op public repos

Blob
Date:
Fri Jan 21 09:53:47 2022 UTC
Message:
gemini_parse_reply: return code and don't close connection clang static analyzer found a possible use after free: if the code is not 2X in gemini_parse_reply we call close_conn. Then, in net_read we set req->done_header, but req may have been free'd! Actually, this is almost impossible to trigger. close_conn never ends up calling free(req) on its first try, because tls_close takes a while and is rescheduled by libevent. (The check req->ctx != NULL in close_conn is always true if it's a gemini request.) Nevertheless, it's clear to move close_conn out of gemini_parse_reply and simply return the response code: it feels wrong that a "parsing function" takes logic decisions.
1
/*
2
 * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3
 *
4
 * Permission to use, copy, modify, and distribute this software for any
5
 * purpose with or without fee is hereby granted, provided that the above
6
 * copyright notice and this permission notice appear in all copies.
7
 *
8
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
 */
16

17
#include "compat.h"
18

19
#include <sys/types.h>
20
#include <sys/socket.h>
21

22
#include <netinet/in.h>
23

24
#include <assert.h>
25
#include <ctype.h>
26
#include <errno.h>
27
#include <netdb.h>
28
#include <stdarg.h>
29
#include <stdio.h>
30
#include <stdlib.h>
31
#include <string.h>
32
#include <tls.h>
33
#include <unistd.h>
34

35
#if HAVE_ASR_RUN
36
# include <asr.h>
37
#endif
38

39
#include "telescope.h"
40
#include "utils.h"
41

42
static struct imsgev		*iev_ui;
43

44
/* a pending request */
45
struct req {
46
	struct phos_uri		 url;
47
	uint32_t		 id;
48
	int			 proto;
49
	int			 fd;
50
	struct tls		*ctx;
51
	char			 req[1024];
52
	size_t			 len;
53
	int			 done_header;
54
	struct bufferevent	*bev;
55

56
	struct addrinfo		*servinfo, *p;
57
#if HAVE_ASR_RUN
58
	struct addrinfo		 hints;
59
	struct event_asr	*asrev;
60
#endif
61

62
	TAILQ_ENTRY(req)	 reqs;
63
};
64

65
static struct req	*req_by_id(uint32_t);
66

67
static void	 die(void) __attribute__((__noreturn__));
68

69
static void	 try_to_connect(int, short, void*);
70

71
#if HAVE_ASR_RUN
72
static void	 query_done(struct asr_result*, void*);
73
static void	 async_conn_towards(struct req*);
74
#else
75
static void	 blocking_conn_towards(struct req*);
76
#endif
77

78
static void	 close_with_err(struct req*, const char*);
79
static void	 close_with_errf(struct req*, const char*, ...)
80
    __attribute__((format(printf, 2, 3)));
81

82
static void	 net_tls_handshake(int, short, void *);
83
static void	 net_tls_readcb(int, short, void *);
84
static void	 net_tls_writecb(int, short, void *);
85

86
static int	 gemini_parse_reply(struct req *, const char *, size_t);
87

88
static void	 net_ready(struct req *req);
89
static void	 net_read(struct bufferevent *, void *);
90
static void	 net_write(struct bufferevent *, void *);
91
static void	 net_error(struct bufferevent *, short, void *);
92

93
static void	 handle_get_raw(struct imsg *, size_t);
94
static void	 handle_cert_status(struct imsg*, size_t);
95
static void	 handle_proceed(struct imsg*, size_t);
96
static void	 handle_stop(struct imsg*, size_t);
97
static void	 handle_quit(struct imsg*, size_t);
98
static void	 handle_dispatch_imsg(int, short, void*);
99

100
static int	 net_send_ui(int, uint32_t, const void *, uint16_t);
101

102
/* TODO: making this customizable */
103
struct timeval timeout_for_handshake = { 5, 0 };
104

105
static imsg_handlerfn *handlers[] = {
106
	[IMSG_GET_RAW]		= handle_get_raw,
107
	[IMSG_CERT_STATUS]	= handle_cert_status,
108
	[IMSG_PROCEED]		= handle_proceed,
109
	[IMSG_STOP]		= handle_stop,
110
	[IMSG_QUIT]		= handle_quit,
111
};
112

113
typedef void (*statefn)(int, short, void*);
114

115
TAILQ_HEAD(, req) reqhead;
116

117
static inline void
118
yield_r(struct req *req, statefn fn, struct timeval *tv)
119
{
120
	event_once(req->fd, EV_READ, fn, req, tv);
121
}
122

123
static inline void
124
yield_w(struct req *req, statefn fn, struct timeval *tv)
125
{
126
	event_once(req->fd, EV_WRITE, fn, req, tv);
127
}
128

129
static struct req *
130
req_by_id(uint32_t id)
131
{
132
	struct req *r;
133

134
	TAILQ_FOREACH(r, &reqhead, reqs) {
135
		if (r->id == id)
136
			return r;
137
	}
138

139
	return NULL;
140
}
141

142
static void __attribute__((__noreturn__))
143
die(void)
144
{
145
	abort(); 		/* TODO */
146
}
147

148
static void
149
try_to_connect(int fd, short ev, void *d)
150
{
151
	struct req	*req = d;
152
	int		 error = 0;
153
	socklen_t	 len = sizeof(error);
154

155
again:
156
	if (req->p == NULL)
157
		goto err;
158

159
	if (req->fd != -1) {
160
		if (getsockopt(req->fd, SOL_SOCKET, SO_ERROR, &error,
161
		    &len) == -1)
162
			goto err;
163
		if (error != 0) {
164
			errno = error;
165
			goto err;
166
		}
167
		goto done;
168
	}
169

170
	req->fd = socket(req->p->ai_family, req->p->ai_socktype,
171
	    req->p->ai_protocol);
172
	if (req->fd == -1) {
173
		req->p = req->p->ai_next;
174
		goto again;
175
	} else {
176
		mark_nonblock(req->fd);
177
		if (connect(req->fd, req->p->ai_addr, req->p->ai_addrlen) == 0)
178
			goto done;
179
		yield_w(req, try_to_connect, NULL);
180
	}
181
	return;
182

183
err:
184
	freeaddrinfo(req->servinfo);
185
	close_with_errf(req, "failed to connect to %s",
186
	    req->url.host);
187
	return;
188

189
done:
190
	freeaddrinfo(req->servinfo);
191

192
	switch (req->proto) {
193
	case PROTO_FINGER:
194
	case PROTO_GOPHER:
195
		/* finger and gopher don't have a header nor TLS */
196
		req->done_header = 1;
197
		net_ready(req);
198
		break;
199

200
	case PROTO_GEMINI: {
201
		struct tls_config *conf;
202

203
		if ((conf = tls_config_new()) == NULL)
204
			die();
205

206
		tls_config_insecure_noverifycert(conf);
207
		tls_config_insecure_noverifyname(conf);
208

209
		/* prepare tls */
210
		if ((req->ctx = tls_client()) == NULL) {
211
			close_with_errf(req, "tls_client: %s",
212
			    strerror(errno));
213
			return;
214
		}
215

216
		if (tls_configure(req->ctx, conf) == -1) {
217
			close_with_errf(req, "tls_configure: %s",
218
			    tls_error(req->ctx));
219
			return;
220
		}
221
		tls_config_free(conf);
222

223
		if (tls_connect_socket(req->ctx, req->fd, req->url.host)
224
		    == -1) {
225
			close_with_errf(req, "tls_connect_socket: %s",
226
			    tls_error(req->ctx));
227
			return;
228
		}
229
		yield_w(req, net_tls_handshake, &timeout_for_handshake);
230
		break;
231
	}
232

233
	default:
234
		die();
235
	}
236
}
237

238
#if HAVE_ASR_RUN
239
static void
240
query_done(struct asr_result *res, void *d)
241
{
242
	struct req	*req = d;
243

244
	req->asrev = NULL;
245
	if (res->ar_gai_errno != 0) {
246
		close_with_errf(req, "failed to resolve %s: %s",
247
		    req->url.host, gai_strerror(res->ar_gai_errno));
248
		return;
249
	}
250

251
	req->fd = -1;
252
	req->servinfo = res->ar_addrinfo;
253
	req->p = res->ar_addrinfo;
254
	try_to_connect(0, 0, req);
255
}
256

257
static void
258
async_conn_towards(struct req *req)
259
{
260
	struct asr_query	*q;
261
	const char		*proto = "1965";
262

263
	if (*req->url.port != '\0')
264
		proto = req->url.port;
265

266
	req->hints.ai_family = AF_UNSPEC;
267
	req->hints.ai_socktype = SOCK_STREAM;
268
	q = getaddrinfo_async(req->url.host, proto, &req->hints, NULL);
269
	req->asrev = event_asr_run(q, query_done, req);
270
}
271
#else
272
static void
273
blocking_conn_towards(struct req *req)
274
{
275
	struct addrinfo	 hints;
276
	struct phos_uri	*url = &req->url;
277
	int		 status;
278
	const char	*proto = "1965";
279

280
	if (*url->port != '\0')
281
		proto = url->port;
282

283
	memset(&hints, 0, sizeof(hints));
284
	hints.ai_family = AF_UNSPEC;
285
	hints.ai_socktype = SOCK_STREAM;
286

287
	if ((status = getaddrinfo(url->host, proto, &hints, &req->servinfo))) {
288
		close_with_errf(req, "failed to resolve %s: %s",
289
		    url->host, gai_strerror(status));
290
		return;
291
	}
292

293
	req->fd = -1;
294
	req->p = req->servinfo;
295
	try_to_connect(0, 0, req);
296
}
297
#endif
298

299
static void
300
close_conn(int fd, short ev, void *d)
301
{
302
	struct req	*req = d;
303

304
#if HAVE_ASR_RUN
305
	if (req->asrev != NULL)
306
		event_asr_abort(req->asrev);
307
#endif
308

309
	if (req->bev != NULL) {
310
		bufferevent_free(req->bev);
311
		req->bev = NULL;
312
	}
313

314
	if (req->ctx != NULL) {
315
		switch (tls_close(req->ctx)) {
316
		case TLS_WANT_POLLIN:
317
			yield_r(req, close_conn, NULL);
318
			return;
319
		case TLS_WANT_POLLOUT:
320
			yield_w(req, close_conn, NULL);
321
			return;
322
		}
323

324
		tls_free(req->ctx);
325
		req->ctx = NULL;
326
	}
327

328
	TAILQ_REMOVE(&reqhead, req, reqs);
329
	if (req->fd != -1)
330
		close(req->fd);
331
	free(req);
332
}
333

334
static void
335
close_with_err(struct req *req, const char *err)
336
{
337
	net_send_ui(IMSG_ERR, req->id, err, strlen(err)+1);
338
	close_conn(0, 0, req);
339
}
340

341
static void
342
close_with_errf(struct req *req, const char *fmt, ...)
343
{
344
	va_list	 ap;
345
	char	*s;
346

347
	va_start(ap, fmt);
348
	if (vasprintf(&s, fmt, ap) == -1)
349
		abort();
350
	va_end(ap);
351

352
	close_with_err(req, s);
353
	free(s);
354
}
355

356
static void
357
net_tls_handshake(int fd, short event, void *d)
358
{
359
	struct req	*req = d;
360
	const char	*hash;
361

362
	if (event == EV_TIMEOUT) {
363
		close_with_err(req, "Timeout loading page");
364
		return;
365
	}
366

367
	switch (tls_handshake(req->ctx)) {
368
	case TLS_WANT_POLLIN:
369
		yield_r(req, net_tls_handshake, NULL);
370
		return;
371
	case TLS_WANT_POLLOUT:
372
		yield_w(req, net_tls_handshake, NULL);
373
		return;
374
	}
375

376
	hash = tls_peer_cert_hash(req->ctx);
377
	if (hash == NULL) {
378
		close_with_errf(req, "handshake failed: %s",
379
		    tls_error(req->ctx));
380
		return;
381
	}
382
	net_send_ui(IMSG_CHECK_CERT, req->id, hash, strlen(hash)+1);
383
}
384

385
static void
386
net_tls_readcb(int fd, short event, void *d)
387
{
388
	struct bufferevent	*bufev = d;
389
	struct req		*req = bufev->cbarg;
390
	char			 buf[IBUF_READ_SIZE];
391
	int			 what = EVBUFFER_READ;
392
	int			 howmuch = IBUF_READ_SIZE;
393
	int			 res;
394
	ssize_t			 ret;
395
	size_t			 len;
396

397
	if (event == EV_TIMEOUT) {
398
		what |= EVBUFFER_TIMEOUT;
399
		goto err;
400
	}
401

402
	if (bufev->wm_read.high != 0)
403
		howmuch = MIN(sizeof(buf), bufev->wm_read.high);
404

405
	switch (ret = tls_read(req->ctx, buf, howmuch)) {
406
	case TLS_WANT_POLLIN:
407
	case TLS_WANT_POLLOUT:
408
		goto retry;
409
	case -1:
410
		what |= EVBUFFER_ERROR;
411
		goto err;
412
	}
413
	len = ret;
414

415
	if (len == 0) {
416
		what |= EVBUFFER_EOF;
417
		goto err;
418
	}
419

420
	res = evbuffer_add(bufev->input, buf, len);
421
	if (res == -1) {
422
		what |= EVBUFFER_ERROR;
423
		goto err;
424
	}
425

426
	event_add(&bufev->ev_read, NULL);
427

428
	len = EVBUFFER_LENGTH(bufev->input);
429
	if (bufev->wm_read.low != 0 && len < bufev->wm_read.low)
430
		return;
431

432
	if (bufev->readcb != NULL)
433
		(*bufev->readcb)(bufev, bufev->cbarg);
434
	return;
435

436
retry:
437
	event_add(&bufev->ev_read, NULL);
438
	return;
439

440
err:
441
	(*bufev->errorcb)(bufev, what, bufev->cbarg);
442
}
443

444
static void
445
net_tls_writecb(int fd, short event, void *d)
446
{
447
	struct bufferevent	*bufev = d;
448
	struct req		*req = bufev->cbarg;
449
	ssize_t			 ret;
450
	size_t			 len;
451
	short			 what = EVBUFFER_WRITE;
452

453
	if (event & EV_TIMEOUT) {
454
		what |= EVBUFFER_TIMEOUT;
455
		goto err;
456
	}
457

458
	if (EVBUFFER_LENGTH(bufev->output) != 0) {
459
		ret = tls_write(req->ctx, EVBUFFER_DATA(bufev->output),
460
		    EVBUFFER_LENGTH(bufev->output));
461
		switch (ret) {
462
		case TLS_WANT_POLLIN:
463
		case TLS_WANT_POLLOUT:
464
			goto retry;
465
		case -1:
466
			what |= EVBUFFER_ERROR;
467
			goto err;
468
		}
469
		len = ret;
470

471
		evbuffer_drain(bufev->output, len);
472
	}
473

474
	if (EVBUFFER_LENGTH(bufev->output) != 0)
475
		event_add(&bufev->ev_write, NULL);
476

477
	if (bufev->writecb != NULL &&
478
	    EVBUFFER_LENGTH(bufev->output) <= bufev->wm_write.low)
479
		(*bufev->writecb)(bufev, bufev->cbarg);
480
	return;
481

482
retry:
483
	event_add(&bufev->ev_write, NULL);
484
	return;
485

486
err:
487
	(*bufev->errorcb)(bufev, what, bufev->cbarg);
488
}
489

490
static int
491
gemini_parse_reply(struct req *req, const char *header, size_t len)
492
{
493
	int		 code;
494
	const char	*t;
495

496
	if (len < 4)
497
		return 0;
498

499
	if (!isdigit(header[0]) || !isdigit(header[1]))
500
		return 0;
501

502
	code = (header[0] - '0')*10 + (header[1] - '0');
503
	if (header[2] != ' ')
504
		return 0;
505

506
	t = header + 3;
507

508
	net_send_ui(IMSG_GOT_CODE, req->id, &code, sizeof(code));
509
	net_send_ui(IMSG_GOT_META, req->id, t, strlen(t)+1);
510

511
	bufferevent_disable(req->bev, EV_READ|EV_WRITE);
512

513
	return code;
514
}
515

516
/* called when we're ready to read/write */
517
static void
518
net_ready(struct req *req)
519
{
520
	req->bev = bufferevent_new(req->fd, net_read, net_write, net_error,
521
	    req);
522
	if (req->bev == NULL)
523
		die();
524

525
#if HAVE_EVENT2
526
	evbuffer_unfreeze(req->bev->input, 0);
527
	evbuffer_unfreeze(req->bev->output, 1);
528
#endif
529

530
	/* setup tls i/o layer */
531
	if (req->ctx != NULL) {
532
		event_set(&req->bev->ev_read, req->fd, EV_READ,
533
		    net_tls_readcb, req->bev);
534
		event_set(&req->bev->ev_write, req->fd, EV_WRITE,
535
		    net_tls_writecb, req->bev);
536
	}
537

538
	/* TODO: adjust watermarks */
539
	bufferevent_setwatermark(req->bev, EV_WRITE, 1, 0);
540
	bufferevent_setwatermark(req->bev, EV_READ,  1, 0);
541

542
	bufferevent_enable(req->bev, EV_READ|EV_WRITE);
543

544
	bufferevent_write(req->bev, req->req, req->len);
545
}
546

547
/* called after a read has been done */
548
static void
549
net_read(struct bufferevent *bev, void *d)
550
{
551
	struct req	*req = d;
552
	struct evbuffer	*src = EVBUFFER_INPUT(bev);
553
	uint8_t		*data;
554
	size_t		 len, chunk;
555
	int		 r;
556
	char		*header;
557

558
	if (!req->done_header) {
559
		header = evbuffer_readln(src, &len, EVBUFFER_EOL_CRLF_STRICT);
560
		if (header == NULL && EVBUFFER_LENGTH(src) >= 1024)
561
			goto err;
562
		if (header == NULL)
563
			return;
564
		r = gemini_parse_reply(req, header, len);
565
		free(header);
566
		req->done_header = 1;
567
		if (r == 0)
568
			goto err;
569
		else if (r < 20 || r >= 30)
570
			close_conn(0, 0, req);
571
		return;
572
	}
573

574
	if ((len = EVBUFFER_LENGTH(src)) == 0)
575
		return;
576
	data = EVBUFFER_DATA(src);
577

578
	/*
579
	 * Split data into chunks before sending.  imsg can't handle
580
	 * message that are "too big".
581
	 */
582
	while (len != 0) {
583
		chunk = MIN(len, 4096);
584
		net_send_ui(IMSG_BUF, req->id, data, chunk);
585
		data += chunk;
586
		len -= chunk;
587
	}
588

589
	evbuffer_drain(src, EVBUFFER_LENGTH(src));
590
	return;
591

592
err:
593
	(*bev->errorcb)(bev, EVBUFFER_READ, bev->cbarg);
594
}
595

596
/* called after a write has been done */
597
static void
598
net_write(struct bufferevent *bev, void *d)
599
{
600
	struct evbuffer	*dst = EVBUFFER_OUTPUT(bev);
601

602
	if (EVBUFFER_LENGTH(dst) == 0)
603
		(*bev->errorcb)(bev, EVBUFFER_WRITE, bev->cbarg);
604
}
605

606
static void
607
net_error(struct bufferevent *bev, short error, void *d)
608
{
609
	struct req	*req = d;
610
	struct evbuffer	*src;
611

612
	if (error & EVBUFFER_TIMEOUT) {
613
		close_with_err(req, "Timeout loading page");
614
		return;
615
	}
616

617
	if (error & EVBUFFER_ERROR) {
618
		close_with_err(req, "buffer event error");
619
		return;
620
	}
621

622
	if (error & EVBUFFER_EOF) {
623
		/* EOF and no header */
624
		if (!req->done_header) {
625
			close_with_err(req, "protocol error");
626
			return;
627
		}
628

629
		src = EVBUFFER_INPUT(req->bev);
630
		if (EVBUFFER_LENGTH(src) != 0)
631
			net_send_ui(IMSG_BUF, req->id, EVBUFFER_DATA(src),
632
			    EVBUFFER_LENGTH(src));
633
		net_send_ui(IMSG_EOF, req->id, NULL, 0);
634
		close_conn(0, 0, req);
635
		return;
636
	}
637

638
	if (error & EVBUFFER_WRITE) {
639
		/* finished sending request */
640
		bufferevent_disable(bev, EV_WRITE);
641
		return;
642
	}
643

644
	if (error & EVBUFFER_READ) {
645
		close_with_err(req, "protocol error");
646
		return;
647
	}
648

649
	close_with_errf(req, "unknown event error %x", error);
650
}
651

652
static void
653
handle_get_raw(struct imsg *imsg, size_t datalen)
654
{
655
	struct req	*req;
656
	struct get_req	*r;
657

658
	r = imsg->data;
659

660
	if (datalen != sizeof(*r))
661
		die();
662

663
	if ((req = calloc(1, sizeof(*req))) == NULL)
664
		die();
665

666
	req->id = imsg->hdr.peerid;
667
	TAILQ_INSERT_HEAD(&reqhead, req, reqs);
668

669
	strlcpy(req->url.host, r->host, sizeof(req->url.host));
670
	strlcpy(req->url.port, r->port, sizeof(req->url.port));
671

672
	strlcpy(req->req, r->req, sizeof(req->req));
673
	req->len = strlen(r->req);
674

675
	req->proto = r->proto;
676

677
#if HAVE_ASR_RUN
678
	async_conn_towards(req);
679
#else
680
	blocking_conn_towards(req);
681
#endif
682
}
683

684
static void
685
handle_cert_status(struct imsg *imsg, size_t datalen)
686
{
687
	struct req	*req;
688
	int		 is_ok;
689

690
	req = req_by_id(imsg->hdr.peerid);
691

692
	if (datalen < sizeof(is_ok))
693
		die();
694
	memcpy(&is_ok, imsg->data, sizeof(is_ok));
695

696
	if (is_ok)
697
		net_ready(req);
698
	else
699
		close_conn(0, 0, req);
700
}
701

702
static void
703
handle_proceed(struct imsg *imsg, size_t datalen)
704
{
705
	struct req *req;
706

707
	if ((req = req_by_id(imsg->hdr.peerid)) == NULL)
708
		return;
709

710
	bufferevent_enable(req->bev, EV_READ);
711
}
712

713
static void
714
handle_stop(struct imsg *imsg, size_t datalen)
715
{
716
	struct req	*req;
717

718
	if ((req = req_by_id(imsg->hdr.peerid)) == NULL)
719
		return;
720
	close_conn(0, 0, req);
721
}
722

723
static void
724
handle_quit(struct imsg *imsg, size_t datalen)
725
{
726
	event_loopbreak();
727
}
728

729
static void
730
handle_dispatch_imsg(int fd, short ev, void *d)
731
{
732
	struct imsgev	*iev = d;
733

734
	if (dispatch_imsg(iev, ev, handlers, sizeof(handlers)) == -1)
735
		err(1, "connection closed");
736
}
737

738
static int
739
net_send_ui(int type, uint32_t peerid, const void *data,
740
    uint16_t datalen)
741
{
742
	return imsg_compose_event(iev_ui, type, peerid, 0, -1,
743
	    data, datalen);
744
}
745

746
int
747
net_main(void)
748
{
749
	setproctitle("net");
750

751
	TAILQ_INIT(&reqhead);
752

753
	event_init();
754

755
	/* Setup pipe and event handler to the main process */
756
	if ((iev_ui = malloc(sizeof(*iev_ui))) == NULL)
757
		die();
758
	imsg_init(&iev_ui->ibuf, 3);
759
	iev_ui->handler = handle_dispatch_imsg;
760
	iev_ui->events = EV_READ;
761
	event_set(&iev_ui->ev, iev_ui->ibuf.fd, iev_ui->events,
762
	    iev_ui->handler, iev_ui);
763
	event_add(&iev_ui->ev, NULL);
764

765
	sandbox_net_process();
766

767
	event_dispatch();
768

769
	msgbuf_clear(&iev_ui->ibuf.w);
770
	close(iev_ui->ibuf.fd);
771
	free(iev_ui);
772

773
	return 0;
774
}
Omar Polo