From aba7bb705a69697ade1cff24e6693db2cb87236a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 3 May 2011 22:22:20 -0400 Subject: Set SO_REUSEADDR on all sockets, not just listeners See bug 2850 for rationale: it appears that on some busy exits, the OS decides that every single port is now unusable because they have been all used too recently. --- changes/bug2850 | 5 +++++ src/or/connection.c | 34 +++++++++++++++++++++++----------- 2 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 changes/bug2850 diff --git a/changes/bug2850 b/changes/bug2850 new file mode 100644 index 0000000000..77ccbfa25d --- /dev/null +++ b/changes/bug2850 @@ -0,0 +1,5 @@ + - Minor features + o Set SO_REUSEADDR on all sockets, not just listeners. This should + help busy exit nodes avoid running out of useable ports just because + all the ports have been used in the near past. Resolves issue 2850. + diff --git a/src/or/connection.c b/src/or/connection.c index 6e7bbd5bad..e90e13ffa0 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -851,6 +851,25 @@ warn_too_many_conns(void) } } +/** Tell the TCP stack that it shouldn't wait for a long time after + * sock has closed before reusing its port. */ +static void +make_socket_reuseable(int sock) +{ +#ifdef MS_WINDOWS + (void) sock; +#else + int one=1; + + /* REUSEADDR on normal places means you can rebind to the port + * right after somebody else has let it go. But REUSEADDR on win32 + * means you can bind to the port _even when somebody else + * already has it bound_. So, don't do that on Win32. */ + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one, + (socklen_t)sizeof(one)); +#endif +} + /** Bind a new non-blocking socket listening to the socket described * by listensockaddr. * @@ -873,9 +892,6 @@ connection_create_listener(struct sockaddr *listensockaddr, socklen_t socklen, if (listensockaddr->sa_family == AF_INET) { int is_tcp = (type != CONN_TYPE_AP_DNS_LISTENER); -#ifndef MS_WINDOWS - int one=1; -#endif if (is_tcp) start_reading = 1; @@ -893,14 +909,7 @@ connection_create_listener(struct sockaddr *listensockaddr, socklen_t socklen, goto err; } -#ifndef MS_WINDOWS - /* REUSEADDR on normal places means you can rebind to the port - * right after somebody else has let it go. But REUSEADDR on win32 - * means you can bind to the port _even when somebody else - * already has it bound_. So, don't do that on Win32. */ - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*) &one, - (socklen_t)sizeof(one)); -#endif + make_socket_reuseable(s); if (bind(s,listensockaddr,socklen) < 0) { const char *helpfulhint = ""; @@ -1088,6 +1097,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) "Connection accepted on socket %d (child of fd %d).", news,conn->s); + make_socket_reuseable(news); set_socket_nonblocking(news); if (options->ConstrainedSockets) @@ -1297,6 +1307,8 @@ connection_connect(connection_t *conn, const char *address, log_debug(LD_NET, "Connecting to %s:%u.", escaped_safe_str_client(address), port); + make_socket_reuseable(s); + if (connect(s, dest_addr, dest_addr_len) < 0) { int e = tor_socket_errno(s); if (!ERRNO_IS_CONN_EINPROGRESS(e)) { -- cgit v1.2.3-54-g00ecf From 7571e9f1cb81927c5bd47190409a30c7f23ea4a1 Mon Sep 17 00:00:00 2001 From: Robert Ransom Date: Wed, 27 Apr 2011 13:37:08 -0700 Subject: Check fetched rendezvous descriptors' service IDs --- changes/check-fetched-rend-desc-service-id | 7 +++++++ src/or/directory.c | 5 +++-- src/or/or.h | 3 ++- src/or/rendcommon.c | 22 +++++++++++++++++++++- 4 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 changes/check-fetched-rend-desc-service-id diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id new file mode 100644 index 0000000000..2f37c30216 --- /dev/null +++ b/changes/check-fetched-rend-desc-service-id @@ -0,0 +1,7 @@ + o Security fixes: + - When fetching a hidden service descriptor, check that it is for + the hidden service we were trying to connect to, in order to + stop a directory from pre-seeding a client with a descriptor for + a hidden service that they didn't want. Bugfix on 0.0.6. + + diff --git a/src/or/directory.c b/src/or/directory.c index 01f33752ff..9f9b2c1577 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1909,7 +1909,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn) (int)body_len, status_code, escaped(reason)); switch (status_code) { case 200: - if (rend_cache_store(body, body_len, 0) < -1) { + if (rend_cache_store(body, body_len, 0, + conn->rend_data->onion_address) < -1) { log_warn(LD_REND,"Failed to parse rendezvous descriptor."); /* Any pending rendezvous attempts will notice when * connection_about_to_close_connection() @@ -3114,7 +3115,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, !strcmpstart(url,"/tor/rendezvous/publish")) { /* rendezvous descriptor post */ log_info(LD_REND, "Handling rendezvous descriptor post."); - if (rend_cache_store(body, body_len, 1) < 0) { + if (rend_cache_store(body, body_len, 1, NULL) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV, "Rejected rend descriptor (length %d) from %s.", (int)body_len, conn->_base.address); diff --git a/src/or/or.h b/src/or/or.h index 897ad32a43..976ba9f8e5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4146,7 +4146,8 @@ int rend_cache_lookup_desc(const char *query, int version, const char **desc, int rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **entry_out); int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc); -int rend_cache_store(const char *desc, size_t desc_len, int published); +int rend_cache_store(const char *desc, size_t desc_len, int published, + const char *service_id); int rend_cache_store_v2_desc_as_client(const char *desc, const rend_data_t *rend_query); int rend_cache_store_v2_desc_as_dir(const char *desc); diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index c83573b208..8727a70c2e 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1047,9 +1047,14 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc) * * The published flag tells us if we store the descriptor * in our role as directory (1) or if we cache it as client (0). + * + * If service_id is non-NULL and the descriptor is not for that + * service ID, reject it. service_id must be specified if and + * only if published is 0 (we fetched this descriptor). */ int -rend_cache_store(const char *desc, size_t desc_len, int published) +rend_cache_store(const char *desc, size_t desc_len, int published, + const char *service_id) { rend_cache_entry_t *e; rend_service_descriptor_t *parsed; @@ -1068,6 +1073,12 @@ rend_cache_store(const char *desc, size_t desc_len, int published) rend_service_descriptor_free(parsed); return -2; } + if ((service_id != NULL) && strcmp(query, service_id)) { + log_warn(LD_REND, "Received service descriptor for service ID %s; " + "expected descriptor for service ID %s.", + query, safe_str(service_id)); + return -2; + } now = time(NULL); if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { log_fn(LOG_PROTOCOL_WARN, LD_REND, @@ -1253,6 +1264,8 @@ rend_cache_store_v2_desc_as_dir(const char *desc) * If we have an older descriptor with the same ID, replace it. * If we have any v0 descriptor with the same ID, reject this one in order * to not get confused with having both versions for the same service. + * If the descriptor's service ID does not match + * rend_query-\>onion_address, reject it. * Return -2 if it's malformed or otherwise rejected; return -1 if we * already have a v0 descriptor here; return 0 if it's the same or older * than one we've already got; return 1 if it's novel. @@ -1303,6 +1316,13 @@ rend_cache_store_v2_desc_as_client(const char *desc, retval = -2; goto err; } + if (strcmp(rend_query->onion_address, service_id)) { + log_warn(LD_REND, "Received service descriptor for service ID %s; " + "expected descriptor for service ID %s.", + service_id, safe_str(rend_query->onion_address)); + retval = -2; + goto err; + } /* Decode/decrypt introduction points. */ if (intro_content) { if (rend_query->auth_type != REND_NO_AUTH && -- cgit v1.2.3-54-g00ecf From d2629f78a000486f8f994ba0ab75ceeaee67fc55 Mon Sep 17 00:00:00 2001 From: Robert Ransom Date: Thu, 28 Apr 2011 12:13:03 -0700 Subject: Add crypto_pk_check_key_public_exponent function --- src/common/crypto.c | 12 ++++++++++++ src/common/crypto.h | 1 + 2 files changed, 13 insertions(+) diff --git a/src/common/crypto.c b/src/common/crypto.c index f3268fe183..6761fd71f3 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -656,6 +656,18 @@ crypto_pk_key_is_private(const crypto_pk_env_t *key) return PRIVATE_KEY_OK(key); } +/** Return true iff env contains a public key whose public exponent + * equals 65537. + */ +int +crypto_pk_check_key_public_exponent(crypto_pk_env_t *env) +{ + tor_assert(env); + tor_assert(env->key); + + return BN_is_word(env->key->e, 65537); +} + /** Compare the public-key components of a and b. Return -1 if a\b. */ diff --git a/src/common/crypto.h b/src/common/crypto.h index 576c03dc30..0fcd067ae1 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -92,6 +92,7 @@ size_t crypto_pk_keysize(crypto_pk_env_t *env); crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig); int crypto_pk_key_is_private(const crypto_pk_env_t *key); +int crypto_pk_check_key_public_exponent(crypto_pk_env_t *env); int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding); -- cgit v1.2.3-54-g00ecf From 987190c2bc1dc7b64f0f4acf98f6a84609c9d50c Mon Sep 17 00:00:00 2001 From: Robert Ransom Date: Thu, 28 Apr 2011 14:35:03 -0700 Subject: Require that certain public keys have public exponent 65537 --- changes/check-public-key-exponents | 5 +++++ src/or/routerparse.c | 17 +++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 changes/check-public-key-exponents diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents new file mode 100644 index 0000000000..a8d00673be --- /dev/null +++ b/changes/check-public-key-exponents @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Require that introduction point keys and onion keys have public + exponent 65537. Bugfix on 0.2.0.10-alpha. + + diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 7ff0e2c3ce..ceef054af0 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1326,6 +1326,11 @@ router_parse_entry_from_string(const char *s, const char *end, goto err; tok = find_by_keyword(tokens, K_ONION_KEY); + if (!crypto_pk_check_key_public_exponent(tok->key)) { + log_warn(LD_DIR, + "Relay's onion key had invalid exponent."); + goto err; + } router->onion_pkey = tok->key; tok->key = NULL; /* Prevent free */ @@ -3971,10 +3976,22 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, } /* Parse onion key. */ tok = find_by_keyword(tokens, R_IPO_ONION_KEY); + if (!crypto_pk_check_key_public_exponent(tok->key)) { + log_warn(LD_REND, + "Introduction point's onion key had invalid exponent."); + rend_intro_point_free(intro); + goto err; + } info->onion_key = tok->key; tok->key = NULL; /* Prevent free */ /* Parse service key. */ tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY); + if (!crypto_pk_check_key_public_exponent(tok->key)) { + log_warn(LD_REND, + "Introduction point key had invalid exponent."); + rend_intro_point_free(intro); + goto err; + } intro->intro_key = tok->key; tok->key = NULL; /* Prevent free */ /* Add extend info to list of introduction points. */ -- cgit v1.2.3-54-g00ecf From 4a22046c86bec7165e6977024ff84e2109832417 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 16 May 2011 14:44:23 -0400 Subject: squash! Add crypto_pk_check_key_public_exponent function Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok: it's nice to name predicates s.t. you can tell how to interpret true and false. --- src/common/crypto.c | 2 +- src/common/crypto.h | 2 +- src/or/routerparse.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 6761fd71f3..dffa2c7807 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -660,7 +660,7 @@ crypto_pk_key_is_private(const crypto_pk_env_t *key) * equals 65537. */ int -crypto_pk_check_key_public_exponent(crypto_pk_env_t *env) +crypto_pk_public_exponent_ok(crypto_pk_env_t *env) { tor_assert(env); tor_assert(env->key); diff --git a/src/common/crypto.h b/src/common/crypto.h index 0fcd067ae1..8604a8db59 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -92,7 +92,7 @@ size_t crypto_pk_keysize(crypto_pk_env_t *env); crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig); int crypto_pk_key_is_private(const crypto_pk_env_t *key); -int crypto_pk_check_key_public_exponent(crypto_pk_env_t *env); +int crypto_pk_public_exponent_ok(crypto_pk_env_t *env); int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index ceef054af0..19f9e38a9a 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1326,7 +1326,7 @@ router_parse_entry_from_string(const char *s, const char *end, goto err; tok = find_by_keyword(tokens, K_ONION_KEY); - if (!crypto_pk_check_key_public_exponent(tok->key)) { + if (!crypto_pk_public_exponent_ok(tok->key)) { log_warn(LD_DIR, "Relay's onion key had invalid exponent."); goto err; @@ -3976,7 +3976,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, } /* Parse onion key. */ tok = find_by_keyword(tokens, R_IPO_ONION_KEY); - if (!crypto_pk_check_key_public_exponent(tok->key)) { + if (!crypto_pk_public_exponent_ok(tok->key)) { log_warn(LD_REND, "Introduction point's onion key had invalid exponent."); rend_intro_point_free(intro); @@ -3986,7 +3986,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, tok->key = NULL; /* Prevent free */ /* Parse service key. */ tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY); - if (!crypto_pk_check_key_public_exponent(tok->key)) { + if (!crypto_pk_public_exponent_ok(tok->key)) { log_warn(LD_REND, "Introduction point key had invalid exponent."); rend_intro_point_free(intro); -- cgit v1.2.3-54-g00ecf