[tor-commits] [tor/master] Restrict unix: addresses to control and socks for now

Thu Jan 29 20:18:23 UTC 2015

commit 4c1a77953942f4921f8a151e01933c8f9d104e7f
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jan 29 14:51:59 2015 -0500

    Restrict unix: addresses to control and socks for now
---
 src/or/config.c     |    6 ++++++
 src/or/connection.c |   27 +++++++++++++++++++--------
 src/or/connection.h |    1 +
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index ab1f318..05b4d14 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5862,6 +5862,12 @@ parse_port_config(smartlist_t *out,
       goto err;
     }
 
+    if (unix_socket_path &&
+        ! conn_listener_type_supports_af_unix(listener_type)) {
+      log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname);
+      goto err;
+    }
+
     if (unix_socket_path) {
       port = 1;
     } else if (is_unix_socket) {
diff --git a/src/or/connection.c b/src/or/connection.c
index 170d3d7..b7dfb1d 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -449,6 +449,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b)
   conn_b->linked_conn = conn_a;
 }
 
+/** Return true iff the provided connection listener type supports AF_UNIX
+ * sockets. */
+int
+conn_listener_type_supports_af_unix(int type)
+{
+  /* For now only control ports or SOCKS ports can be Unix domain sockets
+   * and listeners at the same time */
+  switch (type) {
+    case CONN_TYPE_CONTROL_LISTENER:
+    case CONN_TYPE_AP_LISTENER:
+      return 1;
+    default:
+      return 0;
+  }
+}
+
 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
  * necessary, close its socket if necessary, and mark the directory as dirty
  * if <b>conn</b> is an OR or OP connection.
@@ -516,8 +532,7 @@ connection_free_(connection_t *conn)
     if (conn->socket_family == AF_UNIX) {
       /* For now only control and SOCKS ports can be Unix domain sockets
        * and listeners at the same time */
-      tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER ||
-                 conn->type == CONN_TYPE_AP_LISTENER);
+      tor_assert(conn_listener_type_supports_af_unix(conn->type));
 
       if (unlink(conn->address) < 0 && errno != ENOENT) {
         log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
@@ -1172,17 +1187,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     }
 #ifdef HAVE_SYS_UN_H
   /*
-   * AF_UNIX generic setup stuff (this covers both CONN_TYPE_CONTROL_LISTENER
-   * and CONN_TYPE_AP_LISTENER cases)
+   * AF_UNIX generic setup stuff
    */
   } else if (listensockaddr->sa_family == AF_UNIX) {
     /* We want to start reading for both AF_UNIX cases */
     start_reading = 1;
 
-    /* For now only control ports or SOCKS ports can be Unix domain sockets
-     * and listeners at the same time */
-    tor_assert(type == CONN_TYPE_CONTROL_LISTENER ||
-               type == CONN_TYPE_AP_LISTENER);
+    tor_assert(conn_listener_type_supports_af_unix(type));
 
     if (check_location_for_unix_socket(options, address,
           (type == CONN_TYPE_CONTROL_LISTENER) ?
diff --git a/src/or/connection.h b/src/or/connection.h
index 50bea51..d0a34ec 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -17,6 +17,7 @@
 
 const char *conn_type_to_string(int type);
 const char *conn_state_to_string(int type, int state);
+int conn_listener_type_supports_af_unix(int type);
 
 dir_connection_t *dir_connection_new(int socket_family);
 or_connection_t *or_connection_new(int type, int socket_family);



