commit 4c1a77953942f4921f8a151e01933c8f9d104e7f Author: Nick Mathewson nickm@torproject.org Date: Thu Jan 29 14:51:59 2015 -0500
Restrict unix: addresses to control and socks for now --- src/or/config.c | 6 ++++++ src/or/connection.c | 27 +++++++++++++++++++-------- src/or/connection.h | 1 + 3 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c index ab1f318..05b4d14 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -5862,6 +5862,12 @@ parse_port_config(smartlist_t *out, goto err; }
+ if (unix_socket_path && + ! conn_listener_type_supports_af_unix(listener_type)) { + log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname); + goto err; + } + if (unix_socket_path) { port = 1; } else if (is_unix_socket) { diff --git a/src/or/connection.c b/src/or/connection.c index 170d3d7..b7dfb1d 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -449,6 +449,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b) conn_b->linked_conn = conn_a; }
+/** Return true iff the provided connection listener type supports AF_UNIX + * sockets. */ +int +conn_listener_type_supports_af_unix(int type) +{ + /* For now only control ports or SOCKS ports can be Unix domain sockets + * and listeners at the same time */ + switch (type) { + case CONN_TYPE_CONTROL_LISTENER: + case CONN_TYPE_AP_LISTENER: + return 1; + default: + return 0; + } +} + /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if * necessary, close its socket if necessary, and mark the directory as dirty * if <b>conn</b> is an OR or OP connection. @@ -516,8 +532,7 @@ connection_free_(connection_t *conn) if (conn->socket_family == AF_UNIX) { /* For now only control and SOCKS ports can be Unix domain sockets * and listeners at the same time */ - tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER || - conn->type == CONN_TYPE_AP_LISTENER); + tor_assert(conn_listener_type_supports_af_unix(conn->type));
if (unlink(conn->address) < 0 && errno != ENOENT) { log_warn(LD_NET, "Could not unlink %s: %s", conn->address, @@ -1172,17 +1187,13 @@ connection_listener_new(const struct sockaddr *listensockaddr, } #ifdef HAVE_SYS_UN_H /* - * AF_UNIX generic setup stuff (this covers both CONN_TYPE_CONTROL_LISTENER - * and CONN_TYPE_AP_LISTENER cases) + * AF_UNIX generic setup stuff */ } else if (listensockaddr->sa_family == AF_UNIX) { /* We want to start reading for both AF_UNIX cases */ start_reading = 1;
- /* For now only control ports or SOCKS ports can be Unix domain sockets - * and listeners at the same time */ - tor_assert(type == CONN_TYPE_CONTROL_LISTENER || - type == CONN_TYPE_AP_LISTENER); + tor_assert(conn_listener_type_supports_af_unix(type));
if (check_location_for_unix_socket(options, address, (type == CONN_TYPE_CONTROL_LISTENER) ? diff --git a/src/or/connection.h b/src/or/connection.h index 50bea51..d0a34ec 100644 --- a/src/or/connection.h +++ b/src/or/connection.h @@ -17,6 +17,7 @@
const char *conn_type_to_string(int type); const char *conn_state_to_string(int type, int state); +int conn_listener_type_supports_af_unix(int type);
dir_connection_t *dir_connection_new(int socket_family); or_connection_t *or_connection_new(int type, int socket_family);