[tor-commits] [tor/master] Implement protocol-type isolation correctly.

Tue Aug 2 19:02:14 UTC 2011

commit 6596aa022f03bad34a3ee9cbd627fefe55c01d54
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Aug 2 10:48:39 2011 -0400

    Implement protocol-type isolation correctly.
    
    Previously we'd just looked at the connection type, but that's
    always CONN_TYPE_AP.  Instead, we should be looking at the type of
    the listener that created the connection.
    
    Spotted by rransom; fixes bug 3636.
---
 src/or/connection.c      |    1 +
 src/or/connection_edge.c |    9 +++++----
 src/or/dnsserv.c         |    2 ++
 src/or/or.h              |    2 ++
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/or/connection.c b/src/or/connection.c
index c4b320e..b885d09 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1251,6 +1251,7 @@ connection_init_accepted_conn(connection_t *conn,
       TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags;
       TO_EDGE_CONN(conn)->session_group = listener->session_group;
       TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch();
+      TO_EDGE_CONN(conn)->socks_request->listener_type = listener->_base.type;
       switch (TO_CONN(listener)->type) {
         case CONN_TYPE_AP_LISTENER:
           conn->state = AP_CONN_STATE_SOCKS_WAIT;
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 4d3e254..8f550cf 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2582,6 +2582,7 @@ connection_ap_make_link(connection_t *partner,
   }
 
   /* Populate isolation fields. */
+  conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
   conn->original_dest_address = tor_strdup(address);
   conn->session_group = session_group;
   conn->isolation_flags = isolation_flags;
@@ -3362,7 +3363,7 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
        strcmp_opt(a->socks_request->password, b->socks_request->password)))
     return 0;
   if ((iso & ISO_CLIENTPROTO) &&
-      (TO_CONN(a)->type != TO_CONN(b)->type ||
+      (a->socks_request->listener_type != b->socks_request->listener_type ||
        a->socks_request->socks_version != b->socks_request->socks_version))
     return 0;
   if ((iso & ISO_CLIENTADDR) &&
@@ -3424,7 +3425,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
        strcmp_opt(conn->socks_request->password, circ->socks_password)))
     return 0;
   if ((iso & ISO_CLIENTPROTO) &&
-      (TO_CONN(conn)->type != circ->client_proto_type ||
+      (conn->socks_request->listener_type != circ->client_proto_type ||
        conn->socks_request->socks_version != circ->client_proto_socksver))
     return 0;
   if ((iso & ISO_CLIENTADDR) &&
@@ -3463,7 +3464,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
       return -1;
     circ->dest_port = conn->socks_request->port;
     circ->dest_address = tor_strdup(conn->original_dest_address);
-    circ->client_proto_type = TO_CONN(conn)->type;
+    circ->client_proto_type = conn->socks_request->listener_type;
     circ->client_proto_socksver = conn->socks_request->socks_version;
     tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);
     circ->session_group = conn->session_group;
@@ -3484,7 +3485,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
     if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
         strcmp_opt(conn->socks_request->password, circ->socks_password))
       mixed |= ISO_SOCKSAUTH;
-    if ((TO_CONN(conn)->type != circ->client_proto_type ||
+    if ((conn->socks_request->listener_type != circ->client_proto_type ||
          conn->socks_request->socks_version != circ->client_proto_socksver))
       mixed |= ISO_CLIENTPROTO;
     if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr))
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index 35279c4..19d0427 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -131,6 +131,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
   strlcpy(conn->socks_request->address, q->name,
           sizeof(conn->socks_request->address));
 
+  conn->socks_request->listener_type = listener->_base.type;
   conn->dns_server_request = req;
   conn->isolation_flags = listener->isolation_flags;
   conn->session_group = listener->session_group;
@@ -185,6 +186,7 @@ dnsserv_launch_request(const char *name, int reverse)
   strlcpy(conn->socks_request->address, name,
           sizeof(conn->socks_request->address));
 
+  conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
   conn->original_dest_address = tor_strdup(name);
   conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
   conn->nym_epoch = get_signewnym_epoch();
diff --git a/src/or/or.h b/src/or/or.h
index d6d8c7a..150971b 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3382,6 +3382,8 @@ struct socks_request_t {
   uint8_t auth_type;
   /** What is this stream's goal? One of the SOCKS_COMMAND_* values */
   uint8_t command;
+  /** Which kind of listener created this stream? */
+  uint8_t listener_type;
   size_t replylen; /**< Length of <b>reply</b>. */
   uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
                                     * we want to specify our own socks reply,

