nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-25 04:43:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement protocol-type isolation correctly.

Browse Source 
Previously we'd just looked at the connection type, but that's
always CONN_TYPE_AP.  Instead, we should be looking at the type of
the listener that created the connection.

Spotted by rransom; fixes bug 3636.
This commit is contained in:
Nick Mathewson 2011-08-02 10:48:39 -04:00
parent 478785a762
commit 6596aa022f
4 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/or/connection.c
View File

@ -1251,6 +1251,7 @@ connection_init_accepted_conn(connection_t *conn,
TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags; TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags;
TO_EDGE_CONN(conn)->session_group = listener->session_group; TO_EDGE_CONN(conn)->session_group = listener->session_group;
TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch(); TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch();
TO_EDGE_CONN(conn)->socks_request->listener_type = listener->_base.type;
switch (TO_CONN(listener)->type) { switch (TO_CONN(listener)->type) {
case CONN_TYPE_AP_LISTENER: case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT; conn->state = AP_CONN_STATE_SOCKS_WAIT;

9
src/or/connection_edge.c
View File

@ -2582,6 +2582,7 @@ connection_ap_make_link(connection_t *partner,
} }
/* Populate isolation fields. */ /* Populate isolation fields. */
conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
conn->original_dest_address = tor_strdup(address); conn->original_dest_address = tor_strdup(address);
conn->session_group = session_group; conn->session_group = session_group;
conn->isolation_flags = isolation_flags; conn->isolation_flags = isolation_flags;
@ -3362,7 +3363,7 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
strcmp_opt(a->socks_request->password, b->socks_request->password))) strcmp_opt(a->socks_request->password, b->socks_request->password)))
return 0; return 0;
if ((iso & ISO_CLIENTPROTO) && if ((iso & ISO_CLIENTPROTO) &&
(TO_CONN(a)->type != TO_CONN(b)->type || (a->socks_request->listener_type != b->socks_request->listener_type ||
a->socks_request->socks_version != b->socks_request->socks_version)) a->socks_request->socks_version != b->socks_request->socks_version))
return 0; return 0;
if ((iso & ISO_CLIENTADDR) && if ((iso & ISO_CLIENTADDR) &&
@ -3424,7 +3425,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
strcmp_opt(conn->socks_request->password, circ->socks_password))) strcmp_opt(conn->socks_request->password, circ->socks_password)))
return 0; return 0;
if ((iso & ISO_CLIENTPROTO) && if ((iso & ISO_CLIENTPROTO) &&
(TO_CONN(conn)->type != circ->client_proto_type || (conn->socks_request->listener_type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver)) conn->socks_request->socks_version != circ->client_proto_socksver))
return 0; return 0;
if ((iso & ISO_CLIENTADDR) && if ((iso & ISO_CLIENTADDR) &&
@ -3463,7 +3464,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
return -1; return -1;
circ->dest_port = conn->socks_request->port; circ->dest_port = conn->socks_request->port;
circ->dest_address = tor_strdup(conn->original_dest_address); circ->dest_address = tor_strdup(conn->original_dest_address);
circ->client_proto_type = TO_CONN(conn)->type; circ->client_proto_type = conn->socks_request->listener_type;
circ->client_proto_socksver = conn->socks_request->socks_version; circ->client_proto_socksver = conn->socks_request->socks_version;
tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr); tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);
circ->session_group = conn->session_group; circ->session_group = conn->session_group;
@ -3484,7 +3485,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
if (strcmp_opt(conn->socks_request->username, circ->socks_username) || if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
strcmp_opt(conn->socks_request->password, circ->socks_password)) strcmp_opt(conn->socks_request->password, circ->socks_password))
mixed |= ISO_SOCKSAUTH; mixed |= ISO_SOCKSAUTH;
if ((TO_CONN(conn)->type != circ->client_proto_type || if ((conn->socks_request->listener_type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver)) conn->socks_request->socks_version != circ->client_proto_socksver))
mixed |= ISO_CLIENTPROTO; mixed |= ISO_CLIENTPROTO;
if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr)) if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr))

2
src/or/dnsserv.c
View File

@ -131,6 +131,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
strlcpy(conn->socks_request->address, q->name, strlcpy(conn->socks_request->address, q->name,
sizeof(conn->socks_request->address)); sizeof(conn->socks_request->address));
conn->socks_request->listener_type = listener->_base.type;
conn->dns_server_request = req; conn->dns_server_request = req;
conn->isolation_flags = listener->isolation_flags; conn->isolation_flags = listener->isolation_flags;
conn->session_group = listener->session_group; conn->session_group = listener->session_group;
@ -185,6 +186,7 @@ dnsserv_launch_request(const char *name, int reverse)
strlcpy(conn->socks_request->address, name, strlcpy(conn->socks_request->address, name,
sizeof(conn->socks_request->address)); sizeof(conn->socks_request->address));
conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
conn->original_dest_address = tor_strdup(name); conn->original_dest_address = tor_strdup(name);
conn->session_group = SESSION_GROUP_CONTROL_RESOLVE; conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
conn->nym_epoch = get_signewnym_epoch(); conn->nym_epoch = get_signewnym_epoch();

2
src/or/or.h
View File

@ -3382,6 +3382,8 @@ struct socks_request_t {
uint8_t auth_type; uint8_t auth_type;
/** What is this stream's goal? One of the SOCKS_COMMAND_* values */ /** What is this stream's goal? One of the SOCKS_COMMAND_* values */
uint8_t command; uint8_t command;
/** Which kind of listener created this stream? */
uint8_t listener_type;
size_t replylen; /**< Length of <b>reply</b>. */ size_t replylen; /**< Length of <b>reply</b>. */
uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
* we want to specify our own socks reply, * we want to specify our own socks reply,