Merge branch 'maint-0.4.5' into master

This commit is contained in:
David Goulet 2020-11-17 12:25:56 -05:00
commit 0921fdf633
2 changed files with 20 additions and 13 deletions

5
changes/bug40017 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (protocol, proxy support, defense in depth):
- Respond more deliberately to misbehaving proxies that leave leftover
data on their connections, so as to be even less likely as to allow
them to pass their data off as having come from a relay.
Closes ticket 40017.

View File

@ -566,11 +566,6 @@ connection_or_reached_eof(or_connection_t *conn)
int
connection_or_process_inbuf(or_connection_t *conn)
{
/** Don't let the inbuf of a nonopen OR connection grow beyond this many
* bytes: it's either a broken client, a non-Tor client, or a DOS
* attempt. */
#define MAX_OR_INBUF_WHEN_NONOPEN 0
int ret = 0;
tor_assert(conn);
@ -581,6 +576,15 @@ connection_or_process_inbuf(or_connection_t *conn)
/* start TLS after handshake completion, or deal with error */
if (ret == 1) {
tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED);
if (buf_datalen(conn->base_.inbuf) != 0) {
log_fn(LOG_PROTOCOL_WARN, LD_NET, "Found leftover (%d bytes) "
"when transitioning from PROXY_HANDSHAKING state on %s: "
"closing.",
(int)buf_datalen(conn->base_.inbuf),
connection_describe(TO_CONN(conn)));
connection_or_close_for_error(conn, 0);
return -1;
}
if (connection_tls_start_handshake(conn, 0) < 0)
ret = -1;
/* Touch the channel's active timestamp if there is one */
@ -601,14 +605,12 @@ connection_or_process_inbuf(or_connection_t *conn)
break; /* don't do anything */
}
/* This check was necessary with 0.2.2, when the TLS_SERVER_RENEGOTIATING
* check would otherwise just let data accumulate. It serves no purpose
* in 0.2.3.
*
* XXXX Remove this check once we verify that the above paragraph is
* 100% true. */
if (buf_datalen(conn->base_.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "
/* This check makes sure that we don't have any data on the inbuf if we're
* doing our TLS handshake: if we did, they were probably put there by a
* SOCKS proxy trying to trick us into accepting unauthenticated data.
*/
if (buf_datalen(conn->base_.inbuf) != 0) {
log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated data (%d bytes) "
"on non-open %s; closing.",
(int)buf_datalen(conn->base_.inbuf),
connection_describe(TO_CONN(conn)));