[tor-commits] [tor/master] Use special magic to enforce manager/object connection.

Wed Sep 4 14:39:08 UTC 2019

commit 3d1f9f583a45143c1259b8926f8c57fa57fc1efb
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Jul 23 10:41:57 2019 -0400

    Use special magic to enforce manager/object connection.
    
    Every time we finalize a config manager, we now generate a new magic
    number for it, so that we'll get an assertion failure if we ever try
    to use an object with a different configuration manager than the one
    that generated it.
---
 src/app/config/confparse.c | 21 +++++++++++++++++++--
 src/test/test_confparse.c  |  1 -
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/app/config/confparse.c b/src/app/config/confparse.c
index c7ee8f301..998c0e6ef 100644
--- a/src/app/config/confparse.c
+++ b/src/app/config/confparse.c
@@ -37,6 +37,8 @@
 #include "lib/string/printf.h"
 #include "lib/string/util_string.h"
 
+#include "ext/siphash.h"
+
 /**
  * A managed_var_t is an internal wrapper around a config_var_t in
  * a config_format_t structure.  It is used by config_mgr_t to
@@ -89,6 +91,12 @@ struct config_mgr_t {
    * added to it. A manager must be frozen before it can be used to construct
    * or manipulate objects. */
   bool frozen;
+  /** A replacement for the magic number of the toplevel object. We override
+   * that number to make it unique for this particular config_mgr_t, so that
+   * an object constructed with one mgr can't be used with another, even if
+   * those managers' contents are equal.
+   */
+  struct_magic_decl_t toplevel_magic;
 };
 
 #define IDX_TOPLEVEL (-1)
@@ -186,7 +194,16 @@ managed_var_cmp(const void **a, const void **b)
 void
 config_mgr_freeze(config_mgr_t *mgr)
 {
+  static uint64_t mgr_count = 0;
+
   smartlist_sort(mgr->all_vars, managed_var_cmp);
+  memcpy(&mgr->toplevel_magic, &mgr->toplevel->magic,
+         sizeof(struct_magic_decl_t));
+  uint64_t magic_input[3] = { mgr->toplevel_magic.magic_val,
+                              (uint64_t) (uintptr_t) mgr,
+                              ++mgr_count };
+  mgr->toplevel_magic.magic_val =
+    (uint32_t)siphash24g(magic_input, sizeof(magic_input));
   mgr->frozen = true;
 }
 
@@ -238,7 +255,7 @@ config_mgr_assert_magic_ok(const config_mgr_t *mgr,
   tor_assert(mgr);
   tor_assert(options);
   tor_assert(mgr->frozen);
-  struct_check_magic(options, &mgr->toplevel->magic);
+  struct_check_magic(options, &mgr->toplevel_magic);
 }
 
 /** Macro: assert that <b>cfg</b> has the right magic field for
@@ -254,7 +271,7 @@ config_new(const config_mgr_t *mgr)
   tor_assert(mgr->frozen);
   const config_format_t *fmt = mgr->toplevel;
   void *opts = tor_malloc_zero(fmt->size);
-  struct_set_magic(opts, &fmt->magic);
+  struct_set_magic(opts, &mgr->toplevel_magic);
   CONFIG_CHECK(mgr, opts);
   return opts;
 }
diff --git a/src/test/test_confparse.c b/src/test/test_confparse.c
index 1513c9323..78eb3d38b 100644
--- a/src/test/test_confparse.c
+++ b/src/test/test_confparse.c
@@ -158,7 +158,6 @@ test_confparse_init(void *arg)
   config_init(mgr, tst);
 
   // Make sure that options are initialized right. */
-  tt_uint_op(tst->magic, OP_EQ, TEST_MAGIC);
   tt_str_op(tst->s, OP_EQ, "hello");
   tt_ptr_op(tst->fn, OP_EQ, NULL);
   tt_int_op(tst->pos, OP_EQ, 0);



