Merge remote-tracking branch 'yawning-schwanenlied/bug20261'

d25fed51 · Nick Mathewson · 5a9696fa · 7b2c8567 · d25fed51 · d25fed51
Commit d25fed51 authored Oct 11, 2016 by Nick Mathewson 🎨
--- a/changes/bug20261
+++ b/changes/bug20261
+  o Minor bugfixes (client, unix domain sockets):
+    - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts
+      as the client address is meaningless. Fixes bug 20261; bugfix on
+      0.2.6.3-alpha.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if
    another.  Recognized isolation flags are:
    **IsolateClientAddr**;;
        Don't share circuits with streams from a different
-        client address.  (On by default and strongly recommended;
-        you can disable it with **NoIsolateClientAddr**.)
+        client address.  (On by default and strongly recommended when
+        supported; you can disable it with **NoIsolateClientAddr**.
+        Unsupported and force-disabled when using Unix domain sockets.)
    **IsolateSOCKSAuth**;;
        Don't share circuits with streams for which different
        SOCKS authentication was provided. (On by default;

--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1041,6 +1041,10 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
 * Different address families (IPv4 vs IPv6) are always considered unequal if
 * <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
 * considered equivalent to their IPv4 equivalents.
+ *
+ * As a special case, all AF_UNIX addresses are always considered equal
+ * since tor_addr_t currently does not contain the information required to
+ * make the comparison.
 */
 int
 tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2,
@@ -1114,6 +1118,18 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
          return 0;
        }
      }
+      case AF_UNIX:
+        /* HACKHACKHACKHACKHACK:
+         * tor_addr_t doesn't contain a copy of sun_path, so it's not
+         * possible to comapre this at all.
+         *
+         * Since the only time we currently actually should be comparing
+         * 2 AF_UNIX addresses is when dealing with ISO_CLIENTADDR (which
+         * is diesabled for AF_UNIX SocksPorts anyway), this just returns 0.
+         *
+         * See: #20261.
+         */
+        return 0;
      default:
        /* LCOV_EXCL_START */
        tor_fragile_assert();

--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out,
      goto err;
    }

+    if (unix_socket_path && (isolation & ISO_CLIENTADDR)) {
+      /* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
+       * just silently remove the isolation flag.
+       */
+      isolation &= ~ISO_CLIENTADDR;
+    }
+
    if (out && port) {
      size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
      port_cfg_t *cfg = port_cfg_new(namelen);