commit 44fe717524408d247ab10e3794438232d81d66dc Author: George Kadianakis desnacked@riseup.net Date: Fri Jun 29 19:32:34 2012 +0300

General tweaks and fixes for Nick's comments.

* Add changes/ files. * Edit the tor-fw-helper manpage. * Fix check-spaces. * Add prototype for get_list_of_ports_to_forward(). * Fix tor_parse_long() TCP port range. * Improve doc. of tor_check_port_forwarding(). * Check for overflows in tor_check_port_forwarding(). * Demote successful port forwarding to LOG_INFO.

Conflicts: src/common/address.c src/or/circuitbuild.c --- changes/bug4567 | 3 ++ changes/bug4567_2 | 4 +++ doc/tor-fw-helper.1.txt | 14 +--------- src/common/address.c | 1 - src/common/util.c | 42 ++++++++++++++++++++++-------- src/or/config.c | 10 ++++--- src/or/config.h | 2 + src/tools/tor-fw-helper/tor-fw-helper.c | 14 ++++++---- 8 files changed, 56 insertions(+), 34 deletions(-)

diff --git a/changes/bug4567 b/changes/bug4567 new file mode 100644 index 0000000..d57a33d --- /dev/null +++ b/changes/bug4567 @@ -0,0 +1,3 @@ + o Major features: + - Automatically forward the TCP ports of pluggable transport + proxies using tor-fw-helper if PortForwarding is enabled. diff --git a/changes/bug4567_2 b/changes/bug4567_2 new file mode 100644 index 0000000..5387593 --- /dev/null +++ b/changes/bug4567_2 @@ -0,0 +1,4 @@ + o Code refactoring: + - Tweak tor-fw-helper to accept an arbitrary amount of arbitrary + TCP ports to forward. In the past it only accepted two ports: + the ORPort and the DirPort. diff --git a/doc/tor-fw-helper.1.txt b/doc/tor-fw-helper.1.txt index 4caf16c..cf769d9 100644 --- a/doc/tor-fw-helper.1.txt +++ b/doc/tor-fw-helper.1.txt @@ -41,18 +41,8 @@ OPTIONS **-g** or **--fetch-public-ip**:: Fetch the the public ip address for each supported NAT helper method.

-**-i** or **--internal-or-port** __port__:: - Inform **tor-fw-helper** of your internal OR port. This is the only - required argument. - -**-e** or **--external-or-port** __port__:: - Inform **tor-fw-helper** of your external OR port. - -**-d** or **--internal-dir-port** __port__:: - Inform **tor-fw-helper** of your internal Dir port. - -**-p** or **--external-dir-port** __port__:: - Inform **tor-fw-helper** of your external Dir port. +**-p** or **--forward-port** __external_port__:__internal_port__:: + Forward external_port to internal_port.

BUGS ---- diff --git a/src/common/address.c b/src/common/address.c index e5862be..ac45cba 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1697,7 +1697,6 @@ tor_addr_hostname_is_local(const char *name) !strcasecmpend(name, ".local"); }

- /** Return a newly allocated tor_addr_port_t with <b>addr</b> and <b>port</b> filled in. */ tor_addr_port_t * diff --git a/src/common/util.c b/src/common/util.c index b1a05b5..25ddcc1 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -4676,10 +4676,10 @@ handle_fw_helper_line(const char *line) message_for_log ? message_for_log : "", internal_port); } else { - log_notice(LD_GENERAL, - "Tor successfully forwarded TCP port '%s' to '%s'%s.", - external_port, internal_port, - message_for_log ? message_for_log : ""); + log_info(LD_GENERAL, + "Tor successfully forwarded TCP port '%s' to '%s'%s.", + external_port, internal_port, + message_for_log ? message_for_log : ""); }

goto done; @@ -4723,7 +4723,9 @@ handle_fw_helper_output(process_handle_t *process_handle) }

/** Spawn tor-fw-helper and ask it to forward the ports in - * <b>ports_to_forward</b>. */ + * <b>ports_to_forward</b>. <b>ports_to_forward</b> contains strings + * of the form "<external port>:<internal port>", which is the format + * that tor-fw-helper expects. */ void tor_check_port_forwarding(const char *filename, smartlist_t *ports_to_forward, @@ -4748,17 +4750,35 @@ tor_check_port_forwarding(const char *filename, /* Start the child, if it is not already running */ if ((!child_handle || child_handle->status != PROCESS_STATUS_RUNNING) && time_to_run_helper < now) { - /* tor-fw-helper cli looks like this: tor_fw_helper -p :5555 -p 4555:1111 */ + /*tor-fw-helper cli looks like this: tor_fw_helper -p :5555 -p 4555:1111 */ const char **argv; /* cli arguments */ - /* Number of cli arguments: one for the filename, two for each - smartlist element (one for "-p" and one for the ports), and one - for the final NULL. */ - int args_n = 1 + 2*smartlist_len(ports_to_forward) + 1; + int args_n, status; int argv_index = 0; /* index inside 'argv' */ - int status;

tor_assert(smartlist_len(ports_to_forward) > 0);

+ /* check for overflow during 'argv' allocation: + (len(ports_to_forward)*2 + 2)*sizeof(char*) > SIZE_MAX == + len(ports_to_forward) > (((SIZE_MAX/sizeof(char*)) - 2)/2) */ + if ((size_t) smartlist_len(ports_to_forward) > + (((SIZE_MAX/sizeof(char*)) - 2)/2)) { + log_warn(LD_GENERAL, + "Overflow during argv allocation. This shouldn't happen."); + return; + } + /* check for overflow during 'argv_index' increase: + ((len(ports_to_forward)*2 + 2) > INT_MAX) == + len(ports_to_forward) > (INT_MAX - 2)/2 */ + if (smartlist_len(ports_to_forward) > (INT_MAX - 2)/2) { + log_warn(LD_GENERAL, + "Overflow during argv_index increase. This shouldn't happen."); + return; + } + + /* Calculate number of cli arguments: one for the filename, two + for each smartlist element (one for "-p" and one for the + ports), and one for the final NULL. */ + args_n = 1 + 2*smartlist_len(ports_to_forward) + 1; argv = tor_malloc_zero(sizeof(char*)*args_n);

argv[argv_index++] = filename; diff --git a/src/or/config.c b/src/or/config.c index ad422ef..a4af22a 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -7275,10 +7275,12 @@ get_list_of_ports_to_forward(void) smartlist_add_asprintf(ports_to_forward, "%d:%d", port, port);

/* Get ports of transport proxies */ - smartlist_t *transport_ports = get_transport_proxy_ports(); - if (transport_ports) { - smartlist_add_all(ports_to_forward, transport_ports); - smartlist_free(transport_ports); + { + smartlist_t *transport_ports = get_transport_proxy_ports(); + if (transport_ports) { + smartlist_add_all(ports_to_forward, transport_ports); + smartlist_free(transport_ports); + } }

if (!smartlist_len(ports_to_forward)) { diff --git a/src/or/config.h b/src/or/config.h index dd76edc..d207965 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -82,6 +82,8 @@ void save_transport_to_state(const char *transport_name, const tor_addr_t *addr, uint16_t port); char *get_stored_bindaddr_for_server_transport(const char *transport);

+smartlist_t *get_list_of_ports_to_forward(void); + int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg); diff --git a/src/tools/tor-fw-helper/tor-fw-helper.c b/src/tools/tor-fw-helper/tor-fw-helper.c index 3263354..d02b757 100644 --- a/src/tools/tor-fw-helper/tor-fw-helper.c +++ b/src/tools/tor-fw-helper/tor-fw-helper.c @@ -249,10 +249,11 @@ tor_fw_add_ports(tor_fw_options_t *tor_fw_options, (const char *) backends->backend_ops[i].name); }

- r = backends->backend_ops[i].add_tcp_mapping(port_to_forward->internal_port, - port_to_forward->external_port, - tor_fw_options->verbose, - backends->backend_state[i]); + r = + backends->backend_ops[i].add_tcp_mapping(port_to_forward->internal_port, + port_to_forward->external_port, + tor_fw_options->verbose, + backends->backend_state[i]); if (r == 0) { /* backend success */ tor_fw_helper_report_port_fw_success(port_to_forward->internal_port, port_to_forward->external_port, @@ -326,13 +327,13 @@ parse_port(const char *arg) goto err;

port_str = smartlist_get(sl, 0); /* macroify ? */ - port = (int)tor_parse_long(port_str, 10, 1, 65536, &ok, NULL); + port = (int)tor_parse_long(port_str, 10, 1, 65535, &ok, NULL); if (!ok && strlen(port_str)) /* ":1555" is valid */ goto err; port_to_forward->external_port = port;

port_str = smartlist_get(sl, 1); - port = (int)tor_parse_long(port_str, 10, 1, 65536, &ok, NULL); + port = (int)tor_parse_long(port_str, 10, 1, 65535, &ok, NULL); if (!ok) goto err; port_to_forward->internal_port = port; @@ -507,3 +508,4 @@ main(int argc, char **argv)

exit(r); } +