Add a magic value to cpath_layer_t to make sure that we can tell valid cpaths from freed ones. I audited this once; it could use another audit.

svn:r3831
This commit is contained in:
Nick Mathewson 2005-03-23 06:21:48 +00:00
parent 905c16846a
commit 631ab5c69b
5 changed files with 11 additions and 0 deletions

View File

@ -739,6 +739,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
crypt_path_t *tmp_cpath; crypt_path_t *tmp_cpath;
tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t)); tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
tmp_cpath->magic = CRYPT_PATH_MAGIC;
memset(&cell, 0, sizeof(cell_t)); memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_CREATED; cell.command = CELL_CREATED;
@ -761,6 +762,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
circ->n_crypto = tmp_cpath->f_crypto; circ->n_crypto = tmp_cpath->f_crypto;
circ->p_digest = tmp_cpath->b_digest; circ->p_digest = tmp_cpath->b_digest;
circ->p_crypto = tmp_cpath->b_crypto; circ->p_crypto = tmp_cpath->b_crypto;
tmp_cpath->magic = 0;
tor_free(tmp_cpath); tor_free(tmp_cpath);
memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN); memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
@ -1415,6 +1417,7 @@ onion_append_hop(crypt_path_t **head_ptr, routerinfo_t *choice) {
/* link hop into the cpath, at the end. */ /* link hop into the cpath, at the end. */
onion_append_to_cpath(head_ptr, hop); onion_append_to_cpath(head_ptr, hop);
hop->magic = CRYPT_PATH_MAGIC;
hop->state = CPATH_STATE_CLOSED; hop->state = CPATH_STATE_CLOSED;
hop->port = choice->or_port; hop->port = choice->or_port;

View File

@ -181,6 +181,7 @@ circuit_free_cpath_node(crypt_path_t *victim) {
crypto_free_digest_env(victim->b_digest); crypto_free_digest_env(victim->b_digest);
if (victim->handshake_state) if (victim->handshake_state)
crypto_dh_free(victim->handshake_state); crypto_dh_free(victim->handshake_state);
victim->magic = 0xDEADBEEFu;
tor_free(victim); tor_free(victim);
} }
@ -456,6 +457,8 @@ void assert_cpath_layer_ok(const crypt_path_t *cp)
{ {
// tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */ // tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
// tor_assert(cp->port); // tor_assert(cp->port);
tor_assert(cp);
tor_assert(cp->magic == CRYPT_PATH_MAGIC);
switch (cp->state) switch (cp->state)
{ {
case CPATH_STATE_OPEN: case CPATH_STATE_OPEN:

View File

@ -707,9 +707,12 @@ typedef struct {
char *signing_router; char *signing_router;
} routerlist_t; } routerlist_t;
#define CRYPT_PATH_MAGIC 0x70127012u
/** Holds accounting information for a single step in the layered encryption /** Holds accounting information for a single step in the layered encryption
* performed by a circuit. Used only at the client edge of a circuit. */ * performed by a circuit. Used only at the client edge of a circuit. */
struct crypt_path_t { struct crypt_path_t {
uint32_t magic;
/* crypto environments */ /* crypto environments */
/** Encryption key and counter for cells heading towards the OR at this /** Encryption key and counter for cells heading towards the OR at this

View File

@ -82,6 +82,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
if (!cpath) { if (!cpath) {
cpath = rendcirc->build_state->pending_final_cpath = cpath = rendcirc->build_state->pending_final_cpath =
tor_malloc_zero(sizeof(crypt_path_t)); tor_malloc_zero(sizeof(crypt_path_t));
cpath->magic = CRYPT_PATH_MAGIC;
if (!(cpath->handshake_state = crypto_dh_new())) { if (!(cpath->handshake_state = crypto_dh_new())) {
log_fn(LOG_WARN, "Couldn't allocate DH"); log_fn(LOG_WARN, "Couldn't allocate DH");
goto err; goto err;

View File

@ -508,6 +508,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
sizeof(launched->rend_query)); sizeof(launched->rend_query));
launched->build_state->pending_final_cpath = cpath = launched->build_state->pending_final_cpath = cpath =
tor_malloc_zero(sizeof(crypt_path_t)); tor_malloc_zero(sizeof(crypt_path_t));
cpath->magic = CRYPT_PATH_MAGIC;
launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT; launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
cpath->handshake_state = dh; cpath->handshake_state = dh;