mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
Remove the return value from the fascist_firewall_choose_address_* family of functions
This commit is contained in:
parent
ddb2b965de
commit
5458ff20a5
6
changes/ticket24734
Normal file
6
changes/ticket24734
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
o Code simplification and refactoring:
|
||||||
|
- Remove the return value for fascist_firewall_choose_address_base(),
|
||||||
|
and sister functions such as fascist_firewall_choose_address_node()
|
||||||
|
and fascist_firewall_choose_address_rs(). Also, while we're here,
|
||||||
|
initialize the ap argument as leaving it uninitialized can pose a
|
||||||
|
security hazard. Closes ticket 24734. Patch by Neel Chauhan.
|
@ -2802,16 +2802,13 @@ extend_info_from_node(const node_t *node, int for_direct_connect)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Choose a preferred address first, but fall back to an allowed address.
|
/* Choose a preferred address first, but fall back to an allowed address. */
|
||||||
* choose_address returns 1 on success, but get_prim_orport returns 0. */
|
|
||||||
if (for_direct_connect)
|
if (for_direct_connect)
|
||||||
valid_addr = fascist_firewall_choose_address_node(node,
|
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, &ap);
|
||||||
FIREWALL_OR_CONNECTION,
|
|
||||||
0, &ap);
|
|
||||||
else {
|
else {
|
||||||
node_get_prim_orport(node, &ap);
|
node_get_prim_orport(node, &ap);
|
||||||
valid_addr = tor_addr_port_is_valid_ap(&ap, 0);
|
|
||||||
}
|
}
|
||||||
|
valid_addr = tor_addr_port_is_valid_ap(&ap, 0);
|
||||||
|
|
||||||
if (valid_addr)
|
if (valid_addr)
|
||||||
log_debug(LD_CIRC, "using %s for %s",
|
log_debug(LD_CIRC, "using %s for %s",
|
||||||
|
@ -794,9 +794,9 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
|
|||||||
* Use the preferred address and port if they are reachable, otherwise,
|
* Use the preferred address and port if they are reachable, otherwise,
|
||||||
* use the alternate address and port (if any).
|
* use the alternate address and port (if any).
|
||||||
*/
|
*/
|
||||||
have_or = fascist_firewall_choose_address_rs(status,
|
fascist_firewall_choose_address_rs(status, FIREWALL_OR_CONNECTION, 0,
|
||||||
FIREWALL_OR_CONNECTION, 0,
|
use_or_ap);
|
||||||
use_or_ap);
|
have_or = tor_addr_port_is_valid_ap(use_or_ap, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* DirPort connections
|
/* DirPort connections
|
||||||
@ -805,9 +805,9 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
|
|||||||
indirection == DIRIND_ANON_DIRPORT ||
|
indirection == DIRIND_ANON_DIRPORT ||
|
||||||
(indirection == DIRIND_ONEHOP
|
(indirection == DIRIND_ONEHOP
|
||||||
&& !directory_must_use_begindir(options))) {
|
&& !directory_must_use_begindir(options))) {
|
||||||
have_dir = fascist_firewall_choose_address_rs(status,
|
fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0,
|
||||||
FIREWALL_DIR_CONNECTION, 0,
|
use_dir_ap);
|
||||||
use_dir_ap);
|
have_dir = tor_addr_port_is_valid_ap(use_dir_ap, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We rejected all addresses in the relay's status. This means we can't
|
/* We rejected all addresses in the relay's status. This means we can't
|
||||||
|
@ -825,9 +825,8 @@ fascist_firewall_choose_address(const tor_addr_port_t *a,
|
|||||||
* If pref_only, only choose preferred addresses. In either case, choose
|
* If pref_only, only choose preferred addresses. In either case, choose
|
||||||
* a preferred address before an address that's not preferred.
|
* a preferred address before an address that's not preferred.
|
||||||
* If both addresses could be chosen (they are both preferred or both allowed)
|
* If both addresses could be chosen (they are both preferred or both allowed)
|
||||||
* choose IPv6 if pref_ipv6 is true, otherwise choose IPv4.
|
* choose IPv6 if pref_ipv6 is true, otherwise choose IPv4. */
|
||||||
* If neither address is chosen, return 0, else return 1. */
|
static void
|
||||||
static int
|
|
||||||
fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
|
fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
|
||||||
uint16_t ipv4_orport,
|
uint16_t ipv4_orport,
|
||||||
uint16_t ipv4_dirport,
|
uint16_t ipv4_dirport,
|
||||||
@ -868,15 +867,12 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
|
|||||||
if (result) {
|
if (result) {
|
||||||
tor_addr_copy(&ap->addr, &result->addr);
|
tor_addr_copy(&ap->addr, &result->addr);
|
||||||
ap->port = result->port;
|
ap->port = result->port;
|
||||||
return 1;
|
|
||||||
} else {
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Like fascist_firewall_choose_address_base(), but takes a host-order IPv4
|
/** Like fascist_firewall_choose_address_base(), but takes a host-order IPv4
|
||||||
* address as the first parameter. */
|
* address as the first parameter. */
|
||||||
static int
|
static void
|
||||||
fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
|
fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
|
||||||
uint16_t ipv4_orport,
|
uint16_t ipv4_orport,
|
||||||
uint16_t ipv4_dirport,
|
uint16_t ipv4_dirport,
|
||||||
@ -895,11 +891,11 @@ fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
|
|||||||
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
||||||
ap->port = 0;
|
ap->port = 0;
|
||||||
|
|
||||||
return fascist_firewall_choose_address_base(&ipv4_addr, ipv4_orport,
|
fascist_firewall_choose_address_base(&ipv4_addr, ipv4_orport,
|
||||||
ipv4_dirport, ipv6_addr,
|
ipv4_dirport, ipv6_addr,
|
||||||
ipv6_orport, ipv6_dirport,
|
ipv6_orport, ipv6_dirport,
|
||||||
fw_connection, pref_only,
|
fw_connection, pref_only,
|
||||||
pref_ipv6, ap);
|
pref_ipv6, ap);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Some microdescriptor consensus methods have no IPv6 addresses in rs: they
|
/* Some microdescriptor consensus methods have no IPv6 addresses in rs: they
|
||||||
@ -950,26 +946,25 @@ node_awaiting_ipv6(const or_options_t* options, const node_t *node)
|
|||||||
* This should only happen when there's no valid consensus, and rs doesn't
|
* This should only happen when there's no valid consensus, and rs doesn't
|
||||||
* correspond to a bridge client's bridge.
|
* correspond to a bridge client's bridge.
|
||||||
*/
|
*/
|
||||||
int
|
void
|
||||||
fascist_firewall_choose_address_rs(const routerstatus_t *rs,
|
fascist_firewall_choose_address_rs(const routerstatus_t *rs,
|
||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only, tor_addr_port_t* ap)
|
int pref_only, tor_addr_port_t* ap)
|
||||||
{
|
{
|
||||||
if (!rs) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
tor_assert(ap);
|
tor_assert(ap);
|
||||||
|
|
||||||
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
||||||
ap->port = 0;
|
ap->port = 0;
|
||||||
|
|
||||||
|
if (!rs) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
const node_t *node = node_get_by_id(rs->identity_digest);
|
const node_t *node = node_get_by_id(rs->identity_digest);
|
||||||
|
|
||||||
if (node && !node_awaiting_ipv6(options, node)) {
|
if (node && !node_awaiting_ipv6(options, node)) {
|
||||||
return fascist_firewall_choose_address_node(node, fw_connection, pref_only,
|
fascist_firewall_choose_address_node(node, fw_connection, pref_only, ap);
|
||||||
ap);
|
|
||||||
} else {
|
} else {
|
||||||
/* There's no node-specific IPv6 preference, so use the generic IPv6
|
/* There's no node-specific IPv6 preference, so use the generic IPv6
|
||||||
* preference instead. */
|
* preference instead. */
|
||||||
@ -979,37 +974,31 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs,
|
|||||||
|
|
||||||
/* Assume IPv4 and IPv6 DirPorts are the same.
|
/* Assume IPv4 and IPv6 DirPorts are the same.
|
||||||
* Assume the IPv6 OR and Dir addresses are the same. */
|
* Assume the IPv6 OR and Dir addresses are the same. */
|
||||||
return fascist_firewall_choose_address_ipv4h(rs->addr,
|
fascist_firewall_choose_address_ipv4h(rs->addr, rs->or_port, rs->dir_port,
|
||||||
rs->or_port,
|
&rs->ipv6_addr, rs->ipv6_orport,
|
||||||
rs->dir_port,
|
rs->dir_port, fw_connection,
|
||||||
&rs->ipv6_addr,
|
pref_only, pref_ipv6, ap);
|
||||||
rs->ipv6_orport,
|
|
||||||
rs->dir_port,
|
|
||||||
fw_connection,
|
|
||||||
pref_only,
|
|
||||||
pref_ipv6,
|
|
||||||
ap);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Like fascist_firewall_choose_address_base(), but takes <b>node</b>, and
|
/** Like fascist_firewall_choose_address_base(), but takes <b>node</b>, and
|
||||||
* looks up the node's IPv6 preference rather than taking an argument
|
* looks up the node's IPv6 preference rather than taking an argument
|
||||||
* for pref_ipv6. */
|
* for pref_ipv6. */
|
||||||
int
|
void
|
||||||
fascist_firewall_choose_address_node(const node_t *node,
|
fascist_firewall_choose_address_node(const node_t *node,
|
||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only, tor_addr_port_t *ap)
|
int pref_only, tor_addr_port_t *ap)
|
||||||
{
|
{
|
||||||
if (!node) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
node_assert_ok(node);
|
|
||||||
tor_assert(ap);
|
tor_assert(ap);
|
||||||
|
|
||||||
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
||||||
ap->port = 0;
|
ap->port = 0;
|
||||||
|
|
||||||
|
if (!node) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
node_assert_ok(node);
|
||||||
/* Calling fascist_firewall_choose_address_node() when the node is missing
|
/* Calling fascist_firewall_choose_address_node() when the node is missing
|
||||||
* IPv6 information breaks IPv6-only clients.
|
* IPv6 information breaks IPv6-only clients.
|
||||||
* If the node is a hard-coded fallback directory or authority, call
|
* If the node is a hard-coded fallback directory or authority, call
|
||||||
@ -1019,7 +1008,7 @@ fascist_firewall_choose_address_node(const node_t *node,
|
|||||||
* descriptor (routerinfo), or is one of our configured bridges before
|
* descriptor (routerinfo), or is one of our configured bridges before
|
||||||
* calling this function. */
|
* calling this function. */
|
||||||
if (BUG(node_awaiting_ipv6(get_options(), node))) {
|
if (BUG(node_awaiting_ipv6(get_options(), node))) {
|
||||||
return 0;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION
|
const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION
|
||||||
@ -1037,41 +1026,36 @@ fascist_firewall_choose_address_node(const node_t *node,
|
|||||||
node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
|
node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
|
||||||
|
|
||||||
/* Assume the IPv6 OR and Dir addresses are the same. */
|
/* Assume the IPv6 OR and Dir addresses are the same. */
|
||||||
return fascist_firewall_choose_address_base(&ipv4_or_ap.addr,
|
fascist_firewall_choose_address_base(&ipv4_or_ap.addr, ipv4_or_ap.port,
|
||||||
ipv4_or_ap.port,
|
ipv4_dir_ap.port, &ipv6_or_ap.addr,
|
||||||
ipv4_dir_ap.port,
|
ipv6_or_ap.port, ipv6_dir_ap.port,
|
||||||
&ipv6_or_ap.addr,
|
fw_connection, pref_only,
|
||||||
ipv6_or_ap.port,
|
pref_ipv6_node, ap);
|
||||||
ipv6_dir_ap.port,
|
|
||||||
fw_connection,
|
|
||||||
pref_only,
|
|
||||||
pref_ipv6_node,
|
|
||||||
ap);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */
|
/** Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */
|
||||||
int
|
void
|
||||||
fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
|
fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
|
||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only,
|
int pref_only,
|
||||||
tor_addr_port_t *ap)
|
tor_addr_port_t *ap)
|
||||||
{
|
{
|
||||||
if (!ds) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
tor_assert(ap);
|
tor_assert(ap);
|
||||||
|
|
||||||
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
tor_addr_make_null(&ap->addr, AF_UNSPEC);
|
||||||
ap->port = 0;
|
ap->port = 0;
|
||||||
|
|
||||||
|
if (!ds) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* A dir_server_t always has a fake_status. As long as it has the same
|
/* A dir_server_t always has a fake_status. As long as it has the same
|
||||||
* addresses/ports in both fake_status and dir_server_t, this works fine.
|
* addresses/ports in both fake_status and dir_server_t, this works fine.
|
||||||
* (See #17867.)
|
* (See #17867.)
|
||||||
* This function relies on fascist_firewall_choose_address_rs looking up the
|
* This function relies on fascist_firewall_choose_address_rs looking up the
|
||||||
* node if it can, because that will get the latest info for the relay. */
|
* node if it can, because that will get the latest info for the relay. */
|
||||||
return fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection,
|
fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection,
|
||||||
pref_only, ap);
|
pref_only, ap);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return 1 if <b>addr</b> is permitted to connect to our dir port,
|
/** Return 1 if <b>addr</b> is permitted to connect to our dir port,
|
||||||
|
@ -55,13 +55,13 @@ int fascist_firewall_allows_dir_server(const dir_server_t *ds,
|
|||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only);
|
int pref_only);
|
||||||
|
|
||||||
int fascist_firewall_choose_address_rs(const routerstatus_t *rs,
|
void fascist_firewall_choose_address_rs(const routerstatus_t *rs,
|
||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only, tor_addr_port_t* ap);
|
int pref_only, tor_addr_port_t* ap);
|
||||||
int fascist_firewall_choose_address_node(const node_t *node,
|
void fascist_firewall_choose_address_node(const node_t *node,
|
||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only, tor_addr_port_t* ap);
|
int pref_only, tor_addr_port_t* ap);
|
||||||
int fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
|
void fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
|
||||||
firewall_connection_t fw_connection,
|
firewall_connection_t fw_connection,
|
||||||
int pref_only, tor_addr_port_t* ap);
|
int pref_only, tor_addr_port_t* ap);
|
||||||
|
|
||||||
|
@ -1923,11 +1923,8 @@ test_policies_fascist_firewall_allows_address(void *arg)
|
|||||||
tor_addr_port_t chosen_rs_ap; \
|
tor_addr_port_t chosen_rs_ap; \
|
||||||
tor_addr_make_null(&chosen_rs_ap.addr, AF_INET); \
|
tor_addr_make_null(&chosen_rs_ap.addr, AF_INET); \
|
||||||
chosen_rs_ap.port = 0; \
|
chosen_rs_ap.port = 0; \
|
||||||
tt_int_op(fascist_firewall_choose_address_rs(&(fake_rs), \
|
fascist_firewall_choose_address_rs(&(fake_rs), (fw_connection), \
|
||||||
(fw_connection), \
|
(pref_only), &chosen_rs_ap); \
|
||||||
(pref_only), \
|
|
||||||
&chosen_rs_ap), \
|
|
||||||
OP_EQ, (expect_rv)); \
|
|
||||||
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_rs_ap.addr)); \
|
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_rs_ap.addr)); \
|
||||||
tt_int_op((expect_ap).port, OP_EQ, chosen_rs_ap.port); \
|
tt_int_op((expect_ap).port, OP_EQ, chosen_rs_ap.port); \
|
||||||
STMT_END
|
STMT_END
|
||||||
@ -1940,11 +1937,8 @@ test_policies_fascist_firewall_allows_address(void *arg)
|
|||||||
tor_addr_port_t chosen_node_ap; \
|
tor_addr_port_t chosen_node_ap; \
|
||||||
tor_addr_make_null(&chosen_node_ap.addr, AF_INET); \
|
tor_addr_make_null(&chosen_node_ap.addr, AF_INET); \
|
||||||
chosen_node_ap.port = 0; \
|
chosen_node_ap.port = 0; \
|
||||||
tt_int_op(fascist_firewall_choose_address_node(&(fake_node), \
|
fascist_firewall_choose_address_node(&(fake_node),(fw_connection), \
|
||||||
(fw_connection), \
|
(pref_only), &chosen_node_ap); \
|
||||||
(pref_only), \
|
|
||||||
&chosen_node_ap), \
|
|
||||||
OP_EQ, (expect_rv)); \
|
|
||||||
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_node_ap.addr)); \
|
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_node_ap.addr)); \
|
||||||
tt_int_op((expect_ap).port, OP_EQ, chosen_node_ap.port); \
|
tt_int_op((expect_ap).port, OP_EQ, chosen_node_ap.port); \
|
||||||
STMT_END
|
STMT_END
|
||||||
|
Loading…
Reference in New Issue
Block a user