diff options
| author | David Goulet <dgoulet@torproject.org> | 2020-09-22 10:45:52 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2020-11-18 11:31:37 -0500 |
| commit | ea52705e4b1753a75aac77ec0bc828d70327a4ad (patch) | |
| tree | 331a8d61cd709483ed9cdba428d6141ba0e9938c | |
| parent | fcf5bbb59fe12304dd60da248fafc5d892629d1b (diff) | |
| download | tor-ea52705e4b1753a75aac77ec0bc828d70327a4ad.tar.gz tor-ea52705e4b1753a75aac77ec0bc828d70327a4ad.zip | |
config: Bridge line with a transport must have a ClientTransportPlugin
Fixes #25528
Signed-off-by: David Goulet <dgoulet@torproject.org>
| -rw-r--r-- | changes/ticket25528 | 6 | ||||
| -rw-r--r-- | src/app/config/config.c | 16 | ||||
| -rw-r--r-- | src/feature/client/bridges.c | 11 | ||||
| -rw-r--r-- | src/feature/client/bridges.h | 1 |
4 files changed, 34 insertions, 0 deletions
diff --git a/changes/ticket25528 b/changes/ticket25528 new file mode 100644 index 0000000000..cfc6c91fb7 --- /dev/null +++ b/changes/ticket25528 @@ -0,0 +1,6 @@ + o Minor bugfixes (client, bridge, configuration): + - Exit tor on a misconfiguration when the Bridge line has a transport but + no corresponding ClientTransportPlugin can be found. Prior to this fix, + tor would attempt to connect to the bridge directly without using the + transport leading to a possible leak on the wire. Fixes bug 25528; + bugfix on 0.2.6.1-alpha. diff --git a/src/app/config/config.c b/src/app/config/config.c index 04a82a5c43..79b67e7a90 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -2189,6 +2189,22 @@ options_act,(const or_options_t *old_options)) } } + /* Validate that we actually have a configured transport for a Bridge line + * that has one. This is done here because we require the bridge and + * transport to be added to the global list before doing the validation. + * + * In an ideal world, pt_parse_transport_line() would actually return a + * transport_t object so we could inspect it and thus do this step at + * validation time. */ + SMARTLIST_FOREACH_BEGIN(bridge_list_get(), const bridge_info_t *, bi) { + const char *bi_transport_name = bridget_get_transport_name(bi); + if (bi_transport_name && !transport_get_by_name(bi_transport_name)) { + log_warn(LD_CONFIG, "Bridge line with transport %s is missing a " + "ClientTransportPlugin line", bi_transport_name); + return -1; + } + } SMARTLIST_FOREACH_END(bi); + if (options_act_server_transport(old_options) < 0) return -1; diff --git a/src/feature/client/bridges.c b/src/feature/client/bridges.c index 6e10defa13..8e2bb01661 100644 --- a/src/feature/client/bridges.c +++ b/src/feature/client/bridges.c @@ -164,6 +164,17 @@ bridge_get_addr_port(const bridge_info_t *bridge) return &bridge->addrport_configured; } +/** + * Given a <b>bridge</b>, return the transport name. If none were configured, + * NULL is returned. + */ +const char * +bridget_get_transport_name(const bridge_info_t *bridge) +{ + tor_assert(bridge); + return bridge->transport_name; +} + /** If we have a bridge configured whose digest matches <b>digest</b>, or a * bridge with no known digest whose address matches any of the * tor_addr_port_t's in <b>orports</b>, return that bridge. Else return diff --git a/src/feature/client/bridges.h b/src/feature/client/bridges.h index 174149cf97..1b090e8649 100644 --- a/src/feature/client/bridges.h +++ b/src/feature/client/bridges.h @@ -23,6 +23,7 @@ void sweep_bridge_list(void); const smartlist_t *bridge_list_get(void); const uint8_t *bridge_get_rsa_id_digest(const bridge_info_t *bridge); const tor_addr_port_t * bridge_get_addr_port(const bridge_info_t *bridge); +const char *bridget_get_transport_name(const bridge_info_t *bridge); bridge_info_t *get_configured_bridge_by_addr_port_digest( const tor_addr_t *addr, uint16_t port, |