commit 491abbc65e535b5308d6c57ab9ab3900ac2dd2d2
Merge: 7605985 2392290
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Tue Feb 22 17:19:41 2011 -0500
Merge remote branch 'public/bug1859_021' into maint-0.2.1
changes/bug1859 | 9 +++++++++
src/or/connection_edge.c | 2 +-
src/or/rendclient.c | 5 ++++-
src/or/routerlist.c | 3 ---
4 files changed, 14 insertions(+), 5 deletions(-)
diff --combined src/or/connection_edge.c
index 052aa37,f72aa94..5609c1d
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@@ -1,7 -1,7 +1,7 @@@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2010, The Tor Project, Inc. */
+ * Copyright (c) 2007-2011, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@@ -571,7 -571,7 +571,7 @@@ circuit_discard_optional_exit_enclaves(
!edge_conn->chosen_exit_retries)
continue;
r1 = router_get_by_nickname(edge_conn->chosen_exit_name, 0);
- r2 = router_get_by_nickname(info->nickname, 0);
+ r2 = router_get_by_digest(info->identity_digest);
if (!r1 || !r2 || r1 != r2)
continue;
tor_assert(edge_conn->socks_request);
@@@ -1139,23 -1139,9 +1139,23 @@@ address_is_in_virtual_range(const char
return 0;
}
+/** Increment the value of next_virtual_addr; reset it to the start of the
+ * virtual address range if it wraps around.
+ */
+static INLINE void
+increment_virtual_addr(void)
+{
+ ++next_virtual_addr;
+ if (addr_mask_cmp_bits(next_virtual_addr, virtual_addr_network,
+ virtual_addr_netmask_bits))
+ next_virtual_addr = virtual_addr_network;
+}
+
/** Return a newly allocated string holding an address of <b>type</b>
* (one of RESOLVED_TYPE_{IPV4|HOSTNAME}) that has not yet been mapped,
* and that is very unlikely to be the address of any real host.
+ *
+ * May return NULL if we have run out of virtual addresses.
*/
static char *
addressmap_get_virtual_address(int type)
@@@ -1180,26 -1166,25 +1180,26 @@@
/* Don't hand out any .0 or .255 address. */
while ((next_virtual_addr & 0xff) == 0 ||
(next_virtual_addr & 0xff) == 0xff) {
- ++next_virtual_addr;
+ increment_virtual_addr();
+ if (! --available) {
+ log_warn(LD_CONFIG, "Ran out of virtual addresses!");
+ return NULL;
+ }
}
in.s_addr = htonl(next_virtual_addr);
tor_inet_ntoa(&in, buf, sizeof(buf));
if (!strmap_get(addressmap, buf)) {
- ++next_virtual_addr;
+ increment_virtual_addr();
break;
}
- ++next_virtual_addr;
+ increment_virtual_addr();
--available;
- log_info(LD_CONFIG, "%d addrs available", (int)available);
- if (! --available) {
+ // log_info(LD_CONFIG, "%d addrs available", (int)available);
+ if (! available) {
log_warn(LD_CONFIG, "Ran out of virtual addresses!");
return NULL;
}
- if (addr_mask_cmp_bits(next_virtual_addr, virtual_addr_network,
- virtual_addr_netmask_bits))
- next_virtual_addr = virtual_addr_network;
}
return tor_strdup(buf);
} else {
@@@ -1214,15 -1199,14 +1214,15 @@@
* allocated string. If another address of the same type is already
* mapped to <b>new_address</b>, try to return a copy of that address.
*
- * The string in <b>new_address</b> may be freed, or inserted into a map
- * as appropriate.
+ * The string in <b>new_address</b> may be freed or inserted into a map
+ * as appropriate. May return NULL if are out of virtual addresses.
**/
const char *
addressmap_register_virtual_address(int type, char *new_address)
{
char **addrp;
virtaddress_entry_t *vent;
+ int vent_needs_to_be_added = 0;
tor_assert(new_address);
tor_assert(addressmap);
@@@ -1231,7 -1215,7 +1231,7 @@@
vent = strmap_get(virtaddress_reversemap, new_address);
if (!vent) {
vent = tor_malloc_zero(sizeof(virtaddress_entry_t));
- strmap_set(virtaddress_reversemap, new_address, vent);
+ vent_needs_to_be_added = 1;
}
addrp = (type == RESOLVED_TYPE_IPV4) ?
@@@ -1241,7 -1225,6 +1241,7 @@@
if (ent && ent->new_address &&
!strcasecmp(new_address, ent->new_address)) {
tor_free(new_address);
+ tor_assert(!vent_needs_to_be_added);
return tor_strdup(*addrp);
} else
log_warn(LD_BUG,
@@@ -1253,14 -1236,7 +1253,14 @@@
tor_free(*addrp);
*addrp = addressmap_get_virtual_address(type);
+ if (!*addrp) {
+ tor_free(vent);
+ tor_free(new_address);
+ return NULL;
+ }
log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address);
+ if (vent_needs_to_be_added)
+ strmap_set(virtaddress_reversemap, new_address, vent);
addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_CONTROLLER);
#if 0
@@@ -1439,12 -1415,7 +1439,12 @@@ connection_ap_handshake_rewrite_and_att
const char *new_addr;
new_addr = addressmap_register_virtual_address(
RESOLVED_TYPE_IPV4, tor_strdup(socks->address));
- tor_assert(new_addr);
+ if (! new_addr) {
+ log_warn(LD_APP, "Unable to automap address %s",
+ escaped_safe_str(socks->address));
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_INTERNAL);
+ return -1;
+ }
log_info(LD_APP, "Automapping %s to %s",
escaped_safe_str(socks->address), safe_str(new_addr));
strlcpy(socks->address, new_addr, sizeof(socks->address));
@@@ -1459,8 -1430,7 +1459,8 @@@
tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
orig_address);
connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME,
- strlen(result), result, -1,
+ strlen(result), (uint8_t*)result,
+ -1,
map_expires);
connection_mark_unattached_ap(conn,
END_STREAM_REASON_DONE |
@@@ -1592,8 -1562,7 +1592,8 @@@
/* remember _what_ is supposed to have been resolved. */
strlcpy(socks->address, orig_address, sizeof(socks->address));
connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4,
- (char*)&answer,-1,map_expires);
+ (uint8_t*)&answer,
+ -1,map_expires);
connection_mark_unattached_ap(conn,
END_STREAM_REASON_DONE |
END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
@@@ -2342,7 -2311,7 +2342,7 @@@ voi
connection_ap_handshake_socks_resolved(edge_connection_t *conn,
int answer_type,
size_t answer_len,
- const char *answer,
+ const uint8_t *answer,
int ttl,
time_t expires)
{
@@@ -2356,7 -2325,7 +2356,7 @@@
client_dns_set_addressmap(conn->socks_request->address, a,
conn->chosen_exit_name, ttl);
} else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
- char *cp = tor_strndup(answer, answer_len);
+ char *cp = tor_strndup((char*)answer, answer_len);
client_dns_set_reverse_addressmap(conn->socks_request->address,
cp,
conn->chosen_exit_name, ttl);
@@@ -2367,14 -2336,14 +2367,14 @@@
if (conn->is_dns_request) {
if (conn->dns_server_request) {
/* We had a request on our DNS port: answer it. */
- dnsserv_resolved(conn, answer_type, answer_len, answer, ttl);
+ dnsserv_resolved(conn, answer_type, answer_len, (char*)answer, ttl);
conn->socks_request->has_finished = 1;
return;
} else {
/* This must be a request from the controller. We already sent
* a mapaddress if there's a ttl. */
tell_controller_about_resolved_result(conn, answer_type, answer_len,
- answer, ttl, expires);
+ (char*)answer, ttl, expires);
conn->socks_request->has_finished = 1;
return;
}
@@@ -2518,8 -2487,6 +2518,8 @@@ connection_exit_begin_conn(cell_t *cell
or_circ = TO_OR_CIRCUIT(circ);
relay_header_unpack(&rh, cell->payload);
+ if (rh.length > RELAY_PAYLOAD_SIZE)
+ return -1;
/* Note: we have to use relay_send_command_from_edge here, not
* connection_edge_end or connection_edge_send_command, since those require
@@@ -2543,8 -2510,7 +2543,8 @@@
END_STREAM_REASON_TORPROTOCOL, NULL);
return 0;
}
- if (parse_addr_port(LOG_PROTOCOL_WARN, cell->payload+RELAY_HEADER_SIZE,
+ if (parse_addr_port(LOG_PROTOCOL_WARN,
+ (char*)(cell->payload+RELAY_HEADER_SIZE),
&address,NULL,&port)<0) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Unable to parse addr:port in relay begin cell. Closing.");
@@@ -2695,8 -2661,6 +2695,8 @@@ connection_exit_begin_resolve(cell_t *c
assert_circuit_ok(TO_CIRCUIT(circ));
relay_header_unpack(&rh, cell->payload);
+ if (rh.length > RELAY_PAYLOAD_SIZE)
+ return -1;
/* This 'dummy_conn' only exists to remember the stream ID
* associated with the resolve request; and to make the
@@@ -2707,9 -2671,8 +2707,9 @@@
*/
dummy_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
dummy_conn->stream_id = rh.stream_id;
- dummy_conn->_base.address = tor_strndup(cell->payload+RELAY_HEADER_SIZE,
- rh.length);
+ dummy_conn->_base.address = tor_strndup(
+ (char*)cell->payload+RELAY_HEADER_SIZE,
+ rh.length);
dummy_conn->_base.port = 0;
dummy_conn->_base.state = EXIT_CONN_STATE_RESOLVEFAILED;
dummy_conn->_base.purpose = EXIT_PURPOSE_RESOLVE;
diff --combined src/or/rendclient.c
index 783a661,1f253c1..af91099
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@@ -1,5 -1,5 +1,5 @@@
/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2010, The Tor Project, Inc. */
+ * Copyright (c) 2007-2011, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@@ -130,7 -130,7 +130,7 @@@ rend_client_send_introduction(origin_ci
cpath = rendcirc->build_state->pending_final_cpath =
tor_malloc_zero(sizeof(crypt_path_t));
cpath->magic = CRYPT_PATH_MAGIC;
- if (!(cpath->dh_handshake_state = crypto_dh_new())) {
+ if (!(cpath->dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
goto err;
}
@@@ -193,7 -193,6 +193,7 @@@
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
* to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
+ sizeof(payload)-DIGEST_LEN,
tmp,
(int)(dh_offset+DH_KEY_LEN),
PK_PKCS1_OAEP_PADDING, 0);
@@@ -244,7 -243,7 +244,7 @@@ rend_client_rendcirc_has_opened(origin_
*/
int
rend_client_introduction_acked(origin_circuit_t *circ,
- const char *request, size_t request_len)
+ const uint8_t *request, size_t request_len)
{
origin_circuit_t *rendcirc;
(void) request; // XXXX Use this.
@@@ -629,7 -628,7 +629,7 @@@ rend_client_remove_intro_point(extend_i
* the circuit to C_REND_READY.
*/
int
-rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request,
+rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
(void) request;
@@@ -655,7 -654,7 +655,7 @@@
/** Bob sent us a rendezvous cell; join the circuits. */
int
-rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
+rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
crypt_path_t *hop;
@@@ -683,8 -682,7 +683,8 @@@
tor_assert(circ->build_state->pending_final_cpath);
hop = circ->build_state->pending_final_cpath;
tor_assert(hop->dh_handshake_state);
- if (crypto_dh_compute_secret(hop->dh_handshake_state, request, DH_KEY_LEN,
+ if (crypto_dh_compute_secret(hop->dh_handshake_state, (char*)request,
+ DH_KEY_LEN,
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
goto err;
@@@ -717,10 -715,8 +717,10 @@@
* attach only the connections that are waiting on this circuit, rather
* than trying to attach them all. See comments bug 743. */
connection_ap_attach_pending();
+ memset(keys, 0, sizeof(keys));
return 0;
err:
+ memset(keys, 0, sizeof(keys));
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
return -1;
}
@@@ -814,7 -810,10 +814,10 @@@ rend_client_get_random_intro(const rend
intro = smartlist_get(entry->parsed->intro_nodes, i);
/* Do we need to look up the router or is the extend info complete? */
if (!intro->extend_info->onion_key) {
- router = router_get_by_nickname(intro->extend_info->nickname, 0);
+ if (tor_digest_is_zero(intro->extend_info->identity_digest))
+ router = router_get_by_hexdigest(intro->extend_info->nickname);
+ else
+ router = router_get_by_digest(intro->extend_info->identity_digest);
if (!router) {
log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
intro->extend_info->nickname);
diff --combined src/or/routerlist.c
index 7c8e36e,9622406..fb8fb88
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@@ -1,7 -1,7 +1,7 @@@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2010, The Tor Project, Inc. */
+ * Copyright (c) 2007-2011, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@@ -1989,9 -1989,6 +1989,6 @@@ router_get_by_nickname(const char *nick
return router_get_by_hexdigest(nickname);
if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME))
return NULL;
- if (server_mode(get_options()) &&
- !strcasecmp(nickname, get_options()->Nickname))
- return router_get_my_routerinfo();
maybedigest = (strlen(nickname) >= HEX_DIGEST_LEN) &&
(base16_decode(digest,DIGEST_LEN,nickname,HEX_DIGEST_LEN) == 0);
@@@ -4676,8 -4673,7 +4673,8 @@@ routerinfo_incompatible_with_extrainfo(
if (ei->pending_sig) {
char signed_digest[128];
- if (crypto_pk_public_checksig(ri->identity_pkey, signed_digest,
+ if (crypto_pk_public_checksig(ri->identity_pkey,
+ signed_digest, sizeof(signed_digest),
ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
memcmp(signed_digest, ei->cache_info.signed_descriptor_digest,
DIGEST_LEN)) {
