Merge branch 'maint-0.2.2'

This commit is contained in:
Roger Dingledine 2010-12-19 22:08:42 -05:00
commit c79427a992
29 changed files with 185 additions and 122 deletions

View File

@ -3,6 +3,25 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.1.28 - 2010-12-17
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. We also took this opportunity to change the IP address
for one of our directory authorities, and to update the geoip database
we ship.
o Major bugfixes:
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remote-code execution
hasn't been confirmed, but can't be ruled out. Everyone should
upgrade. Bugfix on the 0.1.1 series and later.
o Directory authority changes:
- Change IP address and ports for gabelmoo (v3 directory authority).
o Minor features:
- Update to the December 1 2010 Maxmind GeoLite Country database.
Changes in version 0.2.1.27 - 2010-11-23
Yet another OpenSSL security patch broke its compatibility with Tor:
Tor 0.2.1.27 makes relays work with openssl 0.9.8p and 1.0.0.b. We

5
changes/security_bug Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes:
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remove-code execution
hasn't been confirmed, but can't be ruled out. Obviously, everyone
should upgrade. Bugfix on the 0.1.1 series and later.

View File

@ -155,6 +155,7 @@ tor_mmap_file(const char *filename)
return NULL;
}
/* XXXX why not just do fstat here? */
size = filesize = (size_t) lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
/* ensure page alignment */
@ -328,7 +329,7 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
int r;
if (size == 0)
return -1; /* no place for the NUL */
if (size > SSIZE_T_MAX-16)
if (size > SIZE_T_CEILING)
return -1;
#ifdef MS_WINDOWS
r = _vsnprintf(str, size, format, args);
@ -589,7 +590,7 @@ tor_fix_source_file(const char *fname)
* unaligned memory access.
*/
uint16_t
get_uint16(const char *cp)
get_uint16(const void *cp)
{
uint16_t v;
memcpy(&v,cp,2);
@ -601,7 +602,7 @@ get_uint16(const char *cp)
* unaligned memory access.
*/
uint32_t
get_uint32(const char *cp)
get_uint32(const void *cp)
{
uint32_t v;
memcpy(&v,cp,4);
@ -613,7 +614,7 @@ get_uint32(const char *cp)
* unaligned memory access.
*/
uint64_t
get_uint64(const char *cp)
get_uint64(const void *cp)
{
uint64_t v;
memcpy(&v,cp,8);
@ -625,7 +626,7 @@ get_uint64(const char *cp)
* *(uint16_t*)(cp) = v, but will not cause segfaults on platforms that forbid
* unaligned memory access. */
void
set_uint16(char *cp, uint16_t v)
set_uint16(void *cp, uint16_t v)
{
memcpy(cp,&v,2);
}
@ -634,7 +635,7 @@ set_uint16(char *cp, uint16_t v)
* *(uint32_t*)(cp) = v, but will not cause segfaults on platforms that forbid
* unaligned memory access. */
void
set_uint32(char *cp, uint32_t v)
set_uint32(void *cp, uint32_t v)
{
memcpy(cp,&v,4);
}
@ -643,7 +644,7 @@ set_uint32(char *cp, uint32_t v)
* *(uint64_t*)(cp) = v, but will not cause segfaults on platforms that forbid
* unaligned memory access. */
void
set_uint64(char *cp, uint64_t v)
set_uint64(void *cp, uint64_t v)
{
memcpy(cp,&v,8);
}

View File

@ -500,18 +500,18 @@ long tor_weak_random(void);
/* ===== OS compatibility */
const char *get_uname(void);
uint16_t get_uint16(const char *cp) ATTR_PURE ATTR_NONNULL((1));
uint32_t get_uint32(const char *cp) ATTR_PURE ATTR_NONNULL((1));
uint64_t get_uint64(const char *cp) ATTR_PURE ATTR_NONNULL((1));
void set_uint16(char *cp, uint16_t v) ATTR_NONNULL((1));
void set_uint32(char *cp, uint32_t v) ATTR_NONNULL((1));
void set_uint64(char *cp, uint64_t v) ATTR_NONNULL((1));
uint16_t get_uint16(const void *cp) ATTR_PURE ATTR_NONNULL((1));
uint32_t get_uint32(const void *cp) ATTR_PURE ATTR_NONNULL((1));
uint64_t get_uint64(const void *cp) ATTR_PURE ATTR_NONNULL((1));
void set_uint16(void *cp, uint16_t v) ATTR_NONNULL((1));
void set_uint32(void *cp, uint32_t v) ATTR_NONNULL((1));
void set_uint64(void *cp, uint64_t v) ATTR_NONNULL((1));
/* These uint8 variants are defined to make the code more uniform. */
#define get_uint8(cp) (*(const uint8_t*)(cp))
static void set_uint8(char *cp, uint8_t v);
static void set_uint8(void *cp, uint8_t v);
static INLINE void
set_uint8(char *cp, uint8_t v)
set_uint8(void *cp, uint8_t v)
{
*(uint8_t*)cp = v;
}

View File

@ -901,6 +901,8 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
tor_assert(env);
tor_assert(data);
tor_assert(sig);
tor_assert(datalen < SIZE_T_CEILING);
tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
@ -1001,6 +1003,7 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
tor_assert(env);
tor_assert(from);
tor_assert(to);
tor_assert(fromlen < SIZE_T_CEILING);
overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding));
pkeylen = crypto_pk_keysize(env);
@ -1068,6 +1071,7 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
crypto_cipher_env_t *cipher = NULL;
char *buf = NULL;
tor_assert(fromlen < SIZE_T_CEILING);
pkeylen = crypto_pk_keysize(env);
if (fromlen <= pkeylen) {
@ -1117,7 +1121,7 @@ crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len)
int len;
unsigned char *buf, *cp;
len = i2d_RSAPublicKey(pk->key, NULL);
if (len < 0 || (size_t)len > dest_len)
if (len < 0 || (size_t)len > dest_len || dest_len > SIZE_T_CEILING)
return -1;
cp = buf = tor_malloc(len+1);
len = i2d_RSAPublicKey(pk->key, &cp);
@ -1192,6 +1196,8 @@ add_spaces_to_fp(char *out, size_t outlen, const char *in)
{
int n = 0;
char *end = out+outlen;
tor_assert(outlen < SIZE_T_CEILING);
while (*in && out<end) {
*out++ = *in++;
if (++n == 4 && *in && out<end) {
@ -1337,6 +1343,7 @@ crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
tor_assert(from);
tor_assert(fromlen);
tor_assert(to);
tor_assert(fromlen < SIZE_T_CEILING);
aes_crypt(env->cipher, from, fromlen, to);
return 0;
@ -1353,6 +1360,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
tor_assert(env);
tor_assert(from);
tor_assert(to);
tor_assert(fromlen < SIZE_T_CEILING);
aes_crypt(env->cipher, from, fromlen, to);
return 0;
@ -1364,6 +1372,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
int
crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *buf, size_t len)
{
tor_assert(len < SIZE_T_CEILING);
aes_crypt_inplace(env->cipher, buf, len);
return 0;
}

View File

@ -95,6 +95,7 @@ static memarea_chunk_t *freelist = NULL;
static memarea_chunk_t *
alloc_chunk(size_t sz, int freelist_ok)
{
tor_assert(sz < SIZE_T_CEILING);
if (freelist && freelist_ok) {
memarea_chunk_t *res = freelist;
freelist = res->next_chunk;
@ -211,6 +212,7 @@ memarea_alloc(memarea_t *area, size_t sz)
char *result;
tor_assert(chunk);
CHECK_SENTINEL(chunk);
tor_assert(sz < SIZE_T_CEILING);
if (sz == 0)
sz = 1;
if (chunk->next_mem+sz > chunk->u.mem+chunk->mem_size) {
@ -270,6 +272,7 @@ memarea_strndup(memarea_t *area, const char *s, size_t n)
size_t ln;
char *result;
const char *cp, *end = s+n;
tor_assert(n < SIZE_T_CEILING);
for (cp = s; cp < end && *cp; ++cp)
;
/* cp now points to s+n, or to the 0 in the string. */

View File

@ -357,6 +357,10 @@ mp_pool_new(size_t item_size, size_t chunk_capacity)
mp_pool_t *pool;
size_t alloc_size, new_chunk_cap;
tor_assert(item_size < SIZE_T_CEILING);
tor_assert(chunk_capacity < SIZE_T_CEILING);
tor_assert(SIZE_T_CEILING / item_size > chunk_capacity);
pool = ALLOC(sizeof(mp_pool_t));
CHECK_ALLOC(pool);
memset(pool, 0, sizeof(mp_pool_t));

View File

@ -330,7 +330,7 @@ typedef uint32_t uintptr_t;
#endif
/* Any size_t larger than this amount is likely to be an underflow. */
#define SIZE_T_CEILING (sizeof(char)<<(sizeof(size_t)*8 - 1))
#define SIZE_T_CEILING (SSIZE_T_MAX-16)
#endif /* __TORINT_H */

View File

@ -123,6 +123,8 @@ _tor_malloc(size_t size DMALLOC_PARAMS)
{
void *result;
tor_assert(size < SIZE_T_CEILING);
#ifndef MALLOC_ZERO_WORKS
/* Some libc mallocs don't work when size==0. Override them. */
if (size==0) {
@ -219,6 +221,7 @@ _tor_strndup(const char *s, size_t n DMALLOC_PARAMS)
{
char *dup;
tor_assert(s);
tor_assert(n < SIZE_T_CEILING);
dup = _tor_malloc((n+1) DMALLOC_FN_ARGS);
/* Performance note: Ordinarily we prefer strlcpy to strncpy. But
* this function gets called a whole lot, and platform strncpy is
@ -235,6 +238,7 @@ void *
_tor_memdup(const void *mem, size_t len DMALLOC_PARAMS)
{
char *dup;
tor_assert(len < SIZE_T_CEILING);
tor_assert(mem);
dup = _tor_malloc(len DMALLOC_FN_ARGS);
memcpy(dup, mem, len);
@ -264,12 +268,15 @@ void *
_tor_malloc_roundup(size_t *sizep DMALLOC_PARAMS)
{
#ifdef HAVE_MALLOC_GOOD_SIZE
tor_assert(*sizep < SIZE_T_CEILING);
*sizep = malloc_good_size(*sizep);
return _tor_malloc(*sizep DMALLOC_FN_ARGS);
#elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC)
/* Never use malloc_usable_size(); it makes valgrind really unhappy,
* and doesn't win much in terms of usable space where it exists. */
void *result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
void *result;
tor_assert(*sizep < SIZE_T_CEILING);
result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
*sizep = malloc_usable_size(result);
return result;
#else
@ -2055,7 +2062,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
return NULL;
}
if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_MAX)
if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_CEILING)
return NULL;
string = tor_malloc((size_t)(statbuf.st_size+1));

View File

@ -1003,7 +1003,7 @@ fetch_var_cell_from_buf(buf_t *buf, var_cell_t **out, int linkproto)
result->circ_id = ntohs(get_uint16(hdr));
buf_remove_from_front(buf, VAR_CELL_HEADER_SIZE);
peek_from_buf(result->payload, length, buf);
peek_from_buf((char*) result->payload, length, buf);
buf_remove_from_front(buf, length);
check();

View File

@ -1897,7 +1897,7 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
* and a DH operation. */
cell_type = CELL_CREATE_FAST;
memset(payload, 0, sizeof(payload));
crypto_rand(circ->cpath->fast_handshake_state,
crypto_rand((char*) circ->cpath->fast_handshake_state,
sizeof(circ->cpath->fast_handshake_state));
memcpy(payload, circ->cpath->fast_handshake_state,
sizeof(circ->cpath->fast_handshake_state));
@ -2076,8 +2076,8 @@ circuit_extend(cell_t *cell, circuit_t *circ)
n_addr32 = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE));
n_port = ntohs(get_uint16(cell->payload+RELAY_HEADER_SIZE+4));
onionskin = cell->payload+RELAY_HEADER_SIZE+4+2;
id_digest = cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN;
onionskin = (char*) cell->payload+RELAY_HEADER_SIZE+4+2;
id_digest = (char*) cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN;
tor_addr_from_ipv4h(&n_addr, n_addr32);
if (!n_port || !n_addr32) {
@ -2215,7 +2215,7 @@ circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data,
*/
int
circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type,
const char *reply)
const uint8_t *reply)
{
char keys[CPATH_KEY_MATERIAL_LEN];
crypt_path_t *hop;
@ -2232,7 +2232,7 @@ circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type,
tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS);
if (reply_type == CELL_CREATED && hop->dh_handshake_state) {
if (onion_skin_client_handshake(hop->dh_handshake_state, reply, keys,
if (onion_skin_client_handshake(hop->dh_handshake_state, (char*)reply, keys,
DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {
log_warn(LD_CIRC,"onion_skin_client_handshake failed.");
return -END_CIRC_REASON_TORPROTOCOL;
@ -2240,7 +2240,8 @@ circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type,
/* Remember hash of g^xy */
memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN);
} else if (reply_type == CELL_CREATED_FAST && !hop->dh_handshake_state) {
if (fast_client_handshake(hop->fast_handshake_state, reply, keys,
if (fast_client_handshake(hop->fast_handshake_state, reply,
(uint8_t*)keys,
DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {
log_warn(LD_CIRC,"fast_client_handshake failed.");
return -END_CIRC_REASON_TORPROTOCOL;

View File

@ -31,7 +31,7 @@ int circuit_extend(cell_t *cell, circuit_t *circ);
int circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data,
int reverse);
int circuit_finish_handshake(origin_circuit_t *circ, uint8_t cell_type,
const char *reply);
const uint8_t *reply);
int circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer);
int onionskin_answer(or_circuit_t *circ, uint8_t cell_type,
const char *payload, const char *keys);

View File

@ -310,7 +310,8 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn)
char keys[CPATH_KEY_MATERIAL_LEN];
char reply[DIGEST_LEN*2];
tor_assert(cell->command == CELL_CREATE_FAST);
if (fast_server_handshake(cell->payload, reply, keys, sizeof(keys))<0) {
if (fast_server_handshake(cell->payload, (uint8_t*)reply,
(uint8_t*)keys, sizeof(keys))<0) {
log_warn(LD_OR,"Failed to generate key material. Closing.");
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
return;
@ -357,7 +358,7 @@ command_process_created_cell(cell_t *cell, or_connection_t *conn)
int err_reason = 0;
log_debug(LD_OR,"at OP. Finishing handshake.");
if ((err_reason = circuit_finish_handshake(origin_circ, cell->command,
cell->payload)) < 0) {
cell->payload)) < 0) {
log_warn(LD_OR,"circuit_finish_handshake failed.");
circuit_mark_for_close(circ, -err_reason);
return;
@ -373,7 +374,7 @@ command_process_created_cell(cell_t *cell, or_connection_t *conn)
log_debug(LD_OR,
"Converting created cell to extended relay cell, sending.");
relay_send_command_from_edge(0, circ, RELAY_COMMAND_EXTENDED,
cell->payload, ONIONSKIN_REPLY_LEN,
(char*)cell->payload, ONIONSKIN_REPLY_LEN,
NULL);
}
}
@ -503,7 +504,7 @@ static void
command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
{
int highest_supported_version = 0;
const char *cp, *end;
const uint8_t *cp, *end;
if (conn->link_proto != 0 ||
conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING ||
(conn->handshake_state && conn->handshake_state->received_versions)) {
@ -557,8 +558,8 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
time_t timestamp;
uint8_t my_addr_type;
uint8_t my_addr_len;
const char *my_addr_ptr;
const char *cp, *end;
const uint8_t *my_addr_ptr;
const uint8_t *cp, *end;
uint8_t n_other_addrs;
time_t now = time(NULL);
@ -586,7 +587,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
my_addr_type = (uint8_t) cell->payload[4];
my_addr_len = (uint8_t) cell->payload[5];
my_addr_ptr = cell->payload + 6;
my_addr_ptr = (uint8_t*) cell->payload + 6;
end = cell->payload + CELL_PAYLOAD_SIZE;
cp = cell->payload + 6 + my_addr_len;
if (cp >= end) {
@ -603,7 +604,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
/* Consider all the other addresses; if any matches, this connection is
* "canonical." */
tor_addr_t addr;
const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
const uint8_t *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
if (next == NULL) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Bad address in netinfo cell; closing connection.");

View File

@ -1489,7 +1489,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
orig_address);
connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME,
strlen(result), result, -1,
strlen(result), (uint8_t*)result,
-1,
map_expires);
connection_mark_unattached_ap(conn,
END_STREAM_REASON_DONE |
@ -1610,7 +1611,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
/* remember _what_ is supposed to have been resolved. */
strlcpy(socks->address, orig_address, sizeof(socks->address));
connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4,
(char*)&answer,-1,map_expires);
(uint8_t*)&answer,
-1,map_expires);
connection_mark_unattached_ap(conn,
END_STREAM_REASON_DONE |
END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
@ -2325,7 +2327,7 @@ void
connection_ap_handshake_socks_resolved(edge_connection_t *conn,
int answer_type,
size_t answer_len,
const char *answer,
const uint8_t *answer,
int ttl,
time_t expires)
{
@ -2339,7 +2341,7 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
client_dns_set_addressmap(conn->socks_request->address, a,
conn->chosen_exit_name, ttl);
} else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) {
char *cp = tor_strndup(answer, answer_len);
char *cp = tor_strndup((char*)answer, answer_len);
client_dns_set_reverse_addressmap(conn->socks_request->address,
cp,
conn->chosen_exit_name, ttl);
@ -2350,14 +2352,14 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
if (conn->is_dns_request) {
if (conn->dns_server_request) {
/* We had a request on our DNS port: answer it. */
dnsserv_resolved(conn, answer_type, answer_len, answer, ttl);
dnsserv_resolved(conn, answer_type, answer_len, (char*)answer, ttl);
conn->socks_request->has_finished = 1;
return;
} else {
/* This must be a request from the controller. We already sent
* a mapaddress if there's a ttl. */
tell_controller_about_resolved_result(conn, answer_type, answer_len,
answer, ttl, expires);
(char*)answer, ttl, expires);
conn->socks_request->has_finished = 1;
return;
}
@ -2502,6 +2504,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
or_circ = TO_OR_CIRCUIT(circ);
relay_header_unpack(&rh, cell->payload);
if (rh.length > RELAY_PAYLOAD_SIZE)
return -1;
/* Note: we have to use relay_send_command_from_edge here, not
* connection_edge_end or connection_edge_send_command, since those require
@ -2525,7 +2529,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
END_STREAM_REASON_TORPROTOCOL, NULL);
return 0;
}
if (parse_addr_port(LOG_PROTOCOL_WARN, cell->payload+RELAY_HEADER_SIZE,
if (parse_addr_port(LOG_PROTOCOL_WARN,
(char*)(cell->payload+RELAY_HEADER_SIZE),
&address,NULL,&port)<0) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Unable to parse addr:port in relay begin cell. Closing.");
@ -2690,6 +2695,8 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
assert_circuit_ok(TO_CIRCUIT(circ));
relay_header_unpack(&rh, cell->payload);
if (rh.length > RELAY_PAYLOAD_SIZE)
return -1;
/* This 'dummy_conn' only exists to remember the stream ID
* associated with the resolve request; and to make the
@ -2700,8 +2707,9 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
*/
dummy_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET);
dummy_conn->stream_id = rh.stream_id;
dummy_conn->_base.address = tor_strndup(cell->payload+RELAY_HEADER_SIZE,
rh.length);
dummy_conn->_base.address = tor_strndup(
(char*)cell->payload+RELAY_HEADER_SIZE,
rh.length);
dummy_conn->_base.port = 0;
dummy_conn->_base.state = EXIT_CONN_STATE_RESOLVEFAILED;
dummy_conn->_base.purpose = EXIT_PURPOSE_RESOLVE;

View File

@ -39,7 +39,7 @@ void connection_ap_handshake_socks_reply(edge_connection_t *conn, char *reply,
void connection_ap_handshake_socks_resolved(edge_connection_t *conn,
int answer_type,
size_t answer_len,
const char *answer,
const uint8_t *answer,
int ttl,
time_t expires);

View File

@ -1403,7 +1403,8 @@ connection_or_write_var_cell_to_buf(const var_cell_t *cell,
tor_assert(conn);
var_cell_pack_header(cell, hdr);
connection_write_to_buf(hdr, sizeof(hdr), TO_CONN(conn));
connection_write_to_buf(cell->payload, cell->payload_len, TO_CONN(conn));
connection_write_to_buf((char*)cell->payload,
cell->payload_len, TO_CONN(conn));
if (cell->command != CELL_PADDING)
conn->timestamp_last_added_nonpadding = approx_time();
}
@ -1538,7 +1539,7 @@ connection_or_send_netinfo(or_connection_t *conn)
time_t now = time(NULL);
const routerinfo_t *me;
int len;
char *out;
uint8_t *out;
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_NETINFO;

View File

@ -349,9 +349,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
* Return 0 on success, &lt;0 on failure.
**/
int
fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */
char *handshake_reply_out, /* DIGEST_LEN*2 bytes */
char *key_out,
fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */
uint8_t *handshake_reply_out, /* DIGEST_LEN*2 bytes */
uint8_t *key_out,
size_t key_out_len)
{
char tmp[DIGEST_LEN+DIGEST_LEN];
@ -359,7 +359,7 @@ fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */
size_t out_len;
int r = -1;
if (crypto_rand(handshake_reply_out, DIGEST_LEN)<0)
if (crypto_rand((char*)handshake_reply_out, DIGEST_LEN)<0)
return -1;
memcpy(tmp, key_in, DIGEST_LEN);
@ -392,9 +392,9 @@ fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */
* and protected by TLS).
*/
int
fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
const char *handshake_reply_out, /* DIGEST_LEN*2 bytes */
char *key_out,
fast_client_handshake(const uint8_t *handshake_state, /* DIGEST_LEN bytes */
const uint8_t *handshake_reply_out, /* DIGEST_LEN*2 bytes */
uint8_t *key_out,
size_t key_out_len)
{
char tmp[DIGEST_LEN+DIGEST_LEN];

View File

@ -32,14 +32,14 @@ int onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
char *key_out,
size_t key_out_len);
int fast_server_handshake(const char *key_in,
char *handshake_reply_out,
char *key_out,
int fast_server_handshake(const uint8_t *key_in,
uint8_t *handshake_reply_out,
uint8_t *key_out,
size_t key_out_len);
int fast_client_handshake(const char *handshake_state,
const char *handshake_reply_out,
char *key_out,
int fast_client_handshake(const uint8_t *handshake_state,
const uint8_t *handshake_reply_out,
uint8_t *key_out,
size_t key_out_len);
void clear_pending_onions(void);

View File

@ -850,7 +850,7 @@ typedef struct cell_t {
circid_t circ_id; /**< Circuit which received the cell. */
uint8_t command; /**< Type of the cell: one of CELL_PADDING, CELL_CREATE,
* CELL_DESTROY, etc */
char payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */
uint8_t payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */
} cell_t;
/** Parsed variable-length onion routing cell. */
@ -858,7 +858,7 @@ typedef struct var_cell_t {
uint8_t command;
circid_t circ_id;
uint16_t payload_len;
char payload[1];
uint8_t payload[1];
} var_cell_t;
/** A cell as packed for writing to the network. */
@ -2111,7 +2111,7 @@ typedef struct crypt_path_t {
* authentication, secrecy, and integrity we need, and we're already
* distinguishable from an OR.
*/
char fast_handshake_state[DIGEST_LEN];
uint8_t fast_handshake_state[DIGEST_LEN];
/** Negotiated key material shared with the OR at this step. */
char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */

View File

@ -98,7 +98,7 @@ relay_set_digest(crypto_digest_env_t *digest, cell_t *cell)
char integrity[4];
relay_header_t rh;
crypto_digest_add_bytes(digest, cell->payload, CELL_PAYLOAD_SIZE);
crypto_digest_add_bytes(digest, (char*)cell->payload, CELL_PAYLOAD_SIZE);
crypto_digest_get_digest(digest, integrity, 4);
// log_fn(LOG_DEBUG,"Putting digest of %u %u %u %u into relay cell.",
// integrity[0], integrity[1], integrity[2], integrity[3]);
@ -131,7 +131,7 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell)
// received_integrity[0], received_integrity[1],
// received_integrity[2], received_integrity[3]);
crypto_digest_add_bytes(digest, cell->payload, CELL_PAYLOAD_SIZE);
crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE);
crypto_digest_get_digest(digest, calculated_integrity, 4);
if (memcmp(received_integrity, calculated_integrity, 4)) {
@ -157,12 +157,12 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell)
* Return -1 if the crypto fails, else return 0.
*/
static int
relay_crypt_one_payload(crypto_cipher_env_t *cipher, char *in,
relay_crypt_one_payload(crypto_cipher_env_t *cipher, uint8_t *in,
int encrypt_mode)
{
int r;
(void)encrypt_mode;
r = crypto_cipher_crypt_inplace(cipher, in, CELL_PAYLOAD_SIZE);
r = crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
if (r) {
log_warn(LD_BUG,"Error during relay encryption");
@ -477,10 +477,9 @@ relay_lookup_conn(circuit_t *circ, cell_t *cell,
* about the wire format.
*/
void
relay_header_pack(char *dest, const relay_header_t *src)
relay_header_pack(uint8_t *dest, const relay_header_t *src)
{
*(uint8_t*)(dest) = src->command;
set_uint8(dest, src->command);
set_uint16(dest+1, htons(src->recognized));
set_uint16(dest+3, htons(src->stream_id));
memcpy(dest+5, src->integrity, 4);
@ -491,10 +490,9 @@ relay_header_pack(char *dest, const relay_header_t *src)
* relay_header_t structure <b>dest</b>.
*/
void
relay_header_unpack(relay_header_t *dest, const char *src)
relay_header_unpack(relay_header_t *dest, const uint8_t *src)
{
dest->command = *(uint8_t*)(src);
dest->command = get_uint8(src);
dest->recognized = ntohs(get_uint16(src+1));
dest->stream_id = ntohs(get_uint16(src+3));
memcpy(dest->integrity, src+5, 4);
@ -1119,13 +1117,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
}
stats_n_data_bytes_received += rh.length;
connection_write_to_buf(cell->payload + RELAY_HEADER_SIZE,
connection_write_to_buf((char*)(cell->payload + RELAY_HEADER_SIZE),
rh.length, TO_CONN(conn));
connection_edge_consider_sending_sendme(conn);
return 0;
case RELAY_COMMAND_END:
reason = rh.length > 0 ?
*(uint8_t *)(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
if (!conn) {
log_info(domain,"end cell (%s) dropped, unknown stream.",
stream_end_reason_to_string(reason));
@ -2457,7 +2455,7 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn,
* ADDRESS [length bytes]
* Return the number of bytes added, or -1 on error */
int
append_address_to_payload(char *payload_out, const tor_addr_t *addr)
append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
{
uint32_t a;
switch (tor_addr_family(addr)) {
@ -2482,13 +2480,13 @@ append_address_to_payload(char *payload_out, const tor_addr_t *addr)
* encoded as by append_address_to_payload(), try to decode the address into
* *<b>addr_out</b>. Return the next byte in the payload after the address on
* success, or NULL on failure. */
const char *
decode_address_from_payload(tor_addr_t *addr_out, const char *payload,
const uint8_t *
decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
int payload_len)
{
if (payload_len < 2)
return NULL;
if (payload_len < 2+(uint8_t)payload[1])
if (payload_len < 2+payload[1])
return NULL;
switch (payload[0]) {
@ -2500,13 +2498,13 @@ decode_address_from_payload(tor_addr_t *addr_out, const char *payload,
case RESOLVED_TYPE_IPV6:
if (payload[1] != 16)
return NULL;
tor_addr_from_ipv6_bytes(addr_out, payload+2);
tor_addr_from_ipv6_bytes(addr_out, (char*)(payload+2));
break;
default:
tor_addr_make_unspec(addr_out);
break;
}
return payload + 2 + (uint8_t)payload[1];
return payload + 2 + payload[1];
}
/** Remove all the cells queued on <b>circ</b> for <b>orconn</b>. */

View File

@ -18,8 +18,8 @@ extern uint64_t stats_n_relay_cells_delivered;
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
cell_direction_t cell_direction);
void relay_header_pack(char *dest, const relay_header_t *src);
void relay_header_unpack(relay_header_t *dest, const char *src);
void relay_header_pack(uint8_t *dest, const relay_header_t *src);
void relay_header_unpack(relay_header_t *dest, const uint8_t *src);
int relay_send_command_from_edge(streamid_t stream_id, circuit_t *circ,
uint8_t relay_command, const char *payload,
size_t payload_len, crypt_path_t *cpath_layer);
@ -55,9 +55,9 @@ void assert_active_circuits_ok(or_connection_t *orconn);
void make_circuit_inactive_on_conn(circuit_t *circ, or_connection_t *conn);
void make_circuit_active_on_conn(circuit_t *circ, or_connection_t *conn);
int append_address_to_payload(char *payload_out, const tor_addr_t *addr);
const char *decode_address_from_payload(tor_addr_t *addr_out,
const char *payload,
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr);
const uint8_t *decode_address_from_payload(tor_addr_t *addr_out,
const uint8_t *payload,
int payload_len);
unsigned cell_ewma_get_tick(void);
void cell_ewma_set_scale_factor(or_options_t *options,

View File

@ -235,7 +235,7 @@ rend_client_rendcirc_has_opened(origin_circuit_t *circ)
*/
int
rend_client_introduction_acked(origin_circuit_t *circ,
const char *request, size_t request_len)
const uint8_t *request, size_t request_len)
{
origin_circuit_t *rendcirc;
(void) request; // XXXX Use this.
@ -584,7 +584,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
* the circuit to C_REND_READY.
*/
int
rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request,
rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
(void) request;
@ -610,7 +610,7 @@ rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request,
/** Bob sent us a rendezvous cell; join the circuits. */
int
rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
crypt_path_t *hop;
@ -638,9 +638,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
tor_assert(circ->build_state->pending_final_cpath);
hop = circ->build_state->pending_final_cpath;
tor_assert(hop->dh_handshake_state);
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->dh_handshake_state,
request, DH_KEY_LEN, keys,
DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN,
hop->dh_handshake_state, (char*)request,
DH_KEY_LEN,
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
goto err;
}

View File

@ -14,14 +14,17 @@
void rend_client_introcirc_has_opened(origin_circuit_t *circ);
void rend_client_rendcirc_has_opened(origin_circuit_t *circ);
int rend_client_introduction_acked(origin_circuit_t *circ, const char *request,
int rend_client_introduction_acked(origin_circuit_t *circ,
const uint8_t *request,
size_t request_len);
void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query);
int rend_client_remove_intro_point(extend_info_t *failed_intro,
const rend_data_t *rend_query);
int rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request,
int rend_client_rendezvous_acked(origin_circuit_t *circ,
const uint8_t *request,
size_t request_len);
int rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
int rend_client_receive_rendezvous(origin_circuit_t *circ,
const uint8_t *request,
size_t request_len);
void rend_client_desc_trynow(const char *query);

View File

@ -1358,7 +1358,7 @@ rend_cache_store_v2_desc_as_client(const char *desc,
void
rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
int command, size_t length,
const char *payload)
const uint8_t *payload)
{
or_circuit_t *or_circ = NULL;
origin_circuit_t *origin_circ = NULL;

View File

@ -22,7 +22,8 @@ rend_data_free(rend_data_t *data)
int rend_cmp_service_ids(const char *one, const char *two);
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
int command, size_t length, const char *payload);
int command, size_t length,
const uint8_t *payload);
void rend_service_descriptor_free(rend_service_descriptor_t *desc);
rend_service_descriptor_t *rend_parse_service_descriptor(const char *str,

View File

@ -18,7 +18,7 @@
* setting the circuit's purpose and service pk digest.
*/
int
rend_mid_establish_intro(or_circuit_t *circ, const char *request,
rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
crypto_pk_env_t *pk = NULL;
@ -48,7 +48,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
/* Next asn1len bytes: asn1-encoded key. */
if (request_len < 2+DIGEST_LEN+asn1len)
goto truncated;
pk = crypto_pk_asn1_decode(request+2, asn1len);
pk = crypto_pk_asn1_decode((char*)(request+2), asn1len);
if (!pk) {
reason = END_CIRC_REASON_TORPROTOCOL;
log_warn(LD_PROTOCOL, "Couldn't decode public key.");
@ -69,8 +69,8 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
}
/* Rest of body: signature of previous data */
note_crypto_pk_op(REND_MID);
if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
request+2+DIGEST_LEN+asn1len,
if (crypto_pk_public_checksig_digest(pk, (char*)request, 2+asn1len+DIGEST_LEN,
(char*)(request+2+DIGEST_LEN+asn1len),
request_len-(2+DIGEST_LEN+asn1len))<0) {
log_warn(LD_PROTOCOL,
"Incorrect signature on ESTABLISH_INTRO cell; rejecting.");
@ -130,7 +130,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request,
* INTRODUCE2 cell.
*/
int
rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
rend_mid_introduce(or_circuit_t *circ, const uint8_t *request, size_t request_len)
{
or_circuit_t *intro_circ;
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
@ -159,10 +159,10 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
}
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
request, REND_SERVICE_ID_LEN);
(char*)request, REND_SERVICE_ID_LEN);
/* The first 20 bytes are all we look at: they have a hash of Bob's PK. */
intro_circ = circuit_get_intro_point(request);
intro_circ = circuit_get_intro_point((char*)request);
if (!intro_circ) {
log_info(LD_REND,
"No intro circ found for INTRODUCE1 cell (%s) from circuit %d; "
@ -180,7 +180,7 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
/* Great. Now we just relay the cell down the circuit. */
if (relay_send_command_from_edge(0, TO_CIRCUIT(intro_circ),
RELAY_COMMAND_INTRODUCE2,
request, request_len, NULL)) {
(char*)request, request_len, NULL)) {
log_warn(LD_GENERAL,
"Unable to send INTRODUCE2 cell to Tor client.");
goto err;
@ -212,7 +212,7 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len)
* rendezvous cookie.
*/
int
rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request,
rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
char hexid[9];
@ -232,7 +232,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request,
goto err;
}
if (circuit_get_rendezvous(request)) {
if (circuit_get_rendezvous((char*)request)) {
log_warn(LD_PROTOCOL,
"Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS.");
goto err;
@ -250,7 +250,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request,
circ->_base.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING;
memcpy(circ->rend_token, request, REND_COOKIE_LEN);
base16_encode(hexid,9,request,4);
base16_encode(hexid,9,(char*)request,4);
log_info(LD_REND,
"Established rendezvous point on circuit %d for cookie %s",
@ -267,13 +267,13 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request,
* connecting the two circuits.
*/
int
rend_mid_rendezvous(or_circuit_t *circ, const char *request,
rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
or_circuit_t *rend_circ;
char hexid[9];
int reason = END_CIRC_REASON_INTERNAL;
base16_encode(hexid,9,request,request_len<4?request_len:4);
base16_encode(hexid,9,(char*)request,request_len<4?request_len:4);
if (request_len>=4) {
log_info(LD_REND,
@ -297,7 +297,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const char *request,
goto err;
}
rend_circ = circuit_get_rendezvous(request);
rend_circ = circuit_get_rendezvous((char*)request);
if (!rend_circ) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.",
@ -309,7 +309,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const char *request,
/* Send the RENDEZVOUS2 cell to Alice. */
if (relay_send_command_from_edge(0, TO_CIRCUIT(rend_circ),
RELAY_COMMAND_RENDEZVOUS2,
request+REND_COOKIE_LEN,
(char*)(request+REND_COOKIE_LEN),
request_len-REND_COOKIE_LEN, NULL)) {
log_warn(LD_GENERAL,
"Unable to send RENDEZVOUS2 cell to client on circuit %d.",

View File

@ -12,13 +12,13 @@
#ifndef _TOR_RENDMID_H
#define _TOR_RENDMID_H
int rend_mid_establish_intro(or_circuit_t *circ, const char *request,
int rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
size_t request_len);
int rend_mid_introduce(or_circuit_t *circ, const char *request,
int rend_mid_introduce(or_circuit_t *circ, const uint8_t *request,
size_t request_len);
int rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request,
int rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
size_t request_len);
int rend_mid_rendezvous(or_circuit_t *circ, const char *request,
int rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
size_t request_len);
#endif

View File

@ -850,7 +850,7 @@ clean_accepted_intros(rend_service_t *service, time_t now)
* rendezvous point.
*/
int
rend_service_introduce(origin_circuit_t *circuit, const char *request,
rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
size_t request_len)
{
char *ptr, *r_cookie;
@ -914,7 +914,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
crypto_pk_get_digest(intro_key, intro_key_digest);
if (memcmp(intro_key_digest, request, DIGEST_LEN)) {
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
request, REND_SERVICE_ID_LEN);
(char*)request, REND_SERVICE_ID_LEN);
log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).",
escaped(serviceid));
return -1;
@ -929,7 +929,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
/* Next N bytes is encrypted with service key */
note_crypto_pk_op(REND_SERVER);
r = crypto_pk_private_hybrid_decrypt(
intro_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
intro_key,buf,(char*)(request+DIGEST_LEN),request_len-DIGEST_LEN,
PK_PKCS1_OAEP_PADDING,1);
if (r<0) {
log_warn(LD_PROTOCOL, "Couldn't decrypt INTRODUCE2 cell.");
@ -1393,7 +1393,8 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
* live introduction point, and note that the service descriptor is
* now out-of-date.*/
int
rend_service_intro_established(origin_circuit_t *circuit, const char *request,
rend_service_intro_established(origin_circuit_t *circuit,
const uint8_t *request,
size_t request_len)
{
rend_service_t *service;

View File

@ -22,10 +22,10 @@ void rend_consider_descriptor_republication(void);
void rend_service_intro_has_opened(origin_circuit_t *circuit);
int rend_service_intro_established(origin_circuit_t *circuit,
const char *request,
const uint8_t *request,
size_t request_len);
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit);
int rend_service_introduce(origin_circuit_t *circuit, const char *request,
int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
size_t request_len);
void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc);
int rend_service_set_connection_addr_port(edge_connection_t *conn,