nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 05:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Stop ignoring misconfigured hidden services

Browse Source 
Instead, refuse to start tor until the misconfigurations have been corrected.

Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier.
This commit is contained in:
teor 2016-11-04 16:37:57 +11:00 committed by Nick Mathewson
parent 36bb900def
commit b917b3875e
2 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug20559 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (hidden services):
- Stop ignoring misconfigured hidden services. Instead, refuse to start
tor until the misconfigurations have been corrected.
Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier.

28
src/or/rendservice.c
View File

@ -286,7 +286,7 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service)
if (service->max_streams_per_circuit < 0) {
log_warn(LD_CONFIG, "Hidden service (%s) configured with negative max "
"streams per circuit; ignoring.",
"streams per circuit.",
rend_service_escaped_dir(service));
rend_service_free(service);
return -1;
@ -295,7 +295,7 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service)
if (service->max_streams_close_circuit < 0 ||
service->max_streams_close_circuit > 1) {
log_warn(LD_CONFIG, "Hidden service (%s) configured with invalid "
"max streams handling; ignoring.",
"max streams handling.",
rend_service_escaped_dir(service));
rend_service_free(service);
return -1;
@ -305,15 +305,14 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service)
(!service->clients ||
smartlist_len(service->clients) == 0)) {
log_warn(LD_CONFIG, "Hidden service (%s) with client authorization but no "
"clients; ignoring.",
"clients.",
rend_service_escaped_dir(service));
rend_service_free(service);
return -1;
}
if (!service->ports || !smartlist_len(service->ports)) {
log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured; "
"ignoring.",
log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured.",
rend_service_escaped_dir(service));
rend_service_free(service);
return -1;
@ -341,13 +340,12 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service)
!strcmp(ptr->directory, service->directory));
if (dupe) {
log_warn(LD_REND, "Another hidden service is already configured for "
"directory %s, ignoring.",
"directory %s.",
rend_service_escaped_dir(service));
rend_service_free(service);
return -1;
}
}
smartlist_add(s_list, service);
log_debug(LD_REND,"Configuring service with directory %s",
rend_service_escaped_dir(service));
for (i = 0; i < smartlist_len(service->ports); ++i) {
@ -363,14 +361,16 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service)
"Service maps port %d to socket at \"%s\"",
p->virtual_port, p->unix_addr);
#else
log_debug(LD_REND,
"Service maps port %d to an AF_UNIX socket, but we "
"have no AF_UNIX support on this platform. This is "
"probably a bug.",
p->virtual_port);
log_warn(LD_BUG,
"Service maps port %d to an AF_UNIX socket, but we "
"have no AF_UNIX support on this platform. This is "
"probably a bug.",
p->virtual_port);
return -1;
#endif /* defined(HAVE_SYS_UN_H) */
}
}
smartlist_add(s_list, service);
return 0;
}
/* NOTREACHED */
@ -538,9 +538,7 @@ rend_service_check_dir_and_add(smartlist_t *service_list,
if (BUG(!s_list)) {
return -1;
}
/* Ignore service failures until 030 */
rend_add_service(s_list, service);
return 0;
return rend_add_service(s_list, service);
}
}