[tor-commits] [tor/master] Restrict unix: addresses to control and socks for now
nickm at torproject.org
nickm at torproject.org
Thu Jan 29 20:18:23 UTC 2015
commit 4c1a77953942f4921f8a151e01933c8f9d104e7f
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Jan 29 14:51:59 2015 -0500
Restrict unix: addresses to control and socks for now
---
src/or/config.c | 6 ++++++
src/or/connection.c | 27 +++++++++++++++++++--------
src/or/connection.h | 1 +
3 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index ab1f318..05b4d14 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5862,6 +5862,12 @@ parse_port_config(smartlist_t *out,
goto err;
}
+ if (unix_socket_path &&
+ ! conn_listener_type_supports_af_unix(listener_type)) {
+ log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname);
+ goto err;
+ }
+
if (unix_socket_path) {
port = 1;
} else if (is_unix_socket) {
diff --git a/src/or/connection.c b/src/or/connection.c
index 170d3d7..b7dfb1d 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -449,6 +449,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b)
conn_b->linked_conn = conn_a;
}
+/** Return true iff the provided connection listener type supports AF_UNIX
+ * sockets. */
+int
+conn_listener_type_supports_af_unix(int type)
+{
+ /* For now only control ports or SOCKS ports can be Unix domain sockets
+ * and listeners at the same time */
+ switch (type) {
+ case CONN_TYPE_CONTROL_LISTENER:
+ case CONN_TYPE_AP_LISTENER:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
/** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
* necessary, close its socket if necessary, and mark the directory as dirty
* if <b>conn</b> is an OR or OP connection.
@@ -516,8 +532,7 @@ connection_free_(connection_t *conn)
if (conn->socket_family == AF_UNIX) {
/* For now only control and SOCKS ports can be Unix domain sockets
* and listeners at the same time */
- tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER ||
- conn->type == CONN_TYPE_AP_LISTENER);
+ tor_assert(conn_listener_type_supports_af_unix(conn->type));
if (unlink(conn->address) < 0 && errno != ENOENT) {
log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
@@ -1172,17 +1187,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
}
#ifdef HAVE_SYS_UN_H
/*
- * AF_UNIX generic setup stuff (this covers both CONN_TYPE_CONTROL_LISTENER
- * and CONN_TYPE_AP_LISTENER cases)
+ * AF_UNIX generic setup stuff
*/
} else if (listensockaddr->sa_family == AF_UNIX) {
/* We want to start reading for both AF_UNIX cases */
start_reading = 1;
- /* For now only control ports or SOCKS ports can be Unix domain sockets
- * and listeners at the same time */
- tor_assert(type == CONN_TYPE_CONTROL_LISTENER ||
- type == CONN_TYPE_AP_LISTENER);
+ tor_assert(conn_listener_type_supports_af_unix(type));
if (check_location_for_unix_socket(options, address,
(type == CONN_TYPE_CONTROL_LISTENER) ?
diff --git a/src/or/connection.h b/src/or/connection.h
index 50bea51..d0a34ec 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -17,6 +17,7 @@
const char *conn_type_to_string(int type);
const char *conn_state_to_string(int type, int state);
+int conn_listener_type_supports_af_unix(int type);
dir_connection_t *dir_connection_new(int socket_family);
or_connection_t *or_connection_new(int type, int socket_family);
More information about the tor-commits
mailing list