[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Add a magic value to cpath_layer_t to make sure that we can...



Update of /home/or/cvsroot/tor/src/or
In directory moria.mit.edu:/tmp/cvs-serv32031/src/or

Modified Files:
	circuitbuild.c circuitlist.c or.h rendclient.c rendservice.c 
Log Message:
Add a magic value to cpath_layer_t to make sure that we can tell valid cpaths from freed ones.  I audited this once; it could use another audit.

Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitbuild.c,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -d -r1.92 -r1.93
--- circuitbuild.c	22 Mar 2005 23:20:33 -0000	1.92
+++ circuitbuild.c	23 Mar 2005 06:21:47 -0000	1.93
@@ -739,6 +739,7 @@
   crypt_path_t *tmp_cpath;
 
   tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
+  tmp_cpath->magic = CRYPT_PATH_MAGIC;
 
   memset(&cell, 0, sizeof(cell_t));
   cell.command = CELL_CREATED;
@@ -761,6 +762,7 @@
   circ->n_crypto = tmp_cpath->f_crypto;
   circ->p_digest = tmp_cpath->b_digest;
   circ->p_crypto = tmp_cpath->b_crypto;
+  tmp_cpath->magic = 0;
   tor_free(tmp_cpath);
 
   memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
@@ -1415,6 +1417,7 @@
   /* link hop into the cpath, at the end. */
   onion_append_to_cpath(head_ptr, hop);
 
+  hop->magic = CRYPT_PATH_MAGIC;
   hop->state = CPATH_STATE_CLOSED;
 
   hop->port = choice->or_port;

Index: circuitlist.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitlist.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- circuitlist.c	22 Mar 2005 01:01:15 -0000	1.32
+++ circuitlist.c	23 Mar 2005 06:21:47 -0000	1.33
@@ -181,6 +181,7 @@
     crypto_free_digest_env(victim->b_digest);
   if (victim->handshake_state)
     crypto_dh_free(victim->handshake_state);
+  victim->magic = 0xDEADBEEFu;
   tor_free(victim);
 }
 
@@ -456,6 +457,8 @@
 {
 //  tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
 //  tor_assert(cp->port);
+  tor_assert(cp);
+  tor_assert(cp->magic == CRYPT_PATH_MAGIC);
   switch (cp->state)
     {
     case CPATH_STATE_OPEN:

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.569
retrieving revision 1.570
diff -u -d -r1.569 -r1.570
--- or.h	22 Mar 2005 20:25:51 -0000	1.569
+++ or.h	23 Mar 2005 06:21:47 -0000	1.570
@@ -707,9 +707,12 @@
   char *signing_router;
 } routerlist_t;
 
+#define CRYPT_PATH_MAGIC 0x70127012u
+
 /** Holds accounting information for a single step in the layered encryption
  * performed by a circuit.  Used only at the client edge of a circuit. */
 struct crypt_path_t {
+  uint32_t magic;
 
   /* crypto environments */
   /** Encryption key and counter for cells heading towards the OR at this

Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendclient.c,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -d -r1.78 -r1.79
--- rendclient.c	22 Mar 2005 01:01:15 -0000	1.78
+++ rendclient.c	23 Mar 2005 06:21:48 -0000	1.79
@@ -82,6 +82,7 @@
   if (!cpath) {
     cpath = rendcirc->build_state->pending_final_cpath =
       tor_malloc_zero(sizeof(crypt_path_t));
+    cpath->magic = CRYPT_PATH_MAGIC;
     if (!(cpath->handshake_state = crypto_dh_new())) {
       log_fn(LOG_WARN, "Couldn't allocate DH");
       goto err;

Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendservice.c,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -d -r1.119 -r1.120
--- rendservice.c	19 Mar 2005 04:38:59 -0000	1.119
+++ rendservice.c	23 Mar 2005 06:21:48 -0000	1.120
@@ -508,6 +508,7 @@
           sizeof(launched->rend_query));
   launched->build_state->pending_final_cpath = cpath =
     tor_malloc_zero(sizeof(crypt_path_t));
+  cpath->magic = CRYPT_PATH_MAGIC;
   launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
 
   cpath->handshake_state = dh;