diff --git a/src/or/buffers.c b/src/or/buffers.c index 016e10a5db..a1ad82b50c 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -321,7 +321,7 @@ int fetch_from_buf(char *string, int string_len, buf_t *buf) { * If a) the headers include a Content-Length field and all bytes in * the body are present, or b) there's no Content-Length field and * all headers are present, then: - * copy headers and body into the supplied args (and null terminate + * strdup headers and body into the supplied args (and null terminate * them), remove them from buf, and return 1. * (If headers or body is NULL, discard that part of the buf.) * If a headers or body doesn't fit in the arg, return -1. @@ -329,8 +329,8 @@ int fetch_from_buf(char *string, int string_len, buf_t *buf) { * Else, change nothing and return 0. */ int fetch_from_buf_http(buf_t *buf, - char *headers_out, int max_headerlen, - char *body_out, int max_bodylen) { + char **headers_out, int max_headerlen, + char **body_out, int max_bodylen) { char *headers, *body; int i; int headerlen, bodylen, contentlen; @@ -346,7 +346,7 @@ int fetch_from_buf_http(buf_t *buf, body = buf->mem+i; headerlen = body-headers; /* includes the CRLFCRLF */ bodylen = buf->datalen - headerlen; - log_fn(LOG_DEBUG,"headerlen %d, bodylen %d.",headerlen,bodylen); + log_fn(LOG_DEBUG,"headerlen %d, bodylen %d.", headerlen, bodylen); if(headers_out && max_headerlen <= headerlen) { log_fn(LOG_WARN,"headerlen %d larger than %d. Failing.", headerlen, max_headerlen-1); @@ -373,12 +373,14 @@ int fetch_from_buf_http(buf_t *buf, } /* all happy. copy into the appropriate places, and return 1 */ if(headers_out) { - memcpy(headers_out,buf->mem,headerlen); - headers_out[headerlen] = 0; /* null terminate it */ + *headers_out = tor_malloc(headerlen+1); + memcpy(*headers_out,buf->mem,headerlen); + *headers_out[headerlen] = 0; /* null terminate it */ } if(body_out) { - memcpy(body_out,buf->mem+headerlen,bodylen); - body_out[bodylen] = 0; /* null terminate it */ + *body_out = tor_malloc(bodylen+1); + memcpy(*body_out,buf->mem+headerlen,bodylen); + *body_out[bodylen] = 0; /* null terminate it */ } buf_remove_from_front(buf, headerlen+bodylen); return 1; diff --git a/src/or/circuit.c b/src/or/circuit.c index a1705a7684..e9bf1db18f 100644 --- a/src/or/circuit.c +++ b/src/or/circuit.c @@ -369,7 +369,7 @@ int circuit_deliver_relay_cell(cell_t *cell, circuit_t *circ, } if(cell_direction == CELL_DIRECTION_IN) { if(relay_check_digest(layer_hint->b_digest, cell) < 0) { - log_fn(LOG_WARN,"outgoing cell failed integrity check. Closing circ."); + log_fn(LOG_WARN,"incoming cell failed integrity check. Closing circ."); return -1; } ++stats_n_relay_cells_delivered; diff --git a/src/or/directory.c b/src/or/directory.c index 30da4dc666..78ab7e11a7 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -94,7 +94,7 @@ static int directory_send_command(connection_t *conn, int command) { } int connection_dir_process_inbuf(connection_t *conn) { - char directory[MAX_DIR_SIZE+1]; + char *directory; int directorylen=0; assert(conn && conn->type == CONN_TYPE_DIR); @@ -104,7 +104,7 @@ int connection_dir_process_inbuf(connection_t *conn) { case DIR_CONN_STATE_CLIENT_READING_FETCH: /* kill it, but first fetch/process the directory to learn about new routers. */ switch(fetch_from_buf_http(conn->inbuf, - NULL, 0, directory, MAX_DIR_SIZE)) { + NULL, 0, &directory, MAX_DIR_SIZE)) { case -1: /* overflow */ log_fn(LOG_WARN,"'fetch' response too large. Failing."); return -1; @@ -118,6 +118,7 @@ int connection_dir_process_inbuf(connection_t *conn) { log_fn(LOG_INFO,"Received directory (size %d):\n%s", directorylen, directory); if(directorylen == 0) { log_fn(LOG_INFO,"Empty directory. Ignoring."); + free(directory); return -1; } if(router_set_routerlist_from_directory(directory, conn->identity_pkey) < 0){ @@ -128,6 +129,7 @@ int connection_dir_process_inbuf(connection_t *conn) { if(options.ORPort) { /* connect to them all */ router_retry_connections(); } + free(directory); return -1; case DIR_CONN_STATE_CLIENT_READING_UPLOAD: /* XXX make sure there's a 200 OK on the buffer */ @@ -148,16 +150,56 @@ int connection_dir_process_inbuf(connection_t *conn) { return 0; } -static int directory_handle_command(connection_t *conn) { - char headers[2048]; - char body[50000]; /* XXX */ +static int directory_handle_command_get(connection_t *conn, + char *headers, char *body) { size_t dlen; const char *cp; + /* XXX should check url and http version */ + log_fn(LOG_DEBUG,"Received GET command."); + + dlen = dirserv_get_directory(&cp); + + if(dlen == 0) { + log_fn(LOG_WARN,"My directory is empty. Closing."); + return -1; /* XXX send some helpful http error code */ + } + + log_fn(LOG_DEBUG,"Dumping directory to client."); + connection_write_to_buf(answerstring, strlen(answerstring), conn); + connection_write_to_buf(cp, dlen, conn); + conn->state = DIR_CONN_STATE_SERVER_WRITING; + return 0; +} + +static int directory_handle_command_post(connection_t *conn, + char *headers, char *body) { + const char *cp; + + /* XXX should check url and http version */ + log_fn(LOG_DEBUG,"Received POST command."); + cp = body; + if(dirserv_add_descriptor(&cp) < 0) { + log_fn(LOG_WARN,"dirserv_add_descriptor() failed. Dropping."); + return -1; /* XXX should write an http failed code */ + } + dirserv_get_directory(&cp); /* rebuild and write to disk */ + connection_write_to_buf(answerstring, strlen(answerstring), conn); + conn->state = DIR_CONN_STATE_SERVER_WRITING; + return 0; +} + +static int directory_handle_command(connection_t *conn) { + char *headers=NULL, *body=NULL; + int r; + +#define MAX_HEADERS_SIZE 2048 +#define MAX_BODY_SIZE 500000 + assert(conn && conn->type == CONN_TYPE_DIR); switch(fetch_from_buf_http(conn->inbuf, - headers, sizeof(headers), body, sizeof(body))) { + &headers, MAX_HEADERS_SIZE, &body, MAX_BODY_SIZE)) { case -1: /* overflow */ log_fn(LOG_WARN,"input too large. Failing."); return -1; @@ -167,41 +209,19 @@ static int directory_handle_command(connection_t *conn) { /* case 1, fall through */ } - log_fn(LOG_DEBUG,"headers '%s', body '%s'.",headers,body); - if(!strncasecmp(headers,"GET",3)) { - /* XXX should check url and http version */ - log_fn(LOG_DEBUG,"Received GET command."); + log_fn(LOG_DEBUG,"headers '%s', body '%s'.", headers, body); - dlen = dirserv_get_directory(&cp); - - if(dlen == 0) { - log_fn(LOG_WARN,"My directory is empty. Closing."); - return -1; /* XXX send some helpful http error code */ - } - - log_fn(LOG_DEBUG,"Dumping directory to client."); - connection_write_to_buf(answerstring, strlen(answerstring), conn); - connection_write_to_buf(cp, dlen, conn); - conn->state = DIR_CONN_STATE_SERVER_WRITING; - return 0; + if(!strncasecmp(headers,"GET",3)) + r = directory_handle_command_get(conn, headers, body); + else if (!strncasecmp(headers,"POST",4)) + r = directory_handle_command_post(conn, headers, body); + else { + log_fn(LOG_WARN,"Got headers '%s' with unknown command. Closing.", headers); + r = -1; } - if(!strncasecmp(headers,"POST",4)) { - /* XXX should check url and http version */ - log_fn(LOG_DEBUG,"Received POST command."); - cp = body; - if(dirserv_add_descriptor(&cp) < 0) { - log_fn(LOG_WARN,"dirserv_add_descriptor() failed. Dropping."); - return -1; /* XXX should write an http failed code */ - } - dirserv_get_directory(&cp); /* rebuild and write to disk */ - connection_write_to_buf(answerstring, strlen(answerstring), conn); - conn->state = DIR_CONN_STATE_SERVER_WRITING; - return 0; - } - - log_fn(LOG_WARN,"Got headers with unknown command. Closing."); - return -1; + tor_free(headers); tor_free(body); + return r; } int connection_dir_finished_flushing(connection_t *conn) { diff --git a/src/or/or.h b/src/or/or.h index 27d50d24a9..076d2b9074 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -106,7 +106,7 @@ #define DEFAULT_BANDWIDTH_OP (1024 * 1000) #define MAX_NICKNAME_LEN 32 -#define MAX_DIR_SIZE 50000 /* XXX, big enough? */ +#define MAX_DIR_SIZE 500000 #define MAX_DNS_ENTRY_AGE (15*60) @@ -532,8 +532,8 @@ int flush_buf_tls(tor_tls *tls, buf_t *buf, int *buf_flushlen); int write_to_buf(const char *string, int string_len, buf_t *buf); int fetch_from_buf(char *string, int string_len, buf_t *buf); int fetch_from_buf_http(buf_t *buf, - char *headers_out, int max_headerlen, - char *body_out, int max_bodylen); + char **headers_out, int max_headerlen, + char **body_out, int max_bodylen); int fetch_from_buf_socks(buf_t *buf, socks_request_t *req); /********************************* circuit.c ***************************/ diff --git a/src/or/router.c b/src/or/router.c index 9ae4ebd146..54e81dc90d 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -271,9 +271,9 @@ static void router_add_exit_policy_from_config(routerinfo_t *router) { e = strchr(s,','); if(!e) { last = 1; - strncpy(line,s,1023); + strncpy(line,s,1023); } else { - memcpy(line,s, ((e-s)<1023)?(e-s):1023); + memcpy(line,s, ((e-s)<1023)?(e-s):1023); line[e-s] = 0; } line[1023]=0;