buffers.c 63 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062
  1. /* Copyright (c) 2001 Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2016, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file buffers.c
  8. * \brief Implements a generic buffer interface.
  9. *
  10. * A buf_t is a (fairly) opaque byte-oriented FIFO that can read to or flush
  11. * from memory, sockets, file descriptors, TLS connections, or another buf_t.
  12. * Buffers are implemented as linked lists of memory chunks.
  13. *
  14. * All socket-backed and TLS-based connection_t objects have a pair of
  15. * buffers: one for incoming data, and one for outcoming data. These are fed
  16. * and drained from functions in connection.c, trigged by events that are
  17. * monitored in main.c.
  18. *
  19. * This module has basic support for reading and writing on buf_t objects. It
  20. * also contains specialized functions for handling particular protocols
  21. * on a buf_t backend, including SOCKS (used in connection_edge.c), Tor cells
  22. * (used in connection_or.c and channeltls.c), HTTP (used in directory.c), and
  23. * line-oriented communication (used in control.c).
  24. **/
  25. #define BUFFERS_PRIVATE
  26. #include "or.h"
  27. #include "addressmap.h"
  28. #include "buffers.h"
  29. #include "config.h"
  30. #include "connection_edge.h"
  31. #include "connection_or.h"
  32. #include "control.h"
  33. #include "reasons.h"
  34. #include "ext_orport.h"
  35. #include "util.h"
  36. #include "torlog.h"
  37. #ifdef HAVE_UNISTD_H
  38. #include <unistd.h>
  39. #endif
  40. //#define PARANOIA
  41. #ifdef PARANOIA
  42. /** Helper: If PARANOIA is defined, assert that the buffer in local variable
  43. * <b>buf</b> is well-formed. */
  44. #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
  45. #else
  46. #define check() STMT_NIL
  47. #endif
  48. /* Implementation notes:
  49. *
  50. * After flirting with memmove, and dallying with ring-buffers, we're finally
  51. * getting up to speed with the 1970s and implementing buffers as a linked
  52. * list of small chunks. Each buffer has such a list; data is removed from
  53. * the head of the list, and added at the tail. The list is singly linked,
  54. * and the buffer keeps a pointer to the head and the tail.
  55. *
  56. * Every chunk, except the tail, contains at least one byte of data. Data in
  57. * each chunk is contiguous.
  58. *
  59. * When you need to treat the first N characters on a buffer as a contiguous
  60. * string, use the buf_pullup function to make them so. Don't do this more
  61. * than necessary.
  62. *
  63. * The major free Unix kernels have handled buffers like this since, like,
  64. * forever.
  65. */
  66. static void socks_request_set_socks5_error(socks_request_t *req,
  67. socks5_reply_status_t reason);
  68. static int parse_socks(const char *data, size_t datalen, socks_request_t *req,
  69. int log_sockstype, int safe_socks, ssize_t *drain_out,
  70. size_t *want_length_out);
  71. static int parse_socks_client(const uint8_t *data, size_t datalen,
  72. int state, char **reason,
  73. ssize_t *drain_out);
  74. /* Chunk manipulation functions */
  75. #define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])
  76. /* We leave this many NUL bytes at the end of the buffer. */
  77. #define SENTINEL_LEN 4
  78. /* Header size plus NUL bytes at the end */
  79. #define CHUNK_OVERHEAD (CHUNK_HEADER_LEN + SENTINEL_LEN)
  80. /** Return the number of bytes needed to allocate a chunk to hold
  81. * <b>memlen</b> bytes. */
  82. #define CHUNK_ALLOC_SIZE(memlen) (CHUNK_OVERHEAD + (memlen))
  83. /** Return the number of usable bytes in a chunk allocated with
  84. * malloc(<b>memlen</b>). */
  85. #define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_OVERHEAD)
  86. #define DEBUG_SENTINEL
  87. #ifdef DEBUG_SENTINEL
  88. #define DBG_S(s) s
  89. #else
  90. #define DBG_S(s) (void)0
  91. #endif
  92. #define CHUNK_SET_SENTINEL(chunk, alloclen) do { \
  93. uint8_t *a = (uint8_t*) &(chunk)->mem[(chunk)->memlen]; \
  94. DBG_S(uint8_t *b = &((uint8_t*)(chunk))[(alloclen)-SENTINEL_LEN]); \
  95. DBG_S(tor_assert(a == b)); \
  96. memset(a,0,SENTINEL_LEN); \
  97. } while (0)
  98. /** Return the next character in <b>chunk</b> onto which data can be appended.
  99. * If the chunk is full, this might be off the end of chunk->mem. */
  100. static inline char *
  101. CHUNK_WRITE_PTR(chunk_t *chunk)
  102. {
  103. return chunk->data + chunk->datalen;
  104. }
  105. /** Return the number of bytes that can be written onto <b>chunk</b> without
  106. * running out of space. */
  107. static inline size_t
  108. CHUNK_REMAINING_CAPACITY(const chunk_t *chunk)
  109. {
  110. return (chunk->mem + chunk->memlen) - (chunk->data + chunk->datalen);
  111. }
  112. /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
  113. * to free up space at the end. */
  114. static inline void
  115. chunk_repack(chunk_t *chunk)
  116. {
  117. if (chunk->datalen && chunk->data != &chunk->mem[0]) {
  118. memmove(chunk->mem, chunk->data, chunk->datalen);
  119. }
  120. chunk->data = &chunk->mem[0];
  121. }
  122. /** Keep track of total size of allocated chunks for consistency asserts */
  123. static size_t total_bytes_allocated_in_chunks = 0;
  124. static void
  125. buf_chunk_free_unchecked(chunk_t *chunk)
  126. {
  127. if (!chunk)
  128. return;
  129. #ifdef DEBUG_CHUNK_ALLOC
  130. tor_assert(CHUNK_ALLOC_SIZE(chunk->memlen) == chunk->DBG_alloc);
  131. #endif
  132. tor_assert(total_bytes_allocated_in_chunks >=
  133. CHUNK_ALLOC_SIZE(chunk->memlen));
  134. total_bytes_allocated_in_chunks -= CHUNK_ALLOC_SIZE(chunk->memlen);
  135. tor_free(chunk);
  136. }
  137. static inline chunk_t *
  138. chunk_new_with_alloc_size(size_t alloc)
  139. {
  140. chunk_t *ch;
  141. ch = tor_malloc(alloc);
  142. ch->next = NULL;
  143. ch->datalen = 0;
  144. #ifdef DEBUG_CHUNK_ALLOC
  145. ch->DBG_alloc = alloc;
  146. #endif
  147. ch->memlen = CHUNK_SIZE_WITH_ALLOC(alloc);
  148. total_bytes_allocated_in_chunks += alloc;
  149. ch->data = &ch->mem[0];
  150. CHUNK_SET_SENTINEL(ch, alloc);
  151. return ch;
  152. }
  153. /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
  154. * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
  155. static inline chunk_t *
  156. chunk_grow(chunk_t *chunk, size_t sz)
  157. {
  158. off_t offset;
  159. const size_t memlen_orig = chunk->memlen;
  160. const size_t orig_alloc = CHUNK_ALLOC_SIZE(memlen_orig);
  161. const size_t new_alloc = CHUNK_ALLOC_SIZE(sz);
  162. tor_assert(sz > chunk->memlen);
  163. offset = chunk->data - chunk->mem;
  164. chunk = tor_realloc(chunk, new_alloc);
  165. chunk->memlen = sz;
  166. chunk->data = chunk->mem + offset;
  167. #ifdef DEBUG_CHUNK_ALLOC
  168. tor_assert(chunk->DBG_alloc == orig_alloc);
  169. chunk->DBG_alloc = new_alloc;
  170. #endif
  171. total_bytes_allocated_in_chunks += new_alloc - orig_alloc;
  172. CHUNK_SET_SENTINEL(chunk, new_alloc);
  173. return chunk;
  174. }
  175. /** If a read onto the end of a chunk would be smaller than this number, then
  176. * just start a new chunk. */
  177. #define MIN_READ_LEN 8
  178. /** Every chunk should take up at least this many bytes. */
  179. #define MIN_CHUNK_ALLOC 256
  180. /** No chunk should take up more than this many bytes. */
  181. #define MAX_CHUNK_ALLOC 65536
  182. /** Return the allocation size we'd like to use to hold <b>target</b>
  183. * bytes. */
  184. STATIC size_t
  185. preferred_chunk_size(size_t target)
  186. {
  187. tor_assert(target <= SIZE_T_CEILING - CHUNK_OVERHEAD);
  188. if (CHUNK_ALLOC_SIZE(target) >= MAX_CHUNK_ALLOC)
  189. return CHUNK_ALLOC_SIZE(target);
  190. size_t sz = MIN_CHUNK_ALLOC;
  191. while (CHUNK_SIZE_WITH_ALLOC(sz) < target) {
  192. sz <<= 1;
  193. }
  194. return sz;
  195. }
  196. /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
  197. * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
  198. * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
  199. */
  200. STATIC void
  201. buf_pullup(buf_t *buf, size_t bytes)
  202. {
  203. chunk_t *dest, *src;
  204. size_t capacity;
  205. if (!buf->head)
  206. return;
  207. check();
  208. if (buf->datalen < bytes)
  209. bytes = buf->datalen;
  210. capacity = bytes;
  211. if (buf->head->datalen >= bytes)
  212. return;
  213. if (buf->head->memlen >= capacity) {
  214. /* We don't need to grow the first chunk, but we might need to repack it.*/
  215. size_t needed = capacity - buf->head->datalen;
  216. if (CHUNK_REMAINING_CAPACITY(buf->head) < needed)
  217. chunk_repack(buf->head);
  218. tor_assert(CHUNK_REMAINING_CAPACITY(buf->head) >= needed);
  219. } else {
  220. chunk_t *newhead;
  221. size_t newsize;
  222. /* We need to grow the chunk. */
  223. chunk_repack(buf->head);
  224. newsize = CHUNK_SIZE_WITH_ALLOC(preferred_chunk_size(capacity));
  225. newhead = chunk_grow(buf->head, newsize);
  226. tor_assert(newhead->memlen >= capacity);
  227. if (newhead != buf->head) {
  228. if (buf->tail == buf->head)
  229. buf->tail = newhead;
  230. buf->head = newhead;
  231. }
  232. }
  233. dest = buf->head;
  234. while (dest->datalen < bytes) {
  235. size_t n = bytes - dest->datalen;
  236. src = dest->next;
  237. tor_assert(src);
  238. if (n >= src->datalen) {
  239. memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
  240. dest->datalen += src->datalen;
  241. dest->next = src->next;
  242. if (buf->tail == src)
  243. buf->tail = dest;
  244. buf_chunk_free_unchecked(src);
  245. } else {
  246. memcpy(CHUNK_WRITE_PTR(dest), src->data, n);
  247. dest->datalen += n;
  248. src->data += n;
  249. src->datalen -= n;
  250. tor_assert(dest->datalen == bytes);
  251. }
  252. }
  253. check();
  254. }
  255. #ifdef TOR_UNIT_TESTS
  256. void
  257. buf_get_first_chunk_data(const buf_t *buf, const char **cp, size_t *sz)
  258. {
  259. if (!buf || !buf->head) {
  260. *cp = NULL;
  261. *sz = 0;
  262. } else {
  263. *cp = buf->head->data;
  264. *sz = buf->head->datalen;
  265. }
  266. }
  267. #endif
  268. /** Remove the first <b>n</b> bytes from buf. */
  269. static inline void
  270. buf_remove_from_front(buf_t *buf, size_t n)
  271. {
  272. tor_assert(buf->datalen >= n);
  273. while (n) {
  274. tor_assert(buf->head);
  275. if (buf->head->datalen > n) {
  276. buf->head->datalen -= n;
  277. buf->head->data += n;
  278. buf->datalen -= n;
  279. return;
  280. } else {
  281. chunk_t *victim = buf->head;
  282. n -= victim->datalen;
  283. buf->datalen -= victim->datalen;
  284. buf->head = victim->next;
  285. if (buf->tail == victim)
  286. buf->tail = NULL;
  287. buf_chunk_free_unchecked(victim);
  288. }
  289. }
  290. check();
  291. }
  292. /** Create and return a new buf with default chunk capacity <b>size</b>.
  293. */
  294. buf_t *
  295. buf_new_with_capacity(size_t size)
  296. {
  297. buf_t *b = buf_new();
  298. b->default_chunk_size = preferred_chunk_size(size);
  299. return b;
  300. }
  301. /** Allocate and return a new buffer with default capacity. */
  302. buf_t *
  303. buf_new(void)
  304. {
  305. buf_t *buf = tor_malloc_zero(sizeof(buf_t));
  306. buf->magic = BUFFER_MAGIC;
  307. buf->default_chunk_size = 4096;
  308. return buf;
  309. }
  310. size_t
  311. buf_get_default_chunk_size(const buf_t *buf)
  312. {
  313. return buf->default_chunk_size;
  314. }
  315. /** Remove all data from <b>buf</b>. */
  316. void
  317. buf_clear(buf_t *buf)
  318. {
  319. chunk_t *chunk, *next;
  320. buf->datalen = 0;
  321. for (chunk = buf->head; chunk; chunk = next) {
  322. next = chunk->next;
  323. buf_chunk_free_unchecked(chunk);
  324. }
  325. buf->head = buf->tail = NULL;
  326. }
  327. /** Return the number of bytes stored in <b>buf</b> */
  328. MOCK_IMPL(size_t,
  329. buf_datalen, (const buf_t *buf))
  330. {
  331. return buf->datalen;
  332. }
  333. /** Return the total length of all chunks used in <b>buf</b>. */
  334. size_t
  335. buf_allocation(const buf_t *buf)
  336. {
  337. size_t total = 0;
  338. const chunk_t *chunk;
  339. for (chunk = buf->head; chunk; chunk = chunk->next) {
  340. total += CHUNK_ALLOC_SIZE(chunk->memlen);
  341. }
  342. return total;
  343. }
  344. /** Return the number of bytes that can be added to <b>buf</b> without
  345. * performing any additional allocation. */
  346. size_t
  347. buf_slack(const buf_t *buf)
  348. {
  349. if (!buf->tail)
  350. return 0;
  351. else
  352. return CHUNK_REMAINING_CAPACITY(buf->tail);
  353. }
  354. /** Release storage held by <b>buf</b>. */
  355. void
  356. buf_free(buf_t *buf)
  357. {
  358. if (!buf)
  359. return;
  360. buf_clear(buf);
  361. buf->magic = 0xdeadbeef;
  362. tor_free(buf);
  363. }
  364. /** Return a new copy of <b>in_chunk</b> */
  365. static chunk_t *
  366. chunk_copy(const chunk_t *in_chunk)
  367. {
  368. chunk_t *newch = tor_memdup(in_chunk, CHUNK_ALLOC_SIZE(in_chunk->memlen));
  369. total_bytes_allocated_in_chunks += CHUNK_ALLOC_SIZE(in_chunk->memlen);
  370. #ifdef DEBUG_CHUNK_ALLOC
  371. newch->DBG_alloc = CHUNK_ALLOC_SIZE(in_chunk->memlen);
  372. #endif
  373. newch->next = NULL;
  374. if (in_chunk->data) {
  375. off_t offset = in_chunk->data - in_chunk->mem;
  376. newch->data = newch->mem + offset;
  377. }
  378. return newch;
  379. }
  380. /** Return a new copy of <b>buf</b> */
  381. buf_t *
  382. buf_copy(const buf_t *buf)
  383. {
  384. chunk_t *ch;
  385. buf_t *out = buf_new();
  386. out->default_chunk_size = buf->default_chunk_size;
  387. for (ch = buf->head; ch; ch = ch->next) {
  388. chunk_t *newch = chunk_copy(ch);
  389. if (out->tail) {
  390. out->tail->next = newch;
  391. out->tail = newch;
  392. } else {
  393. out->head = out->tail = newch;
  394. }
  395. }
  396. out->datalen = buf->datalen;
  397. return out;
  398. }
  399. /** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
  400. * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
  401. * than MAX_CHUNK_ALLOC. */
  402. static chunk_t *
  403. buf_add_chunk_with_capacity(buf_t *buf, size_t capacity, int capped)
  404. {
  405. chunk_t *chunk;
  406. if (CHUNK_ALLOC_SIZE(capacity) < buf->default_chunk_size) {
  407. chunk = chunk_new_with_alloc_size(buf->default_chunk_size);
  408. } else if (capped && CHUNK_ALLOC_SIZE(capacity) > MAX_CHUNK_ALLOC) {
  409. chunk = chunk_new_with_alloc_size(MAX_CHUNK_ALLOC);
  410. } else {
  411. chunk = chunk_new_with_alloc_size(preferred_chunk_size(capacity));
  412. }
  413. chunk->inserted_time = (uint32_t)monotime_coarse_absolute_msec();
  414. if (buf->tail) {
  415. tor_assert(buf->head);
  416. buf->tail->next = chunk;
  417. buf->tail = chunk;
  418. } else {
  419. tor_assert(!buf->head);
  420. buf->head = buf->tail = chunk;
  421. }
  422. check();
  423. return chunk;
  424. }
  425. /** Return the age of the oldest chunk in the buffer <b>buf</b>, in
  426. * milliseconds. Requires the current monotonic time, in truncated msec,
  427. * as its input <b>now</b>.
  428. */
  429. uint32_t
  430. buf_get_oldest_chunk_timestamp(const buf_t *buf, uint32_t now)
  431. {
  432. if (buf->head) {
  433. return now - buf->head->inserted_time;
  434. } else {
  435. return 0;
  436. }
  437. }
  438. size_t
  439. buf_get_total_allocation(void)
  440. {
  441. return total_bytes_allocated_in_chunks;
  442. }
  443. /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
  444. * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
  445. * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
  446. * and the number of bytes read otherwise. */
  447. static inline int
  448. read_to_chunk(buf_t *buf, chunk_t *chunk, tor_socket_t fd, size_t at_most,
  449. int *reached_eof, int *socket_error)
  450. {
  451. ssize_t read_result;
  452. if (at_most > CHUNK_REMAINING_CAPACITY(chunk))
  453. at_most = CHUNK_REMAINING_CAPACITY(chunk);
  454. read_result = tor_socket_recv(fd, CHUNK_WRITE_PTR(chunk), at_most, 0);
  455. if (read_result < 0) {
  456. int e = tor_socket_errno(fd);
  457. if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */
  458. #ifdef _WIN32
  459. if (e == WSAENOBUFS)
  460. log_warn(LD_NET,"recv() failed: WSAENOBUFS. Not enough ram?");
  461. #endif
  462. *socket_error = e;
  463. return -1;
  464. }
  465. return 0; /* would block. */
  466. } else if (read_result == 0) {
  467. log_debug(LD_NET,"Encountered eof on fd %d", (int)fd);
  468. *reached_eof = 1;
  469. return 0;
  470. } else { /* actually got bytes. */
  471. buf->datalen += read_result;
  472. chunk->datalen += read_result;
  473. log_debug(LD_NET,"Read %ld bytes. %d on inbuf.", (long)read_result,
  474. (int)buf->datalen);
  475. tor_assert(read_result < INT_MAX);
  476. return (int)read_result;
  477. }
  478. }
  479. /** As read_to_chunk(), but return (negative) error code on error, blocking,
  480. * or TLS, and the number of bytes read otherwise. */
  481. static inline int
  482. read_to_chunk_tls(buf_t *buf, chunk_t *chunk, tor_tls_t *tls,
  483. size_t at_most)
  484. {
  485. int read_result;
  486. tor_assert(CHUNK_REMAINING_CAPACITY(chunk) >= at_most);
  487. read_result = tor_tls_read(tls, CHUNK_WRITE_PTR(chunk), at_most);
  488. if (read_result < 0)
  489. return read_result;
  490. buf->datalen += read_result;
  491. chunk->datalen += read_result;
  492. return read_result;
  493. }
  494. /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
  495. * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
  496. * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
  497. * error; else return the number of bytes read.
  498. */
  499. /* XXXX indicate "read blocked" somehow? */
  500. int
  501. read_to_buf(tor_socket_t s, size_t at_most, buf_t *buf, int *reached_eof,
  502. int *socket_error)
  503. {
  504. /* XXXX It's stupid to overload the return values for these functions:
  505. * "error status" and "number of bytes read" are not mutually exclusive.
  506. */
  507. int r = 0;
  508. size_t total_read = 0;
  509. check();
  510. tor_assert(reached_eof);
  511. tor_assert(SOCKET_OK(s));
  512. while (at_most > total_read) {
  513. size_t readlen = at_most - total_read;
  514. chunk_t *chunk;
  515. if (!buf->tail || CHUNK_REMAINING_CAPACITY(buf->tail) < MIN_READ_LEN) {
  516. chunk = buf_add_chunk_with_capacity(buf, at_most, 1);
  517. if (readlen > chunk->memlen)
  518. readlen = chunk->memlen;
  519. } else {
  520. size_t cap = CHUNK_REMAINING_CAPACITY(buf->tail);
  521. chunk = buf->tail;
  522. if (cap < readlen)
  523. readlen = cap;
  524. }
  525. r = read_to_chunk(buf, chunk, s, readlen, reached_eof, socket_error);
  526. check();
  527. if (r < 0)
  528. return r; /* Error */
  529. tor_assert(total_read+r < INT_MAX);
  530. total_read += r;
  531. if ((size_t)r < readlen) { /* eof, block, or no more to read. */
  532. break;
  533. }
  534. }
  535. return (int)total_read;
  536. }
  537. /** As read_to_buf, but reads from a TLS connection, and returns a TLS
  538. * status value rather than the number of bytes read.
  539. *
  540. * Using TLS on OR connections complicates matters in two ways.
  541. *
  542. * First, a TLS stream has its own read buffer independent of the
  543. * connection's read buffer. (TLS needs to read an entire frame from
  544. * the network before it can decrypt any data. Thus, trying to read 1
  545. * byte from TLS can require that several KB be read from the network
  546. * and decrypted. The extra data is stored in TLS's decrypt buffer.)
  547. * Because the data hasn't been read by Tor (it's still inside the TLS),
  548. * this means that sometimes a connection "has stuff to read" even when
  549. * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
  550. * used in connection.c to detect TLS objects with non-empty internal
  551. * buffers and read from them again.
  552. *
  553. * Second, the TLS stream's events do not correspond directly to network
  554. * events: sometimes, before a TLS stream can read, the network must be
  555. * ready to write -- or vice versa.
  556. */
  557. int
  558. read_to_buf_tls(tor_tls_t *tls, size_t at_most, buf_t *buf)
  559. {
  560. int r = 0;
  561. size_t total_read = 0;
  562. check_no_tls_errors();
  563. check();
  564. while (at_most > total_read) {
  565. size_t readlen = at_most - total_read;
  566. chunk_t *chunk;
  567. if (!buf->tail || CHUNK_REMAINING_CAPACITY(buf->tail) < MIN_READ_LEN) {
  568. chunk = buf_add_chunk_with_capacity(buf, at_most, 1);
  569. if (readlen > chunk->memlen)
  570. readlen = chunk->memlen;
  571. } else {
  572. size_t cap = CHUNK_REMAINING_CAPACITY(buf->tail);
  573. chunk = buf->tail;
  574. if (cap < readlen)
  575. readlen = cap;
  576. }
  577. r = read_to_chunk_tls(buf, chunk, tls, readlen);
  578. check();
  579. if (r < 0)
  580. return r; /* Error */
  581. tor_assert(total_read+r < INT_MAX);
  582. total_read += r;
  583. if ((size_t)r < readlen) /* eof, block, or no more to read. */
  584. break;
  585. }
  586. return (int)total_read;
  587. }
  588. /** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk
  589. * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
  590. * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
  591. * written on success, 0 on blocking, -1 on failure.
  592. */
  593. static inline int
  594. flush_chunk(tor_socket_t s, buf_t *buf, chunk_t *chunk, size_t sz,
  595. size_t *buf_flushlen)
  596. {
  597. ssize_t write_result;
  598. if (sz > chunk->datalen)
  599. sz = chunk->datalen;
  600. write_result = tor_socket_send(s, chunk->data, sz, 0);
  601. if (write_result < 0) {
  602. int e = tor_socket_errno(s);
  603. if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */
  604. #ifdef _WIN32
  605. if (e == WSAENOBUFS)
  606. log_warn(LD_NET,"write() failed: WSAENOBUFS. Not enough ram?");
  607. #endif
  608. return -1;
  609. }
  610. log_debug(LD_NET,"write() would block, returning.");
  611. return 0;
  612. } else {
  613. *buf_flushlen -= write_result;
  614. buf_remove_from_front(buf, write_result);
  615. tor_assert(write_result < INT_MAX);
  616. return (int)write_result;
  617. }
  618. }
  619. /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk
  620. * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
  621. * more if there is a forced pending write size.) On success, deduct the
  622. * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
  623. * written on success, and a TOR_TLS error code on failure or blocking.
  624. */
  625. static inline int
  626. flush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,
  627. size_t sz, size_t *buf_flushlen)
  628. {
  629. int r;
  630. size_t forced;
  631. char *data;
  632. forced = tor_tls_get_forced_write_size(tls);
  633. if (forced > sz)
  634. sz = forced;
  635. if (chunk) {
  636. data = chunk->data;
  637. tor_assert(sz <= chunk->datalen);
  638. } else {
  639. data = NULL;
  640. tor_assert(sz == 0);
  641. }
  642. r = tor_tls_write(tls, data, sz);
  643. if (r < 0)
  644. return r;
  645. if (*buf_flushlen > (size_t)r)
  646. *buf_flushlen -= r;
  647. else
  648. *buf_flushlen = 0;
  649. buf_remove_from_front(buf, r);
  650. log_debug(LD_NET,"flushed %d bytes, %d ready to flush, %d remain.",
  651. r,(int)*buf_flushlen,(int)buf->datalen);
  652. return r;
  653. }
  654. /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
  655. * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
  656. * the number of bytes actually written, and remove the written bytes
  657. * from the buffer. Return the number of bytes written on success,
  658. * -1 on failure. Return 0 if write() would block.
  659. */
  660. int
  661. flush_buf(tor_socket_t s, buf_t *buf, size_t sz, size_t *buf_flushlen)
  662. {
  663. /* XXXX It's stupid to overload the return values for these functions:
  664. * "error status" and "number of bytes flushed" are not mutually exclusive.
  665. */
  666. int r;
  667. size_t flushed = 0;
  668. tor_assert(buf_flushlen);
  669. tor_assert(SOCKET_OK(s));
  670. tor_assert(*buf_flushlen <= buf->datalen);
  671. tor_assert(sz <= *buf_flushlen);
  672. check();
  673. while (sz) {
  674. size_t flushlen0;
  675. tor_assert(buf->head);
  676. if (buf->head->datalen >= sz)
  677. flushlen0 = sz;
  678. else
  679. flushlen0 = buf->head->datalen;
  680. r = flush_chunk(s, buf, buf->head, flushlen0, buf_flushlen);
  681. check();
  682. if (r < 0)
  683. return r;
  684. flushed += r;
  685. sz -= r;
  686. if (r == 0 || (size_t)r < flushlen0) /* can't flush any more now. */
  687. break;
  688. }
  689. tor_assert(flushed < INT_MAX);
  690. return (int)flushed;
  691. }
  692. /** As flush_buf(), but writes data to a TLS connection. Can write more than
  693. * <b>flushlen</b> bytes.
  694. */
  695. int
  696. flush_buf_tls(tor_tls_t *tls, buf_t *buf, size_t flushlen,
  697. size_t *buf_flushlen)
  698. {
  699. int r;
  700. size_t flushed = 0;
  701. ssize_t sz;
  702. tor_assert(buf_flushlen);
  703. tor_assert(*buf_flushlen <= buf->datalen);
  704. tor_assert(flushlen <= *buf_flushlen);
  705. sz = (ssize_t) flushlen;
  706. /* we want to let tls write even if flushlen is zero, because it might
  707. * have a partial record pending */
  708. check_no_tls_errors();
  709. check();
  710. do {
  711. size_t flushlen0;
  712. if (buf->head) {
  713. if ((ssize_t)buf->head->datalen >= sz)
  714. flushlen0 = sz;
  715. else
  716. flushlen0 = buf->head->datalen;
  717. } else {
  718. flushlen0 = 0;
  719. }
  720. r = flush_chunk_tls(tls, buf, buf->head, flushlen0, buf_flushlen);
  721. check();
  722. if (r < 0)
  723. return r;
  724. flushed += r;
  725. sz -= r;
  726. if (r == 0) /* Can't flush any more now. */
  727. break;
  728. } while (sz > 0);
  729. tor_assert(flushed < INT_MAX);
  730. return (int)flushed;
  731. }
  732. /** Append <b>string_len</b> bytes from <b>string</b> to the end of
  733. * <b>buf</b>.
  734. *
  735. * Return the new length of the buffer on success, -1 on failure.
  736. */
  737. int
  738. write_to_buf(const char *string, size_t string_len, buf_t *buf)
  739. {
  740. if (!string_len)
  741. return (int)buf->datalen;
  742. check();
  743. while (string_len) {
  744. size_t copy;
  745. if (!buf->tail || !CHUNK_REMAINING_CAPACITY(buf->tail))
  746. buf_add_chunk_with_capacity(buf, string_len, 1);
  747. copy = CHUNK_REMAINING_CAPACITY(buf->tail);
  748. if (copy > string_len)
  749. copy = string_len;
  750. memcpy(CHUNK_WRITE_PTR(buf->tail), string, copy);
  751. string_len -= copy;
  752. string += copy;
  753. buf->datalen += copy;
  754. buf->tail->datalen += copy;
  755. }
  756. check();
  757. tor_assert(buf->datalen < INT_MAX);
  758. return (int)buf->datalen;
  759. }
  760. /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
  761. * onto <b>string</b>.
  762. */
  763. static inline void
  764. peek_from_buf(char *string, size_t string_len, const buf_t *buf)
  765. {
  766. chunk_t *chunk;
  767. tor_assert(string);
  768. /* make sure we don't ask for too much */
  769. tor_assert(string_len <= buf->datalen);
  770. /* assert_buf_ok(buf); */
  771. chunk = buf->head;
  772. while (string_len) {
  773. size_t copy = string_len;
  774. tor_assert(chunk);
  775. if (chunk->datalen < copy)
  776. copy = chunk->datalen;
  777. memcpy(string, chunk->data, copy);
  778. string_len -= copy;
  779. string += copy;
  780. chunk = chunk->next;
  781. }
  782. }
  783. /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
  784. * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
  785. * must be \<= the number of bytes on the buffer.
  786. */
  787. int
  788. fetch_from_buf(char *string, size_t string_len, buf_t *buf)
  789. {
  790. /* There must be string_len bytes in buf; write them onto string,
  791. * then memmove buf back (that is, remove them from buf).
  792. *
  793. * Return the number of bytes still on the buffer. */
  794. check();
  795. peek_from_buf(string, string_len, buf);
  796. buf_remove_from_front(buf, string_len);
  797. check();
  798. tor_assert(buf->datalen < INT_MAX);
  799. return (int)buf->datalen;
  800. }
  801. /** True iff the cell command <b>command</b> is one that implies a
  802. * variable-length cell in Tor link protocol <b>linkproto</b>. */
  803. static inline int
  804. cell_command_is_var_length(uint8_t command, int linkproto)
  805. {
  806. /* If linkproto is v2 (2), CELL_VERSIONS is the only variable-length cells
  807. * work as implemented here. If it's 1, there are no variable-length cells.
  808. * Tor does not support other versions right now, and so can't negotiate
  809. * them.
  810. */
  811. switch (linkproto) {
  812. case 1:
  813. /* Link protocol version 1 has no variable-length cells. */
  814. return 0;
  815. case 2:
  816. /* In link protocol version 2, VERSIONS is the only variable-length cell */
  817. return command == CELL_VERSIONS;
  818. case 0:
  819. case 3:
  820. default:
  821. /* In link protocol version 3 and later, and in version "unknown",
  822. * commands 128 and higher indicate variable-length. VERSIONS is
  823. * grandfathered in. */
  824. return command == CELL_VERSIONS || command >= 128;
  825. }
  826. }
  827. /** Check <b>buf</b> for a variable-length cell according to the rules of link
  828. * protocol version <b>linkproto</b>. If one is found, pull it off the buffer
  829. * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1.
  830. * Return 0 if whatever is on the start of buf_t is not a variable-length
  831. * cell. Return 1 and set *<b>out</b> to NULL if there seems to be the start
  832. * of a variable-length cell on <b>buf</b>, but the whole thing isn't there
  833. * yet. */
  834. int
  835. fetch_var_cell_from_buf(buf_t *buf, var_cell_t **out, int linkproto)
  836. {
  837. char hdr[VAR_CELL_MAX_HEADER_SIZE];
  838. var_cell_t *result;
  839. uint8_t command;
  840. uint16_t length;
  841. const int wide_circ_ids = linkproto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
  842. const int circ_id_len = get_circ_id_size(wide_circ_ids);
  843. const unsigned header_len = get_var_cell_header_size(wide_circ_ids);
  844. check();
  845. *out = NULL;
  846. if (buf->datalen < header_len)
  847. return 0;
  848. peek_from_buf(hdr, header_len, buf);
  849. command = get_uint8(hdr + circ_id_len);
  850. if (!(cell_command_is_var_length(command, linkproto)))
  851. return 0;
  852. length = ntohs(get_uint16(hdr + circ_id_len + 1));
  853. if (buf->datalen < (size_t)(header_len+length))
  854. return 1;
  855. result = var_cell_new(length);
  856. result->command = command;
  857. if (wide_circ_ids)
  858. result->circ_id = ntohl(get_uint32(hdr));
  859. else
  860. result->circ_id = ntohs(get_uint16(hdr));
  861. buf_remove_from_front(buf, header_len);
  862. peek_from_buf((char*) result->payload, length, buf);
  863. buf_remove_from_front(buf, length);
  864. check();
  865. *out = result;
  866. return 1;
  867. }
  868. /** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
  869. * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
  870. * Return the number of bytes actually copied.
  871. */
  872. int
  873. move_buf_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen)
  874. {
  875. /* We can do way better here, but this doesn't turn up in any profiles. */
  876. char b[4096];
  877. size_t cp, len;
  878. len = *buf_flushlen;
  879. if (len > buf_in->datalen)
  880. len = buf_in->datalen;
  881. cp = len; /* Remember the number of bytes we intend to copy. */
  882. tor_assert(cp < INT_MAX);
  883. while (len) {
  884. /* This isn't the most efficient implementation one could imagine, since
  885. * it does two copies instead of 1, but I kinda doubt that this will be
  886. * critical path. */
  887. size_t n = len > sizeof(b) ? sizeof(b) : len;
  888. fetch_from_buf(b, n, buf_in);
  889. write_to_buf(b, n, buf_out);
  890. len -= n;
  891. }
  892. *buf_flushlen -= cp;
  893. return (int)cp;
  894. }
  895. /** Internal structure: represents a position in a buffer. */
  896. typedef struct buf_pos_t {
  897. const chunk_t *chunk; /**< Which chunk are we pointing to? */
  898. int pos;/**< Which character inside the chunk's data are we pointing to? */
  899. size_t chunk_pos; /**< Total length of all previous chunks. */
  900. } buf_pos_t;
  901. /** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
  902. static void
  903. buf_pos_init(const buf_t *buf, buf_pos_t *out)
  904. {
  905. out->chunk = buf->head;
  906. out->pos = 0;
  907. out->chunk_pos = 0;
  908. }
  909. /** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
  910. * position of <b>out</b>, or later. Return -1 if no instances are found;
  911. * otherwise returns the absolute position of the character. */
  912. static off_t
  913. buf_find_pos_of_char(char ch, buf_pos_t *out)
  914. {
  915. const chunk_t *chunk;
  916. int pos;
  917. tor_assert(out);
  918. if (out->chunk) {
  919. if (out->chunk->datalen) {
  920. tor_assert(out->pos < (off_t)out->chunk->datalen);
  921. } else {
  922. tor_assert(out->pos == 0);
  923. }
  924. }
  925. pos = out->pos;
  926. for (chunk = out->chunk; chunk; chunk = chunk->next) {
  927. char *cp = memchr(chunk->data+pos, ch, chunk->datalen - pos);
  928. if (cp) {
  929. out->chunk = chunk;
  930. tor_assert(cp - chunk->data < INT_MAX);
  931. out->pos = (int)(cp - chunk->data);
  932. return out->chunk_pos + out->pos;
  933. } else {
  934. out->chunk_pos += chunk->datalen;
  935. pos = 0;
  936. }
  937. }
  938. return -1;
  939. }
  940. /** Advance <b>pos</b> by a single character, if there are any more characters
  941. * in the buffer. Returns 0 on success, -1 on failure. */
  942. static inline int
  943. buf_pos_inc(buf_pos_t *pos)
  944. {
  945. ++pos->pos;
  946. if (pos->pos == (off_t)pos->chunk->datalen) {
  947. if (!pos->chunk->next)
  948. return -1;
  949. pos->chunk_pos += pos->chunk->datalen;
  950. pos->chunk = pos->chunk->next;
  951. pos->pos = 0;
  952. }
  953. return 0;
  954. }
  955. /** Return true iff the <b>n</b>-character string in <b>s</b> appears
  956. * (verbatim) at <b>pos</b>. */
  957. static int
  958. buf_matches_at_pos(const buf_pos_t *pos, const char *s, size_t n)
  959. {
  960. buf_pos_t p;
  961. if (!n)
  962. return 1;
  963. memcpy(&p, pos, sizeof(p));
  964. while (1) {
  965. char ch = p.chunk->data[p.pos];
  966. if (ch != *s)
  967. return 0;
  968. ++s;
  969. /* If we're out of characters that don't match, we match. Check this
  970. * _before_ we test incrementing pos, in case we're at the end of the
  971. * string. */
  972. if (--n == 0)
  973. return 1;
  974. if (buf_pos_inc(&p)<0)
  975. return 0;
  976. }
  977. }
  978. /** Return the first position in <b>buf</b> at which the <b>n</b>-character
  979. * string <b>s</b> occurs, or -1 if it does not occur. */
  980. STATIC int
  981. buf_find_string_offset(const buf_t *buf, const char *s, size_t n)
  982. {
  983. buf_pos_t pos;
  984. buf_pos_init(buf, &pos);
  985. while (buf_find_pos_of_char(*s, &pos) >= 0) {
  986. if (buf_matches_at_pos(&pos, s, n)) {
  987. tor_assert(pos.chunk_pos + pos.pos < INT_MAX);
  988. return (int)(pos.chunk_pos + pos.pos);
  989. } else {
  990. if (buf_pos_inc(&pos)<0)
  991. return -1;
  992. }
  993. }
  994. return -1;
  995. }
  996. /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
  997. * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
  998. * If a) the headers include a Content-Length field and all bytes in
  999. * the body are present, or b) there's no Content-Length field and
  1000. * all headers are present, then:
  1001. *
  1002. * - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
  1003. * - memdup body into <b>*body_out</b>, and NUL-terminate it.
  1004. * - Then remove them from <b>buf</b>, and return 1.
  1005. *
  1006. * - If headers or body is NULL, discard that part of the buf.
  1007. * - If a headers or body doesn't fit in the arg, return -1.
  1008. * (We ensure that the headers or body don't exceed max len,
  1009. * _even if_ we're planning to discard them.)
  1010. * - If force_complete is true, then succeed even if not all of the
  1011. * content has arrived.
  1012. *
  1013. * Else, change nothing and return 0.
  1014. */
  1015. int
  1016. fetch_from_buf_http(buf_t *buf,
  1017. char **headers_out, size_t max_headerlen,
  1018. char **body_out, size_t *body_used, size_t max_bodylen,
  1019. int force_complete)
  1020. {
  1021. char *headers, *p;
  1022. size_t headerlen, bodylen, contentlen;
  1023. int crlf_offset;
  1024. check();
  1025. if (!buf->head)
  1026. return 0;
  1027. crlf_offset = buf_find_string_offset(buf, "\r\n\r\n", 4);
  1028. if (crlf_offset > (int)max_headerlen ||
  1029. (crlf_offset < 0 && buf->datalen > max_headerlen)) {
  1030. log_debug(LD_HTTP,"headers too long.");
  1031. return -1;
  1032. } else if (crlf_offset < 0) {
  1033. log_debug(LD_HTTP,"headers not all here yet.");
  1034. return 0;
  1035. }
  1036. /* Okay, we have a full header. Make sure it all appears in the first
  1037. * chunk. */
  1038. if ((int)buf->head->datalen < crlf_offset + 4)
  1039. buf_pullup(buf, crlf_offset+4);
  1040. headerlen = crlf_offset + 4;
  1041. headers = buf->head->data;
  1042. bodylen = buf->datalen - headerlen;
  1043. log_debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen);
  1044. if (max_headerlen <= headerlen) {
  1045. log_warn(LD_HTTP,"headerlen %d larger than %d. Failing.",
  1046. (int)headerlen, (int)max_headerlen-1);
  1047. return -1;
  1048. }
  1049. if (max_bodylen <= bodylen) {
  1050. log_warn(LD_HTTP,"bodylen %d larger than %d. Failing.",
  1051. (int)bodylen, (int)max_bodylen-1);
  1052. return -1;
  1053. }
  1054. #define CONTENT_LENGTH "\r\nContent-Length: "
  1055. p = (char*) tor_memstr(headers, headerlen, CONTENT_LENGTH);
  1056. if (p) {
  1057. int i;
  1058. i = atoi(p+strlen(CONTENT_LENGTH));
  1059. if (i < 0) {
  1060. log_warn(LD_PROTOCOL, "Content-Length is less than zero; it looks like "
  1061. "someone is trying to crash us.");
  1062. return -1;
  1063. }
  1064. contentlen = i;
  1065. /* if content-length is malformed, then our body length is 0. fine. */
  1066. log_debug(LD_HTTP,"Got a contentlen of %d.",(int)contentlen);
  1067. if (bodylen < contentlen) {
  1068. if (!force_complete) {
  1069. log_debug(LD_HTTP,"body not all here yet.");
  1070. return 0; /* not all there yet */
  1071. }
  1072. }
  1073. if (bodylen > contentlen) {
  1074. bodylen = contentlen;
  1075. log_debug(LD_HTTP,"bodylen reduced to %d.",(int)bodylen);
  1076. }
  1077. }
  1078. /* all happy. copy into the appropriate places, and return 1 */
  1079. if (headers_out) {
  1080. *headers_out = tor_malloc(headerlen+1);
  1081. fetch_from_buf(*headers_out, headerlen, buf);
  1082. (*headers_out)[headerlen] = 0; /* NUL terminate it */
  1083. }
  1084. if (body_out) {
  1085. tor_assert(body_used);
  1086. *body_used = bodylen;
  1087. *body_out = tor_malloc(bodylen+1);
  1088. fetch_from_buf(*body_out, bodylen, buf);
  1089. (*body_out)[bodylen] = 0; /* NUL terminate it */
  1090. }
  1091. check();
  1092. return 1;
  1093. }
  1094. /**
  1095. * Wait this many seconds before warning the user about using SOCKS unsafely
  1096. * again (requires that WarnUnsafeSocks is turned on). */
  1097. #define SOCKS_WARN_INTERVAL 5
  1098. /** Warn that the user application has made an unsafe socks request using
  1099. * protocol <b>socks_protocol</b> on port <b>port</b>. Don't warn more than
  1100. * once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */
  1101. static void
  1102. log_unsafe_socks_warning(int socks_protocol, const char *address,
  1103. uint16_t port, int safe_socks)
  1104. {
  1105. static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);
  1106. const or_options_t *options = get_options();
  1107. if (! options->WarnUnsafeSocks)
  1108. return;
  1109. if (safe_socks) {
  1110. log_fn_ratelim(&socks_ratelim, LOG_WARN, LD_APP,
  1111. "Your application (using socks%d to port %d) is giving "
  1112. "Tor only an IP address. Applications that do DNS resolves "
  1113. "themselves may leak information. Consider using Socks4A "
  1114. "(e.g. via privoxy or socat) instead. For more information, "
  1115. "please see https://wiki.torproject.org/TheOnionRouter/"
  1116. "TorFAQ#SOCKSAndDNS.%s",
  1117. socks_protocol,
  1118. (int)port,
  1119. safe_socks ? " Rejecting." : "");
  1120. }
  1121. control_event_client_status(LOG_WARN,
  1122. "DANGEROUS_SOCKS PROTOCOL=SOCKS%d ADDRESS=%s:%d",
  1123. socks_protocol, address, (int)port);
  1124. }
  1125. /** Do not attempt to parse socks messages longer than this. This value is
  1126. * actually significantly higher than the longest possible socks message. */
  1127. #define MAX_SOCKS_MESSAGE_LEN 512
  1128. /** Return a new socks_request_t. */
  1129. socks_request_t *
  1130. socks_request_new(void)
  1131. {
  1132. return tor_malloc_zero(sizeof(socks_request_t));
  1133. }
  1134. /** Free all storage held in the socks_request_t <b>req</b>. */
  1135. void
  1136. socks_request_free(socks_request_t *req)
  1137. {
  1138. if (!req)
  1139. return;
  1140. if (req->username) {
  1141. memwipe(req->username, 0x10, req->usernamelen);
  1142. tor_free(req->username);
  1143. }
  1144. if (req->password) {
  1145. memwipe(req->password, 0x04, req->passwordlen);
  1146. tor_free(req->password);
  1147. }
  1148. memwipe(req, 0xCC, sizeof(socks_request_t));
  1149. tor_free(req);
  1150. }
  1151. /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
  1152. * of the forms
  1153. * - socks4: "socksheader username\\0"
  1154. * - socks4a: "socksheader username\\0 destaddr\\0"
  1155. * - socks5 phase one: "version #methods methods"
  1156. * - socks5 phase two: "version command 0 addresstype..."
  1157. * If it's a complete and valid handshake, and destaddr fits in
  1158. * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
  1159. * assign to <b>req</b>, and return 1.
  1160. *
  1161. * If it's invalid or too big, return -1.
  1162. *
  1163. * Else it's not all there yet, leave buf alone and return 0.
  1164. *
  1165. * If you want to specify the socks reply, write it into <b>req->reply</b>
  1166. * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
  1167. *
  1168. * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
  1169. * the connection is possibly leaking DNS requests locally or not.
  1170. *
  1171. * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
  1172. *
  1173. * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
  1174. * undefined.
  1175. */
  1176. int
  1177. fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
  1178. int log_sockstype, int safe_socks)
  1179. {
  1180. int res;
  1181. ssize_t n_drain;
  1182. size_t want_length = 128;
  1183. if (buf->datalen < 2) /* version and another byte */
  1184. return 0;
  1185. do {
  1186. n_drain = 0;
  1187. buf_pullup(buf, want_length);
  1188. tor_assert(buf->head && buf->head->datalen >= 2);
  1189. want_length = 0;
  1190. res = parse_socks(buf->head->data, buf->head->datalen, req, log_sockstype,
  1191. safe_socks, &n_drain, &want_length);
  1192. if (n_drain < 0)
  1193. buf_clear(buf);
  1194. else if (n_drain > 0)
  1195. buf_remove_from_front(buf, n_drain);
  1196. } while (res == 0 && buf->head && want_length < buf->datalen &&
  1197. buf->datalen >= 2);
  1198. return res;
  1199. }
  1200. /** The size of the header of an Extended ORPort message: 2 bytes for
  1201. * COMMAND, 2 bytes for BODYLEN */
  1202. #define EXT_OR_CMD_HEADER_SIZE 4
  1203. /** Read <b>buf</b>, which should contain an Extended ORPort message
  1204. * from a transport proxy. If well-formed, create and populate
  1205. * <b>out</b> with the Extended ORport message. Return 0 if the
  1206. * buffer was incomplete, 1 if it was well-formed and -1 if we
  1207. * encountered an error while parsing it. */
  1208. int
  1209. fetch_ext_or_command_from_buf(buf_t *buf, ext_or_cmd_t **out)
  1210. {
  1211. char hdr[EXT_OR_CMD_HEADER_SIZE];
  1212. uint16_t len;
  1213. check();
  1214. if (buf->datalen < EXT_OR_CMD_HEADER_SIZE)
  1215. return 0;
  1216. peek_from_buf(hdr, sizeof(hdr), buf);
  1217. len = ntohs(get_uint16(hdr+2));
  1218. if (buf->datalen < (unsigned)len + EXT_OR_CMD_HEADER_SIZE)
  1219. return 0;
  1220. *out = ext_or_cmd_new(len);
  1221. (*out)->cmd = ntohs(get_uint16(hdr));
  1222. (*out)->len = len;
  1223. buf_remove_from_front(buf, EXT_OR_CMD_HEADER_SIZE);
  1224. fetch_from_buf((*out)->body, len, buf);
  1225. return 1;
  1226. }
  1227. /** Create a SOCKS5 reply message with <b>reason</b> in its REP field and
  1228. * have Tor send it as error response to <b>req</b>.
  1229. */
  1230. static void
  1231. socks_request_set_socks5_error(socks_request_t *req,
  1232. socks5_reply_status_t reason)
  1233. {
  1234. req->replylen = 10;
  1235. memset(req->reply,0,10);
  1236. req->reply[0] = 0x05; // VER field.
  1237. req->reply[1] = reason; // REP field.
  1238. req->reply[3] = 0x01; // ATYP field.
  1239. }
  1240. /** Implementation helper to implement fetch_from_*_socks. Instead of looking
  1241. * at a buffer's contents, we look at the <b>datalen</b> bytes of data in
  1242. * <b>data</b>. Instead of removing data from the buffer, we set
  1243. * <b>drain_out</b> to the amount of data that should be removed (or -1 if the
  1244. * buffer should be cleared). Instead of pulling more data into the first
  1245. * chunk of the buffer, we set *<b>want_length_out</b> to the number of bytes
  1246. * we'd like to see in the input buffer, if they're available. */
  1247. static int
  1248. parse_socks(const char *data, size_t datalen, socks_request_t *req,
  1249. int log_sockstype, int safe_socks, ssize_t *drain_out,
  1250. size_t *want_length_out)
  1251. {
  1252. unsigned int len;
  1253. char tmpbuf[TOR_ADDR_BUF_LEN+1];
  1254. tor_addr_t destaddr;
  1255. uint32_t destip;
  1256. uint8_t socksver;
  1257. char *next, *startaddr;
  1258. unsigned char usernamelen, passlen;
  1259. struct in_addr in;
  1260. if (datalen < 2) {
  1261. /* We always need at least 2 bytes. */
  1262. *want_length_out = 2;
  1263. return 0;
  1264. }
  1265. if (req->socks_version == 5 && !req->got_auth) {
  1266. /* See if we have received authentication. Strictly speaking, we should
  1267. also check whether we actually negotiated username/password
  1268. authentication. But some broken clients will send us authentication
  1269. even if we negotiated SOCKS_NO_AUTH. */
  1270. if (*data == 1) { /* username/pass version 1 */
  1271. /* Format is: authversion [1 byte] == 1
  1272. usernamelen [1 byte]
  1273. username [usernamelen bytes]
  1274. passlen [1 byte]
  1275. password [passlen bytes] */
  1276. usernamelen = (unsigned char)*(data + 1);
  1277. if (datalen < 2u + usernamelen + 1u) {
  1278. *want_length_out = 2u + usernamelen + 1u;
  1279. return 0;
  1280. }
  1281. passlen = (unsigned char)*(data + 2u + usernamelen);
  1282. if (datalen < 2u + usernamelen + 1u + passlen) {
  1283. *want_length_out = 2u + usernamelen + 1u + passlen;
  1284. return 0;
  1285. }
  1286. req->replylen = 2; /* 2 bytes of response */
  1287. req->reply[0] = 1; /* authversion == 1 */
  1288. req->reply[1] = 0; /* authentication successful */
  1289. log_debug(LD_APP,
  1290. "socks5: Accepted username/password without checking.");
  1291. if (usernamelen) {
  1292. req->username = tor_memdup(data+2u, usernamelen);
  1293. req->usernamelen = usernamelen;
  1294. }
  1295. if (passlen) {
  1296. req->password = tor_memdup(data+3u+usernamelen, passlen);
  1297. req->passwordlen = passlen;
  1298. }
  1299. *drain_out = 2u + usernamelen + 1u + passlen;
  1300. req->got_auth = 1;
  1301. *want_length_out = 7; /* Minimal socks5 command. */
  1302. return 0;
  1303. } else if (req->auth_type == SOCKS_USER_PASS) {
  1304. /* unknown version byte */
  1305. log_warn(LD_APP, "Socks5 username/password version %d not recognized; "
  1306. "rejecting.", (int)*data);
  1307. return -1;
  1308. }
  1309. }
  1310. socksver = *data;
  1311. switch (socksver) { /* which version of socks? */
  1312. case 5: /* socks5 */
  1313. if (req->socks_version != 5) { /* we need to negotiate a method */
  1314. unsigned char nummethods = (unsigned char)*(data+1);
  1315. int have_user_pass, have_no_auth;
  1316. int r=0;
  1317. tor_assert(!req->socks_version);
  1318. if (datalen < 2u+nummethods) {
  1319. *want_length_out = 2u+nummethods;
  1320. return 0;
  1321. }
  1322. if (!nummethods)
  1323. return -1;
  1324. req->replylen = 2; /* 2 bytes of response */
  1325. req->reply[0] = 5; /* socks5 reply */
  1326. have_user_pass = (memchr(data+2, SOCKS_USER_PASS, nummethods) !=NULL);
  1327. have_no_auth = (memchr(data+2, SOCKS_NO_AUTH, nummethods) !=NULL);
  1328. if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) {
  1329. req->auth_type = SOCKS_USER_PASS;
  1330. req->reply[1] = SOCKS_USER_PASS; /* tell client to use "user/pass"
  1331. auth method */
  1332. req->socks_version = 5; /* remember we've already negotiated auth */
  1333. log_debug(LD_APP,"socks5: accepted method 2 (username/password)");
  1334. r=0;
  1335. } else if (have_no_auth) {
  1336. req->reply[1] = SOCKS_NO_AUTH; /* tell client to use "none" auth
  1337. method */
  1338. req->socks_version = 5; /* remember we've already negotiated auth */
  1339. log_debug(LD_APP,"socks5: accepted method 0 (no authentication)");
  1340. r=0;
  1341. } else {
  1342. log_warn(LD_APP,
  1343. "socks5: offered methods don't include 'no auth' or "
  1344. "username/password. Rejecting.");
  1345. req->reply[1] = '\xFF'; /* reject all methods */
  1346. r=-1;
  1347. }
  1348. /* Remove packet from buf. Some SOCKS clients will have sent extra
  1349. * junk at this point; let's hope it's an authentication message. */
  1350. *drain_out = 2u + nummethods;
  1351. return r;
  1352. }
  1353. if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) {
  1354. log_warn(LD_APP,
  1355. "socks5: negotiated authentication, but none provided");
  1356. return -1;
  1357. }
  1358. /* we know the method; read in the request */
  1359. log_debug(LD_APP,"socks5: checking request");
  1360. if (datalen < 7) {/* basic info plus >=1 for addr plus 2 for port */
  1361. *want_length_out = 7;
  1362. return 0; /* not yet */
  1363. }
  1364. req->command = (unsigned char) *(data+1);
  1365. if (req->command != SOCKS_COMMAND_CONNECT &&
  1366. req->command != SOCKS_COMMAND_RESOLVE &&
  1367. req->command != SOCKS_COMMAND_RESOLVE_PTR) {
  1368. /* not a connect or resolve or a resolve_ptr? we don't support it. */
  1369. socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED);
  1370. log_warn(LD_APP,"socks5: command %d not recognized. Rejecting.",
  1371. req->command);
  1372. return -1;
  1373. }
  1374. switch (*(data+3)) { /* address type */
  1375. case 1: /* IPv4 address */
  1376. case 4: /* IPv6 address */ {
  1377. const int is_v6 = *(data+3) == 4;
  1378. const unsigned addrlen = is_v6 ? 16 : 4;
  1379. log_debug(LD_APP,"socks5: ipv4 address type");
  1380. if (datalen < 6+addrlen) {/* ip/port there? */
  1381. *want_length_out = 6+addrlen;
  1382. return 0; /* not yet */
  1383. }
  1384. if (is_v6)
  1385. tor_addr_from_ipv6_bytes(&destaddr, data+4);
  1386. else
  1387. tor_addr_from_ipv4n(&destaddr, get_uint32(data+4));
  1388. tor_addr_to_str(tmpbuf, &destaddr, sizeof(tmpbuf), 1);
  1389. if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
  1390. socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
  1391. log_warn(LD_APP,
  1392. "socks5 IP takes %d bytes, which doesn't fit in %d. "
  1393. "Rejecting.",
  1394. (int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN);
  1395. return -1;
  1396. }
  1397. strlcpy(req->address,tmpbuf,sizeof(req->address));
  1398. req->port = ntohs(get_uint16(data+4+addrlen));
  1399. *drain_out = 6+addrlen;
  1400. if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
  1401. !addressmap_have_mapping(req->address,0)) {
  1402. log_unsafe_socks_warning(5, req->address, req->port, safe_socks);
  1403. if (safe_socks) {
  1404. socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
  1405. return -1;
  1406. }
  1407. }
  1408. return 1;
  1409. }
  1410. case 3: /* fqdn */
  1411. log_debug(LD_APP,"socks5: fqdn address type");
  1412. if (req->command == SOCKS_COMMAND_RESOLVE_PTR) {
  1413. socks_request_set_socks5_error(req,
  1414. SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED);
  1415. log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "
  1416. "hostname type. Rejecting.");
  1417. return -1;
  1418. }
  1419. len = (unsigned char)*(data+4);
  1420. if (datalen < 7+len) { /* addr/port there? */
  1421. *want_length_out = 7+len;
  1422. return 0; /* not yet */
  1423. }
  1424. if (len+1 > MAX_SOCKS_ADDR_LEN) {
  1425. socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
  1426. log_warn(LD_APP,
  1427. "socks5 hostname is %d bytes, which doesn't fit in "
  1428. "%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN);
  1429. return -1;
  1430. }
  1431. memcpy(req->address,data+5,len);
  1432. req->address[len] = 0;
  1433. req->port = ntohs(get_uint16(data+5+len));
  1434. *drain_out = 5+len+2;
  1435. if (string_is_valid_ipv4_address(req->address) ||
  1436. string_is_valid_ipv6_address(req->address)) {
  1437. log_unsafe_socks_warning(5,req->address,req->port,safe_socks);
  1438. if (safe_socks) {
  1439. socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
  1440. return -1;
  1441. }
  1442. } else if (!string_is_valid_hostname(req->address)) {
  1443. socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
  1444. log_warn(LD_PROTOCOL,
  1445. "Your application (using socks5 to port %d) gave Tor "
  1446. "a malformed hostname: %s. Rejecting the connection.",
  1447. req->port, escaped_safe_str_client(req->address));
  1448. return -1;
  1449. }
  1450. if (log_sockstype)
  1451. log_notice(LD_APP,
  1452. "Your application (using socks5 to port %d) instructed "
  1453. "Tor to take care of the DNS resolution itself if "
  1454. "necessary. This is good.", req->port);
  1455. return 1;
  1456. default: /* unsupported */
  1457. socks_request_set_socks5_error(req,
  1458. SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED);
  1459. log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",
  1460. (int) *(data+3));
  1461. return -1;
  1462. }
  1463. tor_assert(0);
  1464. case 4: { /* socks4 */
  1465. enum {socks4, socks4a} socks4_prot = socks4a;
  1466. const char *authstart, *authend;
  1467. /* http://ss5.sourceforge.net/socks4.protocol.txt */
  1468. /* http://ss5.sourceforge.net/socks4A.protocol.txt */
  1469. req->socks_version = 4;
  1470. if (datalen < SOCKS4_NETWORK_LEN) {/* basic info available? */
  1471. *want_length_out = SOCKS4_NETWORK_LEN;
  1472. return 0; /* not yet */
  1473. }
  1474. // buf_pullup(buf, 1280);
  1475. req->command = (unsigned char) *(data+1);
  1476. if (req->command != SOCKS_COMMAND_CONNECT &&
  1477. req->command != SOCKS_COMMAND_RESOLVE) {
  1478. /* not a connect or resolve? we don't support it. (No resolve_ptr with
  1479. * socks4.) */
  1480. log_warn(LD_APP,"socks4: command %d not recognized. Rejecting.",
  1481. req->command);
  1482. return -1;
  1483. }
  1484. req->port = ntohs(get_uint16(data+2));
  1485. destip = ntohl(get_uint32(data+4));
  1486. if ((!req->port && req->command!=SOCKS_COMMAND_RESOLVE) || !destip) {
  1487. log_warn(LD_APP,"socks4: Port or DestIP is zero. Rejecting.");
  1488. return -1;
  1489. }
  1490. if (destip >> 8) {
  1491. log_debug(LD_APP,"socks4: destip not in form 0.0.0.x.");
  1492. in.s_addr = htonl(destip);
  1493. tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
  1494. if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
  1495. log_debug(LD_APP,"socks4 addr (%d bytes) too long. Rejecting.",
  1496. (int)strlen(tmpbuf));
  1497. return -1;
  1498. }
  1499. log_debug(LD_APP,
  1500. "socks4: successfully read destip (%s)",
  1501. safe_str_client(tmpbuf));
  1502. socks4_prot = socks4;
  1503. }
  1504. authstart = data + SOCKS4_NETWORK_LEN;
  1505. next = memchr(authstart, 0,
  1506. datalen-SOCKS4_NETWORK_LEN);
  1507. if (!next) {
  1508. if (datalen >= 1024) {
  1509. log_debug(LD_APP, "Socks4 user name too long; rejecting.");
  1510. return -1;
  1511. }
  1512. log_debug(LD_APP,"socks4: Username not here yet.");
  1513. *want_length_out = datalen+1024; /* More than we need, but safe */
  1514. return 0;
  1515. }
  1516. authend = next;
  1517. tor_assert(next < data+datalen);
  1518. startaddr = NULL;
  1519. if (socks4_prot != socks4a &&
  1520. !addressmap_have_mapping(tmpbuf,0)) {
  1521. log_unsafe_socks_warning(4, tmpbuf, req->port, safe_socks);
  1522. if (safe_socks)
  1523. return -1;
  1524. }
  1525. if (socks4_prot == socks4a) {
  1526. if (next+1 == data+datalen) {
  1527. log_debug(LD_APP,"socks4: No part of destaddr here yet.");
  1528. *want_length_out = datalen + 1024; /* More than we need, but safe */
  1529. return 0;
  1530. }
  1531. startaddr = next+1;
  1532. next = memchr(startaddr, 0, data + datalen - startaddr);
  1533. if (!next) {
  1534. if (datalen >= 1024) {
  1535. log_debug(LD_APP,"socks4: Destaddr too long.");
  1536. return -1;
  1537. }
  1538. log_debug(LD_APP,"socks4: Destaddr not all here yet.");
  1539. *want_length_out = datalen + 1024; /* More than we need, but safe */
  1540. return 0;
  1541. }
  1542. if (MAX_SOCKS_ADDR_LEN <= next-startaddr) {
  1543. log_warn(LD_APP,"socks4: Destaddr too long. Rejecting.");
  1544. return -1;
  1545. }
  1546. // tor_assert(next < buf->cur+buf->datalen);
  1547. if (log_sockstype)
  1548. log_notice(LD_APP,
  1549. "Your application (using socks4a to port %d) instructed "
  1550. "Tor to take care of the DNS resolution itself if "
  1551. "necessary. This is good.", req->port);
  1552. }
  1553. log_debug(LD_APP,"socks4: Everything is here. Success.");
  1554. strlcpy(req->address, startaddr ? startaddr : tmpbuf,
  1555. sizeof(req->address));
  1556. if (!tor_strisprint(req->address) || strchr(req->address,'\"')) {
  1557. log_warn(LD_PROTOCOL,
  1558. "Your application (using socks4 to port %d) gave Tor "
  1559. "a malformed hostname: %s. Rejecting the connection.",
  1560. req->port, escaped_safe_str_client(req->address));
  1561. return -1;
  1562. }
  1563. if (authend != authstart) {
  1564. req->got_auth = 1;
  1565. req->usernamelen = authend - authstart;
  1566. req->username = tor_memdup(authstart, authend - authstart);
  1567. }
  1568. /* next points to the final \0 on inbuf */
  1569. *drain_out = next - data + 1;
  1570. return 1;
  1571. }
  1572. case 'G': /* get */
  1573. case 'H': /* head */
  1574. case 'P': /* put/post */
  1575. case 'C': /* connect */
  1576. strlcpy((char*)req->reply,
  1577. "HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
  1578. "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
  1579. "<html>\n"
  1580. "<head>\n"
  1581. "<title>Tor is not an HTTP Proxy</title>\n"
  1582. "</head>\n"
  1583. "<body>\n"
  1584. "<h1>Tor is not an HTTP Proxy</h1>\n"
  1585. "<p>\n"
  1586. "It appears you have configured your web browser to use Tor as an HTTP proxy."
  1587. "\n"
  1588. "This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.\n"
  1589. "Please configure your client accordingly.\n"
  1590. "</p>\n"
  1591. "<p>\n"
  1592. "See <a href=\"https://www.torproject.org/documentation.html\">"
  1593. "https://www.torproject.org/documentation.html</a> for more "
  1594. "information.\n"
  1595. "<!-- Plus this comment, to make the body response more than 512 bytes, so "
  1596. " IE will be willing to display it. Comment comment comment comment "
  1597. " comment comment comment comment comment comment comment comment.-->\n"
  1598. "</p>\n"
  1599. "</body>\n"
  1600. "</html>\n"
  1601. , MAX_SOCKS_REPLY_LEN);
  1602. req->replylen = strlen((char*)req->reply)+1;
  1603. /* fall through */
  1604. default: /* version is not socks4 or socks5 */
  1605. log_warn(LD_APP,
  1606. "Socks version %d not recognized. (Tor is not an http proxy.)",
  1607. *(data));
  1608. {
  1609. /* Tell the controller the first 8 bytes. */
  1610. char *tmp = tor_strndup(data, datalen < 8 ? datalen : 8);
  1611. control_event_client_status(LOG_WARN,
  1612. "SOCKS_UNKNOWN_PROTOCOL DATA=\"%s\"",
  1613. escaped(tmp));
  1614. tor_free(tmp);
  1615. }
  1616. return -1;
  1617. }
  1618. }
  1619. /** Inspect a reply from SOCKS server stored in <b>buf</b> according
  1620. * to <b>state</b>, removing the protocol data upon success. Return 0 on
  1621. * incomplete response, 1 on success and -1 on error, in which case
  1622. * <b>reason</b> is set to a descriptive message (free() when finished
  1623. * with it).
  1624. *
  1625. * As a special case, 2 is returned when user/pass is required
  1626. * during SOCKS5 handshake and user/pass is configured.
  1627. */
  1628. int
  1629. fetch_from_buf_socks_client(buf_t *buf, int state, char **reason)
  1630. {
  1631. ssize_t drain = 0;
  1632. int r;
  1633. if (buf->datalen < 2)
  1634. return 0;
  1635. buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN);
  1636. tor_assert(buf->head && buf->head->datalen >= 2);
  1637. r = parse_socks_client((uint8_t*)buf->head->data, buf->head->datalen,
  1638. state, reason, &drain);
  1639. if (drain > 0)
  1640. buf_remove_from_front(buf, drain);
  1641. else if (drain < 0)
  1642. buf_clear(buf);
  1643. return r;
  1644. }
  1645. /** Implementation logic for fetch_from_*_socks_client. */
  1646. static int
  1647. parse_socks_client(const uint8_t *data, size_t datalen,
  1648. int state, char **reason,
  1649. ssize_t *drain_out)
  1650. {
  1651. unsigned int addrlen;
  1652. *drain_out = 0;
  1653. if (datalen < 2)
  1654. return 0;
  1655. switch (state) {
  1656. case PROXY_SOCKS4_WANT_CONNECT_OK:
  1657. /* Wait for the complete response */
  1658. if (datalen < 8)
  1659. return 0;
  1660. if (data[1] != 0x5a) {
  1661. *reason = tor_strdup(socks4_response_code_to_string(data[1]));
  1662. return -1;
  1663. }
  1664. /* Success */
  1665. *drain_out = 8;
  1666. return 1;
  1667. case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
  1668. /* we don't have any credentials */
  1669. if (data[1] != 0x00) {
  1670. *reason = tor_strdup("server doesn't support any of our "
  1671. "available authentication methods");
  1672. return -1;
  1673. }
  1674. log_info(LD_NET, "SOCKS 5 client: continuing without authentication");
  1675. *drain_out = -1;
  1676. return 1;
  1677. case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
  1678. /* we have a username and password. return 1 if we can proceed without
  1679. * providing authentication, or 2 otherwise. */
  1680. switch (data[1]) {
  1681. case 0x00:
  1682. log_info(LD_NET, "SOCKS 5 client: we have auth details but server "
  1683. "doesn't require authentication.");
  1684. *drain_out = -1;
  1685. return 1;
  1686. case 0x02:
  1687. log_info(LD_NET, "SOCKS 5 client: need authentication.");
  1688. *drain_out = -1;
  1689. return 2;
  1690. /* fall through */
  1691. }
  1692. *reason = tor_strdup("server doesn't support any of our available "
  1693. "authentication methods");
  1694. return -1;
  1695. case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
  1696. /* handle server reply to rfc1929 authentication */
  1697. if (data[1] != 0x00) {
  1698. *reason = tor_strdup("authentication failed");
  1699. return -1;
  1700. }
  1701. log_info(LD_NET, "SOCKS 5 client: authentication successful.");
  1702. *drain_out = -1;
  1703. return 1;
  1704. case PROXY_SOCKS5_WANT_CONNECT_OK:
  1705. /* response is variable length. BND.ADDR, etc, isn't needed
  1706. * (don't bother with buf_pullup()), but make sure to eat all
  1707. * the data used */
  1708. /* wait for address type field to arrive */
  1709. if (datalen < 4)
  1710. return 0;
  1711. switch (data[3]) {
  1712. case 0x01: /* ip4 */
  1713. addrlen = 4;
  1714. break;
  1715. case 0x04: /* ip6 */
  1716. addrlen = 16;
  1717. break;
  1718. case 0x03: /* fqdn (can this happen here?) */
  1719. if (datalen < 5)
  1720. return 0;
  1721. addrlen = 1 + data[4];
  1722. break;
  1723. default:
  1724. *reason = tor_strdup("invalid response to connect request");
  1725. return -1;
  1726. }
  1727. /* wait for address and port */
  1728. if (datalen < 6 + addrlen)
  1729. return 0;
  1730. if (data[1] != 0x00) {
  1731. *reason = tor_strdup(socks5_response_code_to_string(data[1]));
  1732. return -1;
  1733. }
  1734. *drain_out = 6 + addrlen;
  1735. return 1;
  1736. }
  1737. /* shouldn't get here... */
  1738. tor_assert(0);
  1739. return -1;
  1740. }
  1741. /** Return 1 iff buf looks more like it has an (obsolete) v0 controller
  1742. * command on it than any valid v1 controller command. */
  1743. int
  1744. peek_buf_has_control0_command(buf_t *buf)
  1745. {
  1746. if (buf->datalen >= 4) {
  1747. char header[4];
  1748. uint16_t cmd;
  1749. peek_from_buf(header, sizeof(header), buf);
  1750. cmd = ntohs(get_uint16(header+2));
  1751. if (cmd <= 0x14)
  1752. return 1; /* This is definitely not a v1 control command. */
  1753. }
  1754. return 0;
  1755. }
  1756. /** Return the index within <b>buf</b> at which <b>ch</b> first appears,
  1757. * or -1 if <b>ch</b> does not appear on buf. */
  1758. static off_t
  1759. buf_find_offset_of_char(buf_t *buf, char ch)
  1760. {
  1761. chunk_t *chunk;
  1762. off_t offset = 0;
  1763. for (chunk = buf->head; chunk; chunk = chunk->next) {
  1764. char *cp = memchr(chunk->data, ch, chunk->datalen);
  1765. if (cp)
  1766. return offset + (cp - chunk->data);
  1767. else
  1768. offset += chunk->datalen;
  1769. }
  1770. return -1;
  1771. }
  1772. /** Try to read a single LF-terminated line from <b>buf</b>, and write it
  1773. * (including the LF), NUL-terminated, into the *<b>data_len</b> byte buffer
  1774. * at <b>data_out</b>. Set *<b>data_len</b> to the number of bytes in the
  1775. * line, not counting the terminating NUL. Return 1 if we read a whole line,
  1776. * return 0 if we don't have a whole line yet, and return -1 if the line
  1777. * length exceeds *<b>data_len</b>.
  1778. */
  1779. int
  1780. fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len)
  1781. {
  1782. size_t sz;
  1783. off_t offset;
  1784. if (!buf->head)
  1785. return 0;
  1786. offset = buf_find_offset_of_char(buf, '\n');
  1787. if (offset < 0)
  1788. return 0;
  1789. sz = (size_t) offset;
  1790. if (sz+2 > *data_len) {
  1791. *data_len = sz + 2;
  1792. return -1;
  1793. }
  1794. fetch_from_buf(data_out, sz+1, buf);
  1795. data_out[sz+1] = '\0';
  1796. *data_len = sz+1;
  1797. return 1;
  1798. }
  1799. /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
  1800. * zlib state <b>state</b>, appending the result to <b>buf</b>. If
  1801. * <b>done</b> is true, flush the data in the state and finish the
  1802. * compression/uncompression. Return -1 on failure, 0 on success. */
  1803. int
  1804. write_to_buf_zlib(buf_t *buf, tor_zlib_state_t *state,
  1805. const char *data, size_t data_len,
  1806. int done)
  1807. {
  1808. char *next;
  1809. size_t old_avail, avail;
  1810. int over = 0;
  1811. do {
  1812. int need_new_chunk = 0;
  1813. if (!buf->tail || ! CHUNK_REMAINING_CAPACITY(buf->tail)) {
  1814. size_t cap = data_len / 4;
  1815. buf_add_chunk_with_capacity(buf, cap, 1);
  1816. }
  1817. next = CHUNK_WRITE_PTR(buf->tail);
  1818. avail = old_avail = CHUNK_REMAINING_CAPACITY(buf->tail);
  1819. switch (tor_zlib_process(state, &next, &avail, &data, &data_len, done)) {
  1820. case TOR_ZLIB_DONE:
  1821. over = 1;
  1822. break;
  1823. case TOR_ZLIB_ERR:
  1824. return -1;
  1825. case TOR_ZLIB_OK:
  1826. if (data_len == 0)
  1827. over = 1;
  1828. break;
  1829. case TOR_ZLIB_BUF_FULL:
  1830. if (avail) {
  1831. /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
  1832. * automatically, whether were going to or not. */
  1833. need_new_chunk = 1;
  1834. }
  1835. break;
  1836. }
  1837. buf->datalen += old_avail - avail;
  1838. buf->tail->datalen += old_avail - avail;
  1839. if (need_new_chunk) {
  1840. buf_add_chunk_with_capacity(buf, data_len/4, 1);
  1841. }
  1842. } while (!over);
  1843. check();
  1844. return 0;
  1845. }
  1846. /** Set *<b>output</b> to contain a copy of the data in *<b>input</b> */
  1847. int
  1848. buf_set_to_copy(buf_t **output,
  1849. const buf_t *input)
  1850. {
  1851. if (*output)
  1852. buf_free(*output);
  1853. *output = buf_copy(input);
  1854. return 0;
  1855. }
  1856. /** Log an error and exit if <b>buf</b> is corrupted.
  1857. */
  1858. void
  1859. assert_buf_ok(buf_t *buf)
  1860. {
  1861. tor_assert(buf);
  1862. tor_assert(buf->magic == BUFFER_MAGIC);
  1863. if (! buf->head) {
  1864. tor_assert(!buf->tail);
  1865. tor_assert(buf->datalen == 0);
  1866. } else {
  1867. chunk_t *ch;
  1868. size_t total = 0;
  1869. tor_assert(buf->tail);
  1870. for (ch = buf->head; ch; ch = ch->next) {
  1871. total += ch->datalen;
  1872. tor_assert(ch->datalen <= ch->memlen);
  1873. tor_assert(ch->data >= &ch->mem[0]);
  1874. tor_assert(ch->data <= &ch->mem[0]+ch->memlen);
  1875. if (ch->data == &ch->mem[0]+ch->memlen) {
  1876. static int warned = 0;
  1877. if (! warned) {
  1878. log_warn(LD_BUG, "Invariant violation in buf.c related to #15083");
  1879. warned = 1;
  1880. }
  1881. }
  1882. tor_assert(ch->data+ch->datalen <= &ch->mem[0] + ch->memlen);
  1883. if (!ch->next)
  1884. tor_assert(ch == buf->tail);
  1885. }
  1886. tor_assert(buf->datalen == total);
  1887. }
  1888. }