Loading src/or/circuit.c +8 −6 Original line number Diff line number Diff line Loading @@ -127,11 +127,13 @@ static aci_t get_unique_aci_by_addr_port(uint32_t addr, uint16_t port, int aci_t high_bit = (aci_type == ACI_TYPE_HIGHER) ? 1<<15 : 0; conn = connection_exact_get_by_addr_port(addr,port); if (!conn) return 1; /* No connection exists; conflict is impossible. */ return (1|high_bit); /* No connection exists; conflict is impossible. */ do { /* Sequentially iterate over test_aci=1...1<<15-1 until we find an * aci such that (high_bit|test_aci) is not already used. */ /* XXX Will loop forever if all aci's in our range are used. * This matters because it's an external DoS vulnerability. */ test_aci = conn->next_aci++; if (test_aci == 0 || test_aci >= 1<<15) { test_aci = 1; Loading Loading @@ -225,13 +227,13 @@ circuit_t *circuit_get_by_conn(connection_t *conn) { return NULL; } circuit_t *circuit_get_newest_ap(void) { circuit_t *circuit_get_newest_open(void) { circuit_t *circ, *bestcirc=NULL; for(circ=global_circuitlist;circ;circ = circ->next) { if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && (!bestcirc || if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && circ->n_conn && (!bestcirc || bestcirc->timestamp_created < circ->timestamp_created)) { log_fn(LOG_DEBUG,"Choosing n_aci %d.", circ->n_aci); log_fn(LOG_DEBUG,"Choosing circuit %s:%d:%d.", circ->n_conn->address, circ->n_port, circ->n_aci); assert(circ->n_aci); bestcirc = circ; } Loading Loading @@ -501,7 +503,7 @@ void circuit_close(circuit_t *circ) { assert(circ); if(options.APPort) { youngest = circuit_get_newest_ap(); youngest = circuit_get_newest_open(); log_fn(LOG_DEBUG,"youngest %d, circ %d.",(int)youngest, (int)circ); } circuit_remove(circ); Loading Loading @@ -610,7 +612,7 @@ void circuit_expire_unused_circuits(void) { circuit_t *circ, *tmpcirc; circuit_t *youngest; youngest = circuit_get_newest_ap(); youngest = circuit_get_newest_open(); circ = global_circuitlist; while(circ) { Loading src/or/connection.c +1 −1 Original line number Diff line number Diff line Loading @@ -848,7 +848,7 @@ void assert_connection_ok(connection_t *conn, time_t now) conn->state <= _EXIT_CONN_STATE_MAX); break; case CONN_TYPE_AP: assert(conn->state >= _EXIT_CONN_STATE_MIN && assert(conn->state >= _AP_CONN_STATE_MIN && conn->state <= _AP_CONN_STATE_MAX); break; case CONN_TYPE_DIR: Loading src/or/connection_edge.c +16 −1 Original line number Diff line number Diff line Loading @@ -12,6 +12,21 @@ static int connection_ap_handshake_socks_reply(connection_t *conn, char result); static int connection_exit_begin_conn(cell_t *cell, circuit_t *circ); #define SOCKS4_REQUEST_GRANTED 90 #define SOCKS4_REQUEST_REJECT 91 #define SOCKS4_REQUEST_IDENT_FAILED 92 #define SOCKS4_REQUEST_IDENT_CONFLICT 93 /* structure of a socks client operation */ typedef struct { unsigned char version; /* socks version number */ unsigned char command; /* command code */ unsigned char destport[2]; /* destination port, network order */ unsigned char destip[4]; /* destination address */ /* userid follows, terminated by a NULL */ /* dest host follows, terminated by a NULL */ } socks4_t; int connection_edge_process_inbuf(connection_t *conn) { assert(conn); Loading Loading @@ -509,7 +524,7 @@ static int connection_ap_handshake_process_socks(connection_t *conn) { } /* find the circuit that we should use, if there is one. */ circ = circuit_get_newest_ap(); circ = circuit_get_newest_open(); if(!circ) { log_fn(LOG_INFO,"No circuit ready. Closing."); Loading src/or/directory.c +2 −2 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ static int reading_headers=0; static int directory_dirty=1; static char getstring[] = "GET / HTTP/1.0\r\n\r\n"; static char poststring[] = "POST / HTTP/1.0\r\n\r\n"; static char answerstring[] = "HTTP/1.0 200 OK\r\n\r\n"; /********* END VARIABLES ************/ Loading Loading @@ -132,7 +133,7 @@ int connection_dir_process_inbuf(connection_t *conn) { if(router_get_dir_from_string(the_directory, conn->pkey) < 0) { log_fn(LOG_DEBUG,"...but parsing failed. Ignoring."); } else { log_fn(LOG_DEBUG,"and got a %s directory; updated routers.", log_fn(LOG_DEBUG,"and got an %s directory; updated routers.", conn->pkey ? "authenticated" : "unauthenticated"); } Loading Loading @@ -235,7 +236,6 @@ int connection_dir_finished_flushing(connection_t *conn) { case DIR_CONN_STATE_CONNECTING: if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) { /* not yet */ if(!ERRNO_CONN_EINPROGRESS(errno)) { /* yuck. kill it. */ log_fn(LOG_DEBUG,"in-progress connect failed. Removing."); router_forget_router(conn->addr, conn->port); /* don't try him again */ return -1; Loading src/or/main.c +1 −1 Original line number Diff line number Diff line Loading @@ -343,7 +343,7 @@ static int prepare_for_poll(void) { if(options.APPort && time_to_new_circuit < now.tv_sec) { circuit_expire_unused_circuits(); circuit_launch_new(-1); /* tell it to forget about previous failures */ circ = circuit_get_newest_ap(); circ = circuit_get_newest_open(); if(!circ || circ->dirty) { log(LOG_INFO,"prepare_for_poll(): Youngest circuit %s; launching replacement.", circ ? "dirty" : "missing"); circuit_launch_new(0); /* make an onion and lay the circuit */ Loading Loading
src/or/circuit.c +8 −6 Original line number Diff line number Diff line Loading @@ -127,11 +127,13 @@ static aci_t get_unique_aci_by_addr_port(uint32_t addr, uint16_t port, int aci_t high_bit = (aci_type == ACI_TYPE_HIGHER) ? 1<<15 : 0; conn = connection_exact_get_by_addr_port(addr,port); if (!conn) return 1; /* No connection exists; conflict is impossible. */ return (1|high_bit); /* No connection exists; conflict is impossible. */ do { /* Sequentially iterate over test_aci=1...1<<15-1 until we find an * aci such that (high_bit|test_aci) is not already used. */ /* XXX Will loop forever if all aci's in our range are used. * This matters because it's an external DoS vulnerability. */ test_aci = conn->next_aci++; if (test_aci == 0 || test_aci >= 1<<15) { test_aci = 1; Loading Loading @@ -225,13 +227,13 @@ circuit_t *circuit_get_by_conn(connection_t *conn) { return NULL; } circuit_t *circuit_get_newest_ap(void) { circuit_t *circuit_get_newest_open(void) { circuit_t *circ, *bestcirc=NULL; for(circ=global_circuitlist;circ;circ = circ->next) { if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && (!bestcirc || if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && circ->n_conn && (!bestcirc || bestcirc->timestamp_created < circ->timestamp_created)) { log_fn(LOG_DEBUG,"Choosing n_aci %d.", circ->n_aci); log_fn(LOG_DEBUG,"Choosing circuit %s:%d:%d.", circ->n_conn->address, circ->n_port, circ->n_aci); assert(circ->n_aci); bestcirc = circ; } Loading Loading @@ -501,7 +503,7 @@ void circuit_close(circuit_t *circ) { assert(circ); if(options.APPort) { youngest = circuit_get_newest_ap(); youngest = circuit_get_newest_open(); log_fn(LOG_DEBUG,"youngest %d, circ %d.",(int)youngest, (int)circ); } circuit_remove(circ); Loading Loading @@ -610,7 +612,7 @@ void circuit_expire_unused_circuits(void) { circuit_t *circ, *tmpcirc; circuit_t *youngest; youngest = circuit_get_newest_ap(); youngest = circuit_get_newest_open(); circ = global_circuitlist; while(circ) { Loading
src/or/connection.c +1 −1 Original line number Diff line number Diff line Loading @@ -848,7 +848,7 @@ void assert_connection_ok(connection_t *conn, time_t now) conn->state <= _EXIT_CONN_STATE_MAX); break; case CONN_TYPE_AP: assert(conn->state >= _EXIT_CONN_STATE_MIN && assert(conn->state >= _AP_CONN_STATE_MIN && conn->state <= _AP_CONN_STATE_MAX); break; case CONN_TYPE_DIR: Loading
src/or/connection_edge.c +16 −1 Original line number Diff line number Diff line Loading @@ -12,6 +12,21 @@ static int connection_ap_handshake_socks_reply(connection_t *conn, char result); static int connection_exit_begin_conn(cell_t *cell, circuit_t *circ); #define SOCKS4_REQUEST_GRANTED 90 #define SOCKS4_REQUEST_REJECT 91 #define SOCKS4_REQUEST_IDENT_FAILED 92 #define SOCKS4_REQUEST_IDENT_CONFLICT 93 /* structure of a socks client operation */ typedef struct { unsigned char version; /* socks version number */ unsigned char command; /* command code */ unsigned char destport[2]; /* destination port, network order */ unsigned char destip[4]; /* destination address */ /* userid follows, terminated by a NULL */ /* dest host follows, terminated by a NULL */ } socks4_t; int connection_edge_process_inbuf(connection_t *conn) { assert(conn); Loading Loading @@ -509,7 +524,7 @@ static int connection_ap_handshake_process_socks(connection_t *conn) { } /* find the circuit that we should use, if there is one. */ circ = circuit_get_newest_ap(); circ = circuit_get_newest_open(); if(!circ) { log_fn(LOG_INFO,"No circuit ready. Closing."); Loading
src/or/directory.c +2 −2 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ static int reading_headers=0; static int directory_dirty=1; static char getstring[] = "GET / HTTP/1.0\r\n\r\n"; static char poststring[] = "POST / HTTP/1.0\r\n\r\n"; static char answerstring[] = "HTTP/1.0 200 OK\r\n\r\n"; /********* END VARIABLES ************/ Loading Loading @@ -132,7 +133,7 @@ int connection_dir_process_inbuf(connection_t *conn) { if(router_get_dir_from_string(the_directory, conn->pkey) < 0) { log_fn(LOG_DEBUG,"...but parsing failed. Ignoring."); } else { log_fn(LOG_DEBUG,"and got a %s directory; updated routers.", log_fn(LOG_DEBUG,"and got an %s directory; updated routers.", conn->pkey ? "authenticated" : "unauthenticated"); } Loading Loading @@ -235,7 +236,6 @@ int connection_dir_finished_flushing(connection_t *conn) { case DIR_CONN_STATE_CONNECTING: if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) { /* not yet */ if(!ERRNO_CONN_EINPROGRESS(errno)) { /* yuck. kill it. */ log_fn(LOG_DEBUG,"in-progress connect failed. Removing."); router_forget_router(conn->addr, conn->port); /* don't try him again */ return -1; Loading
src/or/main.c +1 −1 Original line number Diff line number Diff line Loading @@ -343,7 +343,7 @@ static int prepare_for_poll(void) { if(options.APPort && time_to_new_circuit < now.tv_sec) { circuit_expire_unused_circuits(); circuit_launch_new(-1); /* tell it to forget about previous failures */ circ = circuit_get_newest_ap(); circ = circuit_get_newest_open(); if(!circ || circ->dirty) { log(LOG_INFO,"prepare_for_poll(): Youngest circuit %s; launching replacement.", circ ? "dirty" : "missing"); circuit_launch_new(0); /* make an onion and lay the circuit */ Loading
