From 4588170d1e43db780c551177f5996598fe25bc6e Mon Sep 17 00:00:00 2001 From: Bohdan Horbeshko Date: Thu, 31 Aug 2023 17:26:35 -0400 Subject: [PATCH] Harden the authorizer access to prevent crashes --- Makefile | 2 +- telegabber.go | 2 +- telegram/client.go | 3 +++ telegram/commands.go | 6 ++++++ telegram/connect.go | 24 ++++++++++++++++++++++++ 5 files changed, 35 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 724c73d..e139c00 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ COMMIT := $(shell git rev-parse --short HEAD) TD_COMMIT := "8517026415e75a8eec567774072cbbbbb52376c1" -VERSION := "v1.8.0" +VERSION := "v1.8.1" MAKEOPTS := "-j4" all: diff --git a/telegabber.go b/telegabber.go index f409599..85c5fbd 100644 --- a/telegabber.go +++ b/telegabber.go @@ -15,7 +15,7 @@ import ( goxmpp "gosrc.io/xmpp" ) -var version string = "1.8.0" +var version string = "1.8.1" var commit string var sm *goxmpp.StreamManager diff --git a/telegram/client.go b/telegram/client.go index e9acd20..6f6d719 100644 --- a/telegram/client.go +++ b/telegram/client.go @@ -74,6 +74,9 @@ type clientLocks struct { resourcesLock sync.Mutex outboxLock sync.Mutex lastMsgHashesLock sync.Mutex + + authorizerReadLock sync.Mutex + authorizerWriteLock sync.Mutex } // NewClient instantiates a Telegram App diff --git a/telegram/commands.go b/telegram/commands.go index b4920d4..b729973 100644 --- a/telegram/commands.go +++ b/telegram/commands.go @@ -244,6 +244,9 @@ func (c *Client) ProcessTransportCommand(cmdline string, resource string) string return notEnoughArguments } + c.locks.authorizerWriteLock.Lock() + defer c.locks.authorizerWriteLock.Unlock() + if cmd == "login" { err := c.TryLogin(resource, args[0]) if err != nil { @@ -324,10 +327,13 @@ func (c *Client) ProcessTransportCommand(cmdline string, resource string) string lastname = rawCmdArguments(cmdline, 1) } + c.locks.authorizerWriteLock.Lock() if c.authorizer != nil && !c.authorizer.isClosed { c.authorizer.FirstName <- firstname c.authorizer.LastName <- lastname + c.locks.authorizerWriteLock.Unlock() } else { + c.locks.authorizerWriteLock.Unlock() if !c.Online() { return notOnline } diff --git a/telegram/connect.go b/telegram/connect.go index ab9c19c..6c49aa9 100644 --- a/telegram/connect.go +++ b/telegram/connect.go @@ -110,6 +110,7 @@ func (c *Client) Connect(resource string) error { log.Warn("Connecting to Telegram network...") + c.locks.authorizerWriteLock.Lock() c.authorizer = &clientAuthorizer{ TdlibParameters: make(chan *client.SetTdlibParametersRequest, 1), PhoneNumber: make(chan string, 1), @@ -123,6 +124,7 @@ func (c *Client) Connect(resource string) error { go c.interactor() c.authorizer.TdlibParameters <- c.parameters + c.locks.authorizerWriteLock.Unlock() tdlibClient, err := client.NewClient(c.authorizer, c.options...) if err != nil { @@ -178,6 +180,9 @@ func (c *Client) TryLogin(resource string, login string) error { time.Sleep(1e5) } + c.locks.authorizerReadLock.Lock() + defer c.locks.authorizerReadLock.Unlock() + if c.authorizer == nil { return errors.New(TelegramNotInitialized) } @@ -190,6 +195,9 @@ func (c *Client) TryLogin(resource string, login string) error { } func (c *Client) SetPhoneNumber(login string) error { + c.locks.authorizerWriteLock.Lock() + defer c.locks.authorizerWriteLock.Unlock() + if c.authorizer == nil || c.authorizer.isClosed { return errors.New("Authorization not needed") } @@ -234,9 +242,16 @@ func (c *Client) Disconnect(resource string, quit bool) bool { func (c *Client) interactor() { for { + c.locks.authorizerReadLock.Lock() + if c.authorizer == nil { + log.Warn("Authorizer is lost, halting the interactor") + c.locks.authorizerReadLock.Unlock() + return + } state, ok := <-c.authorizer.State if !ok { log.Warn("Interactor is disconnected") + c.locks.authorizerReadLock.Unlock() return } @@ -266,18 +281,27 @@ func (c *Client) interactor() { log.Warn("Waiting for 2FA password...") gateway.SendServiceMessage(c.jid, "Please, enter 2FA passphrase via /password 12345", c.xmpp) } + c.locks.authorizerReadLock.Unlock() } } func (c *Client) forceClose() { + c.locks.authorizerReadLock.Lock() + c.locks.authorizerWriteLock.Lock() + defer c.locks.authorizerReadLock.Unlock() + defer c.locks.authorizerWriteLock.Unlock() + c.online = false c.authorizer = nil } func (c *Client) close() { + c.locks.authorizerWriteLock.Lock() if c.authorizer != nil && !c.authorizer.isClosed { c.authorizer.Close() } + c.locks.authorizerWriteLock.Unlock() + if c.client != nil { _, err := c.client.Close() if err != nil {