diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/app/config/config.c | 2 | ||||
| -rw-r--r-- | src/feature/relay/router.c | 15 | ||||
| -rw-r--r-- | src/lib/sandbox/sandbox.c | 40 | ||||
| -rw-r--r-- | src/rust/protover/protover.rs | 2 | ||||
| -rw-r--r-- | src/test/test_config.c | 22 |
5 files changed, 33 insertions, 48 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c index 0b1b758d96..cbca7d3899 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -6839,7 +6839,7 @@ check_bridge_distribution_setting(const char *bd) }; unsigned i; for (i = 0; i < ARRAY_LENGTH(RECOGNIZED); ++i) { - if (!strcmp(bd, RECOGNIZED[i])) + if (!strcasecmp(bd, RECOGNIZED[i])) return 0; } diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index 1dbaf2ed66..e91550a78c 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -2635,15 +2635,20 @@ router_dump_router_to_string(routerinfo_t *router, } if (options->BridgeRelay) { - const char *bd; + char *bd = NULL; + if (options->BridgeDistribution && strlen(options->BridgeDistribution)) { - bd = options->BridgeDistribution; + bd = tor_strdup(options->BridgeDistribution); } else { - bd = "any"; + bd = tor_strdup("any"); } - if (strchr(bd, '\n') || strchr(bd, '\r')) - bd = escaped(bd); + + // Make sure our value is lowercased in the descriptor instead of just + // forwarding what the user wrote in their torrc directly. + tor_strlower(bd); + smartlist_add_asprintf(chunks, "bridge-distribution-request %s\n", bd); + tor_free(bd); } if (router->onion_curve25519_pkey) { diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index e2356a1720..8f577b0660 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -491,24 +491,6 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } } - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), - SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, - O_RDONLY)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " - "error %d", rc); - return rc; - } - - rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat), - SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, - O_RDONLY)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received " - "libseccomp error %d", rc); - return rc; - } - return 0; } @@ -562,23 +544,6 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } -static int -sb__sysctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter) -{ - int rc; - (void) filter; - (void) ctx; - - rc = seccomp_rule_add_0(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(_sysctl)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add _sysctl syscall, " - "received libseccomp error %d", rc); - return rc; - } - - return 0; -} - /** * Function responsible for setting up the rename syscall for * the seccomp filter sandbox. @@ -1141,7 +1106,6 @@ static sandbox_filter_func_t filter_func[] = { sb_chmod, sb_open, sb_openat, - sb__sysctl, sb_rename, #ifdef __NR_fcntl64 sb_fcntl64, @@ -1518,14 +1482,14 @@ install_syscall_filter(sandbox_cfg_t* cfg) int rc = 0; scmp_filter_ctx ctx; - ctx = seccomp_init(SCMP_ACT_TRAP); + ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM)); if (ctx == NULL) { log_err(LD_BUG,"(Sandbox) failed to initialise libseccomp context"); rc = -1; goto end; } - // protectign sandbox parameter strings + // protecting sandbox parameter strings if ((rc = prot_strings(ctx, cfg))) { goto end; } diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 2661d811c4..06fdf56c69 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -26,7 +26,7 @@ const FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS: &'static str = "0.2.9.3-alpha"; /// before concluding that someone is trying to DoS us /// /// C_RUST_COUPLED: protover.c `MAX_PROTOCOLS_TO_EXPAND` -const MAX_PROTOCOLS_TO_EXPAND: usize = (1 << 16); +const MAX_PROTOCOLS_TO_EXPAND: usize = 1 << 16; /// The maximum size an `UnknownProtocol`'s name may be. pub(crate) const MAX_PROTOCOL_NAME_LENGTH: usize = 100; diff --git a/src/test/test_config.c b/src/test/test_config.c index 8f011ce1f1..855725411a 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -5620,11 +5620,27 @@ test_config_check_bridge_distribution_setting_not_a_bridge(void *arg) static void test_config_check_bridge_distribution_setting_valid(void *arg) { - int ret = check_bridge_distribution_setting("https"); - (void)arg; - tt_int_op(ret, OP_EQ, 0); + // Check all the possible values we support right now. + tt_int_op(check_bridge_distribution_setting("none"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("any"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("https"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("email"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("moat"), OP_EQ, 0); + + // Check all the possible values we support right now with weird casing. + tt_int_op(check_bridge_distribution_setting("NoNe"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("anY"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("hTTps"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("emAIl"), OP_EQ, 0); + tt_int_op(check_bridge_distribution_setting("moAt"), OP_EQ, 0); + + // Invalid values. + tt_int_op(check_bridge_distribution_setting("x\rx"), OP_EQ, -1); + tt_int_op(check_bridge_distribution_setting("x\nx"), OP_EQ, -1); + tt_int_op(check_bridge_distribution_setting("\t\t\t"), OP_EQ, -1); + done: return; } |