[or-cvs] r8289: backbackport: defense in depth (in tor/branches/tor-0_1_0-patches: . contrib src/or src/win32)
arma at seul.org
arma at seul.org
Tue Aug 29 09:23:50 UTC 2006
Author: arma
Date: 2006-08-29 05:23:49 -0400 (Tue, 29 Aug 2006)
New Revision: 8289
Modified:
tor/branches/tor-0_1_0-patches/configure.in
tor/branches/tor-0_1_0-patches/contrib/tor.nsi
tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c
tor/branches/tor-0_1_0-patches/src/or/command.c
tor/branches/tor-0_1_0-patches/src/or/connection_edge.c
tor/branches/tor-0_1_0-patches/src/win32/orconfig.h
Log:
backbackport: defense in depth
Modified: tor/branches/tor-0_1_0-patches/configure.in
===================================================================
--- tor/branches/tor-0_1_0-patches/configure.in 2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/configure.in 2006-08-29 09:23:49 UTC (rev 8289)
@@ -4,7 +4,7 @@
dnl See LICENSE for licensing information
AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.1.0.17)
+AM_INIT_AUTOMAKE(tor, 0.1.0.18)
AM_CONFIG_HEADER(orconfig.h)
AC_CANONICAL_HOST
Modified: tor/branches/tor-0_1_0-patches/contrib/tor.nsi
===================================================================
--- tor/branches/tor-0_1_0-patches/contrib/tor.nsi 2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/contrib/tor.nsi 2006-08-29 09:23:49 UTC (rev 8289)
@@ -31,7 +31,7 @@
!include "MUI.nsh"
-!define VERSION "0.1.0.17"
+!define VERSION "0.1.0.18"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "http://tor.eff.org/"
Modified: tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c
===================================================================
--- tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c 2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/or/circuitbuild.c 2006-08-29 09:23:49 UTC (rev 8289)
@@ -552,6 +552,11 @@
log_fn(LOG_WARN,"n_conn already set. Bug/attack. Closing.");
return -1;
}
+ if (!server_mode(get_options())) {
+ log_fn(LOG_WARN,
+ "Got an extend cell, but running as a client. Closing.");
+ return -1;
+ }
relay_header_unpack(&rh, cell->payload);
Modified: tor/branches/tor-0_1_0-patches/src/or/command.c
===================================================================
--- tor/branches/tor-0_1_0-patches/src/or/command.c 2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/or/command.c 2006-08-29 09:23:49 UTC (rev 8289)
@@ -159,6 +159,15 @@
return;
}
+ if (!server_mode(get_options())) {
+ log_fn(LOG_WARN,
+ "Received create cell (type %d) from %s:%d, but we're a client. "
+ "Sending back a destroy.",
+ (int)cell->command, conn->address, conn->port);
+ connection_send_destroy(cell->circ_id, conn);
+ return;
+ }
+
/* If the high bit of the circuit ID is not as expected, then switch
* which half of the space we'll use for our own CREATE cells.
*
Modified: tor/branches/tor-0_1_0-patches/src/or/connection_edge.c
===================================================================
--- tor/branches/tor-0_1_0-patches/src/or/connection_edge.c 2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/or/connection_edge.c 2006-08-29 09:23:49 UTC (rev 8289)
@@ -1361,12 +1361,20 @@
uint16_t port;
assert_circuit_ok(circ);
- relay_header_unpack(&rh, cell->payload);
/* XXX currently we don't send an end cell back if we drop the
* begin because it's malformed.
*/
+ if (!server_mode(get_options()) &&
+ circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
+ log_fn(LOG_WARN,
+ "Relay begin cell at non-server. Dropping.");
+ return 0;
+ }
+
+ relay_header_unpack(&rh, cell->payload);
+
if (!memchr(cell->payload+RELAY_HEADER_SIZE, 0, rh.length)) {
log_fn(LOG_WARN,"relay begin cell has no \\0. Dropping.");
return 0;
Modified: tor/branches/tor-0_1_0-patches/src/win32/orconfig.h
===================================================================
--- tor/branches/tor-0_1_0-patches/src/win32/orconfig.h 2006-08-29 08:43:29 UTC (rev 8288)
+++ tor/branches/tor-0_1_0-patches/src/win32/orconfig.h 2006-08-29 09:23:49 UTC (rev 8289)
@@ -215,4 +215,4 @@
#define HAVE_EVENT_H
/* Version number of package */
-#define VERSION "0.1.0.17"
+#define VERSION "0.1.0.18"
More information about the tor-commits
mailing list