[tor-commits] [tor/master] Refactor exit path in rend_service_load_auth_keys

nickm at torproject.org nickm at torproject.org
Mon Jun 25 16:08:58 UTC 2012 

commit b8d1e8e3755e6d12bd6a12cc8e91353b55a64186
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Jun 18 13:05:28 2012 -0400

    Refactor exit path in rend_service_load_auth_keys
    
    Now it's an orthodox "goto err/done" exit path, and it isn't some
    screwy thing where we stick err/done at the end of a loop and
    duplicate our cleanup code.
---
 src/or/rendservice.c |   61 +++++++++++++++++++------------------------------
 1 files changed, 24 insertions(+), 37 deletions(-)

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 69a86af..22f3b27 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -33,7 +33,8 @@ static int intro_point_should_expire_now(rend_intro_point_t *intro,
                                          time_t now);
 struct rend_service_t;
 static int rend_service_load_keys(struct rend_service_t *s);
-static int rend_service_load_auth_keys(struct rend_service_t *s);
+static int rend_service_load_auth_keys(struct rend_service_t *s,
+                                       const char *hfname);
 
 /** Represents the mapping from a virtual port of a rendezvous service to
  * a real port on some IP.
@@ -670,6 +671,7 @@ rend_service_load_keys(rend_service_t *s)
              " \"%s\".", s->directory);
     return -1;
   }
+
   tor_snprintf(buf, sizeof(buf),"%s.onion\n", s->service_id);
   if (write_str_to_file(fname,buf,0)<0) {
     log_warn(LD_CONFIG, "Could not write onion address to hostname file.");
@@ -680,7 +682,7 @@ rend_service_load_keys(rend_service_t *s)
 
   /* If client authorization is configured, load or generate keys. */
   if (s->auth_type != REND_NO_AUTH) {
-    if (rend_service_load_auth_keys(s) < 0)
+    if (rend_service_load_auth_keys(s, fname) < 0)
       return -1;
   }
 
@@ -688,12 +690,13 @@ rend_service_load_keys(rend_service_t *s)
 }
 
 /** Load and/or generate client authorization keys for the hidden service
- * <b>s</b>.  Return 0 on success, -1 on failure. */
+ * <b>s</b>, which stores its hostname in <b>hfname</b>.  Return 0 on success,
+ * -1 on failure. */
 static int
-rend_service_load_auth_keys(rend_service_t *s)
+rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
 {
   int r = 0;
-  char fname[512], cfname[512];
+  char cfname[512];
   char *client_keys_str = NULL;
   strmap_t *parsed_clients = strmap_new();
   FILE *cfile, *hfile;
@@ -731,10 +734,11 @@ rend_service_load_auth_keys(rend_service_t *s)
              escaped(cfname));
     goto err;
   }
-  if (!(hfile = start_writing_to_stdio_file(fname,
+
+  if (!(hfile = start_writing_to_stdio_file(hfname,
                                             OPEN_FLAGS_REPLACE | O_TEXT,
                                             0600, &open_hfile))) {
-    log_warn(LD_CONFIG, "Could not open hostname file %s", escaped(fname));
+    log_warn(LD_CONFIG, "Could not open hostname file %s", escaped(hfname));
     goto err;
   }
 
@@ -756,11 +760,7 @@ rend_service_load_auth_keys(rend_service_t *s)
                       client->descriptor_cookie,
                       REND_DESC_COOKIE_LEN) < 0) {
       log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
-      strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
-      /* Clear these here for the early error exit */
-      memset(desc_cook_out, 0, sizeof(desc_cook_out));
-      memset(service_id, 0, sizeof(service_id));
-      return -1;
+      goto err;
     }
     /* Copy client key from parsed entry or create new one if required. */
     if (parsed && parsed->client_key) {
@@ -855,39 +855,26 @@ rend_service_load_auth_keys(rend_service_t *s)
                strerror(errno));
       goto err;
     }
-  }
-  SMARTLIST_FOREACH_END(client);
+  } SMARTLIST_FOREACH_END(client);
+
+  finish_writing_to_file(open_cfile);
+  finish_writing_to_file(open_hfile);
 
   goto done;
  err:
   r = -1;
+  if (open_cfile)
+    abort_writing_to_file(open_cfile);
+  if (open_hfile)
+    abort_writing_to_file(open_hfile);
  done:
+  /* XXXX zero these two as well */
   tor_free(client_keys_str);
   strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
-  if (r<0) {
-    /* Clear these here for the early error exit */
-    /* We have to clear buf because encoded keys can get written to it */
-    memset(buf, 0, sizeof(buf));
-    memset(desc_cook_out, 0, sizeof(desc_cook_out));
-    memset(service_id, 0, sizeof(service_id));
-    memset(extended_desc_cookie, 0, sizeof(extended_desc_cookie));
-    if (open_cfile)
-      abort_writing_to_file(open_cfile);
-    if (open_hfile)
-      abort_writing_to_file(open_hfile);
-    return r;
-  } else {
-    finish_writing_to_file(open_cfile);
-    finish_writing_to_file(open_hfile);
-  }
 
-  /*
-   * Clear stack buffers that held key-derived material; we do this here
-   * for each iteration so that we don't have to put this before all of
-   * the early error exits (check/create directory, check service file,
-   * and so forth) that otherwise might have leftover key from the
-   * previous iteration on the stack.
-   */
+  memset(cfname, 0, sizeof(cfname));
+
+  /* Clear stack buffers that held key-derived material. */
   memset(buf, 0, sizeof(buf));
   memset(desc_cook_out, 0, sizeof(desc_cook_out));
   memset(service_id, 0, sizeof(service_id));

More information about the tor-commits mailing list