[or-cvs] r8289: backbackport: defense in depth (in tor/branches/tor-0_1_0-patches: . contrib src/or src/win32)

Tue Aug 29 09:23:50 UTC 2006

Author: arma
Date: 2006-08-29 05:23:49 -0400 (Tue, 29 Aug 2006)
New Revision: 8289

Modified:
   tor/branches/tor-0_1_0-patches/configure.in
   tor/branches/tor-0_1_0-patches/contrib/tor.nsi
   tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c
   tor/branches/tor-0_1_0-patches/src/or/command.c
   tor/branches/tor-0_1_0-patches/src/or/connection_edge.c
   tor/branches/tor-0_1_0-patches/src/win32/orconfig.h
Log:
backbackport: defense in depth


Modified: tor/branches/tor-0_1_0-patches/configure.in
===================================================================

--- tor/branches/tor-0_1_0-patches/configure.in	2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/configure.in	2006-08-29 09:23:49 UTC (rev 8289)
@@ -4,7 +4,7 @@
 dnl See LICENSE for licensing information
 
 AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.1.0.17)
+AM_INIT_AUTOMAKE(tor, 0.1.0.18)
 AM_CONFIG_HEADER(orconfig.h)
 
 AC_CANONICAL_HOST

Modified: tor/branches/tor-0_1_0-patches/contrib/tor.nsi
===================================================================
--- tor/branches/tor-0_1_0-patches/contrib/tor.nsi	2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/contrib/tor.nsi	2006-08-29 09:23:49 UTC (rev 8289)
@@ -31,7 +31,7 @@
 
 !include "MUI.nsh"
 
-!define VERSION "0.1.0.17"
+!define VERSION "0.1.0.18"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "http://tor.eff.org/"
 

Modified: tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c
===================================================================
--- tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c	2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c	2006-08-29 09:23:49 UTC (rev 8289)
@@ -552,6 +552,11 @@
     log_fn(LOG_WARN,"n_conn already set. Bug/attack. Closing.");
     return -1;
   }
+  if (!server_mode(get_options())) {
+    log_fn(LOG_WARN,
+           "Got an extend cell, but running as a client. Closing.");
+    return -1;
+  }
 
   relay_header_unpack(&rh, cell->payload);
 

Modified: tor/branches/tor-0_1_0-patches/src/or/command.c
===================================================================
--- tor/branches/tor-0_1_0-patches/src/or/command.c	2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/or/command.c	2006-08-29 09:23:49 UTC (rev 8289)
@@ -159,6 +159,15 @@
     return;
   }
 
+  if (!server_mode(get_options())) {
+    log_fn(LOG_WARN,
+           "Received create cell (type %d) from %s:%d, but we're a client. "
+           "Sending back a destroy.",
+           (int)cell->command, conn->address, conn->port);
+    connection_send_destroy(cell->circ_id, conn);
+    return;
+  }
+
   /* If the high bit of the circuit ID is not as expected, then switch
    * which half of the space we'll use for our own CREATE cells.
    *

Modified: tor/branches/tor-0_1_0-patches/src/or/connection_edge.c
===================================================================
--- tor/branches/tor-0_1_0-patches/src/or/connection_edge.c	2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/or/connection_edge.c	2006-08-29 09:23:49 UTC (rev 8289)
@@ -1361,12 +1361,20 @@
   uint16_t port;
 
   assert_circuit_ok(circ);
-  relay_header_unpack(&rh, cell->payload);
 
   /* XXX currently we don't send an end cell back if we drop the
    * begin because it's malformed.
    */
 
+  if (!server_mode(get_options()) &&
+      circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
+    log_fn(LOG_WARN,
+           "Relay begin cell at non-server. Dropping.");
+    return 0;
+  }
+
+  relay_header_unpack(&rh, cell->payload);
+
   if (!memchr(cell->payload+RELAY_HEADER_SIZE, 0, rh.length)) {
     log_fn(LOG_WARN,"relay begin cell has no \\0. Dropping.");
     return 0;

Modified: tor/branches/tor-0_1_0-patches/src/win32/orconfig.h
===================================================================
--- tor/branches/tor-0_1_0-patches/src/win32/orconfig.h	2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/win32/orconfig.h	2006-08-29 09:23:49 UTC (rev 8289)
@@ -215,4 +215,4 @@
 #define HAVE_EVENT_H
 
 /* Version number of package */
-#define VERSION "0.1.0.17"
+#define VERSION "0.1.0.18"

