Merge remote-tracking branch 'yawning-schwanenlied/bug20261'

4 files changed, 30 insertions, 2 deletions

diff --git a/changes/bug20261 b/changes/bug20261
new file mode 100644
index 0000000000..dfdd15924b
--- /dev/null
+++ b/changes/bug20261
@@ -0,0 +1,4 @@
+  o Minor bugfixes (client, unix domain sockets):
+    - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts
+      as the client address is meaningless. Fixes bug 20261; bugfix on
+      0.2.6.3-alpha.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 9f4eb31445..354478a42e 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if
     another.  Recognized isolation flags are:
     **IsolateClientAddr**;;
         Don't share circuits with streams from a different
-        client address.  (On by default and strongly recommended;
-        you can disable it with **NoIsolateClientAddr**.)
+        client address.  (On by default and strongly recommended when
+        supported; you can disable it with **NoIsolateClientAddr**.
+        Unsupported and force-disabled when using Unix domain sockets.)
     **IsolateSOCKSAuth**;;
         Don't share circuits with streams for which different
         SOCKS authentication was provided. (On by default;
diff --git a/src/common/address.c b/src/common/address.c
index 15ee3dbd17..dae1800919 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1041,6 +1041,10 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
  * Different address families (IPv4 vs IPv6) are always considered unequal if
  * <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
  * considered equivalent to their IPv4 equivalents.
+ *
+ * As a special case, all AF_UNIX addresses are always considered equal
+ * since tor_addr_t currently does not contain the information required to
+ * make the comparison.
  */
 int
 tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2,
@@ -1114,6 +1118,18 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
           return 0;
         }
       }
+      case AF_UNIX:
+        /* HACKHACKHACKHACKHACK:
+         * tor_addr_t doesn't contain a copy of sun_path, so it's not
+         * possible to comapre this at all.
+         *
+         * Since the only time we currently actually should be comparing
+         * 2 AF_UNIX addresses is when dealing with ISO_CLIENTADDR (which
+         * is diesabled for AF_UNIX SocksPorts anyway), this just returns 0.
+         *
+         * See: #20261.
+         */
+        return 0;
       default:
         /* LCOV_EXCL_START */
         tor_fragile_assert();
diff --git a/src/or/config.c b/src/or/config.c
index 18cbe34be3..93e753bb49 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out,
       goto err;
     }
 
+    if (unix_socket_path && (isolation & ISO_CLIENTADDR)) {
+      /* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
+       * just silently remove the isolation flag.
+       */
+      isolation &= ~ISO_CLIENTADDR;
+    }
+
     if (out && port) {
       size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
       port_cfg_t *cfg = port_cfg_new(namelen);