commit 1bd65680bdfcd46e1c96e71e3912cbdef4fc158a Author: Nick Mathewson nickm@torproject.org Date: Thu Oct 6 14:58:59 2011 -0400

Add more log statements for protocol/internal failures --- src/or/command.c | 36 ++++++++++++++++++++++++++++++------ src/or/connection_or.c | 17 +++++++++++------ 2 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/src/or/command.c b/src/or/command.c index 7efd18f..8cf6c46 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -149,10 +149,15 @@ command_process_cell(cell_t *cell, or_connection_t *conn) #endif

/* Reject all but VERSIONS and NETINFO when handshaking. */ + /* (VERSIONS should actually be impossible; it's variable-length.) */ if (handshaking && cell->command != CELL_VERSIONS && - cell->command != CELL_NETINFO) + cell->command != CELL_NETINFO) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received unexpected cell command %d in state %s; ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state)); return; - /* XXXX VERSIONS should be impossible; it's variable-length. */ + }

if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) or_handshake_state_record_cell(conn->handshake_state, cell, 1); @@ -239,18 +244,37 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)

/* fall through */ case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: - if (cell->command != CELL_VERSIONS) - return; /*XXXX023 log*/ + if (cell->command != CELL_VERSIONS) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a non-VERSIONS cell with command %d in state %s; " + "ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state)); + return; + } break; case OR_CONN_STATE_OR_HANDSHAKING_V3: if (cell->command != CELL_AUTHENTICATE) or_handshake_state_record_var_cell(conn->handshake_state, cell, 1); break; /* Everything is allowed */ case OR_CONN_STATE_OPEN: - if (conn->link_proto < 3) + if (conn->link_proto < 3) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a variable-length cell with command %d in state %s " + "with link protocol %d; ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state), + (int)conn->link_proto); return; + } + break; default: - /*XXXX023 log */ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received var-length cell with command %d in unexpected state " + "%s [%d]; ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state), + (int)conn->_base.state); return; }

diff --git a/src/or/connection_or.c b/src/or/connection_or.c index a5b965b..b4c1fd0 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2176,15 +2176,20 @@ connection_or_send_authenticate_cell(or_connection_t *conn, int authtype) int cell_maxlen; /* XXXX make sure we're actually supposed to send this! */

- if (!pk) - return -1;/*XXXX log*/ - if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET) - return -1;/*XXXX log*/ + if (!pk) { + log_warn(LD_BUG, "Unable to compute authenticate cell: no client auth key"); + return -1; + } + if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET) { + log_warn(LD_BUG, "Tried to send authenticate cell with unknown " + "authentication type %d", authtype); + return -1; + }

cell_maxlen = 4 + /* overhead */ V3_AUTH_BODY_LEN + /* Authentication body */ crypto_pk_keysize(pk) + /* Max signature length */ - 16 /* just in case XXXX */ ; + 16 /* add a few extra bytes just in case. */;

cell = var_cell_new(cell_maxlen); cell->command = CELL_AUTHENTICATE; @@ -2197,7 +2202,7 @@ connection_or_send_authenticate_cell(or_connection_t *conn, int authtype) pk, 0 /* not server */); if (authlen < 0) { - /* XXXX log */ + log_warn(LD_BUG, "Unable to compute authenticate cell!"); var_cell_free(cell); return -1; }