Merge branch 'fix-winfw-alloc'

4 files changed, 16 insertions, 58 deletions

diff --git a/talpid-core/src/firewall/windows/winfw/mod.rs b/talpid-core/src/firewall/windows/winfw/mod.rs
index 10fda65626..b6850754a8 100644
--- a/talpid-core/src/firewall/windows/winfw/mod.rs
+++ b/talpid-core/src/firewall/windows/winfw/mod.rs
@@ -77,12 +77,13 @@ pub(super) fn apply_policy_blocked(
 ) -> Result<(), FirewallPolicyError> {
     let allowed_endpoint = allowed_endpoint
         .as_ref()
-        .map(WinFwAllowedEndpointContainer::as_endpoint)
+        .map(WinFwAllowedEndpointContainer::as_endpoint);
+    let allowed_endpoint_ptr = allowed_endpoint
         .as_ref()
         .map(ptr::from_ref)
         .unwrap_or(ptr::null());
     // SAFETY: This function is always safe to call
-    let application = unsafe { WinFw_ApplyPolicyBlocked(winfw_settings, allowed_endpoint) };
+    let application = unsafe { WinFw_ApplyPolicyBlocked(winfw_settings, allowed_endpoint_ptr) };
     application.into_result()
 }
 
diff --git a/windows/winfw/src/winfw/objectpurger.cpp b/windows/winfw/src/winfw/objectpurger.cpp
index 52adaac187..dce36c99c8 100644
--- a/windows/winfw/src/winfw/objectpurger.cpp
+++ b/windows/winfw/src/winfw/objectpurger.cpp
@@ -71,22 +71,6 @@ ObjectPurger::RemovalFunctor ObjectPurger::GetRemoveNonPersistentFunctor()
 }
 
 //static
-ObjectPurger::RemovalFunctor ObjectPurger::GetRemovePersistentFunctor()
-{
-	return [](wfp::FilterEngine &engine)
-	{
-		const auto registry = MullvadGuids::DetailedRegistry(MullvadGuids::IdentityQualifier::IncludePersistent);
-
-		// Resolve correct overload.
-		void(*deleter)(wfp::FilterEngine &, const GUID &) = wfp::ObjectDeleter::DeleteFilter;
-
-		RemoveRange(engine, deleter, registry.equal_range(WfpObjectType::Filter));
-		RemoveRange(engine, wfp::ObjectDeleter::DeleteSublayer, registry.equal_range(WfpObjectType::Sublayer));
-		RemoveRange(engine, wfp::ObjectDeleter::DeleteProvider, registry.equal_range(WfpObjectType::Provider));
-	};
-}
-
-//static
 bool ObjectPurger::Execute(RemovalFunctor f)
 {
 	auto engine = wfp::FilterEngine::StandardSession();
diff --git a/windows/winfw/src/winfw/objectpurger.h b/windows/winfw/src/winfw/objectpurger.h
index 9d3ca0146e..7728aac694 100644
--- a/windows/winfw/src/winfw/objectpurger.h
+++ b/windows/winfw/src/winfw/objectpurger.h
@@ -16,7 +16,6 @@ public:
 	static RemovalFunctor GetRemoveFiltersFunctor();
 	static RemovalFunctor GetRemoveAllFunctor();
 	static RemovalFunctor GetRemoveNonPersistentFunctor();
-	static RemovalFunctor GetRemovePersistentFunctor();
 
 	static bool Execute(RemovalFunctor f);
 };
diff --git a/windows/winfw/src/winfw/winfw.cpp b/windows/winfw/src/winfw/winfw.cpp
index cd90befead..0ed0fe5731 100644
--- a/windows/winfw/src/winfw/winfw.cpp
+++ b/windows/winfw/src/winfw/winfw.cpp
@@ -168,9 +168,10 @@ WinFw_Deinitialize(WINFW_CLEANUP_POLICY cleanupPolicy)
 	delete g_fwContext;
 	g_fwContext = nullptr;
 
-	std::stringstream ss;
-	ss << "Deinitializing WinFw";
-	g_logSink(MULLVAD_LOG_LEVEL_WARNING, ss.str().c_str(), g_logSinkContext);
+	if (nullptr != g_logSink)
+	{
+		g_logSink(MULLVAD_LOG_LEVEL_DEBUG, "Deinitializing WinFw", g_logSinkContext);
+	}
 
 	//
 	// Continue blocking with persistent rules if this is what the caller requested
@@ -186,9 +187,10 @@ WinFw_Deinitialize(WINFW_CLEANUP_POLICY cleanupPolicy)
 
 			rules::persistent::BlockAll blockAll;
 
-			std::stringstream ss;
-			ss << "Adding persistent block rules";
-			g_logSink(MULLVAD_LOG_LEVEL_WARNING, ss.str().c_str(), g_logSinkContext);
+			if (nullptr != g_logSink)
+			{
+				g_logSink(MULLVAD_LOG_LEVEL_DEBUG, "Adding persistent block rules", g_logSinkContext);
+			}
 
 			return sessionController->executeTransaction([&](SessionController &controller, wfp::FilterEngine &engine)
 			{
@@ -220,41 +222,13 @@ WinFw_Deinitialize(WINFW_CLEANUP_POLICY cleanupPolicy)
 	if (WINFW_CLEANUP_POLICY_BLOCK_UNTIL_REBOOT == cleanupPolicy
 		&& FwContext::Policy::Blocked == activePolicy)
 	{
-		try
-		{
-			auto engine = wfp::FilterEngine::StandardSession(DEINITIALIZE_TIMEOUT);
-			auto sessionController = std::make_unique<SessionController>(std::move(engine));
-
-			rules::baseline::BlockAll blockAll;
-
-			std::stringstream ss;
-			ss << "Adding ephemeral block rules";
-			g_logSink(MULLVAD_LOG_LEVEL_WARNING, ss.str().c_str(), g_logSinkContext);
-
-			return sessionController->executeTransaction([&](SessionController &controller, wfp::FilterEngine &engine)
-			{
-				// Keep non-persistent filters intact, the intent is just to *not*
-				// persist any filters across a BFE restart, not muck around with
-				// any other filters. We will apply blocking filters anyway.
-				ObjectPurger::GetRemovePersistentFunctor()(engine);
-
-				return controller.addProvider(*MullvadObjects::Provider())
-					&& controller.addSublayer(*MullvadObjects::SublayerBaseline())
-					&& blockAll.apply(controller);
-			});
-		}
-		catch (std::exception & err)
-		{
-			if (nullptr != g_logSink)
-			{
-				g_logSink(MULLVAD_LOG_LEVEL_ERROR, err.what(), g_logSinkContext);
-			}
-			return false;
-		}
-		catch (...)
+		if (nullptr != g_logSink)
 		{
-			return false;
+			g_logSink(MULLVAD_LOG_LEVEL_DEBUG, "Keeping ephemeral block rules", g_logSinkContext);
 		}
+
+		// All we have to is *not* call WinFw_Reset, since blocking filters have been applied.
+		return true;
 	}
 
 	return WINFW_POLICY_STATUS_SUCCESS == WinFw_Reset();