Pārlūkot izejas kodu

Merge remote-tracking branch 'yawning-schwanenlied/bug20261'

Nick Mathewson 8 gadi atpakaļ
vecāks
revīzija
d25fed5174
4 mainītis faili ar 30 papildinājumiem un 2 dzēšanām
  1. 4 0
      changes/bug20261
  2. 3 2
      doc/tor.1.txt
  3. 16 0
      src/common/address.c
  4. 7 0
      src/or/config.c

+ 4 - 0
changes/bug20261

@@ -0,0 +1,4 @@
+  o Minor bugfixes (client, unix domain sockets):
+    - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts
+      as the client address is meaningless. Fixes bug 20261; bugfix on
+      0.2.6.3-alpha.

+ 3 - 2
doc/tor.1.txt

@@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if
     another.  Recognized isolation flags are:
     **IsolateClientAddr**;;
         Don't share circuits with streams from a different
-        client address.  (On by default and strongly recommended;
-        you can disable it with **NoIsolateClientAddr**.)
+        client address.  (On by default and strongly recommended when
+        supported; you can disable it with **NoIsolateClientAddr**.
+        Unsupported and force-disabled when using Unix domain sockets.)
     **IsolateSOCKSAuth**;;
         Don't share circuits with streams for which different
         SOCKS authentication was provided. (On by default;

+ 16 - 0
src/common/address.c

@@ -1041,6 +1041,10 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
  * Different address families (IPv4 vs IPv6) are always considered unequal if
  * <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
  * considered equivalent to their IPv4 equivalents.
+ *
+ * As a special case, all AF_UNIX addresses are always considered equal
+ * since tor_addr_t currently does not contain the information required to
+ * make the comparison.
  */
 int
 tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2,
@@ -1114,6 +1118,18 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
           return 0;
         }
       }
+      case AF_UNIX:
+        /* HACKHACKHACKHACKHACK:
+         * tor_addr_t doesn't contain a copy of sun_path, so it's not
+         * possible to comapre this at all.
+         *
+         * Since the only time we currently actually should be comparing
+         * 2 AF_UNIX addresses is when dealing with ISO_CLIENTADDR (which
+         * is diesabled for AF_UNIX SocksPorts anyway), this just returns 0.
+         *
+         * See: #20261.
+         */
+        return 0;
       default:
         /* LCOV_EXCL_START */
         tor_fragile_assert();

+ 7 - 0
src/or/config.c

@@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out,
       goto err;
     }
 
+    if (unix_socket_path && (isolation & ISO_CLIENTADDR)) {
+      /* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
+       * just silently remove the isolation flag.
+       */
+      isolation &= ~ISO_CLIENTADDR;
+    }
+
     if (out && port) {
       size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
       port_cfg_t *cfg = port_cfg_new(namelen);