summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
Diffstat (limited to 'src/common')
-rw-r--r--src/common/address.c26
-rw-r--r--src/common/address.h12
-rw-r--r--src/common/aes.c18
-rw-r--r--src/common/aes.h2
-rw-r--r--src/common/backtrace.c12
-rw-r--r--src/common/backtrace.h4
-rw-r--r--src/common/buffers.c1077
-rw-r--r--src/common/buffers.h125
-rw-r--r--src/common/buffers_tls.c179
-rw-r--r--src/common/buffers_tls.h19
-rw-r--r--src/common/compat.c250
-rw-r--r--src/common/compat.h82
-rw-r--r--src/common/compat_libevent.c15
-rw-r--r--src/common/compat_libevent.h4
-rw-r--r--src/common/compat_openssl.h8
-rw-r--r--src/common/compat_pthreads.c13
-rw-r--r--src/common/compat_rust.h2
-rw-r--r--src/common/compat_threads.c12
-rw-r--r--src/common/compat_threads.h8
-rw-r--r--src/common/compat_time.c40
-rw-r--r--src/common/compat_time.h25
-rw-r--r--src/common/compat_winthreads.c2
-rw-r--r--src/common/compress.c23
-rw-r--r--src/common/compress.h5
-rw-r--r--src/common/compress_lzma.c20
-rw-r--r--src/common/compress_lzma.h2
-rw-r--r--src/common/compress_none.h2
-rw-r--r--src/common/compress_zlib.h2
-rw-r--r--src/common/compress_zstd.c20
-rw-r--r--src/common/compress_zstd.h2
-rw-r--r--src/common/confline.c5
-rw-r--r--src/common/confline.h2
-rw-r--r--src/common/container.c4
-rw-r--r--src/common/container.h8
-rw-r--r--src/common/crypto.c111
-rw-r--r--src/common/crypto.h16
-rw-r--r--src/common/crypto_curve25519.c7
-rw-r--r--src/common/crypto_curve25519.h4
-rw-r--r--src/common/crypto_ed25519.c76
-rw-r--r--src/common/crypto_ed25519.h4
-rw-r--r--src/common/crypto_format.h2
-rw-r--r--src/common/crypto_pwbox.c2
-rw-r--r--src/common/crypto_pwbox.h2
-rw-r--r--src/common/crypto_s2k.c14
-rw-r--r--src/common/crypto_s2k.h4
-rw-r--r--src/common/di_ops.c4
-rw-r--r--src/common/di_ops.h2
-rw-r--r--src/common/handles.h2
-rw-r--r--src/common/include.am4
-rw-r--r--src/common/log.c10
-rw-r--r--src/common/memarea.c17
-rw-r--r--src/common/memarea.h2
-rw-r--r--src/common/procmon.c18
-rw-r--r--src/common/procmon.h2
-rw-r--r--src/common/pubsub.h2
-rw-r--r--src/common/sandbox.c174
-rw-r--r--src/common/sandbox.h22
-rw-r--r--src/common/storagedir.h2
-rw-r--r--src/common/testsupport.h8
-rw-r--r--src/common/timers.c4
-rw-r--r--src/common/timers.h2
-rw-r--r--src/common/torint.h62
-rw-r--r--src/common/torlog.h10
-rw-r--r--src/common/tortls.c59
-rw-r--r--src/common/tortls.h8
-rw-r--r--src/common/util.c240
-rw-r--r--src/common/util.h40
-rw-r--r--src/common/util_bug.c8
-rw-r--r--src/common/util_bug.h47
-rw-r--r--src/common/util_format.c5
-rw-r--r--src/common/util_format.h2
-rw-r--r--src/common/util_process.c2
-rw-r--r--src/common/util_process.h4
-rw-r--r--src/common/workqueue.h2
74 files changed, 2299 insertions, 737 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 555f63da06..c7aa97bfd1 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -33,7 +33,7 @@
#include <process.h>
#include <windows.h>
#include <iphlpapi.h>
-#endif
+#endif /* defined(_WIN32) */
#include "compat.h"
#include "util.h"
@@ -198,7 +198,7 @@ tor_sockaddr_to_str(const struct sockaddr *sa)
tor_asprintf(&result, "unix:%s", s_un->sun_path);
return result;
}
-#endif
+#endif /* defined(HAVE_SYS_UN_H) */
if (sa->sa_family == AF_UNSPEC)
return tor_strdup("unspec");
@@ -305,7 +305,7 @@ tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr))
return result;
}
return (err == EAI_AGAIN) ? 1 : -1;
-#else
+#else /* !(defined(HAVE_GETADDRINFO)) */
struct hostent *ent;
int err;
#ifdef HAVE_GETHOSTBYNAME_R_6_ARG
@@ -330,7 +330,7 @@ tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr))
#else
err = h_errno;
#endif
-#endif /* endif HAVE_GETHOSTBYNAME_R_6_ARG. */
+#endif /* defined(HAVE_GETHOSTBYNAME_R_6_ARG) || ... */
if (ent) {
if (ent->h_addrtype == AF_INET) {
tor_addr_from_in(addr, (struct in_addr*) ent->h_addr);
@@ -346,7 +346,7 @@ tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr))
#else
return (err == TRY_AGAIN) ? 1 : -1;
#endif
-#endif
+#endif /* defined(HAVE_GETADDRINFO) */
}
}
@@ -907,8 +907,8 @@ tor_addr_is_loopback(const tor_addr_t *addr)
return (tor_addr_to_ipv4h(addr) & 0xff000000) == 0x7f000000;
case AF_UNSPEC:
return 0;
- default:
/* LCOV_EXCL_START */
+ default:
tor_fragile_assert();
return 0;
/* LCOV_EXCL_STOP */
@@ -1031,8 +1031,10 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
memcpy(dest->addr.in6_addr.s6_addr, src->addr.in6_addr.s6_addr, 16);
case AF_UNSPEC:
break;
+ // LCOV_EXCL_START
default:
- tor_fragile_assert(); // LCOV_EXCL_LINE
+ tor_fragile_assert();
+ // LCOV_EXCL_STOP
}
}
@@ -1138,8 +1140,8 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
return 0;
else
return 1;
- default:
/* LCOV_EXCL_START */
+ default:
tor_fragile_assert();
return 0;
/* LCOV_EXCL_STOP */
@@ -1197,8 +1199,8 @@ tor_addr_hash(const tor_addr_t *addr)
return siphash24g(unspec_hash_input, sizeof(unspec_hash_input));
case AF_INET6:
return siphash24g(&addr->addr.in6_addr.s6_addr, 16);
- default:
/* LCOV_EXCL_START */
+ default:
tor_fragile_assert();
return 0;
/* LCOV_EXCL_STOP */
@@ -1434,7 +1436,7 @@ get_interface_addresses_ifaddrs(int severity, sa_family_t family)
return result;
}
-#endif
+#endif /* defined(HAVE_IFADDRS_TO_SMARTLIST) */
#ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
@@ -1525,7 +1527,7 @@ get_interface_addresses_win32(int severity, sa_family_t family)
return result;
}
-#endif
+#endif /* defined(HAVE_IP_ADAPTER_TO_SMARTLIST) */
#ifdef HAVE_IFCONF_TO_SMARTLIST
@@ -1627,7 +1629,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
tor_free(ifc.ifc_buf);
return result;
}
-#endif
+#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */
/** Try to ask our network interfaces what addresses they are bound to.
* Return a new smartlist of tor_addr_t on success, and NULL on failure.
diff --git a/src/common/address.h b/src/common/address.h
index 8091f8cd7b..2b9546782e 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -44,7 +44,7 @@
#endif
// TODO win32 specific includes
-#endif // ADDRESS_PRIVATE
+#endif /* defined(ADDRESS_PRIVATE) */
/** The number of bits from an address to consider while doing a masked
* comparison. */
@@ -360,23 +360,23 @@ STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa,
sa_family_t family);
STATIC smartlist_t *get_interface_addresses_ifaddrs(int severity,
sa_family_t family);
-#endif
+#endif /* defined(HAVE_IFADDRS_TO_SMARTLIST) */
#ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
STATIC smartlist_t *ip_adapter_addresses_to_smartlist(
const IP_ADAPTER_ADDRESSES *addresses);
STATIC smartlist_t *get_interface_addresses_win32(int severity,
sa_family_t family);
-#endif
+#endif /* defined(HAVE_IP_ADAPTER_TO_SMARTLIST) */
#ifdef HAVE_IFCONF_TO_SMARTLIST
STATIC smartlist_t *ifreq_to_smartlist(char *ifr,
size_t buflen);
STATIC smartlist_t *get_interface_addresses_ioctl(int severity,
sa_family_t family);
-#endif
+#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */
-#endif // ADDRESS_PRIVATE
+#endif /* defined(ADDRESS_PRIVATE) */
-#endif
+#endif /* !defined(TOR_ADDRESS_H) */
diff --git a/src/common/aes.c b/src/common/aes.c
index 73abef143e..20b51a6758 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -66,11 +66,11 @@ ENABLE_GCC_WARNING(redundant-decls)
#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) && \
(defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__)) \
+ defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))
#define USE_EVP_AES_CTR
-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */
/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's
* AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function.
@@ -142,7 +142,7 @@ evaluate_ctr_for_aes(void)
{
return 0;
}
-#else
+#else /* !(defined(USE_EVP_AES_CTR)) */
/*======================================================================*/
/* Interface to AES code, and counter implementation */
@@ -163,7 +163,7 @@ struct aes_cnt_cipher {
uint32_t counter2;
uint32_t counter1;
uint32_t counter0;
-#endif
+#endif /* !defined(WORDS_BIGENDIAN) */
union {
/** The counter, in big-endian order, as bytes. */
@@ -212,7 +212,7 @@ evaluate_evp_for_aes(int force_val)
log_info(LD_CRYPTO, "No AES engine found; using AES_* functions.");
should_use_EVP = 0;
}
-#endif
+#endif /* defined(DISABLE_ENGINES) */
return 0;
}
@@ -312,7 +312,7 @@ aes_set_key(aes_cnt_cipher_t *cipher, const uint8_t *key, int key_bits)
cipher->counter1 = 0;
cipher->counter2 = 0;
cipher->counter3 = 0;
-#endif
+#endif /* defined(USING_COUNTER_VARS) */
memset(cipher->ctr_buf.buf, 0, sizeof(cipher->ctr_buf.buf));
@@ -341,7 +341,7 @@ aes_cipher_free(aes_cnt_cipher_t *cipher)
STMT_END
#else
#define UPDATE_CTR_BUF(c, n)
-#endif
+#endif /* defined(USING_COUNTER_VARS) */
/* Helper function to use EVP with openssl's counter-mode wrapper. */
static void
@@ -396,10 +396,10 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
cipher->counter2 = ntohl(get_uint32(iv+4));
cipher->counter1 = ntohl(get_uint32(iv+8));
cipher->counter0 = ntohl(get_uint32(iv+12));
-#endif
+#endif /* defined(USING_COUNTER_VARS) */
cipher->pos = 0;
memcpy(cipher->ctr_buf.buf, iv, 16);
}
-#endif
+#endif /* defined(USE_EVP_AES_CTR) */
diff --git a/src/common/aes.h b/src/common/aes.h
index 6fd9c3ea16..1e400a56e0 100644
--- a/src/common/aes.h
+++ b/src/common/aes.h
@@ -23,5 +23,5 @@ void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len);
int evaluate_evp_for_aes(int force_value);
int evaluate_ctr_for_aes(void);
-#endif
+#endif /* !defined(TOR_AES_H) */
diff --git a/src/common/backtrace.c b/src/common/backtrace.c
index 0f0fa857bf..f2498b2aa6 100644
--- a/src/common/backtrace.c
+++ b/src/common/backtrace.c
@@ -37,7 +37,7 @@
#include <sys/ucontext.h>
#elif defined(HAVE_UCONTEXT_H)
#include <ucontext.h>
-#endif
+#endif /* defined(HAVE_CYGWIN_SIGNAL_H) || ... */
#define EXPOSE_CLEAN_BACKTRACE
#include "backtrace.h"
@@ -81,16 +81,16 @@ clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx)
const size_t n = 2;
#else
const size_t n = 1;
-#endif
+#endif /* defined(__linux__) || ... */
if (depth <= n)
return;
stack[n] = (void*) ctx->PC_FROM_UCONTEXT;
-#else
+#else /* !(defined(PC_FROM_UCONTEXT)) */
(void) depth;
(void) ctx;
(void) stack;
-#endif
+#endif /* defined(PC_FROM_UCONTEXT) */
}
/** Log a message <b>msg</b> at <b>severity</b> in <b>domain</b>, and follow
@@ -202,7 +202,7 @@ remove_bt_handler(void)
{
tor_mutex_uninit(&cb_buf_mutex);
}
-#endif
+#endif /* defined(USE_BACKTRACE) */
#ifdef NO_BACKTRACE_IMPL
void
@@ -221,7 +221,7 @@ static void
remove_bt_handler(void)
{
}
-#endif
+#endif /* defined(NO_BACKTRACE_IMPL) */
/** Set up code to handle generating error messages on crashes. */
int
diff --git a/src/common/backtrace.h b/src/common/backtrace.h
index 8cd1dcf06c..3d0ab8a90a 100644
--- a/src/common/backtrace.h
+++ b/src/common/backtrace.h
@@ -15,7 +15,7 @@ void clean_up_backtrace_handler(void);
defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
void clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx);
#endif
-#endif
+#endif /* defined(EXPOSE_CLEAN_BACKTRACE) */
-#endif
+#endif /* !defined(TOR_BACKTRACE_H) */
diff --git a/src/common/buffers.c b/src/common/buffers.c
new file mode 100644
index 0000000000..c45e13d551
--- /dev/null
+++ b/src/common/buffers.c
@@ -0,0 +1,1077 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file buffers.c
+ * \brief Implements a generic buffer interface.
+ *
+ * A buf_t is a (fairly) opaque byte-oriented FIFO that can read to or flush
+ * from memory, sockets, file descriptors, TLS connections, or another buf_t.
+ * Buffers are implemented as linked lists of memory chunks.
+ *
+ * All socket-backed and TLS-based connection_t objects have a pair of
+ * buffers: one for incoming data, and one for outcoming data. These are fed
+ * and drained from functions in connection.c, trigged by events that are
+ * monitored in main.c.
+ **/
+
+#define BUFFERS_PRIVATE
+#include "orconfig.h"
+#include <stddef.h>
+#include "buffers.h"
+#include "compat.h"
+#include "compress.h"
+#include "util.h"
+#include "torint.h"
+#include "torlog.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+//#define PARANOIA
+
+#ifdef PARANOIA
+/** Helper: If PARANOIA is defined, assert that the buffer in local variable
+ * <b>buf</b> is well-formed. */
+#define check() STMT_BEGIN buf_assert_ok(buf); STMT_END
+#else
+#define check() STMT_NIL
+#endif /* defined(PARANOIA) */
+
+/* Implementation notes:
+ *
+ * After flirting with memmove, and dallying with ring-buffers, we're finally
+ * getting up to speed with the 1970s and implementing buffers as a linked
+ * list of small chunks. Each buffer has such a list; data is removed from
+ * the head of the list, and added at the tail. The list is singly linked,
+ * and the buffer keeps a pointer to the head and the tail.
+ *
+ * Every chunk, except the tail, contains at least one byte of data. Data in
+ * each chunk is contiguous.
+ *
+ * When you need to treat the first N characters on a buffer as a contiguous
+ * string, use the buf_pullup function to make them so. Don't do this more
+ * than necessary.
+ *
+ * The major free Unix kernels have handled buffers like this since, like,
+ * forever.
+ */
+
+/* Chunk manipulation functions */
+
+#define CHUNK_HEADER_LEN offsetof(chunk_t, mem[0])
+
+/* We leave this many NUL bytes at the end of the buffer. */
+#ifdef DISABLE_MEMORY_SENTINELS
+#define SENTINEL_LEN 0
+#else
+#define SENTINEL_LEN 4
+#endif
+
+/* Header size plus NUL bytes at the end */
+#define CHUNK_OVERHEAD (CHUNK_HEADER_LEN + SENTINEL_LEN)
+
+/** Return the number of bytes needed to allocate a chunk to hold
+ * <b>memlen</b> bytes. */
+#define CHUNK_ALLOC_SIZE(memlen) (CHUNK_OVERHEAD + (memlen))
+/** Return the number of usable bytes in a chunk allocated with
+ * malloc(<b>memlen</b>). */
+#define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_OVERHEAD)
+
+#define DEBUG_SENTINEL
+
+#if defined(DEBUG_SENTINEL) && !defined(DISABLE_MEMORY_SENTINELS)
+#define DBG_S(s) s
+#else
+#define DBG_S(s) (void)0
+#endif
+
+#ifdef DISABLE_MEMORY_SENTINELS
+#define CHUNK_SET_SENTINEL(chunk, alloclen) STMT_NIL
+#else
+#define CHUNK_SET_SENTINEL(chunk, alloclen) do { \
+ uint8_t *a = (uint8_t*) &(chunk)->mem[(chunk)->memlen]; \
+ DBG_S(uint8_t *b = &((uint8_t*)(chunk))[(alloclen)-SENTINEL_LEN]); \
+ DBG_S(tor_assert(a == b)); \
+ memset(a,0,SENTINEL_LEN); \
+ } while (0)
+#endif /* defined(DISABLE_MEMORY_SENTINELS) */
+
+/** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
+ * to free up space at the end. */
+static inline void
+chunk_repack(chunk_t *chunk)
+{
+ if (chunk->datalen && chunk->data != &chunk->mem[0]) {
+ memmove(chunk->mem, chunk->data, chunk->datalen);
+ }
+ chunk->data = &chunk->mem[0];
+}
+
+/** Keep track of total size of allocated chunks for consistency asserts */
+static size_t total_bytes_allocated_in_chunks = 0;
+static void
+buf_chunk_free_unchecked(chunk_t *chunk)
+{
+ if (!chunk)
+ return;
+#ifdef DEBUG_CHUNK_ALLOC
+ tor_assert(CHUNK_ALLOC_SIZE(chunk->memlen) == chunk->DBG_alloc);
+#endif
+ tor_assert(total_bytes_allocated_in_chunks >=
+ CHUNK_ALLOC_SIZE(chunk->memlen));
+ total_bytes_allocated_in_chunks -= CHUNK_ALLOC_SIZE(chunk->memlen);
+ tor_free(chunk);
+}
+static inline chunk_t *
+chunk_new_with_alloc_size(size_t alloc)
+{
+ chunk_t *ch;
+ ch = tor_malloc(alloc);
+ ch->next = NULL;
+ ch->datalen = 0;
+#ifdef DEBUG_CHUNK_ALLOC
+ ch->DBG_alloc = alloc;
+#endif
+ ch->memlen = CHUNK_SIZE_WITH_ALLOC(alloc);
+ total_bytes_allocated_in_chunks += alloc;
+ ch->data = &ch->mem[0];
+ CHUNK_SET_SENTINEL(ch, alloc);
+ return ch;
+}
+
+/** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
+ * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
+static inline chunk_t *
+chunk_grow(chunk_t *chunk, size_t sz)
+{
+ off_t offset;
+ const size_t memlen_orig = chunk->memlen;
+ const size_t orig_alloc = CHUNK_ALLOC_SIZE(memlen_orig);
+ const size_t new_alloc = CHUNK_ALLOC_SIZE(sz);
+ tor_assert(sz > chunk->memlen);
+ offset = chunk->data - chunk->mem;
+ chunk = tor_realloc(chunk, new_alloc);
+ chunk->memlen = sz;
+ chunk->data = chunk->mem + offset;
+#ifdef DEBUG_CHUNK_ALLOC
+ tor_assert(chunk->DBG_alloc == orig_alloc);
+ chunk->DBG_alloc = new_alloc;
+#endif
+ total_bytes_allocated_in_chunks += new_alloc - orig_alloc;
+ CHUNK_SET_SENTINEL(chunk, new_alloc);
+ return chunk;
+}
+
+/** Every chunk should take up at least this many bytes. */
+#define MIN_CHUNK_ALLOC 256
+/** No chunk should take up more than this many bytes. */
+#define MAX_CHUNK_ALLOC 65536
+
+/** Return the allocation size we'd like to use to hold <b>target</b>
+ * bytes. */
+size_t
+buf_preferred_chunk_size(size_t target)
+{
+ tor_assert(target <= SIZE_T_CEILING - CHUNK_OVERHEAD);
+ if (CHUNK_ALLOC_SIZE(target) >= MAX_CHUNK_ALLOC)
+ return CHUNK_ALLOC_SIZE(target);
+ size_t sz = MIN_CHUNK_ALLOC;
+ while (CHUNK_SIZE_WITH_ALLOC(sz) < target) {
+ sz <<= 1;
+ }
+ return sz;
+}
+
+/** Collapse data from the first N chunks from <b>buf</b> into buf->head,
+ * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
+ * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
+ *
+ * Set *<b>head_out</b> to point to the first byte of available data, and
+ * *<b>len_out</b> to the number of bytes of data available at
+ * *<b>head_out</b>. Note that *<b>len_out</b> may be more or less than
+ * <b>bytes</b>, depending on the number of bytes available.
+ */
+void
+buf_pullup(buf_t *buf, size_t bytes, const char **head_out, size_t *len_out)
+{
+ chunk_t *dest, *src;
+ size_t capacity;
+ if (!buf->head) {
+ *head_out = NULL;
+ *len_out = 0;
+ return;
+ }
+
+ check();
+ if (buf->datalen < bytes)
+ bytes = buf->datalen;
+
+ capacity = bytes;
+ if (buf->head->datalen >= bytes) {
+ *head_out = buf->head->data;
+ *len_out = buf->head->datalen;
+ return;
+ }
+
+ if (buf->head->memlen >= capacity) {
+ /* We don't need to grow the first chunk, but we might need to repack it.*/
+ size_t needed = capacity - buf->head->datalen;
+ if (CHUNK_REMAINING_CAPACITY(buf->head) < needed)
+ chunk_repack(buf->head);
+ tor_assert(CHUNK_REMAINING_CAPACITY(buf->head) >= needed);
+ } else {
+ chunk_t *newhead;
+ size_t newsize;
+ /* We need to grow the chunk. */
+ chunk_repack(buf->head);
+ newsize = CHUNK_SIZE_WITH_ALLOC(buf_preferred_chunk_size(capacity));
+ newhead = chunk_grow(buf->head, newsize);
+ tor_assert(newhead->memlen >= capacity);
+ if (newhead != buf->head) {
+ if (buf->tail == buf->head)
+ buf->tail = newhead;
+ buf->head = newhead;
+ }
+ }
+
+ dest = buf->head;
+ while (dest->datalen < bytes) {
+ size_t n = bytes - dest->datalen;
+ src = dest->next;
+ tor_assert(src);
+ if (n >= src->datalen) {
+ memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
+ dest->datalen += src->datalen;
+ dest->next = src->next;
+ if (buf->tail == src)
+ buf->tail = dest;
+ buf_chunk_free_unchecked(src);
+ } else {
+ memcpy(CHUNK_WRITE_PTR(dest), src->data, n);
+ dest->datalen += n;
+ src->data += n;
+ src->datalen -= n;
+ tor_assert(dest->datalen == bytes);
+ }
+ }
+
+ check();
+ *head_out = buf->head->data;
+ *len_out = buf->head->datalen;
+}
+
+#ifdef TOR_UNIT_TESTS
+/* Write sz bytes from cp into a newly allocated buffer buf.
+ * Returns NULL when passed a NULL cp or zero sz.
+ * Asserts on failure: only for use in unit tests.
+ * buf must be freed using buf_free(). */
+buf_t *
+buf_new_with_data(const char *cp, size_t sz)
+{
+ /* Validate arguments */
+ if (!cp || sz <= 0) {
+ return NULL;
+ }
+
+ tor_assert(sz < SSIZE_T_CEILING);
+
+ /* Allocate a buffer */
+ buf_t *buf = buf_new_with_capacity(sz);
+ tor_assert(buf);
+ buf_assert_ok(buf);
+ tor_assert(!buf->head);
+
+ /* Allocate a chunk that is sz bytes long */
+ buf->head = chunk_new_with_alloc_size(CHUNK_ALLOC_SIZE(sz));
+ buf->tail = buf->head;
+ tor_assert(buf->head);
+ buf_assert_ok(buf);
+ tor_assert(buf_allocation(buf) >= sz);
+
+ /* Copy the data and size the buffers */
+ tor_assert(sz <= buf_slack(buf));
+ tor_assert(sz <= CHUNK_REMAINING_CAPACITY(buf->head));
+ memcpy(&buf->head->mem[0], cp, sz);
+ buf->datalen = sz;
+ buf->head->datalen = sz;
+ buf->head->data = &buf->head->mem[0];
+ buf_assert_ok(buf);
+
+ /* Make sure everything is large enough */
+ tor_assert(buf_allocation(buf) >= sz);
+ tor_assert(buf_allocation(buf) >= buf_datalen(buf) + buf_slack(buf));
+ /* Does the buffer implementation allocate more than the requested size?
+ * (for example, by rounding up). If so, these checks will fail. */
+ tor_assert(buf_datalen(buf) == sz);
+ tor_assert(buf_slack(buf) == 0);
+
+ return buf;
+}
+#endif /* defined(TOR_UNIT_TESTS) */
+
+/** Remove the first <b>n</b> bytes from buf. */
+void
+buf_drain(buf_t *buf, size_t n)
+{
+ tor_assert(buf->datalen >= n);
+ while (n) {
+ tor_assert(buf->head);
+ if (buf->head->datalen > n) {
+ buf->head->datalen -= n;
+ buf->head->data += n;
+ buf->datalen -= n;
+ return;
+ } else {
+ chunk_t *victim = buf->head;
+ n -= victim->datalen;
+ buf->datalen -= victim->datalen;
+ buf->head = victim->next;
+ if (buf->tail == victim)
+ buf->tail = NULL;
+ buf_chunk_free_unchecked(victim);
+ }
+ }
+ check();
+}
+
+/** Create and return a new buf with default chunk capacity <b>size</b>.
+ */
+buf_t *
+buf_new_with_capacity(size_t size)
+{
+ buf_t *b = buf_new();
+ b->default_chunk_size = buf_preferred_chunk_size(size);
+ return b;
+}
+
+/** Allocate and return a new buffer with default capacity. */
+buf_t *
+buf_new(void)
+{
+ buf_t *buf = tor_malloc_zero(sizeof(buf_t));
+ buf->magic = BUFFER_MAGIC;
+ buf->default_chunk_size = 4096;
+ return buf;
+}
+
+size_t
+buf_get_default_chunk_size(const buf_t *buf)
+{
+ return buf->default_chunk_size;
+}
+
+/** Remove all data from <b>buf</b>. */
+void
+buf_clear(buf_t *buf)
+{
+ chunk_t *chunk, *next;
+ buf->datalen = 0;
+ for (chunk = buf->head; chunk; chunk = next) {
+ next = chunk->next;
+ buf_chunk_free_unchecked(chunk);
+ }
+ buf->head = buf->tail = NULL;
+}
+
+/** Return the number of bytes stored in <b>buf</b> */
+MOCK_IMPL(size_t,
+buf_datalen, (const buf_t *buf))
+{
+ return buf->datalen;
+}
+
+/** Return the total length of all chunks used in <b>buf</b>. */
+size_t
+buf_allocation(const buf_t *buf)
+{
+ size_t total = 0;
+ const chunk_t *chunk;
+ for (chunk = buf->head; chunk; chunk = chunk->next) {
+ total += CHUNK_ALLOC_SIZE(chunk->memlen);
+ }
+ return total;
+}
+
+/** Return the number of bytes that can be added to <b>buf</b> without
+ * performing any additional allocation. */
+size_t
+buf_slack(const buf_t *buf)
+{
+ if (!buf->tail)
+ return 0;
+ else
+ return CHUNK_REMAINING_CAPACITY(buf->tail);
+}
+
+/** Release storage held by <b>buf</b>. */
+void
+buf_free(buf_t *buf)
+{
+ if (!buf)
+ return;
+
+ buf_clear(buf);
+ buf->magic = 0xdeadbeef;
+ tor_free(buf);
+}
+
+/** Return a new copy of <b>in_chunk</b> */
+static chunk_t *
+chunk_copy(const chunk_t *in_chunk)
+{
+ chunk_t *newch = tor_memdup(in_chunk, CHUNK_ALLOC_SIZE(in_chunk->memlen));
+ total_bytes_allocated_in_chunks += CHUNK_ALLOC_SIZE(in_chunk->memlen);
+#ifdef DEBUG_CHUNK_ALLOC
+ newch->DBG_alloc = CHUNK_ALLOC_SIZE(in_chunk->memlen);
+#endif
+ newch->next = NULL;
+ if (in_chunk->data) {
+ off_t offset = in_chunk->data - in_chunk->mem;
+ newch->data = newch->mem + offset;
+ }
+ return newch;
+}
+
+/** Return a new copy of <b>buf</b> */
+buf_t *
+buf_copy(const buf_t *buf)
+{
+ chunk_t *ch;
+ buf_t *out = buf_new();
+ out->default_chunk_size = buf->default_chunk_size;
+ for (ch = buf->head; ch; ch = ch->next) {
+ chunk_t *newch = chunk_copy(ch);
+ if (out->tail) {
+ out->tail->next = newch;
+ out->tail = newch;
+ } else {
+ out->head = out->tail = newch;
+ }
+ }
+ out->datalen = buf->datalen;
+ return out;
+}
+
+/** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
+ * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
+ * than MAX_CHUNK_ALLOC. */
+chunk_t *
+buf_add_chunk_with_capacity(buf_t *buf, size_t capacity, int capped)
+{
+ chunk_t *chunk;
+
+ if (CHUNK_ALLOC_SIZE(capacity) < buf->default_chunk_size) {
+ chunk = chunk_new_with_alloc_size(buf->default_chunk_size);
+ } else if (capped && CHUNK_ALLOC_SIZE(capacity) > MAX_CHUNK_ALLOC) {
+ chunk = chunk_new_with_alloc_size(MAX_CHUNK_ALLOC);
+ } else {
+ chunk = chunk_new_with_alloc_size(buf_preferred_chunk_size(capacity));
+ }
+
+ chunk->inserted_time = (uint32_t)monotime_coarse_absolute_msec();
+
+ if (buf->tail) {
+ tor_assert(buf->head);
+ buf->tail->next = chunk;
+ buf->tail = chunk;
+ } else {
+ tor_assert(!buf->head);
+ buf->head = buf->tail = chunk;
+ }
+ check();
+ return chunk;
+}
+
+/** Return the age of the oldest chunk in the buffer <b>buf</b>, in
+ * milliseconds. Requires the current monotonic time, in truncated msec,
+ * as its input <b>now</b>.
+ */
+uint32_t
+buf_get_oldest_chunk_timestamp(const buf_t *buf, uint32_t now)
+{
+ if (buf->head) {
+ return now - buf->head->inserted_time;
+ } else {
+ return 0;
+ }
+}
+
+size_t
+buf_get_total_allocation(void)
+{
+ return total_bytes_allocated_in_chunks;
+}
+
+/** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
+ * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
+ * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
+ * and the number of bytes read otherwise. */
+static inline int
+read_to_chunk(buf_t *buf, chunk_t *chunk, tor_socket_t fd, size_t at_most,
+ int *reached_eof, int *socket_error)
+{
+ ssize_t read_result;
+ if (at_most > CHUNK_REMAINING_CAPACITY(chunk))
+ at_most = CHUNK_REMAINING_CAPACITY(chunk);
+ read_result = tor_socket_recv(fd, CHUNK_WRITE_PTR(chunk), at_most, 0);
+
+ if (read_result < 0) {
+ int e = tor_socket_errno(fd);
+ if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */
+#ifdef _WIN32
+ if (e == WSAENOBUFS)
+ log_warn(LD_NET,"recv() failed: WSAENOBUFS. Not enough ram?");
+#endif
+ *socket_error = e;
+ return -1;
+ }
+ return 0; /* would block. */
+ } else if (read_result == 0) {
+ log_debug(LD_NET,"Encountered eof on fd %d", (int)fd);
+ *reached_eof = 1;
+ return 0;
+ } else { /* actually got bytes. */
+ buf->datalen += read_result;
+ chunk->datalen += read_result;
+ log_debug(LD_NET,"Read %ld bytes. %d on inbuf.", (long)read_result,
+ (int)buf->datalen);
+ tor_assert(read_result < INT_MAX);
+ return (int)read_result;
+ }
+}
+
+/** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
+ * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
+ * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
+ * error; else return the number of bytes read.
+ */
+/* XXXX indicate "read blocked" somehow? */
+int
+buf_read_from_socket(buf_t *buf, tor_socket_t s, size_t at_most,
+ int *reached_eof,
+ int *socket_error)
+{
+ /* XXXX It's stupid to overload the return values for these functions:
+ * "error status" and "number of bytes read" are not mutually exclusive.
+ */
+ int r = 0;
+ size_t total_read = 0;
+
+ check();
+ tor_assert(reached_eof);
+ tor_assert(SOCKET_OK(s));
+
+ if (BUG(buf->datalen >= INT_MAX))
+ return -1;
+ if (BUG(buf->datalen >= INT_MAX - at_most))
+ return -1;
+
+ while (at_most > total_read) {
+ size_t readlen = at_most - total_read;
+ chunk_t *chunk;
+ if (!buf->tail || CHUNK_REMAINING_CAPACITY(buf->tail) < MIN_READ_LEN) {
+ chunk = buf_add_chunk_with_capacity(buf, at_most, 1);
+ if (readlen > chunk->memlen)
+ readlen = chunk->memlen;
+ } else {
+ size_t cap = CHUNK_REMAINING_CAPACITY(buf->tail);
+ chunk = buf->tail;
+ if (cap < readlen)
+ readlen = cap;
+ }
+
+ r = read_to_chunk(buf, chunk, s, readlen, reached_eof, socket_error);
+ check();
+ if (r < 0)
+ return r; /* Error */
+ tor_assert(total_read+r < INT_MAX);
+ total_read += r;
+ if ((size_t)r < readlen) { /* eof, block, or no more to read. */
+ break;
+ }
+ }
+ return (int)total_read;
+}
+
+/** Helper for buf_flush_to_socket(): try to write <b>sz</b> bytes from chunk
+ * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
+ * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
+ * written on success, 0 on blocking, -1 on failure.
+ */
+static inline int
+flush_chunk(tor_socket_t s, buf_t *buf, chunk_t *chunk, size_t sz,
+ size_t *buf_flushlen)
+{
+ ssize_t write_result;
+
+ if (sz > chunk->datalen)
+ sz = chunk->datalen;
+ write_result = tor_socket_send(s, chunk->data, sz, 0);
+
+ if (write_result < 0) {
+ int e = tor_socket_errno(s);
+ if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */
+#ifdef _WIN32
+ if (e == WSAENOBUFS)
+ log_warn(LD_NET,"write() failed: WSAENOBUFS. Not enough ram?");
+#endif
+ return -1;
+ }
+ log_debug(LD_NET,"write() would block, returning.");
+ return 0;
+ } else {
+ *buf_flushlen -= write_result;
+ buf_drain(buf, write_result);
+ tor_assert(write_result < INT_MAX);
+ return (int)write_result;
+ }
+}
+
+/** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
+ * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
+ * the number of bytes actually written, and remove the written bytes
+ * from the buffer. Return the number of bytes written on success,
+ * -1 on failure. Return 0 if write() would block.
+ */
+int
+buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz,
+ size_t *buf_flushlen)
+{
+ /* XXXX It's stupid to overload the return values for these functions:
+ * "error status" and "number of bytes flushed" are not mutually exclusive.
+ */
+ int r;
+ size_t flushed = 0;
+ tor_assert(buf_flushlen);
+ tor_assert(SOCKET_OK(s));
+ if (BUG(*buf_flushlen > buf->datalen)) {
+ *buf_flushlen = buf->datalen;
+ }
+ if (BUG(sz > *buf_flushlen)) {
+ sz = *buf_flushlen;
+ }
+
+ check();
+ while (sz) {
+ size_t flushlen0;
+ tor_assert(buf->head);
+ if (buf->head->datalen >= sz)
+ flushlen0 = sz;
+ else
+ flushlen0 = buf->head->datalen;
+
+ r = flush_chunk(s, buf, buf->head, flushlen0, buf_flushlen);
+ check();
+ if (r < 0)
+ return r;
+ flushed += r;
+ sz -= r;
+ if (r == 0 || (size_t)r < flushlen0) /* can't flush any more now. */
+ break;
+ }
+ tor_assert(flushed < INT_MAX);
+ return (int)flushed;
+}
+
+/** Append <b>string_len</b> bytes from <b>string</b> to the end of
+ * <b>buf</b>.
+ *
+ * Return the new length of the buffer on success, -1 on failure.
+ */
+int
+buf_add(buf_t *buf, const char *string, size_t string_len)
+{
+ if (!string_len)
+ return (int)buf->datalen;
+ check();
+
+ if (BUG(buf->datalen >= INT_MAX))
+ return -1;
+ if (BUG(buf->datalen >= INT_MAX - string_len))
+ return -1;
+
+ while (string_len) {
+ size_t copy;
+ if (!buf->tail || !CHUNK_REMAINING_CAPACITY(buf->tail))
+ buf_add_chunk_with_capacity(buf, string_len, 1);
+
+ copy = CHUNK_REMAINING_CAPACITY(buf->tail);
+ if (copy > string_len)
+ copy = string_len;
+ memcpy(CHUNK_WRITE_PTR(buf->tail), string, copy);
+ string_len -= copy;
+ string += copy;
+ buf->datalen += copy;
+ buf->tail->datalen += copy;
+ }
+
+ check();
+ tor_assert(buf->datalen < INT_MAX);
+ return (int)buf->datalen;
+}
+
+/** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
+ * onto <b>string</b>.
+ */
+void
+buf_peek(const buf_t *buf, char *string, size_t string_len)
+{
+ chunk_t *chunk;
+
+ tor_assert(string);
+ /* make sure we don't ask for too much */
+ tor_assert(string_len <= buf->datalen);
+ /* buf_assert_ok(buf); */
+
+ chunk = buf->head;
+ while (string_len) {
+ size_t copy = string_len;
+ tor_assert(chunk);
+ if (chunk->datalen < copy)
+ copy = chunk->datalen;
+ memcpy(string, chunk->data, copy);
+ string_len -= copy;
+ string += copy;
+ chunk = chunk->next;
+ }
+}
+
+/** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
+ * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
+ * must be \<= the number of bytes on the buffer.
+ */
+int
+buf_get_bytes(buf_t *buf, char *string, size_t string_len)
+{
+ /* There must be string_len bytes in buf; write them onto string,
+ * then memmove buf back (that is, remove them from buf).
+ *
+ * Return the number of bytes still on the buffer. */
+
+ check();
+ buf_peek(buf, string, string_len);
+ buf_drain(buf, string_len);
+ check();
+ tor_assert(buf->datalen < INT_MAX);
+ return (int)buf->datalen;
+}
+
+/** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
+ * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
+ * Return the number of bytes actually copied.
+ */
+int
+buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen)
+{
+ /* We can do way better here, but this doesn't turn up in any profiles. */
+ char b[4096];
+ size_t cp, len;
+
+ if (BUG(buf_out->datalen >= INT_MAX))
+ return -1;
+ if (BUG(buf_out->datalen >= INT_MAX - *buf_flushlen))
+ return -1;
+
+ len = *buf_flushlen;
+ if (len > buf_in->datalen)
+ len = buf_in->datalen;
+
+ cp = len; /* Remember the number of bytes we intend to copy. */
+ tor_assert(cp < INT_MAX);
+ while (len) {
+ /* This isn't the most efficient implementation one could imagine, since
+ * it does two copies instead of 1, but I kinda doubt that this will be
+ * critical path. */
+ size_t n = len > sizeof(b) ? sizeof(b) : len;
+ buf_get_bytes(buf_in, b, n);
+ buf_add(buf_out, b, n);
+ len -= n;
+ }
+ *buf_flushlen -= cp;
+ return (int)cp;
+}
+
+/** Internal structure: represents a position in a buffer. */
+typedef struct buf_pos_t {
+ const chunk_t *chunk; /**< Which chunk are we pointing to? */
+ int pos;/**< Which character inside the chunk's data are we pointing to? */
+ size_t chunk_pos; /**< Total length of all previous chunks. */
+} buf_pos_t;
+
+/** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
+static void
+buf_pos_init(const buf_t *buf, buf_pos_t *out)
+{
+ out->chunk = buf->head;
+ out->pos = 0;
+ out->chunk_pos = 0;
+}
+
+/** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
+ * position of <b>out</b>, or later. Return -1 if no instances are found;
+ * otherwise returns the absolute position of the character. */
+static off_t
+buf_find_pos_of_char(char ch, buf_pos_t *out)
+{
+ const chunk_t *chunk;
+ int pos;
+ tor_assert(out);
+ if (out->chunk) {
+ if (out->chunk->datalen) {
+ tor_assert(out->pos < (off_t)out->chunk->datalen);
+ } else {
+ tor_assert(out->pos == 0);
+ }
+ }
+ pos = out->pos;
+ for (chunk = out->chunk; chunk; chunk = chunk->next) {
+ char *cp = memchr(chunk->data+pos, ch, chunk->datalen - pos);
+ if (cp) {
+ out->chunk = chunk;
+ tor_assert(cp - chunk->data < INT_MAX);
+ out->pos = (int)(cp - chunk->data);
+ return out->chunk_pos + out->pos;
+ } else {
+ out->chunk_pos += chunk->datalen;
+ pos = 0;
+ }
+ }
+ return -1;
+}
+
+/** Advance <b>pos</b> by a single character, if there are any more characters
+ * in the buffer. Returns 0 on success, -1 on failure. */
+static inline int
+buf_pos_inc(buf_pos_t *pos)
+{
+ ++pos->pos;
+ if (pos->pos == (off_t)pos->chunk->datalen) {
+ if (!pos->chunk->next)
+ return -1;
+ pos->chunk_pos += pos->chunk->datalen;
+ pos->chunk = pos->chunk->next;
+ pos->pos = 0;
+ }
+ return 0;
+}
+
+/** Return true iff the <b>n</b>-character string in <b>s</b> appears
+ * (verbatim) at <b>pos</b>. */
+static int
+buf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n)
+{
+ buf_pos_t p;
+ if (!n)
+ return 1;
+
+ memcpy(&p, pos, sizeof(p));
+
+ while (1) {
+ char ch = p.chunk->data[p.pos];
+ if (ch != *s)
+ return 0;
+ ++s;
+ /* If we're out of characters that don't match, we match. Check this
+ * _before_ we test incrementing pos, in case we're at the end of the
+ * string. */
+ if (--n == 0)
+ return 1;
+ if (buf_pos_inc(&p)<0)
+ return 0;
+ }
+}
+
+/** Return the first position in <b>buf</b> at which the <b>n</b>-character
+ * string <b>s</b> occurs, or -1 if it does not occur. */
+int
+buf_find_string_offset(const buf_t *buf, const char *s, size_t n)
+{
+ buf_pos_t pos;
+ buf_pos_init(buf, &pos);
+ while (buf_find_pos_of_char(*s, &pos) >= 0) {
+ if (buf_matches_at_pos(&pos, s, n)) {
+ tor_assert(pos.chunk_pos + pos.pos < INT_MAX);
+ return (int)(pos.chunk_pos + pos.pos);
+ } else {
+ if (buf_pos_inc(&pos)<0)
+ return -1;
+ }
+ }
+ return -1;
+}
+
+/** Return 1 iff <b>buf</b> starts with <b>cmd</b>. <b>cmd</b> must be a null
+ * terminated string, of no more than PEEK_BUF_STARTSWITH_MAX bytes. */
+int
+buf_peek_startswith(const buf_t *buf, const char *cmd)
+{
+ char tmp[PEEK_BUF_STARTSWITH_MAX];
+ size_t clen = strlen(cmd);
+ if (clen == 0)
+ return 1;
+ if (BUG(clen > sizeof(tmp)))
+ return 0;
+ if (buf->datalen < clen)
+ return 0;
+ buf_peek(buf, tmp, clen);
+ return fast_memeq(tmp, cmd, clen);
+}
+
+/** Return the index within <b>buf</b> at which <b>ch</b> first appears,
+ * or -1 if <b>ch</b> does not appear on buf. */
+static off_t
+buf_find_offset_of_char(buf_t *buf, char ch)
+{
+ chunk_t *chunk;
+ off_t offset = 0;
+ for (chunk = buf->head; chunk; chunk = chunk->next) {
+ char *cp = memchr(chunk->data, ch, chunk->datalen);
+ if (cp)
+ return offset + (cp - chunk->data);
+ else
+ offset += chunk->datalen;
+ }
+ return -1;
+}
+
+/** Try to read a single LF-terminated line from <b>buf</b>, and write it
+ * (including the LF), NUL-terminated, into the *<b>data_len</b> byte buffer
+ * at <b>data_out</b>. Set *<b>data_len</b> to the number of bytes in the
+ * line, not counting the terminating NUL. Return 1 if we read a whole line,
+ * return 0 if we don't have a whole line yet, and return -1 if the line
+ * length exceeds *<b>data_len</b>.
+ */
+int
+buf_get_line(buf_t *buf, char *data_out, size_t *data_len)
+{
+ size_t sz;
+ off_t offset;
+
+ if (!buf->head)
+ return 0;
+
+ offset = buf_find_offset_of_char(buf, '\n');
+ if (offset < 0)
+ return 0;
+ sz = (size_t) offset;
+ if (sz+2 > *data_len) {
+ *data_len = sz + 2;
+ return -1;
+ }
+ buf_get_bytes(buf, data_out, sz+1);
+ data_out[sz+1] = '\0';
+ *data_len = sz+1;
+ return 1;
+}
+
+/** Compress or uncompress the <b>data_len</b> bytes in <b>data</b> using the
+ * compression state <b>state</b>, appending the result to <b>buf</b>. If
+ * <b>done</b> is true, flush the data in the state and finish the
+ * compression/uncompression. Return -1 on failure, 0 on success. */
+int
+buf_add_compress(buf_t *buf, tor_compress_state_t *state,
+ const char *data, size_t data_len,
+ const int done)
+{
+ char *next;
+ size_t old_avail, avail;
+ int over = 0;
+
+ do {
+ int need_new_chunk = 0;
+ if (!buf->tail || ! CHUNK_REMAINING_CAPACITY(buf->tail)) {
+ size_t cap = data_len / 4;
+ buf_add_chunk_with_capacity(buf, cap, 1);
+ }
+ next = CHUNK_WRITE_PTR(buf->tail);
+ avail = old_avail = CHUNK_REMAINING_CAPACITY(buf->tail);
+ switch (tor_compress_process(state, &next, &avail,
+ &data, &data_len, done)) {
+ case TOR_COMPRESS_DONE:
+ over = 1;
+ break;
+ case TOR_COMPRESS_ERROR:
+ return -1;
+ case TOR_COMPRESS_OK:
+ if (data_len == 0) {
+ tor_assert_nonfatal(!done);
+ over = 1;
+ }
+ break;
+ case TOR_COMPRESS_BUFFER_FULL:
+ if (avail) {
+ /* The compression module says we need more room
+ * (TOR_COMPRESS_BUFFER_FULL). Start a new chunk automatically,
+ * whether were going to or not. */
+ need_new_chunk = 1;
+ }
+ if (data_len == 0 && !done) {
+ /* We've consumed all the input data, though, so there's no
+ * point in forging ahead right now. */
+ over = 1;
+ }
+ break;
+ }
+ buf->datalen += old_avail - avail;
+ buf->tail->datalen += old_avail - avail;
+ if (need_new_chunk) {
+ buf_add_chunk_with_capacity(buf, data_len/4, 1);
+ }
+
+ } while (!over);
+ check();
+ return 0;
+}
+
+/** Set *<b>output</b> to contain a copy of the data in *<b>input</b> */
+int
+buf_set_to_copy(buf_t **output,
+ const buf_t *input)
+{
+ if (*output)
+ buf_free(*output);
+ *output = buf_copy(input);
+ return 0;
+}
+
+/** Log an error and exit if <b>buf</b> is corrupted.
+ */
+void
+buf_assert_ok(buf_t *buf)
+{
+ tor_assert(buf);
+ tor_assert(buf->magic == BUFFER_MAGIC);
+
+ if (! buf->head) {
+ tor_assert(!buf->tail);
+ tor_assert(buf->datalen == 0);
+ } else {
+ chunk_t *ch;
+ size_t total = 0;
+ tor_assert(buf->tail);
+ for (ch = buf->head; ch; ch = ch->next) {
+ total += ch->datalen;
+ tor_assert(ch->datalen <= ch->memlen);
+ tor_assert(ch->data >= &ch->mem[0]);
+ tor_assert(ch->data <= &ch->mem[0]+ch->memlen);
+ if (ch->data == &ch->mem[0]+ch->memlen) {
+ /* LCOV_EXCL_START */
+ static int warned = 0;
+ if (! warned) {
+ log_warn(LD_BUG, "Invariant violation in buf.c related to #15083");
+ warned = 1;
+ }
+ /* LCOV_EXCL_STOP */
+ }
+ tor_assert(ch->data+ch->datalen <= &ch->mem[0] + ch->memlen);
+ if (!ch->next)
+ tor_assert(ch == buf->tail);
+ }
+ tor_assert(buf->datalen == total);
+ }
+}
+
diff --git a/src/common/buffers.h b/src/common/buffers.h
new file mode 100644
index 0000000000..1eaa5f2d04
--- /dev/null
+++ b/src/common/buffers.h
@@ -0,0 +1,125 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file buffers.h
+ * \brief Header file for buffers.c.
+ **/
+
+#ifndef TOR_BUFFERS_H
+#define TOR_BUFFERS_H
+
+#include "compat.h"
+#include "compat.h"
+#include "torint.h"
+#include "testsupport.h"
+
+typedef struct buf_t buf_t;
+
+struct tor_compress_state_t;
+
+buf_t *buf_new(void);
+buf_t *buf_new_with_capacity(size_t size);
+size_t buf_get_default_chunk_size(const buf_t *buf);
+void buf_free(buf_t *buf);
+void buf_clear(buf_t *buf);
+buf_t *buf_copy(const buf_t *buf);
+
+MOCK_DECL(size_t, buf_datalen, (const buf_t *buf));
+size_t buf_allocation(const buf_t *buf);
+size_t buf_slack(const buf_t *buf);
+
+uint32_t buf_get_oldest_chunk_timestamp(const buf_t *buf, uint32_t now);
+size_t buf_get_total_allocation(void);
+
+int buf_read_from_socket(buf_t *buf, tor_socket_t s, size_t at_most,
+ int *reached_eof,
+ int *socket_error);
+
+int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz,
+ size_t *buf_flushlen);
+
+int buf_add(buf_t *buf, const char *string, size_t string_len);
+int buf_add_compress(buf_t *buf, struct tor_compress_state_t *state,
+ const char *data, size_t data_len, int done);
+int buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen);
+void buf_peek(const buf_t *buf, char *string, size_t string_len);
+void buf_drain(buf_t *buf, size_t n);
+int buf_get_bytes(buf_t *buf, char *string, size_t string_len);
+int buf_get_line(buf_t *buf, char *data_out, size_t *data_len);
+
+#define PEEK_BUF_STARTSWITH_MAX 16
+int buf_peek_startswith(const buf_t *buf, const char *cmd);
+
+int buf_set_to_copy(buf_t **output,
+ const buf_t *input);
+
+void buf_assert_ok(buf_t *buf);
+
+int buf_find_string_offset(const buf_t *buf, const char *s, size_t n);
+void buf_pullup(buf_t *buf, size_t bytes,
+ const char **head_out, size_t *len_out);
+
+#ifdef BUFFERS_PRIVATE
+#ifdef TOR_UNIT_TESTS
+buf_t *buf_new_with_data(const char *cp, size_t sz);
+#endif
+size_t buf_preferred_chunk_size(size_t target);
+
+#define DEBUG_CHUNK_ALLOC
+/** A single chunk on a buffer. */
+typedef struct chunk_t {
+ struct chunk_t *next; /**< The next chunk on the buffer. */
+ size_t datalen; /**< The number of bytes stored in this chunk */
+ size_t memlen; /**< The number of usable bytes of storage in <b>mem</b>. */
+#ifdef DEBUG_CHUNK_ALLOC
+ size_t DBG_alloc;
+#endif
+ char *data; /**< A pointer to the first byte of data stored in <b>mem</b>. */
+ uint32_t inserted_time; /**< Timestamp in truncated ms since epoch
+ * when this chunk was inserted. */
+ char mem[FLEXIBLE_ARRAY_MEMBER]; /**< The actual memory used for storage in
+ * this chunk. */
+} chunk_t;
+
+/** Magic value for buf_t.magic, to catch pointer errors. */
+#define BUFFER_MAGIC 0xB0FFF312u
+/** A resizeable buffer, optimized for reading and writing. */
+struct buf_t {
+ uint32_t magic; /**< Magic cookie for debugging: Must be set to
+ * BUFFER_MAGIC. */
+ size_t datalen; /**< How many bytes is this buffer holding right now? */
+ size_t default_chunk_size; /**< Don't allocate any chunks smaller than
+ * this for this buffer. */
+ chunk_t *head; /**< First chunk in the list, or NULL for none. */
+ chunk_t *tail; /**< Last chunk in the list, or NULL for none. */
+};
+
+chunk_t *buf_add_chunk_with_capacity(buf_t *buf, size_t capacity, int capped);
+/** If a read onto the end of a chunk would be smaller than this number, then
+ * just start a new chunk. */
+#define MIN_READ_LEN 8
+
+/** Return the number of bytes that can be written onto <b>chunk</b> without
+ * running out of space. */
+static inline size_t
+CHUNK_REMAINING_CAPACITY(const chunk_t *chunk)
+{
+ return (chunk->mem + chunk->memlen) - (chunk->data + chunk->datalen);
+}
+
+/** Return the next character in <b>chunk</b> onto which data can be appended.
+ * If the chunk is full, this might be off the end of chunk->mem. */
+static inline char *
+CHUNK_WRITE_PTR(chunk_t *chunk)
+{
+ return chunk->data + chunk->datalen;
+}
+
+#endif /* defined(BUFFERS_PRIVATE) */
+
+#endif /* !defined(TOR_BUFFERS_H) */
+
diff --git a/src/common/buffers_tls.c b/src/common/buffers_tls.c
new file mode 100644
index 0000000000..041f78b818
--- /dev/null
+++ b/src/common/buffers_tls.c
@@ -0,0 +1,179 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define BUFFERS_PRIVATE
+#include "orconfig.h"
+#include <stddef.h>
+#include "buffers.h"
+#include "buffers_tls.h"
+#include "compat.h"
+#include "compress.h"
+#include "util.h"
+#include "torint.h"
+#include "torlog.h"
+#include "tortls.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/** As read_to_chunk(), but return (negative) error code on error, blocking,
+ * or TLS, and the number of bytes read otherwise. */
+static inline int
+read_to_chunk_tls(buf_t *buf, chunk_t *chunk, tor_tls_t *tls,
+ size_t at_most)
+{
+ int read_result;
+
+ tor_assert(CHUNK_REMAINING_CAPACITY(chunk) >= at_most);
+ read_result = tor_tls_read(tls, CHUNK_WRITE_PTR(chunk), at_most);
+ if (read_result < 0)
+ return read_result;
+ buf->datalen += read_result;
+ chunk->datalen += read_result;
+ return read_result;
+}
+
+/** As read_to_buf, but reads from a TLS connection, and returns a TLS
+ * status value rather than the number of bytes read.
+ *
+ * Using TLS on OR connections complicates matters in two ways.
+ *
+ * First, a TLS stream has its own read buffer independent of the
+ * connection's read buffer. (TLS needs to read an entire frame from
+ * the network before it can decrypt any data. Thus, trying to read 1
+ * byte from TLS can require that several KB be read from the network
+ * and decrypted. The extra data is stored in TLS's decrypt buffer.)
+ * Because the data hasn't been read by Tor (it's still inside the TLS),
+ * this means that sometimes a connection "has stuff to read" even when
+ * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
+ * used in connection.c to detect TLS objects with non-empty internal
+ * buffers and read from them again.
+ *
+ * Second, the TLS stream's events do not correspond directly to network
+ * events: sometimes, before a TLS stream can read, the network must be
+ * ready to write -- or vice versa.
+ */
+int
+buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
+{
+ int r = 0;
+ size_t total_read = 0;
+
+ check_no_tls_errors();
+
+ if (BUG(buf->datalen >= INT_MAX))
+ return -1;
+ if (BUG(buf->datalen >= INT_MAX - at_most))
+ return -1;
+
+ while (at_most > total_read) {
+ size_t readlen = at_most - total_read;
+ chunk_t *chunk;
+ if (!buf->tail || CHUNK_REMAINING_CAPACITY(buf->tail) < MIN_READ_LEN) {
+ chunk = buf_add_chunk_with_capacity(buf, at_most, 1);
+ if (readlen > chunk->memlen)
+ readlen = chunk->memlen;
+ } else {
+ size_t cap = CHUNK_REMAINING_CAPACITY(buf->tail);
+ chunk = buf->tail;
+ if (cap < readlen)
+ readlen = cap;
+ }
+
+ r = read_to_chunk_tls(buf, chunk, tls, readlen);
+ if (r < 0)
+ return r; /* Error */
+ tor_assert(total_read+r < INT_MAX);
+ total_read += r;
+ if ((size_t)r < readlen) /* eof, block, or no more to read. */
+ break;
+ }
+ return (int)total_read;
+}
+
+/** Helper for buf_flush_to_tls(): try to write <b>sz</b> bytes from chunk
+ * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
+ * more if there is a forced pending write size.) On success, deduct the
+ * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
+ * written on success, and a TOR_TLS error code on failure or blocking.
+ */
+static inline int
+flush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,
+ size_t sz, size_t *buf_flushlen)
+{
+ int r;
+ size_t forced;
+ char *data;
+
+ forced = tor_tls_get_forced_write_size(tls);
+ if (forced > sz)
+ sz = forced;
+ if (chunk) {
+ data = chunk->data;
+ tor_assert(sz <= chunk->datalen);
+ } else {
+ data = NULL;
+ tor_assert(sz == 0);
+ }
+ r = tor_tls_write(tls, data, sz);
+ if (r < 0)
+ return r;
+ if (*buf_flushlen > (size_t)r)
+ *buf_flushlen -= r;
+ else
+ *buf_flushlen = 0;
+ buf_drain(buf, r);
+ log_debug(LD_NET,"flushed %d bytes, %d ready to flush, %d remain.",
+ r,(int)*buf_flushlen,(int)buf->datalen);
+ return r;
+}
+
+/** As buf_flush_to_socket(), but writes data to a TLS connection. Can write
+ * more than <b>flushlen</b> bytes.
+ */
+int
+buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen,
+ size_t *buf_flushlen)
+{
+ int r;
+ size_t flushed = 0;
+ ssize_t sz;
+ tor_assert(buf_flushlen);
+ if (BUG(*buf_flushlen > buf->datalen)) {
+ *buf_flushlen = buf->datalen;
+ }
+ if (BUG(flushlen > *buf_flushlen)) {
+ flushlen = *buf_flushlen;
+ }
+ sz = (ssize_t) flushlen;
+
+ /* we want to let tls write even if flushlen is zero, because it might
+ * have a partial record pending */
+ check_no_tls_errors();
+
+ do {
+ size_t flushlen0;
+ if (buf->head) {
+ if ((ssize_t)buf->head->datalen >= sz)
+ flushlen0 = sz;
+ else
+ flushlen0 = buf->head->datalen;
+ } else {
+ flushlen0 = 0;
+ }
+
+ r = flush_chunk_tls(tls, buf, buf->head, flushlen0, buf_flushlen);
+ if (r < 0)
+ return r;
+ flushed += r;
+ sz -= r;
+ if (r == 0) /* Can't flush any more now. */
+ break;
+ } while (sz > 0);
+ tor_assert(flushed < INT_MAX);
+ return (int)flushed;
+}
+
diff --git a/src/common/buffers_tls.h b/src/common/buffers_tls.h
new file mode 100644
index 0000000000..2f9fda45a0
--- /dev/null
+++ b/src/common/buffers_tls.h
@@ -0,0 +1,19 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_BUFFERS_TLS_H
+#define TOR_BUFFERS_TLS_H
+
+struct buf_t;
+struct tor_tls_t;
+
+int buf_read_from_tls(struct buf_t *buf,
+ struct tor_tls_t *tls, size_t at_most);
+int buf_flush_to_tls(struct buf_t *buf, struct tor_tls_t *tls,
+ size_t sz, size_t *buf_flushlen);
+
+#endif /* !defined(TOR_BUFFERS_TLS_H) */
+
diff --git a/src/common/compat.c b/src/common/compat.c
index 4a1f0013c6..83bb707e17 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -88,12 +88,12 @@ SecureZeroMemory(PVOID ptr, SIZE_T cnt)
while (cnt--)
*vcptr++ = 0;
}
-#endif
+#endif /* defined(HAVE_DECL_SECUREZEROMEMORY) && !HAVE_DECL_SECUREZEROMEMORY */
#elif defined(HAVE_READPASSPHRASE_H)
#include <readpassphrase.h>
#else
#include "tor_readpassphrase.h"
-#endif
+#endif /* defined(_WIN32) || ... */
/* Includes for the process attaching prevention */
#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
@@ -102,7 +102,7 @@ SecureZeroMemory(PVOID ptr, SIZE_T cnt)
#elif defined(__APPLE__)
#include <sys/types.h>
#include <sys/ptrace.h>
-#endif
+#endif /* defined(HAVE_SYS_PRCTL_H) && defined(__linux__) || ... */
#ifdef HAVE_NETDB_H
#include <netdb.h>
@@ -161,7 +161,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
* are running on one without. */
if (errno != EINVAL)
return -1;
-#endif
+#endif /* defined(O_CLOEXEC) */
log_debug(LD_FS, "Opening %s with flags %x", p, flags);
fd = open(p, flags, mode);
@@ -173,7 +173,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
return -1;
}
}
-#endif
+#endif /* defined(FD_CLOEXEC) */
return fd;
}
@@ -191,7 +191,7 @@ tor_fopen_cloexec(const char *path, const char *mode)
return NULL;
}
}
-#endif
+#endif /* defined(FD_CLOEXEC) */
return result;
}
@@ -212,7 +212,8 @@ tor_rename(const char *path_old, const char *path_new)
#define COMPAT_HAS_MMAN_AND_PAGESIZE
#endif
-#if defined(COMPAT_HAS_MMAN_AND_PAGESIZE) || defined(RUNNING_DOXYGEN)
+#if defined(COMPAT_HAS_MMAN_AND_PAGESIZE) || \
+ defined(RUNNING_DOXYGEN)
/** Try to create a memory mapping for <b>filename</b> and return it. On
* failure, return NULL. Sets errno properly, using ERANGE to mean
* "empty file". */
@@ -450,7 +451,7 @@ tor_munmap_file(tor_mmap_t *handle)
/* Can't fail in this mmap()/munmap()-free case */
return 0;
}
-#endif
+#endif /* defined(COMPAT_HAS_MMAN_AND_PAGESIZE) || ... || ... */
/** Replacement for snprintf. Differs from platform snprintf in two
* ways: First, always NUL-terminates its output. Second, always
@@ -590,7 +591,7 @@ tor_vasprintf(char **strp, const char *fmt, va_list args)
}
*strp = strp_tmp;
return len;
-#endif
+#endif /* defined(HAVE_VASPRINTF) || ... */
}
/** Given <b>hlen</b> bytes at <b>haystack</b> and <b>nlen</b> bytes at
@@ -636,7 +637,7 @@ tor_memmem(const void *_haystack, size_t hlen,
}
}
return NULL;
-#endif
+#endif /* defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2) */
}
/**
@@ -774,7 +775,7 @@ tor_fix_source_file(const char *fname)
}
return r;
}
-#endif
+#endif /* defined(_WIN32) */
/**
* Read a 16-bit value beginning at <b>cp</b>. Equivalent to
@@ -868,7 +869,7 @@ replace_file(const char *from, const char *to)
return -1;
}
return tor_rename(from,to);
-#endif
+#endif /* !defined(_WIN32) */
}
/** Change <b>fname</b>'s modification time to now. */
@@ -954,7 +955,7 @@ tor_lockfile_lock(const char *filename, int blocking, int *locked_out)
return NULL;
}
}
-#endif
+#endif /* defined(_WIN32) || ... */
result = tor_malloc(sizeof(tor_lockfile_t));
result->filename = tor_strdup(filename);
@@ -982,7 +983,7 @@ tor_lockfile_unlock(tor_lockfile_t *lockfile)
}
#else
/* Closing the lockfile is sufficient. */
-#endif
+#endif /* defined(_WIN32) || ... */
close(lockfile->fd);
lockfile->fd = -1;
@@ -1030,9 +1031,9 @@ tor_fd_seekend(int fd)
* no need to worry. */
if (rc < 0 && errno == ESPIPE)
rc = 0;
-#endif
+#endif /* defined(ESPIPE) */
return (rc < 0) ? -1 : 0;
-#endif
+#endif /* defined(_WIN32) */
}
/** Move <b>fd</b> to position <b>pos</b> in the file. Return -1 on error, 0
@@ -1071,7 +1072,7 @@ tor_ftruncate(int fd)
static bitarray_t *open_sockets = NULL;
/** The size of <b>open_sockets</b>, in bits. */
static int max_socket = -1;
-#endif
+#endif /* defined(DEBUG_SOCKET_COUNTING) */
/** Count of number of sockets currently open. (Undercounts sockets opened by
* eventdns and libevent.) */
@@ -1141,7 +1142,7 @@ tor_close_socket,(tor_socket_t s))
tor_assert(open_sockets && s <= max_socket);
bitarray_clear(open_sockets, s);
}
-#endif
+#endif /* defined(DEBUG_SOCKET_COUNTING) */
if (r == 0) {
--n_sockets_open;
} else {
@@ -1151,7 +1152,7 @@ tor_close_socket,(tor_socket_t s))
#else
if (r != EBADF)
--n_sockets_open; // LCOV_EXCL_LINE -- EIO and EINTR too hard to force.
-#endif
+#endif /* defined(_WIN32) */
r = -1;
}
@@ -1184,9 +1185,9 @@ mark_socket_open(tor_socket_t s)
}
bitarray_set(open_sockets, s);
}
-#else
+#else /* !(defined(DEBUG_SOCKET_COUNTING)) */
#define mark_socket_open(s) STMT_NIL
-#endif
+#endif /* defined(DEBUG_SOCKET_COUNTING) */
/** @} */
/** As socket(), but counts the number of open sockets. */
@@ -1244,7 +1245,7 @@ tor_open_socket_with_extensions(int domain, int type, int protocol,
* support, we are running on one without. */
if (errno != EINVAL)
return s;
-#endif /* SOCK_CLOEXEC && SOCK_NONBLOCK */
+#endif /* defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK) */
s = socket(domain, type, protocol);
if (! SOCKET_OK(s))
@@ -1258,9 +1259,9 @@ tor_open_socket_with_extensions(int domain, int type, int protocol,
return TOR_INVALID_SOCKET;
}
}
-#else
+#else /* !(defined(FD_CLOEXEC)) */
(void)cloexec;
-#endif
+#endif /* defined(FD_CLOEXEC) */
if (nonblock) {
if (set_socket_nonblocking(s) == -1) {
@@ -1316,7 +1317,8 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
return TOR_INVALID_SOCKET;
}
-#if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
+#if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) \
+ && defined(SOCK_NONBLOCK)
int ext_flags = (cloexec ? SOCK_CLOEXEC : 0) |
(nonblock ? SOCK_NONBLOCK : 0);
s = accept4(sockfd, addr, len, ext_flags);
@@ -1328,7 +1330,7 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
* we are missing SOCK_CLOEXEC/SOCK_NONBLOCK support. */
if (errno != EINVAL && errno != ENOSYS)
return s;
-#endif
+#endif /* defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) ... */
s = accept(sockfd, addr, len);
if (!SOCKET_OK(s))
@@ -1342,9 +1344,9 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
return TOR_INVALID_SOCKET;
}
}
-#else
+#else /* !(defined(FD_CLOEXEC)) */
(void)cloexec;
-#endif
+#endif /* defined(FD_CLOEXEC) */
if (nonblock) {
if (set_socket_nonblocking(s) == -1) {
@@ -1404,7 +1406,7 @@ set_socket_nonblocking(tor_socket_t sock)
log_warn(LD_NET, "Couldn't set file status flags: %s", strerror(errno));
return -1;
}
-#endif
+#endif /* defined(_WIN32) */
return 0;
}
@@ -1442,7 +1444,7 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
* are running on one without. */
if (errno != EINVAL)
return -errno;
-#endif
+#endif /* defined(SOCK_CLOEXEC) */
r = socketpair(family, type, protocol, fd);
if (r < 0)
@@ -1465,7 +1467,7 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
return -errno;
}
}
-#endif
+#endif /* defined(FD_CLOEXEC) */
goto sockets_ok; /* So that sockets_ok will not be unused. */
sockets_ok:
@@ -1481,9 +1483,9 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
socket_accounting_unlock();
return 0;
-#else
+#else /* !(defined(HAVE_SOCKETPAIR) && !defined(_WIN32)) */
return tor_ersatz_socketpair(family, type, protocol, fd);
-#endif
+#endif /* defined(HAVE_SOCKETPAIR) && !defined(_WIN32) */
}
#ifdef NEED_ERSATZ_SOCKETPAIR
@@ -1640,7 +1642,7 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
#undef SIZEOF_SOCKADDR
-#endif
+#endif /* defined(NEED_ERSATZ_SOCKETPAIR) */
/* Return the maximum number of allowed sockets. */
int
@@ -1694,7 +1696,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
#else
const char *platform = "unknown platforms with no getrlimit()";
const unsigned long MAX_CONNECTIONS = 15000;
-#endif
+#endif /* defined(CYGWIN) || defined(__CYGWIN__) || ... */
log_fn(LOG_INFO, LD_NET,
"This platform is missing getrlimit(). Proceeding.");
if (limit > MAX_CONNECTIONS) {
@@ -1705,7 +1707,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
return -1;
}
limit = MAX_CONNECTIONS;
-#else /* HAVE_GETRLIMIT */
+#else /* !(!defined(HAVE_GETRLIMIT)) */
struct rlimit rlim;
if (getrlimit(RLIMIT_NOFILE, &rlim) != 0) {
@@ -1755,7 +1757,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
couldnt_set = 0;
}
}
-#endif /* OPEN_MAX */
+#endif /* defined(OPEN_MAX) */
if (couldnt_set) {
log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
strerror(setrlimit_errno));
@@ -1763,7 +1765,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
}
/* leave some overhead for logs, etc, */
limit = rlim.rlim_cur;
-#endif /* HAVE_GETRLIMIT */
+#endif /* !defined(HAVE_GETRLIMIT) */
if (limit > INT_MAX)
limit = INT_MAX;
@@ -1801,7 +1803,7 @@ log_credential_status(void)
"UID is %u (real), %u (effective), %u (saved)",
(unsigned)ruid, (unsigned)euid, (unsigned)suid);
}
-#else
+#else /* !(defined(HAVE_GETRESUID)) */
/* getresuid is not present on MacOS X, so we can't get the saved (E)UID */
ruid = getuid();
euid = geteuid();
@@ -1810,7 +1812,7 @@ log_credential_status(void)
log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
"UID is %u (real), %u (effective), unknown (saved)",
(unsigned)ruid, (unsigned)euid);
-#endif
+#endif /* defined(HAVE_GETRESUID) */
/* log GIDs */
#ifdef HAVE_GETRESGID
@@ -1822,7 +1824,7 @@ log_credential_status(void)
"GID is %u (real), %u (effective), %u (saved)",
(unsigned)rgid, (unsigned)egid, (unsigned)sgid);
}
-#else
+#else /* !(defined(HAVE_GETRESGID)) */
/* getresgid is not present on MacOS X, so we can't get the saved (E)GID */
rgid = getgid();
egid = getegid();
@@ -1830,7 +1832,7 @@ log_credential_status(void)
log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
"GID is %u (real), %u (effective), unknown (saved)",
(unsigned)rgid, (unsigned)egid);
-#endif
+#endif /* defined(HAVE_GETRESGID) */
/* log supplementary groups */
sup_gids_size = 64;
@@ -1870,7 +1872,7 @@ log_credential_status(void)
return 0;
}
-#endif
+#endif /* !defined(_WIN32) */
#ifndef _WIN32
/** Cached struct from the last getpwname() call we did successfully. */
@@ -1970,7 +1972,7 @@ tor_getpwuid(uid_t uid)
return NULL;
}
-#endif
+#endif /* !defined(_WIN32) */
/** Return true iff we were compiled with capability support, and capabilities
* seem to work. **/
@@ -1983,9 +1985,9 @@ have_capability_support(void)
return 0;
cap_free(caps);
return 1;
-#else
+#else /* !(defined(HAVE_LINUX_CAPABILITIES)) */
return 0;
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */
}
#ifdef HAVE_LINUX_CAPABILITIES
@@ -2044,7 +2046,7 @@ drop_capabilities(int pre_setuid)
return 0;
}
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */
/** Call setuid and setgid to run as <b>user</b> and switch to their
* primary group. Return 0 on success. On failure, log and return -1.
@@ -2094,13 +2096,13 @@ switch_id(const char *user, const unsigned flags)
if (drop_capabilities(1))
return -1;
}
-#else
+#else /* !(defined(HAVE_LINUX_CAPABILITIES)) */
(void) keep_bindlow;
if (warn_if_no_caps) {
log_warn(LD_CONFIG, "KeepBindCapabilities set, but no capability support "
"on this system.");
}
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */
/* Properly switch egid,gid,euid,uid here or bail out */
if (setgroups(1, &pw->pw_gid)) {
@@ -2160,7 +2162,7 @@ switch_id(const char *user, const unsigned flags)
if (drop_capabilities(0))
return -1;
}
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */
#if !defined(CYGWIN) && !defined(__CYGWIN__)
/* If we tried to drop privilege to a group/user other than root, attempt to
@@ -2184,7 +2186,7 @@ switch_id(const char *user, const unsigned flags)
return -1;
}
}
-#endif
+#endif /* !defined(CYGWIN) && !defined(__CYGWIN__) */
/* Check what really happened */
if (log_credential_status()) {
@@ -2193,8 +2195,8 @@ switch_id(const char *user, const unsigned flags)
have_already_switched_id = 1; /* mark success so we never try again */
-#if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL)
-#ifdef PR_SET_DUMPABLE
+#if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && \
+ defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
if (pw->pw_uid) {
/* Re-enable core dumps if we're not running as root. */
log_info(LD_CONFIG, "Re-enabling coredumps");
@@ -2202,17 +2204,16 @@ switch_id(const char *user, const unsigned flags)
log_warn(LD_CONFIG, "Unable to re-enable coredumps: %s",strerror(errno));
}
}
-#endif
-#endif
+#endif /* defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && ... */
return 0;
-#else
+#else /* !(!defined(_WIN32)) */
(void)user;
(void)flags;
log_warn(LD_CONFIG, "Switching users is unsupported on your OS.");
return -1;
-#endif
+#endif /* !defined(_WIN32) */
}
/* We only use the linux prctl for now. There is no Win32 support; this may
@@ -2235,35 +2236,32 @@ switch_id(const char *user, const unsigned flags)
int
tor_disable_debugger_attach(void)
{
- int r, attempted;
- r = -1;
- attempted = 0;
+ int r = -1;
log_debug(LD_CONFIG,
"Attemping to disable debugger attachment to Tor for "
"unprivileged users.");
-#if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) && defined(HAVE_PRCTL)
-#ifdef PR_SET_DUMPABLE
- attempted = 1;
+#if defined(__linux__) && defined(HAVE_SYS_PRCTL_H) \
+ && defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+#define TRIED_TO_DISABLE
r = prctl(PR_SET_DUMPABLE, 0);
-#endif
-#endif
-#if defined(__APPLE__) && defined(PT_DENY_ATTACH)
- if (r < 0) {
- attempted = 1;
- r = ptrace(PT_DENY_ATTACH, 0, 0, 0);
- }
-#endif
+#elif defined(__APPLE__) && defined(PT_DENY_ATTACH)
+#define TRIED_TO_ATTACH
+ r = ptrace(PT_DENY_ATTACH, 0, 0, 0);
+#endif /* defined(__linux__) && defined(HAVE_SYS_PRCTL_H) ... || ... */
// XXX: TODO - Mac OS X has dtrace and this may be disabled.
// XXX: TODO - Windows probably has something similar
- if (r == 0 && attempted) {
+#ifdef TRIED_TO_DISABLE
+ if (r == 0) {
log_debug(LD_CONFIG,"Debugger attachment disabled for "
"unprivileged users.");
return 1;
- } else if (attempted) {
+ } else {
log_warn(LD_CONFIG, "Unable to disable debugger attaching: %s",
strerror(errno));
}
+#endif /* defined(TRIED_TO_DISABLE) */
+#undef TRIED_TO_DISABLE
return r;
}
@@ -2282,7 +2280,7 @@ get_user_homedir(const char *username)
}
return tor_strdup(pw->pw_dir);
}
-#endif
+#endif /* defined(HAVE_PWD_H) */
/** Modify <b>fname</b> to contain the name of its parent directory. Doesn't
* actually examine the filesystem; does a purely syntactic modification.
@@ -2310,7 +2308,7 @@ get_parent_directory(char *fname)
if (fname[0] && fname[1] == ':') {
fname += 2;
}
-#endif
+#endif /* defined(_WIN32) */
/* Now we want to remove all path-separators at the end of the string,
* and to remove the end of the string starting with the path separator
* before the last non-path-separator. In perl, this would be
@@ -2349,17 +2347,36 @@ get_parent_directory(char *fname)
static char *
alloc_getcwd(void)
{
-#ifdef PATH_MAX
-#define MAX_CWD PATH_MAX
-#else
-#define MAX_CWD 4096
-#endif
+#ifdef HAVE_GET_CURRENT_DIR_NAME
+ /* Glibc makes this nice and simple for us. */
+ char *cwd = get_current_dir_name();
+ char *result = NULL;
+ if (cwd) {
+ /* We make a copy here, in case tor_malloc() is not malloc(). */
+ result = tor_strdup(cwd);
+ raw_free(cwd); // alias for free to avoid tripping check-spaces.
+ }
+ return result;
+#else /* !(defined(HAVE_GET_CURRENT_DIR_NAME)) */
+ size_t size = 1024;
+ char *buf = NULL;
+ char *ptr = NULL;
+
+ while (ptr == NULL) {
+ buf = tor_realloc(buf, size);
+ ptr = getcwd(buf, size);
- char path_buf[MAX_CWD];
- char *path = getcwd(path_buf, sizeof(path_buf));
- return path ? tor_strdup(path) : NULL;
+ if (ptr == NULL && errno != ERANGE) {
+ tor_free(buf);
+ return NULL;
+ }
+
+ size *= 2;
+ }
+ return buf;
+#endif /* defined(HAVE_GET_CURRENT_DIR_NAME) */
}
-#endif
+#endif /* !defined(_WIN32) */
/** Expand possibly relative path <b>fname</b> to an absolute path.
* Return a newly allocated string, possibly equal to <b>fname</b>. */
@@ -2375,7 +2392,7 @@ make_path_absolute(char *fname)
if (absfname_malloced) raw_free(absfname_malloced);
return absfname;
-#else
+#else /* !(defined(_WIN32)) */
char *absfname = NULL, *path = NULL;
tor_assert(fname);
@@ -2398,7 +2415,7 @@ make_path_absolute(char *fname)
}
}
return absfname;
-#endif
+#endif /* defined(_WIN32) */
}
#ifndef HAVE__NSGETENVIRON
@@ -2407,8 +2424,8 @@ make_path_absolute(char *fname)
#ifndef RUNNING_DOXYGEN
extern char **environ;
#endif
-#endif
-#endif
+#endif /* !defined(HAVE_EXTERN_ENVIRON_DECLARED) */
+#endif /* !defined(HAVE__NSGETENVIRON) */
/** Return the current environment. This is a portable replacement for
* 'environ'. */
@@ -2420,9 +2437,9 @@ get_environment(void)
* when we do a mostly-static build on OSX 10.7, the resulting binary won't
* work on OSX 10.6. */
return *_NSGetEnviron();
-#else
+#else /* !(defined(HAVE__NSGETENVIRON)) */
return environ;
-#endif
+#endif /* defined(HAVE__NSGETENVIRON) */
}
/** Get name of current host and write it to <b>name</b> array, whose
@@ -2563,6 +2580,7 @@ tor_inet_pton(int af, const char *src, void *dst)
int gapPos = -1, i, setWords=0;
const char *dot = strchr(src, '.');
const char *eow; /* end of words. */
+ memset(words, 0xf8, sizeof(words));
if (dot == src)
return 0;
else if (!dot)
@@ -2600,7 +2618,7 @@ tor_inet_pton(int af, const char *src, void *dst)
long r = strtol(src, &next, 16);
if (next == NULL || next == src) {
/* The 'next == src' error case can happen on versions of openbsd
- * where treats "0xfoo" as an error, rather than as "0" followed by
+ * which treat "0xfoo" as an error, rather than as "0" followed by
* "xfoo". */
return 0;
}
@@ -2699,7 +2717,7 @@ get_uname,(void))
/* (Linux says 0 is success, Solaris says 1 is success) */
strlcpy(uname_result, u.sysname, sizeof(uname_result));
} else
-#endif
+#endif /* defined(HAVE_UNAME) */
{
#ifdef _WIN32
OSVERSIONINFOEX info;
@@ -2761,12 +2779,12 @@ get_uname,(void))
info.wProductType == VER_NT_DOMAIN_CONTROLLER) {
strlcat(uname_result, " [server]", sizeof(uname_result));
}
-#endif
-#else
+#endif /* defined(VER_NT_SERVER) */
+#else /* !(defined(_WIN32)) */
/* LCOV_EXCL_START -- can't provoke uname failure */
strlcpy(uname_result, "Unknown platform", sizeof(uname_result));
/* LCOV_EXCL_STOP */
-#endif
+#endif /* defined(_WIN32) */
}
uname_result_is_set = 1;
}
@@ -2822,7 +2840,7 @@ compute_num_cpus_impl(void)
return -1;
#else
return -1;
-#endif
+#endif /* defined(_WIN32) || ... */
}
#define MAX_DETECTABLE_CPUS 16
@@ -2985,7 +3003,7 @@ tor_localtime_r(const time_t *timep, struct tm *result)
memcpy(result, r, sizeof(struct tm));
return correct_tm(1, timep, result, r);
}
-#endif
+#endif /* defined(HAVE_LOCALTIME_R) || ... */
/** @} */
/** @{ */
@@ -3028,9 +3046,13 @@ tor_gmtime_r(const time_t *timep, struct tm *result)
memcpy(result, r, sizeof(struct tm));
return correct_tm(0, timep, result, r);
}
-#endif
+#endif /* defined(HAVE_GMTIME_R) || ... */
#if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
+#define HAVE_UNIX_MLOCKALL
+#endif
+
+#ifdef HAVE_UNIX_MLOCKALL
/** Attempt to raise the current and max rlimit to infinity for our process.
* This only needs to be done once and can probably only be done when we have
* not already dropped privileges.
@@ -3061,7 +3083,7 @@ tor_set_max_memlock(void)
return 0;
}
-#endif
+#endif /* defined(HAVE_UNIX_MLOCKALL) */
/** Attempt to lock all current and all future memory pages.
* This should only be called once and while we're privileged.
@@ -3086,7 +3108,7 @@ tor_mlockall(void)
* http://msdn.microsoft.com/en-us/library/aa366895(VS.85).aspx
*/
-#if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
+#ifdef HAVE_UNIX_MLOCKALL
if (tor_set_max_memlock() == 0) {
log_debug(LD_GENERAL, "RLIMIT_MEMLOCK is now set to RLIM_INFINITY.");
}
@@ -3107,10 +3129,10 @@ tor_mlockall(void)
"pages: %s", strerror(errno));
return -1;
}
-#else
+#else /* !(defined(HAVE_UNIX_MLOCKALL)) */
log_warn(LD_GENERAL, "Unable to lock memory pages. mlockall() unsupported?");
return -1;
-#endif
+#endif /* defined(HAVE_UNIX_MLOCKALL) */
}
/**
@@ -3138,7 +3160,7 @@ tor_socket_errno(tor_socket_t sock)
}
return err;
}
-#endif
+#endif /* defined(_WIN32) */
#if defined(_WIN32)
#define E(code, s) { code, (s " [" #code " ]") }
@@ -3214,7 +3236,7 @@ tor_socket_strerror(int e)
}
return strerror(e);
}
-#endif
+#endif /* defined(_WIN32) */
/** Called before we make any calls to network-related functions.
* (Some operating systems require their network libraries to be
@@ -3240,7 +3262,7 @@ network_init(void)
/* WSAData.iMaxSockets might show the max sockets we're allowed to use.
* We might use it to complain if we're trying to be a server but have
* too few sockets available. */
-#endif
+#endif /* defined(_WIN32) */
return 0;
}
@@ -3276,9 +3298,9 @@ format_win32_error(DWORD err)
result = tor_malloc(len);
wcstombs(result,str,len);
result[len-1] = '\0';
-#else
+#else /* !(defined(UNICODE)) */
result = tor_strdup(str);
-#endif
+#endif /* defined(UNICODE) */
} else {
result = tor_strdup("<unformattable error>");
}
@@ -3287,7 +3309,7 @@ format_win32_error(DWORD err)
}
return result;
}
-#endif
+#endif /* defined(_WIN32) */
#if defined(HW_PHYSMEM64)
/* This appears to be an OpenBSD thing */
@@ -3295,7 +3317,7 @@ format_win32_error(DWORD err)
#elif defined(HW_MEMSIZE)
/* OSX defines this one */
#define INT64_HW_MEM HW_MEMSIZE
-#endif
+#endif /* defined(HW_PHYSMEM64) || ... */
/**
* Helper: try to detect the total system memory, and return it. On failure,
@@ -3328,8 +3350,8 @@ get_total_system_memory_impl(void)
tor_free(s);
return result * 1024;
- err:
/* LCOV_EXCL_START Can't reach this unless proc is broken. */
+ err:
tor_free(s);
close(fd);
return 0;
@@ -3369,7 +3391,7 @@ get_total_system_memory_impl(void)
#else
/* I have no clue. */
return 0;
-#endif
+#endif /* defined(__linux__) || ... */
}
/**
@@ -3402,7 +3424,7 @@ get_total_system_memory(size_t *mem_out)
* size_t. */
m = SIZE_MAX;
}
-#endif
+#endif /* SIZE_MAX != UINT64_MAX */
*mem_out = mem_cached = (size_t) m;
@@ -3483,7 +3505,7 @@ tor_getpass(const char *prompt, char *output, size_t buflen)
return r;
#else
#error "No implementation for tor_getpass found!"
-#endif
+#endif /* defined(HAVE_READPASSPHRASE) || ... */
}
/** Return the amount of free disk space we have permission to use, in
@@ -3523,6 +3545,6 @@ tor_get_avail_disk_space(const char *path)
(void)path;
errno = ENOSYS;
return -1;
-#endif
+#endif /* defined(HAVE_STATVFS) || ... */
}
diff --git a/src/common/compat.h b/src/common/compat.h
index 473ad2b957..fee9e6587d 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -50,8 +50,8 @@
* clang rejects because it is off the end of a less-than-3. Clang hates this,
* even though those references never actually happen. */
# undef strcmp
-# endif
-#endif
+#endif /* __has_feature(address_sanitizer) */
+#endif /* defined(__has_feature) */
#include <stdio.h>
#include <errno.h>
@@ -76,13 +76,13 @@
__attribute__ ((format(printf, formatIdx, firstArg)))
#else
#define CHECK_PRINTF(formatIdx, firstArg)
-#endif
+#endif /* defined(__GNUC__) */
#ifdef __GNUC__
#define CHECK_SCANF(formatIdx, firstArg) \
__attribute__ ((format(scanf, formatIdx, firstArg)))
#else
#define CHECK_SCANF(formatIdx, firstArg)
-#endif
+#endif /* defined(__GNUC__) */
/* What GCC do we have? */
#ifdef __GNUC__
@@ -109,18 +109,18 @@
PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warningopt))
# define ENABLE_GCC_WARNING(warningopt) \
PRAGMA_DIAGNOSTIC_(pop)
-# else
+#else /* !(defined(__clang__) || GCC_VERSION >= 406) */
/* older version of gcc: no push/pop support. */
# define DISABLE_GCC_WARNING(warningopt) \
PRAGMA_DIAGNOSTIC_(ignored PRAGMA_JOIN_STRINGIFY_(-W,warningopt))
# define ENABLE_GCC_WARNING(warningopt) \
PRAGMA_DIAGNOSTIC_(warning PRAGMA_JOIN_STRINGIFY_(-W,warningopt))
-# endif
-#else /* ifdef __GNUC__ */
+#endif /* defined(__clang__) || GCC_VERSION >= 406 */
+#else /* !(defined(__GNUC__)) */
/* not gcc at all */
# define DISABLE_GCC_WARNING(warning)
# define ENABLE_GCC_WARNING(warning)
-#endif
+#endif /* defined(__GNUC__) */
/* inline is __inline on windows. */
#ifdef _WIN32
@@ -142,9 +142,9 @@
#define __func__ __FUNC__
#else
#define __func__ "???"
-#endif
-#endif /* ifndef MAVE_MACRO__func__ */
-#endif /* if not windows */
+#endif /* defined(HAVE_MACRO__FUNCTION__) || ... */
+#endif /* !defined(HAVE_MACRO__func__) */
+#endif /* defined(_MSC_VER) */
#define U64_TO_DBL(x) ((double) (x))
#define DBL_TO_U64(x) ((uint64_t) (x))
@@ -157,7 +157,7 @@
* problems), but if enumerated types are unsigned, we must use unsigned,
* so that the loss of precision doesn't make large values negative. */
#define ENUM_BF(t) t
-#endif
+#endif /* defined(ENUM_VALS_ARE_SIGNED) */
/* GCC has several useful attributes. */
#if defined(__GNUC__) && __GNUC__ >= 3
@@ -194,7 +194,7 @@
* taken. This can generate slightly better code with some CPUs.
*/
#define PREDICT_UNLIKELY(exp) __builtin_expect(!!(exp), 0)
-#else
+#else /* !(defined(__GNUC__) && __GNUC__ >= 3) */
#define ATTR_NORETURN
#define ATTR_CONST
#define ATTR_MALLOC
@@ -204,7 +204,7 @@
#define ATTR_WUR
#define PREDICT_LIKELY(exp) (exp)
#define PREDICT_UNLIKELY(exp) (exp)
-#endif
+#endif /* defined(__GNUC__) && __GNUC__ >= 3 */
/** Expands to a syntactically valid empty statement. */
#define STMT_NIL (void)0
@@ -224,7 +224,7 @@
#else
#define STMT_BEGIN do {
#define STMT_END } while (0)
-#endif
+#endif /* defined(__GNUC__) || ... */
/* Some tools (like coccinelle) don't like to see operators as macro
* arguments. */
@@ -251,7 +251,7 @@
*/
#undef strlcat
#undef strlcpy
-#endif
+#endif /* defined __APPLE__ */
#ifndef HAVE_STRLCAT
size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
@@ -272,24 +272,28 @@ size_t strlcpy(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
#define I64_PRINTF_ARG(a) (a)
#define I64_SCANF_ARG(a) (a)
#define I64_LITERAL(n) (n ## i64)
-#else
+#else /* !(defined(_MSC_VER)) */
#define U64_PRINTF_ARG(a) ((long long unsigned int)(a))
#define U64_SCANF_ARG(a) ((long long unsigned int*)(a))
#define U64_LITERAL(n) (n ## llu)
#define I64_PRINTF_ARG(a) ((long long signed int)(a))
#define I64_SCANF_ARG(a) ((long long signed int*)(a))
#define I64_LITERAL(n) (n ## ll)
+#endif /* defined(_MSC_VER) */
+
+#if defined(__MINGW32__) || defined(__MINGW64__)
+#define MINGW_ANY
#endif
-#if defined(_MSC_VER) || defined(__MINGW32__) || defined(__MINGW64__)
+#if defined(_MSC_VER) || defined(MINGW_ANY)
/** The formatting string used to put a uint64_t value in a printf() or
* scanf() function. See also U64_PRINTF_ARG and U64_SCANF_ARG. */
#define U64_FORMAT "%I64u"
#define I64_FORMAT "%I64d"
-#else
+#else /* !(defined(_MSC_VER) || defined(MINGW_ANY)) */
#define U64_FORMAT "%llu"
#define I64_FORMAT "%lld"
-#endif
+#endif /* defined(_MSC_VER) || defined(MINGW_ANY) */
#if (SIZEOF_INTPTR_T == SIZEOF_INT)
#define INTPTR_T_FORMAT "%d"
@@ -302,7 +306,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
#define INTPTR_PRINTF_ARG(x) I64_PRINTF_ARG(x)
#else
#error Unknown: SIZEOF_INTPTR_T
-#endif
+#endif /* (SIZEOF_INTPTR_T == SIZEOF_INT) || ... */
/** Represents an mmaped file. Allocated via tor_mmap_file; freed with
* tor_munmap_file. */
@@ -316,7 +320,7 @@ typedef struct tor_mmap_t {
* size, rounded up to the nearest page.) */
#elif defined _WIN32
HANDLE mmap_handle;
-#endif
+#endif /* defined(HAVE_SYS_MMAN_H) || ... */
} tor_mmap_t;
@@ -378,7 +382,7 @@ const char *tor_fix_source_file(const char *fname);
#else
#define SHORT_FILE__ (__FILE__)
#define tor_fix_source_file(s) (s)
-#endif
+#endif /* defined(_WIN32) */
/* ===== Time compatibility */
@@ -397,7 +401,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
(tvout)->tv_sec++; \
} \
} while (0)
-#endif
+#endif /* !defined(timeradd) */
#ifndef timersub
/** Replacement for timersub on platforms that do not have it: sets tvout to
@@ -411,7 +415,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
(tvout)->tv_sec--; \
} \
} while (0)
-#endif
+#endif /* !defined(timersub) */
#ifndef timercmp
/** Replacement for timercmp on platforms that do not have it: returns true
@@ -425,7 +429,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
(((tv1)->tv_sec == (tv2)->tv_sec) ? \
((tv1)->tv_usec op (tv2)->tv_usec) : \
((tv1)->tv_sec op (tv2)->tv_sec))
-#endif
+#endif /* !defined(timercmp) */
/* ===== File compatibility */
int tor_open_cloexec(const char *path, int flags, unsigned mode);
@@ -467,7 +471,7 @@ typedef int socklen_t;
#define TOR_SOCKET_T_FORMAT INTPTR_T_FORMAT
#define SOCKET_OK(s) ((SOCKET)(s) != INVALID_SOCKET)
#define TOR_INVALID_SOCKET INVALID_SOCKET
-#else
+#else /* !(defined(_WIN32)) */
/** Type used for a network socket. */
#define tor_socket_t int
#define TOR_SOCKET_T_FORMAT "%d"
@@ -475,7 +479,7 @@ typedef int socklen_t;
#define SOCKET_OK(s) ((s) >= 0)
/** Error/uninitialized value for a tor_socket_t. */
#define TOR_INVALID_SOCKET (-1)
-#endif
+#endif /* defined(_WIN32) */
int tor_close_socket_simple(tor_socket_t s);
MOCK_DECL(int, tor_close_socket, (tor_socket_t s));
@@ -522,19 +526,19 @@ struct in6_addr
#define s6_addr16 in6_u.u6_addr16
#define s6_addr32 in6_u.u6_addr32
};
-#endif
+#endif /* !defined(HAVE_STRUCT_IN6_ADDR) */
/** @{ */
/** Many BSD variants seem not to define these. */
-#if defined(__APPLE__) || defined(__darwin__) || defined(__FreeBSD__) \
- || defined(__NetBSD__) || defined(__OpenBSD__)
+#if defined(__APPLE__) || defined(__darwin__) || \
+ defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
#ifndef s6_addr16
#define s6_addr16 __u6_addr.__u6_addr16
#endif
#ifndef s6_addr32
#define s6_addr32 __u6_addr.__u6_addr32
#endif
-#endif
+#endif /* defined(__APPLE__) || defined(__darwin__) || ... */
/** @} */
#ifndef HAVE_SA_FAMILY_T
@@ -566,7 +570,7 @@ struct sockaddr_in6 {
struct in6_addr sin6_addr;
// uint32_t sin6_scope_id;
};
-#endif
+#endif /* !defined(HAVE_STRUCT_SOCKADDR_IN6) */
MOCK_DECL(int,tor_gethostname,(char *name, size_t namelen));
int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
@@ -607,14 +611,14 @@ int network_init(void);
#define ERRNO_IS_EINTR(e) ((e) == WSAEINTR || 0)
int tor_socket_errno(tor_socket_t sock);
const char *tor_socket_strerror(int e);
-#else
+#else /* !(defined(_WIN32)) */
#define SOCK_ERRNO(e) e
#if EAGAIN == EWOULDBLOCK
/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
#define ERRNO_IS_EAGAIN(e) ((e) == EAGAIN || 0)
#else
#define ERRNO_IS_EAGAIN(e) ((e) == EAGAIN || (e) == EWOULDBLOCK)
-#endif
+#endif /* EAGAIN == EWOULDBLOCK */
#define ERRNO_IS_EINTR(e) ((e) == EINTR || 0)
#define ERRNO_IS_EINPROGRESS(e) ((e) == EINPROGRESS || 0)
#define ERRNO_IS_CONN_EINPROGRESS(e) ((e) == EINPROGRESS || 0)
@@ -625,7 +629,7 @@ const char *tor_socket_strerror(int e);
#define ERRNO_IS_EADDRINUSE(e) (((e) == EADDRINUSE) || 0)
#define tor_socket_errno(sock) (errno)
#define tor_socket_strerror(e) strerror(e)
-#endif
+#endif /* defined(_WIN32) */
/** Specified SOCKS5 status codes. */
typedef enum {
@@ -728,7 +732,7 @@ char *format_win32_error(DWORD err);
#define VER_SUITE_SINGLEUSERTS 0x00000100
#endif
-#endif
+#endif /* defined(_WIN32) */
#ifdef COMPAT_PRIVATE
#if !defined(HAVE_SOCKETPAIR) || defined(_WIN32) || defined(TOR_UNIT_TESTS)
@@ -736,12 +740,12 @@ char *format_win32_error(DWORD err);
STATIC int tor_ersatz_socketpair(int family, int type, int protocol,
tor_socket_t fd[2]);
#endif
-#endif
+#endif /* defined(COMPAT_PRIVATE) */
ssize_t tor_getpass(const char *prompt, char *output, size_t buflen);
/* This needs some of the declarations above so we include it here. */
#include "compat_threads.h"
-#endif
+#endif /* !defined(TOR_COMPAT_H) */
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 31eb4ac496..740cc2a11d 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -88,8 +88,8 @@ static struct event_base *the_event_base = NULL;
(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 1040)
#else
#define MACOSX_KQUEUE_IS_BROKEN 0
-#endif
-#endif
+#endif /* defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__) */
+#endif /* defined(__APPLE__) */
/** Initialize the Libevent library and set up the event base. */
void
@@ -237,8 +237,9 @@ tor_init_libevent_rng(void)
return rv;
}
-#if defined(LIBEVENT_VERSION_NUMBER) && LIBEVENT_VERSION_NUMBER >= V(2,1,1) \
- && !defined(TOR_UNIT_TESTS)
+#if defined(LIBEVENT_VERSION_NUMBER) && \
+ LIBEVENT_VERSION_NUMBER >= V(2,1,1) && \
+ !defined(TOR_UNIT_TESTS)
void
tor_gettimeofday_cached(struct timeval *tv)
{
@@ -249,7 +250,7 @@ tor_gettimeofday_cache_clear(void)
{
event_base_update_cache_time(the_event_base);
}
-#else
+#else /* !(defined(LIBEVENT_VERSION_NUMBER) && ...) */
/** Cache the current hi-res time; the cache gets reset when libevent
* calls us. */
static struct timeval cached_time_hires = {0, 0};
@@ -289,6 +290,6 @@ tor_libevent_postfork(void)
int r = event_reinit(tor_libevent_get_base());
tor_assert(r == 0);
}
-#endif
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
+#endif /* defined(LIBEVENT_VERSION_NUMBER) && ... */
diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h
index 904938415c..834354c405 100644
--- a/src/common/compat_libevent.h
+++ b/src/common/compat_libevent.h
@@ -70,7 +70,7 @@ void tor_libevent_postfork(void);
STATIC void
libevent_logging_callback(int severity, const char *msg);
-#endif
+#endif /* defined(COMPAT_LIBEVENT_PRIVATE) */
-#endif
+#endif /* !defined(TOR_COMPAT_LIBEVENT_H) */
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
index 2b94fe5b4e..c695f1e9df 100644
--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -25,7 +25,7 @@
/* We define this macro if we're trying to build with the majorly refactored
* API in OpenSSL 1.1 */
#define OPENSSL_1_1_API
-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
#ifndef OPENSSL_1_1_API
#define OPENSSL_VERSION SSLEAY_VERSION
@@ -37,11 +37,11 @@
((st) == SSL3_ST_SW_SRVR_HELLO_B))
#define OSSL_HANDSHAKE_STATE int
#define CONST_IF_OPENSSL_1_1_API
-#else
+#else /* !(!defined(OPENSSL_1_1_API)) */
#define STATE_IS_SW_SERVER_HELLO(st) \
((st) == TLS_ST_SW_SRVR_HELLO)
#define CONST_IF_OPENSSL_1_1_API const
-#endif
+#endif /* !defined(OPENSSL_1_1_API) */
-#endif
+#endif /* !defined(TOR_COMPAT_OPENSSL_H) */
diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c
index 8e4b833573..002274c469 100644
--- a/src/common/compat_pthreads.c
+++ b/src/common/compat_pthreads.c
@@ -201,20 +201,21 @@ tor_cond_init(tor_cond_t *cond)
}
#if defined(HAVE_CLOCK_GETTIME)
-#if defined(CLOCK_MONOTONIC) && defined(HAVE_PTHREAD_CONDATTR_SETCLOCK)
+#if defined(HAVE_PTHREAD_CONDATTR_SETCLOCK) && \
+ defined(CLOCK_MONOTONIC)
/* Use monotonic time so when we timedwait() on it, any clock adjustment
* won't affect the timeout value. */
if (pthread_condattr_setclock(&condattr, CLOCK_MONOTONIC)) {
return -1;
}
#define USE_COND_CLOCK CLOCK_MONOTONIC
-#else /* !defined HAVE_PTHREAD_CONDATTR_SETCLOCK */
+#else /* !(defined(HAVE_PTHREAD_CONDATTR_SETCLOCK) && ...) */
/* On OSX Sierra, there is no pthread_condattr_setclock, so we are stuck
* with the realtime clock.
*/
#define USE_COND_CLOCK CLOCK_REALTIME
-#endif /* which clock to use */
-#endif /* HAVE_CLOCK_GETTIME */
+#endif /* defined(HAVE_PTHREAD_CONDATTR_SETCLOCK) && ... */
+#endif /* defined(HAVE_CLOCK_GETTIME) */
if (pthread_cond_init(&cond->cond, &condattr)) {
return -1;
}
@@ -266,11 +267,11 @@ tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex, const struct timeval *tv)
tvnow.tv_sec = ts.tv_sec;
tvnow.tv_usec = (int)(ts.tv_nsec / 1000);
timeradd(tv, &tvnow, &tvsum);
-#else
+#else /* !(defined(HAVE_CLOCK_GETTIME) && defined(USE_COND_CLOCK)) */
if (gettimeofday(&tvnow, NULL) < 0)
return -1;
timeradd(tv, &tvnow, &tvsum);
-#endif /* HAVE_CLOCK_GETTIME, CLOCK_MONOTONIC */
+#endif /* defined(HAVE_CLOCK_GETTIME) && defined(USE_COND_CLOCK) */
ts.tv_sec = tvsum.tv_sec;
ts.tv_nsec = tvsum.tv_usec * 1000;
diff --git a/src/common/compat_rust.h b/src/common/compat_rust.h
index 752a29b56c..72fde39296 100644
--- a/src/common/compat_rust.h
+++ b/src/common/compat_rust.h
@@ -24,5 +24,5 @@ const char *rust_str_get(const rust_str_t);
rust_str_t rust_welcome_string(void);
-#endif
+#endif /* !defined(TOR_RUST_COMPAT_H) */
diff --git a/src/common/compat_threads.c b/src/common/compat_threads.c
index c593e9af8d..208d3138d9 100644
--- a/src/common/compat_threads.c
+++ b/src/common/compat_threads.c
@@ -126,7 +126,7 @@ read_ni(int fd, void *buf, size_t n)
}
return r;
}
-#endif
+#endif /* defined(HAVE_EVENTFD) || defined(HAVE_PIPE) */
/** As send(), but retry on EINTR, and return the negative error code on
* error. */
@@ -186,7 +186,7 @@ eventfd_drain(int fd)
return r;
return 0;
}
-#endif
+#endif /* defined(HAVE_EVENTFD) */
#ifdef HAVE_PIPE
/** Send a byte over a pipe. Return 0 on success or EAGAIN; -1 on error */
@@ -214,7 +214,7 @@ pipe_drain(int fd)
/* A value of r = 0 means EOF on the fd so successfully drained. */
return 0;
}
-#endif
+#endif /* defined(HAVE_PIPE) */
/** Send a byte on socket <b>fd</b>t. Return 0 on success or EAGAIN,
* -1 on error. */
@@ -276,7 +276,7 @@ alert_sockets_create(alert_sockets_t *socks_out, uint32_t flags)
socks_out->drain_fn = eventfd_drain;
return 0;
}
-#endif
+#endif /* defined(HAVE_EVENTFD) */
#ifdef HAVE_PIPE2
/* Now we're going to try pipes. First type the pipe2() syscall, if we
@@ -289,7 +289,7 @@ alert_sockets_create(alert_sockets_t *socks_out, uint32_t flags)
socks_out->drain_fn = pipe_drain;
return 0;
}
-#endif
+#endif /* defined(HAVE_PIPE2) */
#ifdef HAVE_PIPE
/* Now try the regular pipe() syscall. Pipes have a bit lower overhead than
@@ -313,7 +313,7 @@ alert_sockets_create(alert_sockets_t *socks_out, uint32_t flags)
socks_out->drain_fn = pipe_drain;
return 0;
}
-#endif
+#endif /* defined(HAVE_PIPE) */
/* If nothing else worked, fall back on socketpair(). */
if (!(flags & ASOCKS_NOSOCKETPAIR) &&
diff --git a/src/common/compat_threads.h b/src/common/compat_threads.h
index 9fa3d0d0b7..42f14eab2a 100644
--- a/src/common/compat_threads.h
+++ b/src/common/compat_threads.h
@@ -20,7 +20,7 @@
#define USE_PTHREADS
#else
#error "No threading system was found"
-#endif
+#endif /* defined(_WIN32) || ... */
int spawn_func(void (*func)(void *), void *data);
void spawn_exit(void) ATTR_NORETURN;
@@ -41,7 +41,7 @@ typedef struct tor_mutex_t {
#else
/** No-threads only: Dummy variable so that tor_mutex_t takes up space. */
int _unused;
-#endif
+#endif /* defined(USE_WIN32_THREADS) || ... */
} tor_mutex_t;
tor_mutex_t *tor_mutex_new(void);
@@ -73,7 +73,7 @@ typedef struct tor_cond_t {
int generation;
#else
#error no known condition implementation.
-#endif
+#endif /* defined(USE_PTHREADS) || ... */
} tor_cond_t;
tor_cond_t *tor_cond_new(void);
@@ -161,5 +161,5 @@ void atomic_counter_add(atomic_counter_t *counter, size_t add);
void atomic_counter_sub(atomic_counter_t *counter, size_t sub);
size_t atomic_counter_get(atomic_counter_t *counter);
-#endif
+#endif /* !defined(TOR_COMPAT_THREADS_H) */
diff --git a/src/common/compat_time.c b/src/common/compat_time.c
index 2ccaa36e49..1ce6f5ce4e 100644
--- a/src/common/compat_time.c
+++ b/src/common/compat_time.c
@@ -28,7 +28,7 @@
/* as fallback implementation for tor_sleep_msec */
#include <sys/select.h>
#endif
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
#ifdef __APPLE__
#include <mach/mach_time.h>
@@ -64,9 +64,9 @@ tor_sleep_msec(int msec)
select(0, NULL, NULL, NULL, &tv);
#else
sleep(CEIL_DIV(msec, 1000));
-#endif
+#endif /* defined(_WIN32) || ... */
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/** Set *timeval to the current time of day. On error, log and terminate.
* (Same as gettimeofday(timeval,NULL), but never returns -1.)
@@ -112,7 +112,7 @@ tor_gettimeofday(struct timeval *timeval)
timeval->tv_usec = tb.millitm * 1000;
#else
#error "No way to get time."
-#endif
+#endif /* defined(_WIN32) || ... */
return;
}
@@ -187,8 +187,8 @@ monotime_coarse_set_mock_time_nsec(int64_t nsec)
tor_assert_nonfatal(monotime_mocking_enabled == 1);
mock_time_nsec_coarse = nsec;
}
-#endif
-#endif
+#endif /* defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
+#endif /* defined(TOR_UNIT_TESTS) */
/* "ratchet" functions for monotonic time. */
@@ -235,7 +235,7 @@ ratchet_coarse_performance_counter(const int64_t count_raw)
last_tick_count = count;
return count;
}
-#endif
+#endif /* defined(_WIN32) || defined(TOR_UNIT_TESTS) */
#if defined(MONOTIME_USING_GETTIMEOFDAY) || defined(TOR_UNIT_TESTS)
static struct timeval last_timeofday = { 0, 0 };
@@ -251,7 +251,7 @@ ratchet_timeval(const struct timeval *timeval_raw, struct timeval *out)
{
/* must hold lock */
timeradd(timeval_raw, &timeofday_offset, out);
- if (PREDICT_UNLIKELY(timercmp(out, &last_timeofday, <))) {
+ if (PREDICT_UNLIKELY(timercmp(out, &last_timeofday, OP_LT))) {
/* time ran backwards. Instead, declare that no time occurred. */
timersub(&last_timeofday, timeval_raw, &timeofday_offset);
memcpy(out, &last_timeofday, sizeof(struct timeval));
@@ -259,7 +259,7 @@ ratchet_timeval(const struct timeval *timeval_raw, struct timeval *out)
memcpy(&last_timeofday, out, sizeof(struct timeval));
}
}
-#endif
+#endif /* defined(MONOTIME_USING_GETTIMEOFDAY) || defined(TOR_UNIT_TESTS) */
#ifdef TOR_UNIT_TESTS
/** For testing: reset all the ratchets */
@@ -271,7 +271,7 @@ monotime_reset_ratchets_for_testing(void)
memset(&last_timeofday, 0, sizeof(struct timeval));
memset(&timeofday_offset, 0, sizeof(struct timeval));
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
#ifdef __APPLE__
@@ -301,7 +301,7 @@ monotime_get(monotime_t *out)
/ mach_time_info.numer;
return;
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
out->abstime_ = mach_absolute_time();
}
@@ -332,7 +332,7 @@ monotime_diff_nsec(const monotime_t *start,
* an old Linux kernel. In that case, we will fall back to CLOCK_MONOTONIC.
*/
static int clock_monotonic_coarse = CLOCK_MONOTONIC_COARSE;
-#endif
+#endif /* defined(CLOCK_MONOTONIC_COARSE) */
static void
monotime_init_internal(void)
@@ -344,7 +344,7 @@ monotime_init_internal(void)
"falling back to CLOCK_MONOTONIC.", strerror(errno));
clock_monotonic_coarse = CLOCK_MONOTONIC;
}
-#endif
+#endif /* defined(CLOCK_MONOTONIC_COARSE) */
}
void
@@ -356,7 +356,7 @@ monotime_get(monotime_t *out)
out->ts_.tv_nsec = (int) (mock_time_nsec % ONE_BILLION);
return;
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
int r = clock_gettime(CLOCK_MONOTONIC, &out->ts_);
tor_assert(r == 0);
}
@@ -371,7 +371,7 @@ monotime_coarse_get(monotime_coarse_t *out)
out->ts_.tv_nsec = (int) (mock_time_nsec_coarse % ONE_BILLION);
return;
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
int r = clock_gettime(clock_monotonic_coarse, &out->ts_);
if (PREDICT_UNLIKELY(r < 0) &&
errno == EINVAL &&
@@ -386,7 +386,7 @@ monotime_coarse_get(monotime_coarse_t *out)
tor_assert(r == 0);
}
-#endif
+#endif /* defined(CLOCK_MONOTONIC_COARSE) */
int64_t
monotime_diff_nsec(const monotime_t *start,
@@ -462,7 +462,7 @@ monotime_get(monotime_t *out)
/ nsec_per_tick_numer;
return;
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/* Alas, QueryPerformanceCounter is not always monotonic: see bug list at
@@ -486,7 +486,7 @@ monotime_coarse_get(monotime_coarse_t *out)
out->tick_count_ = mock_time_nsec_coarse / ONE_MILLION;
return;
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
if (GetTickCount64_fn) {
out->tick_count_ = (int64_t)GetTickCount64_fn();
@@ -570,7 +570,7 @@ monotime_diff_nsec(const monotime_t *start,
/* end of "MONOTIME_USING_GETTIMEOFDAY" */
#else
#error "No way to implement monotonic timers."
-#endif
+#endif /* defined(__APPLE__) || ... */
/**
* Initialize the monotonic timer subsystem. Must be called before any
@@ -653,5 +653,5 @@ monotime_coarse_absolute_msec(void)
{
return monotime_coarse_absolute_nsec() / ONE_MILLION;
}
-#endif
+#endif /* defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
diff --git a/src/common/compat_time.h b/src/common/compat_time.h
index 90194c5ebc..5ea4aae42b 100644
--- a/src/common/compat_time.h
+++ b/src/common/compat_time.h
@@ -28,13 +28,13 @@
#include <time.h>
#endif
-#if !defined(HAVE_GETTIMEOFDAY) && !defined(HAVE_STRUCT_TIMEVAL_TV_SEC)
+#if !defined(HAVE_STRUCT_TIMEVAL_TV_SEC)
/** Implementation of timeval for platforms that don't have it. */
struct timeval {
time_t tv_sec;
unsigned int tv_usec;
};
-#endif
+#endif /* !defined(HAVE_STRUCT_TIMEVAL_TV_SEC) */
/** Represents a monotonic timer in a platform-dependent way. */
typedef struct monotime_t {
@@ -51,10 +51,11 @@ typedef struct monotime_t {
#define MONOTIME_USING_GETTIMEOFDAY
/* Otherwise, we will be stuck using gettimeofday. */
struct timeval tv_;
-#endif
+#endif /* defined(__APPLE__) || ... */
} monotime_t;
-#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC_COARSE)
+#if defined(CLOCK_MONOTONIC_COARSE) && \
+ defined(HAVE_CLOCK_GETTIME)
#define MONOTIME_COARSE_FN_IS_DIFFERENT
#define monotime_coarse_t monotime_t
#elif defined(_WIN32)
@@ -66,7 +67,7 @@ typedef struct monotime_coarse_t {
} monotime_coarse_t;
#else
#define monotime_coarse_t monotime_t
-#endif
+#endif /* defined(CLOCK_MONOTONIC_COARSE) && ... || ... */
/**
* Initialize the timing subsystem. This function is idempotent.
@@ -109,12 +110,12 @@ void monotime_coarse_get(monotime_coarse_t *out);
uint64_t monotime_coarse_absolute_nsec(void);
uint64_t monotime_coarse_absolute_usec(void);
uint64_t monotime_coarse_absolute_msec(void);
-#else
+#else /* !(defined(MONOTIME_COARSE_FN_IS_DIFFERENT)) */
#define monotime_coarse_get monotime_get
#define monotime_coarse_absolute_nsec monotime_absolute_nsec
#define monotime_coarse_absolute_usec monotime_absolute_usec
#define monotime_coarse_absolute_msec monotime_absolute_msec
-#endif
+#endif /* defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
#if defined(MONOTIME_COARSE_TYPE_IS_DIFFERENT)
int64_t monotime_coarse_diff_nsec(const monotime_coarse_t *start,
@@ -123,11 +124,11 @@ int64_t monotime_coarse_diff_usec(const monotime_coarse_t *start,
const monotime_coarse_t *end);
int64_t monotime_coarse_diff_msec(const monotime_coarse_t *start,
const monotime_coarse_t *end);
-#else
+#else /* !(defined(MONOTIME_COARSE_TYPE_IS_DIFFERENT)) */
#define monotime_coarse_diff_nsec monotime_diff_nsec
#define monotime_coarse_diff_usec monotime_diff_usec
#define monotime_coarse_diff_msec monotime_diff_msec
-#endif
+#endif /* defined(MONOTIME_COARSE_TYPE_IS_DIFFERENT) */
void tor_gettimeofday(struct timeval *timeval);
@@ -142,7 +143,7 @@ void monotime_coarse_set_mock_time_nsec(int64_t);
#else
#define monotime_coarse_set_mock_time_nsec monotime_set_mock_time_nsec
#endif
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
#ifdef COMPAT_TIME_PRIVATE
#if defined(_WIN32) || defined(TOR_UNIT_TESTS)
@@ -156,7 +157,7 @@ STATIC void ratchet_timeval(const struct timeval *timeval_raw,
#ifdef TOR_UNIT_TESTS
void monotime_reset_ratchets_for_testing(void);
#endif
-#endif
+#endif /* defined(COMPAT_TIME_PRIVATE) */
-#endif
+#endif /* !defined(TOR_COMPAT_TIME_H) */
diff --git a/src/common/compat_winthreads.c b/src/common/compat_winthreads.c
index 915368b94f..50a3c498ca 100644
--- a/src/common/compat_winthreads.c
+++ b/src/common/compat_winthreads.c
@@ -246,5 +246,5 @@ tor_threads_init(void)
set_main_thread();
}
-#endif
+#endif /* defined(_WIN32) */
diff --git a/src/common/compress.c b/src/common/compress.c
index beeff5fcb8..bc12a58ad6 100644
--- a/src/common/compress.c
+++ b/src/common/compress.c
@@ -51,8 +51,8 @@ static atomic_counter_t total_compress_allocation;
/** Return true if uncompressing an input of size <b>in_size</b> to an input of
* size at least <b>size_out</b> looks like a compression bomb. */
-int
-tor_compress_is_compression_bomb(size_t size_in, size_t size_out)
+MOCK_IMPL(int,
+tor_compress_is_compression_bomb,(size_t size_in, size_t size_out))
{
if (size_in == 0 || size_out < CHECK_FOR_COMPRESSION_BOMB_AFTER)
return 0;
@@ -164,7 +164,7 @@ tor_compress_impl(int compress,
goto err;
}
if (out_alloc >= SIZE_T_CEILING / 2) {
- log_warn(LD_GENERAL, "While %scompresing data: ran out of space.",
+ log_warn(LD_GENERAL, "While %scompressing data: ran out of space.",
compress?"":"un");
goto err;
}
@@ -185,11 +185,12 @@ tor_compress_impl(int compress,
}
case TOR_COMPRESS_ERROR:
log_fn(protocol_warn_level, LD_GENERAL,
- "Error while %scompresing data: bad input?",
+ "Error while %scompressing data: bad input?",
compress?"":"un");
goto err; // bad data.
- default:
+
// LCOV_EXCL_START
+ default:
tor_assert_nonfatal_unreached();
goto err;
// LCOV_EXCL_STOP
@@ -561,9 +562,9 @@ tor_compress_process(tor_compress_state_t *state,
finish);
break;
case LZMA_METHOD:
- rv =tor_lzma_compress_process(state->u.lzma_state,
- out, out_len, in, in_len,
- finish);
+ rv = tor_lzma_compress_process(state->u.lzma_state,
+ out, out_len, in, in_len,
+ finish);
break;
case ZSTD_METHOD:
rv = tor_zstd_compress_process(state->u.zstd_state,
@@ -581,6 +582,12 @@ tor_compress_process(tor_compress_state_t *state,
if (BUG((rv == TOR_COMPRESS_OK) &&
*in_len == in_len_orig &&
*out_len == out_len_orig)) {
+ log_warn(LD_GENERAL,
+ "More info on the bug: method == %s, finish == %d, "
+ " *in_len == in_len_orig == %lu, "
+ "*out_len == out_len_orig == %lu",
+ compression_method_get_human_name(state->method), finish,
+ (unsigned long)in_len_orig, (unsigned long)out_len_orig);
return TOR_COMPRESS_ERROR;
}
diff --git a/src/common/compress.h b/src/common/compress.h
index 59c8b7b9b5..23a9817479 100644
--- a/src/common/compress.h
+++ b/src/common/compress.h
@@ -45,7 +45,8 @@ int tor_uncompress(char **out, size_t *out_len,
compress_method_t detect_compression_method(const char *in, size_t in_len);
-int tor_compress_is_compression_bomb(size_t size_in, size_t size_out);
+MOCK_DECL(int,tor_compress_is_compression_bomb,(size_t size_in,
+ size_t size_out));
int tor_compress_supports_method(compress_method_t method);
unsigned tor_compress_get_supported_method_bitmask(void);
@@ -85,5 +86,5 @@ size_t tor_compress_state_size(const tor_compress_state_t *state);
void tor_compress_init(void);
-#endif // TOR_COMPRESS_H.
+#endif /* !defined(TOR_COMPRESS_H) */
diff --git a/src/common/compress_lzma.c b/src/common/compress_lzma.c
index d453d9f718..6426ede4fd 100644
--- a/src/common/compress_lzma.c
+++ b/src/common/compress_lzma.c
@@ -75,7 +75,7 @@ lzma_error_str(lzma_ret error)
return "Unknown LZMA error";
}
}
-#endif // HAVE_LZMA.
+#endif /* defined(HAVE_LZMA) */
/** Return 1 if LZMA compression is supported; otherwise 0. */
int
@@ -158,10 +158,12 @@ tor_lzma_state_size_precalc(int compress, compression_level_t level)
return (size_t)memory_usage;
+ // LCOV_EXCL_START
err:
- return 0; // LCOV_EXCL_LINE
+ return 0;
+ // LCOV_EXCL_STOP
}
-#endif // HAVE_LZMA.
+#endif /* defined(HAVE_LZMA) */
/** Construct and return a tor_lzma_compress_state_t object using
* <b>method</b>. If <b>compress</b>, it's for compression; otherwise it's for
@@ -212,16 +214,18 @@ tor_lzma_compress_new(int compress,
atomic_counter_add(&total_lzma_allocation, result->allocation);
return result;
+ /* LCOV_EXCL_START */
err:
- tor_free(result); // LCOV_EXCL_LINE
+ tor_free(result);
return NULL;
-#else // HAVE_LZMA.
+ /* LCOV_EXCL_STOP */
+#else /* !(defined(HAVE_LZMA)) */
(void)compress;
(void)method;
(void)level;
return NULL;
-#endif // HAVE_LZMA.
+#endif /* defined(HAVE_LZMA) */
}
/** Compress/decompress some bytes using <b>state</b>. Read up to
@@ -306,7 +310,7 @@ tor_lzma_compress_process(tor_lzma_compress_state_t *state,
lzma_error_str(retval));
return TOR_COMPRESS_ERROR;
}
-#else // HAVE_LZMA.
+#else /* !(defined(HAVE_LZMA)) */
(void)state;
(void)out;
(void)out_len;
@@ -314,7 +318,7 @@ tor_lzma_compress_process(tor_lzma_compress_state_t *state,
(void)in_len;
(void)finish;
return TOR_COMPRESS_ERROR;
-#endif // HAVE_LZMA.
+#endif /* defined(HAVE_LZMA) */
}
/** Deallocate <b>state</b>. */
diff --git a/src/common/compress_lzma.h b/src/common/compress_lzma.h
index 1433c89f88..7639d98a70 100644
--- a/src/common/compress_lzma.h
+++ b/src/common/compress_lzma.h
@@ -39,5 +39,5 @@ size_t tor_lzma_get_total_allocation(void);
void tor_lzma_init(void);
-#endif // TOR_COMPRESS_LZMA_H.
+#endif /* !defined(TOR_COMPRESS_LZMA_H) */
diff --git a/src/common/compress_none.h b/src/common/compress_none.h
index d1ebb4b625..77c3cef47b 100644
--- a/src/common/compress_none.h
+++ b/src/common/compress_none.h
@@ -16,5 +16,5 @@ tor_cnone_compress_process(char **out, size_t *out_len,
const char **in, size_t *in_len,
int finish);
-#endif // TOR_COMPRESS_NONE_H.
+#endif /* !defined(TOR_COMPRESS_NONE_H) */
diff --git a/src/common/compress_zlib.h b/src/common/compress_zlib.h
index df5c196ac7..8ace467bf0 100644
--- a/src/common/compress_zlib.h
+++ b/src/common/compress_zlib.h
@@ -39,5 +39,5 @@ size_t tor_zlib_get_total_allocation(void);
void tor_zlib_init(void);
-#endif // TOR_COMPRESS_ZLIB_H.
+#endif /* !defined(TOR_COMPRESS_ZLIB_H) */
diff --git a/src/common/compress_zstd.c b/src/common/compress_zstd.c
index 63e92ed22d..c1cdaf17ad 100644
--- a/src/common/compress_zstd.c
+++ b/src/common/compress_zstd.c
@@ -38,7 +38,7 @@ memory_level(compression_level_t level)
case LOW_COMPRESSION: return 7;
}
}
-#endif // HAVE_ZSTD.
+#endif /* defined(HAVE_ZSTD) */
/** Return 1 if Zstandard compression is supported; otherwise 0. */
int
@@ -68,9 +68,9 @@ tor_zstd_get_version_str(void)
(int) version_number % 100);
return version_str;
-#else
+#else /* !(defined(HAVE_ZSTD)) */
return NULL;
-#endif
+#endif /* defined(HAVE_ZSTD) */
}
/** Return a string representation of the version of the version of libzstd
@@ -95,7 +95,7 @@ struct tor_zstd_compress_state_t {
/** Decompression stream. Used when <b>compress</b> is false. */
ZSTD_DStream *decompress_stream;
} u; /**< Zstandard stream objects. */
-#endif // HAVE_ZSTD.
+#endif /* defined(HAVE_ZSTD) */
int compress; /**< True if we are compressing; false if we are inflating */
int have_called_end; /**< True if we are compressing and we've called
@@ -171,7 +171,7 @@ tor_zstd_state_size_precalc(int compress, int preset)
return memory_usage;
}
-#endif // HAVE_ZSTD.
+#endif /* defined(HAVE_ZSTD) */
/** Construct and return a tor_zstd_compress_state_t object using
* <b>method</b>. If <b>compress</b>, it's for compression; otherwise it's for
@@ -248,13 +248,13 @@ tor_zstd_compress_new(int compress,
tor_free(result);
return NULL;
// LCOV_EXCL_STOP
-#else // HAVE_ZSTD.
+#else /* !(defined(HAVE_ZSTD)) */
(void)compress;
(void)method;
(void)level;
return NULL;
-#endif // HAVE_ZSTD.
+#endif /* defined(HAVE_ZSTD) */
}
/** Compress/decompress some bytes using <b>state</b>. Read up to
@@ -385,7 +385,7 @@ tor_zstd_compress_process(tor_zstd_compress_state_t *state,
return TOR_COMPRESS_OK;
}
-#else // HAVE_ZSTD.
+#else /* !(defined(HAVE_ZSTD)) */
(void)state;
(void)out;
(void)out_len;
@@ -394,7 +394,7 @@ tor_zstd_compress_process(tor_zstd_compress_state_t *state,
(void)finish;
return TOR_COMPRESS_ERROR;
-#endif // HAVE_ZSTD.
+#endif /* defined(HAVE_ZSTD) */
}
/** Deallocate <b>state</b>. */
@@ -412,7 +412,7 @@ tor_zstd_compress_free(tor_zstd_compress_state_t *state)
} else {
ZSTD_freeDStream(state->u.decompress_stream);
}
-#endif // HAVE_ZSTD.
+#endif /* defined(HAVE_ZSTD) */
tor_free(state);
}
diff --git a/src/common/compress_zstd.h b/src/common/compress_zstd.h
index d3e65c2f16..02466010ff 100644
--- a/src/common/compress_zstd.h
+++ b/src/common/compress_zstd.h
@@ -39,5 +39,5 @@ size_t tor_zstd_get_total_allocation(void);
void tor_zstd_init(void);
-#endif // TOR_COMPRESS_ZSTD_H.
+#endif /* !defined(TOR_COMPRESS_ZSTD_H) */
diff --git a/src/common/confline.c b/src/common/confline.c
index 15fd96bf38..04545bc2c3 100644
--- a/src/common/confline.c
+++ b/src/common/confline.c
@@ -288,7 +288,7 @@ config_process_include(const char *path, int recursion_level, int extended,
return -1;
}
tor_free(unquoted_path);
-#endif
+#endif /* 0 */
smartlist_t *config_files = config_get_file_list(path);
if (!config_files) {
return -1;
@@ -342,7 +342,8 @@ config_lines_dup(const config_line_t *inp)
}
/** Return a newly allocated deep copy of the lines in <b>inp</b>,
- * but only the ones that match <b>key</b>. */
+ * but only the ones whose keys begin with <b>key</b> (case-insensitive).
+ * If <b>key</b> is NULL, do not filter. */
config_line_t *
config_lines_dup_and_filter(const config_line_t *inp,
const char *key)
diff --git a/src/common/confline.h b/src/common/confline.h
index eb863e8fd8..8256326f2d 100644
--- a/src/common/confline.h
+++ b/src/common/confline.h
@@ -49,5 +49,5 @@ void config_free_lines(config_line_t *front);
const char *parse_config_line_from_str_verbose(const char *line,
char **key_out, char **value_out,
const char **err_out);
-#endif
+#endif /* !defined(TOR_CONFLINE_H) */
diff --git a/src/common/container.c b/src/common/container.c
index 689e7e55e9..8645cb4826 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -843,13 +843,13 @@ smartlist_sort_pointers(smartlist_t *sl)
* }
*
* void timer_heap_insert(smartlist_t *heap, timer_t *timer) {
- * smartlist_pqueue_add(heap, compare, STRUCT_OFFSET(timer_t, heap_index),
+ * smartlist_pqueue_add(heap, compare, offsetof(timer_t, heap_index),
* timer);
* }
*
* void timer_heap_pop(smartlist_t *heap) {
* return smartlist_pqueue_pop(heap, compare,
- * STRUCT_OFFSET(timer_t, heap_index));
+ * offsetof(timer_t, heap_index));
* }
*/
diff --git a/src/common/container.h b/src/common/container.h
index db68d892f5..f6affd3bc6 100644
--- a/src/common/container.h
+++ b/src/common/container.h
@@ -74,11 +74,11 @@ static inline void smartlist_set(smartlist_t *sl, int idx, void *val) {
tor_assert(sl->num_used > idx);
sl->list[idx] = val;
}
-#else
+#else /* !(defined(DEBUG_SMARTLIST)) */
#define smartlist_len(sl) ((sl)->num_used)
#define smartlist_get(sl, idx) ((sl)->list[idx])
#define smartlist_set(sl, idx, val) ((sl)->list[idx] = (val))
-#endif
+#endif /* defined(DEBUG_SMARTLIST) */
/** Exchange the elements at indices <b>idx1</b> and <b>idx2</b> of the
* smartlist <b>sl</b>. */
@@ -580,7 +580,7 @@ void* strmap_remove_lc(strmap_t *map, const char *key);
#define BITARRAY_SHIFT 6
#else
#error "int is neither 4 nor 8 bytes. I can't deal with that."
-#endif
+#endif /* SIZEOF_INT == 4 || ... */
#define BITARRAY_MASK ((1u<<BITARRAY_SHIFT)-1)
/** A random-access array of one-bit-wide elements. */
@@ -723,5 +723,5 @@ third_quartile_uint32(uint32_t *array, int n_elements)
return find_nth_uint32(array, n_elements, (n_elements*3)/4);
}
-#endif
+#endif /* !defined(TOR_CONTAINER_H) */
diff --git a/src/common/crypto.c b/src/common/crypto.c
index d2801e0d45..16536f3716 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -20,7 +20,7 @@
/* Windows defines this; so does OpenSSL 0.9.8h and later. We don't actually
* use either definition. */
#undef OCSP_RESPONSE
-#endif
+#endif /* defined(_WIN32) */
#define CRYPTO_PRIVATE
#include "crypto.h"
@@ -50,7 +50,7 @@ ENABLE_GCC_WARNING(redundant-decls)
#else
#pragma GCC diagnostic warning "-Wredundant-decls"
#endif
-#endif
+#endif /* __GNUC__ && GCC_VERSION >= 402 */
#ifdef HAVE_CTYPE_H
#include <ctype.h>
@@ -101,7 +101,7 @@ ENABLE_GCC_WARNING(redundant-decls)
* pointless, so let's not.
*/
#define NEW_THREAD_API
-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && ... */
/** Longest recognized */
#define MAX_DNS_LABEL_SIZE 63
@@ -114,7 +114,7 @@ ENABLE_GCC_WARNING(redundant-decls)
static tor_mutex_t **openssl_mutexes_ = NULL;
/** How many mutexes have we allocated for use by OpenSSL? */
static int n_openssl_mutexes_ = 0;
-#endif
+#endif /* !defined(NEW_THREAD_API) */
/** A public key, or a public/private key-pair. */
struct crypto_pk_t
@@ -198,7 +198,7 @@ log_engine(const char *fn, ENGINE *e)
log_info(LD_CRYPTO, "Using default implementation for %s", fn);
}
}
-#endif
+#endif /* !defined(DISABLE_ENGINES) */
#ifndef DISABLE_ENGINES
/** Try to load an engine in a shared library via fully qualified path.
@@ -218,7 +218,7 @@ try_load_engine(const char *path, const char *engine)
}
return e;
}
-#endif
+#endif /* !defined(DISABLE_ENGINES) */
/* Returns a trimmed and human-readable version of an openssl version string
* <b>raw_version</b>. They are usually in the form of 'OpenSSL 1.0.0b 10
@@ -394,7 +394,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
#else
log_engine("ECDH", ENGINE_get_default_ECDH());
log_engine("ECDSA", ENGINE_get_default_ECDSA());
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
log_engine("RAND", ENGINE_get_default_RAND());
log_engine("RAND (which we will not use)", ENGINE_get_default_RAND());
log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
@@ -412,7 +412,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
log_engine("AES-256-GCM", ENGINE_get_cipher_engine(NID_aes_256_gcm));
#endif
-#endif
+#endif /* defined(DISABLE_ENGINES) */
} else {
log_info(LD_CRYPTO, "NOT using OpenSSL engine support.");
}
@@ -450,9 +450,9 @@ crypto_pk_private_ok(const crypto_pk_t *k)
const BIGNUM *p, *q;
RSA_get0_factors(k->key, &p, &q);
return p != NULL; /* XXX/yawning: Should we check q? */
-#else
+#else /* !(defined(OPENSSL_1_1_API)) */
return k && k->key && k->key->p;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
}
/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -899,7 +899,7 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
RSA_get0_key(env->key, &n, &e, &d);
#else
e = env->key->e;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
return BN_is_word(e, 65537);
}
@@ -933,7 +933,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b)
a_e = a->key->e;
b_n = b->key->n;
b_e = b->key->e;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
tor_assert(a_n != NULL && a_e != NULL);
tor_assert(b_n != NULL && b_e != NULL);
@@ -982,10 +982,10 @@ crypto_pk_num_bits(crypto_pk_t *env)
tor_assert(n != NULL);
return RSA_bits(env->key);
-#else
+#else /* !(defined(OPENSSL_1_1_API)) */
tor_assert(env->key->n);
return BN_num_bits(env->key->n);
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
}
/** Increase the reference count of <b>env</b>, and return it.
@@ -1012,7 +1012,7 @@ crypto_pk_assign_(crypto_pk_t *dest, const crypto_pk_t *src)
RSA_free(dest->key);
dest->key = RSAPrivateKey_dup(src->key);
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/** Make a real honest-to-goodness copy of <b>env</b>, and return it.
* Returns NULL on failure. */
@@ -1253,9 +1253,12 @@ crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
* - The beginning of the source data prefixed with a 16-byte symmetric key,
* padded and encrypted with the public key; followed by the rest of
* the source data encrypted in AES-CTR mode with the symmetric key.
+ *
+ * NOTE that this format does not authenticate the symmetrically encrypted
+ * part of the data, and SHOULD NOT BE USED for new protocols.
*/
int
-crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
+crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env,
char *to, size_t tolen,
const char *from,
size_t fromlen,
@@ -1317,10 +1320,14 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
return -1;
}
-/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes
- * written on success, -1 on failure. */
+/** Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of
+ * bytes written on success, -1 on failure.
+ *
+ * NOTE that this format does not authenticate the symmetrically encrypted
+ * part of the data, and SHOULD NOT BE USED for new protocols.
+ */
int
-crypto_pk_private_hybrid_decrypt(crypto_pk_t *env,
+crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env,
char *to,
size_t tolen,
const char *from,
@@ -1806,8 +1813,8 @@ crypto_digest_algorithm_get_name(digest_algorithm_t alg)
return "sha3-256";
case DIGEST_SHA3_512:
return "sha3-512";
- default:
// LCOV_EXCL_START
+ default:
tor_fragile_assert();
return "??unknown_digest??";
// LCOV_EXCL_STOP
@@ -1869,6 +1876,18 @@ struct crypto_digest_t {
} d;
};
+#ifdef TOR_UNIT_TESTS
+
+digest_algorithm_t
+crypto_digest_get_algorithm(crypto_digest_t *digest)
+{
+ tor_assert(digest);
+
+ return digest->algorithm;
+}
+
+#endif /* defined(TOR_UNIT_TESTS) */
+
/**
* Return the number of bytes we need to malloc in order to get a
* crypto_digest_t for <b>alg</b>, or the number of bytes we need to wipe
@@ -1880,7 +1899,7 @@ crypto_digest_alloc_bytes(digest_algorithm_t alg)
/* Helper: returns the number of bytes in the 'f' field of 'st' */
#define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f ))
/* Gives the length of crypto_digest_t through the end of the field 'd' */
-#define END_OF_FIELD(f) (STRUCT_OFFSET(crypto_digest_t, f) + \
+#define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \
STRUCT_FIELD_SIZE(crypto_digest_t, f))
switch (alg) {
case DIGEST_SHA1:
@@ -2251,12 +2270,12 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNUM *g)
goto out;
if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
goto out;
-#else
+#else /* !(defined(OPENSSL_1_1_API)) */
if (!(dh->p = BN_dup(p)))
goto out;
if (!(dh->g = BN_dup(g)))
goto out;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
/* Perform the validation. */
int codes = 0;
@@ -2427,7 +2446,7 @@ crypto_dh_new(int dh_type)
if (!DH_set_length(res->dh, DH_PRIVATE_KEY_BITS))
goto err;
-#else
+#else /* !(defined(OPENSSL_1_1_API)) */
if (dh_type == DH_TYPE_TLS) {
if (!(res->dh->p = BN_dup(dh_param_p_tls)))
goto err;
@@ -2440,12 +2459,13 @@ crypto_dh_new(int dh_type)
goto err;
res->dh->length = DH_PRIVATE_KEY_BITS;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
return res;
- err:
+
/* LCOV_EXCL_START
* This error condition is only reached when an allocation fails */
+ err:
crypto_log_errors(LOG_WARN, "creating DH object");
if (res->dh) DH_free(res->dh); /* frees p and g too */
tor_free(res);
@@ -2502,7 +2522,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
"the-universe chances really do happen. Treating as a failure.");
return -1;
}
-#else
+#else /* !(defined(OPENSSL_1_1_API)) */
if (tor_check_dh_key(LOG_WARN, dh->dh->pub_key)<0) {
/* LCOV_EXCL_START
* If this happens, then openssl's DH implementation is busted. */
@@ -2515,7 +2535,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
goto again;
/* LCOV_EXCL_STOP */
}
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
return 0;
}
@@ -2536,7 +2556,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
DH_get0_key(dh->dh, &dh_pub, &dh_priv);
#else
dh_pub = dh->dh->pub_key;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
if (!dh_pub) {
if (crypto_dh_generate_public(dh)<0)
@@ -2860,8 +2880,17 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
tor_assert(errno != EAGAIN);
tor_assert(errno != EINTR);
- /* Probably ENOSYS. */
- log_warn(LD_CRYPTO, "Can't get entropy from getrandom().");
+ /* Useful log message for errno. */
+ if (errno == ENOSYS) {
+ log_warn(LD_CRYPTO, "Can't get entropy from getrandom()."
+ " You are running a version of Tor built to support"
+ " getrandom(), but the kernel doesn't implement this"
+ " function--probably because it is too old?");
+ } else {
+ log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
+ strerror(errno));
+ }
+
getrandom_works = 0; /* Don't bother trying again. */
return -1;
/* LCOV_EXCL_STOP */
@@ -2879,7 +2908,7 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
return getentropy(out, out_len);
#else
(void) out;
-#endif
+#endif /* defined(_WIN32) || ... */
/* This platform doesn't have a supported syscall based random. */
return -1;
@@ -2903,7 +2932,7 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
(void)out;
(void)out_len;
return -1;
-#else
+#else /* !(defined(_WIN32)) */
static const char *filenames[] = {
"/dev/srandom", "/dev/urandom", "/dev/random", NULL
};
@@ -2931,7 +2960,7 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
}
return -1;
-#endif
+#endif /* defined(_WIN32) */
}
/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
@@ -3180,7 +3209,7 @@ crypto_rand_double(void)
#define UINT_MAX_AS_DOUBLE 1.8446744073709552e+19
#else
#error SIZEOF_INT is neither 4 nor 8
-#endif
+#endif /* SIZEOF_INT == 4 || ... */
return ((double)u) / UINT_MAX_AS_DOUBLE;
}
@@ -3309,7 +3338,7 @@ memwipe(void *mem, uint8_t byte, size_t sz)
**/
OPENSSL_cleanse(mem, sz);
-#endif
+#endif /* defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) || ... */
/* Just in case some caller of memwipe() is relying on getting a buffer
* filled with a particular value, fill the buffer.
@@ -3351,7 +3380,7 @@ tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
{
CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
}
-#endif
+#endif /* !defined(NEW_THREAD_API) */
#if 0
/* This code is disabled, because OpenSSL never actually uses these callbacks.
@@ -3401,7 +3430,7 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
tor_mutex_free(v->lock);
tor_free(v);
}
-#endif
+#endif /* 0 */
/** @{ */
/** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
@@ -3418,7 +3447,7 @@ setup_openssl_threading(void)
openssl_mutexes_[i] = tor_mutex_new();
CRYPTO_set_locking_callback(openssl_locking_cb_);
CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
-#endif
+#endif /* !defined(NEW_THREAD_API) */
#if 0
CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
@@ -3465,7 +3494,7 @@ crypto_global_cleanup(void)
}
tor_free(ms);
}
-#endif
+#endif /* !defined(NEW_THREAD_API) */
tor_free(crypto_openssl_version_str);
tor_free(crypto_openssl_header_version_str);
@@ -3484,5 +3513,5 @@ crypto_use_tor_alloc_functions(void)
int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
return r ? 0 : -1;
}
-#endif
+#endif /* defined(USE_DMALLOC) */
diff --git a/src/common/crypto.h b/src/common/crypto.h
index c70d91c262..f9aeeee2c0 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -20,6 +20,9 @@
#include "testsupport.h"
#include "compat.h"
+#include <openssl/engine.h>
+#include "keccak-tiny/keccak-tiny.h"
+
/*
Macro to create an arbitrary OpenSSL version number as used by
OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard
@@ -70,6 +73,9 @@
/** Length of our DH keys. */
#define DH_BYTES (1024/8)
+/** Length of a sha1 message digest when encoded in base32 with trailing =
+ * signs removed. */
+#define BASE32_DIGEST_LEN 32
/** Length of a sha1 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST_LEN 27
@@ -194,11 +200,11 @@ int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
-int crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, char *to,
+int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen,
int padding, int force);
-int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
+int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen,
int padding, int warnOnFailure);
@@ -335,6 +341,7 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
#ifdef CRYPTO_PRIVATE
+
STATIC int crypto_force_rand_ssleay(void);
STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len);
@@ -342,11 +349,12 @@ STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len);
extern int break_strongest_rng_syscall;
extern int break_strongest_rng_fallback;
#endif
-#endif
+#endif /* defined(CRYPTO_PRIVATE) */
#ifdef TOR_UNIT_TESTS
void crypto_pk_assign_(crypto_pk_t *dest, const crypto_pk_t *src);
+digest_algorithm_t crypto_digest_get_algorithm(crypto_digest_t *digest);
#endif
-#endif
+#endif /* !defined(TOR_CRYPTO_H) */
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index b99f13a93b..8793fa6274 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -43,7 +43,7 @@ int curve25519_donna(uint8_t *mypublic,
#elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
#include <nacl/crypto_scalarmult_curve25519.h>
#endif
-#endif
+#endif /* defined(USE_CURVE25519_NACL) */
static void pick_curve25519_basepoint_impl(void);
@@ -72,7 +72,7 @@ curve25519_impl(uint8_t *output, const uint8_t *secret,
r = crypto_scalarmult_curve25519(output, secret, bp);
#else
#error "No implementation of curve25519 is available."
-#endif
+#endif /* defined(USE_CURVE25519_DONNA) || ... */
memwipe(bp, 0, sizeof(bp));
return r;
}
@@ -318,8 +318,11 @@ curve25519_basepoint_spot_check(void)
}
goto end;
+ // LCOV_EXCL_START -- we can only hit this code if there is a bug in our
+ // curve25519-basepoint implementation.
fail:
r = -1;
+ // LCOV_EXCL_STOP
end:
curve25519_use_ed = save_use_ed;
return r;
diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h
index e7790edac0..d024ab79f5 100644
--- a/src/common/crypto_curve25519.h
+++ b/src/common/crypto_curve25519.h
@@ -71,7 +71,7 @@ STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
const uint8_t *basepoint);
STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret);
-#endif
+#endif /* defined(CRYPTO_CURVE25519_PRIVATE) */
#define CURVE25519_BASE64_PADDED_LEN 44
@@ -83,5 +83,5 @@ int curve25519_public_to_base64(char *output,
void curve25519_set_impl_params(int use_ed);
void curve25519_init(void);
-#endif
+#endif /* !defined(TOR_CRYPTO_CURVE25519_H) */
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index 188e18c710..94b23e31b9 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -28,6 +28,7 @@
#include "crypto_format.h"
#include "torlog.h"
#include "util.h"
+#include "util_format.h"
#include "ed25519/ref10/ed25519_ref10.h"
#include "ed25519/donna/ed25519_donna_tor.h"
@@ -57,6 +58,9 @@ typedef struct {
int (*pubkey_from_curve25519_pubkey)(unsigned char *, const unsigned char *,
int);
+
+ int (*ed25519_scalarmult_with_group_order)(unsigned char *,
+ const unsigned char *);
} ed25519_impl_t;
/** The Ref10 Ed25519 implementation. This one is pure C and lightly
@@ -77,6 +81,7 @@ static const ed25519_impl_t impl_ref10 = {
ed25519_ref10_blind_public_key,
ed25519_ref10_pubkey_from_curve25519_pubkey,
+ ed25519_ref10_scalarmult_with_group_order,
};
/** The Ref10 Ed25519 implementation. This one is heavily optimized, but still
@@ -97,6 +102,7 @@ static const ed25519_impl_t impl_donna = {
ed25519_donna_blind_public_key,
ed25519_donna_pubkey_from_curve25519_pubkey,
+ ed25519_donna_scalarmult_with_group_order,
};
/** Which Ed25519 implementation are we using? NULL if we haven't decided
@@ -145,7 +151,7 @@ crypto_ed25519_testing_restore_impl(void)
ed25519_impl = saved_ed25519_impl;
saved_ed25519_impl = NULL;
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/**
* Initialize a new ed25519 secret key in <b>seckey_out</b>. If
@@ -287,9 +293,12 @@ ed25519_sign_prefixed,(ed25519_signature_t *signature_out,
prefixed_msg = get_prefixed_msg(msg, msg_len, prefix_str,
&prefixed_msg_len);
- if (!prefixed_msg) {
+ if (BUG(!prefixed_msg)) {
+ /* LCOV_EXCL_START -- only possible when the message and prefix are
+ * ridiculously huge */
log_warn(LD_GENERAL, "Failed to get prefixed msg.");
return -1;
+ /* LCOV_EXCL_STOP */
}
retval = ed25519_sign(signature_out,
@@ -332,9 +341,12 @@ ed25519_checksig_prefixed(const ed25519_signature_t *signature,
prefixed_msg = get_prefixed_msg(msg, msg_len, prefix_str,
&prefixed_msg_len);
- if (!prefixed_msg) {
+ if (BUG(!prefixed_msg)) {
+ /* LCOV_EXCL_START -- only possible when the message and prefix are
+ * ridiculously huge */
log_warn(LD_GENERAL, "Failed to get prefixed msg.");
return -1;
+ /* LCOV_EXCL_STOP */
}
retval = ed25519_checksig(signature,
@@ -462,7 +474,6 @@ ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out,
tor_assert(fast_memeq(pubkey_check.pubkey, out->pubkey.pubkey, 32));
memwipe(&pubkey_check, 0, sizeof(pubkey_check));
- memwipe(&ctx, 0, sizeof(ctx));
memwipe(sha512_output, 0, sizeof(sha512_output));
return 0;
@@ -491,7 +502,8 @@ ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey,
* service descriptors are encrypted with a key derived from the service's
* long-term public key, and then signed with (and stored at a position
* indexed by) a short-term key derived by blinding the long-term keys.
- */
+ *
+ * Return 0 if blinding was successful, else return -1. */
int
ed25519_keypair_blind(ed25519_keypair_t *out,
const ed25519_keypair_t *inp,
@@ -502,7 +514,9 @@ ed25519_keypair_blind(ed25519_keypair_t *out,
get_ed_impl()->blind_secret_key(out->seckey.seckey,
inp->seckey.seckey, param);
- ed25519_public_blind(&pubkey_check, &inp->pubkey, param);
+ if (ed25519_public_blind(&pubkey_check, &inp->pubkey, param) < 0) {
+ return -1;
+ }
ed25519_public_key_generate(&out->pubkey, &out->seckey);
tor_assert(fast_memeq(pubkey_check.pubkey, out->pubkey.pubkey, 32));
@@ -522,8 +536,7 @@ ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param)
{
- get_ed_impl()->blind_public_key(out->pubkey, inp->pubkey, param);
- return 0;
+ return get_ed_impl()->blind_public_key(out->pubkey, inp->pubkey, param);
}
/**
@@ -711,8 +724,11 @@ ed25519_impl_spot_check,(void))
*/
goto end;
+ // LCOV_EXCL_START -- We can only reach this if our ed25519 implementation is
+ // broken.
fail:
r = -1;
+ // LCOV_EXCL_STOP
end:
return r;
}
@@ -754,3 +770,47 @@ ed25519_init(void)
pick_ed25519_impl();
}
+/* Return true if <b>point</b> is the identity element of the ed25519 group. */
+static int
+ed25519_point_is_identity_element(const uint8_t *point)
+{
+ /* The identity element in ed25159 is the point with coordinates (0,1). */
+ static const uint8_t ed25519_identity[32] = {
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ tor_assert(sizeof(ed25519_identity) == ED25519_PUBKEY_LEN);
+ return tor_memeq(point, ed25519_identity, sizeof(ed25519_identity));
+}
+
+/** Validate <b>pubkey</b> to ensure that it has no torsion component.
+ * Return 0 if <b>pubkey</b> is valid, else return -1. */
+int
+ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
+{
+ uint8_t result[32] = {9};
+
+ /* First check that we were not given the identity element */
+ if (ed25519_point_is_identity_element(pubkey->pubkey)) {
+ log_warn(LD_CRYPTO, "ed25519 pubkey is the identity");
+ return -1;
+ }
+
+ /* For any point on the curve, doing l*point should give the identity element
+ * (where l is the group order). Do the computation and check that the
+ * identity element is returned. */
+ if (get_ed_impl()->ed25519_scalarmult_with_group_order(result,
+ pubkey->pubkey) < 0) {
+ log_warn(LD_CRYPTO, "ed25519 group order scalarmult failed");
+ return -1;
+ }
+
+ if (!ed25519_point_is_identity_element(result)) {
+ log_warn(LD_CRYPTO, "ed25519 validation failed");
+ return -1;
+ }
+
+ return 0;
+}
+
diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h
index 77a3313adc..8d13a487d6 100644
--- a/src/common/crypto_ed25519.h
+++ b/src/common/crypto_ed25519.h
@@ -127,6 +127,8 @@ void ed25519_pubkey_copy(ed25519_public_key_t *dest,
void ed25519_set_impl_params(int use_donna);
void ed25519_init(void);
+int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey);
+
#ifdef TOR_UNIT_TESTS
void crypto_ed25519_testing_force_impl(const char *name);
void crypto_ed25519_testing_restore_impl(void);
@@ -136,5 +138,5 @@ void crypto_ed25519_testing_restore_impl(void);
MOCK_DECL(STATIC int, ed25519_impl_spot_check, (void));
#endif
-#endif
+#endif /* !defined(TOR_CRYPTO_ED25519_H) */
diff --git a/src/common/crypto_format.h b/src/common/crypto_format.h
index 390916cf04..bbd85dc720 100644
--- a/src/common/crypto_format.h
+++ b/src/common/crypto_format.h
@@ -43,5 +43,5 @@ int digest_from_base64(char *digest, const char *d64);
int digest256_to_base64(char *d64, const char *digest);
int digest256_from_base64(char *digest, const char *d64);
-#endif
+#endif /* !defined(TOR_CRYPTO_FORMAT_H) */
diff --git a/src/common/crypto_pwbox.c b/src/common/crypto_pwbox.c
index db8892e376..12acc9331c 100644
--- a/src/common/crypto_pwbox.c
+++ b/src/common/crypto_pwbox.c
@@ -107,7 +107,6 @@ crypto_pwbox(uint8_t **out, size_t *outlen_out,
rv = 0;
goto out;
- err:
/* LCOV_EXCL_START
This error case is often unreachable if we're correctly coded, unless
@@ -123,6 +122,7 @@ crypto_pwbox(uint8_t **out, size_t *outlen_out,
- pwbox_encoded_encode can't fail unless we're using trunnel wrong,
or it's buggy.
*/
+ err:
tor_free(result);
rv = -1;
/* LCOV_EXCL_STOP */
diff --git a/src/common/crypto_pwbox.h b/src/common/crypto_pwbox.h
index aadd477078..cee8653587 100644
--- a/src/common/crypto_pwbox.h
+++ b/src/common/crypto_pwbox.h
@@ -16,5 +16,5 @@ int crypto_unpwbox(uint8_t **out, size_t *outlen_out,
const uint8_t *inp, size_t input_len,
const char *secret, size_t secret_len);
-#endif
+#endif /* !defined(CRYPTO_PWBOX_H_INCLUDED_) */
diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c
index 076df815a9..b2fcca54c4 100644
--- a/src/common/crypto_s2k.c
+++ b/src/common/crypto_s2k.c
@@ -86,9 +86,11 @@ secret_to_key_key_len(uint8_t type)
return DIGEST_LEN;
case S2K_TYPE_SCRYPT:
return DIGEST256_LEN;
+ // LCOV_EXCL_START
default:
- tor_fragile_assert(); // LCOV_EXCL_LINE
- return -1; // LCOV_EXCL_LINE
+ tor_fragile_assert();
+ return -1;
+ // LCOV_EXCL_STOP
}
}
@@ -169,9 +171,11 @@ make_specifier(uint8_t *spec_out, uint8_t type, unsigned flags)
/* r = 8; p = 2. */
spec_out[SCRYPT_SPEC_LEN-1] = (3u << 4) | (1u << 0);
break;
+ // LCOV_EXCL_START - we should have returned above.
default:
- tor_fragile_assert(); // LCOV_EXCL_LINE - we should have returned above.
+ tor_fragile_assert();
return S2K_BAD_ALGORITHM;
+ // LCOV_EXCL_STOP
}
return speclen;
@@ -290,9 +294,9 @@ secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len,
if (rv != 0)
return S2K_FAILED;
return (int)key_out_len;
-#else
+#else /* !(defined(HAVE_SCRYPT)) */
return S2K_NO_SCRYPT_SUPPORT;
-#endif
+#endif /* defined(HAVE_SCRYPT) */
}
default:
return S2K_BAD_ALGORITHM;
diff --git a/src/common/crypto_s2k.h b/src/common/crypto_s2k.h
index 04212b868a..849ff59ce8 100644
--- a/src/common/crypto_s2k.h
+++ b/src/common/crypto_s2k.h
@@ -67,7 +67,7 @@ STATIC int secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len,
const uint8_t *spec, size_t spec_len,
const char *secret, size_t secret_len,
int type);
-#endif
+#endif /* defined(CRYPTO_S2K_PRIVATE) */
-#endif
+#endif /* !defined(TOR_CRYPTO_S2K_H_INCLUDED) */
diff --git a/src/common/di_ops.c b/src/common/di_ops.c
index e47998107d..7c0b4e7630 100644
--- a/src/common/di_ops.c
+++ b/src/common/di_ops.c
@@ -86,7 +86,7 @@ tor_memcmp(const void *a, const void *b, size_t len)
}
return retval;
-#endif /* timingsafe_memcmp */
+#endif /* defined(HAVE_TIMINGSAFE_MEMCMP) */
}
/**
@@ -238,7 +238,7 @@ gt_i64_timei(uint64_t a, uint64_t b)
int res = diff >> 63;
return res & 1;
}
-#endif
+#endif /* SIZEOF_VOID_P == 8 */
/**
* Given an array of list of <b>n_entries</b> uint64_t values, whose sum is
diff --git a/src/common/di_ops.h b/src/common/di_ops.h
index e174fcc4e4..e79973ba52 100644
--- a/src/common/di_ops.h
+++ b/src/common/di_ops.h
@@ -46,5 +46,5 @@ int select_array_member_cumulative_timei(const uint64_t *entries,
int n_entries,
uint64_t total, uint64_t rand_val);
-#endif
+#endif /* !defined(TOR_DI_OPS_H) */
diff --git a/src/common/handles.h b/src/common/handles.h
index 6d7262ab80..a610753a1c 100644
--- a/src/common/handles.h
+++ b/src/common/handles.h
@@ -149,5 +149,5 @@
} \
}
-#endif /* TOR_HANDLE_H */
+#endif /* !defined(TOR_HANDLE_H) */
diff --git a/src/common/include.am b/src/common/include.am
index d12895b107..715ec0264c 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -82,6 +82,7 @@ LIBOR_A_SRC = \
src/common/address.c \
src/common/address_set.c \
src/common/backtrace.c \
+ src/common/buffers.c \
src/common/compat.c \
src/common/compat_threads.c \
src/common/compat_time.c \
@@ -111,6 +112,7 @@ src/common/src_common_libor_testing_a-log.$(OBJEXT) \
LIBOR_CRYPTO_A_SRC = \
src/common/aes.c \
+ src/common/buffers_tls.c \
src/common/compress.c \
src/common/compress_lzma.c \
src/common/compress_none.c \
@@ -149,6 +151,8 @@ COMMONHEADERS = \
src/common/address.h \
src/common/address_set.h \
src/common/backtrace.h \
+ src/common/buffers.h \
+ src/common/buffers_tls.h \
src/common/aes.h \
src/common/ciphers.inc \
src/common/compat.h \
diff --git a/src/common/log.c b/src/common/log.c
index 87c260799d..e4d5cd8fd8 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -444,11 +444,11 @@ logfile_deliver(logfile_t *lf, const char *buf, size_t msg_len,
if (m != msg_after_prefix) {
tor_free(m);
}
-#else
+#else /* !(defined(MAXLINE)) */
/* We have syslog but not MAXLINE. That's promising! */
syslog(severity, "%s", msg_after_prefix);
-#endif
-#endif
+#endif /* defined(MAXLINE) */
+#endif /* defined(HAVE_SYSLOG_H) */
} else if (lf->callback) {
if (domain & LD_NOCB) {
if (!*callbacks_deferred && pending_cb_messages) {
@@ -807,7 +807,7 @@ close_log(logfile_t *victim)
/* There are no other syslogs; close the logging facility. */
closelog();
}
-#endif
+#endif /* defined(HAVE_SYSLOG_H) */
}
}
@@ -1144,7 +1144,7 @@ add_syslog_log(const log_severity_list_t *severity,
UNLOCK_LOGS();
return 0;
}
-#endif
+#endif /* defined(HAVE_SYSLOG_H) */
/** If <b>level</b> is a valid log severity, return the corresponding
* numeric value. Otherwise, return -1. */
diff --git a/src/common/memarea.c b/src/common/memarea.c
index 659d1edf54..b059987e0e 100644
--- a/src/common/memarea.c
+++ b/src/common/memarea.c
@@ -7,6 +7,7 @@
*/
#include "orconfig.h"
+#include <stddef.h>
#include <stdlib.h>
#include "memarea.h"
#include "util.h"
@@ -32,7 +33,7 @@
#define MEMAREA_ALIGN_MASK ((uintptr_t)7)
#else
#error "void* is neither 4 nor 8 bytes long. I don't know how to align stuff."
-#endif
+#endif /* MEMAREA_ALIGN == 4 || ... */
#if defined(__GNUC__) && defined(FLEXIBLE_ARRAY_MEMBER)
#define USE_ALIGNED_ATTRIBUTE
@@ -40,7 +41,7 @@
#define U_MEM mem
#else
#define U_MEM u.mem
-#endif
+#endif /* defined(__GNUC__) && defined(FLEXIBLE_ARRAY_MEMBER) */
#ifdef USE_SENTINELS
/** Magic value that we stick at the end of a memarea so we can make sure
@@ -60,11 +61,11 @@
uint32_t sent_val = get_uint32(&(chunk)->U_MEM[chunk->mem_size]); \
tor_assert(sent_val == SENTINEL_VAL); \
STMT_END
-#else
+#else /* !(defined(USE_SENTINELS)) */
#define SENTINEL_LEN 0
#define SET_SENTINEL(chunk) STMT_NIL
#define CHECK_SENTINEL(chunk) STMT_NIL
-#endif
+#endif /* defined(USE_SENTINELS) */
/** Increment <b>ptr</b> until it is aligned to MEMAREA_ALIGN. */
static inline void *
@@ -96,12 +97,12 @@ typedef struct memarea_chunk_t {
void *void_for_alignment_; /**< Dummy; used to make sure mem is aligned. */
} u; /**< Union used to enforce alignment when we don't have support for
* doing it right. */
-#endif
+#endif /* defined(USE_ALIGNED_ATTRIBUTE) */
} memarea_chunk_t;
/** How many bytes are needed for overhead before we get to the memory part
* of a chunk? */
-#define CHUNK_HEADER_SIZE STRUCT_OFFSET(memarea_chunk_t, U_MEM)
+#define CHUNK_HEADER_SIZE offsetof(memarea_chunk_t, U_MEM)
/** What's the smallest that we'll allocate a chunk? */
#define CHUNK_SIZE 4096
@@ -307,7 +308,7 @@ memarea_assert_ok(memarea_t *area)
}
}
-#else
+#else /* !(!defined(DISABLE_MEMORY_SENTINELS)) */
struct memarea_t {
smartlist_t *pieces;
@@ -393,5 +394,5 @@ memarea_assert_ok(memarea_t *area)
(void)area;
}
-#endif
+#endif /* !defined(DISABLE_MEMORY_SENTINELS) */
diff --git a/src/common/memarea.h b/src/common/memarea.h
index 85012c1c34..c3d954e1ce 100644
--- a/src/common/memarea.h
+++ b/src/common/memarea.h
@@ -20,5 +20,5 @@ void memarea_get_stats(memarea_t *area,
size_t *allocated_out, size_t *used_out);
void memarea_assert_ok(memarea_t *area);
-#endif
+#endif /* !defined(TOR_MEMAREA_H) */
diff --git a/src/common/procmon.c b/src/common/procmon.c
index d49e7f18f5..26c11823e8 100644
--- a/src/common/procmon.c
+++ b/src/common/procmon.c
@@ -36,7 +36,7 @@ typedef int pid_t;
#define PID_T_FORMAT I64_FORMAT
#else
#error Unknown: SIZEOF_PID_T
-#endif
+#endif /* (0 == SIZEOF_PID_T) && defined(_WIN32) || ... */
/* Define to 1 if process-termination monitors on this OS and Libevent
version must poll for process termination themselves. */
@@ -71,7 +71,7 @@ parse_process_specifier(const char *process_spec,
/* If we're lucky, long will turn out to be large enough to hold a
* PID everywhere that Tor runs. */
- pid_l = tor_parse_long(process_spec, 0, 1, LONG_MAX, &pid_ok, &pspec_next);
+ pid_l = tor_parse_long(process_spec, 10, 1, LONG_MAX, &pid_ok, &pspec_next);
/* Reserve room in the ‘process specifier’ for additional
* (platform-specific) identifying information beyond the PID, to
@@ -114,7 +114,7 @@ struct tor_process_monitor_t {
HANDLE hproc;
/* XXXX We should have Libevent watch hproc for us,
* if/when some version of Libevent can be told to do so. */
-#endif
+#endif /* defined(_WIN32) */
/* XXXX On Linux, we can and should receive the 22nd
* (space-delimited) field (‘starttime’) of /proc/$PID/stat from the
@@ -219,7 +219,7 @@ tor_process_monitor_new(struct event_base *base,
"try again later.",
procmon->pid);
}
-#endif
+#endif /* defined(_WIN32) */
procmon->cb = cb;
procmon->cb_arg = cb_arg;
@@ -232,9 +232,9 @@ tor_process_monitor_new(struct event_base *base,
* tor_evtimer_new never returns NULL. */
evtimer_add(procmon->e, &poll_interval_tv);
-#else
+#else /* !(defined(PROCMON_POLLS)) */
#error OOPS?
-#endif
+#endif /* defined(PROCMON_POLLS) */
return procmon;
err:
@@ -306,11 +306,11 @@ tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
tor_free(errmsg);
}
}
-#else
+#else /* !(defined(_WIN32)) */
/* Unix makes this part easy, if a bit racy. */
its_dead_jim = kill(procmon->pid, 0);
its_dead_jim = its_dead_jim && (errno == ESRCH);
-#endif
+#endif /* defined(_WIN32) */
tor_log(its_dead_jim ? LOG_NOTICE : LOG_INFO,
procmon->log_domain, "Monitored process "PID_T_FORMAT" is %s.",
@@ -321,7 +321,7 @@ tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
procmon->cb(procmon->cb_arg);
}
}
-#endif
+#endif /* defined(PROCMON_POLLS) */
/** Free the process-termination monitor <b>procmon</b>. */
void
diff --git a/src/common/procmon.h b/src/common/procmon.h
index b07cff2c4a..10ead11ba8 100644
--- a/src/common/procmon.h
+++ b/src/common/procmon.h
@@ -29,5 +29,5 @@ tor_process_monitor_t *tor_process_monitor_new(struct event_base *base,
const char **msg);
void tor_process_monitor_free(tor_process_monitor_t *procmon);
-#endif
+#endif /* !defined(TOR_PROCMON_H) */
diff --git a/src/common/pubsub.h b/src/common/pubsub.h
index 6f4ce08754..2bee3af085 100644
--- a/src/common/pubsub.h
+++ b/src/common/pubsub.h
@@ -175,5 +175,5 @@ int pubsub_notify_(pubsub_topic_t *topic, pubsub_notify_fn_t notify_fn,
pubsub_clear_(&name##_topic_); \
}
-#endif /* TOR_PUBSUB_H */
+#endif /* !defined(TOR_PUBSUB_H) */
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 312cf37722..97acf894f3 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -17,7 +17,7 @@
* with the libevent fix.
*/
#define _LARGEFILE64_SOURCE
-#endif
+#endif /* !defined(_LARGEFILE64_SOURCE) */
/** Malloc mprotect limit in bytes.
*
@@ -80,7 +80,7 @@
#define USE_BACKTRACE
#define EXPOSE_CLEAN_BACKTRACE
#include "backtrace.h"
-#endif
+#endif /* defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && ... */
#ifdef USE_BACKTRACE
#include <execinfo.h>
@@ -106,7 +106,12 @@
#define M_SYSCALL arm_r7
-#endif
+#elif defined(__aarch64__) && defined(__LP64__)
+
+#define REG_SYSCALL 8
+#define M_SYSCALL regs[REG_SYSCALL]
+
+#endif /* defined(__i386__) || ... */
/**Determines if at least one sandbox is active.*/
static int sandbox_active = 0;
@@ -299,37 +304,6 @@ sb_rt_sigaction(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return rc;
}
-#if 0
-/**
- * Function responsible for setting up the execve syscall for
- * the seccomp filter sandbox.
- */
-static int
-sb_execve(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
-{
- int rc;
- sandbox_cfg_t *elem = NULL;
-
- // for each dynamic parameter filters
- for (elem = filter; elem != NULL; elem = elem->next) {
- smp_param_t *param = elem->param;
-
- if (param != NULL && param->prot == 1 && param->syscall
- == SCMP_SYS(execve)) {
- rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve),
- SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
- if (rc != 0) {
- log_err(LD_BUG,"(Sandbox) failed to add execve syscall, received "
- "libseccomp error %d", rc);
- return rc;
- }
- }
- }
-
- return 0;
-}
-#endif
-
/**
* Function responsible for setting up the time syscall for
* the seccomp filter sandbox.
@@ -343,7 +317,7 @@ sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(0, SCMP_CMP_EQ, 0));
#else
return 0;
-#endif
+#endif /* defined(__NR_time) */
}
/**
@@ -362,7 +336,7 @@ sb_accept4(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
if (rc) {
return rc;
}
-#endif
+#endif /* defined(__i386__) */
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4),
SCMP_CMP_MASKED(3, SOCK_CLOEXEC|SOCK_NONBLOCK, 0));
@@ -435,7 +409,7 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0;
}
-#endif
+#endif /* defined(__NR_mmap2) */
#ifdef HAVE_GNU_LIBC_VERSION_H
#ifdef HAVE_GNU_GET_LIBC_VERSION
@@ -546,7 +520,7 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chmod),
SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
if (rc != 0) {
- log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
+ log_err(LD_BUG,"(Sandbox) failed to add chmod syscall, received "
"libseccomp error %d", rc);
return rc;
}
@@ -571,7 +545,7 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chown),
SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
if (rc != 0) {
- log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
+ log_err(LD_BUG,"(Sandbox) failed to add chown syscall, received "
"libseccomp error %d", rc);
return rc;
}
@@ -750,6 +724,25 @@ sb_socketpair(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0;
}
+#ifdef HAVE_KIST_SUPPORT
+
+#include <linux/sockios.h>
+
+static int
+sb_ioctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+ int rc;
+ (void) filter;
+
+ rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl),
+ SCMP_CMP(1, SCMP_CMP_EQ, SIOCOUTQNSD));
+ if (rc)
+ return rc;
+ return 0;
+}
+
+#endif /* defined(HAVE_KIST_SUPPORT) */
+
/**
* Function responsible for setting up the setsockopt syscall for
* the seccomp filter sandbox.
@@ -790,7 +783,7 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(2, SCMP_CMP_EQ, SO_SNDBUFFORCE));
if (rc)
return rc;
-#endif
+#endif /* defined(HAVE_SYSTEMD) */
#ifdef IP_TRANSPARENT
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
@@ -798,7 +791,7 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(2, SCMP_CMP_EQ, IP_TRANSPARENT));
if (rc)
return rc;
-#endif
+#endif /* defined(IP_TRANSPARENT) */
#ifdef IPV6_V6ONLY
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
@@ -806,7 +799,7 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(2, SCMP_CMP_EQ, IPV6_V6ONLY));
if (rc)
return rc;
-#endif
+#endif /* defined(IPV6_V6ONLY) */
return 0;
}
@@ -839,7 +832,7 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(2, SCMP_CMP_EQ, SO_SNDBUF));
if (rc)
return rc;
-#endif
+#endif /* defined(HAVE_SYSTEMD) */
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
@@ -847,7 +840,7 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(2, SCMP_CMP_EQ, SO_ORIGINAL_DST));
if (rc)
return rc;
-#endif
+#endif /* defined(HAVE_LINUX_NETFILTER_IPV4_H) */
#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
@@ -855,7 +848,16 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
SCMP_CMP(2, SCMP_CMP_EQ, IP6T_SO_ORIGINAL_DST));
if (rc)
return rc;
-#endif
+#endif /* defined(HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) */
+
+#ifdef HAVE_KIST_SUPPORT
+#include <netinet/tcp.h>
+ rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+ SCMP_CMP(1, SCMP_CMP_EQ, SOL_TCP),
+ SCMP_CMP(2, SCMP_CMP_EQ, TCP_INFO));
+ if (rc)
+ return rc;
+#endif /* defined(HAVE_KIST_SUPPORT) */
return 0;
}
@@ -895,7 +897,7 @@ sb_fcntl64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0;
}
-#endif
+#endif /* defined(__NR_fcntl64) */
/**
* Function responsible for setting up the epoll_ctl syscall for
@@ -1092,8 +1094,8 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat64),
SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
if (rc != 0) {
- log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
- "libseccomp error %d", rc);
+ log_err(LD_BUG,"(Sandbox) failed to add stat64 syscall, received "
+ "libseccomp error %d", rc);
return rc;
}
}
@@ -1101,7 +1103,7 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0;
}
-#endif
+#endif /* defined(__NR_stat64) */
static int
sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
@@ -1123,9 +1125,6 @@ sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
static sandbox_filter_func_t filter_func[] = {
sb_rt_sigaction,
sb_rt_sigprocmask,
-#if 0
- sb_execve,
-#endif
sb_time,
sb_accept4,
#ifdef __NR_mmap2
@@ -1154,6 +1153,9 @@ static sandbox_filter_func_t filter_func[] = {
sb_setsockopt,
sb_getsockopt,
sb_socketpair,
+#ifdef HAVE_KIST_SUPPORT
+ sb_ioctl,
+#endif
sb_kill
};
@@ -1380,10 +1382,6 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_stat, file);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
elem->next = *cfg;
*cfg = elem;
@@ -1397,10 +1395,6 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(open), file);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
elem->next = *cfg;
*cfg = elem;
@@ -1414,10 +1408,6 @@ sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file)
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(chmod), file);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
elem->next = *cfg;
*cfg = elem;
@@ -1431,10 +1421,6 @@ sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file)
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(chown), file);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
elem->next = *cfg;
*cfg = elem;
@@ -1449,11 +1435,6 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
elem = new_element2(SCMP_SYS(rename), file1, file2);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
-
elem->next = *cfg;
*cfg = elem;
@@ -1466,10 +1447,6 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(openat), file);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
elem->next = *cfg;
*cfg = elem;
@@ -1477,26 +1454,6 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
return 0;
}
-#if 0
-int
-sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
-{
- sandbox_cfg_t *elem = NULL;
-
- elem = new_element(SCMP_SYS(execve), com);
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
-
- elem->next = *cfg;
- *cfg = elem;
-
- return 0;
-}
-
-#endif
-
/** Cache entry for getaddrinfo results; used when sandboxing is implemented
* so that we can consult the cache when the sandbox prevents us from doing
* getaddrinfo.
@@ -1753,7 +1710,9 @@ install_syscall_filter(sandbox_cfg_t* cfg)
// loading the seccomp2 filter
if ((rc = seccomp_load(ctx))) {
- log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)!", rc,
+ log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)! "
+ "Are you sure that your kernel has seccomp2 support? The "
+ "sandbox won't work without it.", rc,
strerror(-rc));
goto end;
}
@@ -1821,7 +1780,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
/* Clean up the top stack frame so we get the real function
* name for the most recently failing function. */
clean_backtrace(syscall_cb_buf, depth, ctx);
-#endif
+#endif /* defined(USE_BACKTRACE) */
syscall_name = get_syscall_name(syscall);
@@ -1895,7 +1854,7 @@ register_cfg(sandbox_cfg_t* cfg)
return 0;
}
-#endif // USE_LIBSECCOMP
+#endif /* defined(USE_LIBSECCOMP) */
#ifdef USE_LIBSECCOMP
/**
@@ -1925,7 +1884,7 @@ sandbox_is_active(void)
{
return sandbox_active != 0;
}
-#endif // USE_LIBSECCOMP
+#endif /* defined(USE_LIBSECCOMP) */
sandbox_cfg_t*
sandbox_cfg_new(void)
@@ -1953,7 +1912,7 @@ sandbox_init(sandbox_cfg_t *cfg)
"Currently, sandboxing is only implemented on Linux. The feature "
"is disabled on your platform.");
return 0;
-#endif
+#endif /* defined(USE_LIBSECCOMP) || ... */
}
#ifndef USE_LIBSECCOMP
@@ -1971,15 +1930,6 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
return 0;
}
-#if 0
-int
-sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
-{
- (void)cfg; (void)com;
- return 0;
-}
-#endif
-
int
sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
{
@@ -2018,5 +1968,5 @@ void
sandbox_disable_getaddrinfo_cache(void)
{
}
-#endif
+#endif /* !defined(USE_LIBSECCOMP) */
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index a6b83153af..d0f85570f4 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -23,7 +23,7 @@
*/
#define SYS_SECCOMP 1
-#endif
+#endif /* !defined(SYS_SECCOMP) */
#if defined(HAVE_SECCOMP_H) && defined(__linux__)
#define USE_LIBSECCOMP
@@ -101,7 +101,7 @@ typedef struct {
sandbox_cfg_t *filter_dynamic;
} sandbox_t;
-#endif // USE_LIBSECCOMP
+#endif /* defined(USE_LIBSECCOMP) */
#ifdef USE_LIBSECCOMP
/** Pre-calls getaddrinfo in order to pre-record result. */
@@ -114,7 +114,7 @@ int sandbox_getaddrinfo(const char *name, const char *servname,
struct addrinfo **res);
void sandbox_freeaddrinfo(struct addrinfo *addrinfo);
void sandbox_free_getaddrinfo_cache(void);
-#else
+#else /* !(defined(USE_LIBSECCOMP)) */
#define sandbox_getaddrinfo(name, servname, hints, res) \
getaddrinfo((name),(servname), (hints),(res))
#define sandbox_add_addrinfo(name) \
@@ -122,16 +122,16 @@ void sandbox_free_getaddrinfo_cache(void);
#define sandbox_freeaddrinfo(addrinfo) \
freeaddrinfo((addrinfo))
#define sandbox_free_getaddrinfo_cache()
-#endif
+#endif /* defined(USE_LIBSECCOMP) */
#ifdef USE_LIBSECCOMP
/** Returns a registered protected string used with the sandbox, given that
* it matches the parameter.
*/
const char* sandbox_intern_string(const char *param);
-#else
+#else /* !(defined(USE_LIBSECCOMP)) */
#define sandbox_intern_string(s) (s)
-#endif
+#endif /* defined(USE_LIBSECCOMP) */
/** Creates an empty sandbox configuration file.*/
sandbox_cfg_t * sandbox_cfg_new(void);
@@ -156,14 +156,6 @@ int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
*/
int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
-#if 0
-/**
- * Function used to add a execve allowed filename to a supplied configuration.
- * The (char*) specifies the path to the allowed file; that pointer is stolen.
- */
-int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com);
-#endif
-
/**
* Function used to add a stat/stat64 allowed filename to a configuration.
* The (char*) specifies the path to the allowed file; that pointer is stolen.
@@ -178,5 +170,5 @@ int sandbox_is_active(void);
void sandbox_disable_getaddrinfo_cache(void);
-#endif /* SANDBOX_H_ */
+#endif /* !defined(SANDBOX_H_) */
diff --git a/src/common/storagedir.h b/src/common/storagedir.h
index db25057e65..3de0afc361 100644
--- a/src/common/storagedir.h
+++ b/src/common/storagedir.h
@@ -47,5 +47,5 @@ int storage_dir_shrink(storage_dir_t *d,
int storage_dir_remove_all(storage_dir_t *d);
int storage_dir_get_max_files(storage_dir_t *d);
-#endif
+#endif /* !defined(TOR_STORAGEDIR_H) */
diff --git a/src/common/testsupport.h b/src/common/testsupport.h
index 9fc96199b4..a3f2ff91ed 100644
--- a/src/common/testsupport.h
+++ b/src/common/testsupport.h
@@ -10,7 +10,7 @@
#else
#define STATIC static
#define EXTERN(type, name)
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/** Quick and dirty macros to implement test mocking.
*
@@ -76,15 +76,15 @@
do { \
func = func ##__real; \
} while (0)
-#else
+#else /* !(defined(TOR_UNIT_TESTS)) */
#define MOCK_DECL(rv, funcname, arglist) \
rv funcname arglist
#define MOCK_DECL_ATTR(rv, funcname, arglist, attr) \
rv funcname arglist attr
#define MOCK_IMPL(rv, funcname, arglist) \
rv funcname arglist
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/** @} */
-#endif
+#endif /* !defined(TOR_TESTSUPPORT_H) */
diff --git a/src/common/timers.c b/src/common/timers.c
index c43c49c083..c8e09414f4 100644
--- a/src/common/timers.c
+++ b/src/common/timers.c
@@ -53,7 +53,7 @@ struct timeout_cb {
#else
/* We're not exposing any of the functions outside this file. */
#define TIMEOUT_PUBLIC static
-#endif
+#endif /* defined(__GNUC__) */
/* We're not using periodic events. */
#define TIMEOUT_DISABLE_INTERVALS
/* We always know the global_timeouts object, so we don't need each timeout
@@ -191,7 +191,7 @@ timers_initialize(void)
if (BUG(global_timeouts))
return; // LCOV_EXCL_LINE
- timeout_error_t err;
+ timeout_error_t err = 0;
global_timeouts = timeouts_open(0, &err);
if (!global_timeouts) {
// LCOV_EXCL_START -- this can only fail on malloc failure.
diff --git a/src/common/timers.h b/src/common/timers.h
index d9602cd2ae..d4d4fb00a9 100644
--- a/src/common/timers.h
+++ b/src/common/timers.h
@@ -26,5 +26,5 @@ void timers_shutdown(void);
STATIC void timers_run_pending(void);
#endif
-#endif
+#endif /* !defined(TOR_TIMERS_H) */
diff --git a/src/common/torint.h b/src/common/torint.h
index ee31459e94..bc81c114f8 100644
--- a/src/common/torint.h
+++ b/src/common/torint.h
@@ -34,8 +34,8 @@
does the same thing (but doesn't defined __FreeBSD__).
*/
#include <machine/limits.h>
-#endif
-#endif
+#endif /* !defined(__FreeBSD__) && !defined(__FreeBSD_kernel__) */
+#endif /* defined(HAVE_MACHINE_LIMITS_H) */
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
@@ -80,7 +80,7 @@ typedef signed char int8_t;
typedef unsigned char uint8_t;
#define HAVE_UINT8_T
#endif
-#endif
+#endif /* (SIZEOF_CHAR == 1) */
#if (SIZEOF_SHORT == 2)
#ifndef HAVE_INT16_T
@@ -91,7 +91,7 @@ typedef signed short int16_t;
typedef unsigned short uint16_t;
#define HAVE_UINT16_T
#endif
-#endif
+#endif /* (SIZEOF_SHORT == 2) */
#if (SIZEOF_INT == 2)
#ifndef HAVE_INT16_T
@@ -129,7 +129,7 @@ typedef unsigned int uint32_t;
#ifndef INT32_MIN
#define INT32_MIN (-2147483647-1)
#endif
-#endif
+#endif /* (SIZEOF_INT == 2) || ... */
#if (SIZEOF_LONG == 4)
#ifndef HAVE_INT32_T
@@ -142,7 +142,7 @@ typedef unsigned long uint32_t;
#ifndef UINT32_MAX
#define UINT32_MAX 0xfffffffful
#endif
-#endif
+#endif /* !defined(HAVE_UINT32_T) */
#elif (SIZEOF_LONG == 8)
#ifndef HAVE_INT64_T
typedef signed long int64_t;
@@ -155,7 +155,7 @@ typedef unsigned long uint64_t;
#ifndef UINT64_MAX
#define UINT64_MAX 0xfffffffffffffffful
#endif
-#endif
+#endif /* (SIZEOF_LONG == 4) || ... */
#if (SIZEOF_LONG_LONG == 8)
#ifndef HAVE_INT64_T
@@ -172,7 +172,7 @@ typedef unsigned long long uint64_t;
#ifndef INT64_MAX
#define INT64_MAX 0x7fffffffffffffffll
#endif
-#endif
+#endif /* (SIZEOF_LONG_LONG == 8) */
#if (SIZEOF___INT64 == 8)
#ifndef HAVE_INT64_T
@@ -189,7 +189,7 @@ typedef unsigned __int64 uint64_t;
#ifndef INT64_MAX
#define INT64_MAX 0x7fffffffffffffffi64
#endif
-#endif
+#endif /* (SIZEOF___INT64 == 8) */
#ifndef INT64_MIN
#define INT64_MIN ((- INT64_MAX) - 1)
@@ -202,8 +202,8 @@ typedef unsigned __int64 uint64_t;
#define SIZE_MAX UINT32_MAX
#else
#error "Can't define SIZE_MAX"
-#endif
-#endif
+#endif /* SIZEOF_SIZE_T == 8 || ... */
+#endif /* !defined(SIZE_MAX) */
#ifndef HAVE_SSIZE_T
#if SIZEOF_SIZE_T == 8
@@ -212,8 +212,8 @@ typedef int64_t ssize_t;
typedef int32_t ssize_t;
#else
#error "Can't define ssize_t."
-#endif
-#endif
+#endif /* SIZEOF_SIZE_T == 8 || ... */
+#endif /* !defined(HAVE_SSIZE_T) */
#if (SIZEOF_VOID_P > 4 && SIZEOF_VOID_P <= 8)
#ifndef HAVE_INTPTR_T
@@ -235,7 +235,7 @@ typedef uint32_t uintptr_t;
#endif
#else
#error "void * is either >8 bytes or <= 2. In either case, I am confused."
-#endif
+#endif /* (SIZEOF_VOID_P > 4 && SIZEOF_VOID_P <= 8) || ... */
#ifndef HAVE_INT8_T
#error "Missing type int8_t"
@@ -275,8 +275,8 @@ typedef uint32_t uintptr_t;
#define LONG_MAX 0x7fffffffffffffffL
#else
#error "Can't define LONG_MAX"
-#endif
-#endif
+#endif /* (SIZEOF_LONG == 4) || ... */
+#endif /* !defined(LONG_MAX) */
#ifndef INT_MAX
#if (SIZEOF_INT == 4)
@@ -285,8 +285,8 @@ typedef uint32_t uintptr_t;
#define INT_MAX 0x7fffffffffffffffL
#else
#error "Can't define INT_MAX"
-#endif
-#endif
+#endif /* (SIZEOF_INT == 4) || ... */
+#endif /* !defined(INT_MAX) */
#ifndef UINT_MAX
#if (SIZEOF_INT == 2)
@@ -297,8 +297,8 @@ typedef uint32_t uintptr_t;
#define UINT_MAX 0xffffffffffffffffu
#else
#error "Can't define UINT_MAX"
-#endif
-#endif
+#endif /* (SIZEOF_INT == 2) || ... */
+#endif /* !defined(UINT_MAX) */
#ifndef SHORT_MAX
#if (SIZEOF_SHORT == 2)
@@ -307,8 +307,8 @@ typedef uint32_t uintptr_t;
#define SHORT_MAX 0x7fffffff
#else
#error "Can't define SHORT_MAX"
-#endif
-#endif
+#endif /* (SIZEOF_SHORT == 2) || ... */
+#endif /* !defined(SHORT_MAX) */
#ifndef TIME_MAX
@@ -320,9 +320,9 @@ typedef uint32_t uintptr_t;
#define TIME_MAX ((time_t)INT64_MAX)
#else
#error "Can't define TIME_MAX"
-#endif
+#endif /* (SIZEOF_TIME_T == SIZEOF_INT) || ... */
-#endif /* ifndef(TIME_MAX) */
+#endif /* !defined(TIME_MAX) */
#ifndef TIME_MIN
@@ -334,9 +334,9 @@ typedef uint32_t uintptr_t;
#define TIME_MIN ((time_t)INT64_MIN)
#else
#error "Can't define TIME_MIN"
-#endif
+#endif /* (SIZEOF_TIME_T == SIZEOF_INT) || ... */
-#endif /* ifndef(TIME_MIN) */
+#endif /* !defined(TIME_MIN) */
#ifndef SIZE_MAX
#if (SIZEOF_SIZE_T == 4)
@@ -345,8 +345,8 @@ typedef uint32_t uintptr_t;
#define SIZE_MAX UINT64_MAX
#else
#error "Can't define SIZE_MAX"
-#endif
-#endif
+#endif /* (SIZEOF_SIZE_T == 4) || ... */
+#endif /* !defined(SIZE_MAX) */
#ifndef SSIZE_MAX
#if (SIZEOF_SIZE_T == 4)
@@ -355,13 +355,13 @@ typedef uint32_t uintptr_t;
#define SSIZE_MAX INT64_MAX
#else
#error "Can't define SSIZE_MAX"
-#endif
-#endif
+#endif /* (SIZEOF_SIZE_T == 4) || ... */
+#endif /* !defined(SSIZE_MAX) */
/** Any ssize_t larger than this amount is likely to be an underflow. */
#define SSIZE_T_CEILING ((ssize_t)(SSIZE_MAX-16))
/** Any size_t larger than this amount is likely to be an underflow. */
#define SIZE_T_CEILING ((size_t)(SSIZE_MAX-16))
-#endif /* __TORINT_H */
+#endif /* !defined(TOR_TORINT_H) */
diff --git a/src/common/torlog.h b/src/common/torlog.h
index 0149ce9a5b..be24b2b908 100644
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -22,7 +22,7 @@
#error "Your syslog.h thinks high numbers are more important. " \
"We aren't prepared to deal with that."
#endif
-#else
+#else /* !(defined(HAVE_SYSLOG_H)) */
/* Note: Syslog's logging code refers to priorities, with 0 being the most
* important. Thus, all our comparisons needed to be reversed when we added
* syslog support.
@@ -48,7 +48,7 @@
/** Error-level severity: for messages that only appear when something has gone
* very wrong, and the Tor process can no longer proceed. */
#define LOG_ERR 3
-#endif
+#endif /* defined(HAVE_SYSLOG_H) */
/* Logging domains */
@@ -215,7 +215,7 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
#define log_err(domain, args...) \
log_fn_(LOG_ERR, domain, __FUNCTION__, args)
-#else /* ! defined(__GNUC__) */
+#else /* !(defined(__GNUC__) && __GNUC__ <= 3) */
/* Here are the c99 variadic macros, to work with non-GCC compilers */
@@ -242,7 +242,7 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
#define log_fn_ratelim(ratelim, severity, domain, args,...) \
log_fn_ratelim_(ratelim, severity, domain, __FUNCTION__, \
args, ##__VA_ARGS__)
-#endif
+#endif /* defined(__GNUC__) && __GNUC__ <= 3 */
#ifdef LOG_PRIVATE
MOCK_DECL(STATIC void, logv, (int severity, log_domain_mask_t domain,
@@ -251,5 +251,5 @@ MOCK_DECL(STATIC void, logv, (int severity, log_domain_mask_t domain,
#endif
# define TOR_TORLOG_H
-#endif
+#endif /* !defined(TOR_TORLOG_H) */
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 71de59896a..e8c51879bd 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -76,7 +76,7 @@ ENABLE_GCC_WARNING(redundant-decls)
* SSL3 safely at the same time.
*/
#define DISABLE_SSL3_HANDSHAKE
-#endif
+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f') */
/* We redefine these so that we can run correctly even if the vendor gives us
* a version of OpenSSL that does not match its header files. (Apple: I am
@@ -390,7 +390,7 @@ tor_tls_init(void)
"when configuring it) would make ECDH much faster.");
}
/* LCOV_EXCL_STOP */
-#endif
+#endif /* (SIZEOF_VOID_P >= 8 && ... */
tor_tls_allocate_tor_tls_object_ex_data_index();
@@ -444,8 +444,9 @@ tor_x509_name_new(const char *cname)
goto error;
/* LCOV_EXCL_BR_STOP */
return name;
- error:
+
/* LCOV_EXCL_START : these lines will only execute on out of memory errors*/
+ error:
X509_NAME_free(name);
return NULL;
/* LCOV_EXCL_STOP */
@@ -490,11 +491,14 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
* the past. */
const time_t min_real_lifetime = 24*3600;
const time_t start_granularity = 24*3600;
- time_t earliest_start_time = now - cert_lifetime + min_real_lifetime
- + start_granularity;
+ time_t earliest_start_time;
/* Don't actually start in the future! */
- if (earliest_start_time >= now)
+ if (cert_lifetime <= min_real_lifetime + start_granularity) {
earliest_start_time = now - 1;
+ } else {
+ earliest_start_time = now + min_real_lifetime + start_granularity
+ - cert_lifetime;
+ }
start_time = crypto_rand_time_range(earliest_start_time, now);
/* Round the start time back to the start of a day. */
start_time -= start_time % start_granularity;
@@ -1156,7 +1160,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
* with existing Tors. */
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
goto error;
-#endif
+#endif /* 0 */
/* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
#ifdef HAVE_TLS_METHOD
@@ -1165,7 +1169,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
#else
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
-#endif
+#endif /* defined(HAVE_TLS_METHOD) */
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
@@ -1203,17 +1207,20 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
SSL_CTX_set_options(result->ctx,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
}
+
+ /* Don't actually allow compression; it uses RAM and time, it makes TLS
+ * vulnerable to CRIME-style attacks, and most of the data we transmit over
+ * TLS is encrypted (and therefore uncompressible) anyway. */
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
#endif
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
#ifndef OPENSSL_NO_COMP
- /* Don't actually allow compression; it uses ram and time, but the data
- * we transmit is all encrypted anyway. */
if (result->ctx->comp_methods)
result->ctx->comp_methods = NULL;
#endif
-#endif
+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) */
+
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
@@ -1373,7 +1380,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher);
return c != NULL;
}
-#else
+#else /* !(defined(HAVE_SSL_CIPHER_FIND)) */
# if defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
if (m && m->get_cipher_by_char) {
@@ -1387,7 +1394,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
tor_assert((c->id & 0xffff) == cipher);
return c != NULL;
}
-# endif
+#endif /* defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) */
# ifndef OPENSSL_1_1_API
if (m && m->get_cipher && m->num_ciphers) {
/* It would seem that some of the "let's-clean-up-openssl" forks have
@@ -1403,12 +1410,12 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
}
return 0;
}
-# endif
+#endif /* !defined(OPENSSL_1_1_API) */
(void) ssl;
(void) m;
(void) cipher;
return 1; /* No way to search */
-#endif
+#endif /* defined(HAVE_SSL_CIPHER_FIND) */
}
/** Remove from v2_cipher_list every cipher that we don't support, so that
@@ -1536,7 +1543,7 @@ tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
return CIPHERS_ERR;
}
ciphers = session->ciphers;
-#endif
+#endif /* defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
}
@@ -1667,7 +1674,7 @@ tor_tls_new(int sock, int isServer)
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname);
}
-#endif
+#endif /* defined(SSL_set_tlsext_host_name) */
if (!SSL_set_cipher_list(result->ssl,
isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) {
@@ -1794,7 +1801,7 @@ tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
#else
(void) tls;
-#endif
+#endif /* defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && ... */
}
/** Return whether this tls initiated the connect (client) or
@@ -2330,7 +2337,7 @@ tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp,
EVP_PKEY_free(pk);
return tor_x509_cert_new(newc);
}
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/** Return the number of bytes available for reading from <b>tls</b>.
*/
@@ -2374,10 +2381,10 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
if (BIO_method_type(wbio) == BIO_TYPE_BUFFER &&
(tmpbio = BIO_next(wbio)) != NULL)
wbio = tmpbio;
-#else
+#else /* !(OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)) */
if (wbio->method == BIO_f_buffer() && (tmpbio = BIO_next(wbio)) != NULL)
wbio = tmpbio;
-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) */
w = (unsigned long) BIO_number_written(wbio);
/* We are ok with letting these unsigned ints go "negative" here:
@@ -2456,7 +2463,7 @@ SSL_get_client_random(SSL *s, uint8_t *out, size_t len)
memcpy(out, s->s3->client_random, len);
return len;
}
-#endif
+#endif /* !defined(HAVE_SSL_GET_CLIENT_RANDOM) */
#ifndef HAVE_SSL_GET_SERVER_RANDOM
static size_t
@@ -2469,7 +2476,7 @@ SSL_get_server_random(SSL *s, uint8_t *out, size_t len)
memcpy(out, s->s3->server_random, len);
return len;
}
-#endif
+#endif /* !defined(HAVE_SSL_GET_SERVER_RANDOM) */
#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
STATIC size_t
@@ -2483,7 +2490,7 @@ SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len)
memcpy(out, s->master_key, len);
return len;
}
-#endif
+#endif /* !defined(HAVE_SSL_SESSION_GET_MASTER_KEY) */
/** Set the DIGEST256_LEN buffer at <b>secrets_out</b> to the value used in
* the v3 handshake to prove that the client knows the TLS secrets for the
@@ -2592,7 +2599,7 @@ tor_tls_get_buffer_sizes(tor_tls_t *tls,
(void)wbuf_bytes;
return -1;
-#else
+#else /* !(OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)) */
if (tls->ssl->s3->rbuf.buf)
*rbuf_capacity = tls->ssl->s3->rbuf.len;
else
@@ -2604,7 +2611,7 @@ tor_tls_get_buffer_sizes(tor_tls_t *tls,
*rbuf_bytes = tls->ssl->s3->rbuf.left;
*wbuf_bytes = tls->ssl->s3->wbuf.left;
return 0;
-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
}
/** Check whether the ECC group requested is supported by the current OpenSSL
diff --git a/src/common/tortls.h b/src/common/tortls.h
index f430aff70b..6145f7dbc9 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -161,7 +161,7 @@ STATIC int tor_tls_session_secret_cb(struct ssl_st *ssl, void *secret,
void *arg);
STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
uint16_t cipher);
-#endif
+#endif /* defined(TORTLS_OPENSSL_PRIVATE) */
MOCK_DECL(STATIC struct x509_st *, tor_tls_create_certificate,
(crypto_pk_t *rsa,
crypto_pk_t *rsa_sign,
@@ -192,9 +192,9 @@ STATIC tor_x509_cert_t *tor_x509_cert_replace_expiration(
const tor_x509_cert_t *inp,
time_t new_expiration_time,
crypto_pk_t *signing_key);
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
-#endif /* endif TORTLS_PRIVATE */
+#endif /* defined(TORTLS_PRIVATE) */
tor_x509_cert_t *tor_x509_cert_dup(const tor_x509_cert_t *cert);
const char *tor_tls_err_to_string(int err);
@@ -288,5 +288,5 @@ const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
int evaluate_ecgroup_for_tls(const char *ecgroup);
-#endif
+#endif /* !defined(TOR_TORTLS_H) */
diff --git a/src/common/util.c b/src/common/util.c
index 5b47028097..5ff7e104d6 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -31,11 +31,11 @@
#include <process.h>
#include <tchar.h>
#include <winbase.h>
-#else
+#else /* !(defined(_WIN32)) */
#include <dirent.h>
#include <pwd.h>
#include <grp.h>
-#endif
+#endif /* defined(_WIN32) */
/* math.h needs this on Linux */
#ifndef _USE_ISOC99_
@@ -84,8 +84,8 @@
* scold us for being so stupid as to autodetect its presence. To be fair,
* they've done this since 1996, when autoconf was only 5 years old. */
#include <malloc.h>
-#endif
-#endif
+#endif /* !defined(OpenBSD) && !defined(__FreeBSD__) */
+#endif /* defined(HAVE_MALLOC_H) */
#ifdef HAVE_MALLOC_NP_H
#include <malloc_np.h>
#endif
@@ -116,12 +116,12 @@
dmalloc_strndup(file, line, (string), -1, xalloc_b)
#else
#error "No dmalloc_strdup or equivalent"
- #endif
+#endif /* defined(HAVE_DMALLOC_STRDUP) || ... */
-#else /* not using dmalloc */
+#else /* !(defined(USE_DMALLOC)) */
#define DMALLOC_FN_ARGS
-#endif
+#endif /* defined(USE_DMALLOC) */
/** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
* result. On error, log and terminate the process. (Same as malloc(size),
@@ -142,7 +142,7 @@ tor_malloc_(size_t size DMALLOC_PARAMS)
if (size==0) {
size=1;
}
-#endif
+#endif /* !defined(MALLOC_ZERO_WORKS) */
#ifdef USE_DMALLOC
result = dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
@@ -233,7 +233,7 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS)
if (size==0) {
size=1;
}
-#endif
+#endif /* !defined(MALLOC_ZERO_WORKS) */
#ifdef USE_DMALLOC
result = dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
@@ -362,16 +362,16 @@ tor_log_mallinfo(int severity)
mi.arena, mi.ordblks, mi.smblks, mi.hblks,
mi.hblkhd, mi.usmblks, mi.fsmblks, mi.uordblks, mi.fordblks,
mi.keepcost);
-#else
+#else /* !(defined(HAVE_MALLINFO)) */
(void)severity;
-#endif
+#endif /* defined(HAVE_MALLINFO) */
#ifdef USE_DMALLOC
dmalloc_log_changed(0, /* Since the program started. */
1, /* Log info about non-freed pointers. */
0, /* Do not log info about freed pointers. */
0 /* Do not log individual pointers. */
);
-#endif
+#endif /* defined(USE_DMALLOC) */
}
ENABLE_GCC_WARNING(aggregate-return)
@@ -401,7 +401,7 @@ tor_lround(double d)
return (long)rint(d);
#else
return (long)(d > 0 ? d + 0.5 : ceil(d - 0.5));
-#endif
+#endif /* defined(HAVE_LROUND) || ... */
}
/** Return the 64-bit integer closest to d. We define this wrapper here so
@@ -416,7 +416,7 @@ tor_llround(double d)
return (int64_t)rint(d);
#else
return (int64_t)(d > 0 ? d + 0.5 : ceil(d - 0.5));
-#endif
+#endif /* defined(HAVE_LLROUND) || ... */
}
/** Returns floor(log2(u64)). If u64 is 0, (incorrectly) returns 0. */
@@ -445,7 +445,7 @@ tor_log2(uint64_t u64)
r += 2;
}
if (u64 >= (U64_LITERAL(1)<<1)) {
- u64 >>= 1;
+ // u64 >>= 1; // not using this any more.
r += 1;
}
return r;
@@ -477,7 +477,7 @@ round_to_power_of_2(uint64_t u64)
/** Return the lowest x such that x is at least <b>number</b>, and x modulo
* <b>divisor</b> == 0. If no such x can be expressed as an unsigned, return
- * UINT_MAX */
+ * UINT_MAX. Asserts if divisor is zero. */
unsigned
round_to_next_multiple_of(unsigned number, unsigned divisor)
{
@@ -491,7 +491,7 @@ round_to_next_multiple_of(unsigned number, unsigned divisor)
/** Return the lowest x such that x is at least <b>number</b>, and x modulo
* <b>divisor</b> == 0. If no such x can be expressed as a uint32_t, return
- * UINT32_MAX */
+ * UINT32_MAX. Asserts if divisor is zero. */
uint32_t
round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor)
{
@@ -506,7 +506,7 @@ round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor)
/** Return the lowest x such that x is at least <b>number</b>, and x modulo
* <b>divisor</b> == 0. If no such x can be expressed as a uint64_t, return
- * UINT64_MAX */
+ * UINT64_MAX. Asserts if divisor is zero. */
uint64_t
round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor)
{
@@ -1172,7 +1172,7 @@ tor_parse_long(const char *s, int base, long min, long max,
char *endptr;
long r;
- if (base < 0) {
+ if (BUG(base < 0)) {
if (ok)
*ok = 0;
return 0;
@@ -1191,7 +1191,7 @@ tor_parse_ulong(const char *s, int base, unsigned long min,
char *endptr;
unsigned long r;
- if (base < 0) {
+ if (BUG(base < 0)) {
if (ok)
*ok = 0;
return 0;
@@ -1223,7 +1223,7 @@ tor_parse_uint64(const char *s, int base, uint64_t min,
char *endptr;
uint64_t r;
- if (base < 0) {
+ if (BUG(base < 0)) {
if (ok)
*ok = 0;
return 0;
@@ -1233,20 +1233,12 @@ tor_parse_uint64(const char *s, int base, uint64_t min,
#ifdef HAVE_STRTOULL
r = (uint64_t)strtoull(s, &endptr, base);
#elif defined(_WIN32)
-#if defined(_MSC_VER) && _MSC_VER < 1300
- tor_assert(base <= 10);
- r = (uint64_t)_atoi64(s);
- endptr = (char*)s;
- while (TOR_ISSPACE(*endptr)) endptr++;
- while (TOR_ISDIGIT(*endptr)) endptr++;
-#else
r = (uint64_t)_strtoui64(s, &endptr, base);
-#endif
#elif SIZEOF_LONG == 8
r = (uint64_t)strtoul(s, &endptr, base);
#else
#error "I don't know how to parse 64-bit numbers."
-#endif
+#endif /* defined(HAVE_STRTOULL) || ... */
CHECK_STRTOX_RESULT();
}
@@ -1644,7 +1636,7 @@ tor_timegm(const struct tm *tm, time_t *time_out)
log_warn(LD_BUG, "Result does not fit in tor_timegm");
return -1;
}
-#endif
+#endif /* SIZEOF_TIME_T < 8 */
*time_out = (time_t)seconds;
return 0;
}
@@ -2022,7 +2014,7 @@ update_approx_time(time_t now)
{
cached_approx_time = now;
}
-#endif
+#endif /* !defined(TIME_IS_FAST) */
/* =====
* Rate limiting
@@ -2151,9 +2143,9 @@ clean_name_for_stat(char *name)
return;
name[len-1]='\0';
}
-#else
+#else /* !(defined(_WIN32)) */
(void)name;
-#endif
+#endif /* defined(_WIN32) */
}
/** Wrapper for unlink() to make it mockable for the test suite; returns 0
@@ -2350,21 +2342,27 @@ check_private_dir,(const char *dirname, cpd_check_t check,
running_gid = getgid();
}
if (st.st_uid != running_uid) {
- const struct passwd *pw_uid = NULL;
- char *process_ownername = NULL;
+ char *process_ownername = NULL, *file_ownername = NULL;
- pw_uid = tor_getpwuid(running_uid);
- process_ownername = pw_uid ? tor_strdup(pw_uid->pw_name) :
- tor_strdup("<unknown>");
+ {
+ const struct passwd *pw_running = tor_getpwuid(running_uid);
+ process_ownername = pw_running ? tor_strdup(pw_running->pw_name) :
+ tor_strdup("<unknown>");
+ }
- pw_uid = tor_getpwuid(st.st_uid);
+ {
+ const struct passwd *pw_stat = tor_getpwuid(st.st_uid);
+ file_ownername = pw_stat ? tor_strdup(pw_stat->pw_name) :
+ tor_strdup("<unknown>");
+ }
log_warn(LD_FS, "%s is not owned by this user (%s, %d) but by "
"%s (%d). Perhaps you are running Tor as the wrong user?",
- dirname, process_ownername, (int)running_uid,
- pw ? pw->pw_name : "<unknown>", (int)st.st_uid);
+ dirname, process_ownername, (int)running_uid,
+ file_ownername, (int)st.st_uid);
tor_free(process_ownername);
+ tor_free(file_ownername);
close(fd);
return -1;
}
@@ -2421,7 +2419,7 @@ check_private_dir,(const char *dirname, cpd_check_t check,
}
}
close(fd);
-#else
+#else /* !(!defined(_WIN32)) */
/* Win32 case: we can't open() a directory. */
(void)effective_user;
@@ -2455,7 +2453,7 @@ check_private_dir,(const char *dirname, cpd_check_t check,
return -1;
}
-#endif
+#endif /* !defined(_WIN32) */
return 0;
}
@@ -2475,7 +2473,7 @@ write_str_to_file,(const char *fname, const char *str, int bin))
"We're writing a text string that already contains a CR to %s",
escaped(fname));
}
-#endif
+#endif /* defined(_WIN32) */
return write_bytes_to_file(fname, str, strlen(str), bin);
}
@@ -2875,7 +2873,7 @@ read_file_to_str, (const char *filename, int flags, struct stat *stat_out))
errno = save_errno;
return string;
}
-#endif
+#endif /* !defined(_WIN32) */
if ((uint64_t)(statbuf.st_size)+1 >= SIZE_T_CEILING) {
close(fd);
@@ -2908,7 +2906,7 @@ read_file_to_str, (const char *filename, int flags, struct stat *stat_out))
if (!bin) {
statbuf.st_size = (size_t) r;
} else
-#endif
+#endif /* defined(_WIN32) || defined(__CYGWIN__) */
if (r != statbuf.st_size) {
/* Unless we're using text mode on win32, we'd better have an exact
* match for size. */
@@ -2982,8 +2980,9 @@ unescape_string(const char *s, char **result, size_t *size_out)
*out = '\0';
if (size_out) *size_out = out - *result;
return cp+1;
- case '\0':
+
/* LCOV_EXCL_START -- we caught this in parse_config_from_line. */
+ case '\0':
tor_fragile_assert();
tor_free(*result);
return NULL;
@@ -3031,8 +3030,9 @@ unescape_string(const char *s, char **result, size_t *size_out)
*out++ = cp[1];
cp += 2;
break;
- default:
+
/* LCOV_EXCL_START */
+ default:
/* we caught this above in the initial loop. */
tor_assert_nonfatal_unreached();
tor_free(*result); return NULL;
@@ -3092,7 +3092,7 @@ expand_filename(const char *filename)
* Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/
*/
return tor_strdup(filename);
-#else
+#else /* !(defined(_WIN32)) */
if (*filename == '~') {
char *home, *result=NULL;
const char *rest;
@@ -3122,10 +3122,10 @@ expand_filename(const char *filename)
}
tor_free(username);
rest = slash ? (slash+1) : "";
-#else
+#else /* !(defined(HAVE_PWD_H)) */
log_warn(LD_CONFIG, "Couldn't expand homedir on system without pwd.h");
return tor_strdup(filename);
-#endif
+#endif /* defined(HAVE_PWD_H) */
}
tor_assert(home);
/* Remove trailing slash. */
@@ -3138,7 +3138,7 @@ expand_filename(const char *filename)
} else {
return tor_strdup(filename);
}
-#endif
+#endif /* defined(_WIN32) */
}
#define MAX_SCANF_WIDTH 9999
@@ -3507,7 +3507,7 @@ tor_listdir, (const char *dirname))
name[sizeof(name)-1] = '\0';
#else
strlcpy(name,findData.cFileName,sizeof(name));
-#endif
+#endif /* defined(UNICODE) */
if (strcmp(name, ".") &&
strcmp(name, "..")) {
smartlist_add_strdup(result, name);
@@ -3524,7 +3524,7 @@ tor_listdir, (const char *dirname))
}
FindClose(handle);
tor_free(pattern);
-#else
+#else /* !(defined(_WIN32)) */
const char *prot_dname = sandbox_intern_string(dirname);
DIR *d;
struct dirent *de;
@@ -3539,7 +3539,7 @@ tor_listdir, (const char *dirname))
smartlist_add_strdup(result, de->d_name);
}
closedir(d);
-#endif
+#endif /* defined(_WIN32) */
return result;
}
@@ -3555,7 +3555,7 @@ path_is_relative(const char *filename)
else if (filename && strlen(filename)>3 && TOR_ISALPHA(filename[0]) &&
filename[1] == ':' && filename[2] == '\\')
return 0;
-#endif
+#endif /* defined(_WIN32) */
else
return 1;
}
@@ -3618,7 +3618,7 @@ start_daemon(void)
} else { /* Child */
close(daemon_filedes[0]); /* we only write */
- pid = setsid(); /* Detach from controlling terminal */
+ (void) setsid(); /* Detach from controlling terminal */
/*
* Fork one more time, so the parent (the session group leader) can exit.
* This means that we, as a non-session group leader, can never regain a
@@ -3685,7 +3685,7 @@ finish_daemon(const char *desired_cwd)
}
close(daemon_filedes[1]);
}
-#else
+#else /* !(!defined(_WIN32)) */
/* defined(_WIN32) */
void
start_daemon(void)
@@ -3696,11 +3696,12 @@ finish_daemon(const char *cp)
{
(void)cp;
}
-#endif
+#endif /* !defined(_WIN32) */
/** Write the current process ID, followed by NL, into <b>filename</b>.
+ * Return 0 on success, -1 on failure.
*/
-void
+int
write_pidfile(const char *filename)
{
FILE *pidfile;
@@ -3708,13 +3709,19 @@ write_pidfile(const char *filename)
if ((pidfile = fopen(filename, "w")) == NULL) {
log_warn(LD_FS, "Unable to open \"%s\" for writing: %s", filename,
strerror(errno));
+ return -1;
} else {
#ifdef _WIN32
- fprintf(pidfile, "%d\n", (int)_getpid());
+ int pid = (int)_getpid();
#else
- fprintf(pidfile, "%d\n", (int)getpid());
+ int pid = (int)getpid();
#endif
- fclose(pidfile);
+ int rv = 0;
+ if (fprintf(pidfile, "%d\n", pid) < 0)
+ rv = -1;
+ if (fclose(pidfile) < 0)
+ rv = -1;
+ return rv;
}
}
@@ -3731,7 +3738,7 @@ load_windows_system_library(const TCHAR *library_name)
_tcscat(path, library_name);
return LoadLibrary(path);
}
-#endif
+#endif /* defined(_WIN32) */
/** Format a single argument for being put on a Windows command line.
* Returns a newly allocated string */
@@ -4026,7 +4033,7 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
done:
return res;
}
-#endif
+#endif /* !defined(_WIN32) */
/* Maximum number of file descriptors, if we cannot get it via sysconf() */
#define DEFAULT_MAX_FD 256
@@ -4050,12 +4057,12 @@ tor_terminate_process(process_handle_t *process_handle)
else
return 0;
}
-#else /* Unix */
+#else /* !(defined(_WIN32)) */
if (process_handle->waitpid_cb) {
/* We haven't got a waitpid yet, so we can just kill off the process. */
return kill(process_handle->pid, SIGTERM);
}
-#endif
+#endif /* defined(_WIN32) */
return 0; /* We didn't need to kill the process, so report success */
}
@@ -4077,14 +4084,14 @@ tor_process_get_stdout_pipe(process_handle_t *process_handle)
{
return process_handle->stdout_pipe;
}
-#else
+#else /* !(defined(_WIN32)) */
/* DOCDOC tor_process_get_stdout_pipe */
int
tor_process_get_stdout_pipe(process_handle_t *process_handle)
{
return process_handle->stdout_pipe;
}
-#endif
+#endif /* defined(_WIN32) */
/* DOCDOC process_handle_new */
static process_handle_t *
@@ -4100,7 +4107,7 @@ process_handle_new(void)
out->stdin_pipe = -1;
out->stdout_pipe = -1;
out->stderr_pipe = -1;
-#endif
+#endif /* defined(_WIN32) */
return out;
}
@@ -4120,7 +4127,7 @@ process_handle_waitpid_cb(int status, void *arg)
process_handle->status = PROCESS_STATUS_NOTRUNNING;
process_handle->waitpid_cb = 0;
}
-#endif
+#endif /* !defined(_WIN32) */
/**
* @name child-process states
@@ -4142,6 +4149,20 @@ process_handle_waitpid_cb(int status, void *arg)
#define CHILD_STATE_EXEC 8
#define CHILD_STATE_FAILEXEC 9
/** @} */
+/**
+ * Boolean. If true, then Tor may call execve or CreateProcess via
+ * tor_spawn_background.
+ **/
+static int may_spawn_background_process = 1;
+/**
+ * Turn off may_spawn_background_process, so that all future calls to
+ * tor_spawn_background are guaranteed to fail.
+ **/
+void
+tor_disable_spawning_background_processes(void)
+{
+ may_spawn_background_process = 0;
+}
/** Start a program in the background. If <b>filename</b> contains a '/', then
* it will be treated as an absolute or relative path. Otherwise, on
* non-Windows systems, the system path will be searched for <b>filename</b>.
@@ -4166,6 +4187,12 @@ tor_spawn_background(const char *const filename, const char **argv,
process_environment_t *env,
process_handle_t **process_handle_out)
{
+ if (BUG(may_spawn_background_process == 0)) {
+ /* We should never reach this point if we're forbidden to spawn
+ * processes. Instead we should have caught the attempt earlier. */
+ return PROCESS_STATUS_ERROR;
+ }
+
#ifdef _WIN32
HANDLE stdout_pipe_read = NULL;
HANDLE stdout_pipe_write = NULL;
@@ -4283,13 +4310,12 @@ tor_spawn_background(const char *const filename, const char **argv,
/* TODO: Close pipes on exit */
*process_handle_out = process_handle;
return status;
-#else // _WIN32
+#else /* !(defined(_WIN32)) */
pid_t pid;
int stdout_pipe[2];
int stderr_pipe[2];
int stdin_pipe[2];
int fd, retval;
- ssize_t nbytes;
process_handle_t *process_handle;
int status;
@@ -4310,7 +4336,7 @@ tor_spawn_background(const char *const filename, const char **argv,
and we are not allowed to use unsafe functions between fork and exec */
error_message_length = strlen(error_message);
- child_state = CHILD_STATE_PIPE;
+ // child_state = CHILD_STATE_PIPE;
/* Set up pipe for redirecting stdout, stderr, and stdin of child */
retval = pipe(stdout_pipe);
@@ -4347,7 +4373,7 @@ tor_spawn_background(const char *const filename, const char **argv,
return status;
}
- child_state = CHILD_STATE_MAXFD;
+ // child_state = CHILD_STATE_MAXFD;
#ifdef _SC_OPEN_MAX
if (-1 == max_fd) {
@@ -4358,11 +4384,11 @@ tor_spawn_background(const char *const filename, const char **argv,
"Cannot find maximum file descriptor, assuming %d", max_fd);
}
}
-#else
+#else /* !(defined(_SC_OPEN_MAX)) */
max_fd = DEFAULT_MAX_FD;
-#endif
+#endif /* defined(_SC_OPEN_MAX) */
- child_state = CHILD_STATE_FORK;
+ // child_state = CHILD_STATE_FORK;
pid = fork();
if (0 == pid) {
@@ -4375,7 +4401,7 @@ tor_spawn_background(const char *const filename, const char **argv,
* than nothing.
*/
prctl(PR_SET_PDEATHSIG, SIGTERM);
-#endif
+#endif /* defined(HAVE_SYS_PRCTL_H) && defined(__linux__) */
child_state = CHILD_STATE_DUPOUT;
@@ -4398,7 +4424,7 @@ tor_spawn_background(const char *const filename, const char **argv,
if (-1 == retval)
goto error;
- child_state = CHILD_STATE_CLOSEFD;
+ // child_state = CHILD_STATE_CLOSEFD;
close(stderr_pipe[0]);
close(stderr_pipe[1]);
@@ -4414,7 +4440,7 @@ tor_spawn_background(const char *const filename, const char **argv,
close(fd);
}
- child_state = CHILD_STATE_EXEC;
+ // child_state = CHILD_STATE_EXEC;
/* Call the requested program. We need the cast because
execvp doesn't define argv as const, even though it
@@ -4433,7 +4459,8 @@ tor_spawn_background(const char *const filename, const char **argv,
error:
{
/* XXX: are we leaking fds from the pipe? */
- int n;
+ int n, err=0;
+ ssize_t nbytes;
n = format_helper_exit_status(child_state, errno, hex_errno);
@@ -4442,13 +4469,14 @@ tor_spawn_background(const char *const filename, const char **argv,
value, but there is nothing we can do if it fails */
/* TODO: Don't use STDOUT, use a pipe set up just for this purpose */
nbytes = write(STDOUT_FILENO, error_message, error_message_length);
+ err = (nbytes < 0);
nbytes = write(STDOUT_FILENO, hex_errno, n);
+ err += (nbytes < 0);
}
- }
- (void) nbytes;
+ _exit(err?254:255);
+ }
- _exit(255);
/* Never reached, but avoids compiler warning */
return status; // LCOV_EXCL_LINE
}
@@ -4515,8 +4543,8 @@ tor_spawn_background(const char *const filename, const char **argv,
}
*process_handle_out = process_handle;
- return process_handle->status;
-#endif // _WIN32
+ return status;
+#endif /* defined(_WIN32) */
}
/** Destroy all resources allocated by the process handle in
@@ -4558,13 +4586,13 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
if (process_handle->stdin_pipe)
CloseHandle(process_handle->stdin_pipe);
-#else
+#else /* !(defined(_WIN32)) */
close(process_handle->stdout_pipe);
close(process_handle->stderr_pipe);
close(process_handle->stdin_pipe);
clear_waitpid_callback(process_handle->waitpid_cb);
-#endif
+#endif /* defined(_WIN32) */
memset(process_handle, 0x0f, sizeof(process_handle_t));
tor_free(process_handle);
@@ -4617,7 +4645,7 @@ tor_get_exit_code(process_handle_t *process_handle,
return PROCESS_EXIT_ERROR;
}
}
-#else
+#else /* !(defined(_WIN32)) */
int stat_loc;
int retval;
@@ -4652,7 +4680,7 @@ tor_get_exit_code(process_handle_t *process_handle,
if (exit_code != NULL)
*exit_code = WEXITSTATUS(stat_loc);
-#endif // _WIN32
+#endif /* defined(_WIN32) */
return PROCESS_EXIT_EXITED;
}
@@ -4892,7 +4920,7 @@ tor_read_all_handle(HANDLE h, char *buf, size_t count,
}
return (ssize_t)numread;
}
-#else
+#else /* !(defined(_WIN32)) */
/** Read from a handle <b>fd</b> into <b>buf</b>, up to <b>count</b> bytes. If
* <b>process</b> is NULL, the function will return immediately if there is
* nothing more to read. Otherwise data will be read until end of file, or
@@ -4937,7 +4965,7 @@ tor_read_all_handle(int fd, char *buf, size_t count,
log_debug(LD_GENERAL, "read() read %d bytes from handle", (int)numread);
return (ssize_t)numread;
}
-#endif
+#endif /* defined(_WIN32) */
/** Read from stdout of a process until the process exits. */
ssize_t
@@ -4950,7 +4978,7 @@ tor_read_all_from_process_stdout(const process_handle_t *process_handle,
#else
return tor_read_all_handle(process_handle->stdout_pipe, buf, count,
process_handle, NULL);
-#endif
+#endif /* defined(_WIN32) */
}
/** Read from stdout of a process until the process exits. */
@@ -4964,7 +4992,7 @@ tor_read_all_from_process_stderr(const process_handle_t *process_handle,
#else
return tor_read_all_handle(process_handle->stderr_pipe, buf, count,
process_handle, NULL);
-#endif
+#endif /* defined(_WIN32) */
}
/** Split buf into lines, and add to smartlist. The buffer <b>buf</b> will be
@@ -5153,7 +5181,7 @@ log_from_handle(HANDLE *pipe, int severity)
return 0;
}
-#else
+#else /* !(defined(_WIN32)) */
/** Return a smartlist containing lines outputted from
* <b>fd</b>. Return NULL on error, and set
@@ -5218,7 +5246,7 @@ log_from_pipe(int fd, int severity, const char *executable,
/* We should never get here */
return -1;
}
-#endif
+#endif /* defined(_WIN32) */
/** Reads from <b>fd</b> and stores input in <b>buf_out</b> making
* sure it's below <b>count</b> bytes.
@@ -5470,7 +5498,7 @@ tor_check_port_forwarding(const char *filename,
status = tor_spawn_background(NULL, argv, NULL, &child_handle);
#else
status = tor_spawn_background(filename, argv, NULL, &child_handle);
-#endif
+#endif /* defined(_WIN32) */
tor_free_((void*)argv);
argv=NULL;
@@ -5496,7 +5524,7 @@ tor_check_port_forwarding(const char *filename,
#else
stderr_status = log_from_pipe(child_handle->stderr_pipe,
LOG_INFO, filename, &retval);
-#endif
+#endif /* defined(_WIN32) */
if (handle_fw_helper_output(filename, child_handle) < 0) {
log_warn(LD_GENERAL, "Failed to handle fw helper output.");
stdout_status = -1;
@@ -5521,13 +5549,13 @@ tor_check_port_forwarding(const char *filename,
* between log_from_handle and tor_get_exit_code? */
retval = 1;
}
-#else
+#else /* !(defined(_WIN32)) */
else if (1 == stdout_status || 1 == stderr_status)
/* stdout or stderr was closed, the process probably
* exited. It will be reaped by waitpid() in main.c */
/* TODO: Do something with the process return value */
retval = 1;
-#endif
+#endif /* defined(_WIN32) */
else
/* Both are fine */
retval = 0;
@@ -5598,7 +5626,7 @@ clamp_double_to_int64(double number)
{
int exponent;
-#if (defined(__MINGW32__) || defined(__MINGW64__)) && GCC_VERSION >= 409
+#if defined(MINGW_ANY) && GCC_VERSION >= 409
/*
Mingw's math.h uses gcc's __builtin_choose_expr() facility to declare
isnan, isfinite, and signbit. But as implemented in at least some
@@ -5607,7 +5635,7 @@ clamp_double_to_int64(double number)
*/
#define PROBLEMATIC_FLOAT_CONVERSION_WARNING
DISABLE_GCC_WARNING(float-conversion)
-#endif
+#endif /* defined(MINGW_ANY) && GCC_VERSION >= 409 */
/*
With clang 4.0 we apparently run into "double promotion" warnings here,
@@ -5618,7 +5646,7 @@ DISABLE_GCC_WARNING(float-conversion)
#define PROBLEMATIC_DOUBLE_PROMOTION_WARNING
DISABLE_GCC_WARNING(double-promotion)
#endif
-#endif
+#endif /* defined(__clang__) */
/* NaN is a special case that can't be used with the logic below. */
if (isnan(number)) {
@@ -5665,7 +5693,7 @@ tor_htonll(uint64_t a)
/* Little endian. The worst... */
return htonl((uint32_t)(a>>32)) |
(((uint64_t)htonl((uint32_t)a))<<32);
-#endif /* WORDS_BIGENDIAN */
+#endif /* defined(WORDS_BIGENDIAN) */
}
/** Return a uint64_t value from <b>a</b> in host byte order. */
diff --git a/src/common/util.h b/src/common/util.h
index d56abcee2e..6bc853da26 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -45,7 +45,7 @@
#else
#define DMALLOC_PARAMS
#define DMALLOC_ARGS
-#endif
+#endif /* defined(USE_DMALLOC) */
/* Memory management */
void *tor_malloc_(size_t size DMALLOC_PARAMS) ATTR_MALLOC;
@@ -72,7 +72,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
(p)=NULL; \
} \
STMT_END
-#else
+#else /* !(defined(USE_DMALLOC)) */
/** Release memory allocated by tor_malloc, tor_realloc, tor_strdup, etc.
* Unlike the free() function, tor_free() will still work on NULL pointers,
* and it sets the pointer value to NULL after freeing it.
@@ -86,7 +86,7 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
(p)=NULL; \
} \
STMT_END
-#endif
+#endif /* defined(USE_DMALLOC) */
#define tor_malloc(size) tor_malloc_(size DMALLOC_ARGS)
#define tor_malloc_zero(size) tor_malloc_zero_(size DMALLOC_ARGS)
@@ -109,19 +109,11 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
void tor_log_mallinfo(int severity);
-/** Return the offset of <b>member</b> within the type <b>tp</b>, in bytes */
-#if defined(__GNUC__) && __GNUC__ > 3
-#define STRUCT_OFFSET(tp, member) __builtin_offsetof(tp, member)
-#else
- #define STRUCT_OFFSET(tp, member) \
- ((off_t) (((char*)&((tp*)0)->member)-(char*)0))
-#endif
-
/** Macro: yield a pointer to the field at position <b>off</b> within the
* structure <b>st</b>. Example:
* <pre>
* struct a { int foo; int bar; } x;
- * off_t bar_offset = STRUCT_OFFSET(struct a, bar);
+ * off_t bar_offset = offsetof(struct a, bar);
* int *bar_p = STRUCT_VAR_P(&x, bar_offset);
* *bar_p = 3;
* </pre>
@@ -138,7 +130,7 @@ void tor_log_mallinfo(int severity);
* </pre>
*/
#define SUBTYPE_P(p, subtype, basemember) \
- ((void*) ( ((char*)(p)) - STRUCT_OFFSET(subtype, basemember) ))
+ ((void*) ( ((char*)(p)) - offsetof(subtype, basemember) ))
/* Logic */
/** Macro: true if two values have the same boolean value. */
@@ -269,7 +261,7 @@ int format_time_interval(char *out, size_t out_len, long interval);
#else
time_t approx_time(void);
void update_approx_time(time_t now);
-#endif
+#endif /* defined(TIME_IS_FAST) */
/* Rate-limiter */
@@ -397,13 +389,15 @@ int path_is_relative(const char *filename);
/* Process helpers */
void start_daemon(void);
void finish_daemon(const char *desired_cwd);
-void write_pidfile(const char *filename);
+int write_pidfile(const char *filename);
/* Port forwarding */
void tor_check_port_forwarding(const char *filename,
struct smartlist_t *ports_to_forward,
time_t now);
+void tor_disable_spawning_background_processes(void);
+
typedef struct process_handle_t process_handle_t;
typedef struct process_environment_t process_environment_t;
int tor_spawn_background(const char *const filename, const char **argv,
@@ -457,7 +451,7 @@ struct process_handle_t {
HANDLE stdout_pipe;
HANDLE stderr_pipe;
PROCESS_INFORMATION pid;
-#else
+#else /* !(defined(_WIN32)) */
int stdin_pipe;
int stdout_pipe;
int stderr_pipe;
@@ -468,9 +462,9 @@ struct process_handle_t {
struct waitpid_callback_t *waitpid_cb;
/** The exit status reported by waitpid. */
int waitpid_exit_status;
-#endif // _WIN32
+#endif /* defined(_WIN32) */
};
-#endif
+#endif /* defined(UTIL_PRIVATE) */
/* Return values of tor_get_exit_code() */
#define PROCESS_EXIT_RUNNING 1
@@ -486,7 +480,7 @@ ssize_t tor_read_all_handle(HANDLE h, char *buf, size_t count,
ssize_t tor_read_all_handle(int fd, char *buf, size_t count,
const process_handle_t *process,
int *eof);
-#endif
+#endif /* defined(_WIN32) */
ssize_t tor_read_all_from_process_stdout(
const process_handle_t *process_handle, char *buf, size_t count);
ssize_t tor_read_all_from_process_stderr(
@@ -508,7 +502,7 @@ tor_get_lines_from_handle,(HANDLE *handle,
MOCK_DECL(struct smartlist_t *,
tor_get_lines_from_handle,(int fd,
enum stream_status *stream_status));
-#endif
+#endif /* defined(_WIN32) */
int
tor_terminate_process(process_handle_t *process_handle);
@@ -545,13 +539,13 @@ STATIC int format_helper_exit_status(unsigned char child_state,
leading minus) and newline (no null) */
#define HEX_ERRNO_SIZE (sizeof(char) * 2 + 1 + \
1 + sizeof(int) * 2 + 1)
-#endif
+#endif /* !defined(_WIN32) */
-#endif
+#endif /* defined(UTIL_PRIVATE) */
int size_mul_check(const size_t x, const size_t y);
#define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0]))
-#endif
+#endif /* !defined(TOR_UTIL_H) */
diff --git a/src/common/util_bug.c b/src/common/util_bug.c
index 3d990e3700..126e843866 100644
--- a/src/common/util_bug.c
+++ b/src/common/util_bug.c
@@ -13,6 +13,10 @@
#include "backtrace.h"
#include "container.h"
+#ifdef __COVERITY__
+int bug_macro_deadcode_dummy__ = 0;
+#endif
+
#ifdef TOR_UNIT_TESTS
static void (*failed_assertion_cb)(void) = NULL;
static int n_bugs_to_capture = 0;
@@ -55,10 +59,10 @@ tor_set_failed_assertion_callback(void (*fn)(void))
{
failed_assertion_cb = fn;
}
-#else
+#else /* !(defined(TOR_UNIT_TESTS)) */
#define capturing_bugs() (0)
#define add_captured_bug(s) do { } while (0)
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
/** Helper for tor_assert: report the assertion failure. */
void
diff --git a/src/common/util_bug.h b/src/common/util_bug.h
index ae7e7a37fd..be549fde07 100644
--- a/src/common/util_bug.h
+++ b/src/common/util_bug.h
@@ -5,6 +5,32 @@
/**
* \file util_bug.h
+ *
+ * \brief Macros to manage assertions, fatal and non-fatal.
+ *
+ * Guidelines: All the different kinds of assertion in this file are for
+ * bug-checking only. Don't write code that can assert based on bad inputs.
+ *
+ * We provide two kinds of assertion here: "fatal" and "nonfatal". Use
+ * nonfatal assertions for any bug you can reasonably recover from -- and
+ * please, try to recover! Many severe bugs in Tor have been caused by using
+ * a regular assertion when a nonfatal assertion would have been better.
+ *
+ * If you need to check a condition with a nonfatal assertion, AND recover
+ * from that same condition, consider using the BUG() macro inside a
+ * conditional. For example:
+ *
+ * <code>
+ * // wrong -- use tor_assert_nonfatal() if you just want an assertion.
+ * BUG(ptr == NULL);
+ *
+ * // okay, but needlessly verbose
+ * tor_assert_nonfatal(ptr != NULL);
+ * if (ptr == NULL) { ... }
+ *
+ * // this is how we do it:
+ * if (BUG(ptr == NULL)) { ... }
+ * </code>
**/
#ifndef TOR_UTIL_BUG_H
@@ -27,7 +53,7 @@
* security-critical properties.
*/
#error "Sorry; we don't support building with NDEBUG."
-#endif
+#endif /* defined(NDEBUG) */
/* Sometimes we don't want to use assertions during branch coverage tests; it
* leads to tons of unreached branches which in reality are only assertions we
@@ -44,7 +70,7 @@
tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr); \
abort(); \
} STMT_END
-#endif
+#endif /* defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS) */
#define tor_assert_unreached() tor_assert(0)
@@ -59,11 +85,14 @@
*/
#ifdef __COVERITY__
+extern int bug_macro_deadcode_dummy__;
#undef BUG
// Coverity defines this in global headers; let's override it. This is a
// magic coverity-only preprocessor thing.
-#nodef BUG(x) ((x)?(__coverity_panic__(),1):0)
-#endif
+// We use this "deadcode_dummy__" trick to prevent coverity from
+// complaining about unreachable bug cases.
+#nodef BUG(x) ((x)?(__coverity_panic__(),1):(0+bug_macro_deadcode_dummy__))
+#endif /* defined(__COVERITY__) */
#if defined(__COVERITY__) || defined(__clang_analyzer__)
// We're running with a static analysis tool: let's treat even nonfatal
@@ -114,7 +143,7 @@
(PREDICT_UNLIKELY(cond) ? \
(tor_bug_occurred_(SHORT_FILE__,__LINE__,__func__,"!("#cond")",0), 1) \
: 0)
-#endif
+#endif /* defined(ALL_BUGS_ARE_FATAL) || ... */
#ifdef __GNUC__
#define IF_BUG_ONCE__(cond,var) \
@@ -127,7 +156,7 @@
"!("#cond")", 1); \
} \
PREDICT_UNLIKELY(bool_result); } ))
-#else
+#else /* !(defined(__GNUC__)) */
#define IF_BUG_ONCE__(cond,var) \
static int var = 0; \
if (PREDICT_UNLIKELY(cond) ? \
@@ -137,7 +166,7 @@
"!("#cond")", 1), \
1)) \
: 0)
-#endif
+#endif /* defined(__GNUC__) */
#define IF_BUG_ONCE_VARNAME_(a) \
warning_logged_on_ ## a ## __
#define IF_BUG_ONCE_VARNAME__(a) \
@@ -167,7 +196,7 @@ void tor_capture_bugs_(int n);
void tor_end_capture_bugs_(void);
const struct smartlist_t *tor_get_captured_bug_log_(void);
void tor_set_failed_assertion_callback(void (*fn)(void));
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */
-#endif
+#endif /* !defined(TOR_UTIL_BUG_H) */
diff --git a/src/common/util_format.c b/src/common/util_format.c
index 1f7b8b03aa..e51757a4e8 100644
--- a/src/common/util_format.c
+++ b/src/common/util_format.c
@@ -266,10 +266,13 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
ENCODE_N(3);
ENCODE_PAD();
break;
+ // LCOV_EXCL_START -- we can't reach this point, because we enforce
+ // 0 <= ncov_idx < 3 in the loop above.
default:
/* Something went catastrophically wrong. */
- tor_fragile_assert(); // LCOV_EXCL_LINE
+ tor_fragile_assert();
return -1;
+ // LCOV_EXCL_STOP
}
#undef ENCODE_N
diff --git a/src/common/util_format.h b/src/common/util_format.h
index 4af8832bbe..0aefe3a44e 100644
--- a/src/common/util_format.h
+++ b/src/common/util_format.h
@@ -48,5 +48,5 @@ int hex_decode_digit(char c);
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen);
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-#endif
+#endif /* !defined(TOR_UTIL_FORMAT_H) */
diff --git a/src/common/util_process.c b/src/common/util_process.c
index 9e9679b099..c2826152e9 100644
--- a/src/common/util_process.c
+++ b/src/common/util_process.c
@@ -154,5 +154,5 @@ notify_pending_waitpid_callbacks(void)
}
}
-#endif
+#endif /* !defined(_WIN32) */
diff --git a/src/common/util_process.h b/src/common/util_process.h
index c3a63498b5..c9aa771b77 100644
--- a/src/common/util_process.h
+++ b/src/common/util_process.h
@@ -20,7 +20,7 @@ waitpid_callback_t *set_waitpid_callback(pid_t pid,
void (*fn)(int, void *), void *arg);
void clear_waitpid_callback(waitpid_callback_t *ent);
void notify_pending_waitpid_callbacks(void);
-#endif
+#endif /* !defined(_WIN32) */
-#endif
+#endif /* !defined(TOR_UTIL_PROCESS_H) */
diff --git a/src/common/workqueue.h b/src/common/workqueue.h
index d2508f5329..eb885e680d 100644
--- a/src/common/workqueue.h
+++ b/src/common/workqueue.h
@@ -59,5 +59,5 @@ replyqueue_t *replyqueue_new(uint32_t alertsocks_flags);
tor_socket_t replyqueue_get_socket(replyqueue_t *rq);
void replyqueue_process(replyqueue_t *queue);
-#endif
+#endif /* !defined(TOR_WORKQUEUE_H) */