[tor-commits] [tor/master] Implement protocol-type isolation correctly.
nickm at torproject.org
nickm at torproject.org
Tue Aug 2 19:02:14 UTC 2011
commit 6596aa022f03bad34a3ee9cbd627fefe55c01d54
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Aug 2 10:48:39 2011 -0400
Implement protocol-type isolation correctly.
Previously we'd just looked at the connection type, but that's
always CONN_TYPE_AP. Instead, we should be looking at the type of
the listener that created the connection.
Spotted by rransom; fixes bug 3636.
---
src/or/connection.c | 1 +
src/or/connection_edge.c | 9 +++++----
src/or/dnsserv.c | 2 ++
src/or/or.h | 2 ++
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index c4b320e..b885d09 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1251,6 +1251,7 @@ connection_init_accepted_conn(connection_t *conn,
TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags;
TO_EDGE_CONN(conn)->session_group = listener->session_group;
TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch();
+ TO_EDGE_CONN(conn)->socks_request->listener_type = listener->_base.type;
switch (TO_CONN(listener)->type) {
case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT;
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 4d3e254..8f550cf 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2582,6 +2582,7 @@ connection_ap_make_link(connection_t *partner,
}
/* Populate isolation fields. */
+ conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
conn->original_dest_address = tor_strdup(address);
conn->session_group = session_group;
conn->isolation_flags = isolation_flags;
@@ -3362,7 +3363,7 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
strcmp_opt(a->socks_request->password, b->socks_request->password)))
return 0;
if ((iso & ISO_CLIENTPROTO) &&
- (TO_CONN(a)->type != TO_CONN(b)->type ||
+ (a->socks_request->listener_type != b->socks_request->listener_type ||
a->socks_request->socks_version != b->socks_request->socks_version))
return 0;
if ((iso & ISO_CLIENTADDR) &&
@@ -3424,7 +3425,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
strcmp_opt(conn->socks_request->password, circ->socks_password)))
return 0;
if ((iso & ISO_CLIENTPROTO) &&
- (TO_CONN(conn)->type != circ->client_proto_type ||
+ (conn->socks_request->listener_type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver))
return 0;
if ((iso & ISO_CLIENTADDR) &&
@@ -3463,7 +3464,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
return -1;
circ->dest_port = conn->socks_request->port;
circ->dest_address = tor_strdup(conn->original_dest_address);
- circ->client_proto_type = TO_CONN(conn)->type;
+ circ->client_proto_type = conn->socks_request->listener_type;
circ->client_proto_socksver = conn->socks_request->socks_version;
tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);
circ->session_group = conn->session_group;
@@ -3484,7 +3485,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
strcmp_opt(conn->socks_request->password, circ->socks_password))
mixed |= ISO_SOCKSAUTH;
- if ((TO_CONN(conn)->type != circ->client_proto_type ||
+ if ((conn->socks_request->listener_type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver))
mixed |= ISO_CLIENTPROTO;
if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr))
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index 35279c4..19d0427 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -131,6 +131,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
strlcpy(conn->socks_request->address, q->name,
sizeof(conn->socks_request->address));
+ conn->socks_request->listener_type = listener->_base.type;
conn->dns_server_request = req;
conn->isolation_flags = listener->isolation_flags;
conn->session_group = listener->session_group;
@@ -185,6 +186,7 @@ dnsserv_launch_request(const char *name, int reverse)
strlcpy(conn->socks_request->address, name,
sizeof(conn->socks_request->address));
+ conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
conn->original_dest_address = tor_strdup(name);
conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
conn->nym_epoch = get_signewnym_epoch();
diff --git a/src/or/or.h b/src/or/or.h
index d6d8c7a..150971b 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3382,6 +3382,8 @@ struct socks_request_t {
uint8_t auth_type;
/** What is this stream's goal? One of the SOCKS_COMMAND_* values */
uint8_t command;
+ /** Which kind of listener created this stream? */
+ uint8_t listener_type;
size_t replylen; /**< Length of <b>reply</b>. */
uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
* we want to specify our own socks reply,
More information about the tor-commits
mailing list