Fix possible thread-safety issues

https://stackoverflow.com/questions/37602593/
sfan5 · Apr 26, 2024 · 8e5ba1a · 8e5ba1a
1 parent 39602ca
commit 8e5ba1a
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 28 deletions.
diff --git a/src/rawsock-pcap.c b/src/rawsock-pcap.c
@@ -2,6 +2,7 @@
 #include <stdint.h>
 #include <string.h>
 #include <unistd.h>
+#include <stdatomic.h>
 #include <pcap.h>
 
 #include "rawsock.h"
@@ -10,7 +11,7 @@
 static pcap_t *handle;
 static pcap_dumper_t *dumper;
 static int linktype;
-static bool want_break;
+static atomic_bool want_break;
 
 static void callback_fwd(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
 
@@ -124,13 +125,13 @@ int rawsock_sniff(uint64_t *ts, int *length, const uint8_t **pkt)
 
 int rawsock_loop(rawsock_callback func)
 {
-	want_break = false;
+	atomic_store(&want_break, false);
 
 	// pretend to loop if dead handle (dump mode)
 	if(dumper) {
 		do
 			usleep(150*1000);
-		while(!want_break);
+		while(!atomic_load(&want_break));
 		return 0;
 	}
 
@@ -144,7 +145,7 @@ int rawsock_loop(rawsock_callback func)
 
 void rawsock_breakloop(void)
 {
-	want_break = true;
+	atomic_store(&want_break, true);
 	// calling pcap_breakloop on a dead handle should be a a no-op, but
 	// actually segfaults on libpcap 1.10.1 or older.
 	if(!dumper) {

diff --git a/src/scan-responder.c b/src/scan-responder.c
@@ -3,6 +3,7 @@
 #include <stdbool.h>
 #include <string.h>
 #include <unistd.h> // usleep()
+#include <stdatomic.h>
 #include <pthread.h>
 
 #include "scan.h"
@@ -21,7 +22,7 @@ static struct {
 	uint8_t _Alignas(uint32_t) buffer[FRAME_ETH_SIZE + FRAME_IP_SIZE + TCP_HEADER_SIZE + BANNER_QUERY_MAX_LENGTH];
 
 	pthread_t tcp_thread;
-	bool tcp_thread_exit;
+	atomic_bool tcp_thread_exit;
 } responder;
 
 static void *tcp_thread(void *unused);
@@ -38,7 +39,7 @@ int scan_responder_init(FILE *outfile, const struct outputdef *outdef, uint16_t
 	responder.outdef = outdef;
 	responder.source_port = source_port;
 
-	responder.tcp_thread_exit = 0;
+	atomic_store(&responder.tcp_thread_exit, false);
 	if(pthread_create(&responder.tcp_thread, NULL, tcp_thread, NULL) < 0)
 		return -1;
 
@@ -231,12 +232,12 @@ static void *tcp_thread(void *unused)
 			// destroy tcp session
 			tcp_state_delete(&p);
 		}
-	} while(!responder.tcp_thread_exit);
+	} while(!atomic_load(&responder.tcp_thread_exit));
 	return NULL;
 }
 
 void scan_responder_finish()
 {
-	responder.tcp_thread_exit = 1;
+	atomic_store(&responder.tcp_thread_exit, true);
 	pthread_join(responder.tcp_thread, NULL);
 }
diff --git a/src/scan.c b/src/scan.c
@@ -19,8 +19,9 @@
 #include "banner.h"
 
 enum {
-	ERROR_SEND_THREAD = (1 << 0),
-	ERROR_RECV_THREAD = (1 << 1),
+	SEND_FINISHED 	  = (1 << 0),
+	ERROR_SEND_THREAD = (1 << 1),
+	ERROR_RECV_THREAD = (1 << 2),
 };
 
 static uint8_t source_addr[16];
@@ -35,8 +36,7 @@ static FILE *outfile;
 static struct outputdef outdef;
 
 static atomic_uint pkts_sent, pkts_recv;
-static atomic_uchar error_mask;
-static bool send_finished;
+static atomic_uchar status_bits;
 
 static inline int source_port_rand(void);
 static void *send_thread_tcp(void *unused);
@@ -82,8 +82,7 @@ int scan_main(const char *interface, int quiet)
 		return -1;
 	atomic_store(&pkts_sent, 0);
 	atomic_store(&pkts_recv, 0);
-	atomic_store(&error_mask, 0);
-	send_finished = false;
+	atomic_store(&status_bits, 0);
 	if(banners && ip_type == IP_TYPE_TCP) {
 		if(scan_responder_init(outfile, &outdef, source_port) < 0)
 			goto err;
@@ -124,7 +123,7 @@ int scan_main(const char *interface, int quiet)
 	pthread_detach(ts);
 
 	// Stats & progress watching
-	unsigned char cur_error = 0;
+	unsigned char cur_status = 0;
 	while(1) {
 		unsigned int cur_sent, cur_recv;
 		cur_sent = atomic_exchange(&pkts_sent, 0);
@@ -136,18 +135,17 @@ int scan_main(const char *interface, int quiet)
 			else
 				fprintf(stderr, "snt:%5u rcv:%5u p:%3d%%\r", cur_sent, cur_recv, (int) (progress*100));
 		}
-		if(send_finished)
-			break;
-		cur_error = atomic_load(&error_mask);
-		if(cur_error)
+		cur_status = atomic_load(&status_bits);
+		if(cur_status)
 			break;
 
 		usleep(STATS_INTERVAL * 1000);
 	}
+	cur_status &= ~SEND_FINISHED; // leave only error bits
 
 	// Wait for the last packets to arrive
 	fputs("", stderr);
-	if(!cur_error) {
+	if(!cur_status) {
 		fprintf(stderr, "Waiting %d more seconds...\n", FINISH_WAIT_TIME);
 		usleep(FINISH_WAIT_TIME * 1000 * 1000);
 	} else {
@@ -157,7 +155,7 @@ int scan_main(const char *interface, int quiet)
 	rawsock_breakloop();
 	if(banners && ip_type == IP_TYPE_TCP)
 		scan_responder_finish();
-	if(!quiet && !cur_error)
+	if(!quiet && !cur_status)
 		fprintf(stderr, "rcv:%5u\n", atomic_exchange(&pkts_recv, 0));
 
 	// Write output file footer
@@ -215,10 +213,10 @@ static void *send_thread_tcp(void *unused)
 		}
 	}
 
-	send_finished = true;
+	atomic_fetch_or(&status_bits, SEND_FINISHED);
 	return NULL;
 err:
-	atomic_fetch_or(&error_mask, ERROR_SEND_THREAD);
+	atomic_fetch_or(&status_bits, ERROR_SEND_THREAD);
 	return NULL;
 }
 
@@ -275,10 +273,10 @@ static void *send_thread_udp(void *unused)
 		}
 	}
 
-	send_finished = true;
+	atomic_fetch_or(&status_bits, SEND_FINISHED);
 	return NULL;
 err:
-	atomic_fetch_or(&error_mask, ERROR_SEND_THREAD);
+	atomic_fetch_or(&status_bits, ERROR_SEND_THREAD);
 	return NULL;
 }
 
@@ -317,10 +315,10 @@ static void *send_thread_icmp(void *unused)
 		rawsock_ip_modify(IP_FRAME(packet), ICMP_HEADER_SIZE, dstaddr);
 	}
 
-	send_finished = true;
+	atomic_fetch_or(&status_bits, SEND_FINISHED);
 	return NULL;
 err:
-	atomic_fetch_or(&error_mask, ERROR_SEND_THREAD);
+	atomic_fetch_or(&status_bits, ERROR_SEND_THREAD);
 	return NULL;
 }
 
@@ -334,7 +332,7 @@ static void *recv_thread(void *unused)
 
 	int r = rawsock_loop(recv_handler);
 	if(r < 0)
-		atomic_fetch_or(&error_mask, ERROR_RECV_THREAD);
+		atomic_fetch_or(&status_bits, ERROR_RECV_THREAD);
 	return NULL;
 }