aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/buffers.c1
-rw-r--r--src/or/config.c1
-rw-r--r--src/or/connection_edge.c17
-rw-r--r--src/or/control.c16
-rw-r--r--src/or/dns.c34
-rw-r--r--src/or/dns.h14
-rw-r--r--src/or/hibernate.c2
-rw-r--r--src/or/onion.c4
-rw-r--r--src/or/or.h12
-rw-r--r--src/or/relay.c1
-rw-r--r--src/or/rendservice.c4
-rw-r--r--src/or/routerparse.c2
12 files changed, 59 insertions, 49 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 8981fd283b..89382d1d8e 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1595,6 +1595,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
return -1;
}
tor_assert(0);
+ break;
case 4: { /* socks4 */
enum {socks4, socks4a} socks4_prot = socks4a;
const char *authstart, *authend;
diff --git a/src/or/config.c b/src/or/config.c
index 3693cdf83c..2e001ee5ab 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -974,7 +974,6 @@ static const char *default_authorities[] = {
"154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
"longclaw orport=443 "
"v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
- "ipv6=[2620:13:4000:8000:60:f3ff:fea1:7cff]:443 "
"199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
NULL
};
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 3550d0e212..12fe2f57c9 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -260,6 +260,7 @@ connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
}
/* Fall through if the connection is on a circuit without optimistic
* data support. */
+ /* Falls through. */
case EXIT_CONN_STATE_CONNECTING:
case AP_CONN_STATE_RENDDESC_WAIT:
case AP_CONN_STATE_CIRCUIT_WAIT:
@@ -1910,8 +1911,8 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
socklen_t orig_dst_len = sizeof(orig_dst);
tor_addr_t addr;
-#ifdef TRANS_TRPOXY
- if (options->TransProxyType_parsed == TPT_TPROXY) {
+#ifdef TRANS_TPROXY
+ if (get_options()->TransProxyType_parsed == TPT_TPROXY) {
if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
&orig_dst_len) < 0) {
int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
@@ -2437,10 +2438,16 @@ connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
} else if (begin_type == RELAY_COMMAND_BEGIN_DIR) {
/* This connection is a begindir directory connection.
* Look at the linked directory connection to access the directory purpose.
- * (This must be non-NULL, because we're doing begindir.) */
- tor_assert(base_conn->linked);
+ * If a BEGINDIR connection is ever not linked, that's a bug. */
+ if (BUG(!base_conn->linked)) {
+ return -1;
+ }
connection_t *linked_dir_conn_base = base_conn->linked_conn;
- tor_assert(linked_dir_conn_base);
+ /* If the linked connection has been unlinked by other code, we can't send
+ * a begin cell on it. */
+ if (!linked_dir_conn_base) {
+ return -1;
+ }
/* Sensitive directory connections must have an anonymous path length.
* Otherwise, directory connections are typically one-hop.
* This matches the earlier check for directory connection path anonymity
diff --git a/src/or/control.c b/src/or/control.c
index 1bf1e33bbc..03d9fcee2a 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -3568,12 +3568,15 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
int cache = 0; /* eventually, we may switch this to 1 */
const char *cp = memchr(body, '\n', len);
- smartlist_t *args = smartlist_new();
- tor_assert(cp);
+
+ if (cp == NULL) {
+ connection_printf_to_buf(conn, "251 Empty body\r\n");
+ return 0;
+ }
++cp;
char *cmdline = tor_memdup_nulterm(body, cp-body);
-
+ smartlist_t *args = smartlist_new();
smartlist_split_string(args, cmdline, " ",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
SMARTLIST_FOREACH_BEGIN(args, char *, option) {
@@ -4158,14 +4161,19 @@ handle_control_hspost(control_connection_t *conn,
const char *body)
{
static const char *opt_server = "SERVER=";
- smartlist_t *args = smartlist_new();
smartlist_t *hs_dirs = NULL;
const char *encoded_desc = body;
size_t encoded_desc_len = len;
char *cp = memchr(body, '\n', len);
+ if (cp == NULL) {
+ connection_printf_to_buf(conn, "251 Empty body\r\n");
+ return 0;
+ }
char *argline = tor_strndup(body, cp-body);
+ smartlist_t *args = smartlist_new();
+
/* If any SERVER= options were specified, try parse the options line */
if (!strcasecmpstart(argline, opt_server)) {
/* encoded_desc begins after a newline character */
diff --git a/src/or/dns.c b/src/or/dns.c
index 5f9813b912..0ad4c0f505 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -243,29 +243,19 @@ has_dns_init_failed(void)
}
/** Helper: Given a TTL from a DNS response, determine what TTL to give the
- * OP that asked us to resolve it. */
+ * OP that asked us to resolve it, and how long to cache that record
+ * ourselves. */
uint32_t
dns_clip_ttl(uint32_t ttl)
{
- if (ttl < MIN_DNS_TTL)
- return MIN_DNS_TTL;
- else if (ttl > MAX_DNS_TTL)
- return MAX_DNS_TTL;
- else
- return ttl;
-}
-
-/** Helper: Given a TTL from a DNS response, determine how long to hold it in
- * our cache. */
-STATIC uint32_t
-dns_get_expiry_ttl(uint32_t ttl)
-{
- if (ttl < MIN_DNS_TTL)
- return MIN_DNS_TTL;
- else if (ttl > MAX_DNS_ENTRY_AGE)
- return MAX_DNS_ENTRY_AGE;
+ /* This logic is a defense against "DefectTor" DNS-based traffic
+ * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
+ * We only give two values: a "low" value and a "high" value.
+ */
+ if (ttl < MIN_DNS_TTL_AT_EXIT)
+ return MIN_DNS_TTL_AT_EXIT;
else
- return ttl;
+ return MAX_DNS_TTL_AT_EXIT;
}
/** Helper: free storage held by an entry in the DNS cache. */
@@ -336,7 +326,7 @@ cached_resolve_add_answer(cached_resolve_t *resolve,
resolve->result_ipv4.err_ipv4 = dns_result;
resolve->res_status_ipv4 = RES_STATUS_DONE_ERR;
}
-
+ resolve->ttl_ipv4 = ttl;
} else if (query_type == DNS_IPv6_AAAA) {
if (resolve->res_status_ipv6 != RES_STATUS_INFLIGHT)
return;
@@ -351,6 +341,7 @@ cached_resolve_add_answer(cached_resolve_t *resolve,
resolve->result_ipv6.err_ipv6 = dns_result;
resolve->res_status_ipv6 = RES_STATUS_DONE_ERR;
}
+ resolve->ttl_ipv6 = ttl;
}
}
@@ -531,6 +522,7 @@ send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type,
answer_type = RESOLVED_TYPE_ERROR;
/* fall through. */
}
+ /* Falls through. */
case RESOLVED_TYPE_ERROR_TRANSIENT:
case RESOLVED_TYPE_ERROR:
{
@@ -1317,7 +1309,7 @@ make_pending_resolve_cached(cached_resolve_t *resolve)
resolve->ttl_hostname < ttl)
ttl = resolve->ttl_hostname;
- set_expiry(new_resolve, time(NULL) + dns_get_expiry_ttl(ttl));
+ set_expiry(new_resolve, time(NULL) + dns_clip_ttl(ttl));
}
assert_cache_ok();
diff --git a/src/or/dns.h b/src/or/dns.h
index b14f7dd29c..951a2a3467 100644
--- a/src/or/dns.h
+++ b/src/or/dns.h
@@ -12,6 +12,18 @@
#ifndef TOR_DNS_H
#define TOR_DNS_H
+/** Lowest value for DNS ttl that a server will give. */
+#define MIN_DNS_TTL_AT_EXIT (5*60)
+/** Highest value for DNS ttl that a server will give. */
+#define MAX_DNS_TTL_AT_EXIT (60*60)
+
+/** How long do we keep DNS cache entries before purging them (regardless of
+ * their TTL)? */
+#define MAX_DNS_ENTRY_AGE (3*60*60)
+/** How long do we cache/tell clients to cache DNS records when no TTL is
+ * known? */
+#define DEFAULT_DNS_TTL (30*60)
+
int dns_init(void);
int has_dns_init_failed(void);
void dns_free_all(void);
@@ -31,8 +43,6 @@ void dump_dns_mem_usage(int severity);
#ifdef DNS_PRIVATE
#include "dns_structs.h"
-STATIC uint32_t dns_get_expiry_ttl(uint32_t ttl);
-
MOCK_DECL(STATIC int,dns_resolve_impl,(edge_connection_t *exitconn,
int is_resolve,or_circuit_t *oncirc, char **hostname_out,
int *made_connection_pending_out, cached_resolve_t **resolve_out));
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index aaf5c4bdcd..e3c80b5f14 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -331,7 +331,7 @@ edge_of_accounting_period_containing(time_t now, int get_end)
case UNIT_MONTH: {
/* If this is before the Nth, we want the Nth of last month. */
if (tm.tm_mday < cfg_start_day ||
- (tm.tm_mday < cfg_start_day && before)) {
+ (tm.tm_mday == cfg_start_day && before)) {
--tm.tm_mon;
}
/* Otherwise, the month is correct. */
diff --git a/src/or/onion.c b/src/or/onion.c
index a987883802..4b803a785c 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -235,7 +235,9 @@ onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin)
onion_queue_entry_remove(head);
log_info(LD_CIRC,
"Circuit create request is too old; canceling due to overload.");
- circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
+ if (! TO_CIRCUIT(circ)->marked_for_close) {
+ circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
+ }
}
return 0;
}
diff --git a/src/or/or.h b/src/or/or.h
index b7c67baf93..33fe8b96c4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -143,18 +143,6 @@
/** Maximum size of a single extrainfo document, as above. */
#define MAX_EXTRAINFO_UPLOAD_SIZE 50000
-/** How long do we keep DNS cache entries before purging them (regardless of
- * their TTL)? */
-#define MAX_DNS_ENTRY_AGE (30*60)
-/** How long do we cache/tell clients to cache DNS records when no TTL is
- * known? */
-#define DEFAULT_DNS_TTL (30*60)
-/** How long can a TTL be before we stop believing it? */
-#define MAX_DNS_TTL (3*60*60)
-/** How small can a TTL be before we stop believing it? Provides rudimentary
- * pinning. */
-#define MIN_DNS_TTL 60
-
/** How often do we rotate onion keys? */
#define MIN_ONION_KEY_LIFETIME (7*24*60*60)
/** How often do we rotate TLS contexts? */
diff --git a/src/or/relay.c b/src/or/relay.c
index 4e9dadba16..882877ade3 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -859,6 +859,7 @@ connection_ap_process_end_not_open(
break; /* break means it'll close, below */
/* Else fall through: expire this circuit, clear the
* chosen_exit_name field, and try again. */
+ /* Falls through. */
case END_STREAM_REASON_RESOLVEFAILED:
case END_STREAM_REASON_TIMEOUT:
case END_STREAM_REASON_MISC:
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 4d04da02aa..9c9b50445a 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3265,6 +3265,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
(unsigned)circuit->base_.n_circ_id);
goto err;
}
+ base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
+ circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
/* We've just successfully established a intro circuit to one of our
* introduction point, account for it. */
intro = find_intro_point(circuit);
@@ -3281,8 +3283,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
service->desc_is_dirty = time(NULL);
circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
- circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND,
"Received INTRO_ESTABLISHED cell on circuit %u for service %s",
(unsigned)circuit->base_.n_circ_id, serviceid);
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 2ee0d2720e..521e237be2 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -5621,6 +5621,8 @@ tor_version_parse(const char *s, tor_version_t *out)
#define NUMBER(m) \
do { \
+ if (!cp || *cp < '0' || *cp > '9') \
+ return -1; \
out->m = (int)tor_parse_uint64(cp, 10, 0, INT32_MAX, &ok, &eos); \
if (!ok) \
return -1; \
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion