diff options
author | Roger Dingledine <arma@torproject.org> | 2010-12-19 22:08:42 -0500 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2010-12-19 22:08:42 -0500 |
commit | c79427a9921787abab8f0d6e0c621dc974d98453 (patch) | |
tree | 1c7c6a8e83c33c3206e675f9d161f1c1afc9ef17 | |
parent | dd2ae32bc181efdc134c25359bc67d073c48a1d0 (diff) | |
parent | a62038f01db0df22f864623e6d82d69b447c1414 (diff) | |
download | tor-c79427a9921787abab8f0d6e0c621dc974d98453.tar.gz tor-c79427a9921787abab8f0d6e0c621dc974d98453.zip |
Merge branch 'maint-0.2.2'
-rw-r--r-- | ReleaseNotes | 19 | ||||
-rw-r--r-- | changes/security_bug | 5 | ||||
-rw-r--r-- | src/common/compat.c | 15 | ||||
-rw-r--r-- | src/common/compat.h | 16 | ||||
-rw-r--r-- | src/common/crypto.c | 11 | ||||
-rw-r--r-- | src/common/memarea.c | 3 | ||||
-rw-r--r-- | src/common/mempool.c | 4 | ||||
-rw-r--r-- | src/common/torint.h | 2 | ||||
-rw-r--r-- | src/common/util.c | 11 | ||||
-rw-r--r-- | src/or/buffers.c | 2 | ||||
-rw-r--r-- | src/or/circuitbuild.c | 13 | ||||
-rw-r--r-- | src/or/circuitbuild.h | 2 | ||||
-rw-r--r-- | src/or/command.c | 17 | ||||
-rw-r--r-- | src/or/connection_edge.c | 26 | ||||
-rw-r--r-- | src/or/connection_edge.h | 2 | ||||
-rw-r--r-- | src/or/connection_or.c | 5 | ||||
-rw-r--r-- | src/or/onion.c | 14 | ||||
-rw-r--r-- | src/or/onion.h | 12 | ||||
-rw-r--r-- | src/or/or.h | 6 | ||||
-rw-r--r-- | src/or/relay.c | 34 | ||||
-rw-r--r-- | src/or/relay.h | 10 | ||||
-rw-r--r-- | src/or/rendclient.c | 13 | ||||
-rw-r--r-- | src/or/rendclient.h | 9 | ||||
-rw-r--r-- | src/or/rendcommon.c | 2 | ||||
-rw-r--r-- | src/or/rendcommon.h | 3 | ||||
-rw-r--r-- | src/or/rendmid.c | 30 | ||||
-rw-r--r-- | src/or/rendmid.h | 8 | ||||
-rw-r--r-- | src/or/rendservice.c | 9 | ||||
-rw-r--r-- | src/or/rendservice.h | 4 |
29 files changed, 185 insertions, 122 deletions
diff --git a/ReleaseNotes b/ReleaseNotes index 30d35dde0e..617a14a18d 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,25 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.1.28 - 2010-12-17 + Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely + exploitable bugs. We also took this opportunity to change the IP address + for one of our directory authorities, and to update the geoip database + we ship. + + o Major bugfixes: + - Fix a remotely exploitable bug that could be used to crash instances + of Tor remotely by overflowing on the heap. Remote-code execution + hasn't been confirmed, but can't be ruled out. Everyone should + upgrade. Bugfix on the 0.1.1 series and later. + + o Directory authority changes: + - Change IP address and ports for gabelmoo (v3 directory authority). + + o Minor features: + - Update to the December 1 2010 Maxmind GeoLite Country database. + + Changes in version 0.2.1.27 - 2010-11-23 Yet another OpenSSL security patch broke its compatibility with Tor: Tor 0.2.1.27 makes relays work with openssl 0.9.8p and 1.0.0.b. We diff --git a/changes/security_bug b/changes/security_bug new file mode 100644 index 0000000000..990beee506 --- /dev/null +++ b/changes/security_bug @@ -0,0 +1,5 @@ + o Major bugfixes: + - Fix a remotely exploitable bug that could be used to crash instances + of Tor remotely by overflowing on the heap. Remove-code execution + hasn't been confirmed, but can't be ruled out. Obviously, everyone + should upgrade. Bugfix on the 0.1.1 series and later. diff --git a/src/common/compat.c b/src/common/compat.c index d442294e83..f280f7dd92 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -155,6 +155,7 @@ tor_mmap_file(const char *filename) return NULL; } + /* XXXX why not just do fstat here? */ size = filesize = (size_t) lseek(fd, 0, SEEK_END); lseek(fd, 0, SEEK_SET); /* ensure page alignment */ @@ -328,7 +329,7 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args) int r; if (size == 0) return -1; /* no place for the NUL */ - if (size > SSIZE_T_MAX-16) + if (size > SIZE_T_CEILING) return -1; #ifdef MS_WINDOWS r = _vsnprintf(str, size, format, args); @@ -589,7 +590,7 @@ tor_fix_source_file(const char *fname) * unaligned memory access. */ uint16_t -get_uint16(const char *cp) +get_uint16(const void *cp) { uint16_t v; memcpy(&v,cp,2); @@ -601,7 +602,7 @@ get_uint16(const char *cp) * unaligned memory access. */ uint32_t -get_uint32(const char *cp) +get_uint32(const void *cp) { uint32_t v; memcpy(&v,cp,4); @@ -613,7 +614,7 @@ get_uint32(const char *cp) * unaligned memory access. */ uint64_t -get_uint64(const char *cp) +get_uint64(const void *cp) { uint64_t v; memcpy(&v,cp,8); @@ -625,7 +626,7 @@ get_uint64(const char *cp) * *(uint16_t*)(cp) = v, but will not cause segfaults on platforms that forbid * unaligned memory access. */ void -set_uint16(char *cp, uint16_t v) +set_uint16(void *cp, uint16_t v) { memcpy(cp,&v,2); } @@ -634,7 +635,7 @@ set_uint16(char *cp, uint16_t v) * *(uint32_t*)(cp) = v, but will not cause segfaults on platforms that forbid * unaligned memory access. */ void -set_uint32(char *cp, uint32_t v) +set_uint32(void *cp, uint32_t v) { memcpy(cp,&v,4); } @@ -643,7 +644,7 @@ set_uint32(char *cp, uint32_t v) * *(uint64_t*)(cp) = v, but will not cause segfaults on platforms that forbid * unaligned memory access. */ void -set_uint64(char *cp, uint64_t v) +set_uint64(void *cp, uint64_t v) { memcpy(cp,&v,8); } diff --git a/src/common/compat.h b/src/common/compat.h index 590da949c0..334fef05b8 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -500,18 +500,18 @@ long tor_weak_random(void); /* ===== OS compatibility */ const char *get_uname(void); -uint16_t get_uint16(const char *cp) ATTR_PURE ATTR_NONNULL((1)); -uint32_t get_uint32(const char *cp) ATTR_PURE ATTR_NONNULL((1)); -uint64_t get_uint64(const char *cp) ATTR_PURE ATTR_NONNULL((1)); -void set_uint16(char *cp, uint16_t v) ATTR_NONNULL((1)); -void set_uint32(char *cp, uint32_t v) ATTR_NONNULL((1)); -void set_uint64(char *cp, uint64_t v) ATTR_NONNULL((1)); +uint16_t get_uint16(const void *cp) ATTR_PURE ATTR_NONNULL((1)); +uint32_t get_uint32(const void *cp) ATTR_PURE ATTR_NONNULL((1)); +uint64_t get_uint64(const void *cp) ATTR_PURE ATTR_NONNULL((1)); +void set_uint16(void *cp, uint16_t v) ATTR_NONNULL((1)); +void set_uint32(void *cp, uint32_t v) ATTR_NONNULL((1)); +void set_uint64(void *cp, uint64_t v) ATTR_NONNULL((1)); /* These uint8 variants are defined to make the code more uniform. */ #define get_uint8(cp) (*(const uint8_t*)(cp)) -static void set_uint8(char *cp, uint8_t v); +static void set_uint8(void *cp, uint8_t v); static INLINE void -set_uint8(char *cp, uint8_t v) +set_uint8(void *cp, uint8_t v) { *(uint8_t*)cp = v; } diff --git a/src/common/crypto.c b/src/common/crypto.c index 81a432d8d4..e030c56064 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -901,6 +901,8 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data, tor_assert(env); tor_assert(data); tor_assert(sig); + tor_assert(datalen < SIZE_T_CEILING); + tor_assert(siglen < SIZE_T_CEILING); if (crypto_digest(digest,data,datalen)<0) { log_warn(LD_BUG, "couldn't compute digest"); @@ -1001,6 +1003,7 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, tor_assert(env); tor_assert(from); tor_assert(to); + tor_assert(fromlen < SIZE_T_CEILING); overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding)); pkeylen = crypto_pk_keysize(env); @@ -1068,6 +1071,7 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, crypto_cipher_env_t *cipher = NULL; char *buf = NULL; + tor_assert(fromlen < SIZE_T_CEILING); pkeylen = crypto_pk_keysize(env); if (fromlen <= pkeylen) { @@ -1117,7 +1121,7 @@ crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len) int len; unsigned char *buf, *cp; len = i2d_RSAPublicKey(pk->key, NULL); - if (len < 0 || (size_t)len > dest_len) + if (len < 0 || (size_t)len > dest_len || dest_len > SIZE_T_CEILING) return -1; cp = buf = tor_malloc(len+1); len = i2d_RSAPublicKey(pk->key, &cp); @@ -1192,6 +1196,8 @@ add_spaces_to_fp(char *out, size_t outlen, const char *in) { int n = 0; char *end = out+outlen; + tor_assert(outlen < SIZE_T_CEILING); + while (*in && out<end) { *out++ = *in++; if (++n == 4 && *in && out<end) { @@ -1337,6 +1343,7 @@ crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to, tor_assert(from); tor_assert(fromlen); tor_assert(to); + tor_assert(fromlen < SIZE_T_CEILING); aes_crypt(env->cipher, from, fromlen, to); return 0; @@ -1353,6 +1360,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to, tor_assert(env); tor_assert(from); tor_assert(to); + tor_assert(fromlen < SIZE_T_CEILING); aes_crypt(env->cipher, from, fromlen, to); return 0; @@ -1364,6 +1372,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to, int crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *buf, size_t len) { + tor_assert(len < SIZE_T_CEILING); aes_crypt_inplace(env->cipher, buf, len); return 0; } diff --git a/src/common/memarea.c b/src/common/memarea.c index b5ac7ad97a..342a233599 100644 --- a/src/common/memarea.c +++ b/src/common/memarea.c @@ -95,6 +95,7 @@ static memarea_chunk_t *freelist = NULL; static memarea_chunk_t * alloc_chunk(size_t sz, int freelist_ok) { + tor_assert(sz < SIZE_T_CEILING); if (freelist && freelist_ok) { memarea_chunk_t *res = freelist; freelist = res->next_chunk; @@ -211,6 +212,7 @@ memarea_alloc(memarea_t *area, size_t sz) char *result; tor_assert(chunk); CHECK_SENTINEL(chunk); + tor_assert(sz < SIZE_T_CEILING); if (sz == 0) sz = 1; if (chunk->next_mem+sz > chunk->u.mem+chunk->mem_size) { @@ -270,6 +272,7 @@ memarea_strndup(memarea_t *area, const char *s, size_t n) size_t ln; char *result; const char *cp, *end = s+n; + tor_assert(n < SIZE_T_CEILING); for (cp = s; cp < end && *cp; ++cp) ; /* cp now points to s+n, or to the 0 in the string. */ diff --git a/src/common/mempool.c b/src/common/mempool.c index c795d83f0c..9d019d618e 100644 --- a/src/common/mempool.c +++ b/src/common/mempool.c @@ -357,6 +357,10 @@ mp_pool_new(size_t item_size, size_t chunk_capacity) mp_pool_t *pool; size_t alloc_size, new_chunk_cap; + tor_assert(item_size < SIZE_T_CEILING); + tor_assert(chunk_capacity < SIZE_T_CEILING); + tor_assert(SIZE_T_CEILING / item_size > chunk_capacity); + pool = ALLOC(sizeof(mp_pool_t)); CHECK_ALLOC(pool); memset(pool, 0, sizeof(mp_pool_t)); diff --git a/src/common/torint.h b/src/common/torint.h index 57f18212ad..a57d501002 100644 --- a/src/common/torint.h +++ b/src/common/torint.h @@ -330,7 +330,7 @@ typedef uint32_t uintptr_t; #endif /* Any size_t larger than this amount is likely to be an underflow. */ -#define SIZE_T_CEILING (sizeof(char)<<(sizeof(size_t)*8 - 1)) +#define SIZE_T_CEILING (SSIZE_T_MAX-16) #endif /* __TORINT_H */ diff --git a/src/common/util.c b/src/common/util.c index 95d2b87c5d..6b0d2408a3 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -123,6 +123,8 @@ _tor_malloc(size_t size DMALLOC_PARAMS) { void *result; + tor_assert(size < SIZE_T_CEILING); + #ifndef MALLOC_ZERO_WORKS /* Some libc mallocs don't work when size==0. Override them. */ if (size==0) { @@ -219,6 +221,7 @@ _tor_strndup(const char *s, size_t n DMALLOC_PARAMS) { char *dup; tor_assert(s); + tor_assert(n < SIZE_T_CEILING); dup = _tor_malloc((n+1) DMALLOC_FN_ARGS); /* Performance note: Ordinarily we prefer strlcpy to strncpy. But * this function gets called a whole lot, and platform strncpy is @@ -235,6 +238,7 @@ void * _tor_memdup(const void *mem, size_t len DMALLOC_PARAMS) { char *dup; + tor_assert(len < SIZE_T_CEILING); tor_assert(mem); dup = _tor_malloc(len DMALLOC_FN_ARGS); memcpy(dup, mem, len); @@ -264,12 +268,15 @@ void * _tor_malloc_roundup(size_t *sizep DMALLOC_PARAMS) { #ifdef HAVE_MALLOC_GOOD_SIZE + tor_assert(*sizep < SIZE_T_CEILING); *sizep = malloc_good_size(*sizep); return _tor_malloc(*sizep DMALLOC_FN_ARGS); #elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC) /* Never use malloc_usable_size(); it makes valgrind really unhappy, * and doesn't win much in terms of usable space where it exists. */ - void *result = _tor_malloc(*sizep DMALLOC_FN_ARGS); + void *result; + tor_assert(*sizep < SIZE_T_CEILING); + result = _tor_malloc(*sizep DMALLOC_FN_ARGS); *sizep = malloc_usable_size(result); return result; #else @@ -2055,7 +2062,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) return NULL; } - if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_MAX) + if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_CEILING) return NULL; string = tor_malloc((size_t)(statbuf.st_size+1)); diff --git a/src/or/buffers.c b/src/or/buffers.c index 11c4fc8b9b..1018a24499 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1003,7 +1003,7 @@ fetch_var_cell_from_buf(buf_t *buf, var_cell_t **out, int linkproto) result->circ_id = ntohs(get_uint16(hdr)); buf_remove_from_front(buf, VAR_CELL_HEADER_SIZE); - peek_from_buf(result->payload, length, buf); + peek_from_buf((char*) result->payload, length, buf); buf_remove_from_front(buf, length); check(); diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 1741548130..5cb8df706f 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1897,7 +1897,7 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) * and a DH operation. */ cell_type = CELL_CREATE_FAST; memset(payload, 0, sizeof(payload)); - crypto_rand(circ->cpath->fast_handshake_state, + crypto_rand((char*) circ->cpath->fast_handshake_state, sizeof(circ->cpath->fast_handshake_state)); memcpy(payload, circ->cpath->fast_handshake_state, sizeof(circ->cpath->fast_handshake_state)); @@ -2076,8 +2076,8 @@ circuit_extend(cell_t *cell, circuit_t *circ) n_addr32 = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE)); n_port = ntohs(get_uint16(cell->payload+RELAY_HEADER_SIZE+4)); - onionskin = cell->payload+RELAY_HEADER_SIZE+4+2; - id_digest = cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN; + onionskin = (char*) cell->payload+RELAY_HEADER_SIZE+4+2; + id_digest = (char*) cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN; tor_addr_from_ipv4h(&n_addr, n_addr32); if (!n_port || !n_addr32) { @@ -2215,7 +2215,7 @@ circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data, */ int circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type, - const char *reply) + const uint8_t *reply) { char keys[CPATH_KEY_MATERIAL_LEN]; crypt_path_t *hop; @@ -2232,7 +2232,7 @@ circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type, tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS); if (reply_type == CELL_CREATED && hop->dh_handshake_state) { - if (onion_skin_client_handshake(hop->dh_handshake_state, reply, keys, + if (onion_skin_client_handshake(hop->dh_handshake_state, (char*)reply, keys, DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) { log_warn(LD_CIRC,"onion_skin_client_handshake failed."); return -END_CIRC_REASON_TORPROTOCOL; @@ -2240,7 +2240,8 @@ circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type, /* Remember hash of g^xy */ memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN); } else if (reply_type == CELL_CREATED_FAST && !hop->dh_handshake_state) { - if (fast_client_handshake(hop->fast_handshake_state, reply, keys, + if (fast_client_handshake(hop->fast_handshake_state, reply, + (uint8_t*)keys, DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) { log_warn(LD_CIRC,"fast_client_handshake failed."); return -END_CIRC_REASON_TORPROTOCOL; diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 7c125e96b1..552d1dbab8 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -31,7 +31,7 @@ int circuit_extend(cell_t *cell, circuit_t *circ); int circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data, int reverse); int circuit_finish_handshake(origin_circuit_t *circ, uint8_t cell_type, - const char *reply); + const uint8_t *reply); int circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer); int onionskin_answer(or_circuit_t *circ, uint8_t cell_type, const char *payload, const char *keys); diff --git a/src/or/command.c b/src/or/command.c index 60c9184b57..c29c49da36 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -310,7 +310,8 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn) char keys[CPATH_KEY_MATERIAL_LEN]; char reply[DIGEST_LEN*2]; tor_assert(cell->command == CELL_CREATE_FAST); - if (fast_server_handshake(cell->payload, reply, keys, sizeof(keys))<0) { + if (fast_server_handshake(cell->payload, (uint8_t*)reply, + (uint8_t*)keys, sizeof(keys))<0) { log_warn(LD_OR,"Failed to generate key material. Closing."); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); return; @@ -357,7 +358,7 @@ command_process_created_cell(cell_t *cell, or_connection_t *conn) int err_reason = 0; log_debug(LD_OR,"at OP. Finishing handshake."); if ((err_reason = circuit_finish_handshake(origin_circ, cell->command, - cell->payload)) < 0) { + cell->payload)) < 0) { log_warn(LD_OR,"circuit_finish_handshake failed."); circuit_mark_for_close(circ, -err_reason); return; @@ -373,7 +374,7 @@ command_process_created_cell(cell_t *cell, or_connection_t *conn) log_debug(LD_OR, "Converting created cell to extended relay cell, sending."); relay_send_command_from_edge(0, circ, RELAY_COMMAND_EXTENDED, - cell->payload, ONIONSKIN_REPLY_LEN, + (char*)cell->payload, ONIONSKIN_REPLY_LEN, NULL); } } @@ -503,7 +504,7 @@ static void command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) { int highest_supported_version = 0; - const char *cp, *end; + const uint8_t *cp, *end; if (conn->link_proto != 0 || conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING || (conn->handshake_state && conn->handshake_state->received_versions)) { @@ -557,8 +558,8 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) time_t timestamp; uint8_t my_addr_type; uint8_t my_addr_len; - const char *my_addr_ptr; - const char *cp, *end; + const uint8_t *my_addr_ptr; + const uint8_t *cp, *end; uint8_t n_other_addrs; time_t now = time(NULL); @@ -586,7 +587,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) my_addr_type = (uint8_t) cell->payload[4]; my_addr_len = (uint8_t) cell->payload[5]; - my_addr_ptr = cell->payload + 6; + my_addr_ptr = (uint8_t*) cell->payload + 6; end = cell->payload + CELL_PAYLOAD_SIZE; cp = cell->payload + 6 + my_addr_len; if (cp >= end) { @@ -603,7 +604,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) /* Consider all the other addresses; if any matches, this connection is * "canonical." */ tor_addr_t addr; - const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp)); + const uint8_t *next = decode_address_from_payload(&addr, cp, (int)(end-cp)); if (next == NULL) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Bad address in netinfo cell; closing connection."); diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 4e988bd04c..36eb6a2119 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1489,7 +1489,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]", orig_address); connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME, - strlen(result), result, -1, + strlen(result), (uint8_t*)result, + -1, map_expires); connection_mark_unattached_ap(conn, END_STREAM_REASON_DONE | @@ -1610,7 +1611,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, /* remember _what_ is supposed to have been resolved. */ strlcpy(socks->address, orig_address, sizeof(socks->address)); connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4, - (char*)&answer,-1,map_expires); + (uint8_t*)&answer, + -1,map_expires); connection_mark_unattached_ap(conn, END_STREAM_REASON_DONE | END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED); @@ -2325,7 +2327,7 @@ void connection_ap_handshake_socks_resolved(edge_connection_t *conn, int answer_type, size_t answer_len, - const char *answer, + const uint8_t *answer, int ttl, time_t expires) { @@ -2339,7 +2341,7 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn, client_dns_set_addressmap(conn->socks_request->address, a, conn->chosen_exit_name, ttl); } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) { - char *cp = tor_strndup(answer, answer_len); + char *cp = tor_strndup((char*)answer, answer_len); client_dns_set_reverse_addressmap(conn->socks_request->address, cp, conn->chosen_exit_name, ttl); @@ -2350,14 +2352,14 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn, if (conn->is_dns_request) { if (conn->dns_server_request) { /* We had a request on our DNS port: answer it. */ - dnsserv_resolved(conn, answer_type, answer_len, answer, ttl); + dnsserv_resolved(conn, answer_type, answer_len, (char*)answer, ttl); conn->socks_request->has_finished = 1; return; } else { /* This must be a request from the controller. We already sent * a mapaddress if there's a ttl. */ tell_controller_about_resolved_result(conn, answer_type, answer_len, - answer, ttl, expires); + (char*)answer, ttl, expires); conn->socks_request->has_finished = 1; return; } @@ -2502,6 +2504,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) or_circ = TO_OR_CIRCUIT(circ); relay_header_unpack(&rh, cell->payload); + if (rh.length > RELAY_PAYLOAD_SIZE) + return -1; /* Note: we have to use relay_send_command_from_edge here, not * connection_edge_end or connection_edge_send_command, since those require @@ -2525,7 +2529,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) END_STREAM_REASON_TORPROTOCOL, NULL); return 0; } - if (parse_addr_port(LOG_PROTOCOL_WARN, cell->payload+RELAY_HEADER_SIZE, + if (parse_addr_port(LOG_PROTOCOL_WARN, + (char*)(cell->payload+RELAY_HEADER_SIZE), &address,NULL,&port)<0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Unable to parse addr:port in relay begin cell. Closing."); @@ -2690,6 +2695,8 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ) assert_circuit_ok(TO_CIRCUIT(circ)); relay_header_unpack(&rh, cell->payload); + if (rh.length > RELAY_PAYLOAD_SIZE) + return -1; /* This 'dummy_conn' only exists to remember the stream ID * associated with the resolve request; and to make the @@ -2700,8 +2707,9 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ) */ dummy_conn = edge_connection_new(CONN_TYPE_EXIT, AF_INET); dummy_conn->stream_id = rh.stream_id; - dummy_conn->_base.address = tor_strndup(cell->payload+RELAY_HEADER_SIZE, - rh.length); + dummy_conn->_base.address = tor_strndup( + (char*)cell->payload+RELAY_HEADER_SIZE, + rh.length); dummy_conn->_base.port = 0; dummy_conn->_base.state = EXIT_CONN_STATE_RESOLVEFAILED; dummy_conn->_base.purpose = EXIT_PURPOSE_RESOLVE; diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h index f54d7a44ec..dd8454c372 100644 --- a/src/or/connection_edge.h +++ b/src/or/connection_edge.h @@ -39,7 +39,7 @@ void connection_ap_handshake_socks_reply(edge_connection_t *conn, char *reply, void connection_ap_handshake_socks_resolved(edge_connection_t *conn, int answer_type, size_t answer_len, - const char *answer, + const uint8_t *answer, int ttl, time_t expires); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index a79c1e5079..248bffda91 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1403,7 +1403,8 @@ connection_or_write_var_cell_to_buf(const var_cell_t *cell, tor_assert(conn); var_cell_pack_header(cell, hdr); connection_write_to_buf(hdr, sizeof(hdr), TO_CONN(conn)); - connection_write_to_buf(cell->payload, cell->payload_len, TO_CONN(conn)); + connection_write_to_buf((char*)cell->payload, + cell->payload_len, TO_CONN(conn)); if (cell->command != CELL_PADDING) conn->timestamp_last_added_nonpadding = approx_time(); } @@ -1538,7 +1539,7 @@ connection_or_send_netinfo(or_connection_t *conn) time_t now = time(NULL); const routerinfo_t *me; int len; - char *out; + uint8_t *out; memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_NETINFO; diff --git a/src/or/onion.c b/src/or/onion.c index fa001656e6..4d14f9095b 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -349,9 +349,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state, * Return 0 on success, <0 on failure. **/ int -fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */ - char *handshake_reply_out, /* DIGEST_LEN*2 bytes */ - char *key_out, +fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */ + uint8_t *handshake_reply_out, /* DIGEST_LEN*2 bytes */ + uint8_t *key_out, size_t key_out_len) { char tmp[DIGEST_LEN+DIGEST_LEN]; @@ -359,7 +359,7 @@ fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */ size_t out_len; int r = -1; - if (crypto_rand(handshake_reply_out, DIGEST_LEN)<0) + if (crypto_rand((char*)handshake_reply_out, DIGEST_LEN)<0) return -1; memcpy(tmp, key_in, DIGEST_LEN); @@ -392,9 +392,9 @@ fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */ * and protected by TLS). */ int -fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */ - const char *handshake_reply_out, /* DIGEST_LEN*2 bytes */ - char *key_out, +fast_client_handshake(const uint8_t *handshake_state, /* DIGEST_LEN bytes */ + const uint8_t *handshake_reply_out, /* DIGEST_LEN*2 bytes */ + uint8_t *key_out, size_t key_out_len) { char tmp[DIGEST_LEN+DIGEST_LEN]; diff --git a/src/or/onion.h b/src/or/onion.h index e84dbb47be..e097dcdbb3 100644 --- a/src/or/onion.h +++ b/src/or/onion.h @@ -32,14 +32,14 @@ int onion_skin_client_handshake(crypto_dh_env_t *handshake_state, char *key_out, size_t key_out_len); -int fast_server_handshake(const char *key_in, - char *handshake_reply_out, - char *key_out, +int fast_server_handshake(const uint8_t *key_in, + uint8_t *handshake_reply_out, + uint8_t *key_out, size_t key_out_len); -int fast_client_handshake(const char *handshake_state, - const char *handshake_reply_out, - char *key_out, +int fast_client_handshake(const uint8_t *handshake_state, + const uint8_t *handshake_reply_out, + uint8_t *key_out, size_t key_out_len); void clear_pending_onions(void); diff --git a/src/or/or.h b/src/or/or.h index c5349aed55..c186e884f2 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -850,7 +850,7 @@ typedef struct cell_t { circid_t circ_id; /**< Circuit which received the cell. */ uint8_t command; /**< Type of the cell: one of CELL_PADDING, CELL_CREATE, * CELL_DESTROY, etc */ - char payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */ + uint8_t payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */ } cell_t; /** Parsed variable-length onion routing cell. */ @@ -858,7 +858,7 @@ typedef struct var_cell_t { uint8_t command; circid_t circ_id; uint16_t payload_len; - char payload[1]; + uint8_t payload[1]; } var_cell_t; /** A cell as packed for writing to the network. */ @@ -2111,7 +2111,7 @@ typedef struct crypt_path_t { * authentication, secrecy, and integrity we need, and we're already * distinguishable from an OR. */ - char fast_handshake_state[DIGEST_LEN]; + uint8_t fast_handshake_state[DIGEST_LEN]; /** Negotiated key material shared with the OR at this step. */ char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */ diff --git a/src/or/relay.c b/src/or/relay.c index 6529efb243..fb53d2422f 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -98,7 +98,7 @@ relay_set_digest(crypto_digest_env_t *digest, cell_t *cell) char integrity[4]; relay_header_t rh; - crypto_digest_add_bytes(digest, cell->payload, CELL_PAYLOAD_SIZE); + crypto_digest_add_bytes(digest, (char*)cell->payload, CELL_PAYLOAD_SIZE); crypto_digest_get_digest(digest, integrity, 4); // log_fn(LOG_DEBUG,"Putting digest of %u %u %u %u into relay cell.", // integrity[0], integrity[1], integrity[2], integrity[3]); @@ -131,7 +131,7 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell) // received_integrity[0], received_integrity[1], // received_integrity[2], received_integrity[3]); - crypto_digest_add_bytes(digest, cell->payload, CELL_PAYLOAD_SIZE); + crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE); crypto_digest_get_digest(digest, calculated_integrity, 4); if (memcmp(received_integrity, calculated_integrity, 4)) { @@ -157,12 +157,12 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell) * Return -1 if the crypto fails, else return 0. */ static int -relay_crypt_one_payload(crypto_cipher_env_t *cipher, char *in, +relay_crypt_one_payload(crypto_cipher_env_t *cipher, uint8_t *in, int encrypt_mode) { int r; (void)encrypt_mode; - r = crypto_cipher_crypt_inplace(cipher, in, CELL_PAYLOAD_SIZE); + r = crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE); if (r) { log_warn(LD_BUG,"Error during relay encryption"); @@ -477,10 +477,9 @@ relay_lookup_conn(circuit_t *circ, cell_t *cell, * about the wire format. */ void -relay_header_pack(char *dest, const relay_header_t *src) +relay_header_pack(uint8_t *dest, const relay_header_t *src) { - *(uint8_t*)(dest) = src->command; - + set_uint8(dest, src->command); set_uint16(dest+1, htons(src->recognized)); set_uint16(dest+3, htons(src->stream_id)); memcpy(dest+5, src->integrity, 4); @@ -491,10 +490,9 @@ relay_header_pack(char *dest, const relay_header_t *src) * relay_header_t structure <b>dest</b>. */ void -relay_header_unpack(relay_header_t *dest, const char *src) +relay_header_unpack(relay_header_t *dest, const uint8_t *src) { - dest->command = *(uint8_t*)(src); - + dest->command = get_uint8(src); dest->recognized = ntohs(get_uint16(src+1)); dest->stream_id = ntohs(get_uint16(src+3)); memcpy(dest->integrity, src+5, 4); @@ -1119,13 +1117,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, } stats_n_data_bytes_received += rh.length; - connection_write_to_buf(cell->payload + RELAY_HEADER_SIZE, + connection_write_to_buf((char*)(cell->payload + RELAY_HEADER_SIZE), rh.length, TO_CONN(conn)); connection_edge_consider_sending_sendme(conn); return 0; case RELAY_COMMAND_END: reason = rh.length > 0 ? - *(uint8_t *)(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC; + get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC; if (!conn) { log_info(domain,"end cell (%s) dropped, unknown stream.", stream_end_reason_to_string(reason)); @@ -2457,7 +2455,7 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn, * ADDRESS [length bytes] * Return the number of bytes added, or -1 on error */ int -append_address_to_payload(char *payload_out, const tor_addr_t *addr) +append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr) { uint32_t a; switch (tor_addr_family(addr)) { @@ -2482,13 +2480,13 @@ append_address_to_payload(char *payload_out, const tor_addr_t *addr) * encoded as by append_address_to_payload(), try to decode the address into * *<b>addr_out</b>. Return the next byte in the payload after the address on * success, or NULL on failure. */ -const char * -decode_address_from_payload(tor_addr_t *addr_out, const char *payload, +const uint8_t * +decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len) { if (payload_len < 2) return NULL; - if (payload_len < 2+(uint8_t)payload[1]) + if (payload_len < 2+payload[1]) return NULL; switch (payload[0]) { @@ -2500,13 +2498,13 @@ decode_address_from_payload(tor_addr_t *addr_out, const char *payload, case RESOLVED_TYPE_IPV6: if (payload[1] != 16) return NULL; - tor_addr_from_ipv6_bytes(addr_out, payload+2); + tor_addr_from_ipv6_bytes(addr_out, (char*)(payload+2)); break; default: tor_addr_make_unspec(addr_out); break; } - return payload + 2 + (uint8_t)payload[1]; + return payload + 2 + payload[1]; } /** Remove all the cells queued on <b>circ</b> for <b>orconn</b>. */ diff --git a/src/or/relay.h b/src/or/relay.h index 08a1ffe789..8ccf0e2b30 100644 --- a/src/or/relay.h +++ b/src/or/relay.h @@ -18,8 +18,8 @@ extern uint64_t stats_n_relay_cells_delivered; int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction); -void relay_header_pack(char *dest, const relay_header_t *src); -void relay_header_unpack(relay_header_t *dest, const char *src); +void relay_header_pack(uint8_t *dest, const relay_header_t *src); +void relay_header_unpack(relay_header_t *dest, const uint8_t *src); int relay_send_command_from_edge(streamid_t stream_id, circuit_t *circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer); @@ -55,9 +55,9 @@ void assert_active_circuits_ok(or_connection_t *orconn); void make_circuit_inactive_on_conn(circuit_t *circ, or_connection_t *conn); void make_circuit_active_on_conn(circuit_t *circ, or_connection_t *conn); -int append_address_to_payload(char *payload_out, const tor_addr_t *addr); -const char *decode_address_from_payload(tor_addr_t *addr_out, - const char *payload, +int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr); +const uint8_t *decode_address_from_payload(tor_addr_t *addr_out, + const uint8_t *payload, int payload_len); unsigned cell_ewma_get_tick(void); void cell_ewma_set_scale_factor(or_options_t *options, diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 5c5c48afbd..b6f5990d88 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -235,7 +235,7 @@ rend_client_rendcirc_has_opened(origin_circuit_t *circ) */ int rend_client_introduction_acked(origin_circuit_t *circ, - const char *request, size_t request_len) + const uint8_t *request, size_t request_len) { origin_circuit_t *rendcirc; (void) request; // XXXX Use this. @@ -584,7 +584,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro, * the circuit to C_REND_READY. */ int -rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request, +rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request, size_t request_len) { (void) request; @@ -610,7 +610,7 @@ rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request, /** Bob sent us a rendezvous cell; join the circuits. */ int -rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request, +rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, size_t request_len) { crypt_path_t *hop; @@ -638,9 +638,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request, tor_assert(circ->build_state->pending_final_cpath); hop = circ->build_state->pending_final_cpath; tor_assert(hop->dh_handshake_state); - if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->dh_handshake_state, - request, DH_KEY_LEN, keys, - DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { + if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, + hop->dh_handshake_state, (char*)request, + DH_KEY_LEN, + keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { log_warn(LD_GENERAL, "Couldn't complete DH handshake."); goto err; } diff --git a/src/or/rendclient.h b/src/or/rendclient.h index 842fe0b8ce..79d37b2a58 100644 --- a/src/or/rendclient.h +++ b/src/or/rendclient.h @@ -14,14 +14,17 @@ void rend_client_introcirc_has_opened(origin_circuit_t *circ); void rend_client_rendcirc_has_opened(origin_circuit_t *circ); -int rend_client_introduction_acked(origin_circuit_t *circ, const char *request, +int rend_client_introduction_acked(origin_circuit_t *circ, + const uint8_t *request, size_t request_len); void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query); int rend_client_remove_intro_point(extend_info_t *failed_intro, const rend_data_t *rend_query); -int rend_client_rendezvous_acked(origin_circuit_t *circ, const char *request, +int rend_client_rendezvous_acked(origin_circuit_t *circ, + const uint8_t *request, size_t request_len); -int rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request, +int rend_client_receive_rendezvous(origin_circuit_t *circ, + const uint8_t *request, size_t request_len); void rend_client_desc_trynow(const char *query); diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index ec6680b1e6..85d97e0253 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1358,7 +1358,7 @@ rend_cache_store_v2_desc_as_client(const char *desc, void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, - const char *payload) + const uint8_t *payload) { or_circuit_t *or_circ = NULL; origin_circuit_t *origin_circ = NULL; diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h index 00705022a2..d3313faf5a 100644 --- a/src/or/rendcommon.h +++ b/src/or/rendcommon.h @@ -22,7 +22,8 @@ rend_data_free(rend_data_t *data) int rend_cmp_service_ids(const char *one, const char *two); void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, - int command, size_t length, const char *payload); + int command, size_t length, + const uint8_t *payload); void rend_service_descriptor_free(rend_service_descriptor_t *desc); rend_service_descriptor_t *rend_parse_service_descriptor(const char *str, diff --git a/src/or/rendmid.c b/src/or/rendmid.c index d392f8e53a..bc36a4e117 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -18,7 +18,7 @@ * setting the circuit's purpose and service pk digest. */ int -rend_mid_establish_intro(or_circuit_t *circ, const char *request, +rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len) { crypto_pk_env_t *pk = NULL; @@ -48,7 +48,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request, /* Next asn1len bytes: asn1-encoded key. */ if (request_len < 2+DIGEST_LEN+asn1len) goto truncated; - pk = crypto_pk_asn1_decode(request+2, asn1len); + pk = crypto_pk_asn1_decode((char*)(request+2), asn1len); if (!pk) { reason = END_CIRC_REASON_TORPROTOCOL; log_warn(LD_PROTOCOL, "Couldn't decode public key."); @@ -69,8 +69,8 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request, } /* Rest of body: signature of previous data */ note_crypto_pk_op(REND_MID); - if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN, - request+2+DIGEST_LEN+asn1len, + if (crypto_pk_public_checksig_digest(pk, (char*)request, 2+asn1len+DIGEST_LEN, + (char*)(request+2+DIGEST_LEN+asn1len), request_len-(2+DIGEST_LEN+asn1len))<0) { log_warn(LD_PROTOCOL, "Incorrect signature on ESTABLISH_INTRO cell; rejecting."); @@ -130,7 +130,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const char *request, * INTRODUCE2 cell. */ int -rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len) +rend_mid_introduce(or_circuit_t *circ, const uint8_t *request, size_t request_len) { or_circuit_t *intro_circ; char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; @@ -159,10 +159,10 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len) } base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - request, REND_SERVICE_ID_LEN); + (char*)request, REND_SERVICE_ID_LEN); /* The first 20 bytes are all we look at: they have a hash of Bob's PK. */ - intro_circ = circuit_get_intro_point(request); + intro_circ = circuit_get_intro_point((char*)request); if (!intro_circ) { log_info(LD_REND, "No intro circ found for INTRODUCE1 cell (%s) from circuit %d; " @@ -180,7 +180,7 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len) /* Great. Now we just relay the cell down the circuit. */ if (relay_send_command_from_edge(0, TO_CIRCUIT(intro_circ), RELAY_COMMAND_INTRODUCE2, - request, request_len, NULL)) { + (char*)request, request_len, NULL)) { log_warn(LD_GENERAL, "Unable to send INTRODUCE2 cell to Tor client."); goto err; @@ -212,7 +212,7 @@ rend_mid_introduce(or_circuit_t *circ, const char *request, size_t request_len) * rendezvous cookie. */ int -rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request, +rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len) { char hexid[9]; @@ -232,7 +232,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request, goto err; } - if (circuit_get_rendezvous(request)) { + if (circuit_get_rendezvous((char*)request)) { log_warn(LD_PROTOCOL, "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS."); goto err; @@ -250,7 +250,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request, circ->_base.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING; memcpy(circ->rend_token, request, REND_COOKIE_LEN); - base16_encode(hexid,9,request,4); + base16_encode(hexid,9,(char*)request,4); log_info(LD_REND, "Established rendezvous point on circuit %d for cookie %s", @@ -267,13 +267,13 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request, * connecting the two circuits. */ int -rend_mid_rendezvous(or_circuit_t *circ, const char *request, +rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len) { or_circuit_t *rend_circ; char hexid[9]; int reason = END_CIRC_REASON_INTERNAL; - base16_encode(hexid,9,request,request_len<4?request_len:4); + base16_encode(hexid,9,(char*)request,request_len<4?request_len:4); if (request_len>=4) { log_info(LD_REND, @@ -297,7 +297,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const char *request, goto err; } - rend_circ = circuit_get_rendezvous(request); + rend_circ = circuit_get_rendezvous((char*)request); if (!rend_circ) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.", @@ -309,7 +309,7 @@ rend_mid_rendezvous(or_circuit_t *circ, const char *request, /* Send the RENDEZVOUS2 cell to Alice. */ if (relay_send_command_from_edge(0, TO_CIRCUIT(rend_circ), RELAY_COMMAND_RENDEZVOUS2, - request+REND_COOKIE_LEN, + (char*)(request+REND_COOKIE_LEN), request_len-REND_COOKIE_LEN, NULL)) { log_warn(LD_GENERAL, "Unable to send RENDEZVOUS2 cell to client on circuit %d.", diff --git a/src/or/rendmid.h b/src/or/rendmid.h index 4d08d4c8b9..f06dd3d85e 100644 --- a/src/or/rendmid.h +++ b/src/or/rendmid.h @@ -12,13 +12,13 @@ #ifndef _TOR_RENDMID_H #define _TOR_RENDMID_H -int rend_mid_establish_intro(or_circuit_t *circ, const char *request, +int rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len); -int rend_mid_introduce(or_circuit_t *circ, const char *request, +int rend_mid_introduce(or_circuit_t *circ, const uint8_t *request, size_t request_len); -int rend_mid_establish_rendezvous(or_circuit_t *circ, const char *request, +int rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len); -int rend_mid_rendezvous(or_circuit_t *circ, const char *request, +int rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len); #endif diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 0f63776ef2..2d731f7b0f 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -850,7 +850,7 @@ clean_accepted_intros(rend_service_t *service, time_t now) * rendezvous point. */ int -rend_service_introduce(origin_circuit_t *circuit, const char *request, +rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, size_t request_len) { char *ptr, *r_cookie; @@ -914,7 +914,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, crypto_pk_get_digest(intro_key, intro_key_digest); if (memcmp(intro_key_digest, request, DIGEST_LEN)) { base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - request, REND_SERVICE_ID_LEN); + (char*)request, REND_SERVICE_ID_LEN); log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).", escaped(serviceid)); return -1; @@ -929,7 +929,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, /* Next N bytes is encrypted with service key */ note_crypto_pk_op(REND_SERVER); r = crypto_pk_private_hybrid_decrypt( - intro_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN, + intro_key,buf,(char*)(request+DIGEST_LEN),request_len-DIGEST_LEN, PK_PKCS1_OAEP_PADDING,1); if (r<0) { log_warn(LD_PROTOCOL, "Couldn't decrypt INTRODUCE2 cell."); @@ -1393,7 +1393,8 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) * live introduction point, and note that the service descriptor is * now out-of-date.*/ int -rend_service_intro_established(origin_circuit_t *circuit, const char *request, +rend_service_intro_established(origin_circuit_t *circuit, + const uint8_t *request, size_t request_len) { rend_service_t *service; diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 1767714c60..722cec1561 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -22,10 +22,10 @@ void rend_consider_descriptor_republication(void); void rend_service_intro_has_opened(origin_circuit_t *circuit); int rend_service_intro_established(origin_circuit_t *circuit, - const char *request, + const uint8_t *request, size_t request_len); void rend_service_rendezvous_has_opened(origin_circuit_t *circuit); -int rend_service_introduce(origin_circuit_t *circuit, const char *request, +int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, size_t request_len); void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc); int rend_service_set_connection_addr_port(edge_connection_t *conn, |