nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Detect extra bytes in HAProxy inbuf when transitioning to OR handshake

Browse Source 
This shouldn't be possible, but let's add it for defense-in-depth.

Closes #40017.
This commit is contained in:
Nick Mathewson 2020-12-02 10:07:26 -05:00
parent 7640631539
commit 6c602026e8
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/ticket40017_redux Normal file
View File

@ -0,0 +1,3 @@
o Minor features (protocol, proxy support, defense in depth):
- Close HAProxy connections if they somehow manage to send us data before
we start reading. Closes another case of ticket 40017.

5
src/core/or/connection_or.c
View File

@ -686,6 +686,11 @@ connection_or_finished_flushing(or_connection_t *conn)
/* PROXY_HAPROXY gets connected by receiving an ack. */ /* PROXY_HAPROXY gets connected by receiving an ack. */
if (conn->proxy_type == PROXY_HAPROXY) { if (conn->proxy_type == PROXY_HAPROXY) {
tor_assert(TO_CONN(conn)->proxy_state == PROXY_HAPROXY_WAIT_FOR_FLUSH); tor_assert(TO_CONN(conn)->proxy_state == PROXY_HAPROXY_WAIT_FOR_FLUSH);
IF_BUG_ONCE(buf_datalen(TO_CONN(conn)->inbuf) != 0) {
/* This should be impossible; we're not even reading. */
connection_or_close_for_error(conn, 0);
return -1;
}
TO_CONN(conn)->proxy_state = PROXY_CONNECTED; TO_CONN(conn)->proxy_state = PROXY_CONNECTED;
if (connection_tls_start_handshake(conn, 0) < 0) { if (connection_tls_start_handshake(conn, 0) < 0) {