/*************************************************
* CTR-BE Encryption/Decryption *
*************************************************/
void CTR_BE::write(const byte input[], u32bit length)
{
u32bit copied = std::min(BLOCK_SIZE - position, length);
xor_buf(buffer + position, input, copied);
send(buffer + position, copied);
input += copied;
length -= copied;
position += copied;
if(position == BLOCK_SIZE)
increment_counter();
while(length >= BLOCK_SIZE)
{
xor_buf(buffer, input, BLOCK_SIZE);
send(buffer, BLOCK_SIZE);
input += BLOCK_SIZE;
length -= BLOCK_SIZE;
increment_counter();
}
xor_buf(buffer + position, input, length);
send(buffer + position, length);
position += length;
}
/* Internal function to return processed entropy from the PRNG */
int
random_yarrow_read(void *buf, int count)
{
static int cur = 0;
static int gate = 1;
static uint8_t genval[KEYSIZE];
size_t tomove;
int i;
int retval;
/* Check for final read request */
if (buf == NULL && count == 0)
return (0);
/* The reseed task must not be jumped on */
mtx_lock(&random_reseed_mtx);
if (gate) {
generator_gate();
random_state.outputblocks = 0;
gate = 0;
}
if (count > 0 && (size_t)count >= BLOCKSIZE) {
retval = 0;
for (i = 0; i < count; i += BLOCKSIZE) {
increment_counter();
randomdev_encrypt(&random_state.key, random_state.counter.byte, genval, BLOCKSIZE);
tomove = MIN(count - i, BLOCKSIZE);
memcpy((char *)buf + i, genval, tomove);
if (++random_state.outputblocks >= random_state.gengateinterval) {
generator_gate();
random_state.outputblocks = 0;
}
retval += (int)tomove;
cur = 0;
}
}
else {
if (!cur) {
increment_counter();
randomdev_encrypt(&random_state.key, random_state.counter.byte, genval, BLOCKSIZE);
memcpy(buf, genval, (size_t)count);
cur = BLOCKSIZE - count;
if (++random_state.outputblocks >= random_state.gengateinterval) {
generator_gate();
random_state.outputblocks = 0;
}
retval = count;
}
else {
retval = MIN(cur, count);
memcpy(buf, &genval[BLOCKSIZE - cur], (size_t)retval);
cur -= retval;
}
}
mtx_unlock(&random_reseed_mtx);
return (retval);
}
/* Initialize a session-record.
*/
void init_session(t_session *session) {
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_CLIENT);
#endif
if ((session->client_id = new_client_id++) == MAX_CHILD_ID) {
new_client_id = 0;
}
session->request_limit = true;
session->force_quit = false;
session->keep_alive = false;
session->kept_alive = 0;
session->last_host = NULL;
session->request = NULL;
session->buffer_size = 0;
session->bytes_in_buffer = 0;
clear_session(session);
session->socket_open = false;
session->via_trusted_proxy = false;
session->flooding_timer = session->time;
#ifdef ENABLE_RPROXY
session->rproxy_kept_alive = false;
#endif
#ifdef ENABLE_HTTP2
session->use_http2 = false;
#endif
}
static void loop_creating_worker(void* context) {
(void) context;
do {
uv_loop_t *loop;
uv_signal_t signal;
int r;
loop = malloc(sizeof(*loop));
ASSERT(loop != NULL);
ASSERT(0 == uv_loop_init(loop));
r = uv_signal_init(loop, &signal);
ASSERT(r == 0);
r = uv_signal_start(&signal, signal_unexpected_cb, SIGTERM);
ASSERT(r == 0);
uv_close((uv_handle_t*) &signal, NULL);
r = uv_run(loop, UV_RUN_DEFAULT);
ASSERT(r == 0);
uv_loop_close(loop);
free(loop);
increment_counter(&loop_creation_counter);
} while (!stop);
}
/* Validate URL
*/
bool validate_url(t_session *session) {
if (valid_uri(session->uri, session->host->allow_dot_files)) {
if (session->host->secure_url == false) {
return true;
} else if (strstr(session->request_uri, "%00") == NULL) {
return true;
} else {
session->return_code = 403;
}
} else {
session->return_code = (session->request_method == PUT) ? 403 : 404;
}
log_exploit_attempt(session, "invalid URL", NULL);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit(session);
monitor_event("Invalid URL %s for %s", session->uri, session->host->hostname.item[0]);
}
#endif
session->error_cause = ec_INVALID_URL;
return false;
}
/* Prevent Cross-site Request Forgery
*/
int prevent_csrf(t_session *session) {
char *referer, *slash;
int i, n;
if (strcmp(session->method, "POST") != 0) {
return 0;
}
if ((referer = get_http_header("Referer:", session->http_headers)) == NULL) {
return 0;
}
if (strncmp(referer, "http://", 7) == 0) {
referer += 7;
} else if (strncmp(referer, "https://", 8) == 0) {
referer += 8;
} else {
session->cookie = NULL;
log_error(session, "invalid referer while checking for CSRF");
return 1;
}
if ((slash = strchr(referer, '/')) != NULL) {
n = slash - referer;
} else {
n = strlen(referer);
}
for (i = 0; i < session->host->hostname.size; i++) {
if (strncasecmp(referer, *(session->host->hostname.item + i), n) == 0) {
return 0;
}
}
session->cookie = NULL;
if (session->body != NULL) {
log_exploit_attempt(session, "CSRF", session->body);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_counter_exploit_attempt(session);
}
#endif
} else {
log_error(session, "CSRF attempt detected with no request body");
}
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_counter_exploit_attempt(session);
}
#endif
return 1;
}
void Blake2b::add_data(const byte input[], size_t length)
{
if(!input || length == 0)
{
return;
}
byte* const buffer = m_buffer.data();
while(length > 0)
{
size_t fill = BLAKE2B_BLOCKBYTES - m_buflen;
if(length <= fill)
{
std::memcpy(buffer + m_buflen, input, length);
m_buflen += length;
return;
}
std::memcpy(buffer + m_buflen, input, fill);
increment_counter(BLAKE2B_BLOCKBYTES);
compress();
m_buflen = 0;
input += fill;
length -= fill;
}
}
int handle_connection_not_allowed(t_session *session, int connections) {
switch (connections) {
case ca_TOOMUCH_PERIP:
log_system(session, "Maximum number of connections for IP address reached");
if ((session->config->ban_on_max_per_ip > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
log_system(session, "Client banned because of too many simultaneous connections");
ban_ip(&(session->ip_address), session->config->ban_on_max_per_ip, session->config->kick_on_ban);
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
return 444;
case ca_TOOMUCH_TOTAL:
log_system(session, "Maximum number of total connections reached");
return 503;
case ca_BANNED:
if (session->config->reban_during_ban && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
reban_ip(&(session->ip_address));
}
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_DENY);
#endif
return 444;
}
return 500;
}
static void loop_creating_worker(void* context) {
(void) context;
do {
uv_loop_t* loop;
uv_signal_t signal;
int r;
loop = uv_loop_new();
ASSERT(loop != NULL);
r = uv_signal_init(loop, &signal);
ASSERT(r == 0);
r = uv_signal_start(&signal, signal_unexpected_cb, SIGTERM);
ASSERT(r == 0);
uv_close((uv_handle_t*) &signal, NULL);
r = uv_run(loop);
ASSERT(r == 0);
uv_loop_delete(loop);
increment_counter(&loop_creation_counter);
} while (!stop);
}
static void set_hf_send_packet(int fd_out, int fd_in, unsigned char buffer[], unsigned char len, unsigned char *seq, unsigned char type, unsigned char response[], int *response_length) {
set_packet_header(buffer, len, *seq, type);
crc_packet(tabel, buffer, len);
send_packet(fd_out, fd_in, buffer, len + 2, response, response_length);
increment_counter(seq);
}
extern "C" void kokkosp_begin_parallel_reduce(const char* name, const uint32_t devID, uint64_t* kID) {
*kID = uniqID++;
if( (NULL == name) || (strcmp("", name) == 0) ) {
fprintf(stderr, "Error: kernel is empty\n");
exit(-1);
}
increment_counter(name, PARALLEL_REDUCE);
}
static void log_sqli_attempt(t_session *session, char *str) {
log_exploit_attempt(session, "SQLi", str);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit_attempt(session);
monitor_event("SQLi attempt for %s%s", session->host->hostname.item[0], session->uri);
}
#endif
}
static int prevent_xss_str(t_session *session, char *input) {
int result = 0;
short low, high;
char *str, value;
char tag[22];
str = input;
while (*str != '\0') {
if ((value = *str) == '%') {
if ((high = hex_char_to_int(*(str + 1))) != -1) {
if ((low = hex_char_to_int(*(str + 2))) != -1) {
value = (char)(high<<4) + low;
str += 2;
}
}
}
if (value == '<') {
str++;
strncpy(tag, str, 21);
tag[21] = '\0';
url_decode(tag);
strlower(tag);
if ((memcmp(tag, "script", 6) == 0) && ((tag[6] == ' ') || (tag[6] == '>'))) {
log_exploit_attempt(session, "XSS", input);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit_attempt(session);
monitor_event("XSS attempt for %s%s", session->host->hostname.item[0], session->uri);
}
#endif
if (session->host->prevent_xss == p_prevent) {
*str = '_';
}
result = 1;
break;
}
}
str++;
}
return result;
}
static void
generator_gate(void)
{
u_int i;
uint8_t temp[KEYSIZE];
for (i = 0; i < KEYSIZE; i += BLOCKSIZE) {
increment_counter();
randomdev_encrypt(&random_state.key, random_state.counter.byte, temp + i, BLOCKSIZE);
}
randomdev_encrypt_init(&random_state.key, temp);
memset((void *)temp, 0, KEYSIZE);
}
/* Prevent SQL injection
*/
static int prevent_sqli_str(t_session *session, char *str, int length) {
char *data, *c;
t_sqli_pattern *pattern;
int result = 0;
if ((str == NULL) || (length <= 0)) {
return 0;
}
if ((data = (char*)malloc(length + 1)) == NULL) {
return -1;
}
memcpy(data, str, length);
data[length] = '\0';
url_decode(data);
c = data;
while (*c != '\0') {
if (*c == '+') {
*c = ' ';
}
c++;
}
pattern = sqli_patterns;
while (pattern != NULL) {
if (regexec(&(pattern->regex), data, 0, NULL, 0) != REG_NOMATCH) {
log_exploit_attempt(session, "SQLi", str);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit(session);
monitor_event("SQLi attempt for %s", session->file_on_disk);
}
#endif
result = 1;
break;
}
pattern = pattern->next;
}
free(data);
return result;
}
/* Prevent cross-site scripting.
*/
int prevent_xss(t_session *session) {
int result = 0;
bool logged = false;
short low, high;
char *str, value;
if ((str = session->vars) == NULL) {
return 0;
}
while (*str != '\0') {
if ((value = *str) == '%') {
if ((high = hex_char_to_int(*(str + 1))) != -1) {
if ((low = hex_char_to_int(*(str + 2))) != -1) {
value = (char)(high<<4) + low;
}
}
}
if ((value == '\"') || (value == '<') || (value == '>') || (value == '\'')) {
if (logged == false) {
log_exploit_attempt(session, "XSS", session->vars);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit(session);
monitor_event("XSS attempt for %s", session->file_on_disk);
}
#endif
logged = true;
}
*str = '_';
result = 1;
}
str++;
}
return result;
}
void Blake2b::final_result(byte output[])
{
if(!output)
{
return;
}
byte* const buffer = m_buffer.data();
const u64bit* const H = static_cast<const u64bit*>(m_H.data());
u16bit outlen = static_cast<u16bit>(output_length());
std::memset(buffer + m_buflen, 0, BLAKE2B_BLOCKBYTES - m_buflen);
increment_counter(m_buflen);
compress(true);
for (u16bit i = 0; i < outlen; i++)
{
output[i] = (H[i >> 3] >> (8 * (i & 7))) & 0xFF;
}
clear();
}
void print_Multiarray_T_tol (const struct Multiarray_T*const a, const Real tol)
{
const int order = a->order;
const ptrdiff_t*const extents = a->extents;
print_Multiarray_extents(order,extents);
if (order == 1) {
struct Vector_T* a_V = constructor_move_Vector_T_T(extents[0],false,a->data); // destructed
print_Vector_T_tol(a_V,tol);
destructor_Vector_T(a_V);
} else if (order == 2) {
struct Matrix_T* a_M = constructor_move_Matrix_T_T(a->layout,extents[0],extents[1],false,a->data); // destructed
print_Matrix_T_tol(a_M,tol);
destructor_Matrix_T(a_M);
} else if (order > 2) {
struct Matrix_T* a_M = constructor_move_Matrix_T_T(a->layout,extents[0],extents[1],false,NULL); // destructed
const ptrdiff_t size_tail = compute_size(order-2,&extents[2]);
ptrdiff_t counter[order-2];
for (ptrdiff_t i = 0; i < order-2; ++i)
counter[i] = 0;
for (ptrdiff_t i = 0; i < size_tail; ++i) {
print_Multiarray_counter(order,counter);
const ptrdiff_t ind_M = compute_index_sub_matrix(order,extents,counter);
a_M->data = &a->data[ind_M];
print_Matrix_T_tol(a_M,tol);
increment_counter(order,extents,counter);
}
destructor_Matrix_T(a_M);
} else {
EXIT_ERROR("Unsupported: %d\n",order);
}
printf("\n");
}
void increment (void)
{
int got_throw = 0;
/*
* At most one thread at a time can execute Scheme code.
* So call Scheme in a critical section.
*/
pthread_mutex_lock (&mut);
/* call Scheme to increment counter */
___ON_THROW(increment_counter (counter), got_throw=1);
pthread_mutex_unlock (&mut);
if (got_throw)
{
printf ("thread %p is terminating\n", pthread_self ());
pthread_exit (NULL); /* exit if Scheme threw an exception */
}
}
/* Serve the client that connected to the webserver
*/
static int serve_client(t_session *session) {
int result, length, auth_result;
char *qmark, chr, *header;
t_host *host_record;
t_access access;
t_deny_body *deny_body;
t_req_method request_method;
t_ip_addr ip_addr;
#ifdef ENABLE_XSLT
char *xslt_file;
#endif
#ifdef ENABLE_TOOLKIT
int i;
t_toolkit_options toolkit_options;
#endif
#ifdef ENABLE_RPROXY
t_rproxy *rproxy;
#endif
#ifdef ENABLE_DEBUG
session->current_task = "fetch & parse request";
#endif
if ((result = fetch_request(session)) != 200) {
session->request_method = GET;
return result;
} else if ((result = parse_request(session, session->header_length + session->content_length)) != 200) {
session->request_method = GET;
return result;
}
#ifdef ENABLE_DEBUG
session->current_task = "serve client";
#endif
session->time = time(NULL);
/* Hide reverse proxies
*/
if (in_iplist(session->config->hide_proxy, &(session->ip_address))) {
if (last_forwarded_ip(session->http_headers, &ip_addr) == 0) {
if (reposition_client(session, &ip_addr) != -1) {
copy_ip(&(session->ip_address), &ip_addr);
}
}
}
/* SSH tunneling
*/
#ifdef ENABLE_RPROXY
if (session->request_method == CONNECT) {
if (in_iplist(session->config->tunnel_ssh, &(session->ip_address)) == false) {
return 405;
}
#ifdef ENABLE_SSL
if (session->binding->use_ssl) {
return 405;
}
#endif
if (strcmp(session->request_uri, "localhost:22") != 0) {
if (strcmp(session->request_uri, "127.0.0.1:22") != 0) {
if (strcmp(session->request_uri, "::1.22") != 0) {
return 403;
}
}
}
log_system(session, "SSH tunnel requested");
if (tunnel_ssh_connection(session->client_socket) != 0) {
log_system(session, "SSH tunnel failed");
} else {
log_system(session, "SSH tunnel terminated");
}
session->keep_alive = false;
return 200;
}
#endif
/* Find host record
*/
if (session->hostname != NULL) {
if (remove_port_from_hostname(session) == -1) {
log_error(session, "error removing port from hostname");
return 500;
}
if ((host_record = get_hostrecord(session->config->first_host, session->hostname, session->binding)) != NULL) {
session->host = host_record;
#ifdef ENABLE_TOMAHAWK
session->last_host = host_record;
#endif
}
}
session->host->access_time = session->time;
#ifdef ENABLE_SSL
/* SSL client authentication
*/
if (session->binding->use_ssl) {
if ((session->host->ca_certificate != NULL) && (ssl_has_peer_cert(&(session->ssl_context)) == false)) {
log_error(session, "Missing client SSL certificate");
return 440;
}
}
#endif
/* Enforce usage of first hostname
*/
if (session->host->enforce_first_hostname && (session->hostname != NULL)) {
if (**(session->host->hostname.item) != '*') {
if (strcmp(session->hostname, *(session->host->hostname.item)) != 0) {
session->cause_of_301 = enforce_first_hostname;
return 301;
}
}
}
/* Enforce usage of SSL
*/
#ifdef ENABLE_SSL
if (session->host->require_ssl && (session->binding->use_ssl == false)) {
if ((qmark = strchr(session->uri, '?')) != NULL) {
*qmark = '\0';
session->vars = qmark + 1;
session->uri_len = strlen(session->uri);
}
session->cause_of_301 = require_ssl;
return 301;
}
#endif
/* Deny matching bodies
*/
if (session->body != NULL) {
chr = *(session->body + session->content_length);
*(session->body + session->content_length) = '\0';
deny_body = session->host->deny_body;
while (deny_body != NULL) {
if (strpcmp(session->body, &(deny_body->pattern)) == 0) {
if ((session->config->ban_on_denied_body > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_denied_body, session->config->kick_on_ban);
log_system(session, "Client banned because of denied body");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
log_exploit_attempt(session, "denied body", session->body);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit(session);
monitor_event("Request body denied for %s", session->host->hostname.item[0]);
}
#endif
*(session->body + session->content_length) = chr;
return 403;
}
deny_body = deny_body->next;
}
*(session->body + session->content_length) = chr;
}
/* Websocket
*/
if (session->request_method == GET) {
if ((header = get_http_header("Connection:", session->http_headers)) != NULL) {
if (strcasestr(header, "upgrade") != NULL) {
if ((header = get_http_header("Upgrade:", session->http_headers)) != NULL) {
if (strcasecmp(header, "websocket") == 0) {
switch (access = allow_client(session)) {
case deny:
log_error(session, fb_accesslist);
return 403;
case allow:
break;
case pwd:
case unspecified:
if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
return auth_result;
}
}
session->keep_alive = false;
if (forward_to_websocket(session) == -1) {
return 500;
}
return 200;
}
}
}
}
}
#ifdef ENABLE_RPROXY
/* Reverse proxy
*/
rproxy = session->host->rproxy;
while (rproxy != NULL) {
if (rproxy_match(rproxy, session->request_uri)) {
if (rproxy_loop_detected(session->http_headers)) {
return 508;
}
if ((qmark = strchr(session->uri, '?')) != NULL) {
*qmark = '\0';
session->vars = qmark + 1;
}
if (validate_url(session) == false) {
return -1;
}
if ((session->vars != NULL) && (session->host->secure_url)) {
if (forbidden_chars_present(session->vars)) {
log_error(session, "URL contains forbidden characters");
return 403;
}
}
if (duplicate_host(session) == false) {
log_error(session, "duplicate_host() error");
return 500;
}
if ((result = uri_to_path(session)) != 200) {
return result;
}
if (session->host->ignore_dot_hiawatha == false) {
if (load_user_config(session) == -1) {
return 500;
}
}
if ((result = copy_directory_settings(session)) != 200) {
return result;
}
switch (access = allow_client(session)) {
case deny:
log_error(session, fb_accesslist);
return 403;
case allow:
break;
case pwd:
case unspecified:
if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
return auth_result;
}
}
/* Prevent SQL injection
*/
if (session->host->prevent_sqli) {
result = prevent_sqli(session);
if (result == 1) {
session->error_cause = ec_SQL_INJECTION;
}
if (result != 0) {
return -1;
}
}
/* Prevent Cross-site Scripting
*/
if (session->host->prevent_xss != p_no) {
if (prevent_xss(session) > 0) {
if (session->host->prevent_xss == p_block) {
session->error_cause = ec_XSS;
return -1;
}
}
}
/* Prevent Cross-site Request Forgery
*/
if (session->host->prevent_csrf != p_no) {
if (prevent_csrf(session) > 0) {
if (session->host->prevent_csrf == p_block) {
session->error_cause = ec_CSRF;
return -1;
}
}
}
return proxy_request(session, rproxy);
}
rproxy = rproxy->next;
}
#endif
/* Actions based on request method
*/
switch (session->request_method) {
case TRACE:
if (session->binding->enable_trace == false) {
return 501;
}
return handle_trace_request(session);
case PUT:
case DELETE:
if ((session->binding->enable_alter == false) && (session->host->webdav_app == false)) {
return 501;
}
break;
case unknown:
return 400;
case unsupported:
if (session->host->webdav_app == false) {
return 501;
}
break;
default:
break;
}
if (duplicate_host(session) == false) {
log_error(session, "duplicate_host() error");
return 500;
}
#ifdef ENABLE_TOOLKIT
if (session->host->ignore_dot_hiawatha == false) {
if (load_user_root_config(session) == -1) {
return 500;
}
}
/* URL toolkit
*/
init_toolkit_options(&toolkit_options);
toolkit_options.method = session->method;
toolkit_options.website_root = session->host->website_root;
toolkit_options.url_toolkit = session->config->url_toolkit;
toolkit_options.allow_dot_files = session->host->allow_dot_files;
toolkit_options.http_headers = session->http_headers;
#ifdef ENABLE_SSL
toolkit_options.use_ssl = session->binding->use_ssl;
#endif
if (((session->request_method != PUT) && (session->request_method != DELETE)) || session->host->webdav_app) {
for (i = 0; i < session->host->toolkit_rules.size; i++) {
if ((result = use_toolkit(session->uri, session->host->toolkit_rules.item[i], &toolkit_options)) == UT_ERROR) {
return 500;
}
if ((toolkit_options.ban > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), toolkit_options.ban, session->config->kick_on_ban);
log_system(session, "Client banned because of URL match in UrlToolkit rule");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
return 403;
}
session->toolkit_fastcgi = toolkit_options.fastcgi_server;
if (toolkit_options.new_url != NULL) {
if (register_tempdata(&(session->tempdata), toolkit_options.new_url, tc_data) == -1) {
free(toolkit_options.new_url);
log_error(session, "error registering temporary data");
return 500;
}
session->uri = toolkit_options.new_url;
}
if (result == UT_REDIRECT) {
if ((session->location = strdup(toolkit_options.new_url)) == NULL) {
return -1;
}
session->cause_of_301 = location;
return 301;
}
if (result == UT_DENY_ACCESS) {
log_error(session, "access denied via URL toolkit rule");
return 403;
}
if (toolkit_options.expire > -1) {
session->expires = toolkit_options.expire;
session->caco_private = toolkit_options.caco_private;
}
}
}
#endif
/* Find GET data
*/
if ((qmark = strchr(session->uri, '?')) != NULL) {
*qmark = '\0';
session->vars = qmark + 1;
}
url_decode(session->uri);
session->uri_len = strlen(session->uri);
if ((session->vars != NULL) && (session->host->secure_url)) {
if (forbidden_chars_present(session->vars)) {
log_error(session, "URL contains forbidden characters");
return 403;
}
}
if (validate_url(session) == false) {
return -1;
}
if ((result = uri_to_path(session)) != 200) {
return result;
}
/* Load configfile from directories
*/
if (session->host->ignore_dot_hiawatha == false) {
if (load_user_config(session) == -1) {
return 500;
}
}
if ((result = copy_directory_settings(session)) != 200) {
return result;
}
switch (access = allow_client(session)) {
case deny:
log_error(session, fb_accesslist);
return 403;
case allow:
break;
case pwd:
case unspecified:
if ((auth_result = http_authentication_result(session, access == unspecified)) != 200) {
return auth_result;
}
}
switch (is_directory(session->file_on_disk)) {
case error:
return 500;
case yes:
session->uri_is_dir = true;
break;
case no:
if (((session->request_method != PUT) || session->host->webdav_app) && (session->host->enable_path_info)) {
if ((result = get_path_info(session)) != 200) {
return result;
}
}
break;
case no_access:
log_error(session, fb_filesystem);
return 403;
case not_found:
if (session->request_method == DELETE) {
return 404;
}
}
#ifdef ENABLE_TOOLKIT
if ((session->toolkit_fastcgi == NULL) && session->uri_is_dir) {
#else
if (session->uri_is_dir) {
#endif
length = strlen(session->file_on_disk);
if (*(session->file_on_disk + length - 1) == '/') {
strcpy(session->file_on_disk + length, session->host->start_file);
} else {
return 301;
}
}
if (get_target_extension(session) == -1) {
log_error(session, "error getting extension");
return 500;
}
if (((session->request_method != PUT) && (session->request_method != DELETE)) || session->host->webdav_app) {
check_target_is_cgi(session);
}
/* Handle request based on request method
*/
request_method = session->request_method;
if (session->host->webdav_app) {
if ((request_method == PUT) || (request_method == DELETE)) {
request_method = POST;
}
}
switch (request_method) {
case GET:
case HEAD:
if (session->cgi_type != no_cgi) {
session->body = NULL;
result = execute_cgi(session);
#ifdef ENABLE_XSLT
} else if ((xslt_file = find_xslt_file(session)) != NULL) {
result = handle_xml_file(session, xslt_file);
free(xslt_file);
#endif
} else {
result = send_file(session);
}
if (result == 404) {
#ifdef ENABLE_XSLT
if ((session->host->show_index != NULL) && (session->uri[session->uri_len - 1] == '/')) {
result = show_index(session);
}
#endif
#ifdef ENABLE_MONITOR
} else if (session->config->monitor_enabled) {
if ((result == 200) && (session->host->monitor_host)) {
unlink(session->file_on_disk);
}
#endif
}
if ((session->request_method == GET) && (session->cgi_type == no_cgi) && (session->directory != NULL)) {
if (session->directory->run_on_download != NULL) {
run_program(session, session->directory->run_on_download, result);
}
}
break;
case POST:
case unsupported:
if (session->cgi_type != no_cgi) {
result = execute_cgi(session);
#ifdef ENABLE_XSLT
} else if ((xslt_file = find_xslt_file(session)) != NULL) {
result = handle_xml_file(session, xslt_file);
free(xslt_file);
#endif
} else {
result = 405;
}
break;
case PUT:
result = handle_put_request(session);
if (((result == 201) || (result == 204)) && (session->host->run_on_alter != NULL)) {
run_program(session, session->host->run_on_alter, result);
}
break;
case DELETE:
result = handle_delete_request(session);
if ((result == 204) && (session->host->run_on_alter != NULL)) {
run_program(session, session->host->run_on_alter, result);
}
break;
case WHEN:
send_code(session);
break;
default:
result = 400;
}
return result;
}
/* Handle timeout upon sending request
*/
static void handle_timeout(t_session *session) {
if ((session->config->ban_on_timeout > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_timeout, session->config->kick_on_ban);
log_system(session, "Client banned because of connection timeout");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
} else {
log_system(session, "Timeout while waiting for first request");
}
}
/* Request has been handled, handle the return code.
*/
static void handle_request_result(t_session *session, int result) {
char *hostname;
#ifdef ENABLE_DEBUG
session->current_task = "handle request result";
#endif
if (result == -1) switch (session->error_cause) {
case ec_MAX_REQUESTSIZE:
log_system(session, "Maximum request size reached");
session->return_code = 413;
send_code(session);
if ((session->config->ban_on_max_request_size > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_max_request_size, session->config->kick_on_ban);
log_system(session, "Client banned because of sending a too large request");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
break;
case ec_TIMEOUT:
if (session->kept_alive == 0) {
session->return_code = 408;
send_code(session);
handle_timeout(session);
}
break;
case ec_CLIENT_DISCONNECTED:
if (session->kept_alive == 0) {
log_system(session, "Silent client disconnected");
}
break;
case ec_SOCKET_READ_ERROR:
if (errno != ECONNRESET) {
log_system(session, "Error while reading request");
}
break;
case ec_SOCKET_WRITE_ERROR:
log_request(session);
break;
case ec_FORCE_QUIT:
log_system(session, "Client kicked");
break;
case ec_SQL_INJECTION:
if ((session->config->ban_on_sqli > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_sqli, session->config->kick_on_ban);
hostname = (session->hostname != NULL) ? session->hostname : unknown_host;
log_system(session, "Client banned because of SQL injection on %s", hostname);
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
session->return_code = 441;
send_code(session);
log_request(session);
break;
case ec_XSS:
session->return_code = 442;
send_code(session);
log_request(session);
break;
case ec_CSRF:
session->return_code = 443;
send_code(session);
log_request(session);
break;
case ec_INVALID_URL:
if ((session->config->ban_on_invalid_url > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_invalid_url, session->config->kick_on_ban);
hostname = (session->hostname != NULL) ? session->hostname : unknown_host;
log_system(session, "Client banned because of invalid URL on %s", hostname);
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
send_code(session);
break;
default:
if (session->data_sent == false) {
session->return_code = 500;
if (send_code(session) == -1) {
session->keep_alive = false;
}
}
} else switch (result) {
case 200:
break;
case 201:
case 204:
case 304:
case 412:
if (session->data_sent == false) {
session->return_code = result;
if (send_header(session) == -1) {
session->keep_alive = false;
} else if (send_buffer(session, "Content-Length: 0\r\n\r\n", 21) == -1) {
session->keep_alive = false;
}
}
break;
case 411:
case 413:
session->keep_alive = false;
if (session->data_sent == false) {
session->return_code = result;
if (send_header(session) == -1) {
session->keep_alive = false;
} else if (send_buffer(session, "Content-Length: 0\r\n\r\n", 21) == -1) {
session->keep_alive = false;
}
}
break;
case 400:
log_garbage(session);
if (session->data_sent == false) {
session->return_code = 400;
if (send_code(session) == -1) {
session->keep_alive = false;
}
}
if ((session->config->ban_on_garbage > 0) && (ip_allowed(&(session->ip_address), session->config->banlist_mask) != deny)) {
ban_ip(&(session->ip_address), session->config->ban_on_garbage, session->config->kick_on_ban);
log_system(session, "Client banned because of sending garbage");
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_ban(session);
}
#endif
}
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_bad_request(session);
}
#endif
break;
case 401:
case 403:
case 404:
case 501:
case 503:
if (session->data_sent == false) {
switch (handle_error(session, result)) {
case -1:
session->keep_alive = false;
break;
case 200:
break;
default:
if (session->data_sent == false) {
session->return_code = result;
if (send_code(session) == -1) {
session->keep_alive = false;
}
}
}
}
break;
case 500:
session->keep_alive = false;
default:
if (session->data_sent == false) {
session->return_code = result;
send_code(session);
}
}
if ((result > 0) && (result != 400)) {
log_request(session);
} else {
session->keep_alive = false;
}
}
/* Prevent SQL injection
*/
static int prevent_sqli_str(t_session *session, char *str, int length) {
char *data, *c, *begin, *end;
t_sqli_pattern *pattern;
int result = 0;
if ((str == NULL) || (length <= 0)) {
return 0;
}
if ((data = (char*)malloc(length + 1)) == NULL) {
return -1;
}
memcpy(data, str, length);
data[length] = '\0';
url_decode(data);
c = data;
while (*c != '\0') {
if (*c == '+') {
*c = ' ';
}
c++;
}
/* Remove comments
*/
end = data;
while ((begin = strstr(end, "/*")) != NULL) {
if ((end = strstr(begin + 2, "*/")) == NULL) {
break;
}
end += 2;
memset(begin, ' ', end - begin);
}
/* Remove double parenthesis
*/
end = data;
while ((begin = strchr(end, '(')) != NULL) {
end = begin + 1;
while (*end == ' ') {
end++;
}
if (*end == '(') {
*begin = ' ';
}
}
/* Match patterns
*/
pattern = sqli_patterns;
while (pattern != NULL) {
if (regexec(&(pattern->regex), data, 0, NULL, 0) != REG_NOMATCH) {
log_exploit_attempt(session, "SQLi", str);
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit_attempt(session);
monitor_event("SQLi attempt for %s%s", session->host->hostname.item[0], session->uri);
}
#endif
result = 1;
break;
}
pattern = pattern->next;
}
free(data);
return result;
}
static void signal2_cb(uv_signal_t* handle, int signum) {
ASSERT(signum == SIGUSR2);
increment_counter(&signal2_cb_counter);
uv_signal_stop(handle);
}
/*
* pj_ioqueue_poll()
*
*/
PJ_DEF(int) pj_ioqueue_poll( pj_ioqueue_t *ioqueue, const pj_time_val *timeout)
{
int i, count, processed;
int msec;
//struct epoll_event *events = ioqueue->events;
//struct queue *queue = ioqueue->queue;
struct epoll_event events[PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL];
struct queue queue[PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL];
pj_timestamp t1, t2;
PJ_CHECK_STACK();
msec = timeout ? PJ_TIME_VAL_MSEC(*timeout) : 9000;
TRACE_((THIS_FILE, "start os_epoll_wait, msec=%d", msec));
pj_get_timestamp(&t1);
//count = os_epoll_wait( ioqueue->epfd, events, ioqueue->max, msec);
count = os_epoll_wait( ioqueue->epfd, events, PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL, msec);
if (count == 0) {
#if PJ_IOQUEUE_HAS_SAFE_UNREG
/* Check the closing keys only when there's no activity and when there are
* pending closing keys.
*/
if (count == 0 && !pj_list_empty(&ioqueue->closing_list)) {
pj_lock_acquire(ioqueue->lock);
scan_closing_keys(ioqueue);
pj_lock_release(ioqueue->lock);
}
#endif
TRACE_((THIS_FILE, "os_epoll_wait timed out"));
return count;
}
else if (count < 0) {
TRACE_((THIS_FILE, "os_epoll_wait error"));
return -pj_get_netos_error();
}
pj_get_timestamp(&t2);
TRACE_((THIS_FILE, "os_epoll_wait returns %d, time=%d usec",
count, pj_elapsed_usec(&t1, &t2)));
/* Lock ioqueue. */
pj_lock_acquire(ioqueue->lock);
for (processed=0, i=0; i<count; ++i) {
pj_ioqueue_key_t *h = (pj_ioqueue_key_t*)(epoll_data_type)
events[i].epoll_data;
TRACE_((THIS_FILE, "event %d: events=%d", i, events[i].events));
/*
* Check readability.
*/
if ((events[i].events & EPOLLIN) &&
(key_has_pending_read(h) || key_has_pending_accept(h)) && !IS_CLOSING(h) ) {
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
queue[processed].key = h;
queue[processed].event_type = READABLE_EVENT;
++processed;
continue;
}
/*
* Check for writeability.
*/
if ((events[i].events & EPOLLOUT) && key_has_pending_write(h) && !IS_CLOSING(h)) {
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
queue[processed].key = h;
queue[processed].event_type = WRITEABLE_EVENT;
++processed;
continue;
}
#if PJ_HAS_TCP
/*
* Check for completion of connect() operation.
*/
if ((events[i].events & EPOLLOUT) && (h->connecting) && !IS_CLOSING(h)) {
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
queue[processed].key = h;
queue[processed].event_type = WRITEABLE_EVENT;
++processed;
continue;
}
#endif /* PJ_HAS_TCP */
/*
* Check for error condition.
*/
if ((events[i].events & EPOLLERR) && !IS_CLOSING(h)) {
/*
* We need to handle this exception event. If it's related to us
* connecting, report it as such. If not, just report it as a
* read event and the higher layers will handle it.
*/
if (h->connecting) {
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
queue[processed].key = h;
queue[processed].event_type = EXCEPTION_EVENT;
++processed;
} else if (key_has_pending_read(h) || key_has_pending_accept(h)) {
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
queue[processed].key = h;
queue[processed].event_type = READABLE_EVENT;
++processed;
}
continue;
}
}
for (i=0; i<processed; ++i) {
if (queue[i].key->grp_lock)
pj_grp_lock_add_ref_dbg(queue[i].key->grp_lock, "ioqueue", 0);
}
PJ_RACE_ME(5);
pj_lock_release(ioqueue->lock);
PJ_RACE_ME(5);
/* Now process the events. */
for (i=0; i<processed; ++i) {
switch (queue[i].event_type) {
case READABLE_EVENT:
ioqueue_dispatch_read_event(ioqueue, queue[i].key);
break;
case WRITEABLE_EVENT:
ioqueue_dispatch_write_event(ioqueue, queue[i].key);
break;
case EXCEPTION_EVENT:
ioqueue_dispatch_exception_event(ioqueue, queue[i].key);
break;
case NO_EVENT:
pj_assert(!"Invalid event!");
break;
}
#if PJ_IOQUEUE_HAS_SAFE_UNREG
decrement_counter(queue[i].key);
#endif
if (queue[i].key->grp_lock)
pj_grp_lock_dec_ref_dbg(queue[i].key->grp_lock,
"ioqueue", 0);
}
/* Special case:
* When epoll returns > 0 but no descriptors are actually set!
*/
if (count > 0 && !processed && msec > 0) {
pj_thread_sleep(msec);
}
pj_get_timestamp(&t1);
TRACE_((THIS_FILE, "ioqueue_poll() returns %d, time=%d usec",
processed, pj_elapsed_usec(&t2, &t1)));
return processed;
}
/* Prevent Cross-site Request Forgery
*/
int prevent_csrf(t_session *session) {
char *referer, *slash, prev = '\0';
int i, n;
#ifdef ENABLE_MONITOR
char *csrf_url;
#endif
if (session->request_method != POST) {
return 0;
}
if ((referer = get_http_header("Origin:", session->http_headers)) == NULL) {
if ((referer = get_http_header("Referer:", session->http_headers)) == NULL) {
return 0;
}
}
#ifdef ENABLE_MONITOR
csrf_url = referer;
#endif
if (strncmp(referer, "http://", 7) == 0) {
referer += 7;
} else if (strncmp(referer, "https://", 8) == 0) {
referer += 8;
} else {
session->request_method = GET;
session->body = NULL;
session->cookies = NULL;
log_error(session, "invalid referer while checking for CSRF");
return 1;
}
if ((slash = strchr(referer, '/')) != NULL) {
n = slash - referer;
} else {
n = strlen(referer);
}
for (i = 0; i < session->host->hostname.size; i++) {
if (strncasecmp(referer, *(session->host->hostname.item + i), n) == 0) {
return 0;
}
}
if (session->body != NULL) {
prev = *(session->body + session->content_length);
*(session->body + session->content_length) = '\0';
}
log_exploit_attempt(session, "CSRF", session->body);
if (session->body != NULL) {
*(session->body + session->content_length) = prev;
}
if (session->host->prevent_csrf == p_prevent) {
session->request_method = GET;
session->body = NULL;
session->cookies = NULL;
}
#ifdef ENABLE_TOMAHAWK
increment_counter(COUNTER_EXPLOIT);
#endif
#ifdef ENABLE_MONITOR
if (session->config->monitor_enabled) {
monitor_count_exploit_attempt(session);
monitor_event("CSRF attempt for %s%s via %s", session->host->hostname.item[0], session->uri, csrf_url);
}
#endif
return 1;
}
void up_clicked(ClickRecognizerRef recognizer, void* context) {
increment_counter();
display_counter();
}
void up_single_click_handler(ClickRecognizerRef recognizer, Window *window) {
increment_counter(); populate_counter_labels();
}
/*
* pj_ioqueue_poll()
*
* Few things worth written:
*
* - we used to do only one callback called per poll, but it didn't go
* very well. The reason is because on some situation, the write
* callback gets called all the time, thus doesn't give the read
* callback to get called. This happens, for example, when user
* submit write operation inside the write callback.
* As the result, we changed the behaviour so that now multiple
* callbacks are called in a single poll. It should be fast too,
* just that we need to be carefull with the ioqueue data structs.
*
* - to guarantee preemptiveness etc, the poll function must strictly
* work on fd_set copy of the ioqueue (not the original one).
*/
PJ_DEF(int) pj_ioqueue_poll( pj_ioqueue_t *ioqueue, const pj_time_val *timeout)
{
pj_fd_set_t rfdset, wfdset, xfdset;
int count, counter;
pj_ioqueue_key_t *h;
struct event
{
pj_ioqueue_key_t *key;
enum ioqueue_event_type event_type;
} event[PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL];
PJ_ASSERT_RETURN(ioqueue, -PJ_EINVAL);
/* Lock ioqueue before making fd_set copies */
pj_lock_acquire(ioqueue->lock);
/* We will only do select() when there are sockets to be polled.
* Otherwise select() will return error.
*/
if (PJ_FD_COUNT(&ioqueue->rfdset)==0 &&
PJ_FD_COUNT(&ioqueue->wfdset)==0
#if defined(PJ_HAS_TCP) && PJ_HAS_TCP!=0
&& PJ_FD_COUNT(&ioqueue->xfdset)==0
#endif
)
{
#if PJ_IOQUEUE_HAS_SAFE_UNREG
scan_closing_keys(ioqueue);
#endif
pj_lock_release(ioqueue->lock);
TRACE__((THIS_FILE, " poll: no fd is set"));
if (timeout)
pj_thread_sleep(PJ_TIME_VAL_MSEC(*timeout));
return 0;
}
/* Copy ioqueue's pj_fd_set_t to local variables. */
pj_memcpy(&rfdset, &ioqueue->rfdset, sizeof(pj_fd_set_t));
pj_memcpy(&wfdset, &ioqueue->wfdset, sizeof(pj_fd_set_t));
#if PJ_HAS_TCP
pj_memcpy(&xfdset, &ioqueue->xfdset, sizeof(pj_fd_set_t));
#else
PJ_FD_ZERO(&xfdset);
#endif
#if VALIDATE_FD_SET
validate_sets(ioqueue, &rfdset, &wfdset, &xfdset);
#endif
/* Unlock ioqueue before select(). */
pj_lock_release(ioqueue->lock);
count = pj_sock_select(ioqueue->nfds+1, &rfdset, &wfdset, &xfdset,
timeout);
if (count == 0)
return 0;
else if (count < 0)
return -pj_get_netos_error();
else if (count > PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL)
count = PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL;
/* Scan descriptor sets for event and add the events in the event
* array to be processed later in this function. We do this so that
* events can be processed in parallel without holding ioqueue lock.
*/
pj_lock_acquire(ioqueue->lock);
counter = 0;
/* Scan for writable sockets first to handle piggy-back data
* coming with accept().
*/
h = ioqueue->active_list.next;
for ( ; h!=&ioqueue->active_list && counter<count; h = h->next) {
if ( (key_has_pending_write(h) || key_has_pending_connect(h))
&& PJ_FD_ISSET(h->fd, &wfdset) && !IS_CLOSING(h))
{
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
event[counter].key = h;
event[counter].event_type = WRITEABLE_EVENT;
++counter;
}
/* Scan for readable socket. */
if ((key_has_pending_read(h) || key_has_pending_accept(h))
&& PJ_FD_ISSET(h->fd, &rfdset) && !IS_CLOSING(h) &&
counter<count)
{
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
event[counter].key = h;
event[counter].event_type = READABLE_EVENT;
++counter;
}
#if PJ_HAS_TCP
if (key_has_pending_connect(h) && PJ_FD_ISSET(h->fd, &xfdset) &&
!IS_CLOSING(h) && counter<count)
{
#if PJ_IOQUEUE_HAS_SAFE_UNREG
increment_counter(h);
#endif
event[counter].key = h;
event[counter].event_type = EXCEPTION_EVENT;
++counter;
}
#endif
}
pj_lock_release(ioqueue->lock);
count = counter;
/* Now process all events. The dispatch functions will take care
* of locking in each of the key
*/
for (counter=0; counter<count; ++counter) {
switch (event[counter].event_type) {
case READABLE_EVENT:
ioqueue_dispatch_read_event(ioqueue, event[counter].key);
break;
case WRITEABLE_EVENT:
ioqueue_dispatch_write_event(ioqueue, event[counter].key);
break;
case EXCEPTION_EVENT:
ioqueue_dispatch_exception_event(ioqueue, event[counter].key);
break;
case NO_EVENT:
pj_assert(!"Invalid event!");
break;
}
#if PJ_IOQUEUE_HAS_SAFE_UNREG
decrement_counter(event[counter].key);
#endif
}
return count;
}
void LIRGenerator::increment_counter(address counter, BasicType type, int step) {
LIR_Opr pointer = new_pointer_register();
__ move(LIR_OprFact::intptrConst(counter), pointer);
LIR_Address* addr = new LIR_Address(pointer, type);
increment_counter(addr, step);
}
