| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424 | /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2011, The Tor Project, Inc. *//* See LICENSE for licensing information *//** * \file buffers.c * \brief Implements a generic interface buffer.  Buffers are * fairly opaque string holders that can read to or flush from: * memory, file descriptors, or TLS connections. **/#define BUFFERS_PRIVATE#include "or.h"#include "buffers.h"#include "config.h"#include "connection_edge.h"#include "connection_or.h"#include "control.h"#include "reasons.h"#include "../common/util.h"#include "../common/torlog.h"#ifdef HAVE_UNISTD_H#include <unistd.h>#endif//#define PARANOIA#ifdef PARANOIA/** Helper: If PARANOIA is defined, assert that the buffer in local variable * <b>buf</b> is well-formed. */#define check() STMT_BEGIN assert_buf_ok(buf); STMT_END#else#define check() STMT_NIL#endif/* Implementation notes: * * After flirting with memmove, and dallying with ring-buffers, we're finally * getting up to speed with the 1970s and implementing buffers as a linked * list of small chunks.  Each buffer has such a list; data is removed from * the head of the list, and added at the tail.  The list is singly linked, * and the buffer keeps a pointer to the head and the tail. * * Every chunk, except the tail, contains at least one byte of data.  Data in * each chunk is contiguous. * * When you need to treat the first N characters on a buffer as a contiguous * string, use the buf_pullup function to make them so.  Don't do this more * than necessary. * * The major free Unix kernels have handled buffers like this since, like, * forever. */static int parse_socks(const char *data, size_t datalen, socks_request_t *req,                       int log_sockstype, int safe_socks, ssize_t *drain_out,                       size_t *want_length_out);static int parse_socks_client(const uint8_t *data, size_t datalen,                              int state, char **reason,                              ssize_t *drain_out);/* Chunk manipulation functions *//** A single chunk on a buffer or in a freelist. */typedef struct chunk_t {  struct chunk_t *next; /**< The next chunk on the buffer or freelist. */  size_t datalen; /**< The number of bytes stored in this chunk */  size_t memlen; /**< The number of usable bytes of storage in <b>mem</b>. */  char *data; /**< A pointer to the first byte of data stored in <b>mem</b>. */  char mem[FLEXIBLE_ARRAY_MEMBER]; /**< The actual memory used for storage in                * this chunk. */} chunk_t;#define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])/** Return the number of bytes needed to allocate a chunk to hold * <b>memlen</b> bytes. */#define CHUNK_ALLOC_SIZE(memlen) (CHUNK_HEADER_LEN + (memlen))/** Return the number of usable bytes in a chunk allocated with * malloc(<b>memlen</b>). */#define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_HEADER_LEN)/** Return the next character in <b>chunk</b> onto which data can be appended. * If the chunk is full, this might be off the end of chunk->mem. */static INLINE char *CHUNK_WRITE_PTR(chunk_t *chunk){  return chunk->data + chunk->datalen;}/** Return the number of bytes that can be written onto <b>chunk</b> without * running out of space. */static INLINE size_tCHUNK_REMAINING_CAPACITY(const chunk_t *chunk){  return (chunk->mem + chunk->memlen) - (chunk->data + chunk->datalen);}/** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem, * to free up space at the end. */static INLINE voidchunk_repack(chunk_t *chunk){  if (chunk->datalen && chunk->data != &chunk->mem[0]) {    memmove(chunk->mem, chunk->data, chunk->datalen);  }  chunk->data = &chunk->mem[0];}#ifdef ENABLE_BUF_FREELISTS/** A freelist of chunks. */typedef struct chunk_freelist_t {  size_t alloc_size; /**< What size chunks does this freelist hold? */  int max_length; /**< Never allow more than this number of chunks in the                   * freelist. */  int slack; /**< When trimming the freelist, leave this number of extra              * chunks beyond lowest_length.*/  int cur_length; /**< How many chunks on the freelist now? */  int lowest_length; /**< What's the smallest value of cur_length since the                      * last time we cleaned this freelist? */  uint64_t n_alloc;  uint64_t n_free;  uint64_t n_hit;  chunk_t *head; /**< First chunk on the freelist. */} chunk_freelist_t;/** Macro to help define freelists. */#define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }/** Static array of freelists, sorted by alloc_len, terminated by an entry * with alloc_size of 0. */static chunk_freelist_t freelists[] = {  FL(4096, 256, 8), FL(8192, 128, 4), FL(16384, 64, 4), FL(32768, 32, 2),  FL(0, 0, 0)};#undef FL/** How many times have we looked for a chunk of a size that no freelist * could help with? */static uint64_t n_freelist_miss = 0;static void assert_freelist_ok(chunk_freelist_t *fl);/** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if * no freelist exists for that size. */static INLINE chunk_freelist_t *get_freelist(size_t alloc){  int i;  for (i=0; freelists[i].alloc_size <= alloc; ++i) {    if (freelists[i].alloc_size == alloc) {      return &freelists[i];    }  }  return NULL;}/** Deallocate a chunk or put it on a freelist */static voidchunk_free_unchecked(chunk_t *chunk){  size_t alloc;  chunk_freelist_t *freelist;  alloc = CHUNK_ALLOC_SIZE(chunk->memlen);  freelist = get_freelist(alloc);  if (freelist && freelist->cur_length < freelist->max_length) {    chunk->next = freelist->head;    freelist->head = chunk;    ++freelist->cur_length;  } else {    if (freelist)      ++freelist->n_free;    tor_free(chunk);  }}/** Allocate a new chunk with a given allocation size, or get one from the * freelist.  Note that a chunk with allocation size A can actually hold only * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */static INLINE chunk_t *chunk_new_with_alloc_size(size_t alloc){  chunk_t *ch;  chunk_freelist_t *freelist;  tor_assert(alloc >= sizeof(chunk_t));  freelist = get_freelist(alloc);  if (freelist && freelist->head) {    ch = freelist->head;    freelist->head = ch->next;    if (--freelist->cur_length < freelist->lowest_length)      freelist->lowest_length = freelist->cur_length;    ++freelist->n_hit;  } else {    /* XXXX take advantage of tor_malloc_roundup, once we know how that     * affects freelists. */    if (freelist)      ++freelist->n_alloc;    else      ++n_freelist_miss;    ch = tor_malloc(alloc);  }  ch->next = NULL;  ch->datalen = 0;  ch->memlen = CHUNK_SIZE_WITH_ALLOC(alloc);  ch->data = &ch->mem[0];  return ch;}#elsestatic voidchunk_free_unchecked(chunk_t *chunk){  tor_free(chunk);}static INLINE chunk_t *chunk_new_with_alloc_size(size_t alloc){  chunk_t *ch;  ch = tor_malloc_roundup(&alloc);  ch->next = NULL;  ch->datalen = 0;  ch->memlen = CHUNK_SIZE_WITH_ALLOC(alloc);  ch->data = &ch->mem[0];  return ch;}#endif/** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a * new pointer to <b>chunk</b>.  Old pointers are no longer valid. */static INLINE chunk_t *chunk_grow(chunk_t *chunk, size_t sz){  off_t offset;  tor_assert(sz > chunk->memlen);  offset = chunk->data - chunk->mem;  chunk = tor_realloc(chunk, CHUNK_ALLOC_SIZE(sz));  chunk->memlen = sz;  chunk->data = chunk->mem + offset;  return chunk;}/** If a read onto the end of a chunk would be smaller than this number, then * just start a new chunk. */#define MIN_READ_LEN 8/** Every chunk should take up at least this many bytes. */#define MIN_CHUNK_ALLOC 256/** No chunk should take up more than this many bytes. */#define MAX_CHUNK_ALLOC 65536/** Return the allocation size we'd like to use to hold <b>target</b> * bytes. */static INLINE size_tpreferred_chunk_size(size_t target){  size_t sz = MIN_CHUNK_ALLOC;  while (CHUNK_SIZE_WITH_ALLOC(sz) < target) {    sz <<= 1;  }  return sz;}/** Remove from the freelists most chunks that have not been used since the * last call to buf_shrink_freelists(). */voidbuf_shrink_freelists(int free_all){#ifdef ENABLE_BUF_FREELISTS  int i;  disable_control_logging();  for (i = 0; freelists[i].alloc_size; ++i) {    int slack = freelists[i].slack;    assert_freelist_ok(&freelists[i]);    if (free_all || freelists[i].lowest_length > slack) {      int n_to_free = free_all ? freelists[i].cur_length :        (freelists[i].lowest_length - slack);      int n_to_skip = freelists[i].cur_length - n_to_free;      int orig_length = freelists[i].cur_length;      int orig_n_to_free = n_to_free, n_freed=0;      int orig_n_to_skip = n_to_skip;      int new_length = n_to_skip;      chunk_t **chp = &freelists[i].head;      chunk_t *chunk;      while (n_to_skip) {        if (! (*chp)->next) {          log_warn(LD_BUG, "I wanted to skip %d chunks in the freelist for "                   "%d-byte chunks, but only found %d. (Length %d)",                   orig_n_to_skip, (int)freelists[i].alloc_size,                   orig_n_to_skip-n_to_skip, freelists[i].cur_length);          assert_freelist_ok(&freelists[i]);          goto done;        }        // tor_assert((*chp)->next);        chp = &(*chp)->next;        --n_to_skip;      }      chunk = *chp;      *chp = NULL;      while (chunk) {        chunk_t *next = chunk->next;        tor_free(chunk);        chunk = next;        --n_to_free;        ++n_freed;        ++freelists[i].n_free;      }      if (n_to_free) {        log_warn(LD_BUG, "Freelist length for %d-byte chunks may have been "                 "messed up somehow.", (int)freelists[i].alloc_size);        log_warn(LD_BUG, "There were %d chunks at the start.  I decided to "                 "keep %d. I wanted to free %d.  I freed %d.  I somehow think "                 "I have %d left to free.",                 freelists[i].cur_length, n_to_skip, orig_n_to_free,                 n_freed, n_to_free);      }      // tor_assert(!n_to_free);      freelists[i].cur_length = new_length;      log_info(LD_MM, "Cleaned freelist for %d-byte chunks: original "               "length %d, kept %d, dropped %d.",               (int)freelists[i].alloc_size, orig_length,               orig_n_to_skip, orig_n_to_free);    }    freelists[i].lowest_length = freelists[i].cur_length;    assert_freelist_ok(&freelists[i]);  } done:  enable_control_logging();#else  (void) free_all;#endif}/** Describe the current status of the freelists at log level <b>severity</b>. */voidbuf_dump_freelist_sizes(int severity){#ifdef ENABLE_BUF_FREELISTS  int i;  log(severity, LD_MM, "====== Buffer freelists:");  for (i = 0; freelists[i].alloc_size; ++i) {    uint64_t total = ((uint64_t)freelists[i].cur_length) *      freelists[i].alloc_size;    log(severity, LD_MM,        U64_FORMAT" bytes in %d %d-byte chunks ["U64_FORMAT        " misses; "U64_FORMAT" frees; "U64_FORMAT" hits]",        U64_PRINTF_ARG(total),        freelists[i].cur_length, (int)freelists[i].alloc_size,        U64_PRINTF_ARG(freelists[i].n_alloc),        U64_PRINTF_ARG(freelists[i].n_free),        U64_PRINTF_ARG(freelists[i].n_hit));  }  log(severity, LD_MM, U64_FORMAT" allocations in non-freelist sizes",      U64_PRINTF_ARG(n_freelist_miss));#else  (void)severity;#endif}/** Magic value for buf_t.magic, to catch pointer errors. */#define BUFFER_MAGIC 0xB0FFF312u/** A resizeable buffer, optimized for reading and writing. */struct buf_t {  uint32_t magic; /**< Magic cookie for debugging: Must be set to                   *   BUFFER_MAGIC. */  size_t datalen; /**< How many bytes is this buffer holding right now? */  size_t default_chunk_size; /**< Don't allocate any chunks smaller than                              * this for this buffer. */  chunk_t *head; /**< First chunk in the list, or NULL for none. */  chunk_t *tail; /**< Last chunk in the list, or NULL for none. */};/** Collapse data from the first N chunks from <b>buf</b> into buf->head, * growing it as necessary, until buf->head has the first <b>bytes</b> bytes * of data from the buffer, or until buf->head has all the data in <b>buf</b>. * * If <b>nulterminate</b> is true, ensure that there is a 0 byte in * buf->head->mem right after all the data. */static voidbuf_pullup(buf_t *buf, size_t bytes, int nulterminate){  chunk_t *dest, *src;  size_t capacity;  if (!buf->head)    return;  check();  if (buf->datalen < bytes)    bytes = buf->datalen;  if (nulterminate) {    capacity = bytes + 1;    if (buf->head->datalen >= bytes && CHUNK_REMAINING_CAPACITY(buf->head)) {      *CHUNK_WRITE_PTR(buf->head) = '\0';      return;    }  } else {    capacity = bytes;    if (buf->head->datalen >= bytes)      return;  }  if (buf->head->memlen >= capacity) {    /* We don't need to grow the first chunk, but we might need to repack it.*/    if (CHUNK_REMAINING_CAPACITY(buf->head) < capacity-buf->datalen)      chunk_repack(buf->head);    tor_assert(CHUNK_REMAINING_CAPACITY(buf->head) >= capacity-buf->datalen);  } else {    chunk_t *newhead;    size_t newsize;    /* We need to grow the chunk. */    chunk_repack(buf->head);    newsize = CHUNK_SIZE_WITH_ALLOC(preferred_chunk_size(capacity));    newhead = chunk_grow(buf->head, newsize);    tor_assert(newhead->memlen >= capacity);    if (newhead != buf->head) {      if (buf->tail == buf->head)        buf->tail = newhead;      buf->head = newhead;    }  }  dest = buf->head;  while (dest->datalen < bytes) {    size_t n = bytes - dest->datalen;    src = dest->next;    tor_assert(src);    if (n > src->datalen) {      memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);      dest->datalen += src->datalen;      dest->next = src->next;      if (buf->tail == src)        buf->tail = dest;      chunk_free_unchecked(src);    } else {      memcpy(CHUNK_WRITE_PTR(dest), src->data, n);      dest->datalen += n;      src->data += n;      src->datalen -= n;      tor_assert(dest->datalen == bytes);    }  }  if (nulterminate) {    tor_assert(CHUNK_REMAINING_CAPACITY(buf->head));    *CHUNK_WRITE_PTR(buf->head) = '\0';  }  check();}/** Resize buf so it won't hold extra memory that we haven't been * using lately. */voidbuf_shrink(buf_t *buf){  (void)buf;}/** Remove the first <b>n</b> bytes from buf. */static INLINE voidbuf_remove_from_front(buf_t *buf, size_t n){  tor_assert(buf->datalen >= n);  while (n) {    tor_assert(buf->head);    if (buf->head->datalen > n) {      buf->head->datalen -= n;      buf->head->data += n;      buf->datalen -= n;      return;    } else {      chunk_t *victim = buf->head;      n -= victim->datalen;      buf->datalen -= victim->datalen;      buf->head = victim->next;      if (buf->tail == victim)        buf->tail = NULL;      chunk_free_unchecked(victim);    }  }  check();}/** Create and return a new buf with default chunk capacity <b>size</b>. */buf_t *buf_new_with_capacity(size_t size){  buf_t *b = buf_new();  b->default_chunk_size = preferred_chunk_size(size);  return b;}/** Allocate and return a new buffer with default capacity. */buf_t *buf_new(void){  buf_t *buf = tor_malloc_zero(sizeof(buf_t));  buf->magic = BUFFER_MAGIC;  buf->default_chunk_size = 4096;  return buf;}/** Remove all data from <b>buf</b>. */voidbuf_clear(buf_t *buf){  chunk_t *chunk, *next;  buf->datalen = 0;  for (chunk = buf->head; chunk; chunk = next) {    next = chunk->next;    chunk_free_unchecked(chunk);  }  buf->head = buf->tail = NULL;}/** Return the number of bytes stored in <b>buf</b> */size_tbuf_datalen(const buf_t *buf){  return buf->datalen;}/** Return the total length of all chunks used in <b>buf</b>. */size_tbuf_allocation(const buf_t *buf){  size_t total = 0;  const chunk_t *chunk;  for (chunk = buf->head; chunk; chunk = chunk->next) {    total += chunk->memlen;  }  return total;}/** Return the number of bytes that can be added to <b>buf</b> without * performing any additional allocation. */size_tbuf_slack(const buf_t *buf){  if (!buf->tail)    return 0;  else    return CHUNK_REMAINING_CAPACITY(buf->tail);}/** Release storage held by <b>buf</b>. */voidbuf_free(buf_t *buf){  if (!buf)    return;  buf_clear(buf);  buf->magic = 0xdeadbeef;  tor_free(buf);}/** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to * the tail of <b>buf</b>.  If <b>capped</b>, don't allocate a chunk bigger * than MAX_CHUNK_ALLOC. */static chunk_t *buf_add_chunk_with_capacity(buf_t *buf, size_t capacity, int capped){  chunk_t *chunk;  if (CHUNK_ALLOC_SIZE(capacity) < buf->default_chunk_size) {    chunk = chunk_new_with_alloc_size(buf->default_chunk_size);  } else if (capped && CHUNK_ALLOC_SIZE(capacity) > MAX_CHUNK_ALLOC) {    chunk = chunk_new_with_alloc_size(MAX_CHUNK_ALLOC);  } else {    chunk = chunk_new_with_alloc_size(preferred_chunk_size(capacity));  }  if (buf->tail) {    tor_assert(buf->head);    buf->tail->next = chunk;    buf->tail = chunk;  } else {    tor_assert(!buf->head);    buf->head = buf->tail = chunk;  }  check();  return chunk;}/** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set * *<b>reached_eof</b> to 1.  Return -1 on error, 0 on eof or blocking, * and the number of bytes read otherwise. */static INLINE intread_to_chunk(buf_t *buf, chunk_t *chunk, tor_socket_t fd, size_t at_most,              int *reached_eof, int *socket_error){  ssize_t read_result;  if (at_most > CHUNK_REMAINING_CAPACITY(chunk))    at_most = CHUNK_REMAINING_CAPACITY(chunk);  read_result = tor_socket_recv(fd, CHUNK_WRITE_PTR(chunk), at_most, 0);  if (read_result < 0) {    int e = tor_socket_errno(fd);    if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */#ifdef MS_WINDOWS      if (e == WSAENOBUFS)        log_warn(LD_NET,"recv() failed: WSAENOBUFS. Not enough ram?");#endif      *socket_error = e;      return -1;    }    return 0; /* would block. */  } else if (read_result == 0) {    log_debug(LD_NET,"Encountered eof on fd %d", (int)fd);    *reached_eof = 1;    return 0;  } else { /* actually got bytes. */    buf->datalen += read_result;    chunk->datalen += read_result;    log_debug(LD_NET,"Read %ld bytes. %d on inbuf.", (long)read_result,              (int)buf->datalen);    tor_assert(read_result < INT_MAX);    return (int)read_result;  }}/** As read_to_chunk(), but return (negative) error code on error, blocking, * or TLS, and the number of bytes read otherwise. */static INLINE intread_to_chunk_tls(buf_t *buf, chunk_t *chunk, tor_tls_t *tls,                  size_t at_most){  int read_result;  tor_assert(CHUNK_REMAINING_CAPACITY(chunk) >= at_most);  read_result = tor_tls_read(tls, CHUNK_WRITE_PTR(chunk), at_most);  if (read_result < 0)    return read_result;  buf->datalen += read_result;  chunk->datalen += read_result;  return read_result;}/** Read from socket <b>s</b>, writing onto end of <b>buf</b>.  Read at most * <b>at_most</b> bytes, growing the buffer as necessary.  If recv() returns 0 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on * error; else return the number of bytes read. *//* XXXX023 indicate "read blocked" somehow? */intread_to_buf(tor_socket_t s, size_t at_most, buf_t *buf, int *reached_eof,            int *socket_error){  /* XXXX023 It's stupid to overload the return values for these functions:   * "error status" and "number of bytes read" are not mutually exclusive.   */  int r = 0;  size_t total_read = 0;  check();  tor_assert(reached_eof);  tor_assert(s >= 0);  while (at_most > total_read) {    size_t readlen = at_most - total_read;    chunk_t *chunk;    if (!buf->tail || CHUNK_REMAINING_CAPACITY(buf->tail) < MIN_READ_LEN) {      chunk = buf_add_chunk_with_capacity(buf, at_most, 1);      if (readlen > chunk->memlen)        readlen = chunk->memlen;    } else {      size_t cap = CHUNK_REMAINING_CAPACITY(buf->tail);      chunk = buf->tail;      if (cap < readlen)        readlen = cap;    }    r = read_to_chunk(buf, chunk, s, readlen, reached_eof, socket_error);    check();    if (r < 0)      return r; /* Error */    tor_assert(total_read+r < INT_MAX);    total_read += r;    if ((size_t)r < readlen) { /* eof, block, or no more to read. */      break;    }  }  return (int)total_read;}/** As read_to_buf, but reads from a TLS connection, and returns a TLS * status value rather than the number of bytes read. * * Using TLS on OR connections complicates matters in two ways. * * First, a TLS stream has its own read buffer independent of the * connection's read buffer.  (TLS needs to read an entire frame from * the network before it can decrypt any data.  Thus, trying to read 1 * byte from TLS can require that several KB be read from the network * and decrypted.  The extra data is stored in TLS's decrypt buffer.) * Because the data hasn't been read by Tor (it's still inside the TLS), * this means that sometimes a connection "has stuff to read" even when * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is * used in connection.c to detect TLS objects with non-empty internal * buffers and read from them again. * * Second, the TLS stream's events do not correspond directly to network * events: sometimes, before a TLS stream can read, the network must be * ready to write -- or vice versa. */intread_to_buf_tls(tor_tls_t *tls, size_t at_most, buf_t *buf){  int r = 0;  size_t total_read = 0;  check();  while (at_most > total_read) {    size_t readlen = at_most - total_read;    chunk_t *chunk;    if (!buf->tail || CHUNK_REMAINING_CAPACITY(buf->tail) < MIN_READ_LEN) {      chunk = buf_add_chunk_with_capacity(buf, at_most, 1);      if (readlen > chunk->memlen)        readlen = chunk->memlen;    } else {      size_t cap = CHUNK_REMAINING_CAPACITY(buf->tail);      chunk = buf->tail;      if (cap < readlen)        readlen = cap;    }    r = read_to_chunk_tls(buf, chunk, tls, readlen);    check();    if (r < 0)      return r; /* Error */    tor_assert(total_read+r < INT_MAX);     total_read += r;    if ((size_t)r < readlen) /* eof, block, or no more to read. */      break;  }  return (int)total_read;}/** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>.  On success, deduct * the bytes written from *<b>buf_flushlen</b>.  Return the number of bytes * written on success, 0 on blocking, -1 on failure. */static INLINE intflush_chunk(tor_socket_t s, buf_t *buf, chunk_t *chunk, size_t sz,            size_t *buf_flushlen){  ssize_t write_result;  if (sz > chunk->datalen)    sz = chunk->datalen;  write_result = tor_socket_send(s, chunk->data, sz, 0);  if (write_result < 0) {    int e = tor_socket_errno(s);    if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */#ifdef MS_WINDOWS      if (e == WSAENOBUFS)        log_warn(LD_NET,"write() failed: WSAENOBUFS. Not enough ram?");#endif      return -1;    }    log_debug(LD_NET,"write() would block, returning.");    return 0;  } else {    *buf_flushlen -= write_result;    buf_remove_from_front(buf, write_result);    tor_assert(write_result < INT_MAX);    return (int)write_result;  }}/** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>.  (Tries to write * more if there is a forced pending write size.)  On success, deduct the * bytes written from *<b>buf_flushlen</b>.  Return the number of bytes * written on success, and a TOR_TLS error code on failure or blocking. */static INLINE intflush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,                size_t sz, size_t *buf_flushlen){  int r;  size_t forced;  char *data;  forced = tor_tls_get_forced_write_size(tls);  if (forced > sz)    sz = forced;  if (chunk) {    data = chunk->data;    tor_assert(sz <= chunk->datalen);  } else {    data = NULL;    tor_assert(sz == 0);  }  r = tor_tls_write(tls, data, sz);  if (r < 0)    return r;  if (*buf_flushlen > (size_t)r)    *buf_flushlen -= r;  else    *buf_flushlen = 0;  buf_remove_from_front(buf, r);  log_debug(LD_NET,"flushed %d bytes, %d ready to flush, %d remain.",            r,(int)*buf_flushlen,(int)buf->datalen);  return r;}/** Write data from <b>buf</b> to the socket <b>s</b>.  Write at most * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by * the number of bytes actually written, and remove the written bytes * from the buffer.  Return the number of bytes written on success, * -1 on failure.  Return 0 if write() would block. */intflush_buf(tor_socket_t s, buf_t *buf, size_t sz, size_t *buf_flushlen){  /* XXXX023 It's stupid to overload the return values for these functions:   * "error status" and "number of bytes flushed" are not mutually exclusive.   */  int r;  size_t flushed = 0;  tor_assert(buf_flushlen);  tor_assert(s >= 0);  tor_assert(*buf_flushlen <= buf->datalen);  tor_assert(sz <= *buf_flushlen);  check();  while (sz) {    size_t flushlen0;    tor_assert(buf->head);    if (buf->head->datalen >= sz)      flushlen0 = sz;    else      flushlen0 = buf->head->datalen;    r = flush_chunk(s, buf, buf->head, flushlen0, buf_flushlen);    check();    if (r < 0)      return r;    flushed += r;    sz -= r;    if (r == 0 || (size_t)r < flushlen0) /* can't flush any more now. */      break;  }  tor_assert(flushed < INT_MAX);  return (int)flushed;}/** As flush_buf(), but writes data to a TLS connection.  Can write more than * <b>flushlen</b> bytes. */intflush_buf_tls(tor_tls_t *tls, buf_t *buf, size_t flushlen,              size_t *buf_flushlen){  int r;  size_t flushed = 0;  ssize_t sz;  tor_assert(buf_flushlen);  tor_assert(*buf_flushlen <= buf->datalen);  tor_assert(flushlen <= *buf_flushlen);  sz = (ssize_t) flushlen;  /* we want to let tls write even if flushlen is zero, because it might   * have a partial record pending */  check_no_tls_errors();  check();  do {    size_t flushlen0;    if (buf->head) {      if ((ssize_t)buf->head->datalen >= sz)        flushlen0 = sz;      else        flushlen0 = buf->head->datalen;    } else {      flushlen0 = 0;    }    r = flush_chunk_tls(tls, buf, buf->head, flushlen0, buf_flushlen);    check();    if (r < 0)      return r;    flushed += r;    sz -= r;    if (r == 0) /* Can't flush any more now. */      break;  } while (sz > 0);  tor_assert(flushed < INT_MAX);  return (int)flushed;}/** Append <b>string_len</b> bytes from <b>string</b> to the end of * <b>buf</b>. * * Return the new length of the buffer on success, -1 on failure. */intwrite_to_buf(const char *string, size_t string_len, buf_t *buf){  if (!string_len)    return (int)buf->datalen;  check();  while (string_len) {    size_t copy;    if (!buf->tail || !CHUNK_REMAINING_CAPACITY(buf->tail))      buf_add_chunk_with_capacity(buf, string_len, 1);    copy = CHUNK_REMAINING_CAPACITY(buf->tail);    if (copy > string_len)      copy = string_len;    memcpy(CHUNK_WRITE_PTR(buf->tail), string, copy);    string_len -= copy;    string += copy;    buf->datalen += copy;    buf->tail->datalen += copy;  }  check();  tor_assert(buf->datalen < INT_MAX);  return (int)buf->datalen;}/** Helper: copy the first <b>string_len</b> bytes from <b>buf</b> * onto <b>string</b>. */static INLINE voidpeek_from_buf(char *string, size_t string_len, const buf_t *buf){  chunk_t *chunk;  tor_assert(string);  /* make sure we don't ask for too much */  tor_assert(string_len <= buf->datalen);  /* assert_buf_ok(buf); */  chunk = buf->head;  while (string_len) {    size_t copy = string_len;    tor_assert(chunk);    if (chunk->datalen < copy)      copy = chunk->datalen;    memcpy(string, chunk->data, copy);    string_len -= copy;    string += copy;    chunk = chunk->next;  }}/** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store * them into <b>string</b>.  Return the new buffer size.  <b>string_len</b> * must be \<= the number of bytes on the buffer. */intfetch_from_buf(char *string, size_t string_len, buf_t *buf){  /* There must be string_len bytes in buf; write them onto string,   * then memmove buf back (that is, remove them from buf).   *   * Return the number of bytes still on the buffer. */  check();  peek_from_buf(string, string_len, buf);  buf_remove_from_front(buf, string_len);  check();  tor_assert(buf->datalen < INT_MAX);  return (int)buf->datalen;}/** Check <b>buf</b> for a variable-length cell according to the rules of link * protocol version <b>linkproto</b>.  If one is found, pull it off the buffer * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1. * Return 0 if whatever is on the start of buf_t is not a variable-length * cell.  Return 1 and set *<b>out</b> to NULL if there seems to be the start * of a variable-length cell on <b>buf</b>, but the whole thing isn't there * yet. */intfetch_var_cell_from_buf(buf_t *buf, var_cell_t **out, int linkproto){  char hdr[VAR_CELL_HEADER_SIZE];  var_cell_t *result;  uint8_t command;  uint16_t length;  /* If linkproto is unknown (0) or v2 (2), variable-length cells work as   * implemented here. If it's 1, there are no variable-length cells.  Tor   * does not support other versions right now, and so can't negotiate them.   */  if (linkproto == 1)    return 0;  check();  *out = NULL;  if (buf->datalen < VAR_CELL_HEADER_SIZE)    return 0;  peek_from_buf(hdr, sizeof(hdr), buf);  command = get_uint8(hdr+2);  if (!(CELL_COMMAND_IS_VAR_LENGTH(command)))    return 0;  length = ntohs(get_uint16(hdr+3));  if (buf->datalen < (size_t)(VAR_CELL_HEADER_SIZE+length))    return 1;  result = var_cell_new(length);  result->command = command;  result->circ_id = ntohs(get_uint16(hdr));  buf_remove_from_front(buf, VAR_CELL_HEADER_SIZE);  peek_from_buf((char*) result->payload, length, buf);  buf_remove_from_front(buf, length);  check();  *out = result;  return 1;}#ifdef USE_BUFFEREVENTS/** Try to read <b>n</b> bytes from <b>buf</b> at <b>pos</b> (which may be * NULL for the start of the buffer), copying the data only if necessary.  Set * *<b>data</b> to a pointer to the desired bytes.  Set <b>free_out</b> to 1 * if we needed to malloc *<b>data</b> because the original bytes were * noncontiguous; 0 otherwise.  Return the number of bytes actually available * at <b>data</b>. */static ssize_tinspect_evbuffer(struct evbuffer *buf, char **data, size_t n, int *free_out,                 struct evbuffer_ptr *pos){  int n_vecs, i;  if (evbuffer_get_length(buf) < n)    n = evbuffer_get_length(buf);  if (n == 0)    return 0;  n_vecs = evbuffer_peek(buf, n, pos, NULL, 0);  tor_assert(n_vecs > 0);  if (n_vecs == 1) {    struct evbuffer_iovec v;    i = evbuffer_peek(buf, n, pos, &v, 1);    tor_assert(i == 1);    *data = v.iov_base;    *free_out = 0;    return v.iov_len;  } else {    struct evbuffer_iovec *vecs =      tor_malloc(sizeof(struct evbuffer_iovec)*n_vecs);    size_t copied = 0;    i = evbuffer_peek(buf, n, NULL, vecs, n_vecs);    tor_assert(i == n_vecs);    *data = tor_malloc(n);    for (i=0; i < n_vecs; ++i) {      size_t copy = n - copied;      if (copy > vecs[i].iov_len)        copy = vecs[i].iov_len;      tor_assert(copied+copy <= n);      memcpy(data+copied, vecs[i].iov_base, copy);      copied += copy;    }    *free_out = 1;    return copied;  }}/** As fetch_var_cell_from_buf, buf works on an evbuffer. */intfetch_var_cell_from_evbuffer(struct evbuffer *buf, var_cell_t **out,                             int linkproto){  char *hdr = NULL;  int free_hdr = 0;  size_t n;  size_t buf_len;  uint8_t command;  uint16_t cell_length;  var_cell_t *cell;  int result = 0;  if (linkproto == 1)    return 0;  *out = NULL;  buf_len = evbuffer_get_length(buf);  if (buf_len < VAR_CELL_HEADER_SIZE)    return 0;  n = inspect_evbuffer(buf, &hdr, VAR_CELL_HEADER_SIZE, &free_hdr, NULL);  tor_assert(n >= VAR_CELL_HEADER_SIZE);  command = get_uint8(hdr+2);  if (!(CELL_COMMAND_IS_VAR_LENGTH(command))) {    goto done;  }  cell_length = ntohs(get_uint16(hdr+3));  if (buf_len < (size_t)(VAR_CELL_HEADER_SIZE+cell_length)) {    result = 1; /* Not all here yet. */    goto done;  }  cell = var_cell_new(cell_length);  cell->command = command;  cell->circ_id = ntohs(get_uint16(hdr));  evbuffer_drain(buf, VAR_CELL_HEADER_SIZE);  evbuffer_remove(buf, cell->payload, cell_length);  *out = cell;  result = 1; done:  if (free_hdr && hdr)    tor_free(hdr);  return result;}#endif/** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately. * Return the number of bytes actually copied. */intmove_buf_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen){  /* We can do way better here, but this doesn't turn up in any profiles. */  char b[4096];  size_t cp, len;  len = *buf_flushlen;  if (len > buf_in->datalen)    len = buf_in->datalen;  cp = len; /* Remember the number of bytes we intend to copy. */  tor_assert(cp < INT_MAX);  while (len) {    /* This isn't the most efficient implementation one could imagine, since     * it does two copies instead of 1, but I kinda doubt that this will be     * critical path. */    size_t n = len > sizeof(b) ? sizeof(b) : len;    fetch_from_buf(b, n, buf_in);    write_to_buf(b, n, buf_out);    len -= n;  }  *buf_flushlen -= cp;  return (int)cp;}/** Internal structure: represents a position in a buffer. */typedef struct buf_pos_t {  const chunk_t *chunk; /**< Which chunk are we pointing to? */  int pos;/**< Which character inside the chunk's data are we pointing to? */  size_t chunk_pos; /**< Total length of all previous chunks. */} buf_pos_t;/** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/static voidbuf_pos_init(const buf_t *buf, buf_pos_t *out){  out->chunk = buf->head;  out->pos = 0;  out->chunk_pos = 0;}/** Advance <b>out</b> to the first appearance of <b>ch</b> at the current * position of <b>out</b>, or later.  Return -1 if no instances are found; * otherwise returns the absolute position of the character. */static off_tbuf_find_pos_of_char(char ch, buf_pos_t *out){  const chunk_t *chunk;  int pos;  tor_assert(out);  if (out->chunk) {    if (out->chunk->datalen) {      tor_assert(out->pos < (off_t)out->chunk->datalen);    } else {      tor_assert(out->pos == 0);    }  }  pos = out->pos;  for (chunk = out->chunk; chunk; chunk = chunk->next) {    char *cp = memchr(chunk->data+pos, ch, chunk->datalen - pos);    if (cp) {      out->chunk = chunk;      tor_assert(cp - chunk->data < INT_MAX);      out->pos = (int)(cp - chunk->data);      return out->chunk_pos + out->pos;    } else {      out->chunk_pos += chunk->datalen;      pos = 0;    }  }  return -1;}/** Advance <b>pos</b> by a single character, if there are any more characters * in the buffer.  Returns 0 on success, -1 on failure. */static INLINE intbuf_pos_inc(buf_pos_t *pos){  ++pos->pos;  if (pos->pos == (off_t)pos->chunk->datalen) {    if (!pos->chunk->next)      return -1;    pos->chunk_pos += pos->chunk->datalen;    pos->chunk = pos->chunk->next;    pos->pos = 0;  }  return 0;}/** Return true iff the <b>n</b>-character string in <b>s</b> appears * (verbatim) at <b>pos</b>. */static intbuf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n){  buf_pos_t p;  if (!n)    return 1;  memcpy(&p, pos, sizeof(p));  while (1) {    char ch = p.chunk->data[p.pos];    if (ch != *s)      return 0;    ++s;    /* If we're out of characters that don't match, we match.  Check this     * _before_ we test incrementing pos, in case we're at the end of the     * string. */    if (--n == 0)      return 1;    if (buf_pos_inc(&p)<0)      return 0;  }}/** Return the first position in <b>buf</b> at which the <b>n</b>-character * string <b>s</b> occurs, or -1 if it does not occur. *//*private*/ intbuf_find_string_offset(const buf_t *buf, const char *s, size_t n){  buf_pos_t pos;  buf_pos_init(buf, &pos);  while (buf_find_pos_of_char(*s, &pos) >= 0) {    if (buf_matches_at_pos(&pos, s, n)) {      tor_assert(pos.chunk_pos + pos.pos < INT_MAX);      return (int)(pos.chunk_pos + pos.pos);    } else {      if (buf_pos_inc(&pos)<0)        return -1;    }  }  return -1;}/** There is a (possibly incomplete) http statement on <b>buf</b>, of the * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.) * If a) the headers include a Content-Length field and all bytes in * the body are present, or b) there's no Content-Length field and * all headers are present, then: * *  - strdup headers into <b>*headers_out</b>, and NUL-terminate it. *  - memdup body into <b>*body_out</b>, and NUL-terminate it. *  - Then remove them from <b>buf</b>, and return 1. * *  - If headers or body is NULL, discard that part of the buf. *  - If a headers or body doesn't fit in the arg, return -1. *  (We ensure that the headers or body don't exceed max len, *   _even if_ we're planning to discard them.) *  - If force_complete is true, then succeed even if not all of the *    content has arrived. * * Else, change nothing and return 0. */intfetch_from_buf_http(buf_t *buf,                    char **headers_out, size_t max_headerlen,                    char **body_out, size_t *body_used, size_t max_bodylen,                    int force_complete){  char *headers, *p;  size_t headerlen, bodylen, contentlen;  int crlf_offset;  check();  if (!buf->head)    return 0;  crlf_offset = buf_find_string_offset(buf, "\r\n\r\n", 4);  if (crlf_offset > (int)max_headerlen ||      (crlf_offset < 0 && buf->datalen > max_headerlen)) {    log_debug(LD_HTTP,"headers too long.");    return -1;  } else if (crlf_offset < 0) {    log_debug(LD_HTTP,"headers not all here yet.");    return 0;  }  /* Okay, we have a full header.  Make sure it all appears in the first   * chunk. */  if ((int)buf->head->datalen < crlf_offset + 4)    buf_pullup(buf, crlf_offset+4, 0);  headerlen = crlf_offset + 4;  headers = buf->head->data;  bodylen = buf->datalen - headerlen;  log_debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen);  if (max_headerlen <= headerlen) {    log_warn(LD_HTTP,"headerlen %d larger than %d. Failing.",             (int)headerlen, (int)max_headerlen-1);    return -1;  }  if (max_bodylen <= bodylen) {    log_warn(LD_HTTP,"bodylen %d larger than %d. Failing.",             (int)bodylen, (int)max_bodylen-1);    return -1;  }#define CONTENT_LENGTH "\r\nContent-Length: "  p = (char*) tor_memstr(headers, headerlen, CONTENT_LENGTH);  if (p) {    int i;    i = atoi(p+strlen(CONTENT_LENGTH));    if (i < 0) {      log_warn(LD_PROTOCOL, "Content-Length is less than zero; it looks like "               "someone is trying to crash us.");      return -1;    }    contentlen = i;    /* if content-length is malformed, then our body length is 0. fine. */    log_debug(LD_HTTP,"Got a contentlen of %d.",(int)contentlen);    if (bodylen < contentlen) {      if (!force_complete) {        log_debug(LD_HTTP,"body not all here yet.");        return 0; /* not all there yet */      }    }    if (bodylen > contentlen) {      bodylen = contentlen;      log_debug(LD_HTTP,"bodylen reduced to %d.",(int)bodylen);    }  }  /* all happy. copy into the appropriate places, and return 1 */  if (headers_out) {    *headers_out = tor_malloc(headerlen+1);    fetch_from_buf(*headers_out, headerlen, buf);    (*headers_out)[headerlen] = 0; /* NUL terminate it */  }  if (body_out) {    tor_assert(body_used);    *body_used = bodylen;    *body_out = tor_malloc(bodylen+1);    fetch_from_buf(*body_out, bodylen, buf);    (*body_out)[bodylen] = 0; /* NUL terminate it */  }  check();  return 1;}#ifdef USE_BUFFEREVENTS/** As fetch_from_buf_http, buf works on an evbuffer. */intfetch_from_evbuffer_http(struct evbuffer *buf,                    char **headers_out, size_t max_headerlen,                    char **body_out, size_t *body_used, size_t max_bodylen,                    int force_complete){  struct evbuffer_ptr crlf, content_length;  size_t headerlen, bodylen, contentlen;  /* Find the first \r\n\r\n in the buffer */  crlf = evbuffer_search(buf, "\r\n\r\n", 4, NULL);  if (crlf.pos < 0) {    /* We didn't find one. */    if (evbuffer_get_length(buf) > max_headerlen)      return -1; /* Headers too long. */    return 0; /* Headers not here yet. */  } else if (crlf.pos > (int)max_headerlen) {    return -1; /* Headers too long. */  }  headerlen = crlf.pos + 4;  /* Skip over the \r\n\r\n */  bodylen = evbuffer_get_length(buf) - headerlen;  if (bodylen > max_bodylen)    return -1; /* body too long */  /* Look for the first occurrence of CONTENT_LENGTH insize buf before the   * crlfcrlf */  content_length = evbuffer_search_range(buf, CONTENT_LENGTH,                                         strlen(CONTENT_LENGTH), NULL, &crlf);  if (content_length.pos >= 0) {    /* We found a content_length: parse it and figure out if the body is here     * yet. */    struct evbuffer_ptr eol;    char *data = NULL;    int free_data = 0;    int n, i;    n = evbuffer_ptr_set(buf, &content_length, strlen(CONTENT_LENGTH),                         EVBUFFER_PTR_ADD);    tor_assert(n == 0);    eol = evbuffer_search_eol(buf, &content_length, NULL, EVBUFFER_EOL_CRLF);    tor_assert(eol.pos > content_length.pos);    tor_assert(eol.pos <= crlf.pos);    inspect_evbuffer(buf, &data, eol.pos - content_length.pos, &free_data,                         &content_length);    i = atoi(data);    if (free_data)      tor_free(data);    if (i < 0) {      log_warn(LD_PROTOCOL, "Content-Length is less than zero; it looks like "               "someone is trying to crash us.");      return -1;    }    contentlen = i;    /* if content-length is malformed, then our body length is 0. fine. */    log_debug(LD_HTTP,"Got a contentlen of %d.",(int)contentlen);    if (bodylen < contentlen) {      if (!force_complete) {        log_debug(LD_HTTP,"body not all here yet.");        return 0; /* not all there yet */      }    }    if (bodylen > contentlen) {      bodylen = contentlen;      log_debug(LD_HTTP,"bodylen reduced to %d.",(int)bodylen);    }  }  if (headers_out) {    *headers_out = tor_malloc(headerlen+1);    evbuffer_remove(buf, *headers_out, headerlen);    (*headers_out)[headerlen] = '\0';  }  if (body_out) {    tor_assert(headers_out);    tor_assert(body_used);    *body_used = bodylen;    *body_out = tor_malloc(bodylen+1);    evbuffer_remove(buf, *body_out, bodylen);    (*body_out)[bodylen] = '\0';  }  return 1;}#endif/** * Wait this many seconds before warning the user about using SOCKS unsafely * again (requires that WarnUnsafeSocks is turned on). */#define SOCKS_WARN_INTERVAL 5/** Warn that the user application has made an unsafe socks request using * protocol <b>socks_protocol</b> on port <b>port</b>.  Don't warn more than * once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */static voidlog_unsafe_socks_warning(int socks_protocol, const char *address,                         uint16_t port, int safe_socks){  static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);  const or_options_t *options = get_options();  char *m = NULL;  if (! options->WarnUnsafeSocks)    return;  if (safe_socks || (m = rate_limit_log(&socks_ratelim, approx_time()))) {    log_warn(LD_APP,             "Your application (using socks%d to port %d) is giving "             "Tor only an IP address. Applications that do DNS resolves "             "themselves may leak information. Consider using Socks4A "             "(e.g. via privoxy or socat) instead. For more information, "             "please see https://wiki.torproject.org/TheOnionRouter/"             "TorFAQ#SOCKSAndDNS.%s%s",             socks_protocol,             (int)port,             safe_socks ? " Rejecting." : "",             m ? m : "");    tor_free(m);  }  control_event_client_status(LOG_WARN,                              "DANGEROUS_SOCKS PROTOCOL=SOCKS%d ADDRESS=%s:%d",                              socks_protocol, address, (int)port);}/** Do not attempt to parse socks messages longer than this.  This value is * actually significantly higher than the longest possible socks message. */#define MAX_SOCKS_MESSAGE_LEN 512/** Return a new socks_request_t. */socks_request_t *socks_request_new(void){  return tor_malloc_zero(sizeof(socks_request_t));}/** Free all storage held in the socks_request_t <b>req</b>. */voidsocks_request_free(socks_request_t *req){  if (!req)    return;  tor_free(req->username);  tor_free(req->password);  memset(req, 0xCC, sizeof(socks_request_t));  tor_free(req);}/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one * of the forms *  - socks4: "socksheader username\\0" *  - socks4a: "socksheader username\\0 destaddr\\0" *  - socks5 phase one: "version #methods methods" *  - socks5 phase two: "version command 0 addresstype..." * If it's a complete and valid handshake, and destaddr fits in *   MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf, *   assign to <b>req</b>, and return 1. * * If it's invalid or too big, return -1. * * Else it's not all there yet, leave buf alone and return 0. * * If you want to specify the socks reply, write it into <b>req->reply</b> *   and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone. * * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether * the connection is possibly leaking DNS requests locally or not. * * If <b>safe_socks</b> is true, then reject unsafe socks protocols. * * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are * undefined. */intfetch_from_buf_socks(buf_t *buf, socks_request_t *req,                     int log_sockstype, int safe_socks){  int res;  ssize_t n_drain;  size_t want_length = 128;  if (buf->datalen < 2) /* version and another byte */    return 0;  do {    n_drain = 0;    buf_pullup(buf, want_length, 0);    tor_assert(buf->head && buf->head->datalen >= 2);    want_length = 0;    res = parse_socks(buf->head->data, buf->head->datalen, req, log_sockstype,                      safe_socks, &n_drain, &want_length);    if (n_drain < 0)      buf_clear(buf);    else if (n_drain > 0)      buf_remove_from_front(buf, n_drain);  } while (res == 0 && buf->head && want_length < buf->datalen &&           buf->datalen >= 2);  return res;}#ifdef USE_BUFFEREVENTS/* As fetch_from_buf_socks(), but targets an evbuffer instead. */intfetch_from_evbuffer_socks(struct evbuffer *buf, socks_request_t *req,                          int log_sockstype, int safe_socks){  char *data;  ssize_t n_drain;  size_t datalen, buflen, want_length;  int res;  buflen = evbuffer_get_length(buf);  if (buflen < 2)    return 0;  {    /* See if we can find the socks request in the first chunk of the buffer.     */    struct evbuffer_iovec v;    int i;    n_drain = 0;    i = evbuffer_peek(buf, -1, NULL, &v, 1);    tor_assert(i == 1);    data = v.iov_base;    datalen = v.iov_len;    want_length = 0;    res = parse_socks(data, datalen, req, log_sockstype,                      safe_socks, &n_drain, &want_length);    if (n_drain < 0)      evbuffer_drain(buf, evbuffer_get_length(buf));    else if (n_drain > 0)      evbuffer_drain(buf, n_drain);    if (res)      return res;  }  /* Okay, the first chunk of the buffer didn't have a complete socks request.   * That means that either we don't have a whole socks request at all, or   * it's gotten split up.  We're going to try passing parse_socks() bigger   * and bigger chunks until either it says "Okay, I got it", or it says it   * will need more data than we currently have. */  /* Loop while we have more data that we haven't given parse_socks() yet. */  do {    int free_data = 0;    const size_t last_wanted = want_length;    n_drain = 0;    data = NULL;    datalen = inspect_evbuffer(buf, &data, want_length, &free_data, NULL);    want_length = 0;    res = parse_socks(data, datalen, req, log_sockstype,                      safe_socks, &n_drain, &want_length);    if (free_data)      tor_free(data);    if (n_drain < 0)      evbuffer_drain(buf, evbuffer_get_length(buf));    else if (n_drain > 0)      evbuffer_drain(buf, n_drain);    if (res == 0 && n_drain == 0 && want_length <= last_wanted) {      /* If we drained nothing, and we didn't ask for more than last time,       * we're stuck in a loop. That's bad. It shouldn't be possible, but       * let's make sure. */      log_warn(LD_BUG, "We seem to be caught in a parse loop; breaking out");      break;    }    buflen = evbuffer_get_length(buf);  } while (res == 0 && want_length <= buflen && buflen >= 2);  return res;}#endif/** Implementation helper to implement fetch_from_*_socks.  Instead of looking * at a buffer's contents, we look at the <b>datalen</b> bytes of data in * <b>data</b>. Instead of removing data from the buffer, we set * <b>drain_out</b> to the amount of data that should be removed (or -1 if the * buffer should be cleared).  Instead of pulling more data into the first * chunk of the buffer, we set *<b>want_length_out</b> to the number of bytes * we'd like to see in the input buffer, if they're available. */static intparse_socks(const char *data, size_t datalen, socks_request_t *req,            int log_sockstype, int safe_socks, ssize_t *drain_out,            size_t *want_length_out){  unsigned int len;  char tmpbuf[TOR_ADDR_BUF_LEN+1];  tor_addr_t destaddr;  uint32_t destip;  uint8_t socksver;  char *next, *startaddr;  unsigned char usernamelen, passlen;  struct in_addr in;  if (datalen < 2) {    /* We always need at least 2 bytes. */    *want_length_out = 2;    return 0;  }  if (req->socks_version == 5 && !req->got_auth) {    /* See if we have received authentication.  Strictly speaking, we should       also check whether we actually negotiated username/password       authentication.  But some broken clients will send us authentication       even if we negotiated SOCKS_NO_AUTH. */    if (*data == 1) { /* username/pass version 1 */      /* Format is: authversion [1 byte] == 1                    usernamelen [1 byte]                    username    [usernamelen bytes]                    passlen     [1 byte]                    password    [passlen bytes] */      usernamelen = (unsigned char)*(data + 1);      if (datalen < 2u + usernamelen + 1u) {        *want_length_out = 2u + usernamelen + 1u;        return 0;      }      passlen = (unsigned char)*(data + 2u + usernamelen);      if (datalen < 2u + usernamelen + 1u + passlen) {        *want_length_out = 2u + usernamelen + 1u + passlen;        return 0;      }      req->replylen = 2; /* 2 bytes of response */      req->reply[0] = 5;      req->reply[1] = 0; /* authentication successful */      log_debug(LD_APP,               "socks5: Accepted username/password without checking.");      if (usernamelen) {        req->username = tor_memdup(data+2u, usernamelen);        req->usernamelen = usernamelen;      }      if (passlen) {        req->password = tor_memdup(data+3u+usernamelen, passlen);        req->passwordlen = passlen;      }      *drain_out = 2u + usernamelen + 1u + passlen;      req->got_auth = 1;      *want_length_out = 7; /* Minimal socks5 sommand. */      return 0;    } else if (req->auth_type == SOCKS_USER_PASS) {      /* unknown version byte */      log_warn(LD_APP, "Socks5 username/password version %d not recognized; "               "rejecting.", (int)*data);      return -1;    }  }  socksver = *data;  switch (socksver) { /* which version of socks? */    case 5: /* socks5 */      if (req->socks_version != 5) { /* we need to negotiate a method */        unsigned char nummethods = (unsigned char)*(data+1);        int r=0;        tor_assert(!req->socks_version);        if (datalen < 2u+nummethods) {          *want_length_out = 2u+nummethods;          return 0;        }        if (!nummethods)          return -1;        req->replylen = 2; /* 2 bytes of response */        req->reply[0] = 5; /* socks5 reply */        if (memchr(data+2, SOCKS_NO_AUTH, nummethods)) {          req->reply[1] = SOCKS_NO_AUTH; /* tell client to use "none" auth                                            method */          req->socks_version = 5; /* remember we've already negotiated auth */          log_debug(LD_APP,"socks5: accepted method 0 (no authentication)");          r=0;        } else if (memchr(data+2, SOCKS_USER_PASS, nummethods)) {          req->auth_type = SOCKS_USER_PASS;          req->reply[1] = SOCKS_USER_PASS; /* tell client to use "user/pass"                                              auth method */          req->socks_version = 5; /* remember we've already negotiated auth */          log_debug(LD_APP,"socks5: accepted method 2 (username/password)");          r=0;        } else {          log_warn(LD_APP,                    "socks5: offered methods don't include 'no auth' or "                    "username/password. Rejecting.");          req->reply[1] = '\xFF'; /* reject all methods */          r=-1;        }        /* Remove packet from buf. Some SOCKS clients will have sent extra         * junk at this point; let's hope it's an authentication message. */        *drain_out = 2u + nummethods;        return r;      }      if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) {        log_warn(LD_APP,                 "socks5: negotiated authentication, but none provided");        return -1;      }      /* we know the method; read in the request */      log_debug(LD_APP,"socks5: checking request");      if (datalen < 7) {/* basic info plus >=1 for addr plus 2 for port */        *want_length_out = 7;        return 0; /* not yet */      }      req->command = (unsigned char) *(data+1);      if (req->command != SOCKS_COMMAND_CONNECT &&          req->command != SOCKS_COMMAND_RESOLVE &&          req->command != SOCKS_COMMAND_RESOLVE_PTR) {        /* not a connect or resolve or a resolve_ptr? we don't support it. */        log_warn(LD_APP,"socks5: command %d not recognized. Rejecting.",                 req->command);        return -1;      }      switch (*(data+3)) { /* address type */        case 1: /* IPv4 address */        case 4: /* IPv6 address */ {          const int is_v6 = *(data+3) == 4;          const unsigned addrlen = is_v6 ? 16 : 4;          log_debug(LD_APP,"socks5: ipv4 address type");          if (datalen < 6+addrlen) {/* ip/port there? */            *want_length_out = 6+addrlen;            return 0; /* not yet */          }          if (is_v6)            tor_addr_from_ipv6_bytes(&destaddr, data+4);          else            tor_addr_from_ipv4n(&destaddr, get_uint32(data+4));          tor_addr_to_str(tmpbuf, &destaddr, sizeof(tmpbuf), 1);          if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {            log_warn(LD_APP,                     "socks5 IP takes %d bytes, which doesn't fit in %d. "                     "Rejecting.",                     (int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN);            return -1;          }          strlcpy(req->address,tmpbuf,sizeof(req->address));          req->port = ntohs(get_uint16(data+4+addrlen));          *drain_out = 6+addrlen;          if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&              !addressmap_have_mapping(req->address,0)) {            log_unsafe_socks_warning(5, req->address, req->port, safe_socks);            if (safe_socks)              return -1;          }          return 1;        }        case 3: /* fqdn */          log_debug(LD_APP,"socks5: fqdn address type");          if (req->command == SOCKS_COMMAND_RESOLVE_PTR) {            log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "                     "hostname type. Rejecting.");            return -1;          }          len = (unsigned char)*(data+4);          if (datalen < 7+len) { /* addr/port there? */            *want_length_out = 7+len;            return 0; /* not yet */          }          if (len+1 > MAX_SOCKS_ADDR_LEN) {            log_warn(LD_APP,                     "socks5 hostname is %d bytes, which doesn't fit in "                     "%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN);            return -1;          }          memcpy(req->address,data+5,len);          req->address[len] = 0;          req->port = ntohs(get_uint16(data+5+len));          *drain_out = 5+len+2;          if (!tor_strisprint(req->address) || strchr(req->address,'\"')) {            log_warn(LD_PROTOCOL,                     "Your application (using socks5 to port %d) gave Tor "                     "a malformed hostname: %s. Rejecting the connection.",                     req->port, escaped(req->address));            return -1;          }          if (log_sockstype)            log_notice(LD_APP,                  "Your application (using socks5 to port %d) gave "                  "Tor a hostname, which means Tor will do the DNS resolve "                  "for you. This is good.", req->port);          return 1;        default: /* unsupported */          log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",                   (int) *(data+3));          return -1;      }      tor_assert(0);    case 4: { /* socks4 */      enum {socks4, socks4a} socks4_prot = socks4a;      const char *authstart, *authend;      /* http://ss5.sourceforge.net/socks4.protocol.txt */      /* http://ss5.sourceforge.net/socks4A.protocol.txt */      req->socks_version = 4;      if (datalen < SOCKS4_NETWORK_LEN) {/* basic info available? */        *want_length_out = SOCKS4_NETWORK_LEN;        return 0; /* not yet */      }      // buf_pullup(buf, 1280, 0);      req->command = (unsigned char) *(data+1);      if (req->command != SOCKS_COMMAND_CONNECT &&          req->command != SOCKS_COMMAND_RESOLVE) {        /* not a connect or resolve? we don't support it. (No resolve_ptr with         * socks4.) */        log_warn(LD_APP,"socks4: command %d not recognized. Rejecting.",                 req->command);        return -1;      }      req->port = ntohs(get_uint16(data+2));      destip = ntohl(get_uint32(data+4));      if ((!req->port && req->command!=SOCKS_COMMAND_RESOLVE) || !destip) {        log_warn(LD_APP,"socks4: Port or DestIP is zero. Rejecting.");        return -1;      }      if (destip >> 8) {        log_debug(LD_APP,"socks4: destip not in form 0.0.0.x.");        in.s_addr = htonl(destip);        tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));        if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {          log_debug(LD_APP,"socks4 addr (%d bytes) too long. Rejecting.",                    (int)strlen(tmpbuf));          return -1;        }        log_debug(LD_APP,                  "socks4: successfully read destip (%s)",                  safe_str_client(tmpbuf));        socks4_prot = socks4;      }      authstart = data + SOCKS4_NETWORK_LEN;      next = memchr(authstart, 0,                    datalen-SOCKS4_NETWORK_LEN);      if (!next) {        if (datalen >= 1024) {          log_debug(LD_APP, "Socks4 user name too long; rejecting.");          return -1;        }        log_debug(LD_APP,"socks4: Username not here yet.");        *want_length_out = datalen+1024; /* More than we need, but safe */        return 0;      }      authend = next;      tor_assert(next < data+datalen);      startaddr = NULL;      if (socks4_prot != socks4a &&          !addressmap_have_mapping(tmpbuf,0)) {        log_unsafe_socks_warning(4, tmpbuf, req->port, safe_socks);        if (safe_socks)          return -1;      }      if (socks4_prot == socks4a) {        if (next+1 == data+datalen) {          log_debug(LD_APP,"socks4: No part of destaddr here yet.");          *want_length_out = datalen + 1024; /* More than we need, but safe */          return 0;        }        startaddr = next+1;        next = memchr(startaddr, 0, data + datalen - startaddr);        if (!next) {          if (datalen >= 1024) {            log_debug(LD_APP,"socks4: Destaddr too long.");            return -1;          }          log_debug(LD_APP,"socks4: Destaddr not all here yet.");          *want_length_out = datalen + 1024; /* More than we need, but safe */          return 0;        }        if (MAX_SOCKS_ADDR_LEN <= next-startaddr) {          log_warn(LD_APP,"socks4: Destaddr too long. Rejecting.");          return -1;        }        // tor_assert(next < buf->cur+buf->datalen);        if (log_sockstype)          log_notice(LD_APP,                     "Your application (using socks4a to port %d) gave "                     "Tor a hostname, which means Tor will do the DNS resolve "                     "for you. This is good.", req->port);      }      log_debug(LD_APP,"socks4: Everything is here. Success.");      strlcpy(req->address, startaddr ? startaddr : tmpbuf,              sizeof(req->address));      if (!tor_strisprint(req->address) || strchr(req->address,'\"')) {        log_warn(LD_PROTOCOL,                 "Your application (using socks4 to port %d) gave Tor "                 "a malformed hostname: %s. Rejecting the connection.",                 req->port, escaped(req->address));        return -1;      }      if (authend != authstart) {        req->got_auth = 1;        req->usernamelen = authend - authstart;        req->username = tor_memdup(authstart, authend - authstart);      }      /* next points to the final \0 on inbuf */      *drain_out = next - data + 1;      return 1;    }    case 'G': /* get */    case 'H': /* head */    case 'P': /* put/post */    case 'C': /* connect */      strlcpy((char*)req->reply,"HTTP/1.0 501 Tor is not an HTTP Proxy\r\n""Content-Type: text/html; charset=iso-8859-1\r\n\r\n""<html>\n""<head>\n""<title>Tor is not an HTTP Proxy</title>\n""</head>\n""<body>\n""<h1>Tor is not an HTTP Proxy</h1>\n""<p>\n""It appears you have configured your web browser to use Tor as an HTTP proxy.""\n""This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.\n""Please configure your client accordingly.\n""</p>\n""<p>\n""See <a href=\"https://www.torproject.org/documentation.html\">"           "https://www.torproject.org/documentation.html</a> for more "           "information.\n""<!-- Plus this comment, to make the body response more than 512 bytes, so ""     IE will be willing to display it. Comment comment comment comment ""     comment comment comment comment comment comment comment comment.-->\n""</p>\n""</body>\n""</html>\n"             , MAX_SOCKS_REPLY_LEN);      req->replylen = strlen((char*)req->reply)+1;      /* fall through */    default: /* version is not socks4 or socks5 */      log_warn(LD_APP,               "Socks version %d not recognized. (Tor is not an http proxy.)",               *(data));      {        /* Tell the controller the first 8 bytes. */        char *tmp = tor_strndup(data, datalen < 8 ? datalen : 8);        control_event_client_status(LOG_WARN,                                    "SOCKS_UNKNOWN_PROTOCOL DATA=\"%s\"",                                    escaped(tmp));        tor_free(tmp);      }      return -1;  }}/** Inspect a reply from SOCKS server stored in <b>buf</b> according * to <b>state</b>, removing the protocol data upon success. Return 0 on * incomplete response, 1 on success and -1 on error, in which case * <b>reason</b> is set to a descriptive message (free() when finished * with it). * * As a special case, 2 is returned when user/pass is required * during SOCKS5 handshake and user/pass is configured. */intfetch_from_buf_socks_client(buf_t *buf, int state, char **reason){  ssize_t drain = 0;  int r;  if (buf->datalen < 2)    return 0;  buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN, 0);  tor_assert(buf->head && buf->head->datalen >= 2);  r = parse_socks_client((uint8_t*)buf->head->data, buf->head->datalen,                         state, reason, &drain);  if (drain > 0)    buf_remove_from_front(buf, drain);  else if (drain < 0)    buf_clear(buf);  return r;}#ifdef USE_BUFFEREVENTS/** As fetch_from_buf_socks_client, buf works on an evbuffer */intfetch_from_evbuffer_socks_client(struct evbuffer *buf, int state,                                 char **reason){  ssize_t drain = 0;  uint8_t *data;  size_t datalen;  int r;  /* Linearize the SOCKS response in the buffer, up to 128 bytes.   * (parse_socks_client shouldn't need to see anything beyond that.) */  datalen = evbuffer_get_length(buf);  if (datalen > MAX_SOCKS_MESSAGE_LEN)    datalen = MAX_SOCKS_MESSAGE_LEN;  data = evbuffer_pullup(buf, datalen);  r = parse_socks_client(data, datalen, state, reason, &drain);  if (drain > 0)    evbuffer_drain(buf, drain);  else if (drain < 0)    evbuffer_drain(buf, evbuffer_get_length(buf));  return r;}#endif/** Implementation logic for fetch_from_*_socks_client. */static intparse_socks_client(const uint8_t *data, size_t datalen,                   int state, char **reason,                   ssize_t *drain_out){  unsigned int addrlen;  *drain_out = 0;  if (datalen < 2)    return 0;  switch (state) {    case PROXY_SOCKS4_WANT_CONNECT_OK:      /* Wait for the complete response */      if (datalen < 8)        return 0;      if (data[1] != 0x5a) {        *reason = tor_strdup(socks4_response_code_to_string(data[1]));        return -1;      }      /* Success */      *drain_out = 8;      return 1;    case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:      /* we don't have any credentials */      if (data[1] != 0x00) {        *reason = tor_strdup("server doesn't support any of our "                             "available authentication methods");        return -1;      }      log_info(LD_NET, "SOCKS 5 client: continuing without authentication");      *drain_out = -1;      return 1;    case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:      /* we have a username and password. return 1 if we can proceed without       * providing authentication, or 2 otherwise. */      switch (data[1]) {        case 0x00:          log_info(LD_NET, "SOCKS 5 client: we have auth details but server "                            "doesn't require authentication.");          *drain_out = -1;          return 1;        case 0x02:          log_info(LD_NET, "SOCKS 5 client: need authentication.");          *drain_out = -1;          return 2;        /* fall through */      }      *reason = tor_strdup("server doesn't support any of our available "                           "authentication methods");      return -1;    case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:      /* handle server reply to rfc1929 authentication */      if (data[1] != 0x00) {        *reason = tor_strdup("authentication failed");        return -1;      }      log_info(LD_NET, "SOCKS 5 client: authentication successful.");      *drain_out = -1;      return 1;    case PROXY_SOCKS5_WANT_CONNECT_OK:      /* response is variable length. BND.ADDR, etc, isn't needed       * (don't bother with buf_pullup()), but make sure to eat all       * the data used */      /* wait for address type field to arrive */      if (datalen < 4)        return 0;      switch (data[3]) {        case 0x01: /* ip4 */          addrlen = 4;          break;        case 0x04: /* ip6 */          addrlen = 16;          break;        case 0x03: /* fqdn (can this happen here?) */          if (datalen < 5)            return 0;          addrlen = 1 + data[4];          break;        default:          *reason = tor_strdup("invalid response to connect request");          return -1;      }      /* wait for address and port */      if (datalen < 6 + addrlen)        return 0;      if (data[1] != 0x00) {        *reason = tor_strdup(socks5_response_code_to_string(data[1]));        return -1;      }      *drain_out = 6 + addrlen;      return 1;  }  /* shouldn't get here... */  tor_assert(0);  return -1;}/** Return 1 iff buf looks more like it has an (obsolete) v0 controller * command on it than any valid v1 controller command. */intpeek_buf_has_control0_command(buf_t *buf){  if (buf->datalen >= 4) {    char header[4];    uint16_t cmd;    peek_from_buf(header, sizeof(header), buf);    cmd = ntohs(get_uint16(header+2));    if (cmd <= 0x14)      return 1; /* This is definitely not a v1 control command. */  }  return 0;}#ifdef USE_BUFFEREVENTSintpeek_evbuffer_has_control0_command(struct evbuffer *buf){  int result = 0;  if (evbuffer_get_length(buf) >= 4) {    int free_out = 0;    char *data = NULL;    size_t n = inspect_evbuffer(buf, &data, 4, &free_out, NULL);    uint16_t cmd;    tor_assert(n >= 4);    cmd = ntohs(get_uint16(data+2));    if (cmd <= 0x14)      result = 1;    if (free_out)      tor_free(data);  }  return result;}#endif/** Return the index within <b>buf</b> at which <b>ch</b> first appears, * or -1 if <b>ch</b> does not appear on buf. */static off_tbuf_find_offset_of_char(buf_t *buf, char ch){  chunk_t *chunk;  off_t offset = 0;  for (chunk = buf->head; chunk; chunk = chunk->next) {    char *cp = memchr(chunk->data, ch, chunk->datalen);    if (cp)      return offset + (cp - chunk->data);    else      offset += chunk->datalen;  }  return -1;}/** Try to read a single LF-terminated line from <b>buf</b>, and write it * (including the LF), NUL-terminated, into the *<b>data_len</b> byte buffer * at <b>data_out</b>.  Set *<b>data_len</b> to the number of bytes in the * line, not counting the terminating NUL.  Return 1 if we read a whole line, * return 0 if we don't have a whole line yet, and return -1 if the line * length exceeds *<b>data_len</b>. */intfetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len){  size_t sz;  off_t offset;  if (!buf->head)    return 0;  offset = buf_find_offset_of_char(buf, '\n');  if (offset < 0)    return 0;  sz = (size_t) offset;  if (sz+2 > *data_len) {    *data_len = sz + 2;    return -1;  }  fetch_from_buf(data_out, sz+1, buf);  data_out[sz+1] = '\0';  *data_len = sz+1;  return 1;}/** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the * zlib state <b>state</b>, appending the result to <b>buf</b>.  If * <b>done</b> is true, flush the data in the state and finish the * compression/uncompression.  Return -1 on failure, 0 on success. */intwrite_to_buf_zlib(buf_t *buf, tor_zlib_state_t *state,                  const char *data, size_t data_len,                  int done){  char *next;  size_t old_avail, avail;  int over = 0;  do {    int need_new_chunk = 0;    if (!buf->tail || ! CHUNK_REMAINING_CAPACITY(buf->tail)) {      size_t cap = data_len / 4;      buf_add_chunk_with_capacity(buf, cap, 1);    }    next = CHUNK_WRITE_PTR(buf->tail);    avail = old_avail = CHUNK_REMAINING_CAPACITY(buf->tail);    switch (tor_zlib_process(state, &next, &avail, &data, &data_len, done)) {      case TOR_ZLIB_DONE:        over = 1;        break;      case TOR_ZLIB_ERR:        return -1;      case TOR_ZLIB_OK:        if (data_len == 0)          over = 1;        break;      case TOR_ZLIB_BUF_FULL:        if (avail) {          /* Zlib says we need more room (ZLIB_BUF_FULL).  Start a new chunk           * automatically, whether were going to or not. */          need_new_chunk = 1;        }        break;    }    buf->datalen += old_avail - avail;    buf->tail->datalen += old_avail - avail;    if (need_new_chunk) {      buf_add_chunk_with_capacity(buf, data_len/4, 1);    }  } while (!over);  check();  return 0;}#ifdef USE_BUFFEREVENTSintwrite_to_evbuffer_zlib(struct evbuffer *buf, tor_zlib_state_t *state,                       const char *data, size_t data_len,                       int done){  char *next;  size_t old_avail, avail;  int over = 0, n;  struct evbuffer_iovec vec[1];  do {    {      size_t cap = data_len / 4;      if (cap < 128)        cap = 128;      /* XXXX NM this strategy is fragmentation-prone. We should really have       * two iovecs, and write first into the one, and then into the       * second if the first gets full. */      n = evbuffer_reserve_space(buf, cap, vec, 1);      tor_assert(n == 1);    }    next = vec[0].iov_base;    avail = old_avail = vec[0].iov_len;    switch (tor_zlib_process(state, &next, &avail, &data, &data_len, done)) {      case TOR_ZLIB_DONE:        over = 1;        break;      case TOR_ZLIB_ERR:        return -1;      case TOR_ZLIB_OK:        if (data_len == 0)          over = 1;        break;      case TOR_ZLIB_BUF_FULL:        if (avail) {          /* Zlib says we need more room (ZLIB_BUF_FULL).  Start a new chunk           * automatically, whether were going to or not. */        }        break;    }    /* XXXX possible infinite loop on BUF_FULL. */    vec[0].iov_len = old_avail - avail;    evbuffer_commit_space(buf, vec, 1);  } while (!over);  check();  return 0;}#endif/** Log an error and exit if <b>buf</b> is corrupted. */voidassert_buf_ok(buf_t *buf){  tor_assert(buf);  tor_assert(buf->magic == BUFFER_MAGIC);  if (! buf->head) {    tor_assert(!buf->tail);    tor_assert(buf->datalen == 0);  } else {    chunk_t *ch;    size_t total = 0;    tor_assert(buf->tail);    for (ch = buf->head; ch; ch = ch->next) {      total += ch->datalen;      tor_assert(ch->datalen <= ch->memlen);      tor_assert(ch->data >= &ch->mem[0]);      tor_assert(ch->data < &ch->mem[0]+ch->memlen);      tor_assert(ch->data+ch->datalen <= &ch->mem[0] + ch->memlen);      if (!ch->next)        tor_assert(ch == buf->tail);    }    tor_assert(buf->datalen == total);  }}#ifdef ENABLE_BUF_FREELISTS/** Log an error and exit if <b>fl</b> is corrupted. */static voidassert_freelist_ok(chunk_freelist_t *fl){  chunk_t *ch;  int n;  tor_assert(fl->alloc_size > 0);  n = 0;  for (ch = fl->head; ch; ch = ch->next) {    tor_assert(CHUNK_ALLOC_SIZE(ch->memlen) == fl->alloc_size);    ++n;  }  tor_assert(n == fl->cur_length);  tor_assert(n >= fl->lowest_length);  tor_assert(n <= fl->max_length);}#endif
 |