Merge branch 'dev' into arm64-windows

.drone.jsonnet

@@ -38,6 +38,11 @@ local less_targets = [
       { "os": "linux", distro: "ubuntu", "name": "focal",    "isas": [        "armv7", "amd64", "arm64" ],             "events": [ "push", "tag", "custom" ] },
 ];
 
+
+local native_targets = [
+      { "os": "linux", distro: "debian", "name": "bullseye", "isas": [ "386", "armv7", "amd64", "arm64" ],            "events": [ "push", "tag", "custom" ] },
+];    
+
 local master_targets = [
       //
       // copypasta from here
@@ -239,13 +244,13 @@ std.flattenArrays([
     [
       Index(p)
     ]
-    for p in targets
+    for p in native_targets
  ]) +
  std.flattenArrays([
      [
         Test(p.os, p.distro, p.name, isa, p.events)
          for isa in p.isas
      ]
-     for p in targets
+     for p in native_targets
  ])
  

.github/workflows/report.sh

@@ -13,3 +13,9 @@ echo -e "\nBytes of memory definitely lost: $DEFINITELY_LOST"
 if [[ "$DEFINITELY_LOST" -gt 0 ]]; then
       exit 1
 fi
+
+EXIT_TEST_FAILED=$(cat *test-results/*summary.json | jq .exit_test_failed)
+
+if [[ "$EXIT_TEST_FAILED" -gt 0 ]]; then
+      exit 1
+fi

.github/workflows/validate-1m-linux.sh

@@ -9,6 +9,8 @@ ZTO_VER=$(git describe --tags $(git rev-list --tags --max-count=1))
 ZTO_COMMIT=$(git rev-parse HEAD)
 ZTO_COMMIT_SHORT=$(git rev-parse --short HEAD)
 TEST_DIR_PREFIX="$ZTO_VER-$ZTO_COMMIT_SHORT-test-results"
+EXIT_TEST_FAILED=0
+
 echo "Performing test on: $ZTO_VER-$ZTO_COMMIT_SHORT"
 TEST_FILEPATH_PREFIX="$TEST_DIR_PREFIX/$ZTO_COMMIT_SHORT"
 mkdir $TEST_DIR_PREFIX
@@ -18,6 +20,9 @@ mkdir $TEST_DIR_PREFIX
 ################################################################################
 main() {
 	echo -e "\nRunning test for $RUN_LENGTH seconds"
+
+	check_exit_on_invalid_identity
+
 	NS1="ip netns exec ns1"
 	NS2="ip netns exec ns2"
 
@@ -390,7 +395,8 @@ main() {
   "mean_latency_ping_netns": $POSSIBLY_LOST,
   "mean_pdv_random": $POSSIBLY_LOST,
   "mean_pdv_netns": $POSSIBLY_LOST,
-  "mean_perf_netns": $POSSIBLY_LOST
+  "mean_perf_netns": $POSSIBLY_LOST,
+  "exit_test_failed": $EXIT_TEST_FAILED
 }
 EOF
 	)
@@ -431,4 +437,28 @@ spam_cli() {
 	done
 }
 
+check_exit_on_invalid_identity() {
+	echo "Checking ZeroTier exits on invalid identity..."
+	mkdir -p $(pwd)/exit_test
+	ZT1="sudo ./zerotier-one -p9999 $(pwd)/exit_test"
+	echo "asdfasdfasdfasdf" > $(pwd)/exit_test/identity.secret
+	echo "asdfasdfasdfasdf" > $(pwd)/exit_test/authtoken.secret
+
+	echo "Launch ZeroTier with an invalid identity"
+	$ZT1 &
+	my_pid=$!
+
+	echo "Waiting 5 secons"
+	sleep 5
+
+	# check if process is running
+	kill -0 $my_pid
+	if [ $? -eq 0 ]; then
+		EXIT_TEST_FAILED=1
+		echo "Exit test FAILED: Process still running after being fed an invalid identity"
+	else
+		echo "Exit test PASSED"
+	fi
+}
+
 main "$@"

node/Constants.hpp

@@ -687,6 +687,7 @@
 #define ZT_EXCEPTION_OUT_OF_MEMORY 101
 #define ZT_EXCEPTION_PRIVATE_KEY_REQUIRED 102
 #define ZT_EXCEPTION_INVALID_ARGUMENT 103
+#define ZT_EXCEPTION_INVALID_IDENTITY 104
 #define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_TYPE 200
 #define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_OVERFLOW 201
 #define ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_CRYPTOGRAPHIC_TOKEN 202

node/Node.cpp

@@ -80,7 +80,11 @@ Node::Node(void *uptr,void *tptr,const struct ZT_Node_Callbacks *callbacks,int64
 			RR->identity.toString(false,RR->publicIdentityStr);
 			RR->identity.toString(true,RR->secretIdentityStr);
 		} else {
-			n = -1;
+			throw ZT_EXCEPTION_INVALID_IDENTITY;
+		}
+
+		if (!RR->identity.locallyValidate()) {
+			throw ZT_EXCEPTION_INVALID_IDENTITY;
 		}
 	}
 

osdep/Binder.hpp

@@ -320,7 +320,7 @@ class Binder {
 			//
 			(void)gotViaProc;
 
-#if ! (defined(ZT_SDK) || defined(__ANDROID__))	  // getifaddrs() freeifaddrs() not available on Android
+#if ! defined(__ANDROID__)	  // getifaddrs() freeifaddrs() not available on Android
 			if (! gotViaProc) {
 				struct ifaddrs* ifatbl = (struct ifaddrs*)0;
 				struct ifaddrs* ifa;

osdep/PortMapper.cpp

@@ -207,7 +207,8 @@ public:
 					memset(&data,0,sizeof(data));
 					OSUtils::ztsnprintf(inport,sizeof(inport),"%d",localPort);
 
-					if ((UPNP_GetValidIGD(devlist,&urls,&data,lanaddr,sizeof(lanaddr)))&&(lanaddr[0])) {
+					int foundValidIGD = 0;
+					if ((foundValidIGD = UPNP_GetValidIGD(devlist,&urls,&data,lanaddr,sizeof(lanaddr)))&&(lanaddr[0])) {
 #ifdef ZT_PORTMAPPER_TRACE
                         PM_TRACE("PortMapper: UPnP: my LAN IP address: %s" ZT_EOL_S,lanaddr);
 #endif
@@ -282,9 +283,11 @@ public:
                         PM_TRACE("PortMapper: UPnP: UPNP_GetValidIGD failed, returning to NAT-PMP mode" ZT_EOL_S);
 #endif
 					}
-
 					freeUPNPDevlist(devlist);
 
+					if(foundValidIGD) {
+						FreeUPNPUrls(&urls);
+					}
 				} else {
 					mode = 0;
 #ifdef ZT_PORTMAPPER_TRACE

service/OneService.cpp

@@ -786,6 +786,7 @@ public:
 
     httplib::Server _controlPlane;
     std::thread _serverThread;
+	bool _serverThreadRunning;
 
     bool _allowTcpFallbackRelay;
 	bool _forceTcpRelay;
@@ -887,6 +888,7 @@ public:
 		,_updateAutoApply(false)
         ,_controlPlane()
         ,_serverThread()
+		,_serverThreadRunning(false)
 		,_forceTcpRelay(false)
 		,_primaryPort(port)
 		,_udpPortPickerCounter(0)
@@ -938,8 +940,9 @@ public:
 #endif
 
         _controlPlane.stop();
-        _serverThread.join();
+		if (_serverThreadRunning) {
-
+	        _serverThread.join();
+		}
 
 #ifdef ZT_USE_MINIUPNPC
 		delete _portMapper;
@@ -1005,7 +1008,6 @@ public:
 				_node = new Node(this,(void *)0,&cb,OSUtils::now());
 			}
 
-
 			// local.conf
 			readLocalSettings();
 			applyLocalConfig();
@@ -1260,6 +1262,51 @@ public:
 			Mutex::Lock _l(_termReason_m);
 			_termReason = ONE_UNRECOVERABLE_ERROR;
 			_fatalErrorMessage = std::string("unexpected exception in main thread: ")+e.what();
+		} catch (int e) {
+			Mutex::Lock _l(_termReason_m);
+			_termReason = ONE_UNRECOVERABLE_ERROR;
+			switch (e) {
+				case ZT_EXCEPTION_OUT_OF_BOUNDS: {
+					_fatalErrorMessage = "out of bounds exception";
+					break;
+				}
+				case ZT_EXCEPTION_OUT_OF_MEMORY: {
+					_fatalErrorMessage = "out of memory";
+					break;
+				}
+				case ZT_EXCEPTION_PRIVATE_KEY_REQUIRED: {
+					_fatalErrorMessage = "private key required";
+					break;
+				}
+				case ZT_EXCEPTION_INVALID_ARGUMENT: {
+					_fatalErrorMessage = "invalid argument";
+					break;
+				}
+				case ZT_EXCEPTION_INVALID_IDENTITY: {
+					_fatalErrorMessage = "invalid identity loaded from disk. Please remove identity.public and identity.secret from " + _homePath + " and try again";
+					break;
+				}
+				case ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_TYPE: {
+					_fatalErrorMessage = "invalid serialized data: invalid type";
+					break;
+				}
+				case ZT_EXCEPTION_INVALID_SERIALIZED_DATA_OVERFLOW: {
+					_fatalErrorMessage = "invalid serialized data: overflow";
+					break;
+				}
+				case ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_CRYPTOGRAPHIC_TOKEN: {
+					_fatalErrorMessage = "invalid serialized data: invalid cryptographic token";
+					break;
+				}
+				case ZT_EXCEPTION_INVALID_SERIALIZED_DATA_BAD_ENCODING: {
+					_fatalErrorMessage = "invalid serialized data: bad encoding";
+					break;
+				}
+				default: {
+					_fatalErrorMessage = "unexpected exception code: " + std::to_string(e);
+					break;
+				}
+			}
 		} catch ( ... ) {
 			Mutex::Lock _l(_termReason_m);
 			_termReason = ONE_UNRECOVERABLE_ERROR;
@@ -2077,11 +2124,13 @@ public:
 		}
 
         _serverThread = std::thread([&] {
+			_serverThreadRunning = true;
             fprintf(stderr, "Starting Control Plane...\n");
             if(!_controlPlane.listen_after_bind()) {
 				fprintf(stderr, "Error on listen_after_bind()\n");
 			}
             fprintf(stderr, "Control Plane Stopped\n");
+			_serverThreadRunning = false;
         });
 
     }