From dece8d787eff4bd2cc1e4b29f85074ecd1e0ca57 Mon Sep 17 00:00:00 2001
From: Logan007 <you@example.com>
Date: Sat, 8 Aug 2020 14:51:05 +0545
Subject: [PATCH] freed reg exp on exit, counted reg exp, warned on empty
 community list file, returned early from packet handling on non-matching reg
 exp

---
 src/sn.c       | 13 ++++++++++++-
 src/sn_utils.c | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/sn.c b/src/sn.c
index badd7d8..a263cba 100644
--- a/src/sn.c
+++ b/src/sn.c
@@ -30,8 +30,9 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
   char buffer[4096], *line;
   FILE *fd = fopen(path, "r");
   struct sn_community *s, *tmp;
-  struct sn_community_regular_expression *re, *tmp_re;
   uint32_t num_communities = 0;
+  struct sn_community_regular_expression *re, *tmp_re;
+  uint32_t num_regex = 0;
 
   if(fd == NULL) {
     traceEvent(TRACE_WARNING, "File %s not found", path);
@@ -72,6 +73,7 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
       if (re) {
         re->rule = re_compile(line);
         HASH_ADD_PTR(sss->rules, rule, re);
+	num_regex++;
         traceEvent(TRACE_INFO, "Added regular expression for allowed communities '%s'", line);
         continue;
       }
@@ -98,9 +100,18 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
 
   fclose(fd);
 
+  if (num_regex>0 || num_communities>0 )
+  {
+    traceEvent(TRACE_WARNING, "File %s does not contain any valid community names or regular expressions", path);
+    return -1;
+  }
+
   traceEvent(TRACE_NORMAL, "Loaded %u fixed-name communities from %s",
 	     num_communities, path);
 
+  traceEvent(TRACE_NORMAL, "Loaded %u regular expressions for community name matching from %s",
+	     num_regex, path);
+
   /* No new communities will be allowed */
   sss->lock_communities = 1;
 
diff --git a/src/sn_utils.c b/src/sn_utils.c
index e7d663f..7ff22d4 100644
--- a/src/sn_utils.c
+++ b/src/sn_utils.c
@@ -228,6 +228,7 @@ int sn_init(n2n_sn_t *sss)
 void sn_term(n2n_sn_t *sss)
 {
     struct sn_community *community, *tmp;
+    struct sn_community_regular_expression *re, *tmp_re;
 
     if (sss->sock >= 0)
     {
@@ -249,6 +250,11 @@ void sn_term(n2n_sn_t *sss)
         HASH_DEL(sss->communities, community);
         free(community);
     }
+
+    HASH_ITER(hh, sss->rules, re, tmp_re) {
+      HASH_DEL(sss->rules, re);
+      free(re);
+    }
 }
 
 /** Determine the appropriate lifetime for new registrations.
@@ -816,7 +822,7 @@ static int process_udp(n2n_sn_t * sss,
       existance (better from the security standpoint)
     */
 
-    if (!comm && sss->lock_communities) {
+    if(!comm && sss->lock_communities) {
       HASH_ITER(hh, sss->rules, re, tmp_re) {
         allowed_match = re_matchp(re->rule, cmn.community, &match_length);
 
@@ -828,6 +834,11 @@ static int process_udp(n2n_sn_t * sss,
         }
       }
     }
+    if(match != 1) {
+      traceEvent(TRACE_INFO, "Discarded registration: unallowed community '%s'",
+                 (char*)cmn.community);
+      return -1;
+    }
 
     if(!comm && (!sss->lock_communities || (match == 1))) {
       comm = calloc(1, sizeof(struct sn_community));