Basic RAM poisoning and magic-checking to notice connection and circuit (496e414e) · Commits · ZerXes / Tor

src/or/circuit.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -60,6 +60,7 @@ circuit_t circuit_new(uint16_t p_circ_id, connection_t p_conn) {
		circuit_t *circ;

		circ = tor_malloc_zero(sizeof(circuit_t));
		circ->magic = CIRCUIT_MAGIC;

		circ->timestamp_created = time(NULL);

		@@ -84,6 +85,7 @@ circuit_t circuit_new(uint16_t p_circ_id, connection_t p_conn) {

		void circuit_free(circuit_t *circ) {
		assert(circ);
		assert(circ->magic == CIRCUIT_MAGIC);
		if (circ->n_crypto)
		crypto_free_cipher_env(circ->n_crypto);
		if (circ->p_crypto)
		@@ -96,6 +98,7 @@ void circuit_free(circuit_t *circ) {
		tor_free(circ->build_state->chosen_exit);
		tor_free(circ->build_state);
		circuit_free_cpath(circ->cpath);
		memset(circ, 0xAA, sizeof(circuit_t)); /* poison memory */
		free(circ);
		}

		@@ -1217,6 +1220,8 @@ void assert_circuit_ok(const circuit_t *c)
		{
		connection_t *conn;

		assert(c);
		assert(c->magic == CIRCUIT_MAGIC);
		assert(c->n_addr);
		assert(c->n_port);
		assert(c->n_conn);

+6 −1

Original line number	Diff line number	Diff line
		@@ -78,8 +78,10 @@ connection_t *connection_new(int type) {
		time_t now = time(NULL);

		conn = tor_malloc_zero(sizeof(connection_t));
		conn->magic = CONNECTION_MAGIC;
		conn->s = -1; /* give it a default of 'not used' */


		conn->type = type;
		if(!connection_is_listener(conn)) { /* listeners never use their buf */
		conn->inbuf = buf_new();
		@@ -100,6 +102,7 @@ connection_t *connection_new(int type) {

		void connection_free(connection_t *conn) {
		assert(conn);
		assert(conn->magic == CONNECTION_MAGIC);

		if(!connection_is_listener(conn)) {
		buf_free(conn->inbuf);
		@@ -126,6 +129,7 @@ void connection_free(connection_t *conn) {
		log_fn(LOG_INFO,"closing fd %d.",conn->s);
		close(conn->s);
		}
		memset(conn, 0xAA, sizeof(connection_t)); /* poison memory */
		free(conn);
		}

		@@ -748,8 +752,9 @@ int connection_finished_flushing(connection_t *conn) {

		void assert_connection_ok(connection_t *conn, time_t now)
		{
		return;
		assert(conn);
		assert(conn->magic == CONNECTION_MAGIC);
		return;
		assert(conn->type >= _CONN_TYPE_MIN);
		assert(conn->type <= _CONN_TYPE_MAX);

+3 −0

Original line number	Diff line number	Diff line
		@@ -99,6 +99,7 @@ int dns_resolve(connection_t *exitconn) {
		struct cached_resolve search;
		struct pending_connection_t *pending_connection;
		uint32_t now = time(NULL);
		assert_connection_ok(exitconn, 0);

		/* first take this opportunity to see if there are any expired
		resolves in the tree.*/
		@@ -206,6 +207,7 @@ void dns_cancel_pending_resolve(char address, connection_t onlyconn) {
		assert(resolve->pending_connections);

		if(onlyconn) {
		assert_connection_ok(onlyconn,0);
		pend = resolve->pending_connections;
		if(pend->conn == onlyconn) {
		resolve->pending_connections = pend->next;
		@@ -297,6 +299,7 @@ static void dns_found_answer(char *address, uint32_t addr) {

		while(resolve->pending_connections) {
		pend = resolve->pending_connections;
		assert_connection_ok(pend->conn,0);
		pend->conn->addr = resolve->addr;
		if(resolve->state == CACHE_STATE_FAILED) {
		if(connection_edge_end(pend->conn, END_STREAM_REASON_RESOLVEFAILED, NULL) < 0)

+5 −0

Original line number	Diff line number	Diff line
		@@ -295,7 +295,9 @@ typedef struct {
		typedef struct buf_t buf_t;
		typedef struct socks_request_t socks_request_t;

		#define CONNECTION_MAGIC 0x7C3C304Eu
		struct connection_t {
		uint32_t magic; /* for memory debugging */

		uint8_t type;
		uint8_t state;
		@@ -444,7 +446,10 @@ typedef struct {
		} cpath_build_state_t;

		/* struct for a path (circuit) through the network */
		#define CIRCUIT_MAGIC 0x35315243u
		struct circuit_t {
		uint32_t magic; /* for memory debugging. */

		uint32_t n_addr;
		uint16_t n_port;
		connection_t *p_conn;