From 37fed742d15025a96c1a0f7df6a686fdc97b5f8f Mon Sep 17 00:00:00 2001 From: Taylor Yu Date: Fri, 15 Sep 2017 08:59:00 -0500 Subject: Refactor channeltls.c lightly Refactor some repetitive deep indirections in several functions in channeltls.c into local variables. --- src/or/channeltls.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 4ccd3b5fbf..1db395fdd4 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1680,6 +1680,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) long apparent_skew = 0; tor_addr_t my_apparent_addr = TOR_ADDR_NULL; + int started_here = 0; + const char *identity_digest = NULL; tor_assert(cell); tor_assert(chan); @@ -1699,10 +1701,12 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) } tor_assert(chan->conn->handshake_state && chan->conn->handshake_state->received_versions); + started_here = connection_or_nonopen_was_started_here(chan->conn); + identity_digest = chan->conn->identity_digest; if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) { tor_assert(chan->conn->link_proto >= 3); - if (chan->conn->handshake_state->started_here) { + if (started_here) { if (!(chan->conn->handshake_state->authenticated)) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got a NETINFO cell from server, " @@ -1813,7 +1817,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) "they will not consider this connection canonical. They " "think we are at %s, but we think its %s.", safe_str(descr), - safe_str(hex_str(chan->conn->identity_digest, DIGEST_LEN)), + safe_str(hex_str(identity_digest, DIGEST_LEN)), safe_str(tor_addr_is_null(&my_apparent_addr) ? "" : fmt_and_decorate_addr(&my_apparent_addr)), safe_str(fmt_addr32(me->addr))); @@ -1857,8 +1861,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) safe_str_client(chan->conn->base_.address), chan->conn->base_.port, (int)(chan->conn->link_proto), - hex_str(TLS_CHAN_TO_BASE(chan)->identity_digest, - DIGEST_LEN), + hex_str(identity_digest, DIGEST_LEN), tor_addr_is_null(&my_apparent_addr) ? "" : fmt_and_decorate_addr(&my_apparent_addr)); } @@ -1929,7 +1932,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) int n_certs, i; certs_cell_t *cc = NULL; - int send_netinfo = 0; + int send_netinfo = 0, started_here = 0; memset(x509_certs, 0, sizeof(x509_certs)); memset(ed_certs, 0, sizeof(ed_certs)); @@ -1947,6 +1950,11 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) goto err; \ } while (0) + /* Can't use connection_or_nonopen_was_started_here(); its conn->tls + * check looks like it breaks + * test_link_handshake_recv_certs_ok_server(). */ + started_here = chan->conn->handshake_state->started_here; + if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) ERR("We're not doing a v3 handshake!"); if (chan->conn->link_proto < 3) @@ -2060,7 +2068,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) /* Note that this warns more loudly about time and validity if we were * _trying_ to connect to an authority, not necessarily if we _did_ connect * to one. */ - if (chan->conn->handshake_state->started_here && + if (started_here && router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest)) severity = LOG_WARN; else @@ -2078,7 +2086,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) if (!checked_rsa_id) ERR("Invalid certificate chain!"); - if (chan->conn->handshake_state->started_here) { + if (started_here) { /* No more information is needed. */ chan->conn->handshake_state->authenticated = 1; -- cgit v1.2.3-54-g00ecf From e31a7be161903b3fbe182224470d86c0814c988d Mon Sep 17 00:00:00 2001 From: Taylor Yu Date: Thu, 14 Sep 2017 20:43:52 -0500 Subject: Make NETINFO clock skew detection work on clients An unnecessary routerlist check in the NETINFO clock skew detection in channel_tls_process_netinfo_cell() was preventing clients from reporting NETINFO clock skew to controllers. --- changes/bug23532 | 5 +++++ src/or/channeltls.c | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 changes/bug23532 (limited to 'src') diff --git a/changes/bug23532 b/changes/bug23532 new file mode 100644 index 0000000000..3eb2345cea --- /dev/null +++ b/changes/bug23532 @@ -0,0 +1,5 @@ + o Minor bugfixes (usability, control port): + - Stop making an unnecessary routerlist check in NETINFO clock + skew detection; this was preventing clients from reporting + NETINFO clock skew to controllers. Fixes bug 23532; bugfix on + 0.2.4.4-alpha. diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 1db395fdd4..fe1e7e91d8 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1827,8 +1827,9 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /** Warn when we get a netinfo skew with at least this value. */ #define NETINFO_NOTICE_SKEW 3600 if (labs(apparent_skew) > NETINFO_NOTICE_SKEW && - router_get_by_id_digest(chan->conn->identity_digest)) { - int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest); + (started_here || + connection_or_digest_is_known_relay(identity_digest))) { + int trusted = router_digest_is_trusted_dir(identity_digest); clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL, "NETINFO cell", "OR"); } -- cgit v1.2.3-54-g00ecf