notify java that all childs has been killed when disconnecting.

free child list on disconnect.

Author: tux-mind

cSploitClient/child.c

@@ -69,11 +69,29 @@ inline child_node *get_child_by_pending_seq(uint16_t seq) {
   return c;
 }
 
-void free_child(child_node *c) {
+inline void free_child(child_node *c) {
   release_buffer(&(c->buffer));
   free(c);
 }
 
+void free_all_childs() {
+  child_node *c,*n;
+  
+  pthread_mutex_lock(&(children.control.mutex));
+  
+  c=(child_node *) children.list.head;
+  
+  children.list.head = children.list.tail = NULL;
+  
+  while(c) {
+    n=(child_node *) c->next;
+    free_child(c);
+    c=n;
+  }
+  
+  pthread_mutex_unlock(&(children.control.mutex));
+}
+
 /**
  * @brief send raw bytes to child
  * @param id the child id
@@ -147,4 +165,4 @@ jboolean send_to_child(JNIEnv *env, jclass clazz __attribute__((unused)), int id
     (*env)->ReleaseByteArrayElements(env, array, buff, JNI_ABORT);
 
   return ret;
-}
+}

cSploitClient/child.h

@@ -49,6 +49,7 @@ child_node *create_child(uint16_t );
 inline child_node *get_child_by_id(uint16_t );
 inline child_node *get_child_by_pending_seq(uint16_t);
 void free_child(child_node *);
+void free_all_childs(void);
 extern jboolean send_to_child(JNIEnv *, jclass, int, jbyteArray);
 
-#endif
+#endif

cSploitClient/command.c

@@ -34,6 +34,28 @@
 
 #include "command.h"
 
+
+void cmd_on_disconnect() {
+  child_node *c;
+  char found = 0;
+  
+  pthread_mutex_lock(&(children.control.mutex));
+  
+  for(c =(child_node *) children.list.head;c;c=(child_node *) c->next) {
+    if(c->pending) {
+      c->seq = 0;
+      c->id = CTRL_ID;
+      found = 1;
+    }
+  }
+  
+  pthread_mutex_unlock(&(children.control.mutex));
+  
+  if(found) {
+    pthread_cond_broadcast(&(children.control.cond));
+  }
+}
+
 int on_cmd_started(message *m) {
   struct cmd_started_info *started_info;
   child_node *c;
@@ -160,7 +182,7 @@ int on_cmd_died(JNIEnv *env, message *m) {
 
   pthread_cond_broadcast(&(children.control.cond));
 
-  event = create_child_died_event(env, &(died_info->signal));
+  event = create_child_died_event(env, died_info->signal);
 
   if(!event) {
     LOGE("%s: cannot create event", __func__);

cSploitClient/command.h

@@ -24,4 +24,5 @@ int on_command(JNIEnv *, message *);
 int start_blind_command(JNIEnv *, jclass, jstring);
 int start_command(JNIEnv *, jclass, jstring, jstring, jobjectArray);
 void kill_child(JNIEnv *, jclass, int, int);
+void cmd_on_disconnect(void);
 #endif

cSploitClient/connection.c

@@ -32,6 +32,8 @@
 #include "notifier.h"
 #include "handler.h"
 #include "auth.h"
+#include "child.h"
+#include "command.h"
 
 #include "connection.h"
 
@@ -43,8 +45,13 @@ void on_connect() {
   auth_on_connect();
 }
 
-void on_disconnect() {
+void on_disconnect(JNIEnv *env) {
   auth_on_disconnect();
+  cmd_on_disconnect();
+  notifier_on_disconnect(env);
+  
+  free_all_childs();
+  unload_handlers();
 }
 
 /**
@@ -138,7 +145,7 @@ jboolean is_unix_connected(JNIEnv *env _U_, jclass clazz _U_) {
 /**
  * @brief disconnect from UNIX socket
  */
-void disconnect_unix(JNIEnv *env _U_, jclass clazz _U_) {
+void disconnect_unix(JNIEnv *env, jclass clazz _U_) {
 
   if(!connected)
     return;
@@ -155,7 +162,5 @@ void disconnect_unix(JNIEnv *env _U_, jclass clazz _U_) {
 
   connected = 0;
 
-  on_disconnect();
-  
-  unload_handlers();
+  on_disconnect(env);
 }

cSploitClient/connection.h

@@ -27,6 +27,6 @@ extern pthread_mutex_t write_lock;
 jboolean connect_unix(JNIEnv *, jclass, jstring);
 jboolean is_unix_connected(JNIEnv *, jclass);
 void disconnect_unix(JNIEnv *, jclass);
-void on_disconnect(void);
+void on_disconnect(JNIEnv *);
 
 #endif

cSploitClient/event.c

@@ -134,16 +134,16 @@ jobject create_child_end_event(JNIEnv *env, void *arg) {
 
 /**
  * @brief create an org.csploit.android.events.ChildDied
- * @param arg a poitner to the signal that caused the death
+ * @param signal the signal number that caused the death
  * @returns the jobject on success, NULL on error.
  */
-jobject create_child_died_event(JNIEnv *env, void *arg) {
+jobject create_child_died_event(JNIEnv *env, int signal) {
   jobject event;
 
   event = (*env)->NewObject(env,
                             cache.csploit.events.child_died.class,
                             cache.csploit.events.child_died.ctor,
-                            *((unsigned int *) arg));
+                            signal);
 
   if(event)
     return event;

cSploitClient/event.h

@@ -25,7 +25,7 @@
 
 jobject create_newline_event(JNIEnv *, void *);
 jobject create_child_end_event(JNIEnv *, void *);
-jobject create_child_died_event(JNIEnv *, void *);
+jobject create_child_died_event(JNIEnv *, int);
 jobject create_stderrnewline_event(JNIEnv *, void *);
 jobject create_hop_event(JNIEnv *, void *);
 jobject create_port_event(JNIEnv *, void *);

cSploitClient/notifier.c

@@ -339,6 +339,34 @@ int on_message(JNIEnv *env, message *m) {
 
 }
 
+/**
+ * @brief notify java that all childs has been killed
+ */
+void notifier_on_disconnect(JNIEnv *env) {
+  jobject event;
+  child_node *c;
+  
+  pthread_mutex_lock(&(children.control.mutex));
+  for(c=(child_node *)children.list.head;c;c=(child_node *)c->next) {
+    event = create_child_died_event(env, SIGKILL);
+    
+    pthread_mutex_unlock(&(children.control.mutex));
+    
+    if(!event) {
+      LOGE("%s: cannot create event", __func__);
+    } else if(send_event(env, c, event)) {
+      LOGE("%s: cannot send event", __func__);
+    }
+    
+    if(event) {
+      (*env)->DeleteLocalRef(env, event);
+    }
+    
+    pthread_mutex_lock(&(children.control.mutex));
+  }
+  pthread_mutex_unlock(&(children.control.mutex));
+}
+
 void *notifier(void *arg) {
   msg_node *mn;
   message *m;

cSploitClient/notifier.h

@@ -18,7 +18,10 @@
 #ifndef NOTIFIER_H
 #define NOTIFIER_H
 
+#include <jni.h>
+
 int start_notifier(void);
 void stop_notifier(void);
+void notifier_on_disconnect(JNIEnv *);
 
 #endif