Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Add a magic value to cpath_layer_t to make sure that we can tell valid cpaths from freed ones. I audited this once; it could use another audit.

svn:r3831
Nick Mathewson 20 years ago
parent
905c16846a
commit
631ab5c69b
5 changed files with 11 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      src/or/circuitbuild.c
  2. 3 0
      src/or/circuitlist.c
  3. 3 0
      src/or/or.h
  4. 1 0
      src/or/rendclient.c
  5. 1 0
      src/or/rendservice.c

+ 3 - 0
src/or/circuitbuild.c
View File 

@@ -739,6 +739,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
 
   crypt_path_t *tmp_cpath;
 
 
   tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
 
+  tmp_cpath->magic = CRYPT_PATH_MAGIC;
 
 
   memset(&cell, 0, sizeof(cell_t));
 
   cell.command = CELL_CREATED;
 
@@ -761,6 +762,7 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
 
   circ->n_crypto = tmp_cpath->f_crypto;
 
   circ->p_digest = tmp_cpath->b_digest;
 
   circ->p_crypto = tmp_cpath->b_crypto;
 
+  tmp_cpath->magic = 0;
 
   tor_free(tmp_cpath);
 
 
   memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
 
@@ -1415,6 +1417,7 @@ onion_append_hop(crypt_path_t **head_ptr, routerinfo_t *choice) {
 
   /* link hop into the cpath, at the end. */
 
   onion_append_to_cpath(head_ptr, hop);
 
 
+  hop->magic = CRYPT_PATH_MAGIC;
 
   hop->state = CPATH_STATE_CLOSED;
 
 
   hop->port = choice->or_port;

+ 3 - 0
src/or/circuitlist.c
View File 

@@ -181,6 +181,7 @@ circuit_free_cpath_node(crypt_path_t *victim) {
 
     crypto_free_digest_env(victim->b_digest);
 
   if (victim->handshake_state)
 
     crypto_dh_free(victim->handshake_state);
 
+  victim->magic = 0xDEADBEEFu;
 
   tor_free(victim);
 
 }
 
 
@@ -456,6 +457,8 @@ void assert_cpath_layer_ok(const crypt_path_t *cp)
 
 {
 
 //  tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
 
 //  tor_assert(cp->port);
 
+  tor_assert(cp);
 
+  tor_assert(cp->magic == CRYPT_PATH_MAGIC);
 
   switch (cp->state)
 
     {
 
     case CPATH_STATE_OPEN:

+ 3 - 0
src/or/or.h
View File 

@@ -707,9 +707,12 @@ typedef struct {
 
   char *signing_router;
 
 } routerlist_t;
 
 
+#define CRYPT_PATH_MAGIC 0x70127012u
 
+
 
 /** Holds accounting information for a single step in the layered encryption
 
  * performed by a circuit.  Used only at the client edge of a circuit. */
 
 struct crypt_path_t {
 
+  uint32_t magic;
 
 
   /* crypto environments */
 
   /** Encryption key and counter for cells heading towards the OR at this

+ 1 - 0
src/or/rendclient.c
View File 

@@ -82,6 +82,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
 
   if (!cpath) {
 
     cpath = rendcirc->build_state->pending_final_cpath =
 
       tor_malloc_zero(sizeof(crypt_path_t));
 
+    cpath->magic = CRYPT_PATH_MAGIC;
 
     if (!(cpath->handshake_state = crypto_dh_new())) {
 
       log_fn(LOG_WARN, "Couldn't allocate DH");
 
       goto err;

+ 1 - 0
src/or/rendservice.c
View File 

@@ -508,6 +508,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
 
           sizeof(launched->rend_query));
 
   launched->build_state->pending_final_cpath = cpath =
 
     tor_malloc_zero(sizeof(crypt_path_t));
 
+  cpath->magic = CRYPT_PATH_MAGIC;
 
   launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
 
 
   cpath->handshake_state = dh;