAttrFormatException &ex1) { + } catch (turn::WrongStunAttrFormatException const &ex1) { printf("Wrong cr attr format\n"); exit(-1); - } catch (turn::WrongStunBufferFormatException &ex2) { + } catch (turn::WrongStunBufferFormatException const &ex2) { printf("Wrong stun buffer format (2)\n"); exit(-1); } catch (...) { @@ -138,10 +137,10 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, pa.setPadding(1500); try { req.addAttr(pa); - } catch (turn::WrongStunAttrFormatException &ex1) { + } catch (turn::WrongStunAttrFormatException const &ex1) { printf("Wrong p attr format\n"); exit(-1); - } catch (turn::WrongStunBufferFormatException &ex2) { + } catch (turn::WrongStunBufferFormatException const &ex2) { printf("Wrong stun buffer format (3)\n"); exit(-1); } catch (...) { @@ -152,7 +151,7 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, { int len = 0; - int slen = get_ioa_addr_len(&remote_addr); + ssize_t slen = get_ioa_addr_len(&remote_addr); do { len = sendto(udp_fd, req.getRawBuffer(), req.getSize(), 0, (struct sockaddr *)&remote_addr, (socklen_t)slen); @@ -169,26 +168,21 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, *port = addr_get_port(&real_local_addr); } - { - if (new_udp_fd >= 0) { - socket_closesocket(udp_fd); - udp_fd = new_udp_fd; - new_udp_fd = -1; - } + if (new_udp_fd >= 0) { + socket_closesocket(udp_fd); + udp_fd = new_udp_fd; } { - int len = 0; + ssize_t len = 0; stun_buffer buf; - uint8_t *ptr = buf.buf; int recvd = 0; const int to_recv = sizeof(buf.buf); do { - len = recv(udp_fd, ptr, to_recv - recvd, 0); + len = recv(udp_fd, buf.buf, to_recv - recvd, 0); if (len > 0) { recvd += len; - ptr += len; break; } } while (len < 0 && socket_eintr()); @@ -257,13 +251,12 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, return 0; } -#else +#else // ifdef __cplusplus static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, int response_port, bool change_ip, bool change_port, int padding) { ioa_addr remote_addr; - int new_udp_fd = -1; stun_buffer buf; memset(&remote_addr, 0, sizeof(remote_addr)); @@ -271,6 +264,7 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, err(-1, NULL); } + int new_udp_fd = -1; if (udp_fd < 0) { udp_fd = socket(remote_addr.ss.sa_family, CLIENT_DGRAM_SOCKET_TYPE, CLIENT_DGRAM_SOCKET_PROTOCOL); if (udp_fd < 0) { @@ -306,15 +300,14 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, if (change_ip || change_port) { stun_attr_add_change_request_str((uint8_t *)buf.buf, (size_t *)&(buf.len), change_ip, change_port); } - if (padding) { - if (!stun_attr_add_padding_str((uint8_t *)buf.buf, (size_t *)&(buf.len), 1500)) { - printf("%s: ERROR: Cannot add padding\n", __FUNCTION__); - } + + if (padding && !stun_attr_add_padding_str((uint8_t *)buf.buf, (size_t *)&(buf.len), 1500)) { + printf("%s: ERROR: Cannot add padding\n", __FUNCTION__); } { - int len = 0; - int slen = get_ioa_addr_len(&remote_addr); + ssize_t len = 0; + uint32_t slen = get_ioa_addr_len(&remote_addr); do { len = sendto(udp_fd, buf.buf, buf.len, 0, (struct sockaddr *)&remote_addr, (socklen_t)slen); @@ -331,25 +324,20 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, *port = addr_get_port(&real_local_addr); } - { - if (new_udp_fd >= 0) { - socket_closesocket(udp_fd); - udp_fd = new_udp_fd; - new_udp_fd = -1; - } + if (new_udp_fd >= 0) { + socket_closesocket(udp_fd); + udp_fd = new_udp_fd; } { - int len = 0; - uint8_t *ptr = buf.buf; + ssize_t len = 0; int recvd = 0; const int to_recv = sizeof(buf.buf); do { - len = recv(udp_fd, ptr, to_recv - recvd, 0); + len = recv(udp_fd, buf.buf, to_recv - recvd, 0); if (len > 0) { recvd += len; - ptr += len; break; } } while (len < 0 && (socket_eintr() || socket_eagain())); @@ -414,7 +402,7 @@ static int run_stunclient(const char *rip, int rport, int *port, bool *rfc5780, return 0; } -#endif +#endif // ifdef __cplusplus //////////////// local definitions ///////////////// diff --git a/src/apps/uclient/startuclient.c b/src/apps/uclient/startuclient.c index 86dfa8c..2602568 100644 --- a/src/apps/uclient/startuclient.c +++ b/src/apps/uclient/startuclient.c @@ -212,17 +212,12 @@ static int clnet_connect(uint16_t clnet_remote_port, const char *remote_address, const char *local_address, bool verbose, app_ur_conn_info *clnet_info) { ioa_addr local_addr; - evutil_socket_t clnet_fd; - int connect_err; int connect_cycle = 0; ioa_addr remote_addr; start_socket: - clnet_fd = -1; - connect_err = 0; - memset(&remote_addr, 0, sizeof(ioa_addr)); if (make_ioa_addr((const uint8_t *)remote_address, clnet_remote_port, &remote_addr) < 0) { return -1; @@ -230,11 +225,11 @@ start_socket: memset(&local_addr, 0, sizeof(ioa_addr)); - clnet_fd = socket(remote_addr.ss.sa_family, - use_sctp ? SCTP_CLIENT_STREAM_SOCKET_TYPE - : (use_tcp ? CLIENT_STREAM_SOCKET_TYPE : CLIENT_DGRAM_SOCKET_TYPE), - use_sctp ? SCTP_CLIENT_STREAM_SOCKET_PROTOCOL - : (use_tcp ? CLIENT_STREAM_SOCKET_PROTOCOL : CLIENT_DGRAM_SOCKET_PROTOCOL)); + evutil_socket_t clnet_fd = socket( + remote_addr.ss.sa_family, + use_sctp ? SCTP_CLIENT_STREAM_SOCKET_TYPE : (use_tcp ? CLIENT_STREAM_SOCKET_TYPE : CLIENT_DGRAM_SOCKET_TYPE), + use_sctp ? SCTP_CLIENT_STREAM_SOCKET_PROTOCOL + : (use_tcp ? CLIENT_STREAM_SOCKET_PROTOCOL : CLIENT_DGRAM_SOCKET_PROTOCOL)); if (clnet_fd < 0) { perror("socket"); exit(-1); @@ -275,6 +270,7 @@ start_socket: addr_bind(clnet_fd, &local_addr, 0, 1, get_socket_type()); } + int connect_err = 0; if (clnet_info->is_peer) { ; } else if (socket_connect(clnet_fd, &remote_addr, &connect_err) > 0) { @@ -558,7 +554,6 @@ beg_allocate: TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "error %d (%s)\n", err_code, (char *)err_msg); if (err_code != 437) { - allocate_finished = true; current_reservation_token = 0; return -1; } else { @@ -825,7 +820,6 @@ beg_bind: clnet_info->server_name, &(clnet_info->oauth))) { goto beg_bind; } else if (stun_is_error_response(&response_message, &err_code, err_msg, sizeof(err_msg))) { - cb_received = true; TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "channel bind: error %d (%s)\n", err_code, (char *)err_msg); return -1; } else { @@ -925,7 +919,6 @@ beg_cp: clnet_info->server_name, &(clnet_info->oauth))) { goto beg_cp; } else if (stun_is_error_response(&response_message, &err_code, err_msg, sizeof(err_msg))) { - cp_received = true; TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "create permission error %d (%s)\n", err_code, (char *)err_msg); return -1; } else { diff --git a/src/apps/uclient/uclient.c b/src/apps/uclient/uclient.c index 3e7332c..c5b4629 100644 --- a/src/apps/uclient/uclient.c +++ b/src/apps/uclient/uclient.c @@ -192,7 +192,6 @@ static int remove_all_from_ss(app_ur_session *ss) { int send_buffer(app_ur_conn_info *clnet_info, stun_buffer *message, bool data_connection, app_tcp_conn_info *atc) { - int rc = 0; int ret = -1; char *buffer = (char *)(message->buf); @@ -282,12 +281,14 @@ int send_buffer(app_ur_conn_info *clnet_info, stun_buffer *message, bool data_co size_t left = message->len; + ssize_t rc = 0; + while (left > 0) { do { rc = send(fd, buffer, left, 0); } while (rc <= 0 && (socket_eintr() || socket_enobufs() || socket_eagain())); if (rc > 0) { - left -= (size_t)rc; + left -= rc; buffer += rc; } else { tot_send_dropped += 1; diff --git a/src/client++/TurnMsgLib.h b/src/client++/TurnMsgLib.h index 37bf5b2..18475e0 100644 --- a/src/client++/TurnMsgLib.h +++ b/src/client++/TurnMsgLib.h @@ -731,7 +731,7 @@ protected: */ class StunMsgRequest : public StunMsg { public: - StunMsgRequest(uint16_t method) : _method(method){}; + StunMsgRequest(uint16_t method) : _method(method) {}; StunMsgRequest(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : StunMsg(buffer, total_sz, sz, constructed), _method(0) { @@ -804,11 +804,11 @@ private: */ class StunMsgResponse : public StunMsg { public: - StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid){}; + StunMsgResponse(uint16_t method, stun_tid &tid) : _method(method), _err(0), _reason(""), _tid(tid) {}; StunMsgResponse(uint16_t method, int error_code, std::string reason, stun_tid &tid) - : _method(method), _err(error_code), _reason(reason), _tid(tid){ + : _method(method), _err(error_code), _reason(reason), _tid(tid) { - }; + }; StunMsgResponse(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : StunMsg(buffer, total_sz, sz, constructed), _method(0), _err(0), _reason("") { @@ -960,7 +960,7 @@ private: */ class StunMsgIndication : public StunMsg { public: - StunMsgIndication(uint16_t method) : _method(method){}; + StunMsgIndication(uint16_t method) : _method(method) {}; StunMsgIndication(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : StunMsg(buffer, total_sz, sz, constructed), _method(0) { @@ -1005,7 +1005,7 @@ private: */ class StunMsgChannel : public StunMsg { public: - StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length){}; + StunMsgChannel(uint16_t cn, int length) : _cn(cn), _len(length) {}; StunMsgChannel(uint8_t *buffer, size_t total_sz, size_t sz, bool constructed) : StunMsg(buffer, total_sz, sz, constructed), _cn(0) { diff --git a/src/client/ns_turn_msg_defs.h b/src/client/ns_turn_msg_defs.h index c133fe5..5b3a665 100644 --- a/src/client/ns_turn_msg_defs.h +++ b/src/client/ns_turn_msg_defs.h @@ -51,10 +51,10 @@ #define STUN_MAGIC_COOKIE (0x2112A442) -#define IS_STUN_REQUEST(msg_type) (((msg_type)&0x0110) == 0x0000) -#define IS_STUN_INDICATION(msg_type) (((msg_type)&0x0110) == 0x0010) -#define IS_STUN_SUCCESS_RESP(msg_type) (((msg_type)&0x0110) == 0x0100) -#define IS_STUN_ERR_RESP(msg_type) (((msg_type)&0x0110) == 0x0110) +#define IS_STUN_REQUEST(msg_type) (((msg_type) & 0x0110) == 0x0000) +#define IS_STUN_INDICATION(msg_type) (((msg_type) & 0x0110) == 0x0010) +#define IS_STUN_SUCCESS_RESP(msg_type) (((msg_type) & 0x0110) == 0x0100) +#define IS_STUN_ERR_RESP(msg_type) (((msg_type) & 0x0110) == 0x0110) #define GET_STUN_REQUEST(msg_type) (msg_type & 0xFEEF) #define GET_STUN_INDICATION(msg_type) ((msg_type & 0xFEEF) | 0x0010) diff --git a/src/server/ns_turn_allocation.c b/src/server/ns_turn_allocation.c index 2ad8bbb..a0f98ef 100644 --- a/src/server/ns_turn_allocation.c +++ b/src/server/ns_turn_allocation.c @@ -33,8 +33,9 @@ #include "ns_turn_msg_defs.h" // for STUN_VALID_CHANNEL #include "ns_turn_utils.h" // for TURN_LOG_FUNC, TURN_LOG_LEVEL_ERROR -#include // for NULL, size_t, free, realloc, calloc -#include // for memset, memcpy +#include // for bool, false, true +#include // for NULL, size_t, free, realloc, calloc +#include // for memset, memcpy /////////////// Permission forward declarations ///////////////// @@ -556,7 +557,7 @@ static void set_new_tc_id(uint8_t server_id, tcp_connection *tc) { tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid *tid, ioa_addr *peer_addr, int *err_code) { - tcp_connection_list *tcl = &(a->tcs); + tcp_connection_list *const tcl = &(a->tcs); if (!tcl) { return NULL; } @@ -604,7 +605,6 @@ tcp_connection *create_tcp_connection(uint8_t server_id, allocation *a, stun_tid a->tcs.elems = new_elems; a->tcs.elems[a->tcs.sz] = tc; a->tcs.sz += 1; - tcl = &(a->tcs); } set_new_tc_id(server_id, tc); diff --git a/src/server/ns_turn_maps_rtcp.h b/src/server/ns_turn_maps_rtcp.h index 40acd93..713688b 100644 --- a/src/server/ns_turn_maps_rtcp.h +++ b/src/server/ns_turn_maps_rtcp.h @@ -34,7 +34,8 @@ #include "ns_turn_ioalib.h" #include "ns_turn_maps.h" -#include // for size_t +#include // for bool +#include // for size_t #ifdef __cplusplus extern "C" { diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index e35f447..cfd7b1d 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -38,9 +38,10 @@ #include "apputils.h" // for turn_random, base64_decode -#include // for snprintf -#include // for free, malloc, calloc, realloc -#include // for memcpy, strlen, strcmp +#include // for bool, false +#include // for snprintf +#include // for free, malloc, calloc, realloc +#include // for memcpy, strlen, strcmp /////////////////////////////////////////// @@ -295,73 +296,68 @@ static int good_peer_addr(turn_turnserver *server, const char *realm, ioa_addr * return 0; } - { - int i; + if (server->ip_whitelist) { + // White listing of addr ranges + for (int i = server->ip_whitelist->ranges_number - 1; i >= 0; --i) { + CHECK_REALM(server->ip_whitelist->rs[i].realm); + if (ioa_addr_in_range(&(server->ip_whitelist->rs[i].enc), peer_addr)) { + return 1; + } + } + } - if (server->ip_whitelist) { + { + ioa_lock_whitelist(server->e); + + const ip_range_list_t *wl = ioa_get_whitelist(server->e); + if (wl) { // White listing of addr ranges - for (i = server->ip_whitelist->ranges_number - 1; i >= 0; --i) { - CHECK_REALM(server->ip_whitelist->rs[i].realm); - if (ioa_addr_in_range(&(server->ip_whitelist->rs[i].enc), peer_addr)) { + for (int i = wl->ranges_number - 1; i >= 0; --i) { + CHECK_REALM(wl->rs[i].realm); + if (ioa_addr_in_range(&(wl->rs[i].enc), peer_addr)) { + ioa_unlock_whitelist(server->e); return 1; } } } - { - ioa_lock_whitelist(server->e); + ioa_unlock_whitelist(server->e); + } - const ip_range_list_t *wl = ioa_get_whitelist(server->e); - if (wl) { - // White listing of addr ranges - for (i = wl->ranges_number - 1; i >= 0; --i) { - CHECK_REALM(wl->rs[i].realm); - if (ioa_addr_in_range(&(wl->rs[i].enc), peer_addr)) { - ioa_unlock_whitelist(server->e); - return 1; - } - } + if (server->ip_blacklist) { + // Black listing of addr ranges + for (int i = server->ip_blacklist->ranges_number - 1; i >= 0; --i) { + CHECK_REALM(server->ip_blacklist->rs[i].realm); + if (ioa_addr_in_range(&(server->ip_blacklist->rs[i].enc), peer_addr)) { + char saddr[129]; + addr_to_string_no_port(peer_addr, (uint8_t *)saddr); + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: A peer IP %s denied in the range: %s in server %d \n", + (unsigned long long)session_id, saddr, server->ip_blacklist->rs[i].str, server_id); + return 0; } - - ioa_unlock_whitelist(server->e); } + } - if (server->ip_blacklist) { + { + ioa_lock_blacklist(server->e); + + const ip_range_list_t *bl = ioa_get_blacklist(server->e); + if (bl) { // Black listing of addr ranges - for (i = server->ip_blacklist->ranges_number - 1; i >= 0; --i) { - CHECK_REALM(server->ip_blacklist->rs[i].realm); - if (ioa_addr_in_range(&(server->ip_blacklist->rs[i].enc), peer_addr)) { + for (int i = bl->ranges_number - 1; i >= 0; --i) { + CHECK_REALM(bl->rs[i].realm); + if (ioa_addr_in_range(&(bl->rs[i].enc), peer_addr)) { + ioa_unlock_blacklist(server->e); char saddr[129]; addr_to_string_no_port(peer_addr, (uint8_t *)saddr); - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: A peer IP %s denied in the range: %s in server %d \n", - (unsigned long long)session_id, saddr, server->ip_blacklist->rs[i].str, server_id); + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "session %018llu: A peer IP %s denied in the range= %s in server %d \n", + (unsigned long long)session_id, saddr, bl->rs[i].str, server_id); return 0; } } } - { - ioa_lock_blacklist(server->e); - - const ip_range_list_t *bl = ioa_get_blacklist(server->e); - if (bl) { - // Black listing of addr ranges - for (i = bl->ranges_number - 1; i >= 0; --i) { - CHECK_REALM(bl->rs[i].realm); - if (ioa_addr_in_range(&(bl->rs[i].enc), peer_addr)) { - ioa_unlock_blacklist(server->e); - char saddr[129]; - addr_to_string_no_port(peer_addr, (uint8_t *)saddr); - TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, - "session %018llu: A peer IP %s denied in the range= %s in server %d \n", - (unsigned long long)session_id, saddr, bl->rs[i].str, server_id); - return 0; - } - } - } - - ioa_unlock_blacklist(server->e); - } + ioa_unlock_blacklist(server->e); } } @@ -4390,8 +4386,8 @@ static int create_relay_connection(turn_turnserver *server, ts_ur_super_session if (lifetime < 1) { lifetime = STUN_DEFAULT_ALLOCATE_LIFETIME; - } else if (lifetime > (uint32_t) * (server->max_allocate_lifetime)) { - lifetime = (uint32_t) * (server->max_allocate_lifetime); + } else if (lifetime > (uint32_t)*(server->max_allocate_lifetime)) { + lifetime = (uint32_t)*(server->max_allocate_lifetime); } ioa_timer_handle ev = set_ioa_timer(server->e, lifetime, 0, client_ss_allocation_timeout_handler, newelem, 0,