commit 6596aa022f03bad34a3ee9cbd627fefe55c01d54 Author: Nick Mathewson nickm@torproject.org Date: Tue Aug 2 10:48:39 2011 -0400
Implement protocol-type isolation correctly.
Previously we'd just looked at the connection type, but that's always CONN_TYPE_AP. Instead, we should be looking at the type of the listener that created the connection.
Spotted by rransom; fixes bug 3636. --- src/or/connection.c | 1 + src/or/connection_edge.c | 9 +++++---- src/or/dnsserv.c | 2 ++ src/or/or.h | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c index c4b320e..b885d09 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1251,6 +1251,7 @@ connection_init_accepted_conn(connection_t *conn, TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags; TO_EDGE_CONN(conn)->session_group = listener->session_group; TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch(); + TO_EDGE_CONN(conn)->socks_request->listener_type = listener->_base.type; switch (TO_CONN(listener)->type) { case CONN_TYPE_AP_LISTENER: conn->state = AP_CONN_STATE_SOCKS_WAIT; diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 4d3e254..8f550cf 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2582,6 +2582,7 @@ connection_ap_make_link(connection_t *partner, }
/* Populate isolation fields. */ + conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER; conn->original_dest_address = tor_strdup(address); conn->session_group = session_group; conn->isolation_flags = isolation_flags; @@ -3362,7 +3363,7 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, strcmp_opt(a->socks_request->password, b->socks_request->password))) return 0; if ((iso & ISO_CLIENTPROTO) && - (TO_CONN(a)->type != TO_CONN(b)->type || + (a->socks_request->listener_type != b->socks_request->listener_type || a->socks_request->socks_version != b->socks_request->socks_version)) return 0; if ((iso & ISO_CLIENTADDR) && @@ -3424,7 +3425,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, strcmp_opt(conn->socks_request->password, circ->socks_password))) return 0; if ((iso & ISO_CLIENTPROTO) && - (TO_CONN(conn)->type != circ->client_proto_type || + (conn->socks_request->listener_type != circ->client_proto_type || conn->socks_request->socks_version != circ->client_proto_socksver)) return 0; if ((iso & ISO_CLIENTADDR) && @@ -3463,7 +3464,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, return -1; circ->dest_port = conn->socks_request->port; circ->dest_address = tor_strdup(conn->original_dest_address); - circ->client_proto_type = TO_CONN(conn)->type; + circ->client_proto_type = conn->socks_request->listener_type; circ->client_proto_socksver = conn->socks_request->socks_version; tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr); circ->session_group = conn->session_group; @@ -3484,7 +3485,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, if (strcmp_opt(conn->socks_request->username, circ->socks_username) || strcmp_opt(conn->socks_request->password, circ->socks_password)) mixed |= ISO_SOCKSAUTH; - if ((TO_CONN(conn)->type != circ->client_proto_type || + if ((conn->socks_request->listener_type != circ->client_proto_type || conn->socks_request->socks_version != circ->client_proto_socksver)) mixed |= ISO_CLIENTPROTO; if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr)) diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c index 35279c4..19d0427 100644 --- a/src/or/dnsserv.c +++ b/src/or/dnsserv.c @@ -131,6 +131,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) strlcpy(conn->socks_request->address, q->name, sizeof(conn->socks_request->address));
+ conn->socks_request->listener_type = listener->_base.type; conn->dns_server_request = req; conn->isolation_flags = listener->isolation_flags; conn->session_group = listener->session_group; @@ -185,6 +186,7 @@ dnsserv_launch_request(const char *name, int reverse) strlcpy(conn->socks_request->address, name, sizeof(conn->socks_request->address));
+ conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER; conn->original_dest_address = tor_strdup(name); conn->session_group = SESSION_GROUP_CONTROL_RESOLVE; conn->nym_epoch = get_signewnym_epoch(); diff --git a/src/or/or.h b/src/or/or.h index d6d8c7a..150971b 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3382,6 +3382,8 @@ struct socks_request_t { uint8_t auth_type; /** What is this stream's goal? One of the SOCKS_COMMAND_* values */ uint8_t command; + /** Which kind of listener created this stream? */ + uint8_t listener_type; size_t replylen; /**< Length of <b>reply</b>. */ uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if * we want to specify our own socks reply,