[tor-commits] [tor/master] Detect extra bytes in HAProxy inbuf when transitioning to OR handshake
ahf at torproject.org
ahf at torproject.org
Wed Dec 16 20:56:06 UTC 2020
commit 6c602026e8a9f5e115f4892162c513e3f44ae1da
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Dec 2 10:07:26 2020 -0500
Detect extra bytes in HAProxy inbuf when transitioning to OR handshake
This shouldn't be possible, but let's add it for defense-in-depth.
Closes #40017.
---
changes/ticket40017_redux | 3 +++
src/core/or/connection_or.c | 5 +++++
2 files changed, 8 insertions(+)
diff --git a/changes/ticket40017_redux b/changes/ticket40017_redux
new file mode 100644
index 0000000000..b190e7080e
--- /dev/null
+++ b/changes/ticket40017_redux
@@ -0,0 +1,3 @@
+ o Minor features (protocol, proxy support, defense in depth):
+ - Close HAProxy connections if they somehow manage to send us data before
+ we start reading. Closes another case of ticket 40017.
\ No newline at end of file
diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c
index e3e81ed9cb..40c4441de6 100644
--- a/src/core/or/connection_or.c
+++ b/src/core/or/connection_or.c
@@ -686,6 +686,11 @@ connection_or_finished_flushing(or_connection_t *conn)
/* PROXY_HAPROXY gets connected by receiving an ack. */
if (conn->proxy_type == PROXY_HAPROXY) {
tor_assert(TO_CONN(conn)->proxy_state == PROXY_HAPROXY_WAIT_FOR_FLUSH);
+ IF_BUG_ONCE(buf_datalen(TO_CONN(conn)->inbuf) != 0) {
+ /* This should be impossible; we're not even reading. */
+ connection_or_close_for_error(conn, 0);
+ return -1;
+ }
TO_CONN(conn)->proxy_state = PROXY_CONNECTED;
if (connection_tls_start_handshake(conn, 0) < 0) {
More information about the tor-commits
mailing list