protover: Fix memleak in Rust impl of protover_compute_for_old_tor.

* FIXES #25127: https://bugs.torproject.org/25127 * ADDS a new module to the Rust tor_util crate for small utilities for working with static strings between languages. * CHANGES the return type of protover_compute_for_old_tor to point to immutable data. * CHANGES the code from the previous commit to use the new static string utilities.
author: Isis Lovecruft <isis@torproject.org> 2018-02-06 14:15:33 +0000
committer: Isis Lovecruft <isis@torproject.org> 2018-02-07 22:51:58 +0000
commit: b85436c5961d1b2168c3954a7e718e03a121473f (patch)
tree: 6b03f9cc9384c31cb17bf4c92bf67c1259e6141d /src/rust/protover
parent: 7ea9e080c58f16fecefa5a0a20406635a2034366 (diff)
download: tor-b85436c5961d1b2168c3954a7e718e03a121473f.tar.gz
tor-b85436c5961d1b2168c3954a7e718e03a121473f.zip
3 files changed, 43 insertions, 31 deletions
diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs
index 5fefa8f7c0..5519b75ea4 100644
--- a/src/rust/protover/ffi.rs
+++ b/src/rust/protover/ffi.rs
@@ -12,6 +12,9 @@ use std::ffi::CString;
 use protover::*;
 use smartlist::*;
 use tor_allocate::allocate_and_copy_string;
+use tor_util::strings::byte_slice_is_c_like;
+use tor_util::strings::empty_static_cstr;
+
 
 /// Translate C enums to Rust Proto enums, using the integer value of the C
 /// enum to map to its associated Rust enum
@@ -144,8 +147,7 @@ pub extern "C" fn protover_get_supported_protocols() -> *const c_char {
     // bytes.  An assert is okay here, since changing the const byte slice
     // in protover.rs to contain a NUL byte somewhere in the middle would be a
     // programming error.
-    assert!(!SUPPORTED_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1].contains(&0x00));
-    assert!(SUPPORTED_PROTOCOLS[SUPPORTED_PROTOCOLS.len() - 1] == 0x00);
+    assert!(byte_slice_is_c_like(SUPPORTED_PROTOCOLS));
 
     // It's okay to call the "unchecked" version of the function because
     // we can see that the bytes we're passing into it 1) are valid UTF-8,
@@ -200,15 +202,15 @@ pub extern "C" fn protover_is_supported_here(
 /// Provide an interface for C to translate arguments and return types for
 /// protover::compute_for_old_tor
 #[no_mangle]
-pub extern "C" fn protover_compute_for_old_tor(
-    version: *const c_char,
-) -> *mut c_char {
-    // Not handling errors when unwrapping as the content is controlled
-    // and is an empty string
-    let empty = String::new();
+pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const c_char {
+    let supported: &'static CStr;
+    let elder_protocols: &'static [u8];
+    let empty: &'static CStr;
+
+    empty = empty_static_cstr();
 
     if version.is_null() {
-        return allocate_and_copy_string(&empty);
+        return empty.as_ptr();
     }
 
     // Require an unsafe block to read the version from a C string. The pointer
@@ -217,10 +219,24 @@ pub extern "C" fn protover_compute_for_old_tor(
 
     let version = match c_str.to_str() {
         Ok(n) => n,
-        Err(_) => return allocate_and_copy_string(&empty),
+        Err(_) => return empty.as_ptr(),
     };
 
-    let supported = compute_for_old_tor(&version);
+    elder_protocols = compute_for_old_tor(&version);
+
+    // If we're going to pass it to C, there cannot be any intermediate NUL
+    // bytes.  An assert is okay here, since changing the const byte slice
+    // in protover.rs to contain a NUL byte somewhere in the middle would be a
+    // programming error.
+    assert!(byte_slice_is_c_like(elder_protocols));
+
+    // It's okay to call the "unchecked" version of the function because
+    // we can see that the bytes we're passing into it 1) are valid UTF-8,
+    // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL
+    // byte.
+    unsafe {
+        supported = CStr::from_bytes_with_nul_unchecked(elder_protocols);
+    }
 
-    allocate_and_copy_string(&supported)
+    supported.as_ptr()
 }
diff --git a/src/rust/protover/lib.rs b/src/rust/protover/lib.rs
index 5a5dea4408..fe8c0f9bb2 100644
--- a/src/rust/protover/lib.rs
+++ b/src/rust/protover/lib.rs
@@ -26,6 +26,7 @@ extern crate libc;
 extern crate smartlist;
 extern crate external;
 extern crate tor_allocate;
+extern crate tor_util;
 
 mod protover;
 pub mod ffi;
diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs
index 00fe084083..1680d3394e 100644
--- a/src/rust/protover/protover.rs
+++ b/src/rust/protover/protover.rs
@@ -10,6 +10,7 @@ use std::collections::{HashMap, HashSet};
 use std::ops::Range;
 use std::string::String;
 
+use tor_util::strings::NUL_BYTE;
 
 /// The first version of Tor that included "proto" entries in its descriptors.
 /// Authorities should use this to decide whether to guess proto lines.
@@ -724,11 +725,11 @@ pub fn is_supported_here(proto: Proto, vers: u32) -> bool {
 ///
 /// # Inputs
 ///
-/// * `version`, a string comprised of "[0-9,-]"
+/// * `version`, a string comprised of "[0-9a-z.-]"
 ///
 /// # Returns
 ///
-/// A `String` whose value is series of pairs, comprising of the protocol name
+/// A `&'static [u8]` whose value is series of pairs, comprising of the protocol name
 /// and versions that it supports. The string takes the following format:
 ///
 /// "HSDir=1-1 LinkAuth=1"
@@ -737,33 +738,27 @@ pub fn is_supported_here(proto: Proto, vers: u32) -> bool {
 /// only for tor versions older than FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS.
 ///
 /// C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor`
-pub fn compute_for_old_tor(version: &str) -> String {
-    if c_tor_version_as_new_as(
-        version,
-        FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS,
-    )
-    {
-        return String::new();
+pub fn compute_for_old_tor(version: &str) -> &'static [u8] {
+    if c_tor_version_as_new_as(version, FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS) {
+        return NUL_BYTE;
     }
 
     if c_tor_version_as_new_as(version, "0.2.9.1-alpha") {
-        let ret = "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \
-                   Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2";
-        return String::from(ret);
+        return b"Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \
+                 Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2\0";
     }
 
     if c_tor_version_as_new_as(version, "0.2.7.5") {
-        let ret = "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
-                   Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2";
-        return String::from(ret);
+        return b"Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
+                 Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2\0";
     }
 
     if c_tor_version_as_new_as(version, "0.2.4.19") {
-        let ret = "Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
-                   Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2";
-        return String::from(ret);
+        return b"Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \
+                 Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2\0";
     }
-    String::new()
+
+    NUL_BYTE
 }
 
 #[cfg(test)]
author	Isis Lovecruft <isis@torproject.org>	2018-02-06 14:15:33 +0000
committer	Isis Lovecruft <isis@torproject.org>	2018-02-07 22:51:58 +0000
commit	b85436c5961d1b2168c3954a7e718e03a121473f (patch)
tree	6b03f9cc9384c31cb17bf4c92bf67c1259e6141d /src/rust/protover
parent	7ea9e080c58f16fecefa5a0a20406635a2034366 (diff)
download	tor-b85436c5961d1b2168c3954a7e718e03a121473f.tar.gz tor-b85436c5961d1b2168c3954a7e718e03a121473f.zip