possible fix for https://github.com/TeamSpeak-Systems/ts3init_linux_netfilter_module/issues/12

8 years ago · bf438d0f34
4 changed files with 47 additions and 22 deletions
--- a/src/ts3init_cookie.c
+++ b/src/ts3init_cookie.c
@ -11,6 +11,7 @@
				@@ -11,6 +11,7 @@
 *    under the terms of the GNU General Public License; either version 2
 *    or 3 of the License, as published by the Free Software Foundation.
 */
+#include <linux/init.h>
 #include <linux/version.h>
 #include <linux/kernel.h>
 #include <linux/time.h>
@ -39,6 +40,8 @@
				@@ -39,6 +40,8 @@
        struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
 #endif

+static struct crypto_shash *sha512_tfm;
+

 static void check_update_seed_cache(time_t time, __u8 index, 
                struct xt_ts3init_cookie_cache* cache,
@ -46,30 +49,21 @@ static void check_update_seed_cache(time_t time, __u8 index,
				@@ -46,30 +49,21 @@ static void check_update_seed_cache(time_t time, __u8 index,
 {
    int ret;
    __le32 seed_hash_time;
-    struct crypto_shash *tfm;

    if (time == cache->time[index]) return;

    /* We need to update the cache. */
    /* seed = sha512(random_seed[RANDOM_SEED_LEN] + __le32 time) */
    seed_hash_time = cpu_to_le32( (__u32)time);
-
-    tfm = crypto_alloc_shash(TS3_SHA_512_NAME, 0, 0);
-    if (IS_ERR(tfm))
-    {
-        printk(KERN_ERR KBUILD_MODNAME ": could not alloc sha512\n");
-    }
-    else 
    {
-        SHASH_DESC_ON_STACK(shash, tfm);
-        shash->tfm = tfm;
+        SHASH_DESC_ON_STACK(shash, sha512_tfm);
+        shash->tfm = sha512_tfm;
        shash->flags = 0;

        ret = crypto_shash_init(shash);
        if (ret != 0)
        {
            printk(KERN_ERR KBUILD_MODNAME ": could not initalize sha512\n");
-            crypto_free_shash(tfm);
            return;
        }

@ -77,7 +71,6 @@ static void check_update_seed_cache(time_t time, __u8 index,
				@@ -77,7 +71,6 @@ static void check_update_seed_cache(time_t time, __u8 index,
        if (ret != 0)
        {
            printk(KERN_ERR KBUILD_MODNAME ": could not update sha512\n");
-            crypto_free_shash(tfm);
            return;
        }

@ -86,11 +79,9 @@ static void check_update_seed_cache(time_t time, __u8 index,
				@@ -86,11 +79,9 @@ static void check_update_seed_cache(time_t time, __u8 index,
        if (ret != 0)
        {
            printk(KERN_ERR KBUILD_MODNAME ": could not finup sha512\n");
-            crypto_free_shash(tfm);
            return;
        }

-        crypto_free_shash(tfm);
        cache->time[index] = time;
    }
 }
@ -106,7 +97,7 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
				@@ -106,7 +97,7 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
    time_t packet_cache_time;

    if (packet_index >= 8) return NULL;
-    
+
    current_cache_index = (current_time % 8) / 4;
    packet_cache_index = packet_index / 4;

@ -149,3 +140,19 @@ int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *u
				@@ -149,3 +140,19 @@ int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *u
    return 0;
 }

+int __init ts3init_cookie_init(void)
+{
+    sha512_tfm = crypto_alloc_shash(TS3_SHA_512_NAME, 0, 0);
+    if (IS_ERR(sha512_tfm))
+    {
+        printk(KERN_ERR KBUILD_MODNAME ": could not alloc sha512\n");
+        return (int) PTR_ERR(sha512_tfm);
+    }
+    return 0;
+}
+
+void ts3init_cookie_exit(void)
+{
+    crypto_free_shash(sha512_tfm);
+}
+
--- a/src/ts3init_match.c
+++ b/src/ts3init_match.c
@ -14,6 +14,7 @@
				@@ -14,6 +14,7 @@

 #include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/init.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
@ -440,7 +441,7 @@ static struct xt_match ts3init_mt_reg[] __read_mostly =
				@@ -440,7 +441,7 @@ static struct xt_match ts3init_mt_reg[] __read_mostly =
    },
 };

-int ts3init_match_init(void)
+int __init ts3init_match_init(void)
 {
    return xt_register_matches(ts3init_mt_reg, ARRAY_SIZE(ts3init_mt_reg));
 }
--- a/src/ts3init_module.c
+++ b/src/ts3init_module.c
@ -19,12 +19,15 @@
				@@ -19,12 +19,15 @@

 /* defined in ts3init_match.c */
 int ts3init_match_init(void) __init;
-void ts3init_match_exit(void) __exit;
+void ts3init_match_exit(void);

 /* defined in ts3init_target.c */
 int ts3init_target_init(void) __init;
-void ts3init_target_exit(void) __exit;
+void ts3init_target_exit(void);

+/* defined in ts3init_cookie.c */
+int ts3init_cookie_init(void) __init;
+void ts3init_cookie_exit(void);

 MODULE_AUTHOR("Niels Werensteijn <niels.werensteijn@teamspeak.com>");
 MODULE_DESCRIPTION("A module to aid in ts3 spoof protection");
@ -35,21 +38,34 @@ MODULE_ALIAS("ip6t_ts3init");
				@@ -35,21 +38,34 @@ MODULE_ALIAS("ip6t_ts3init");
 static int __init ts3init_init(void)
 {
    int error;
+
+    error = ts3init_cookie_init();
+    if (error)
+        goto out1;
+
    error = ts3init_match_init();
    if (error)
-        return error;
+        goto out2;

    error = ts3init_target_init();
    if (error)
-        ts3init_match_exit();
+        goto out3;
+
+    return error;

+out3:
+    ts3init_match_exit();
+out2:
+    ts3init_cookie_exit();
+out1:
    return error;
 }

 static void __exit ts3init_exit(void)
 {
-    ts3init_match_exit();
    ts3init_target_exit();
+    ts3init_match_exit();
+    ts3init_cookie_exit();
 }

 module_init(ts3init_init);
--- a/src/ts3init_target.c
+++ b/src/ts3init_target.c
@ -14,6 +14,7 @@
				@@ -14,6 +14,7 @@

 #include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/init.h>
 #include <linux/skbuff.h>
 #include <linux/udp.h>
 #include <linux/netfilter/x_tables.h>
@ -525,7 +526,7 @@ static struct xt_target ts3init_tg_reg[] __read_mostly = {
				@@ -525,7 +526,7 @@ static struct xt_target ts3init_tg_reg[] __read_mostly = {
    },
 };

-int ts3init_target_init(void)
+int __init ts3init_target_init(void)
 {
    return xt_register_targets(ts3init_tg_reg, ARRAY_SIZE(ts3init_tg_reg));
 }