Commit d25fed51 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Merge remote-tracking branch 'yawning-schwanenlied/bug20261'

parents 5a9696fa 7b2c8567
o Minor bugfixes (client, unix domain sockets):
- Disable IsolateClientAddr when using AF_UNIX backed SocksPorts
as the client address is meaningless. Fixes bug 20261; bugfix on
0.2.6.3-alpha.
......@@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if
another. Recognized isolation flags are:
**IsolateClientAddr**;;
Don't share circuits with streams from a different
client address. (On by default and strongly recommended;
you can disable it with **NoIsolateClientAddr**.)
client address. (On by default and strongly recommended when
supported; you can disable it with **NoIsolateClientAddr**.
Unsupported and force-disabled when using Unix domain sockets.)
**IsolateSOCKSAuth**;;
Don't share circuits with streams for which different
SOCKS authentication was provided. (On by default;
......
......@@ -1041,6 +1041,10 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
* Different address families (IPv4 vs IPv6) are always considered unequal if
* <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
* considered equivalent to their IPv4 equivalents.
*
* As a special case, all AF_UNIX addresses are always considered equal
* since tor_addr_t currently does not contain the information required to
* make the comparison.
*/
int
tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2,
......@@ -1114,6 +1118,18 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
return 0;
}
}
case AF_UNIX:
/* HACKHACKHACKHACKHACK:
* tor_addr_t doesn't contain a copy of sun_path, so it's not
* possible to comapre this at all.
*
* Since the only time we currently actually should be comparing
* 2 AF_UNIX addresses is when dealing with ISO_CLIENTADDR (which
* is diesabled for AF_UNIX SocksPorts anyway), this just returns 0.
*
* See: #20261.
*/
return 0;
default:
/* LCOV_EXCL_START */
tor_fragile_assert();
......
......@@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out,
goto err;
}
if (unix_socket_path && (isolation & ISO_CLIENTADDR)) {
/* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
* just silently remove the isolation flag.
*/
isolation &= ~ISO_CLIENTADDR;
}
if (out && port) {
size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
port_cfg_t *cfg = port_cfg_new(namelen);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment