Fix null pointer bug for IP packet headers

Sessions where registered before they were fully populated.
In some cases, that could plausibly allow them to be handled
by the NIO thread before their lastIP/TCP header values were
set. In that case, if a response was sufficiently fast (e.g.
there was an immediate error) then the NIO thread crashed
trying to get the last IP header details of the session to
write a response. We now ensure everything is 100% set up
before we register the NIO channel.

Author: pimterry

app/src/main/java/tech/httptoolkit/android/ProxyVpnRunnable.kt

@@ -38,7 +38,7 @@ class ProxyVpnRunnable(
     private val nioService = SocketNIODataService(vpnPacketWriter)
     private val dataServiceThread = Thread(nioService, "Socket NIO thread")
 
-    private val manager = SessionManager(nioService)
+    private val manager = SessionManager()
     private val handler = SessionHandler(manager, nioService, vpnPacketWriter)
 
     // Allocate the buffer for a single packet.

app/src/main/java/tech/httptoolkit/android/vpn/SessionHandler.java

@@ -102,6 +102,8 @@ private void handleUDPPacket(ByteBuffer clientPacketData, IPv4Header ipHeader) t
 			ipHeader.getSourceIP(), udpheader.getSourcePort()
 		);
 
+		boolean newSession = session != null;
+
 		if (session == null) {
 			session = manager.createNewUDPSession(
 				ipHeader.getDestinationIP(), udpheader.getDestinationPort(),
@@ -112,9 +114,12 @@ private void handleUDPPacket(ByteBuffer clientPacketData, IPv4Header ipHeader) t
 		synchronized (session) {
 			session.setLastIpHeader(ipHeader);
 			session.setLastUdpHeader(udpheader);
-			int len = manager.addClientData(clientPacketData, session);
+			manager.addClientData(clientPacketData, session);
 			session.setDataForSendingReady(true);
 
+			// We don't register the session until it's fully populated (as above)
+			if (newSession) nioService.registerSession(session);
+
 			// Ping the NIO thread to write this, when the session is next writable
 			session.subscribeKey(SelectionKey.OP_WRITE);
 			nioService.refreshSelect(session);
@@ -380,6 +385,11 @@ private void replySynAck(IPv4Header ip, TCPHeader tcp) throws IOException {
 			//client initial sequence has been incremented by 1 and set to ack
 			session.setRecSequence(tcpheader.getAckNumber());
 
+			session.setLastIpHeader(ip);
+			session.setLastTcpHeader(tcp);
+
+			nioService.registerSession(session);
+
 			writer.write(packet.getBuffer());
 			Log.d(TAG,"Send SYN-ACK to client");
 		}

app/src/main/java/tech/httptoolkit/android/vpn/SessionManager.java

@@ -53,12 +53,6 @@ public class SessionManager implements ICloseSession {
 	private final Map<String, Session> table = new ConcurrentHashMap<>();
 	private SocketProtector protector = SocketProtector.getInstance();
 
-	private SocketNIODataService nioService;
-
-	public SessionManager(SocketNIODataService nioService) {
-		this.nioService = nioService;
-	}
-
 	/**
 	 * keep java garbage collector from collecting a session
 	 * @param session Session
@@ -159,7 +153,6 @@ public Session createNewUDPSession(int ip, int port, int srcIp, int srcPort) thr
 		channel.connect(socketAddress);
 		session.setConnected(channel.isConnected());
 
-		nioService.registerSession(session);
 		table.put(keys, session);
 
 		Log.d(TAG,"new UDP session successfully created.");
@@ -205,7 +198,6 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		boolean connected = channel.connect(socketAddress);
 		session.setConnected(connected);
 
-		nioService.registerSession(session);
 		table.put(key, session);
 
 		return session;