Add more log statements for protocol/internal failures

2024-11-10 21:23:58 +01:00 · 2011-10-06 14:58:59 -04:00 · 2011-10-06 14:58:59 -04:00 · 1bd65680bd
commit 1bd65680bd
parent 059d3d0613
2 changed files with 41 additions and 12 deletions
--- a/src/or/command.c
+++ b/src/or/command.c
@ -149,10 +149,15 @@ command_process_cell(cell_t *cell, or_connection_t *conn)
 #endif

  /* Reject all but VERSIONS and NETINFO when handshaking. */
+  /* (VERSIONS should actually be impossible; it's variable-length.) */
  if (handshaking && cell->command != CELL_VERSIONS &&
-      cell->command != CELL_NETINFO)
+      cell->command != CELL_NETINFO) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Received unexpected cell command %d in state %s; ignoring it.",
+           (int)cell->command,
+           conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
    return;
-  /* XXXX VERSIONS should be impossible; it's variable-length. */
+  }

  if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
    or_handshake_state_record_cell(conn->handshake_state, cell, 1);
@ -239,18 +244,37 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)

      /* fall through */
    case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
-      if (cell->command != CELL_VERSIONS)
-        return; /*XXXX023 log*/
+      if (cell->command != CELL_VERSIONS) {
+        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+               "Received a non-VERSIONS cell with command %d in state %s; "
+               "ignoring it.",
+               (int)cell->command,
+               conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
+        return;
+      }
      break;
    case OR_CONN_STATE_OR_HANDSHAKING_V3:
      if (cell->command != CELL_AUTHENTICATE)
        or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
      break; /* Everything is allowed */
    case OR_CONN_STATE_OPEN:
-      if (conn->link_proto < 3)
+      if (conn->link_proto < 3) {
+        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+               "Received a variable-length cell with command %d in state %s "
+               "with link protocol %d; ignoring it.",
+               (int)cell->command,
+               conn_state_to_string(CONN_TYPE_OR,conn->_base.state),
+               (int)conn->link_proto);
        return;
+      }
+      break;
    default:
-      /*XXXX023 log */
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+             "Received var-length cell with command %d in unexpected state "
+             "%s [%d]; ignoring it.",
+             (int)cell->command,
+             conn_state_to_string(CONN_TYPE_OR,conn->_base.state),
+             (int)conn->_base.state);
      return;
  }

--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@ -2176,15 +2176,20 @@ connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
  int cell_maxlen;
  /* XXXX make sure we're actually supposed to send this! */

-  if (!pk)
-    return -1;/*XXXX log*/
-  if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET)
-    return -1;/*XXXX log*/
+  if (!pk) {
+    log_warn(LD_BUG, "Unable to compute authenticate cell: no client auth key");
+    return -1;
+  }
+  if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET) {
+    log_warn(LD_BUG, "Tried to send authenticate cell with unknown "
+             "authentication type %d", authtype);
+    return -1;
+  }

  cell_maxlen = 4 + /* overhead */
    V3_AUTH_BODY_LEN + /* Authentication body */
    crypto_pk_keysize(pk) + /* Max signature length */
-    16 /* just in case XXXX */ ;
+    16 /* add a few extra bytes just in case. */;

  cell = var_cell_new(cell_maxlen);
  cell->command = CELL_AUTHENTICATE;
@ -2197,7 +2202,7 @@ connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
                                                         pk,
                                                         0 /* not server */);
  if (authlen < 0) {
-    /* XXXX log */
+    log_warn(LD_BUG, "Unable to compute authenticate cell!");
    var_cell_free(cell);
    return -1;
  }