[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Add a magic value to cpath_layer_t to make sure that we can...
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] Add a magic value to cpath_layer_t to make sure that we can...
- From: nickm@xxxxxxxx (Nick Mathewson)
- Date: Wed, 23 Mar 2005 01:21:51 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Wed, 23 Mar 2005 01:22:23 -0500
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Update of /home/or/cvsroot/tor/src/or
In directory moria.mit.edu:/tmp/cvs-serv32031/src/or
Modified Files:
circuitbuild.c circuitlist.c or.h rendclient.c rendservice.c
Log Message:
Add a magic value to cpath_layer_t to make sure that we can tell valid cpaths from freed ones. I audited this once; it could use another audit.
Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitbuild.c,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -d -r1.92 -r1.93
--- circuitbuild.c 22 Mar 2005 23:20:33 -0000 1.92
+++ circuitbuild.c 23 Mar 2005 06:21:47 -0000 1.93
@@ -739,6 +739,7 @@
crypt_path_t *tmp_cpath;
tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
+ tmp_cpath->magic = CRYPT_PATH_MAGIC;
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_CREATED;
@@ -761,6 +762,7 @@
circ->n_crypto = tmp_cpath->f_crypto;
circ->p_digest = tmp_cpath->b_digest;
circ->p_crypto = tmp_cpath->b_crypto;
+ tmp_cpath->magic = 0;
tor_free(tmp_cpath);
memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
@@ -1415,6 +1417,7 @@
/* link hop into the cpath, at the end. */
onion_append_to_cpath(head_ptr, hop);
+ hop->magic = CRYPT_PATH_MAGIC;
hop->state = CPATH_STATE_CLOSED;
hop->port = choice->or_port;
Index: circuitlist.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitlist.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- circuitlist.c 22 Mar 2005 01:01:15 -0000 1.32
+++ circuitlist.c 23 Mar 2005 06:21:47 -0000 1.33
@@ -181,6 +181,7 @@
crypto_free_digest_env(victim->b_digest);
if (victim->handshake_state)
crypto_dh_free(victim->handshake_state);
+ victim->magic = 0xDEADBEEFu;
tor_free(victim);
}
@@ -456,6 +457,8 @@
{
// tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
// tor_assert(cp->port);
+ tor_assert(cp);
+ tor_assert(cp->magic == CRYPT_PATH_MAGIC);
switch (cp->state)
{
case CPATH_STATE_OPEN:
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.569
retrieving revision 1.570
diff -u -d -r1.569 -r1.570
--- or.h 22 Mar 2005 20:25:51 -0000 1.569
+++ or.h 23 Mar 2005 06:21:47 -0000 1.570
@@ -707,9 +707,12 @@
char *signing_router;
} routerlist_t;
+#define CRYPT_PATH_MAGIC 0x70127012u
+
/** Holds accounting information for a single step in the layered encryption
* performed by a circuit. Used only at the client edge of a circuit. */
struct crypt_path_t {
+ uint32_t magic;
/* crypto environments */
/** Encryption key and counter for cells heading towards the OR at this
Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendclient.c,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -d -r1.78 -r1.79
--- rendclient.c 22 Mar 2005 01:01:15 -0000 1.78
+++ rendclient.c 23 Mar 2005 06:21:48 -0000 1.79
@@ -82,6 +82,7 @@
if (!cpath) {
cpath = rendcirc->build_state->pending_final_cpath =
tor_malloc_zero(sizeof(crypt_path_t));
+ cpath->magic = CRYPT_PATH_MAGIC;
if (!(cpath->handshake_state = crypto_dh_new())) {
log_fn(LOG_WARN, "Couldn't allocate DH");
goto err;
Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendservice.c,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -d -r1.119 -r1.120
--- rendservice.c 19 Mar 2005 04:38:59 -0000 1.119
+++ rendservice.c 23 Mar 2005 06:21:48 -0000 1.120
@@ -508,6 +508,7 @@
sizeof(launched->rend_query));
launched->build_state->pending_final_cpath = cpath =
tor_malloc_zero(sizeof(crypt_path_t));
+ cpath->magic = CRYPT_PATH_MAGIC;
launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
cpath->handshake_state = dh;