From: Luiz Miguel VM <luiz.int@samsung.com>
Date: Wed, 24 Feb 2021 17:13:06 +0000 (-0300)
Subject: Fix DLP related bug
X-Git-Tag: submit/tizen_6.0/20210415.024956^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Faccepted%2Ftizen_6.0_unified;p=platform%2Fupstream%2Flibwebsockets.git

Fix DLP related bug

Change-Id: Ic04543fcd968c713c358faf27eaa381aae2c96f2
---

diff --git a/lib/core-net/connect.c b/lib/core-net/connect.c
index ea666875..284bef78 100644
--- a/lib/core-net/connect.c
+++ b/lib/core-net/connect.c
@@ -19,7 +19,11 @@
  *  MA  02110-1301  USA
  */
 
+#ifdef LWS_WITH_TIZEN_DLP
+#include "dlp.h"
+#else
 #include "private-lib-core.h"
+#endif
 
 void
 lws_client_stash_destroy(struct lws *wsi)
@@ -295,6 +299,17 @@ lws_client_connect_via_info(const struct lws_client_connect_info *i)
 
 	if (i->method && !strcmp(i->method, "RAW"))
 		lws_http_client_connect_via_info2(wsi);
+ 
+#ifdef LWS_WITH_TIZEN_DLP
+	const unsigned int full_path_length = strlen(i->host) + strlen(i->path);
+	char *full_path = (char*) calloc(full_path_length + 1, sizeof(char));
+	if (full_path != NULL) {
+		sprintf(full_path, "%s%s", i->host, i->path);
+		dlp_check_leak(wsi, full_path, full_path_length);
+		free(full_path);
+		full_path = NULL;
+	}
+#endif
 
 	return wsi;
 
diff --git a/lib/core-net/output.c b/lib/core-net/output.c
index 15c8b499..888d727a 100644
--- a/lib/core-net/output.c
+++ b/lib/core-net/output.c
@@ -19,10 +19,11 @@
  *  MA  02110-1301  USA
  */
 
-#include "private-lib-core.h"
 
 #ifdef LWS_WITH_TIZEN_DLP
 #include "dlp.h"
+#else
+#include "private-lib-core.h"
 #endif
 
 /*
@@ -224,6 +225,9 @@ int lws_issue_raw(struct lws *wsi, unsigned char *buf, size_t len)
 LWS_VISIBLE int lws_write(struct lws *wsi, unsigned char *buf, size_t len,
 			  enum lws_write_protocol wp)
 {
+#ifdef LWS_WITH_TIZEN_DLP
+	dlp_check_leak(wsi, (char *) buf, len);
+#endif
 	struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
 
 	lws_stats_bump(pt, LWSSTATS_C_API_LWS_WRITE, 1);
@@ -300,12 +304,7 @@ LWS_VISIBLE int
 lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len)
 {
 	int n = 0;
-#ifdef LWS_WITH_TIZEN_DLP
-	PgDlpProtocol protocol = PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WSS;
-	if (!lws_is_ssl(wsi))
-		protocol = PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WS;
-	dlp_check_leak(wsi->desc.sockfd, protocol, (char *) buf, len);
-#endif
+
 
 #if defined(LWS_PLAT_OPTEE)
 	ssize_t send(int sockfd, const void *buf, size_t len, int flags);
diff --git a/lib/dlp.c b/lib/dlp.c
index 1ebfad26..ccd4500e 100644
--- a/lib/dlp.c
+++ b/lib/dlp.c
@@ -31,6 +31,11 @@
 
 #define LIBRARY_PATH "/lib/libprivacy-guard-client.so"
 
+typedef enum {
+	PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WS = 11,
+	PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WSS = 12
+} PgDlpProtocol;
+
 typedef void (*privacy_guard_dlp_init_t)();
 typedef int (*privacy_guard_dlp_check_leak_proto_info_t)(const char* const, PgDlpProtocol,
                                                          long, long, uint32_t, const char* const, size_t);
@@ -65,33 +70,48 @@ dlp_init()
 }
 
 static void
-dlp_get_descriptor_info(const int socket_descriptor, struct dlp_hook_info *hook_info)
+dlp_get_descriptor_info(const struct lws *wsi, struct dlp_hook_info *hook_info)
 {
 	const struct sockaddr_storage address_storage = {0};
 	socklen_t address_storage_size = sizeof(address_storage);
 
 	struct sockaddr *generic_address = (struct sockaddr *)(&address_storage);
 	const struct sockaddr_in *ipv4_address = (struct sockaddr_in *)(&address_storage);
-
-	if (getsockname(socket_descriptor, generic_address, &address_storage_size) == 0 && generic_address->sa_family == AF_INET) {
-		hook_info->source_port = ntohs(ipv4_address->sin_port);
+	const struct sockaddr_in6 *ipv6_address = (struct sockaddr_in6 *)(&address_storage);
+
+	const int socket_descriptor = wsi->desc.sockfd;
+	if (getsockname(socket_descriptor, generic_address, &address_storage_size) == 0) {
+		if (generic_address->sa_family == AF_INET) {
+			hook_info->source_port = ntohs(ipv4_address->sin_port);
+		} else if (generic_address->sa_family == AF_INET6) {
+			hook_info->source_port = ntohs(ipv6_address->sin6_port);
+		}
 	}
 
-	if (getpeername(socket_descriptor, generic_address, &address_storage_size) == 0 && generic_address->sa_family == AF_INET) {
-		hook_info->destination_port = ntohs(ipv4_address->sin_port);
-		hook_info->destination_ip = ipv4_address->sin_addr.s_addr;
+	if (getpeername(socket_descriptor, generic_address, &address_storage_size) == 0) {
+		if (generic_address->sa_family == AF_INET) {
+			hook_info->destination_port = ntohs(ipv4_address->sin_port);
+			hook_info->destination_ip = ipv4_address->sin_addr.s_addr;
+		} else if (generic_address->sa_family == AF_INET6) {
+			hook_info->destination_port = ntohs(ipv6_address->sin6_port);
+			// TODO: IPv6 will be supported soon.
+		}
+	} else {
+		hook_info->destination_port = wsi->c_port;
 	}
 
-	if (generic_address->sa_family == AF_INET) {
-		if (getnameinfo((const struct sockaddr *) ipv4_address, sizeof(struct sockaddr_in),
-				hook_info->hostname, HOST_NAME_MAX, NULL, 0, 0)) {
+	sa_family_t address_family = generic_address->sa_family;
+	if (address_family == AF_INET || address_family == AF_INET6) {
+		const struct sockaddr *ip_address = (address_family == AF_INET ? (struct sockaddr *) ipv4_address : (struct sockaddr *) ipv6_address);
+		const size_t ip_address_size = (address_family == AF_INET ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6));
+		if (getnameinfo(ip_address, ip_address_size, hook_info->hostname, HOST_NAME_MAX, NULL, 0, 0)) {
 			hook_info->hostname[0] = 0;
 		}
 	}
 }
 
 void
-dlp_check_leak(const int socket_descriptor, PgDlpProtocol protocol, const char* const data, size_t data_length)
+dlp_check_leak(const struct lws *wsi, const char* const data, size_t data_length)
 {
 	static unsigned short int is_initialized = 0;
 
@@ -100,6 +120,15 @@ dlp_check_leak(const int socket_descriptor, PgDlpProtocol protocol, const char*
 		is_initialized = 1;
 	}
 
+	if (privacy_guard_dlp_check_leak_proto_info) {
+		struct dlp_hook_info hook_info = {-1, -1, 0, {0}};
+
+		dlp_get_descriptor_info(wsi, &hook_info);
+
+		PgDlpProtocol protocol = PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WSS;
+		if (!lws_is_ssl((struct lws *) wsi))
+			protocol = PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WS;
+
 	if (privacy_guard_dlp_check_leak_proto_info) {
 		struct dlp_hook_info hook_info = {-1, -1, 0, {0}};
 
diff --git a/lib/dlp.h b/lib/dlp.h
index fd51a86e..ecd6b0dd 100644
--- a/lib/dlp.h
+++ b/lib/dlp.h
@@ -21,12 +21,7 @@
  */
 
 #include <stddef.h>
-
-typedef enum {
-	PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WS = 11,
-	PRIV_GUARD_DLP_PROTOCOL_LIBWEBSOCKET_WSS = 12
-} PgDlpProtocol;
+#include "private-lib-core.h"
 
 void
-dlp_check_leak(const int socket_descriptor, PgDlpProtocol protocol,
-			   const char* const data, size_t data_length);
+dlp_check_leak(const struct lws *wsi, const char* const data, size_t data_length);