nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.4.5' into master

Browse Source
This commit is contained in:
David Goulet 2020-11-17 12:25:56 -05:00
commit 0921fdf633
2 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug40017 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (protocol, proxy support, defense in depth):
- Respond more deliberately to misbehaving proxies that leave leftover
data on their connections, so as to be even less likely as to allow
them to pass their data off as having come from a relay.
Closes ticket 40017.

28
src/core/or/connection_or.c
View File

@ -566,11 +566,6 @@ connection_or_reached_eof(or_connection_t *conn)
int int
connection_or_process_inbuf(or_connection_t *conn) connection_or_process_inbuf(or_connection_t *conn)
{ {
/** Don't let the inbuf of a nonopen OR connection grow beyond this many
* bytes: it's either a broken client, a non-Tor client, or a DOS
* attempt. */
#define MAX_OR_INBUF_WHEN_NONOPEN 0
int ret = 0; int ret = 0;
tor_assert(conn); tor_assert(conn);
@ -581,6 +576,15 @@ connection_or_process_inbuf(or_connection_t *conn)
/* start TLS after handshake completion, or deal with error */ /* start TLS after handshake completion, or deal with error */
if (ret == 1) { if (ret == 1) {
tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED); tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED);
if (buf_datalen(conn->base_.inbuf) != 0) {
log_fn(LOG_PROTOCOL_WARN, LD_NET, "Found leftover (%d bytes) "
"when transitioning from PROXY_HANDSHAKING state on %s: "
"closing.",
(int)buf_datalen(conn->base_.inbuf),
connection_describe(TO_CONN(conn)));
connection_or_close_for_error(conn, 0);
return -1;
}
if (connection_tls_start_handshake(conn, 0) < 0) if (connection_tls_start_handshake(conn, 0) < 0)
ret = -1; ret = -1;
/* Touch the channel's active timestamp if there is one */ /* Touch the channel's active timestamp if there is one */
@ -601,14 +605,12 @@ connection_or_process_inbuf(or_connection_t *conn)
break; /* don't do anything */ break; /* don't do anything */
} }
/* This check was necessary with 0.2.2, when the TLS_SERVER_RENEGOTIATING /* This check makes sure that we don't have any data on the inbuf if we're
* check would otherwise just let data accumulate. It serves no purpose * doing our TLS handshake: if we did, they were probably put there by a
* in 0.2.3. * SOCKS proxy trying to trick us into accepting unauthenticated data.
* */
* XXXX Remove this check once we verify that the above paragraph is if (buf_datalen(conn->base_.inbuf) != 0) {
* 100% true. */ log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated data (%d bytes) "
if (buf_datalen(conn->base_.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "
"on non-open %s; closing.", "on non-open %s; closing.",
(int)buf_datalen(conn->base_.inbuf), (int)buf_datalen(conn->base_.inbuf),
connection_describe(TO_CONN(conn))); connection_describe(TO_CONN(conn)));