Commit 6596aa02 authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Implement protocol-type isolation correctly. 

Previously we'd just looked at the connection type, but that's
always CONN_TYPE_AP.  Instead, we should be looking at the type of
the listener that created the connection.

Spotted by rransom; fixes bug 3636.
parent 478785a7

src/or/connection.c

+1 −0
Original line number Diff line number Diff line
@@ -1251,6 +1251,7 @@ connection_init_accepted_conn(connection_t *conn, 
      TO_EDGE_CONN(conn)->isolation_flags = listener->isolation_flags;

      TO_EDGE_CONN(conn)->session_group = listener->session_group;

      TO_EDGE_CONN(conn)->nym_epoch = get_signewnym_epoch();

      TO_EDGE_CONN(conn)->socks_request->listener_type = listener->_base.type;

      switch (TO_CONN(listener)->type) {

        case CONN_TYPE_AP_LISTENER:

          conn->state = AP_CONN_STATE_SOCKS_WAIT;

src/or/connection_edge.c

+5 −4
Original line number Diff line number Diff line
@@ -2582,6 +2582,7 @@ connection_ap_make_link(connection_t *partner, 
  }



  /* Populate isolation fields. */

  conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;

  conn->original_dest_address = tor_strdup(address);

  conn->session_group = session_group;

  conn->isolation_flags = isolation_flags;
@@ -3362,7 +3363,7 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, 
       strcmp_opt(a->socks_request->password, b->socks_request->password)))

    return 0;

  if ((iso & ISO_CLIENTPROTO) &&

      (TO_CONN(a)->type != TO_CONN(b)->type ||

      (a->socks_request->listener_type != b->socks_request->listener_type ||

       a->socks_request->socks_version != b->socks_request->socks_version))

    return 0;

  if ((iso & ISO_CLIENTADDR) &&
@@ -3424,7 +3425,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, 
       strcmp_opt(conn->socks_request->password, circ->socks_password)))

    return 0;

  if ((iso & ISO_CLIENTPROTO) &&

      (TO_CONN(conn)->type != circ->client_proto_type ||

      (conn->socks_request->listener_type != circ->client_proto_type ||

       conn->socks_request->socks_version != circ->client_proto_socksver))

    return 0;

  if ((iso & ISO_CLIENTADDR) &&
@@ -3463,7 +3464,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, 
      return -1;

    circ->dest_port = conn->socks_request->port;

    circ->dest_address = tor_strdup(conn->original_dest_address);

    circ->client_proto_type = TO_CONN(conn)->type;

    circ->client_proto_type = conn->socks_request->listener_type;

    circ->client_proto_socksver = conn->socks_request->socks_version;

    tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);

    circ->session_group = conn->session_group;
@@ -3484,7 +3485,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, 
    if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||

        strcmp_opt(conn->socks_request->password, circ->socks_password))

      mixed |= ISO_SOCKSAUTH;

    if ((TO_CONN(conn)->type != circ->client_proto_type ||

    if ((conn->socks_request->listener_type != circ->client_proto_type ||

         conn->socks_request->socks_version != circ->client_proto_socksver))

      mixed |= ISO_CLIENTPROTO;

    if (!tor_addr_eq(&TO_CONN(conn)->addr, &circ->client_addr))

src/or/dnsserv.c

+2 −0
Original line number Diff line number Diff line
@@ -131,6 +131,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) 
  strlcpy(conn->socks_request->address, q->name,

          sizeof(conn->socks_request->address));



  conn->socks_request->listener_type = listener->_base.type;

  conn->dns_server_request = req;

  conn->isolation_flags = listener->isolation_flags;

  conn->session_group = listener->session_group;
@@ -185,6 +186,7 @@ dnsserv_launch_request(const char *name, int reverse) 
  strlcpy(conn->socks_request->address, name,

          sizeof(conn->socks_request->address));



  conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;

  conn->original_dest_address = tor_strdup(name);

  conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;

  conn->nym_epoch = get_signewnym_epoch();

src/or/or.h

+2 −0
Original line number Diff line number Diff line
@@ -3382,6 +3382,8 @@ struct socks_request_t { 
  uint8_t auth_type;

  /** What is this stream's goal? One of the SOCKS_COMMAND_* values */

  uint8_t command;

  /** Which kind of listener created this stream? */

  uint8_t listener_type;

  size_t replylen; /**< Length of <b>reply</b>. */

  uint8_t reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if

                                    * we want to specify our own socks reply,