nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-30 23:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

clean up socks handling, refuse connections to port 0

Browse Source 
svn:r2888
This commit is contained in:
Roger Dingledine 2004-11-15 07:50:15 +00:00
parent 72dd656b88
commit 67aa3b66c5
3 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/or/connection.c
View File

@ -180,6 +180,15 @@ void connection_free_all(void) {
connection_free(carray[i]); connection_free(carray[i]);
} }
/** Do any cleanup needed:
* - Directory conns that failed to fetch a rendezvous descriptor
* need to inform pending rendezvous streams.
* - OR conns need to call rep_hist_note_*() to record status.
* - AP conns need to send a socks reject if necessary.
* - Exit conns need to call connection_dns_remove() if necessary.
* - AP and Exit conns need to send an end cell if they can.
* - DNS conns need to fail any resolves that are pending on them.
*/
void connection_about_to_close_connection(connection_t *conn) void connection_about_to_close_connection(connection_t *conn)
{ {
@ -268,15 +277,7 @@ void connection_close_immediate(connection_t *conn)
} }
/** Mark <b>conn</b> to be closed next time we loop through /** Mark <b>conn</b> to be closed next time we loop through
* conn_close_if_marked() in main.c. Do any cleanup needed: * conn_close_if_marked() in main.c. */
* - Directory conns that fail to fetch a rendezvous descriptor need
* to inform pending rendezvous streams.
* - OR conns need to call rep_hist_note_*() to record status.
* - AP conns need to send a socks reject if necessary.
* - Exit conns need to call connection_dns_remove() if necessary.
* - AP and Exit conns need to send an end cell if they can.
* - DNS conns need to fail any resolves that are pending on them.
*/
int int
_connection_mark_for_close(connection_t *conn) _connection_mark_for_close(connection_t *conn)
{ {

21
src/or/connection_edge.c
View File

@ -379,18 +379,14 @@ static int connection_ap_handshake_process_socks(connection_t *conn) {
uint32_t answer; uint32_t answer;
/* Reply to resolves immediately if we can. */ /* Reply to resolves immediately if we can. */
if (strlen(socks->address) > RELAY_PAYLOAD_SIZE) { if (strlen(socks->address) > RELAY_PAYLOAD_SIZE) {
log_fn(LOG_WARN,"Address to be resolved is too large. Failing.");
connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL); connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL);
conn->socks_request->has_finished = 1; return -1;
conn->has_sent_end = 1;
connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1;
return 0;
} }
answer = htonl(client_dns_lookup_entry(socks->address)); answer = htonl(client_dns_lookup_entry(socks->address));
if (answer) { if (answer) {
connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4, connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4,
(char*)&answer); (char*)&answer);
conn->socks_request->has_finished = 1;
conn->has_sent_end = 1; conn->has_sent_end = 1;
connection_mark_for_close(conn); connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1; conn->hold_open_until_flushed = 1;
@ -401,6 +397,10 @@ static int connection_ap_handshake_process_socks(connection_t *conn) {
/* this call _modifies_ socks->address iff it's a hidden-service request */ /* this call _modifies_ socks->address iff it's a hidden-service request */
if (rend_parse_rendezvous_address(socks->address) < 0) { if (rend_parse_rendezvous_address(socks->address) < 0) {
/* normal request */ /* normal request */
if (socks->port == 0) {
log_fn(LOG_WARN,"Application asked to connect to port 0. Refusing.");
return -1;
}
conn->state = AP_CONN_STATE_CIRCUIT_WAIT; conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
return connection_ap_handshake_attach_circuit(conn); return connection_ap_handshake_attach_circuit(conn);
} else { } else {
@ -411,12 +411,9 @@ static int connection_ap_handshake_process_socks(connection_t *conn) {
if (socks->command == SOCKS_COMMAND_RESOLVE) { if (socks->command == SOCKS_COMMAND_RESOLVE) {
/* if it's a resolve request, fail it right now, rather than /* if it's a resolve request, fail it right now, rather than
* building all the circuits and then realizing it won't work. */ * building all the circuits and then realizing it won't work. */
log_fn(LOG_WARN,"Resolve requests to hidden services not allowed. Failing.");
connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL); connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL);
conn->socks_request->has_finished = 1; return -1;
conn->has_sent_end = 1;
connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1;
return 0;
} }
strlcpy(conn->rend_query, socks->address, sizeof(conn->rend_query)); strlcpy(conn->rend_query, socks->address, sizeof(conn->rend_query));
@ -626,6 +623,7 @@ int connection_ap_make_bridge(char *address, uint16_t port) {
return fd[1]; return fd[1];
} }
/* DOCDOC */
void connection_ap_handshake_socks_resolved(connection_t *conn, void connection_ap_handshake_socks_resolved(connection_t *conn,
int answer_type, int answer_type,
size_t answer_len, size_t answer_len,
@ -678,6 +676,7 @@ void connection_ap_handshake_socks_resolved(connection_t *conn,
connection_ap_handshake_socks_reply(conn, buf, replylen, connection_ap_handshake_socks_reply(conn, buf, replylen,
(answer_type == RESOLVED_TYPE_IPV4 || (answer_type == RESOLVED_TYPE_IPV4 ||
answer_type == RESOLVED_TYPE_IPV6) ? 1 : -1); answer_type == RESOLVED_TYPE_IPV6) ? 1 : -1);
conn->socks_request->has_finished = 1;
} }
/** Send a socks reply to stream <b>conn</b>, using the appropriate /** Send a socks reply to stream <b>conn</b>, using the appropriate

1
src/or/relay.c
View File

@ -613,7 +613,6 @@ connection_edge_process_relay_cell_not_open(
cell->payload[RELAY_HEADER_SIZE], /*answer_type*/ cell->payload[RELAY_HEADER_SIZE], /*answer_type*/
cell->payload[RELAY_HEADER_SIZE+1], /*answer_len*/ cell->payload[RELAY_HEADER_SIZE+1], /*answer_len*/
cell->payload+RELAY_HEADER_SIZE+2); /* answer */ cell->payload+RELAY_HEADER_SIZE+2); /* answer */
conn->socks_request->has_finished = 1;
conn->has_sent_end = 1; conn->has_sent_end = 1;
connection_mark_for_close(conn); connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1; conn->hold_open_until_flushed = 1;