summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-08-02 10:48:39 -0400
committerNick Mathewson <nickm@torproject.org>2011-08-02 10:48:39 -0400
commit6596aa022f03bad34a3ee9cbd627fefe55c01d54 (patch)
treecf6ea9a451ed365e59c5b8a0389e614636672f90 /src/or
parent478785a762ebbfc1c95192d9cfd4617bd87d9d16 (diff)
downloadtor-6596aa022f03bad34a3ee9cbd627fefe55c01d54.tar.gz
tor-6596aa022f03bad34a3ee9cbd627fefe55c01d54.zip
Implement protocol-type isolation correctly.
Previously we'd just looked at the connection type, but that's always CONN_TYPE_AP. Instead, we should be looking at the type of the listener that created the connection. Spotted by rransom; fixes bug 3636.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/connection.c1
-rw-r--r--src/or/connection_edge.c9
-rw-r--r--src/or/dnsserv.c2
-rw-r--r--src/or/or.h2
4 files changed, 10 insertions, 4 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index c4b320ed49..b885d094cc 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1251,6 +1251,7 @@ connection_init_accepted_conn(connection_t *conn,
TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags;
TO_EDGE_CONN(conn)->session_group = listener->session_group;
TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch();
+ TO_EDGE_CONN(conn)->socks_request->listener_type = listener->_base.type;
switch (TO_CONN(listener)->type) {
case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT;
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 4d3e25458e..8f550cf66a 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2582,6 +2582,7 @@ connection_ap_make_link(connection_t *partner,
}
/* Populate isolation fields. */
+ conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
conn->original_dest_address = tor_strdup(address);
conn->session_group = session_group;
conn->isolation_flags = isolation_flags;
@@ -3362,7 +3363,7 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
strcmp_opt(a->socks_request->password, b->socks_request->password)))
return 0;
if ((iso & ISO_CLIENTPROTO) &&
- (TO_CONN(a)->type != TO_CONN(b)->type ||
+ (a->socks_request->listener_type != b->socks_request->listener_type ||
a->socks_request->socks_version != b->socks_request->socks_version))
return 0;
if ((iso & ISO_CLIENTADDR) &&
@@ -3424,7 +3425,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
strcmp_opt(conn->socks_request->password, circ->socks_password)))
return 0;
if ((iso & ISO_CLIENTPROTO) &&
- (TO_CONN(conn)->type != circ->client_proto_type ||
+ (conn->socks_request->listener_type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver))
return 0;
if ((iso & ISO_CLIENTADDR) &&
@@ -3463,7 +3464,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
return -1;
circ->dest_port = conn->socks_request->port;
circ->dest_address = tor_strdup(conn->original_dest_address);
- circ->client_proto_type = TO_CONN(conn)->type;
+ circ->client_proto_type = conn->socks_request->listener_type;
circ->client_proto_socksver = conn->socks_request->socks_version;
tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);
circ->session_group = conn->session_group;
@@ -3484,7 +3485,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
strcmp_opt(conn->socks_request->password, circ->socks_password))
mixed |= ISO_SOCKSAUTH;
- if ((TO_CONN(conn)->type != circ->client_proto_type ||
+ if ((conn->socks_request->listener_type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver))
mixed |= ISO_CLIENTPROTO;
if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr))
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index 35279c4702..19d0427b2d 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -131,6 +131,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
strlcpy(conn->socks_request->address, q->name,
sizeof(conn->socks_request->address));
+ conn->socks_request->listener_type = listener->_base.type;
conn->dns_server_request = req;
conn->isolation_flags = listener->isolation_flags;
conn->session_group = listener->session_group;
@@ -185,6 +186,7 @@ dnsserv_launch_request(const char *name, int reverse)
strlcpy(conn->socks_request->address, name,
sizeof(conn->socks_request->address));
+ conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
conn->original_dest_address = tor_strdup(name);
conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
conn->nym_epoch = get_signewnym_epoch();
diff --git a/src/or/or.h b/src/or/or.h
index d6d8c7a050..150971b5fb 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3382,6 +3382,8 @@ struct socks_request_t {
uint8_t auth_type;
/** What is this stream's goal? One of the SOCKS_COMMAND_* values */
uint8_t command;
+ /** Which kind of listener created this stream? */
+ uint8_t listener_type;
size_t replylen; /**< Length of <b>reply</b>. */
uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
* we want to specify our own socks reply,