[or-cvs] Basic RAM poisoning and magic-checking to notice connection...

Nick Mathewson nickm at seul.org
Wed Feb 25 07:31:49 UTC 2004 

Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv11306/src/or

Modified Files:
	circuit.c connection.c dns.c or.h 
Log Message:
Basic RAM poisoning and magic-checking to notice connection and circuit
corruption faster; also, check for corruption in dns.c so we can fail fast
for the bug that's nailing Lucky and moria3.


Index: circuit.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuit.c,v
retrieving revision 1.135
retrieving revision 1.136
diff -u -d -r1.135 -r1.136
--- circuit.c	18 Feb 2004 01:21:20 -0000	1.135
+++ circuit.c	25 Feb 2004 07:31:46 -0000	1.136
@@ -60,6 +60,7 @@
   circuit_t *circ;
 
   circ = tor_malloc_zero(sizeof(circuit_t));
+  circ->magic = CIRCUIT_MAGIC;
 
   circ->timestamp_created = time(NULL);
 
@@ -84,6 +85,7 @@
 
 void circuit_free(circuit_t *circ) {
   assert(circ);
+  assert(circ->magic == CIRCUIT_MAGIC);
   if (circ->n_crypto)
     crypto_free_cipher_env(circ->n_crypto);
   if (circ->p_crypto)
@@ -96,6 +98,7 @@
     tor_free(circ->build_state->chosen_exit);
   tor_free(circ->build_state);
   circuit_free_cpath(circ->cpath);
+  memset(circ, 0xAA, sizeof(circuit_t)); /* poison memory */
   free(circ);
 }
 
@@ -1217,6 +1220,8 @@
 {
   connection_t *conn;
 
+  assert(c);
+  assert(c->magic == CIRCUIT_MAGIC);
   assert(c->n_addr);
   assert(c->n_port);
   assert(c->n_conn);

Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -d -r1.151 -r1.152
--- connection.c	25 Feb 2004 06:57:57 -0000	1.151
+++ connection.c	25 Feb 2004 07:31:46 -0000	1.152
@@ -78,8 +78,10 @@
   time_t now = time(NULL);
 
   conn = tor_malloc_zero(sizeof(connection_t));
+  conn->magic = CONNECTION_MAGIC;
   conn->s = -1; /* give it a default of 'not used' */
 
+
   conn->type = type;
   if(!connection_is_listener(conn)) { /* listeners never use their buf */
     conn->inbuf = buf_new();
@@ -100,6 +102,7 @@
 
 void connection_free(connection_t *conn) {
   assert(conn);
+  assert(conn->magic == CONNECTION_MAGIC);
 
   if(!connection_is_listener(conn)) {
     buf_free(conn->inbuf);
@@ -126,6 +129,7 @@
     log_fn(LOG_INFO,"closing fd %d.",conn->s);
     close(conn->s);
   }
+  memset(conn, 0xAA, sizeof(connection_t)); /* poison memory */
   free(conn);
 }
 
@@ -748,8 +752,9 @@
 
 void assert_connection_ok(connection_t *conn, time_t now)
 {
-  return;
   assert(conn);
+  assert(conn->magic == CONNECTION_MAGIC);
+  return;
   assert(conn->type >= _CONN_TYPE_MIN);
   assert(conn->type <= _CONN_TYPE_MAX);
 

Index: dns.c
===================================================================
RCS file: /home/or/cvsroot/src/or/dns.c,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -d -r1.51 -r1.52
--- dns.c	25 Feb 2004 06:56:11 -0000	1.51
+++ dns.c	25 Feb 2004 07:31:46 -0000	1.52
@@ -99,6 +99,7 @@
   struct cached_resolve search;
   struct pending_connection_t *pending_connection;
   uint32_t now = time(NULL);
+  assert_connection_ok(exitconn, 0);
 
   /* first take this opportunity to see if there are any expired
      resolves in the tree.*/
@@ -206,6 +207,7 @@
   assert(resolve->pending_connections);
 
   if(onlyconn) {
+    assert_connection_ok(onlyconn,0);
     pend = resolve->pending_connections;
     if(pend->conn == onlyconn) {
       resolve->pending_connections = pend->next;
@@ -297,6 +299,7 @@
 
   while(resolve->pending_connections) {
     pend = resolve->pending_connections;
+    assert_connection_ok(pend->conn,0);
     pend->conn->addr = resolve->addr;
     if(resolve->state == CACHE_STATE_FAILED) {
       if(connection_edge_end(pend->conn, END_STREAM_REASON_RESOLVEFAILED, NULL) < 0)

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -d -r1.226 -r1.227
--- or.h	20 Feb 2004 23:41:45 -0000	1.226
+++ or.h	25 Feb 2004 07:31:46 -0000	1.227
@@ -295,7 +295,9 @@
 typedef struct buf_t buf_t;
 typedef struct socks_request_t socks_request_t;
 
+#define CONNECTION_MAGIC 0x7C3C304Eu
 struct connection_t {
+  uint32_t magic; /* for memory debugging */
 
   uint8_t type;
   uint8_t state;
@@ -444,7 +446,10 @@
 } cpath_build_state_t;
 
 /* struct for a path (circuit) through the network */
+#define CIRCUIT_MAGIC 0x35315243u
 struct circuit_t {
+  uint32_t magic; /* for memory debugging. */
+
   uint32_t n_addr;
   uint16_t n_port;
   connection_t *p_conn;

More information about the tor-commits mailing list