Loading changes/ticket3569_part1 0 → 100644 +6 −0 Original line number Diff line number Diff line o Code simplification and refactoring: - Rework Tor SOCKS server code to use Trunnel and benefit from autogenerated functions for parsing and generating SOCKS wire format. New implementation is cleaner, more maintainable and should be less prone to heartbleed-style vulnerabilities. Implements a significant fraction of ticket 3569. src/core/or/socks_request_st.h +2 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,8 @@ struct socks_request_t { /** The negotiated password value if any (for socks5). This value is NOT * nul-terminated; see passwordlen for its length. */ char *password; uint8_t socks5_atyp; /* SOCKS5 address type */ }; #endif src/core/proto/proto_socks.c +767 −357 File changed.Preview size limit exceeded, changes collapsed. Show changes src/test/test_socks.c +6 −5 Original line number Diff line number Diff line Loading @@ -84,7 +84,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.3:4370 */ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, get_options()->SafeSocks), Loading @@ -100,7 +100,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); socks_request_clear(socks); /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.4:4369 with userid*/ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, 1); Loading Loading @@ -166,7 +166,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); expect_log_msg_containing("user name too long; rejecting."); expect_log_msg_containing("socks4: parsing failed - invalid request."); mock_clean_saved_logs(); /* Try with 2000-byte hostname */ Loading Loading @@ -194,7 +194,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); expect_log_msg_containing("Destaddr too long."); expect_log_msg_containing("parsing failed - invalid request."); mock_clean_saved_logs(); /* Socks4, bogus hostname */ Loading Loading @@ -648,7 +648,8 @@ test_socks_5_malformed_commands(void *ptr) tt_int_op(5,OP_EQ,socks->socks_version); tt_int_op(10,OP_EQ,socks->replylen); tt_int_op(5,OP_EQ,socks->reply[0]); tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]); /* trunnel parsing will fail with -1 */ tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]); tt_int_op(1,OP_EQ,socks->reply[3]); done: Loading src/trunnel/include.am +6 −3 Original line number Diff line number Diff line Loading @@ -10,7 +10,8 @@ TRUNNELINPUTS = \ src/trunnel/ed25519_cert.trunnel \ src/trunnel/link_handshake.trunnel \ src/trunnel/pwbox.trunnel \ src/trunnel/channelpadding_negotiation.trunnel src/trunnel/channelpadding_negotiation.trunnel \ src/trunner/socks5.trunnel TRUNNELSOURCES = \ src/ext/trunnel/trunnel.c \ Loading @@ -21,7 +22,8 @@ TRUNNELSOURCES = \ src/trunnel/hs/cell_establish_intro.c \ src/trunnel/hs/cell_introduce1.c \ src/trunnel/hs/cell_rendezvous.c \ src/trunnel/channelpadding_negotiation.c src/trunnel/channelpadding_negotiation.c \ src/trunnel/socks5.c TRUNNELHEADERS = \ src/ext/trunnel/trunnel.h \ Loading @@ -34,7 +36,8 @@ TRUNNELHEADERS = \ src/trunnel/hs/cell_establish_intro.h \ src/trunnel/hs/cell_introduce1.h \ src/trunnel/hs/cell_rendezvous.h \ src/trunnel/channelpadding_negotiation.h src/trunnel/channelpadding_negotiation.h \ src/trunnel/socks5.h src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES) src_trunnel_libor_trunnel_a_CPPFLAGS = \ Loading Loading
changes/ticket3569_part1 0 → 100644 +6 −0 Original line number Diff line number Diff line o Code simplification and refactoring: - Rework Tor SOCKS server code to use Trunnel and benefit from autogenerated functions for parsing and generating SOCKS wire format. New implementation is cleaner, more maintainable and should be less prone to heartbleed-style vulnerabilities. Implements a significant fraction of ticket 3569.
src/core/or/socks_request_st.h +2 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,8 @@ struct socks_request_t { /** The negotiated password value if any (for socks5). This value is NOT * nul-terminated; see passwordlen for its length. */ char *password; uint8_t socks5_atyp; /* SOCKS5 address type */ }; #endif
src/core/proto/proto_socks.c +767 −357 File changed.Preview size limit exceeded, changes collapsed. Show changes
src/test/test_socks.c +6 −5 Original line number Diff line number Diff line Loading @@ -84,7 +84,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.3:4370 */ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, get_options()->SafeSocks), Loading @@ -100,7 +100,7 @@ test_socks_4_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); socks_request_clear(socks); /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.4:4369 with userid*/ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00"); tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, 1); Loading Loading @@ -166,7 +166,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); expect_log_msg_containing("user name too long; rejecting."); expect_log_msg_containing("socks4: parsing failed - invalid request."); mock_clean_saved_logs(); /* Try with 2000-byte hostname */ Loading Loading @@ -194,7 +194,7 @@ test_socks_4_bad_arguments(void *ptr) tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); buf_clear(buf); expect_log_msg_containing("Destaddr too long."); expect_log_msg_containing("parsing failed - invalid request."); mock_clean_saved_logs(); /* Socks4, bogus hostname */ Loading Loading @@ -648,7 +648,8 @@ test_socks_5_malformed_commands(void *ptr) tt_int_op(5,OP_EQ,socks->socks_version); tt_int_op(10,OP_EQ,socks->replylen); tt_int_op(5,OP_EQ,socks->reply[0]); tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]); /* trunnel parsing will fail with -1 */ tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]); tt_int_op(1,OP_EQ,socks->reply[3]); done: Loading
src/trunnel/include.am +6 −3 Original line number Diff line number Diff line Loading @@ -10,7 +10,8 @@ TRUNNELINPUTS = \ src/trunnel/ed25519_cert.trunnel \ src/trunnel/link_handshake.trunnel \ src/trunnel/pwbox.trunnel \ src/trunnel/channelpadding_negotiation.trunnel src/trunnel/channelpadding_negotiation.trunnel \ src/trunner/socks5.trunnel TRUNNELSOURCES = \ src/ext/trunnel/trunnel.c \ Loading @@ -21,7 +22,8 @@ TRUNNELSOURCES = \ src/trunnel/hs/cell_establish_intro.c \ src/trunnel/hs/cell_introduce1.c \ src/trunnel/hs/cell_rendezvous.c \ src/trunnel/channelpadding_negotiation.c src/trunnel/channelpadding_negotiation.c \ src/trunnel/socks5.c TRUNNELHEADERS = \ src/ext/trunnel/trunnel.h \ Loading @@ -34,7 +36,8 @@ TRUNNELHEADERS = \ src/trunnel/hs/cell_establish_intro.h \ src/trunnel/hs/cell_introduce1.h \ src/trunnel/hs/cell_rendezvous.h \ src/trunnel/channelpadding_negotiation.h src/trunnel/channelpadding_negotiation.h \ src/trunnel/socks5.h src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES) src_trunnel_libor_trunnel_a_CPPFLAGS = \ Loading
