Commit 496e414e authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Basic RAM poisoning and magic-checking to notice connection and circuit

corruption faster; also, check for corruption in dns.c so we can fail fast
for the bug that's nailing Lucky and moria3.


svn:r1123
parent 1b25794a
......@@ -60,6 +60,7 @@ circuit_t *circuit_new(uint16_t p_circ_id, connection_t *p_conn) {
circuit_t *circ;
circ = tor_malloc_zero(sizeof(circuit_t));
circ->magic = CIRCUIT_MAGIC;
circ->timestamp_created = time(NULL);
......@@ -84,6 +85,7 @@ circuit_t *circuit_new(uint16_t p_circ_id, connection_t *p_conn) {
void circuit_free(circuit_t *circ) {
assert(circ);
assert(circ->magic == CIRCUIT_MAGIC);
if (circ->n_crypto)
crypto_free_cipher_env(circ->n_crypto);
if (circ->p_crypto)
......@@ -96,6 +98,7 @@ void circuit_free(circuit_t *circ) {
tor_free(circ->build_state->chosen_exit);
tor_free(circ->build_state);
circuit_free_cpath(circ->cpath);
memset(circ, 0xAA, sizeof(circuit_t)); /* poison memory */
free(circ);
}
......@@ -1217,6 +1220,8 @@ void assert_circuit_ok(const circuit_t *c)
{
connection_t *conn;
assert(c);
assert(c->magic == CIRCUIT_MAGIC);
assert(c->n_addr);
assert(c->n_port);
assert(c->n_conn);
......
......@@ -78,8 +78,10 @@ connection_t *connection_new(int type) {
time_t now = time(NULL);
conn = tor_malloc_zero(sizeof(connection_t));
conn->magic = CONNECTION_MAGIC;
conn->s = -1; /* give it a default of 'not used' */
conn->type = type;
if(!connection_is_listener(conn)) { /* listeners never use their buf */
conn->inbuf = buf_new();
......@@ -100,6 +102,7 @@ connection_t *connection_new(int type) {
void connection_free(connection_t *conn) {
assert(conn);
assert(conn->magic == CONNECTION_MAGIC);
if(!connection_is_listener(conn)) {
buf_free(conn->inbuf);
......@@ -126,6 +129,7 @@ void connection_free(connection_t *conn) {
log_fn(LOG_INFO,"closing fd %d.",conn->s);
close(conn->s);
}
memset(conn, 0xAA, sizeof(connection_t)); /* poison memory */
free(conn);
}
......@@ -748,8 +752,9 @@ int connection_finished_flushing(connection_t *conn) {
void assert_connection_ok(connection_t *conn, time_t now)
{
return;
assert(conn);
assert(conn->magic == CONNECTION_MAGIC);
return;
assert(conn->type >= _CONN_TYPE_MIN);
assert(conn->type <= _CONN_TYPE_MAX);
......
......@@ -99,6 +99,7 @@ int dns_resolve(connection_t *exitconn) {
struct cached_resolve search;
struct pending_connection_t *pending_connection;
uint32_t now = time(NULL);
assert_connection_ok(exitconn, 0);
/* first take this opportunity to see if there are any expired
resolves in the tree.*/
......@@ -206,6 +207,7 @@ void dns_cancel_pending_resolve(char *address, connection_t *onlyconn) {
assert(resolve->pending_connections);
if(onlyconn) {
assert_connection_ok(onlyconn,0);
pend = resolve->pending_connections;
if(pend->conn == onlyconn) {
resolve->pending_connections = pend->next;
......@@ -297,6 +299,7 @@ static void dns_found_answer(char *address, uint32_t addr) {
while(resolve->pending_connections) {
pend = resolve->pending_connections;
assert_connection_ok(pend->conn,0);
pend->conn->addr = resolve->addr;
if(resolve->state == CACHE_STATE_FAILED) {
if(connection_edge_end(pend->conn, END_STREAM_REASON_RESOLVEFAILED, NULL) < 0)
......
......@@ -295,7 +295,9 @@ typedef struct {
typedef struct buf_t buf_t;
typedef struct socks_request_t socks_request_t;
#define CONNECTION_MAGIC 0x7C3C304Eu
struct connection_t {
uint32_t magic; /* for memory debugging */
uint8_t type;
uint8_t state;
......@@ -444,7 +446,10 @@ typedef struct {
} cpath_build_state_t;
/* struct for a path (circuit) through the network */
#define CIRCUIT_MAGIC 0x35315243u
struct circuit_t {
uint32_t magic; /* for memory debugging. */
uint32_t n_addr;
uint16_t n_port;
connection_t *p_conn;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment