[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13390: Fix some XXX020 items in control.c: add a maximum line lengt (in tor/trunk: . doc/spec src/or)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r13390: Fix some XXX020 items in control.c: add a maximum line lengt (in tor/trunk: . doc/spec src/or)
From: nickm@xxxxxxxx
Date: Tue, 5 Feb 2008 16:39:49 -0500 (EST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Tue, 05 Feb 2008 16:40:09 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: nickm
Date: 2008-02-05 16:39:49 -0500 (Tue, 05 Feb 2008)
New Revision: 13390

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/spec/control-spec.txt
   tor/trunk/src/or/control.c
Log:
 r17916@catbus:  nickm | 2008-02-05 16:29:35 -0500
 Fix some XXX020 items in control.c: add a maximum line length and note that the number of versioning authorities is no longer apparent to clients.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r17916] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-02-05 21:39:46 UTC (rev 13389)
+++ tor/trunk/ChangeLog	2008-02-05 21:39:49 UTC (rev 13390)
@@ -1,8 +1,17 @@
 Changes in version 0.2.0.19-alpha - 2008-02-??
-  o Minor features:
+  o Minor features (directory authority):
     - Actually validate the options passed to AuthDirReject, AuthDirInvalid,
       AuthDirBadDir, and AuthDirBadExit.
 
+  o Minor features (controller):
+    - Reject controller commands over 1MB in length.  This keeps rogue
+      processes from running us out of memory.
+
+  o Deprecated features (controller):
+    - The status/version/num-versioning and status/version/num-concurring
+      GETINFO options are no longer useful in the V3 directory protocol:
+      treat them as deprecated, and warn when they're used.
+
   o Major bugfixes:
     - If we're a relay, avoid picking ourselves as an introduction point,
       a rendezvous point, or as the final hop for internal circuits. Bug

Modified: tor/trunk/doc/spec/control-spec.txt
===================================================================
--- tor/trunk/doc/spec/control-spec.txt	2008-02-05 21:39:46 UTC (rev 13389)
+++ tor/trunk/doc/spec/control-spec.txt	2008-02-05 21:39:49 UTC (rev 13390)
@@ -557,9 +557,6 @@
     "status/version/recommended" -- List of currently recommended versions
     "status/version/current" -- Status of the current version. One of:
         new, old, unrecommended, recommended, new in series, obsolete.
-    "status/version/num-versioning" -- Number of versioning authorities
-    "status/version/num-concurring" -- Number of versioning authorities
-        agreeing on the status of the current version
 
   Examples:
      C: GETINFO version desc/name/moria1

Modified: tor/trunk/src/or/control.c
===================================================================
--- tor/trunk/src/or/control.c	2008-02-05 21:39:46 UTC (rev 13389)
+++ tor/trunk/src/or/control.c	2008-02-05 21:39:49 UTC (rev 13390)
@@ -1640,8 +1640,7 @@
     smartlist_free(status);
   } else if (!strcmpstart(question, "addr-mappings/") ||
              !strcmpstart(question, "address-mappings/")) {
-    /* XXXX020 Warn about deprecated addr-mappings variant?  Or wait for
-     * 0.2.1.x? */
+    /* XXXX021 Warn about deprecated addr-mappings variant. */
     time_t min_e, max_e;
     smartlist_t *mappings;
     int want_expiry = !strcmpstart(question, "address-mappings/");
@@ -1712,10 +1711,11 @@
           }
       } else if (!strcmp(question, "status/version/num-versioning") ||
                  !strcmp(question, "status/version/num-concurring")) {
-        /*XXXX020 deprecate.*/
         char s[33];
         tor_snprintf(s, sizeof(s), "%d", get_n_authorities(V3_AUTHORITY));
         *answer = tor_strdup(s);
+        log_warn(LD_GENERAL, "%s is deprecated; it no longer gives useful "
+                 "information");
       }
     } else {
       return 0;
@@ -2627,6 +2627,11 @@
   return 0;
 }
 
+/** Do not accept any control command of more than 1MB in length.  Anything
+ * that needs to be anywhere near this long probably means that one of our
+ * interfaces is broken. */
+#define MAX_COMMAND_LINE_LENGTH (1024*1024)
+
 /** Called when data has arrived on a v1 control connection: Try to fetch
  * commands from conn->inbuf, and execute them.
  */
@@ -2679,7 +2684,12 @@
         /* Line not all here yet. Wait. */
         return 0;
       else if (r == -1) {
-        /*XXXX020 impose some maximum on length! */
+        if (data_len + conn->incoming_cmd_cur_len > MAX_COMMAND_LINE_LENGTH) {
+          connection_write_str_to_buf("500 Line too long.\r\n", TO_CONN(conn));
+          connection_stop_reading(TO_CONN(conn));
+          connection_mark_for_close(TO_CONN(conn));
+          conn->_base.hold_open_until_flushed = 1;
+        }
         while (conn->incoming_cmd_len < data_len+conn->incoming_cmd_cur_len)
           conn->incoming_cmd_len *= 2;
         conn->incoming_cmd = tor_realloc(conn->incoming_cmd,

Prev by Author: [or-cvs] r13389: Remove a dead function. (in tor/trunk: . src/or)
Next by Author: [or-cvs] r13391: Oops; fix compilation of control.c (in tor/trunk: . src/or)
Previous by thread: [or-cvs] r13389: Remove a dead function. (in tor/trunk: . src/or)
Next by thread: [or-cvs] r13391: Oops; fix compilation of control.c (in tor/trunk: . src/or)
Index(es):
- Author
- Thread