mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Add a magic value to cpath_layer_t to make sure that we can tell valid cpaths from freed ones. I audited this once; it could use another audit.
svn:r3831
This commit is contained in:
parent
905c16846a
commit
631ab5c69b
@ -739,6 +739,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
|
|||||||
crypt_path_t *tmp_cpath;
|
crypt_path_t *tmp_cpath;
|
||||||
|
|
||||||
tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
|
tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
|
||||||
|
tmp_cpath->magic = CRYPT_PATH_MAGIC;
|
||||||
|
|
||||||
memset(&cell, 0, sizeof(cell_t));
|
memset(&cell, 0, sizeof(cell_t));
|
||||||
cell.command = CELL_CREATED;
|
cell.command = CELL_CREATED;
|
||||||
@ -761,6 +762,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
|
|||||||
circ->n_crypto = tmp_cpath->f_crypto;
|
circ->n_crypto = tmp_cpath->f_crypto;
|
||||||
circ->p_digest = tmp_cpath->b_digest;
|
circ->p_digest = tmp_cpath->b_digest;
|
||||||
circ->p_crypto = tmp_cpath->b_crypto;
|
circ->p_crypto = tmp_cpath->b_crypto;
|
||||||
|
tmp_cpath->magic = 0;
|
||||||
tor_free(tmp_cpath);
|
tor_free(tmp_cpath);
|
||||||
|
|
||||||
memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
|
memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
|
||||||
@ -1415,6 +1417,7 @@ onion_append_hop(crypt_path_t **head_ptr, routerinfo_t *choice) {
|
|||||||
/* link hop into the cpath, at the end. */
|
/* link hop into the cpath, at the end. */
|
||||||
onion_append_to_cpath(head_ptr, hop);
|
onion_append_to_cpath(head_ptr, hop);
|
||||||
|
|
||||||
|
hop->magic = CRYPT_PATH_MAGIC;
|
||||||
hop->state = CPATH_STATE_CLOSED;
|
hop->state = CPATH_STATE_CLOSED;
|
||||||
|
|
||||||
hop->port = choice->or_port;
|
hop->port = choice->or_port;
|
||||||
|
@ -181,6 +181,7 @@ circuit_free_cpath_node(crypt_path_t *victim) {
|
|||||||
crypto_free_digest_env(victim->b_digest);
|
crypto_free_digest_env(victim->b_digest);
|
||||||
if (victim->handshake_state)
|
if (victim->handshake_state)
|
||||||
crypto_dh_free(victim->handshake_state);
|
crypto_dh_free(victim->handshake_state);
|
||||||
|
victim->magic = 0xDEADBEEFu;
|
||||||
tor_free(victim);
|
tor_free(victim);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -456,6 +457,8 @@ void assert_cpath_layer_ok(const crypt_path_t *cp)
|
|||||||
{
|
{
|
||||||
// tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
|
// tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
|
||||||
// tor_assert(cp->port);
|
// tor_assert(cp->port);
|
||||||
|
tor_assert(cp);
|
||||||
|
tor_assert(cp->magic == CRYPT_PATH_MAGIC);
|
||||||
switch (cp->state)
|
switch (cp->state)
|
||||||
{
|
{
|
||||||
case CPATH_STATE_OPEN:
|
case CPATH_STATE_OPEN:
|
||||||
|
@ -707,9 +707,12 @@ typedef struct {
|
|||||||
char *signing_router;
|
char *signing_router;
|
||||||
} routerlist_t;
|
} routerlist_t;
|
||||||
|
|
||||||
|
#define CRYPT_PATH_MAGIC 0x70127012u
|
||||||
|
|
||||||
/** Holds accounting information for a single step in the layered encryption
|
/** Holds accounting information for a single step in the layered encryption
|
||||||
* performed by a circuit. Used only at the client edge of a circuit. */
|
* performed by a circuit. Used only at the client edge of a circuit. */
|
||||||
struct crypt_path_t {
|
struct crypt_path_t {
|
||||||
|
uint32_t magic;
|
||||||
|
|
||||||
/* crypto environments */
|
/* crypto environments */
|
||||||
/** Encryption key and counter for cells heading towards the OR at this
|
/** Encryption key and counter for cells heading towards the OR at this
|
||||||
|
@ -82,6 +82,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
|
|||||||
if (!cpath) {
|
if (!cpath) {
|
||||||
cpath = rendcirc->build_state->pending_final_cpath =
|
cpath = rendcirc->build_state->pending_final_cpath =
|
||||||
tor_malloc_zero(sizeof(crypt_path_t));
|
tor_malloc_zero(sizeof(crypt_path_t));
|
||||||
|
cpath->magic = CRYPT_PATH_MAGIC;
|
||||||
if (!(cpath->handshake_state = crypto_dh_new())) {
|
if (!(cpath->handshake_state = crypto_dh_new())) {
|
||||||
log_fn(LOG_WARN, "Couldn't allocate DH");
|
log_fn(LOG_WARN, "Couldn't allocate DH");
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -508,6 +508,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
|
|||||||
sizeof(launched->rend_query));
|
sizeof(launched->rend_query));
|
||||||
launched->build_state->pending_final_cpath = cpath =
|
launched->build_state->pending_final_cpath = cpath =
|
||||||
tor_malloc_zero(sizeof(crypt_path_t));
|
tor_malloc_zero(sizeof(crypt_path_t));
|
||||||
|
cpath->magic = CRYPT_PATH_MAGIC;
|
||||||
launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
|
launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
|
||||||
|
|
||||||
cpath->handshake_state = dh;
|
cpath->handshake_state = dh;
|
||||||
|
Loading…
Reference in New Issue
Block a user