mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Add a magic value to cpath_layer_t to make sure that we can tell valid cpaths from freed ones. I audited this once; it could use another audit.
svn:r3831
This commit is contained in:
parent
905c16846a
commit
631ab5c69b
@ -739,6 +739,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
|
||||
crypt_path_t *tmp_cpath;
|
||||
|
||||
tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
|
||||
tmp_cpath->magic = CRYPT_PATH_MAGIC;
|
||||
|
||||
memset(&cell, 0, sizeof(cell_t));
|
||||
cell.command = CELL_CREATED;
|
||||
@ -761,6 +762,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
|
||||
circ->n_crypto = tmp_cpath->f_crypto;
|
||||
circ->p_digest = tmp_cpath->b_digest;
|
||||
circ->p_crypto = tmp_cpath->b_crypto;
|
||||
tmp_cpath->magic = 0;
|
||||
tor_free(tmp_cpath);
|
||||
|
||||
memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
|
||||
@ -1415,6 +1417,7 @@ onion_append_hop(crypt_path_t **head_ptr, routerinfo_t *choice) {
|
||||
/* link hop into the cpath, at the end. */
|
||||
onion_append_to_cpath(head_ptr, hop);
|
||||
|
||||
hop->magic = CRYPT_PATH_MAGIC;
|
||||
hop->state = CPATH_STATE_CLOSED;
|
||||
|
||||
hop->port = choice->or_port;
|
||||
|
@ -181,6 +181,7 @@ circuit_free_cpath_node(crypt_path_t *victim) {
|
||||
crypto_free_digest_env(victim->b_digest);
|
||||
if (victim->handshake_state)
|
||||
crypto_dh_free(victim->handshake_state);
|
||||
victim->magic = 0xDEADBEEFu;
|
||||
tor_free(victim);
|
||||
}
|
||||
|
||||
@ -456,6 +457,8 @@ void assert_cpath_layer_ok(const crypt_path_t *cp)
|
||||
{
|
||||
// tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
|
||||
// tor_assert(cp->port);
|
||||
tor_assert(cp);
|
||||
tor_assert(cp->magic == CRYPT_PATH_MAGIC);
|
||||
switch (cp->state)
|
||||
{
|
||||
case CPATH_STATE_OPEN:
|
||||
|
@ -707,9 +707,12 @@ typedef struct {
|
||||
char *signing_router;
|
||||
} routerlist_t;
|
||||
|
||||
#define CRYPT_PATH_MAGIC 0x70127012u
|
||||
|
||||
/** Holds accounting information for a single step in the layered encryption
|
||||
* performed by a circuit. Used only at the client edge of a circuit. */
|
||||
struct crypt_path_t {
|
||||
uint32_t magic;
|
||||
|
||||
/* crypto environments */
|
||||
/** Encryption key and counter for cells heading towards the OR at this
|
||||
|
@ -82,6 +82,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
|
||||
if (!cpath) {
|
||||
cpath = rendcirc->build_state->pending_final_cpath =
|
||||
tor_malloc_zero(sizeof(crypt_path_t));
|
||||
cpath->magic = CRYPT_PATH_MAGIC;
|
||||
if (!(cpath->handshake_state = crypto_dh_new())) {
|
||||
log_fn(LOG_WARN, "Couldn't allocate DH");
|
||||
goto err;
|
||||
|
@ -508,6 +508,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
|
||||
sizeof(launched->rend_query));
|
||||
launched->build_state->pending_final_cpath = cpath =
|
||||
tor_malloc_zero(sizeof(crypt_path_t));
|
||||
cpath->magic = CRYPT_PATH_MAGIC;
|
||||
launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
|
||||
|
||||
cpath->handshake_state = dh;
|
||||
|
Loading…
Reference in New Issue
Block a user