diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-02-07 10:37:53 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-02-07 10:37:53 -0500 |
| commit | f2a30413a35bb360323a98fb124fbc629245978d (patch) | |
| tree | 07a38f440cef4ff64966da5f8edabc938e0c8311 | |
| parent | 5446cb8d3d536e9bc737de6d9286bd4b4b185661 (diff) | |
| parent | 2ce43302490ac916be4188bff70f70958aee1790 (diff) | |
| download | tor-f2a30413a35bb360323a98fb124fbc629245978d.tar.gz tor-f2a30413a35bb360323a98fb124fbc629245978d.zip | |
Merge branch 'maint-0.2.5' into maint-0.2.6
| -rw-r--r-- | changes/bug16248 | 8 | ||||
| -rw-r--r-- | changes/bug18710 | 6 | ||||
| -rw-r--r-- | src/or/dnsserv.c | 4 | ||||
| -rw-r--r-- | src/or/main.c | 55 |
4 files changed, 66 insertions, 7 deletions
diff --git a/changes/bug16248 b/changes/bug16248 new file mode 100644 index 0000000000..399b7093cd --- /dev/null +++ b/changes/bug16248 @@ -0,0 +1,8 @@ + o Major bugfixes (dns proxy mode, crash): + - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on + 0.2.0.1-alpha. Patch from 'cypherpunks'. + + o Minor features (bug-resistance): + - Make Tor survive errors involving connections without a corresponding + event object. Previously we'd fail with an assertion; now we produce a + log message. Related to bug 16248. diff --git a/changes/bug18710 b/changes/bug18710 new file mode 100644 index 0000000000..269395563d --- /dev/null +++ b/changes/bug18710 @@ -0,0 +1,6 @@ + o Major bugfixes (DNS proxy): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, where the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c index f7710908bd..f3618cc2c5 100644 --- a/src/or/dnsserv.c +++ b/src/or/dnsserv.c @@ -87,8 +87,6 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) for (i = 0; i < req->nquestions; ++i) { if (req->questions[i]->dns_question_class != EVDNS_CLASS_INET) continue; - if (! q) - q = req->questions[i]; switch (req->questions[i]->type) { case EVDNS_TYPE_A: case EVDNS_TYPE_AAAA: @@ -96,7 +94,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) /* We always pick the first one of these questions, if there is one. */ if (! supported_q) - supported_q = q; + supported_q = req->questions[i]; break; default: break; diff --git a/src/or/main.c b/src/or/main.c index e53922218d..8badd7d382 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -566,6 +566,45 @@ connection_is_reading(connection_t *conn) (conn->read_event && event_pending(conn->read_event, EV_READ, NULL)); } +/** Check whether <b>conn</b> is correct in having (or not having) a + * read/write event (passed in <b>ev</b). On success, return 0. On failure, + * log a warning and return -1. */ +static int +connection_check_event(connection_t *conn, struct event *ev) +{ + int bad; + + if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { + /* DNS requests which we launch through the dnsserv.c module do not have + * any underlying socket or any underlying linked connection, so they + * shouldn't have any attached events either. + */ + bad = ev != NULL; + } else { + /* Everytyhing else should have an underlying socket, or a linked + * connection (which is also tracked with a read_event/write_event pair). + */ + bad = ev == NULL; + } + + if (bad) { + log_warn(LD_BUG, "Event missing on connection %p [%s;%s]. " + "socket=%d. linked=%d. " + "is_dns_request=%d. Marked_for_close=%s:%d", + conn, + conn_type_to_string(conn->type), + conn_state_to_string(conn->type, conn->state), + (int)conn->s, (int)conn->linked, + (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request), + conn->marked_for_close_file ? conn->marked_for_close_file : "-", + conn->marked_for_close + ); + //log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached."); + return -1; + } + return 0; +} + /** Tell the main loop to stop notifying <b>conn</b> of any read events. */ MOCK_IMPL(void, connection_stop_reading,(connection_t *conn)) @@ -577,7 +616,9 @@ connection_stop_reading,(connection_t *conn)) return; }); - tor_assert(conn->read_event); + if (connection_check_event(conn, conn->read_event) < 0) { + return; + } if (conn->linked) { conn->reading_from_linked_conn = 0; @@ -602,7 +643,9 @@ connection_start_reading,(connection_t *conn)) return; }); - tor_assert(conn->read_event); + if (connection_check_event(conn, conn->read_event) < 0) { + return; + } if (conn->linked) { conn->reading_from_linked_conn = 1; @@ -642,7 +685,9 @@ connection_stop_writing,(connection_t *conn)) return; }); - tor_assert(conn->write_event); + if (connection_check_event(conn, conn->write_event) < 0) { + return; + } if (conn->linked) { conn->writing_to_linked_conn = 0; @@ -668,7 +713,9 @@ connection_start_writing,(connection_t *conn)) return; }); - tor_assert(conn->write_event); + if (connection_check_event(conn, conn->write_event) < 0) { + return; + } if (conn->linked) { conn->writing_to_linked_conn = 1; |