[or-cvs] r9322: Add some defensive programming to eventdns.c in an attempt t (in tor/trunk: . src/or)
nickm at seul.org
nickm at seul.org
Wed Jan 10 19:49:40 UTC 2007
Author: nickm
Date: 2007-01-10 14:49:21 -0500 (Wed, 10 Jan 2007)
New Revision: 9322
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/eventdns.c
Log:
r11919 at Kushana: nickm | 2007-01-10 13:32:48 -0500
Add some defensive programming to eventdns.c in an attempt to catch possible memory stomping bugs.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r11919] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-01-10 19:49:11 UTC (rev 9321)
+++ tor/trunk/ChangeLog 2007-01-10 19:49:21 UTC (rev 9322)
@@ -3,6 +3,8 @@
- When computing clock skew from directory HTTP headers, consider what
time it was when we finished asking for the directory, not what time it
is now.
+ - Add some defensive programming to eventdns.c in an attempt to catch
+ possible memory-stomping bugs.
Changes in version 0.1.2.6-alpha - 2007-01-09
Modified: tor/trunk/src/or/eventdns.c
===================================================================
--- tor/trunk/src/or/eventdns.c 2007-01-10 19:49:11 UTC (rev 9321)
+++ tor/trunk/src/or/eventdns.c 2007-01-10 19:49:21 UTC (rev 9322)
@@ -130,7 +130,7 @@
#define u64 uint64_t
#define u32 uint32_t
#define u16 uint16_t
-#define u8 uint8_t
+#define u8 uint8_t
#define MAX_ADDRS 4 // maximum number of addresses from a single packet
// which we bother recording
@@ -141,6 +141,8 @@
#define CLASS_INET EVDNS_CLASS_INET
+#define CLEAR(x) do { memset((x), 0, sizeof(*(x))); } while(0)
+
struct request {
u8 *request; // the dns packet data
unsigned int request_len;
@@ -450,6 +452,7 @@
nameserver_probe_failed(struct nameserver *const ns) {
const struct timeval * timeout;
(void) evtimer_del(&ns->timeout_event);
+ CLEAR(&ns->timeout_event);
if (ns->state == 1) {
// This can happen if the nameserver acts in a way which makes us mark
// it as bad and then starts sending good replies.
@@ -526,6 +529,7 @@
log(EVDNS_LOG_WARN, "Nameserver %s is back up",
debug_ntoa(ns->address));
evtimer_del(&ns->timeout_event);
+ CLEAR(&ns->timeout_event);
ns->state = 1;
ns->failed_times = 0;
ns->timedout = 0;
@@ -557,6 +561,7 @@
log(EVDNS_LOG_DEBUG, "Removing timeout for request %lx",
(unsigned long) req);
evtimer_del(&req->timeout_event);
+ CLEAR(&req->timeout_event);
search_request_finished(req);
global_requests_inflight--;
@@ -569,6 +574,7 @@
// so everything gets free()ed when we:
}
+ CLEAR(req);
free(req);
evdns_requests_pump_waiting_queue();
@@ -975,6 +981,7 @@
free(server_req->base.questions[i]);
free(server_req->base.questions);
}
+ CLEAR(server_req);
free(server_req);
}
return -1;
@@ -1136,6 +1143,7 @@
// We have no more pending requests; stop listening for 'writeable' events.
(void) event_del(&port->event);
+ CLEAR(&port->event);
event_set(&port->event, port->socket, EV_READ | EV_PERSIST,
server_port_ready_callback, port);
if (event_add(&port->event, NULL) < 0) {
@@ -1153,6 +1161,7 @@
ns->write_waiting = waiting;
(void) event_del(&ns->event);
+ CLEAR(&ns->event);
event_set(&ns->event, ns->socket, EV_READ | (waiting ? EV_WRITE : 0) | EV_PERSIST,
nameserver_ready_callback, ns);
if (event_add(&ns->event, NULL) < 0) {
@@ -1380,6 +1389,7 @@
struct evdns_server_port *port;
if (!(port = malloc(sizeof(struct evdns_server_port))))
return NULL;
+ memset(port, 0, sizeof(struct evdns_server_port));
assert(!is_tcp); // TCP sockets not yet implemented
port->socket = socket;
@@ -1438,8 +1448,10 @@
item = malloc(sizeof(struct server_reply_item));
if (!item)
return -1;
+ CLEAR(item);
item->next = NULL;
if (!(item->name = strdup(name))) {
+ CLEAR(item);
free(item);
return -1;
}
@@ -1453,6 +1465,7 @@
if (item->is_name) {
if (!(item->data = strdup(data))) {
free(item->name);
+ CLEAR(item);
free(item);
return -1;
}
@@ -1460,6 +1473,7 @@
} else {
if (!(item->data = malloc(datalen))) {
free(item->name);
+ CLEAR(item);
free(item);
return -1;
}
@@ -1650,6 +1664,7 @@
port->choked = 1;
(void) event_del(&port->event);
+ CLEAR(&port->event);
event_set(&port->event, port->socket, (port->closing?0:EV_READ) | EV_WRITE | EV_PERSIST, server_port_ready_callback, port);
if (event_add(&port->event, NULL) < 0) {
@@ -1689,6 +1704,7 @@
free(victim->name);
if (victim->data)
free(victim->data);
+ /* XXXX free(victim?) -NM */
victim = next;
}
*list = NULL;
@@ -1716,8 +1732,9 @@
rc = --req->port->refcnt;
}
- if (req->response)
+ if (req->response) {
free(req->response);
+ }
server_request_free_answers(req);
@@ -1728,9 +1745,11 @@
if (rc == 0) {
server_port_free(req->port);
+ CLEAR(req);
free(req);
return (1);
}
+ CLEAR(req);
free(req);
return (0);
}
@@ -1747,6 +1766,8 @@
port->socket = -1;
}
(void) event_del(&port->event);
+ CLEAR(&port->event);
+ // XXXX actually free the port? -NM
}
// exported function
@@ -1778,6 +1799,7 @@
}
(void) evtimer_del(&req->timeout_event);
+ CLEAR(&req->timeout_event);
if (req->tx_count >= global_max_retransmits) {
// this request has failed
reply_callback(req, 0, DNS_ERR_TIMEOUT, NULL);
@@ -1938,9 +1960,12 @@
while (1) {
struct nameserver *next = server->next;
(void) event_del(&server->event);
+ CLEAR(&server->event);
(void) evtimer_del(&server->timeout_event);
+ CLEAR(&server->timeout_event);
if (server->socket >= 0)
CLOSE_SOCKET(server->socket);
+ CLEAR(server);
free(server);
if (next == started_at)
break;
@@ -1955,6 +1980,7 @@
req->ns = NULL;
// ???? What to do about searches?
(void) evtimer_del(&req->timeout_event);
+ CLEAR(&req->timeout_event);
req->trans_id = 0;
req->transmit_me = 0;
@@ -2054,6 +2080,7 @@
out2:
CLOSE_SOCKET(ns->socket);
out1:
+ CLEAR(ns);
free(ns);
log(EVDNS_LOG_WARN, "Unable to add nameserver %s: error %d", debug_ntoa(address), err);
return err;
@@ -2130,6 +2157,7 @@
return req;
err1:
+ CLEAR(req);
free(req);
return NULL;
}
@@ -2258,8 +2286,10 @@
struct search_domain *next, *dom;
for (dom = state->head; dom; dom = next) {
next = dom->next;
+ CLEAR(dom);
free(dom);
}
+ CLEAR(state);
free(state);
}
}
@@ -2363,7 +2393,7 @@
const u8 *const postfix = ((u8 *) dom) + sizeof(struct search_domain);
const int postfix_len = dom->len;
char *const newname = (char *) malloc(base_len + need_to_append_dot + postfix_len + 1);
- if (!newname) return NULL;
+ if (!newname) return NULL;
memcpy(newname, base_name, base_len);
if (need_to_append_dot) newname[base_len] = '.';
memcpy(newname + base_len + need_to_append_dot, postfix, postfix_len);
@@ -2587,7 +2617,7 @@
const char *option;
while ((option = NEXT_TOKEN)) {
const char *val = strchr(option, ':');
- evdns_set_option(option, val ? val+1 : "", flags);
+ evdns_set_option(option, val ? val+1 : "", flags);
}
}
#undef NEXT_TOKEN
@@ -2649,7 +2679,7 @@
if (!server_head && (flags & DNS_OPTION_NAMESERVERS)) {
// no nameservers were configured.
evdns_nameserver_ip_add("127.0.0.1");
- err = 6;
+ err = 6;
}
if (flags & DNS_OPTION_SEARCH && (!global_search_state || global_search_state->num_domains == 0)) {
search_set_from_hostname();
@@ -2911,6 +2941,7 @@
if (server->socket >= 0)
CLOSE_SOCKET(server->socket);
(void) event_del(&server->event);
+ CLEAR(server);
free(server);
if (server_next == server_head)
break;
@@ -2921,8 +2952,10 @@
if (global_search_state) {
for (dom = global_search_state->head; dom; dom = dom_next) {
dom_next = dom->next;
+ CLEAR(dom);
free(dom);
}
+ CLEAR(global_search_state);
free(global_search_state);
global_search_state = NULL;
}
More information about the tor-commits
mailing list