[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r11017: Close immediately after anything but a successful authentica (in tor/branches/tor-0_1_2-patches: . src/or)



Author: nickm
Date: 2007-08-01 21:29:53 -0400 (Wed, 01 Aug 2007)
New Revision: 11017

Modified:
   tor/branches/tor-0_1_2-patches/
   tor/branches/tor-0_1_2-patches/ChangeLog
   tor/branches/tor-0_1_2-patches/src/or/control.c
Log:
 r13894@Kushana:  nickm | 2007-08-01 18:29:39 -0700
 Close immediately after anything but a successful authentication attempt on the control port.  [Backport.]  Isn't Defcon _fun_, kids?



Property changes on: tor/branches/tor-0_1_2-patches
___________________________________________________________________
 svk:merge ticket from /tor/branches/012 [r13894] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/branches/tor-0_1_2-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_2-patches/ChangeLog	2007-08-02 01:28:40 UTC (rev 11016)
+++ tor/branches/tor-0_1_2-patches/ChangeLog	2007-08-02 01:29:53 UTC (rev 11017)
@@ -1,3 +1,9 @@
+Changes in version 0.1.2.16 - 2007-08-01
+  o Major security fixes:
+    - Close immediately after missing authentication on control port;
+      do not allow multiple authentication attempts.
+
+
 Changes in version 0.1.2.15 - 2007-07-17
   o Major bugfixes (compilation):
     - Fix compile on FreeBSD/NetBSD/OpenBSD. Oops.

Modified: tor/branches/tor-0_1_2-patches/src/or/control.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/control.c	2007-08-02 01:28:40 UTC (rev 11016)
+++ tor/branches/tor-0_1_2-patches/src/or/control.c	2007-08-02 01:29:53 UTC (rev 11017)
@@ -1221,6 +1221,7 @@
             "password?  If so, the standard requires that you put it in "
             "double quotes.\r\n", conn);
         tor_free(password);
+        connection_mark_for_close(TO_CONN(conn));
         return 0;
       }
       password_len = i/2;
@@ -1231,6 +1232,7 @@
       if (!get_escaped_string(body, len, &password, &password_len)) {
         connection_write_str_to_buf("551 Invalid quoted string.  You need "
             "to put the password in double quotes.\r\n", conn);
+        connection_mark_for_close(TO_CONN(conn));
         return 0;
       }
       used_quoted_string = 1;
@@ -1287,6 +1289,7 @@
     connection_printf_to_buf(conn, "515 Authentication failed: %s\r\n",
                              errstr);
   }
+  connection_mark_for_close(TO_CONN(conn));
   return 0;
  ok:
   log_info(LD_CONTROL, "Authenticated control connection (%d)", conn->_base.s);
@@ -2818,6 +2821,7 @@
   if (conn->_base.state == CONTROL_CONN_STATE_NEEDAUTH_V1 &&
       strcasecmp(conn->incoming_cmd, "AUTHENTICATE")) {
     connection_write_str_to_buf("514 Authentication required.\r\n", conn);
+    connection_mark_for_close(TO_CONN(conn));
     conn->incoming_cmd_cur_len = 0;
     goto again;
   }