1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Implements a generic interface buffer. Buffers are
10 * fairly opaque string holders that can read to or flush from:
11 * memory, file descriptors, or TLS connections.
13 #define BUFFERS_PRIVATE
17 #include "connection_edge.h"
18 #include "connection_or.h"
21 #include "../common/util.h"
22 #include "../common/torlog.h"
30 /** Helper: If PARANOIA is defined, assert that the buffer in local variable
31 * <b>buf</b> is well-formed. */
32 #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
34 #define check() STMT_NIL
37 /* Implementation notes:
39 * After flirting with memmove, and dallying with ring-buffers, we're finally
40 * getting up to speed with the 1970s and implementing buffers as a linked
41 * list of small chunks. Each buffer has such a list; data is removed from
42 * the head of the list, and added at the tail. The list is singly linked,
43 * and the buffer keeps a pointer to the head and the tail.
45 * Every chunk, except the tail, contains at least one byte of data. Data in
46 * each chunk is contiguous.
48 * When you need to treat the first N characters on a buffer as a contiguous
49 * string, use the buf_pullup function to make them so. Don't do this more
52 * The major free Unix kernels have handled buffers like this since, like,
56 static int parse_socks(const char *data
, size_t datalen
, socks_request_t
*req
,
57 int log_sockstype
, int safe_socks
, ssize_t
*drain_out
,
58 size_t *want_length_out
);
59 static int parse_socks_client(const uint8_t *data
, size_t datalen
,
60 int state
, char **reason
,
63 /* Chunk manipulation functions */
65 /** A single chunk on a buffer or in a freelist. */
66 typedef struct chunk_t
{
67 struct chunk_t
*next
; /**< The next chunk on the buffer or freelist. */
68 size_t datalen
; /**< The number of bytes stored in this chunk */
69 size_t memlen
; /**< The number of usable bytes of storage in <b>mem</b>. */
70 char *data
; /**< A pointer to the first byte of data stored in <b>mem</b>. */
71 char mem
[FLEXIBLE_ARRAY_MEMBER
]; /**< The actual memory used for storage in
75 #define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])
77 /** Return the number of bytes needed to allocate a chunk to hold
78 * <b>memlen</b> bytes. */
79 #define CHUNK_ALLOC_SIZE(memlen) (CHUNK_HEADER_LEN + (memlen))
80 /** Return the number of usable bytes in a chunk allocated with
81 * malloc(<b>memlen</b>). */
82 #define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_HEADER_LEN)
84 /** Return the next character in <b>chunk</b> onto which data can be appended.
85 * If the chunk is full, this might be off the end of chunk->mem. */
87 CHUNK_WRITE_PTR(chunk_t
*chunk
)
89 return chunk
->data
+ chunk
->datalen
;
92 /** Return the number of bytes that can be written onto <b>chunk</b> without
93 * running out of space. */
95 CHUNK_REMAINING_CAPACITY(const chunk_t
*chunk
)
97 return (chunk
->mem
+ chunk
->memlen
) - (chunk
->data
+ chunk
->datalen
);
100 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
101 * to free up space at the end. */
103 chunk_repack(chunk_t
*chunk
)
105 if (chunk
->datalen
&& chunk
->data
!= &chunk
->mem
[0]) {
106 memmove(chunk
->mem
, chunk
->data
, chunk
->datalen
);
108 chunk
->data
= &chunk
->mem
[0];
111 #if defined(ENABLE_BUF_FREELISTS) || defined(RUNNING_DOXYGEN)
112 /** A freelist of chunks. */
113 typedef struct chunk_freelist_t
{
114 size_t alloc_size
; /**< What size chunks does this freelist hold? */
115 int max_length
; /**< Never allow more than this number of chunks in the
117 int slack
; /**< When trimming the freelist, leave this number of extra
118 * chunks beyond lowest_length.*/
119 int cur_length
; /**< How many chunks on the freelist now? */
120 int lowest_length
; /**< What's the smallest value of cur_length since the
121 * last time we cleaned this freelist? */
125 chunk_t
*head
; /**< First chunk on the freelist. */
128 /** Macro to help define freelists. */
129 #define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }
131 /** Static array of freelists, sorted by alloc_len, terminated by an entry
132 * with alloc_size of 0. */
133 static chunk_freelist_t freelists
[] = {
134 FL(4096, 256, 8), FL(8192, 128, 4), FL(16384, 64, 4), FL(32768, 32, 2),
138 /** How many times have we looked for a chunk of a size that no freelist
139 * could help with? */
140 static uint64_t n_freelist_miss
= 0;
142 static void assert_freelist_ok(chunk_freelist_t
*fl
);
144 /** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if
145 * no freelist exists for that size. */
146 static INLINE chunk_freelist_t
*
147 get_freelist(size_t alloc
)
150 for (i
=0; freelists
[i
].alloc_size
<= alloc
; ++i
) {
151 if (freelists
[i
].alloc_size
== alloc
) {
152 return &freelists
[i
];
158 /** Deallocate a chunk or put it on a freelist */
160 chunk_free_unchecked(chunk_t
*chunk
)
163 chunk_freelist_t
*freelist
;
165 alloc
= CHUNK_ALLOC_SIZE(chunk
->memlen
);
166 freelist
= get_freelist(alloc
);
167 if (freelist
&& freelist
->cur_length
< freelist
->max_length
) {
168 chunk
->next
= freelist
->head
;
169 freelist
->head
= chunk
;
170 ++freelist
->cur_length
;
178 /** Allocate a new chunk with a given allocation size, or get one from the
179 * freelist. Note that a chunk with allocation size A can actually hold only
180 * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
181 static INLINE chunk_t
*
182 chunk_new_with_alloc_size(size_t alloc
)
185 chunk_freelist_t
*freelist
;
186 tor_assert(alloc
>= sizeof(chunk_t
));
187 freelist
= get_freelist(alloc
);
188 if (freelist
&& freelist
->head
) {
190 freelist
->head
= ch
->next
;
191 if (--freelist
->cur_length
< freelist
->lowest_length
)
192 freelist
->lowest_length
= freelist
->cur_length
;
195 /* XXXX take advantage of tor_malloc_roundup, once we know how that
196 * affects freelists. */
201 ch
= tor_malloc(alloc
);
205 ch
->memlen
= CHUNK_SIZE_WITH_ALLOC(alloc
);
206 ch
->data
= &ch
->mem
[0];
211 chunk_free_unchecked(chunk_t
*chunk
)
215 static INLINE chunk_t
*
216 chunk_new_with_alloc_size(size_t alloc
)
219 ch
= tor_malloc_roundup(&alloc
);
222 ch
->memlen
= CHUNK_SIZE_WITH_ALLOC(alloc
);
223 ch
->data
= &ch
->mem
[0];
228 /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
229 * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
230 static INLINE chunk_t
*
231 chunk_grow(chunk_t
*chunk
, size_t sz
)
234 tor_assert(sz
> chunk
->memlen
);
235 offset
= chunk
->data
- chunk
->mem
;
236 chunk
= tor_realloc(chunk
, CHUNK_ALLOC_SIZE(sz
));
238 chunk
->data
= chunk
->mem
+ offset
;
242 /** If a read onto the end of a chunk would be smaller than this number, then
243 * just start a new chunk. */
244 #define MIN_READ_LEN 8
245 /** Every chunk should take up at least this many bytes. */
246 #define MIN_CHUNK_ALLOC 256
247 /** No chunk should take up more than this many bytes. */
248 #define MAX_CHUNK_ALLOC 65536
250 /** Return the allocation size we'd like to use to hold <b>target</b>
253 preferred_chunk_size(size_t target
)
255 size_t sz
= MIN_CHUNK_ALLOC
;
256 while (CHUNK_SIZE_WITH_ALLOC(sz
) < target
) {
262 /** Remove from the freelists most chunks that have not been used since the
263 * last call to buf_shrink_freelists(). */
265 buf_shrink_freelists(int free_all
)
267 #ifdef ENABLE_BUF_FREELISTS
269 disable_control_logging();
270 for (i
= 0; freelists
[i
].alloc_size
; ++i
) {
271 int slack
= freelists
[i
].slack
;
272 assert_freelist_ok(&freelists
[i
]);
273 if (free_all
|| freelists
[i
].lowest_length
> slack
) {
274 int n_to_free
= free_all
? freelists
[i
].cur_length
:
275 (freelists
[i
].lowest_length
- slack
);
276 int n_to_skip
= freelists
[i
].cur_length
- n_to_free
;
277 int orig_length
= freelists
[i
].cur_length
;
278 int orig_n_to_free
= n_to_free
, n_freed
=0;
279 int orig_n_to_skip
= n_to_skip
;
280 int new_length
= n_to_skip
;
281 chunk_t
**chp
= &freelists
[i
].head
;
284 if (! (*chp
)->next
) {
285 log_warn(LD_BUG
, "I wanted to skip %d chunks in the freelist for "
286 "%d-byte chunks, but only found %d. (Length %d)",
287 orig_n_to_skip
, (int)freelists
[i
].alloc_size
,
288 orig_n_to_skip
-n_to_skip
, freelists
[i
].cur_length
);
289 assert_freelist_ok(&freelists
[i
]);
292 // tor_assert((*chp)->next);
299 chunk_t
*next
= chunk
->next
;
304 ++freelists
[i
].n_free
;
307 log_warn(LD_BUG
, "Freelist length for %d-byte chunks may have been "
308 "messed up somehow.", (int)freelists
[i
].alloc_size
);
309 log_warn(LD_BUG
, "There were %d chunks at the start. I decided to "
310 "keep %d. I wanted to free %d. I freed %d. I somehow think "
311 "I have %d left to free.",
312 freelists
[i
].cur_length
, n_to_skip
, orig_n_to_free
,
315 // tor_assert(!n_to_free);
316 freelists
[i
].cur_length
= new_length
;
317 log_info(LD_MM
, "Cleaned freelist for %d-byte chunks: original "
318 "length %d, kept %d, dropped %d.",
319 (int)freelists
[i
].alloc_size
, orig_length
,
320 orig_n_to_skip
, orig_n_to_free
);
322 freelists
[i
].lowest_length
= freelists
[i
].cur_length
;
323 assert_freelist_ok(&freelists
[i
]);
326 enable_control_logging();
332 /** Describe the current status of the freelists at log level <b>severity</b>.
335 buf_dump_freelist_sizes(int severity
)
337 #ifdef ENABLE_BUF_FREELISTS
339 log(severity
, LD_MM
, "====== Buffer freelists:");
340 for (i
= 0; freelists
[i
].alloc_size
; ++i
) {
341 uint64_t total
= ((uint64_t)freelists
[i
].cur_length
) *
342 freelists
[i
].alloc_size
;
344 U64_FORMAT
" bytes in %d %d-byte chunks ["U64_FORMAT
345 " misses; "U64_FORMAT
" frees; "U64_FORMAT
" hits]",
346 U64_PRINTF_ARG(total
),
347 freelists
[i
].cur_length
, (int)freelists
[i
].alloc_size
,
348 U64_PRINTF_ARG(freelists
[i
].n_alloc
),
349 U64_PRINTF_ARG(freelists
[i
].n_free
),
350 U64_PRINTF_ARG(freelists
[i
].n_hit
));
352 log(severity
, LD_MM
, U64_FORMAT
" allocations in non-freelist sizes",
353 U64_PRINTF_ARG(n_freelist_miss
));
359 /** Magic value for buf_t.magic, to catch pointer errors. */
360 #define BUFFER_MAGIC 0xB0FFF312u
361 /** A resizeable buffer, optimized for reading and writing. */
363 uint32_t magic
; /**< Magic cookie for debugging: Must be set to
365 size_t datalen
; /**< How many bytes is this buffer holding right now? */
366 size_t default_chunk_size
; /**< Don't allocate any chunks smaller than
367 * this for this buffer. */
368 chunk_t
*head
; /**< First chunk in the list, or NULL for none. */
369 chunk_t
*tail
; /**< Last chunk in the list, or NULL for none. */
372 /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
373 * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
374 * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
376 * If <b>nulterminate</b> is true, ensure that there is a 0 byte in
377 * buf->head->mem right after all the data. */
379 buf_pullup(buf_t
*buf
, size_t bytes
, int nulterminate
)
387 if (buf
->datalen
< bytes
)
388 bytes
= buf
->datalen
;
391 capacity
= bytes
+ 1;
392 if (buf
->head
->datalen
>= bytes
&& CHUNK_REMAINING_CAPACITY(buf
->head
)) {
393 *CHUNK_WRITE_PTR(buf
->head
) = '\0';
398 if (buf
->head
->datalen
>= bytes
)
402 if (buf
->head
->memlen
>= capacity
) {
403 /* We don't need to grow the first chunk, but we might need to repack it.*/
404 size_t needed
= capacity
- buf
->head
->datalen
;
405 if (CHUNK_REMAINING_CAPACITY(buf
->head
) < needed
)
406 chunk_repack(buf
->head
);
407 tor_assert(CHUNK_REMAINING_CAPACITY(buf
->head
) >= needed
);
411 /* We need to grow the chunk. */
412 chunk_repack(buf
->head
);
413 newsize
= CHUNK_SIZE_WITH_ALLOC(preferred_chunk_size(capacity
));
414 newhead
= chunk_grow(buf
->head
, newsize
);
415 tor_assert(newhead
->memlen
>= capacity
);
416 if (newhead
!= buf
->head
) {
417 if (buf
->tail
== buf
->head
)
424 while (dest
->datalen
< bytes
) {
425 size_t n
= bytes
- dest
->datalen
;
428 if (n
> src
->datalen
) {
429 memcpy(CHUNK_WRITE_PTR(dest
), src
->data
, src
->datalen
);
430 dest
->datalen
+= src
->datalen
;
431 dest
->next
= src
->next
;
432 if (buf
->tail
== src
)
434 chunk_free_unchecked(src
);
436 memcpy(CHUNK_WRITE_PTR(dest
), src
->data
, n
);
440 tor_assert(dest
->datalen
== bytes
);
445 tor_assert(CHUNK_REMAINING_CAPACITY(buf
->head
));
446 *CHUNK_WRITE_PTR(buf
->head
) = '\0';
452 /** Resize buf so it won't hold extra memory that we haven't been
456 buf_shrink(buf_t
*buf
)
461 /** Remove the first <b>n</b> bytes from buf. */
463 buf_remove_from_front(buf_t
*buf
, size_t n
)
465 tor_assert(buf
->datalen
>= n
);
467 tor_assert(buf
->head
);
468 if (buf
->head
->datalen
> n
) {
469 buf
->head
->datalen
-= n
;
470 buf
->head
->data
+= n
;
474 chunk_t
*victim
= buf
->head
;
475 n
-= victim
->datalen
;
476 buf
->datalen
-= victim
->datalen
;
477 buf
->head
= victim
->next
;
478 if (buf
->tail
== victim
)
480 chunk_free_unchecked(victim
);
486 /** Create and return a new buf with default chunk capacity <b>size</b>.
489 buf_new_with_capacity(size_t size
)
491 buf_t
*b
= buf_new();
492 b
->default_chunk_size
= preferred_chunk_size(size
);
496 /** Allocate and return a new buffer with default capacity. */
500 buf_t
*buf
= tor_malloc_zero(sizeof(buf_t
));
501 buf
->magic
= BUFFER_MAGIC
;
502 buf
->default_chunk_size
= 4096;
506 /** Remove all data from <b>buf</b>. */
508 buf_clear(buf_t
*buf
)
510 chunk_t
*chunk
, *next
;
512 for (chunk
= buf
->head
; chunk
; chunk
= next
) {
514 chunk_free_unchecked(chunk
);
516 buf
->head
= buf
->tail
= NULL
;
519 /** Return the number of bytes stored in <b>buf</b> */
521 buf_datalen(const buf_t
*buf
)
526 /** Return the total length of all chunks used in <b>buf</b>. */
528 buf_allocation(const buf_t
*buf
)
531 const chunk_t
*chunk
;
532 for (chunk
= buf
->head
; chunk
; chunk
= chunk
->next
) {
533 total
+= chunk
->memlen
;
538 /** Return the number of bytes that can be added to <b>buf</b> without
539 * performing any additional allocation. */
541 buf_slack(const buf_t
*buf
)
546 return CHUNK_REMAINING_CAPACITY(buf
->tail
);
549 /** Release storage held by <b>buf</b>. */
557 buf
->magic
= 0xdeadbeef;
561 /** Return a new copy of <b>in_chunk</b> */
563 chunk_copy(const chunk_t
*in_chunk
)
565 chunk_t
*newch
= tor_memdup(in_chunk
, CHUNK_ALLOC_SIZE(in_chunk
->memlen
));
567 if (in_chunk
->data
) {
568 off_t offset
= in_chunk
->data
- in_chunk
->mem
;
569 newch
->data
= newch
->mem
+ offset
;
574 /** Return a new copy of <b>buf</b> */
576 buf_copy(const buf_t
*buf
)
579 buf_t
*out
= buf_new();
580 out
->default_chunk_size
= buf
->default_chunk_size
;
581 for (ch
= buf
->head
; ch
; ch
= ch
->next
) {
582 chunk_t
*newch
= chunk_copy(ch
);
584 out
->tail
->next
= newch
;
587 out
->head
= out
->tail
= newch
;
590 out
->datalen
= buf
->datalen
;
594 /** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
595 * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
596 * than MAX_CHUNK_ALLOC. */
598 buf_add_chunk_with_capacity(buf_t
*buf
, size_t capacity
, int capped
)
601 if (CHUNK_ALLOC_SIZE(capacity
) < buf
->default_chunk_size
) {
602 chunk
= chunk_new_with_alloc_size(buf
->default_chunk_size
);
603 } else if (capped
&& CHUNK_ALLOC_SIZE(capacity
) > MAX_CHUNK_ALLOC
) {
604 chunk
= chunk_new_with_alloc_size(MAX_CHUNK_ALLOC
);
606 chunk
= chunk_new_with_alloc_size(preferred_chunk_size(capacity
));
609 tor_assert(buf
->head
);
610 buf
->tail
->next
= chunk
;
613 tor_assert(!buf
->head
);
614 buf
->head
= buf
->tail
= chunk
;
620 /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
621 * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
622 * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
623 * and the number of bytes read otherwise. */
625 read_to_chunk(buf_t
*buf
, chunk_t
*chunk
, tor_socket_t fd
, size_t at_most
,
626 int *reached_eof
, int *socket_error
)
629 if (at_most
> CHUNK_REMAINING_CAPACITY(chunk
))
630 at_most
= CHUNK_REMAINING_CAPACITY(chunk
);
631 read_result
= tor_socket_recv(fd
, CHUNK_WRITE_PTR(chunk
), at_most
, 0);
633 if (read_result
< 0) {
634 int e
= tor_socket_errno(fd
);
635 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
638 log_warn(LD_NET
,"recv() failed: WSAENOBUFS. Not enough ram?");
643 return 0; /* would block. */
644 } else if (read_result
== 0) {
645 log_debug(LD_NET
,"Encountered eof on fd %d", (int)fd
);
648 } else { /* actually got bytes. */
649 buf
->datalen
+= read_result
;
650 chunk
->datalen
+= read_result
;
651 log_debug(LD_NET
,"Read %ld bytes. %d on inbuf.", (long)read_result
,
653 tor_assert(read_result
< INT_MAX
);
654 return (int)read_result
;
658 /** As read_to_chunk(), but return (negative) error code on error, blocking,
659 * or TLS, and the number of bytes read otherwise. */
661 read_to_chunk_tls(buf_t
*buf
, chunk_t
*chunk
, tor_tls_t
*tls
,
666 tor_assert(CHUNK_REMAINING_CAPACITY(chunk
) >= at_most
);
667 read_result
= tor_tls_read(tls
, CHUNK_WRITE_PTR(chunk
), at_most
);
670 buf
->datalen
+= read_result
;
671 chunk
->datalen
+= read_result
;
675 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
676 * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
677 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
678 * error; else return the number of bytes read.
680 /* XXXX024 indicate "read blocked" somehow? */
682 read_to_buf(tor_socket_t s
, size_t at_most
, buf_t
*buf
, int *reached_eof
,
685 /* XXXX024 It's stupid to overload the return values for these functions:
686 * "error status" and "number of bytes read" are not mutually exclusive.
689 size_t total_read
= 0;
692 tor_assert(reached_eof
);
693 tor_assert(SOCKET_OK(s
));
695 while (at_most
> total_read
) {
696 size_t readlen
= at_most
- total_read
;
698 if (!buf
->tail
|| CHUNK_REMAINING_CAPACITY(buf
->tail
) < MIN_READ_LEN
) {
699 chunk
= buf_add_chunk_with_capacity(buf
, at_most
, 1);
700 if (readlen
> chunk
->memlen
)
701 readlen
= chunk
->memlen
;
703 size_t cap
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
709 r
= read_to_chunk(buf
, chunk
, s
, readlen
, reached_eof
, socket_error
);
712 return r
; /* Error */
713 tor_assert(total_read
+r
< INT_MAX
);
715 if ((size_t)r
< readlen
) { /* eof, block, or no more to read. */
719 return (int)total_read
;
722 /** As read_to_buf, but reads from a TLS connection, and returns a TLS
723 * status value rather than the number of bytes read.
725 * Using TLS on OR connections complicates matters in two ways.
727 * First, a TLS stream has its own read buffer independent of the
728 * connection's read buffer. (TLS needs to read an entire frame from
729 * the network before it can decrypt any data. Thus, trying to read 1
730 * byte from TLS can require that several KB be read from the network
731 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
732 * Because the data hasn't been read by Tor (it's still inside the TLS),
733 * this means that sometimes a connection "has stuff to read" even when
734 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
735 * used in connection.c to detect TLS objects with non-empty internal
736 * buffers and read from them again.
738 * Second, the TLS stream's events do not correspond directly to network
739 * events: sometimes, before a TLS stream can read, the network must be
740 * ready to write -- or vice versa.
743 read_to_buf_tls(tor_tls_t
*tls
, size_t at_most
, buf_t
*buf
)
746 size_t total_read
= 0;
748 check_no_tls_errors();
752 while (at_most
> total_read
) {
753 size_t readlen
= at_most
- total_read
;
755 if (!buf
->tail
|| CHUNK_REMAINING_CAPACITY(buf
->tail
) < MIN_READ_LEN
) {
756 chunk
= buf_add_chunk_with_capacity(buf
, at_most
, 1);
757 if (readlen
> chunk
->memlen
)
758 readlen
= chunk
->memlen
;
760 size_t cap
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
766 r
= read_to_chunk_tls(buf
, chunk
, tls
, readlen
);
769 return r
; /* Error */
770 tor_assert(total_read
+r
< INT_MAX
);
772 if ((size_t)r
< readlen
) /* eof, block, or no more to read. */
775 return (int)total_read
;
778 /** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk
779 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
780 * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
781 * written on success, 0 on blocking, -1 on failure.
784 flush_chunk(tor_socket_t s
, buf_t
*buf
, chunk_t
*chunk
, size_t sz
,
785 size_t *buf_flushlen
)
787 ssize_t write_result
;
789 if (sz
> chunk
->datalen
)
791 write_result
= tor_socket_send(s
, chunk
->data
, sz
, 0);
793 if (write_result
< 0) {
794 int e
= tor_socket_errno(s
);
795 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
798 log_warn(LD_NET
,"write() failed: WSAENOBUFS. Not enough ram?");
802 log_debug(LD_NET
,"write() would block, returning.");
805 *buf_flushlen
-= write_result
;
806 buf_remove_from_front(buf
, write_result
);
807 tor_assert(write_result
< INT_MAX
);
808 return (int)write_result
;
812 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk
813 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
814 * more if there is a forced pending write size.) On success, deduct the
815 * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
816 * written on success, and a TOR_TLS error code on failure or blocking.
819 flush_chunk_tls(tor_tls_t
*tls
, buf_t
*buf
, chunk_t
*chunk
,
820 size_t sz
, size_t *buf_flushlen
)
826 forced
= tor_tls_get_forced_write_size(tls
);
831 tor_assert(sz
<= chunk
->datalen
);
836 r
= tor_tls_write(tls
, data
, sz
);
839 if (*buf_flushlen
> (size_t)r
)
843 buf_remove_from_front(buf
, r
);
844 log_debug(LD_NET
,"flushed %d bytes, %d ready to flush, %d remain.",
845 r
,(int)*buf_flushlen
,(int)buf
->datalen
);
849 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
850 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
851 * the number of bytes actually written, and remove the written bytes
852 * from the buffer. Return the number of bytes written on success,
853 * -1 on failure. Return 0 if write() would block.
856 flush_buf(tor_socket_t s
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
858 /* XXXX024 It's stupid to overload the return values for these functions:
859 * "error status" and "number of bytes flushed" are not mutually exclusive.
863 tor_assert(buf_flushlen
);
864 tor_assert(SOCKET_OK(s
));
865 tor_assert(*buf_flushlen
<= buf
->datalen
);
866 tor_assert(sz
<= *buf_flushlen
);
871 tor_assert(buf
->head
);
872 if (buf
->head
->datalen
>= sz
)
875 flushlen0
= buf
->head
->datalen
;
877 r
= flush_chunk(s
, buf
, buf
->head
, flushlen0
, buf_flushlen
);
883 if (r
== 0 || (size_t)r
< flushlen0
) /* can't flush any more now. */
886 tor_assert(flushed
< INT_MAX
);
890 /** As flush_buf(), but writes data to a TLS connection. Can write more than
891 * <b>flushlen</b> bytes.
894 flush_buf_tls(tor_tls_t
*tls
, buf_t
*buf
, size_t flushlen
,
895 size_t *buf_flushlen
)
900 tor_assert(buf_flushlen
);
901 tor_assert(*buf_flushlen
<= buf
->datalen
);
902 tor_assert(flushlen
<= *buf_flushlen
);
903 sz
= (ssize_t
) flushlen
;
905 /* we want to let tls write even if flushlen is zero, because it might
906 * have a partial record pending */
907 check_no_tls_errors();
913 if ((ssize_t
)buf
->head
->datalen
>= sz
)
916 flushlen0
= buf
->head
->datalen
;
921 r
= flush_chunk_tls(tls
, buf
, buf
->head
, flushlen0
, buf_flushlen
);
927 if (r
== 0) /* Can't flush any more now. */
930 tor_assert(flushed
< INT_MAX
);
934 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
937 * Return the new length of the buffer on success, -1 on failure.
940 write_to_buf(const char *string
, size_t string_len
, buf_t
*buf
)
943 return (int)buf
->datalen
;
948 if (!buf
->tail
|| !CHUNK_REMAINING_CAPACITY(buf
->tail
))
949 buf_add_chunk_with_capacity(buf
, string_len
, 1);
951 copy
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
952 if (copy
> string_len
)
954 memcpy(CHUNK_WRITE_PTR(buf
->tail
), string
, copy
);
957 buf
->datalen
+= copy
;
958 buf
->tail
->datalen
+= copy
;
962 tor_assert(buf
->datalen
< INT_MAX
);
963 return (int)buf
->datalen
;
966 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
967 * onto <b>string</b>.
970 peek_from_buf(char *string
, size_t string_len
, const buf_t
*buf
)
975 /* make sure we don't ask for too much */
976 tor_assert(string_len
<= buf
->datalen
);
977 /* assert_buf_ok(buf); */
981 size_t copy
= string_len
;
983 if (chunk
->datalen
< copy
)
984 copy
= chunk
->datalen
;
985 memcpy(string
, chunk
->data
, copy
);
992 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
993 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
994 * must be \<= the number of bytes on the buffer.
997 fetch_from_buf(char *string
, size_t string_len
, buf_t
*buf
)
999 /* There must be string_len bytes in buf; write them onto string,
1000 * then memmove buf back (that is, remove them from buf).
1002 * Return the number of bytes still on the buffer. */
1005 peek_from_buf(string
, string_len
, buf
);
1006 buf_remove_from_front(buf
, string_len
);
1008 tor_assert(buf
->datalen
< INT_MAX
);
1009 return (int)buf
->datalen
;
1012 /** True iff the cell command <b>command</b> is one that implies a
1013 * variable-length cell in Tor link protocol <b>linkproto</b>. */
1015 cell_command_is_var_length(uint8_t command
, int linkproto
)
1017 /* If linkproto is v2 (2), CELL_VERSIONS is the only variable-length cells
1018 * work as implemented here. If it's 1, there are no variable-length cells.
1019 * Tor does not support other versions right now, and so can't negotiate
1022 switch (linkproto
) {
1024 /* Link protocol version 1 has no variable-length cells. */
1027 /* In link protocol version 2, VERSIONS is the only variable-length cell */
1028 return command
== CELL_VERSIONS
;
1032 /* In link protocol version 3 and later, and in version "unknown",
1033 * commands 128 and higher indicate variable-length. VERSIONS is
1034 * grandfathered in. */
1035 return command
== CELL_VERSIONS
|| command
>= 128;
1039 /** Check <b>buf</b> for a variable-length cell according to the rules of link
1040 * protocol version <b>linkproto</b>. If one is found, pull it off the buffer
1041 * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1.
1042 * Return 0 if whatever is on the start of buf_t is not a variable-length
1043 * cell. Return 1 and set *<b>out</b> to NULL if there seems to be the start
1044 * of a variable-length cell on <b>buf</b>, but the whole thing isn't there
1047 fetch_var_cell_from_buf(buf_t
*buf
, var_cell_t
**out
, int linkproto
)
1049 char hdr
[VAR_CELL_HEADER_SIZE
];
1055 if (buf
->datalen
< VAR_CELL_HEADER_SIZE
)
1057 peek_from_buf(hdr
, sizeof(hdr
), buf
);
1059 command
= get_uint8(hdr
+2);
1060 if (!(cell_command_is_var_length(command
, linkproto
)))
1063 length
= ntohs(get_uint16(hdr
+3));
1064 if (buf
->datalen
< (size_t)(VAR_CELL_HEADER_SIZE
+length
))
1066 result
= var_cell_new(length
);
1067 result
->command
= command
;
1068 result
->circ_id
= ntohs(get_uint16(hdr
));
1070 buf_remove_from_front(buf
, VAR_CELL_HEADER_SIZE
);
1071 peek_from_buf((char*) result
->payload
, length
, buf
);
1072 buf_remove_from_front(buf
, length
);
1079 #ifdef USE_BUFFEREVENTS
1080 /** Try to read <b>n</b> bytes from <b>buf</b> at <b>pos</b> (which may be
1081 * NULL for the start of the buffer), copying the data only if necessary. Set
1082 * *<b>data_out</b> to a pointer to the desired bytes. Set <b>free_out</b>
1083 * to 1 if we needed to malloc *<b>data</b> because the original bytes were
1084 * noncontiguous; 0 otherwise. Return the number of bytes actually available
1085 * at *<b>data_out</b>.
1088 inspect_evbuffer(struct evbuffer
*buf
, char **data_out
, size_t n
,
1089 int *free_out
, struct evbuffer_ptr
*pos
)
1093 if (evbuffer_get_length(buf
) < n
)
1094 n
= evbuffer_get_length(buf
);
1097 n_vecs
= evbuffer_peek(buf
, n
, pos
, NULL
, 0);
1098 tor_assert(n_vecs
> 0);
1100 struct evbuffer_iovec v
;
1101 i
= evbuffer_peek(buf
, n
, pos
, &v
, 1);
1103 *data_out
= v
.iov_base
;
1108 *data_out
= tor_malloc(n
);
1110 copied
= evbuffer_copyout(buf
, *data_out
, n
);
1111 tor_assert(copied
>= 0 && (size_t)copied
== n
);
1116 /** As fetch_var_cell_from_buf, buf works on an evbuffer. */
1118 fetch_var_cell_from_evbuffer(struct evbuffer
*buf
, var_cell_t
**out
,
1126 uint16_t cell_length
;
1131 buf_len
= evbuffer_get_length(buf
);
1132 if (buf_len
< VAR_CELL_HEADER_SIZE
)
1135 n
= inspect_evbuffer(buf
, &hdr
, VAR_CELL_HEADER_SIZE
, &free_hdr
, NULL
);
1136 tor_assert(n
>= VAR_CELL_HEADER_SIZE
);
1138 command
= get_uint8(hdr
+2);
1139 if (!(cell_command_is_var_length(command
, linkproto
))) {
1143 cell_length
= ntohs(get_uint16(hdr
+3));
1144 if (buf_len
< (size_t)(VAR_CELL_HEADER_SIZE
+cell_length
)) {
1145 result
= 1; /* Not all here yet. */
1149 cell
= var_cell_new(cell_length
);
1150 cell
->command
= command
;
1151 cell
->circ_id
= ntohs(get_uint16(hdr
));
1152 evbuffer_drain(buf
, VAR_CELL_HEADER_SIZE
);
1153 evbuffer_remove(buf
, cell
->payload
, cell_length
);
1158 if (free_hdr
&& hdr
)
1164 /** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
1165 * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
1166 * Return the number of bytes actually copied.
1169 move_buf_to_buf(buf_t
*buf_out
, buf_t
*buf_in
, size_t *buf_flushlen
)
1171 /* We can do way better here, but this doesn't turn up in any profiles. */
1174 len
= *buf_flushlen
;
1175 if (len
> buf_in
->datalen
)
1176 len
= buf_in
->datalen
;
1178 cp
= len
; /* Remember the number of bytes we intend to copy. */
1179 tor_assert(cp
< INT_MAX
);
1181 /* This isn't the most efficient implementation one could imagine, since
1182 * it does two copies instead of 1, but I kinda doubt that this will be
1184 size_t n
= len
> sizeof(b
) ? sizeof(b
) : len
;
1185 fetch_from_buf(b
, n
, buf_in
);
1186 write_to_buf(b
, n
, buf_out
);
1189 *buf_flushlen
-= cp
;
1193 /** Internal structure: represents a position in a buffer. */
1194 typedef struct buf_pos_t
{
1195 const chunk_t
*chunk
; /**< Which chunk are we pointing to? */
1196 int pos
;/**< Which character inside the chunk's data are we pointing to? */
1197 size_t chunk_pos
; /**< Total length of all previous chunks. */
1200 /** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
1202 buf_pos_init(const buf_t
*buf
, buf_pos_t
*out
)
1204 out
->chunk
= buf
->head
;
1209 /** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
1210 * position of <b>out</b>, or later. Return -1 if no instances are found;
1211 * otherwise returns the absolute position of the character. */
1213 buf_find_pos_of_char(char ch
, buf_pos_t
*out
)
1215 const chunk_t
*chunk
;
1219 if (out
->chunk
->datalen
) {
1220 tor_assert(out
->pos
< (off_t
)out
->chunk
->datalen
);
1222 tor_assert(out
->pos
== 0);
1226 for (chunk
= out
->chunk
; chunk
; chunk
= chunk
->next
) {
1227 char *cp
= memchr(chunk
->data
+pos
, ch
, chunk
->datalen
- pos
);
1230 tor_assert(cp
- chunk
->data
< INT_MAX
);
1231 out
->pos
= (int)(cp
- chunk
->data
);
1232 return out
->chunk_pos
+ out
->pos
;
1234 out
->chunk_pos
+= chunk
->datalen
;
1241 /** Advance <b>pos</b> by a single character, if there are any more characters
1242 * in the buffer. Returns 0 on success, -1 on failure. */
1244 buf_pos_inc(buf_pos_t
*pos
)
1247 if (pos
->pos
== (off_t
)pos
->chunk
->datalen
) {
1248 if (!pos
->chunk
->next
)
1250 pos
->chunk_pos
+= pos
->chunk
->datalen
;
1251 pos
->chunk
= pos
->chunk
->next
;
1257 /** Return true iff the <b>n</b>-character string in <b>s</b> appears
1258 * (verbatim) at <b>pos</b>. */
1260 buf_matches_at_pos(const buf_pos_t
*pos
, const char *s
, size_t n
)
1266 memcpy(&p
, pos
, sizeof(p
));
1269 char ch
= p
.chunk
->data
[p
.pos
];
1273 /* If we're out of characters that don't match, we match. Check this
1274 * _before_ we test incrementing pos, in case we're at the end of the
1278 if (buf_pos_inc(&p
)<0)
1283 /** Return the first position in <b>buf</b> at which the <b>n</b>-character
1284 * string <b>s</b> occurs, or -1 if it does not occur. */
1286 buf_find_string_offset(const buf_t
*buf
, const char *s
, size_t n
)
1289 buf_pos_init(buf
, &pos
);
1290 while (buf_find_pos_of_char(*s
, &pos
) >= 0) {
1291 if (buf_matches_at_pos(&pos
, s
, n
)) {
1292 tor_assert(pos
.chunk_pos
+ pos
.pos
< INT_MAX
);
1293 return (int)(pos
.chunk_pos
+ pos
.pos
);
1295 if (buf_pos_inc(&pos
)<0)
1302 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
1303 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
1304 * If a) the headers include a Content-Length field and all bytes in
1305 * the body are present, or b) there's no Content-Length field and
1306 * all headers are present, then:
1308 * - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
1309 * - memdup body into <b>*body_out</b>, and NUL-terminate it.
1310 * - Then remove them from <b>buf</b>, and return 1.
1312 * - If headers or body is NULL, discard that part of the buf.
1313 * - If a headers or body doesn't fit in the arg, return -1.
1314 * (We ensure that the headers or body don't exceed max len,
1315 * _even if_ we're planning to discard them.)
1316 * - If force_complete is true, then succeed even if not all of the
1317 * content has arrived.
1319 * Else, change nothing and return 0.
1322 fetch_from_buf_http(buf_t
*buf
,
1323 char **headers_out
, size_t max_headerlen
,
1324 char **body_out
, size_t *body_used
, size_t max_bodylen
,
1328 size_t headerlen
, bodylen
, contentlen
;
1335 crlf_offset
= buf_find_string_offset(buf
, "\r\n\r\n", 4);
1336 if (crlf_offset
> (int)max_headerlen
||
1337 (crlf_offset
< 0 && buf
->datalen
> max_headerlen
)) {
1338 log_debug(LD_HTTP
,"headers too long.");
1340 } else if (crlf_offset
< 0) {
1341 log_debug(LD_HTTP
,"headers not all here yet.");
1344 /* Okay, we have a full header. Make sure it all appears in the first
1346 if ((int)buf
->head
->datalen
< crlf_offset
+ 4)
1347 buf_pullup(buf
, crlf_offset
+4, 0);
1348 headerlen
= crlf_offset
+ 4;
1350 headers
= buf
->head
->data
;
1351 bodylen
= buf
->datalen
- headerlen
;
1352 log_debug(LD_HTTP
,"headerlen %d, bodylen %d.", (int)headerlen
, (int)bodylen
);
1354 if (max_headerlen
<= headerlen
) {
1355 log_warn(LD_HTTP
,"headerlen %d larger than %d. Failing.",
1356 (int)headerlen
, (int)max_headerlen
-1);
1359 if (max_bodylen
<= bodylen
) {
1360 log_warn(LD_HTTP
,"bodylen %d larger than %d. Failing.",
1361 (int)bodylen
, (int)max_bodylen
-1);
1365 #define CONTENT_LENGTH "\r\nContent-Length: "
1366 p
= (char*) tor_memstr(headers
, headerlen
, CONTENT_LENGTH
);
1369 i
= atoi(p
+strlen(CONTENT_LENGTH
));
1371 log_warn(LD_PROTOCOL
, "Content-Length is less than zero; it looks like "
1372 "someone is trying to crash us.");
1376 /* if content-length is malformed, then our body length is 0. fine. */
1377 log_debug(LD_HTTP
,"Got a contentlen of %d.",(int)contentlen
);
1378 if (bodylen
< contentlen
) {
1379 if (!force_complete
) {
1380 log_debug(LD_HTTP
,"body not all here yet.");
1381 return 0; /* not all there yet */
1384 if (bodylen
> contentlen
) {
1385 bodylen
= contentlen
;
1386 log_debug(LD_HTTP
,"bodylen reduced to %d.",(int)bodylen
);
1389 /* all happy. copy into the appropriate places, and return 1 */
1391 *headers_out
= tor_malloc(headerlen
+1);
1392 fetch_from_buf(*headers_out
, headerlen
, buf
);
1393 (*headers_out
)[headerlen
] = 0; /* NUL terminate it */
1396 tor_assert(body_used
);
1397 *body_used
= bodylen
;
1398 *body_out
= tor_malloc(bodylen
+1);
1399 fetch_from_buf(*body_out
, bodylen
, buf
);
1400 (*body_out
)[bodylen
] = 0; /* NUL terminate it */
1406 #ifdef USE_BUFFEREVENTS
1407 /** As fetch_from_buf_http, buf works on an evbuffer. */
1409 fetch_from_evbuffer_http(struct evbuffer
*buf
,
1410 char **headers_out
, size_t max_headerlen
,
1411 char **body_out
, size_t *body_used
, size_t max_bodylen
,
1414 struct evbuffer_ptr crlf
, content_length
;
1415 size_t headerlen
, bodylen
, contentlen
;
1417 /* Find the first \r\n\r\n in the buffer */
1418 crlf
= evbuffer_search(buf
, "\r\n\r\n", 4, NULL
);
1420 /* We didn't find one. */
1421 if (evbuffer_get_length(buf
) > max_headerlen
)
1422 return -1; /* Headers too long. */
1423 return 0; /* Headers not here yet. */
1424 } else if (crlf
.pos
> (int)max_headerlen
) {
1425 return -1; /* Headers too long. */
1428 headerlen
= crlf
.pos
+ 4; /* Skip over the \r\n\r\n */
1429 bodylen
= evbuffer_get_length(buf
) - headerlen
;
1430 if (bodylen
> max_bodylen
)
1431 return -1; /* body too long */
1433 /* Look for the first occurrence of CONTENT_LENGTH insize buf before the
1435 content_length
= evbuffer_search_range(buf
, CONTENT_LENGTH
,
1436 strlen(CONTENT_LENGTH
), NULL
, &crlf
);
1438 if (content_length
.pos
>= 0) {
1439 /* We found a content_length: parse it and figure out if the body is here
1441 struct evbuffer_ptr eol
;
1445 n
= evbuffer_ptr_set(buf
, &content_length
, strlen(CONTENT_LENGTH
),
1448 eol
= evbuffer_search_eol(buf
, &content_length
, NULL
, EVBUFFER_EOL_CRLF
);
1449 tor_assert(eol
.pos
> content_length
.pos
);
1450 tor_assert(eol
.pos
<= crlf
.pos
);
1451 inspect_evbuffer(buf
, &data
, eol
.pos
- content_length
.pos
, &free_data
,
1458 log_warn(LD_PROTOCOL
, "Content-Length is less than zero; it looks like "
1459 "someone is trying to crash us.");
1463 /* if content-length is malformed, then our body length is 0. fine. */
1464 log_debug(LD_HTTP
,"Got a contentlen of %d.",(int)contentlen
);
1465 if (bodylen
< contentlen
) {
1466 if (!force_complete
) {
1467 log_debug(LD_HTTP
,"body not all here yet.");
1468 return 0; /* not all there yet */
1471 if (bodylen
> contentlen
) {
1472 bodylen
= contentlen
;
1473 log_debug(LD_HTTP
,"bodylen reduced to %d.",(int)bodylen
);
1478 *headers_out
= tor_malloc(headerlen
+1);
1479 evbuffer_remove(buf
, *headers_out
, headerlen
);
1480 (*headers_out
)[headerlen
] = '\0';
1483 tor_assert(headers_out
);
1484 tor_assert(body_used
);
1485 *body_used
= bodylen
;
1486 *body_out
= tor_malloc(bodylen
+1);
1487 evbuffer_remove(buf
, *body_out
, bodylen
);
1488 (*body_out
)[bodylen
] = '\0';
1495 * Wait this many seconds before warning the user about using SOCKS unsafely
1496 * again (requires that WarnUnsafeSocks is turned on). */
1497 #define SOCKS_WARN_INTERVAL 5
1499 /** Warn that the user application has made an unsafe socks request using
1500 * protocol <b>socks_protocol</b> on port <b>port</b>. Don't warn more than
1501 * once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */
1503 log_unsafe_socks_warning(int socks_protocol
, const char *address
,
1504 uint16_t port
, int safe_socks
)
1506 static ratelim_t socks_ratelim
= RATELIM_INIT(SOCKS_WARN_INTERVAL
);
1508 const or_options_t
*options
= get_options();
1510 if (! options
->WarnUnsafeSocks
)
1512 if (safe_socks
|| (m
= rate_limit_log(&socks_ratelim
, approx_time()))) {
1514 "Your application (using socks%d to port %d) is giving "
1515 "Tor only an IP address. Applications that do DNS resolves "
1516 "themselves may leak information. Consider using Socks4A "
1517 "(e.g. via privoxy or socat) instead. For more information, "
1518 "please see https://wiki.torproject.org/TheOnionRouter/"
1519 "TorFAQ#SOCKSAndDNS.%s%s",
1522 safe_socks
? " Rejecting." : "",
1526 control_event_client_status(LOG_WARN
,
1527 "DANGEROUS_SOCKS PROTOCOL=SOCKS%d ADDRESS=%s:%d",
1528 socks_protocol
, address
, (int)port
);
1531 /** Do not attempt to parse socks messages longer than this. This value is
1532 * actually significantly higher than the longest possible socks message. */
1533 #define MAX_SOCKS_MESSAGE_LEN 512
1535 /** Return a new socks_request_t. */
1537 socks_request_new(void)
1539 return tor_malloc_zero(sizeof(socks_request_t
));
1542 /** Free all storage held in the socks_request_t <b>req</b>. */
1544 socks_request_free(socks_request_t
*req
)
1548 if (req
->username
) {
1549 memset(req
->username
, 0x10, req
->usernamelen
);
1550 tor_free(req
->username
);
1552 if (req
->password
) {
1553 memset(req
->password
, 0x04, req
->passwordlen
);
1554 tor_free(req
->password
);
1556 memset(req
, 0xCC, sizeof(socks_request_t
));
1560 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
1562 * - socks4: "socksheader username\\0"
1563 * - socks4a: "socksheader username\\0 destaddr\\0"
1564 * - socks5 phase one: "version #methods methods"
1565 * - socks5 phase two: "version command 0 addresstype..."
1566 * If it's a complete and valid handshake, and destaddr fits in
1567 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
1568 * assign to <b>req</b>, and return 1.
1570 * If it's invalid or too big, return -1.
1572 * Else it's not all there yet, leave buf alone and return 0.
1574 * If you want to specify the socks reply, write it into <b>req->reply</b>
1575 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
1577 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
1578 * the connection is possibly leaking DNS requests locally or not.
1580 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
1582 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
1586 fetch_from_buf_socks(buf_t
*buf
, socks_request_t
*req
,
1587 int log_sockstype
, int safe_socks
)
1591 size_t want_length
= 128;
1593 if (buf
->datalen
< 2) /* version and another byte */
1598 buf_pullup(buf
, want_length
, 0);
1599 tor_assert(buf
->head
&& buf
->head
->datalen
>= 2);
1602 res
= parse_socks(buf
->head
->data
, buf
->head
->datalen
, req
, log_sockstype
,
1603 safe_socks
, &n_drain
, &want_length
);
1607 else if (n_drain
> 0)
1608 buf_remove_from_front(buf
, n_drain
);
1610 } while (res
== 0 && buf
->head
&& want_length
< buf
->datalen
&&
1616 #ifdef USE_BUFFEREVENTS
1617 /* As fetch_from_buf_socks(), but targets an evbuffer instead. */
1619 fetch_from_evbuffer_socks(struct evbuffer
*buf
, socks_request_t
*req
,
1620 int log_sockstype
, int safe_socks
)
1624 size_t datalen
, buflen
, want_length
;
1627 buflen
= evbuffer_get_length(buf
);
1632 /* See if we can find the socks request in the first chunk of the buffer.
1634 struct evbuffer_iovec v
;
1637 i
= evbuffer_peek(buf
, -1, NULL
, &v
, 1);
1640 datalen
= v
.iov_len
;
1643 res
= parse_socks(data
, datalen
, req
, log_sockstype
,
1644 safe_socks
, &n_drain
, &want_length
);
1647 evbuffer_drain(buf
, evbuffer_get_length(buf
));
1648 else if (n_drain
> 0)
1649 evbuffer_drain(buf
, n_drain
);
1655 /* Okay, the first chunk of the buffer didn't have a complete socks request.
1656 * That means that either we don't have a whole socks request at all, or
1657 * it's gotten split up. We're going to try passing parse_socks() bigger
1658 * and bigger chunks until either it says "Okay, I got it", or it says it
1659 * will need more data than we currently have. */
1661 /* Loop while we have more data that we haven't given parse_socks() yet. */
1664 const size_t last_wanted
= want_length
;
1667 datalen
= inspect_evbuffer(buf
, &data
, want_length
, &free_data
, NULL
);
1670 res
= parse_socks(data
, datalen
, req
, log_sockstype
,
1671 safe_socks
, &n_drain
, &want_length
);
1677 evbuffer_drain(buf
, evbuffer_get_length(buf
));
1678 else if (n_drain
> 0)
1679 evbuffer_drain(buf
, n_drain
);
1681 if (res
== 0 && n_drain
== 0 && want_length
<= last_wanted
) {
1682 /* If we drained nothing, and we didn't ask for more than last time,
1683 * then we probably wanted more data than the buffer actually had,
1684 * and we're finding out that we're not satisified with it. It's
1685 * time to break until we have more data. */
1689 buflen
= evbuffer_get_length(buf
);
1690 } while (res
== 0 && want_length
<= buflen
&& buflen
>= 2);
1696 /** Implementation helper to implement fetch_from_*_socks. Instead of looking
1697 * at a buffer's contents, we look at the <b>datalen</b> bytes of data in
1698 * <b>data</b>. Instead of removing data from the buffer, we set
1699 * <b>drain_out</b> to the amount of data that should be removed (or -1 if the
1700 * buffer should be cleared). Instead of pulling more data into the first
1701 * chunk of the buffer, we set *<b>want_length_out</b> to the number of bytes
1702 * we'd like to see in the input buffer, if they're available. */
1704 parse_socks(const char *data
, size_t datalen
, socks_request_t
*req
,
1705 int log_sockstype
, int safe_socks
, ssize_t
*drain_out
,
1706 size_t *want_length_out
)
1709 char tmpbuf
[TOR_ADDR_BUF_LEN
+1];
1710 tor_addr_t destaddr
;
1713 char *next
, *startaddr
;
1714 unsigned char usernamelen
, passlen
;
1718 /* We always need at least 2 bytes. */
1719 *want_length_out
= 2;
1723 if (req
->socks_version
== 5 && !req
->got_auth
) {
1724 /* See if we have received authentication. Strictly speaking, we should
1725 also check whether we actually negotiated username/password
1726 authentication. But some broken clients will send us authentication
1727 even if we negotiated SOCKS_NO_AUTH. */
1728 if (*data
== 1) { /* username/pass version 1 */
1729 /* Format is: authversion [1 byte] == 1
1730 usernamelen [1 byte]
1731 username [usernamelen bytes]
1733 password [passlen bytes] */
1734 usernamelen
= (unsigned char)*(data
+ 1);
1735 if (datalen
< 2u + usernamelen
+ 1u) {
1736 *want_length_out
= 2u + usernamelen
+ 1u;
1739 passlen
= (unsigned char)*(data
+ 2u + usernamelen
);
1740 if (datalen
< 2u + usernamelen
+ 1u + passlen
) {
1741 *want_length_out
= 2u + usernamelen
+ 1u + passlen
;
1744 req
->replylen
= 2; /* 2 bytes of response */
1746 req
->reply
[1] = 0; /* authentication successful */
1748 "socks5: Accepted username/password without checking.");
1750 req
->username
= tor_memdup(data
+2u, usernamelen
);
1751 req
->usernamelen
= usernamelen
;
1754 req
->password
= tor_memdup(data
+3u+usernamelen
, passlen
);
1755 req
->passwordlen
= passlen
;
1757 *drain_out
= 2u + usernamelen
+ 1u + passlen
;
1759 *want_length_out
= 7; /* Minimal socks5 sommand. */
1761 } else if (req
->auth_type
== SOCKS_USER_PASS
) {
1762 /* unknown version byte */
1763 log_warn(LD_APP
, "Socks5 username/password version %d not recognized; "
1764 "rejecting.", (int)*data
);
1771 switch (socksver
) { /* which version of socks? */
1772 case 5: /* socks5 */
1774 if (req
->socks_version
!= 5) { /* we need to negotiate a method */
1775 unsigned char nummethods
= (unsigned char)*(data
+1);
1777 tor_assert(!req
->socks_version
);
1778 if (datalen
< 2u+nummethods
) {
1779 *want_length_out
= 2u+nummethods
;
1784 req
->replylen
= 2; /* 2 bytes of response */
1785 req
->reply
[0] = 5; /* socks5 reply */
1786 if (memchr(data
+2, SOCKS_NO_AUTH
, nummethods
)) {
1787 req
->reply
[1] = SOCKS_NO_AUTH
; /* tell client to use "none" auth
1789 req
->socks_version
= 5; /* remember we've already negotiated auth */
1790 log_debug(LD_APP
,"socks5: accepted method 0 (no authentication)");
1792 } else if (memchr(data
+2, SOCKS_USER_PASS
, nummethods
)) {
1793 req
->auth_type
= SOCKS_USER_PASS
;
1794 req
->reply
[1] = SOCKS_USER_PASS
; /* tell client to use "user/pass"
1796 req
->socks_version
= 5; /* remember we've already negotiated auth */
1797 log_debug(LD_APP
,"socks5: accepted method 2 (username/password)");
1801 "socks5: offered methods don't include 'no auth' or "
1802 "username/password. Rejecting.");
1803 req
->reply
[1] = '\xFF'; /* reject all methods */
1806 /* Remove packet from buf. Some SOCKS clients will have sent extra
1807 * junk at this point; let's hope it's an authentication message. */
1808 *drain_out
= 2u + nummethods
;
1812 if (req
->auth_type
!= SOCKS_NO_AUTH
&& !req
->got_auth
) {
1814 "socks5: negotiated authentication, but none provided");
1817 /* we know the method; read in the request */
1818 log_debug(LD_APP
,"socks5: checking request");
1819 if (datalen
< 7) {/* basic info plus >=1 for addr plus 2 for port */
1820 *want_length_out
= 7;
1821 return 0; /* not yet */
1823 req
->command
= (unsigned char) *(data
+1);
1824 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
1825 req
->command
!= SOCKS_COMMAND_RESOLVE
&&
1826 req
->command
!= SOCKS_COMMAND_RESOLVE_PTR
) {
1827 /* not a connect or resolve or a resolve_ptr? we don't support it. */
1828 log_warn(LD_APP
,"socks5: command %d not recognized. Rejecting.",
1832 switch (*(data
+3)) { /* address type */
1833 case 1: /* IPv4 address */
1834 case 4: /* IPv6 address */ {
1835 const int is_v6
= *(data
+3) == 4;
1836 const unsigned addrlen
= is_v6
? 16 : 4;
1837 log_debug(LD_APP
,"socks5: ipv4 address type");
1838 if (datalen
< 6+addrlen
) {/* ip/port there? */
1839 *want_length_out
= 6+addrlen
;
1840 return 0; /* not yet */
1844 tor_addr_from_ipv6_bytes(&destaddr
, data
+4);
1846 tor_addr_from_ipv4n(&destaddr
, get_uint32(data
+4));
1848 tor_addr_to_str(tmpbuf
, &destaddr
, sizeof(tmpbuf
), 1);
1850 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
1852 "socks5 IP takes %d bytes, which doesn't fit in %d. "
1854 (int)strlen(tmpbuf
)+1,(int)MAX_SOCKS_ADDR_LEN
);
1857 strlcpy(req
->address
,tmpbuf
,sizeof(req
->address
));
1858 req
->port
= ntohs(get_uint16(data
+4+addrlen
));
1859 *drain_out
= 6+addrlen
;
1860 if (req
->command
!= SOCKS_COMMAND_RESOLVE_PTR
&&
1861 !addressmap_have_mapping(req
->address
,0)) {
1862 log_unsafe_socks_warning(5, req
->address
, req
->port
, safe_socks
);
1869 log_debug(LD_APP
,"socks5: fqdn address type");
1870 if (req
->command
== SOCKS_COMMAND_RESOLVE_PTR
) {
1871 log_warn(LD_APP
, "socks5 received RESOLVE_PTR command with "
1872 "hostname type. Rejecting.");
1875 len
= (unsigned char)*(data
+4);
1876 if (datalen
< 7+len
) { /* addr/port there? */
1877 *want_length_out
= 7+len
;
1878 return 0; /* not yet */
1880 if (len
+1 > MAX_SOCKS_ADDR_LEN
) {
1882 "socks5 hostname is %d bytes, which doesn't fit in "
1883 "%d. Rejecting.", len
+1,MAX_SOCKS_ADDR_LEN
);
1886 memcpy(req
->address
,data
+5,len
);
1887 req
->address
[len
] = 0;
1888 req
->port
= ntohs(get_uint16(data
+5+len
));
1889 *drain_out
= 5+len
+2;
1890 if (!tor_strisprint(req
->address
) || strchr(req
->address
,'\"')) {
1891 log_warn(LD_PROTOCOL
,
1892 "Your application (using socks5 to port %d) gave Tor "
1893 "a malformed hostname: %s. Rejecting the connection.",
1894 req
->port
, escaped(req
->address
));
1899 "Your application (using socks5 to port %d) instructed "
1900 "Tor to take care of the DNS resolution itself if "
1901 "necessary. This is good.", req
->port
);
1903 default: /* unsupported */
1904 log_warn(LD_APP
,"socks5: unsupported address type %d. Rejecting.",
1909 case 4: { /* socks4 */
1910 enum {socks4
, socks4a
} socks4_prot
= socks4a
;
1911 const char *authstart
, *authend
;
1912 /* http://ss5.sourceforge.net/socks4.protocol.txt */
1913 /* http://ss5.sourceforge.net/socks4A.protocol.txt */
1915 req
->socks_version
= 4;
1916 if (datalen
< SOCKS4_NETWORK_LEN
) {/* basic info available? */
1917 *want_length_out
= SOCKS4_NETWORK_LEN
;
1918 return 0; /* not yet */
1920 // buf_pullup(buf, 1280, 0);
1921 req
->command
= (unsigned char) *(data
+1);
1922 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
1923 req
->command
!= SOCKS_COMMAND_RESOLVE
) {
1924 /* not a connect or resolve? we don't support it. (No resolve_ptr with
1926 log_warn(LD_APP
,"socks4: command %d not recognized. Rejecting.",
1931 req
->port
= ntohs(get_uint16(data
+2));
1932 destip
= ntohl(get_uint32(data
+4));
1933 if ((!req
->port
&& req
->command
!=SOCKS_COMMAND_RESOLVE
) || !destip
) {
1934 log_warn(LD_APP
,"socks4: Port or DestIP is zero. Rejecting.");
1938 log_debug(LD_APP
,"socks4: destip not in form 0.0.0.x.");
1939 in
.s_addr
= htonl(destip
);
1940 tor_inet_ntoa(&in
,tmpbuf
,sizeof(tmpbuf
));
1941 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
1942 log_debug(LD_APP
,"socks4 addr (%d bytes) too long. Rejecting.",
1943 (int)strlen(tmpbuf
));
1947 "socks4: successfully read destip (%s)",
1948 safe_str_client(tmpbuf
));
1949 socks4_prot
= socks4
;
1952 authstart
= data
+ SOCKS4_NETWORK_LEN
;
1953 next
= memchr(authstart
, 0,
1954 datalen
-SOCKS4_NETWORK_LEN
);
1956 if (datalen
>= 1024) {
1957 log_debug(LD_APP
, "Socks4 user name too long; rejecting.");
1960 log_debug(LD_APP
,"socks4: Username not here yet.");
1961 *want_length_out
= datalen
+1024; /* More than we need, but safe */
1965 tor_assert(next
< data
+datalen
);
1968 if (socks4_prot
!= socks4a
&&
1969 !addressmap_have_mapping(tmpbuf
,0)) {
1970 log_unsafe_socks_warning(4, tmpbuf
, req
->port
, safe_socks
);
1975 if (socks4_prot
== socks4a
) {
1976 if (next
+1 == data
+datalen
) {
1977 log_debug(LD_APP
,"socks4: No part of destaddr here yet.");
1978 *want_length_out
= datalen
+ 1024; /* More than we need, but safe */
1982 next
= memchr(startaddr
, 0, data
+ datalen
- startaddr
);
1984 if (datalen
>= 1024) {
1985 log_debug(LD_APP
,"socks4: Destaddr too long.");
1988 log_debug(LD_APP
,"socks4: Destaddr not all here yet.");
1989 *want_length_out
= datalen
+ 1024; /* More than we need, but safe */
1992 if (MAX_SOCKS_ADDR_LEN
<= next
-startaddr
) {
1993 log_warn(LD_APP
,"socks4: Destaddr too long. Rejecting.");
1996 // tor_assert(next < buf->cur+buf->datalen);
2000 "Your application (using socks4a to port %d) instructed "
2001 "Tor to take care of the DNS resolution itself if "
2002 "necessary. This is good.", req
->port
);
2004 log_debug(LD_APP
,"socks4: Everything is here. Success.");
2005 strlcpy(req
->address
, startaddr
? startaddr
: tmpbuf
,
2006 sizeof(req
->address
));
2007 if (!tor_strisprint(req
->address
) || strchr(req
->address
,'\"')) {
2008 log_warn(LD_PROTOCOL
,
2009 "Your application (using socks4 to port %d) gave Tor "
2010 "a malformed hostname: %s. Rejecting the connection.",
2011 req
->port
, escaped(req
->address
));
2014 if (authend
!= authstart
) {
2016 req
->usernamelen
= authend
- authstart
;
2017 req
->username
= tor_memdup(authstart
, authend
- authstart
);
2019 /* next points to the final \0 on inbuf */
2020 *drain_out
= next
- data
+ 1;
2024 case 'H': /* head */
2025 case 'P': /* put/post */
2026 case 'C': /* connect */
2027 strlcpy((char*)req
->reply
,
2028 "HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
2029 "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
2032 "<title>Tor is not an HTTP Proxy</title>\n"
2035 "<h1>Tor is not an HTTP Proxy</h1>\n"
2037 "It appears you have configured your web browser to use Tor as an HTTP proxy."
2039 "This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.\n"
2040 "Please configure your client accordingly.\n"
2043 "See <a href=\"https://www.torproject.org/documentation.html\">"
2044 "https://www.torproject.org/documentation.html</a> for more "
2046 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
2047 " IE will be willing to display it. Comment comment comment comment "
2048 " comment comment comment comment comment comment comment comment.-->\n"
2052 , MAX_SOCKS_REPLY_LEN
);
2053 req
->replylen
= strlen((char*)req
->reply
)+1;
2055 default: /* version is not socks4 or socks5 */
2057 "Socks version %d not recognized. (Tor is not an http proxy.)",
2060 /* Tell the controller the first 8 bytes. */
2061 char *tmp
= tor_strndup(data
, datalen
< 8 ? datalen
: 8);
2062 control_event_client_status(LOG_WARN
,
2063 "SOCKS_UNKNOWN_PROTOCOL DATA=\"%s\"",
2071 /** Inspect a reply from SOCKS server stored in <b>buf</b> according
2072 * to <b>state</b>, removing the protocol data upon success. Return 0 on
2073 * incomplete response, 1 on success and -1 on error, in which case
2074 * <b>reason</b> is set to a descriptive message (free() when finished
2077 * As a special case, 2 is returned when user/pass is required
2078 * during SOCKS5 handshake and user/pass is configured.
2081 fetch_from_buf_socks_client(buf_t
*buf
, int state
, char **reason
)
2085 if (buf
->datalen
< 2)
2088 buf_pullup(buf
, MAX_SOCKS_MESSAGE_LEN
, 0);
2089 tor_assert(buf
->head
&& buf
->head
->datalen
>= 2);
2091 r
= parse_socks_client((uint8_t*)buf
->head
->data
, buf
->head
->datalen
,
2092 state
, reason
, &drain
);
2094 buf_remove_from_front(buf
, drain
);
2101 #ifdef USE_BUFFEREVENTS
2102 /** As fetch_from_buf_socks_client, buf works on an evbuffer */
2104 fetch_from_evbuffer_socks_client(struct evbuffer
*buf
, int state
,
2112 /* Linearize the SOCKS response in the buffer, up to 128 bytes.
2113 * (parse_socks_client shouldn't need to see anything beyond that.) */
2114 datalen
= evbuffer_get_length(buf
);
2115 if (datalen
> MAX_SOCKS_MESSAGE_LEN
)
2116 datalen
= MAX_SOCKS_MESSAGE_LEN
;
2117 data
= evbuffer_pullup(buf
, datalen
);
2119 r
= parse_socks_client(data
, datalen
, state
, reason
, &drain
);
2121 evbuffer_drain(buf
, drain
);
2123 evbuffer_drain(buf
, evbuffer_get_length(buf
));
2129 /** Implementation logic for fetch_from_*_socks_client. */
2131 parse_socks_client(const uint8_t *data
, size_t datalen
,
2132 int state
, char **reason
,
2135 unsigned int addrlen
;
2141 case PROXY_SOCKS4_WANT_CONNECT_OK
:
2142 /* Wait for the complete response */
2146 if (data
[1] != 0x5a) {
2147 *reason
= tor_strdup(socks4_response_code_to_string(data
[1]));
2155 case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE
:
2156 /* we don't have any credentials */
2157 if (data
[1] != 0x00) {
2158 *reason
= tor_strdup("server doesn't support any of our "
2159 "available authentication methods");
2163 log_info(LD_NET
, "SOCKS 5 client: continuing without authentication");
2167 case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929
:
2168 /* we have a username and password. return 1 if we can proceed without
2169 * providing authentication, or 2 otherwise. */
2172 log_info(LD_NET
, "SOCKS 5 client: we have auth details but server "
2173 "doesn't require authentication.");
2177 log_info(LD_NET
, "SOCKS 5 client: need authentication.");
2183 *reason
= tor_strdup("server doesn't support any of our available "
2184 "authentication methods");
2187 case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK
:
2188 /* handle server reply to rfc1929 authentication */
2189 if (data
[1] != 0x00) {
2190 *reason
= tor_strdup("authentication failed");
2194 log_info(LD_NET
, "SOCKS 5 client: authentication successful.");
2198 case PROXY_SOCKS5_WANT_CONNECT_OK
:
2199 /* response is variable length. BND.ADDR, etc, isn't needed
2200 * (don't bother with buf_pullup()), but make sure to eat all
2203 /* wait for address type field to arrive */
2208 case 0x01: /* ip4 */
2211 case 0x04: /* ip6 */
2214 case 0x03: /* fqdn (can this happen here?) */
2217 addrlen
= 1 + data
[4];
2220 *reason
= tor_strdup("invalid response to connect request");
2224 /* wait for address and port */
2225 if (datalen
< 6 + addrlen
)
2228 if (data
[1] != 0x00) {
2229 *reason
= tor_strdup(socks5_response_code_to_string(data
[1]));
2233 *drain_out
= 6 + addrlen
;
2237 /* shouldn't get here... */
2243 /** Return 1 iff buf looks more like it has an (obsolete) v0 controller
2244 * command on it than any valid v1 controller command. */
2246 peek_buf_has_control0_command(buf_t
*buf
)
2248 if (buf
->datalen
>= 4) {
2251 peek_from_buf(header
, sizeof(header
), buf
);
2252 cmd
= ntohs(get_uint16(header
+2));
2254 return 1; /* This is definitely not a v1 control command. */
2259 #ifdef USE_BUFFEREVENTS
2261 peek_evbuffer_has_control0_command(struct evbuffer
*buf
)
2264 if (evbuffer_get_length(buf
) >= 4) {
2267 size_t n
= inspect_evbuffer(buf
, &data
, 4, &free_out
, NULL
);
2270 cmd
= ntohs(get_uint16(data
+2));
2280 /** Return the index within <b>buf</b> at which <b>ch</b> first appears,
2281 * or -1 if <b>ch</b> does not appear on buf. */
2283 buf_find_offset_of_char(buf_t
*buf
, char ch
)
2287 for (chunk
= buf
->head
; chunk
; chunk
= chunk
->next
) {
2288 char *cp
= memchr(chunk
->data
, ch
, chunk
->datalen
);
2290 return offset
+ (cp
- chunk
->data
);
2292 offset
+= chunk
->datalen
;
2297 /** Try to read a single LF-terminated line from <b>buf</b>, and write it
2298 * (including the LF), NUL-terminated, into the *<b>data_len</b> byte buffer
2299 * at <b>data_out</b>. Set *<b>data_len</b> to the number of bytes in the
2300 * line, not counting the terminating NUL. Return 1 if we read a whole line,
2301 * return 0 if we don't have a whole line yet, and return -1 if the line
2302 * length exceeds *<b>data_len</b>.
2305 fetch_from_buf_line(buf_t
*buf
, char *data_out
, size_t *data_len
)
2313 offset
= buf_find_offset_of_char(buf
, '\n');
2316 sz
= (size_t) offset
;
2317 if (sz
+2 > *data_len
) {
2321 fetch_from_buf(data_out
, sz
+1, buf
);
2322 data_out
[sz
+1] = '\0';
2327 /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
2328 * zlib state <b>state</b>, appending the result to <b>buf</b>. If
2329 * <b>done</b> is true, flush the data in the state and finish the
2330 * compression/uncompression. Return -1 on failure, 0 on success. */
2332 write_to_buf_zlib(buf_t
*buf
, tor_zlib_state_t
*state
,
2333 const char *data
, size_t data_len
,
2337 size_t old_avail
, avail
;
2340 int need_new_chunk
= 0;
2341 if (!buf
->tail
|| ! CHUNK_REMAINING_CAPACITY(buf
->tail
)) {
2342 size_t cap
= data_len
/ 4;
2343 buf_add_chunk_with_capacity(buf
, cap
, 1);
2345 next
= CHUNK_WRITE_PTR(buf
->tail
);
2346 avail
= old_avail
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
2347 switch (tor_zlib_process(state
, &next
, &avail
, &data
, &data_len
, done
)) {
2357 case TOR_ZLIB_BUF_FULL
:
2359 /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
2360 * automatically, whether were going to or not. */
2365 buf
->datalen
+= old_avail
- avail
;
2366 buf
->tail
->datalen
+= old_avail
- avail
;
2367 if (need_new_chunk
) {
2368 buf_add_chunk_with_capacity(buf
, data_len
/4, 1);
2376 #ifdef USE_BUFFEREVENTS
2378 write_to_evbuffer_zlib(struct evbuffer
*buf
, tor_zlib_state_t
*state
,
2379 const char *data
, size_t data_len
,
2383 size_t old_avail
, avail
;
2385 struct evbuffer_iovec vec
[1];
2388 size_t cap
= data_len
/ 4;
2391 /* XXXX NM this strategy is fragmentation-prone. We should really have
2392 * two iovecs, and write first into the one, and then into the
2393 * second if the first gets full. */
2394 n
= evbuffer_reserve_space(buf
, cap
, vec
, 1);
2398 next
= vec
[0].iov_base
;
2399 avail
= old_avail
= vec
[0].iov_len
;
2401 switch (tor_zlib_process(state
, &next
, &avail
, &data
, &data_len
, done
)) {
2411 case TOR_ZLIB_BUF_FULL
:
2413 /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
2414 * automatically, whether were going to or not. */
2419 /* XXXX possible infinite loop on BUF_FULL. */
2420 vec
[0].iov_len
= old_avail
- avail
;
2421 evbuffer_commit_space(buf
, vec
, 1);
2429 /** Set *<b>output</b> to contain a copy of the data in *<b>input</b> */
2431 generic_buffer_set_to_copy(generic_buffer_t
**output
,
2432 const generic_buffer_t
*input
)
2434 #ifdef USE_BUFFEREVENTS
2435 struct evbuffer_ptr ptr
;
2436 size_t remaining
= evbuffer_get_length(input
);
2438 evbuffer_drain(*output
, evbuffer_get_length(*output
));
2440 if (!(*output
= evbuffer_new()))
2443 evbuffer_ptr_set((struct evbuffer
*)input
, &ptr
, 0, EVBUFFER_PTR_SET
);
2445 struct evbuffer_iovec v
[4];
2447 n_used
= evbuffer_peek((struct evbuffer
*)input
, -1, &ptr
, v
, 4);
2450 for (i
=0;i
<n_used
;++i
) {
2451 evbuffer_add(*output
, v
[i
].iov_base
, v
[i
].iov_len
);
2452 tor_assert(v
[i
].iov_len
<= remaining
);
2453 remaining
-= v
[i
].iov_len
;
2454 evbuffer_ptr_set((struct evbuffer
*)input
,
2455 &ptr
, v
[i
].iov_len
, EVBUFFER_PTR_ADD
);
2461 *output
= buf_copy(input
);
2466 /** Log an error and exit if <b>buf</b> is corrupted.
2469 assert_buf_ok(buf_t
*buf
)
2472 tor_assert(buf
->magic
== BUFFER_MAGIC
);
2475 tor_assert(!buf
->tail
);
2476 tor_assert(buf
->datalen
== 0);
2480 tor_assert(buf
->tail
);
2481 for (ch
= buf
->head
; ch
; ch
= ch
->next
) {
2482 total
+= ch
->datalen
;
2483 tor_assert(ch
->datalen
<= ch
->memlen
);
2484 tor_assert(ch
->data
>= &ch
->mem
[0]);
2485 tor_assert(ch
->data
< &ch
->mem
[0]+ch
->memlen
);
2486 tor_assert(ch
->data
+ch
->datalen
<= &ch
->mem
[0] + ch
->memlen
);
2488 tor_assert(ch
== buf
->tail
);
2490 tor_assert(buf
->datalen
== total
);
2494 #ifdef ENABLE_BUF_FREELISTS
2495 /** Log an error and exit if <b>fl</b> is corrupted.
2498 assert_freelist_ok(chunk_freelist_t
*fl
)
2502 tor_assert(fl
->alloc_size
> 0);
2504 for (ch
= fl
->head
; ch
; ch
= ch
->next
) {
2505 tor_assert(CHUNK_ALLOC_SIZE(ch
->memlen
) == fl
->alloc_size
);
2508 tor_assert(n
== fl
->cur_length
);
2509 tor_assert(n
>= fl
->lowest_length
);
2510 tor_assert(n
<= fl
->max_length
);