diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-01-29 14:51:59 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-01-29 14:51:59 -0500 |
commit | 4c1a77953942f4921f8a151e01933c8f9d104e7f (patch) | |
tree | bb400c1dc0e9f420026b10d6d82a4e2693bcc3fa | |
parent | 204374f7d92997a510a7aabe5ec57f0f87a3499f (diff) | |
download | tor-4c1a77953942f4921f8a151e01933c8f9d104e7f.tar.gz tor-4c1a77953942f4921f8a151e01933c8f9d104e7f.zip |
Restrict unix: addresses to control and socks for now
-rw-r--r-- | src/or/config.c | 6 | ||||
-rw-r--r-- | src/or/connection.c | 27 | ||||
-rw-r--r-- | src/or/connection.h | 1 |
3 files changed, 26 insertions, 8 deletions
diff --git a/src/or/config.c b/src/or/config.c index ab1f318690..05b4d14337 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -5862,6 +5862,12 @@ parse_port_config(smartlist_t *out, goto err; } + if (unix_socket_path && + ! conn_listener_type_supports_af_unix(listener_type)) { + log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname); + goto err; + } + if (unix_socket_path) { port = 1; } else if (is_unix_socket) { diff --git a/src/or/connection.c b/src/or/connection.c index 170d3d7f1e..b7dfb1de02 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -449,6 +449,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b) conn_b->linked_conn = conn_a; } +/** Return true iff the provided connection listener type supports AF_UNIX + * sockets. */ +int +conn_listener_type_supports_af_unix(int type) +{ + /* For now only control ports or SOCKS ports can be Unix domain sockets + * and listeners at the same time */ + switch (type) { + case CONN_TYPE_CONTROL_LISTENER: + case CONN_TYPE_AP_LISTENER: + return 1; + default: + return 0; + } +} + /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if * necessary, close its socket if necessary, and mark the directory as dirty * if <b>conn</b> is an OR or OP connection. @@ -516,8 +532,7 @@ connection_free_(connection_t *conn) if (conn->socket_family == AF_UNIX) { /* For now only control and SOCKS ports can be Unix domain sockets * and listeners at the same time */ - tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER || - conn->type == CONN_TYPE_AP_LISTENER); + tor_assert(conn_listener_type_supports_af_unix(conn->type)); if (unlink(conn->address) < 0 && errno != ENOENT) { log_warn(LD_NET, "Could not unlink %s: %s", conn->address, @@ -1172,17 +1187,13 @@ connection_listener_new(const struct sockaddr *listensockaddr, } #ifdef HAVE_SYS_UN_H /* - * AF_UNIX generic setup stuff (this covers both CONN_TYPE_CONTROL_LISTENER - * and CONN_TYPE_AP_LISTENER cases) + * AF_UNIX generic setup stuff */ } else if (listensockaddr->sa_family == AF_UNIX) { /* We want to start reading for both AF_UNIX cases */ start_reading = 1; - /* For now only control ports or SOCKS ports can be Unix domain sockets - * and listeners at the same time */ - tor_assert(type == CONN_TYPE_CONTROL_LISTENER || - type == CONN_TYPE_AP_LISTENER); + tor_assert(conn_listener_type_supports_af_unix(type)); if (check_location_for_unix_socket(options, address, (type == CONN_TYPE_CONTROL_LISTENER) ? diff --git a/src/or/connection.h b/src/or/connection.h index 50bea51e5b..d0a34ece5c 100644 --- a/src/or/connection.h +++ b/src/or/connection.h @@ -17,6 +17,7 @@ const char *conn_type_to_string(int type); const char *conn_state_to_string(int type, int state); +int conn_listener_type_supports_af_unix(int type); dir_connection_t *dir_connection_new(int socket_family); or_connection_t *or_connection_new(int type, int socket_family); |