From 53ec840bdfa3dfa421b3cecd7a90a3cd5e39d15c Mon Sep 17 00:00:00 2001 From: "teor (Tim Wilson-Brown)" Date: Thu, 19 Nov 2015 19:08:22 +1100 Subject: [PATCH 1/2] Make tor_ersatz_socketpair work on IPv6-only systems (But it won't work on some systems without IPv4/IPv6 localhost (some BSD jails) by design, to avoid creating sockets on routable IP addresses. However, those systems likely have the AF_UNIX socketpair, which tor prefers.) Fixes bug #17638; bugfix on a very early tor version, earlier than 22dba27d8dd5 (23 Nov 2004) / svn:r2943. Patch by "teor". --- changes/bug17638-ipv6-ersatz-socketpair | 5 ++ src/common/compat.c | 88 ++++++++++++++++++------- src/test/test_util.c | 16 ++--- 3 files changed, 74 insertions(+), 35 deletions(-) create mode 100644 changes/bug17638-ipv6-ersatz-socketpair diff --git a/changes/bug17638-ipv6-ersatz-socketpair b/changes/bug17638-ipv6-ersatz-socketpair new file mode 100644 index 0000000000..6193065ff3 --- /dev/null +++ b/changes/bug17638-ipv6-ersatz-socketpair @@ -0,0 +1,5 @@ + o Minor bugfix (IPv6 compatibility, unit tests): + - Make tor_ersatz_socketpair work on IPv6-only systems. + Fixes bug #17638; bugfix on a very early tor version, + earlier than 22dba27d8dd5 (23 Nov 2004) / svn:r2943. + Patch by "teor". diff --git a/src/common/compat.c b/src/common/compat.c index 7d72b4b7fd..24698c30e4 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1486,6 +1486,12 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) } #ifdef NEED_ERSATZ_SOCKETPAIR + +#define SIZEOF_SOCKADDR(domain) \ + (domain == AF_INET ? sizeof(struct sockaddr_in) : \ + (domain == AF_INET6 ? sizeof(struct sockaddr_in6) : \ + ((size_t)0) /* unsupported, don't match any valid size */)) + /** * Helper used to implement socketpair on systems that lack it, by * making a direct connection to localhost. @@ -1501,12 +1507,19 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) tor_socket_t listener = TOR_INVALID_SOCKET; tor_socket_t connector = TOR_INVALID_SOCKET; tor_socket_t acceptor = TOR_INVALID_SOCKET; - struct sockaddr_in listen_addr; - struct sockaddr_in connect_addr; + tor_addr_t listen_tor_addr; + struct sockaddr listen_addr; + in_port_t listen_port = 0; + tor_addr_t connect_tor_addr; + in_port_t connect_port = 0; + struct sockaddr connect_addr; socklen_t size; int saved_errno = -1; + int ersatz_domain = AF_INET; + memset(&connect_tor_addr, 0, sizeof(connect_tor_addr)); memset(&connect_addr, 0, sizeof(connect_addr)); + memset(&listen_tor_addr, 0, sizeof(listen_tor_addr)); memset(&listen_addr, 0, sizeof(listen_addr)); if (protocol @@ -1524,47 +1537,71 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) return -EINVAL; } - listener = tor_open_socket(AF_INET, type, 0); - if (!SOCKET_OK(listener)) - return -tor_socket_errno(-1); - memset(&listen_addr, 0, sizeof(listen_addr)); - listen_addr.sin_family = AF_INET; - listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - listen_addr.sin_port = 0; /* kernel chooses port. */ - if (bind(listener, (struct sockaddr *) &listen_addr, sizeof (listen_addr)) - == -1) + listener = tor_open_socket(ersatz_domain, type, 0); + if (!SOCKET_OK(listener)) { + int first_errno = tor_socket_errno(-1); + if (first_errno == SOCK_ERRNO(EPROTONOSUPPORT) + && ersatz_domain == AF_INET) { + /* Assume we're on an IPv6-only system */ + ersatz_domain = AF_INET6; + listener = tor_open_socket(ersatz_domain, type, 0); + if (!SOCKET_OK(listener)) { + /* Keep the previous behaviour, which was to return the IPv4 error. + * (This may be less informative on IPv6-only systems.) + * XX/teor - is there a better way to decide which errno to return? + * (I doubt we care much either way, once there is an error.) + */ + return -first_errno; + } + } + } + /* If there is no 127.0.0.1 or ::1, this will and must fail. Otherwise, we + * risk exposing a socketpair on a routable IP address. (Some BSD jails + * use a routable address for localhost. Fortunately, they have the real + * AF_UNIX socketpair.) */ + if (ersatz_domain == AF_INET) { + tor_addr_from_ipv4h(&listen_tor_addr, INADDR_LOOPBACK); + } else { + tor_addr_parse(&listen_tor_addr, "[::1]"); + } + tor_assert(tor_addr_is_loopback(&listen_tor_addr)); + tor_addr_to_sockaddr(&listen_tor_addr, + 0 /* kernel chooses port. */, + &listen_addr, + sizeof (listen_addr)); + if (bind(listener, &listen_addr, sizeof (listen_addr)) == -1) goto tidy_up_and_fail; if (listen(listener, 1) == -1) goto tidy_up_and_fail; - connector = tor_open_socket(AF_INET, type, 0); + connector = tor_open_socket(ersatz_domain, type, 0); if (!SOCKET_OK(connector)) goto tidy_up_and_fail; /* We want to find out the port number to connect to. */ size = sizeof(connect_addr); - if (getsockname(listener, (struct sockaddr *) &connect_addr, &size) == -1) + if (getsockname(listener, &connect_addr, &size) == -1) goto tidy_up_and_fail; - if (size != sizeof (connect_addr)) + if (size != SIZEOF_SOCKADDR (connect_addr.sa_family)) goto abort_tidy_up_and_fail; - if (connect(connector, (struct sockaddr *) &connect_addr, - sizeof(connect_addr)) == -1) + if (connect(connector, &connect_addr, sizeof(connect_addr)) == -1) goto tidy_up_and_fail; size = sizeof(listen_addr); - acceptor = tor_accept_socket(listener, - (struct sockaddr *) &listen_addr, &size); + acceptor = tor_accept_socket(listener, &listen_addr, &size); if (!SOCKET_OK(acceptor)) goto tidy_up_and_fail; - if (size != sizeof(listen_addr)) + if (size != SIZEOF_SOCKADDR(listen_addr.sa_family)) goto abort_tidy_up_and_fail; /* Now check we are talking to ourself by matching port and host on the two sockets. */ - if (getsockname(connector, (struct sockaddr *) &connect_addr, &size) == -1) + if (getsockname(connector, &connect_addr, &size) == -1) goto tidy_up_and_fail; - if (size != sizeof (connect_addr) - || listen_addr.sin_family != connect_addr.sin_family - || listen_addr.sin_addr.s_addr != connect_addr.sin_addr.s_addr - || listen_addr.sin_port != connect_addr.sin_port) { + /* Set *_tor_addr and *_port to the address and port that was used */ + tor_addr_from_sockaddr(&listen_tor_addr, &listen_addr, &listen_port); + tor_addr_from_sockaddr(&connect_tor_addr, &connect_addr, &connect_port); + if (size != SIZEOF_SOCKADDR (connect_addr.sa_family) + || tor_addr_compare(&listen_tor_addr, &connect_tor_addr, CMP_SEMANTIC) + || listen_port != connect_port) { goto abort_tidy_up_and_fail; } tor_close_socket(listener); @@ -1590,6 +1627,9 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) tor_close_socket(acceptor); return -saved_errno; } + +#undef SIZEOF_SOCKADDR + #endif /* Return the maximum number of allowed sockets. */ diff --git a/src/test/test_util.c b/src/test/test_util.c index 187cb23125..eecc50a287 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4342,9 +4342,6 @@ fd_is_nonblocking(tor_socket_t fd) } #endif -#define ERRNO_IS_EPROTO(e) (e == SOCK_ERRNO(EPROTONOSUPPORT)) -#define SOCK_ERR_IS_EPROTO(s) ERRNO_IS_EPROTO(tor_socket_errno(s)) - /* Test for tor_open_socket*, using IPv4 or IPv6 depending on arg. */ static void test_util_socket(void *arg) @@ -4361,7 +4358,7 @@ test_util_socket(void *arg) (void)arg; fd1 = tor_open_socket_with_extensions(domain, SOCK_STREAM, 0, 0, 0); - if (SOCK_ERR_IS_EPROTO(fd1)) { + if (tor_socket_errno(fd1) == SOCK_ERRNO(EPROTONOSUPPORT)) { /* Assume we're on an IPv4-only or IPv6-only system, and give up now. */ goto done; } @@ -4424,11 +4421,10 @@ test_util_socketpair(void *arg) int socketpair_result = 0; socketpair_result = tor_socketpair_fn(family, SOCK_STREAM, 0, fds); - if (ersatz && ERRNO_IS_EPROTO(-socketpair_result)) { - /* Assume we're on an IPv6-only system, and give up now. - * (tor_ersatz_socketpair uses IPv4.) */ - goto done; - } + /* If there is no 127.0.0.1 or ::1, tor_ersatz_socketpair will and must fail. + * Otherwise, we risk exposing a socketpair on a routable IP address. (Some + * BSD jails use a routable address for localhost. Fortunately, they have + * the real AF_UNIX socketpair.) */ tt_int_op(0, OP_EQ, socketpair_result); tt_assert(SOCKET_OK(fds[0])); tt_assert(SOCKET_OK(fds[1])); @@ -4449,8 +4445,6 @@ test_util_socketpair(void *arg) tor_close_socket(fds[1]); } -#undef SOCKET_EPROTO - static void test_util_max_mem(void *arg) { From f19d6b81c8fd38e2f86f0405ea3f788aa10c647b Mon Sep 17 00:00:00 2001 From: "teor (Tim Wilson-Brown)" Date: Thu, 19 Nov 2015 19:20:01 +1100 Subject: [PATCH 2/2] Fixup #17638: ignore EINVAL from FreeBSD jails without ::1 In my testing, an IPv6-only FreeBSD jail without ::1 returned EINVAL from tor_ersatz_socketpair. Let's not fail the unit test because of this - it would only ever use tor_socketpair() anyway. --- src/test/test_util.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/test/test_util.c b/src/test/test_util.c index eecc50a287..05c57c32a7 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4425,6 +4425,11 @@ test_util_socketpair(void *arg) * Otherwise, we risk exposing a socketpair on a routable IP address. (Some * BSD jails use a routable address for localhost. Fortunately, they have * the real AF_UNIX socketpair.) */ + if (-socketpair_result == SOCK_ERRNO(EINVAL)) { + /* In my testing, an IPv6-only FreeBSD jail without ::1 returned EINVAL. + * Assume we're on a machine without 127.0.0.1 or ::1 and give up now. */ + goto done; + } tt_int_op(0, OP_EQ, socketpair_result); tt_assert(SOCKET_OK(fds[0])); tt_assert(SOCKET_OK(fds[1]));