1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004-2005 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char buffers_c_id
[] = "$Id$";
10 * \brief Implements a generic buffer interface. Buffers are
11 * fairly opaque string holders that can read to or flush from:
12 * memory, file descriptors, or TLS connections.
18 #undef CHECK_AFTER_RESIZE
23 /* If SENTINELS is defined, check for attempts to write beyond the
24 * end/before the start of the buffer.
26 #define START_MAGIC 0x70370370u
27 #define END_MAGIC 0xA0B0C0D0u
28 #define RAW_MEM(m) ((void*)(((char*)m)-4))
29 #define GUARDED_MEM(m) ((void*)(((char*)m)+4))
30 #define ALLOC_LEN(ln) ((ln)+8)
31 #define SET_GUARDS(m, ln) \
32 do { set_uint32((m)-4,START_MAGIC); set_uint32((m)+ln,END_MAGIC); } while (0)
34 #define RAW_MEM(m) (m)
35 #define GUARDED_MEM(m) (m)
36 #define ALLOC_LEN(ln) (ln)
37 #define SET_GUARDS(m,ln) do {} while (0)
41 #define check() do { assert_buf_ok(buf); } while (0)
43 #define check() do { } while (0)
51 #define BUFFER_MAGIC 0xB0FFF312u
52 /** A resizeable buffer, optimized for reading and writing. */
54 uint32_t magic
; /**< Magic cookie for debugging: Must be set to BUFFER_MAGIC */
55 char *mem
; /**< Storage for data in the buffer */
56 char *cur
; /**< The first byte used for storing data in the buffer. */
57 size_t highwater
; /**< Largest observed datalen since last buf_shrink */
58 size_t len
; /**< Maximum amount of data that <b>mem</b> can hold. */
59 size_t datalen
; /**< Number of bytes currently in <b>mem</b>. */
62 uint64_t buf_total_used
= 0;
63 uint64_t buf_total_alloc
= 0;
65 /** Size, in bytes, for newly allocated buffers. Should be a power of 2. */
66 #define INITIAL_BUF_SIZE (4*1024)
67 /** Size, in bytes, for minimum 'shrink' size for buffers. Buffers may start
68 * out smaller than this, but they will never autoshrink to less
70 #define MIN_GREEDY_SHRINK_SIZE (16*1024)
71 #define MIN_LAZY_SHRINK_SIZE (4*1024)
73 static INLINE
void peek_from_buf(char *string
, size_t string_len
, buf_t
*buf
);
75 /** If the contents of buf wrap around the end of the allocated space,
76 * malloc a new buf and copy the contents in starting at the
77 * beginning. This operation is relatively expensive, so it shouldn't
78 * be used e.g. for every single read or write.
81 buf_normalize(buf_t
*buf
)
84 if (buf
->cur
+ buf
->datalen
<= buf
->mem
+buf
->len
) {
87 char *newmem
, *oldmem
;
88 size_t sz
= (buf
->mem
+buf
->len
)-buf
->cur
;
89 warn(LD_BUG
, "Unexpected non-normalized buffer.");
90 newmem
= GUARDED_MEM(tor_malloc(ALLOC_LEN(buf
->len
)));
91 SET_GUARDS(newmem
, buf
->len
);
92 memcpy(newmem
, buf
->cur
, sz
);
93 memcpy(newmem
+sz
, buf
->mem
, buf
->datalen
-sz
);
94 oldmem
= RAW_MEM(buf
->mem
);
95 tor_free(oldmem
); /* Can't use tor_free directly. */
96 buf
->mem
= buf
->cur
= newmem
;
101 /** Return the point in the buffer where the next byte will get stored. */
105 char *next
= buf
->cur
+ buf
->datalen
;
106 char *end
= buf
->mem
+ buf
->len
;
107 return (next
< end
) ? next
: (next
- buf
->len
);
110 /** If the pointer <b>cp</b> has passed beyond the end of the buffer, wrap it
113 _wrap_ptr(buf_t
*buf
, char *cp
)
115 return (cp
>= buf
->mem
+ buf
->len
) ? (cp
- buf
->len
) : cp
;
118 /** Return the offset of <b>cp</b> within the buffer. */
120 _buf_offset(buf_t
*buf
, char *cp
)
123 return cp
- buf
->cur
;
125 /* return (cp - buf->mem) + buf->mem+buf->len - buf->cur */
126 return cp
+ buf
->len
- buf
->cur
;
129 /** If the range of *<b>len</b> bytes starting at <b>at</b> wraps around the
130 * end of the buffer, then set *<b>len</b> to the number of bytes starting
131 * at <b>at</b>, and set *<b>more_len</b> to the number of bytes starting
132 * at <b>buf->mem</b>. Otherwise, set *<b>more_len</b> to 0.
135 _split_range(buf_t
*buf
, char *at
, size_t *len
,
138 char *eos
= at
+ *len
;
140 if (eos
>= (buf
->mem
+ buf
->len
)) {
141 *more_len
= eos
- (buf
->mem
+ buf
->len
);
148 /** Change a buffer's capacity. <b>new_capacity</b> must be \>= buf->datalen. */
150 buf_resize(buf_t
*buf
, size_t new_capacity
)
153 #ifdef CHECK_AFTER_RESIZE
156 tor_assert(buf
->datalen
<= new_capacity
);
157 tor_assert(new_capacity
);
159 #ifdef CHECK_AFTER_RESIZE
161 tmp
= tor_malloc(buf
->datalen
);
162 tmp2
= tor_malloc(buf
->datalen
);
163 peek_from_buf(tmp
, buf
->datalen
, buf
);
166 if (buf
->len
== new_capacity
)
169 offset
= buf
->cur
- buf
->mem
;
170 if (offset
+ buf
->datalen
> new_capacity
) {
171 /* We need to move stuff before we shrink. */
172 if (offset
+ buf
->datalen
> buf
->len
) {
175 * mem[0] ... mem[datalen-(len-offset)] (end of data)
176 * mem[offset] ... mem[len-1] (the start of the data)
178 * We're shrinking the buffer by (len-new_capacity) bytes, so we need
179 * to move the start portion back by that many bytes.
181 memmove(buf
->cur
-(buf
->len
-new_capacity
), buf
->cur
,
183 offset
-= (buf
->len
-new_capacity
);
185 /* The data doesn't wrap around, but it does extend beyond the new
187 * mem[offset] ... mem[offset+datalen-1] (the data)
189 memmove(buf
->mem
, buf
->cur
, buf
->datalen
);
194 /* XXX Some play code to throw away old buffers sometimes rather
195 * than constantly reallocing them; just in case this is our memory
196 * problem. It looks for now like it isn't, so disabled. -RD */
197 if (0 && new_capacity
== MIN_LAZY_SHRINK_SIZE
&&
200 /* don't realloc; free and malloc */
201 char *oldmem
, *newmem
= GUARDED_MEM(tor_malloc(ALLOC_LEN(new_capacity
)));
202 SET_GUARDS(newmem
, new_capacity
);
203 oldmem
= RAW_MEM(buf
->mem
);
205 buf
->mem
= buf
->cur
= newmem
;
207 buf
->mem
= GUARDED_MEM(tor_realloc(RAW_MEM(buf
->mem
),
208 ALLOC_LEN(new_capacity
)));
209 SET_GUARDS(buf
->mem
, new_capacity
);
210 buf
->cur
= buf
->mem
+offset
;
212 buf_total_alloc
+= new_capacity
;
213 buf_total_alloc
-= buf
->len
;
215 if (offset
+ buf
->datalen
> buf
->len
) {
216 /* We need to move data now that we are done growing. The buffer
219 * mem[0] ... mem[datalen-(len-offset)] (end of data)
220 * mem[offset] ... mem[len-1] (the start of the data)
221 * mem[len]...mem[new_capacity] (empty space)
223 * We're growing by (new_capacity-len) bytes, so we need to move the
224 * end portion forward by that many bytes.
226 memmove(buf
->cur
+(new_capacity
-buf
->len
), buf
->cur
,
228 buf
->cur
+= new_capacity
-buf
->len
;
230 buf
->len
= new_capacity
;
232 #ifdef CHECK_AFTER_RESIZE
234 peek_from_buf(tmp2
, buf
->datalen
, buf
);
235 if (memcmp(tmp
, tmp2
, buf
->datalen
)) {
243 /** If the buffer is not large enough to hold <b>capacity</b> bytes, resize
244 * it so that it can. (The new size will be a power of 2 times the old
248 buf_ensure_capacity(buf_t
*buf
, size_t capacity
)
251 if (buf
->len
>= capacity
) /* Don't grow if we're already big enough. */
253 if (capacity
> MAX_BUF_SIZE
) /* Don't grow past the maximum. */
255 /* Find the smallest new_len equal to (2**X)*len for some X; such that
256 * new_len is at least capacity.
258 new_len
= buf
->len
*2;
259 while (new_len
< capacity
)
261 /* Resize the buffer. */
262 debug(LD_MM
,"Growing buffer from %d to %d bytes.",
263 (int)buf
->len
, (int)new_len
);
264 buf_resize(buf
,new_len
);
268 /** Resize buf so it won't hold extra memory that we haven't been
269 * using lately (that is, since the last time we called buf_shrink).
270 * Try to shrink the buf until it is the largest factor of two that
271 * can contain <b>buf</b>->highwater, but never smaller than
272 * MIN_LAZY_SHRINK_SIZE.
275 buf_shrink(buf_t
*buf
)
280 while (buf
->highwater
< (new_len
>>2) && new_len
> MIN_LAZY_SHRINK_SIZE
*2)
283 buf
->highwater
= buf
->datalen
;
284 if (new_len
== buf
->len
)
287 debug(LD_MM
,"Shrinking buffer from %d to %d bytes.",
288 (int)buf
->len
, (int)new_len
);
289 buf_resize(buf
, new_len
);
292 /** Remove the first <b>n</b> bytes from buf. */
294 buf_remove_from_front(buf_t
*buf
, size_t n
)
296 tor_assert(buf
->datalen
>= n
);
300 buf
->cur
= _wrap_ptr(buf
, buf
->cur
+n
);
307 /** Make sure that the memory in buf ends with a zero byte. */
309 buf_nul_terminate(buf_t
*buf
)
311 if (buf_ensure_capacity(buf
,buf
->datalen
+1)<0)
313 *_buf_end(buf
) = '\0';
317 /** Create and return a new buf with capacity <b>size</b>. */
319 buf_new_with_capacity(size_t size
)
322 buf
= tor_malloc_zero(sizeof(buf_t
));
323 buf
->magic
= BUFFER_MAGIC
;
324 buf
->cur
= buf
->mem
= GUARDED_MEM(tor_malloc(ALLOC_LEN(size
)));
325 SET_GUARDS(buf
->mem
, size
);
328 buf_total_alloc
+= size
;
333 /** Allocate and return a new buffer with default capacity. */
337 return buf_new_with_capacity(INITIAL_BUF_SIZE
);
340 /** Remove all data from <b>buf</b>. */
342 buf_clear(buf_t
*buf
)
344 buf_total_used
-= buf
->datalen
;
349 /** Return the number of bytes stored in <b>buf</b> */
351 buf_datalen(const buf_t
*buf
)
356 /** Return the maximum bytes that can be stored in <b>buf</b> before buf
357 * needs to resize. */
359 buf_capacity(const buf_t
*buf
)
364 /** For testing only: Return a pointer to the raw memory stored in
367 _buf_peek_raw_buffer(const buf_t
*buf
)
372 /** Release storage held by <b>buf</b>. */
378 buf
->magic
= 0xDEADBEEF;
379 oldmem
= RAW_MEM(buf
->mem
);
381 buf_total_alloc
-= buf
->len
;
382 buf_total_used
-= buf
->datalen
;
386 /** Helper for read_to_buf(): read no more than at_most bytes from
387 * socket s into buffer buf, starting at the position pos. (Does not
388 * check for overflow.) Set *reached_eof to true on EOF. Return
389 * number of bytes read on success, 0 if the read would block, -1 on
393 read_to_buf_impl(int s
, size_t at_most
, buf_t
*buf
,
394 char *pos
, int *reached_eof
)
398 // log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
399 read_result
= recv(s
, pos
, at_most
, 0);
400 if (read_result
< 0) {
401 int e
= tor_socket_errno(s
);
402 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
405 return 0; /* would block. */
406 } else if (read_result
== 0) {
407 debug(LD_NET
,"Encountered eof");
410 } else { /* we read some bytes */
411 buf
->datalen
+= read_result
;
412 buf_total_used
+= read_result
;
413 if (buf
->datalen
> buf
->highwater
)
414 buf
->highwater
= buf
->datalen
;
415 debug(LD_NET
,"Read %d bytes. %d on inbuf.",read_result
,
421 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
422 * <b>at_most</b> bytes, resizing the buffer as necessary. If recv()
423 * returns 0, set *<b>reached_eof</b> to 1 and return 0. Return -1 on error;
424 * else return the number of bytes read. Return 0 if recv() would
428 read_to_buf(int s
, size_t at_most
, buf_t
*buf
, int *reached_eof
)
434 /* assert_buf_ok(buf); */
435 tor_assert(reached_eof
);
438 if (buf_ensure_capacity(buf
,buf
->datalen
+at_most
))
441 if (at_most
+ buf
->datalen
> buf
->len
)
442 at_most
= buf
->len
- buf
->datalen
; /* take the min of the two */
445 return 0; /* we shouldn't read anything */
447 next
= _buf_end(buf
);
448 _split_range(buf
, next
, &at_most
, &at_start
);
450 r
= read_to_buf_impl(s
, at_most
, buf
, next
, reached_eof
);
452 if (r
< 0 || (size_t)r
< at_most
) {
453 return r
; /* Either error, eof, block, or no more to read. */
458 tor_assert(_buf_end(buf
) == buf
->mem
);
459 r2
= read_to_buf_impl(s
, at_start
, buf
, buf
->mem
, reached_eof
);
470 /** Helper for read_to_buf_tls(): read no more than <b>at_most</b>
471 * bytes from the TLS connection <b>tls</b> into buffer <b>buf</b>,
472 * starting at the position <b>next</b>. (Does not check for overflow.)
473 * Return number of bytes read on success, 0 if the read would block,
477 read_to_buf_tls_impl(tor_tls_t
*tls
, size_t at_most
, buf_t
*buf
, char *next
)
481 debug(LD_NET
,"before: %d on buf, %d pending, at_most %d.",
482 (int)buf_datalen(buf
), (int)tor_tls_get_pending_bytes(tls
),
484 r
= tor_tls_read(tls
, next
, at_most
);
489 if (buf
->datalen
> buf
->highwater
)
490 buf
->highwater
= buf
->datalen
;
491 debug(LD_NET
,"Read %d bytes. %d on inbuf; %d pending",r
,
492 (int)buf
->datalen
,(int)tor_tls_get_pending_bytes(tls
));
496 /** As read_to_buf, but reads from a TLS connection.
498 * Using TLS on OR connections complicates matters in two ways.
500 * First, a TLS stream has its own read buffer independent of the
501 * connection's read buffer. (TLS needs to read an entire frame from
502 * the network before it can decrypt any data. Thus, trying to read 1
503 * byte from TLS can require that several KB be read from the network
504 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
505 * Because the data hasn't been read by Tor (it's still inside the TLS),
506 * this means that sometimes a connection "has stuff to read" even when
507 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
508 * used in connection.c to detect TLS objects with non-empty internal
509 * buffers and read from them again.
511 * Second, the TLS stream's events do not correspond directly to network
512 * events: sometimes, before a TLS stream can read, the network must be
513 * ready to write -- or vice versa.
516 read_to_buf_tls(tor_tls_t
*tls
, size_t at_most
, buf_t
*buf
)
525 debug(LD_NET
,"start: %d on buf, %d pending, at_most %d.",
526 (int)buf_datalen(buf
), (int)tor_tls_get_pending_bytes(tls
),
529 if (buf_ensure_capacity(buf
, at_most
+buf
->datalen
))
530 return TOR_TLS_ERROR
;
532 if (at_most
+ buf
->datalen
> buf
->len
)
533 at_most
= buf
->len
- buf
->datalen
;
538 next
= _buf_end(buf
);
539 _split_range(buf
, next
, &at_most
, &at_start
);
541 r
= read_to_buf_tls_impl(tls
, at_most
, buf
, next
);
543 if (r
< 0 || (size_t)r
< at_most
)
544 return r
; /* Either error, eof, block, or no more to read. */
548 tor_assert(_buf_end(buf
) == buf
->mem
);
549 r2
= read_to_buf_tls_impl(tls
, at_start
, buf
, buf
->mem
);
559 /** Helper for flush_buf(): try to write <b>sz</b> bytes from buffer
560 * <b>buf</b> onto socket <b>s</b>. On success, deduct the bytes written
561 * from *<b>buf_flushlen</b>.
562 * Return the number of bytes written on success, -1 on failure.
565 flush_buf_impl(int s
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
569 write_result
= send(s
, buf
->cur
, sz
, 0);
570 if (write_result
< 0) {
571 int e
= tor_socket_errno(s
);
572 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
575 debug(LD_NET
,"write() would block, returning.");
578 *buf_flushlen
-= write_result
;
579 buf_remove_from_front(buf
, write_result
);
584 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
585 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
586 * the number of bytes actually written, and remove the written bytes
587 * from the buffer. Return the number of bytes written on success,
588 * -1 on failure. Return 0 if write() would block.
591 flush_buf(int s
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
595 size_t flushlen0
, flushlen1
;
597 /* assert_buf_ok(buf); */
598 tor_assert(buf_flushlen
);
600 tor_assert(*buf_flushlen
<= buf
->datalen
);
601 tor_assert(sz
<= *buf_flushlen
);
603 if (sz
== 0) /* nothing to flush */
607 _split_range(buf
, buf
->cur
, &flushlen0
, &flushlen1
);
609 r
= flush_buf_impl(s
, buf
, flushlen0
, buf_flushlen
);
612 debug(LD_NET
,"%d: flushed %d bytes, %d ready to flush, %d remain.",
613 s
,r
,(int)*buf_flushlen
,(int)buf
->datalen
);
614 if (r
< 0 || (size_t)r
< flushlen0
)
615 return r
; /* Error, or can't flush any more now. */
619 tor_assert(buf
->cur
== buf
->mem
);
620 r
= flush_buf_impl(s
, buf
, flushlen1
, buf_flushlen
);
622 debug(LD_NET
,"%d: flushed %d bytes, %d ready to flush, %d remain.",
623 s
,r
,(int)*buf_flushlen
,(int)buf
->datalen
);
631 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from buffer
632 * <b>buf</b> onto TLS object <b>tls</b>. On success, deduct the bytes
633 * written from *<b>buf_flushlen</b>.
634 * Return the number of bytes written on success, -1 on failure.
637 flush_buf_tls_impl(tor_tls_t
*tls
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
641 r
= tor_tls_write(tls
, buf
->cur
, sz
);
646 buf_remove_from_front(buf
, r
);
647 debug(LD_NET
,"flushed %d bytes, %d ready to flush, %d remain.",
648 r
,(int)*buf_flushlen
,(int)buf
->datalen
);
652 /** As flush_buf(), but writes data to a TLS connection.
655 flush_buf_tls(tor_tls_t
*tls
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
659 size_t flushlen0
, flushlen1
;
660 /* assert_buf_ok(buf); */
662 tor_assert(buf_flushlen
);
663 tor_assert(*buf_flushlen
<= buf
->datalen
);
664 tor_assert(sz
<= *buf_flushlen
);
666 /* we want to let tls write even if flushlen is zero, because it might
667 * have a partial record pending */
668 check_no_tls_errors();
671 _split_range(buf
, buf
->cur
, &flushlen0
, &flushlen1
);
673 r
= flush_buf_tls_impl(tls
, buf
, flushlen0
, buf_flushlen
);
675 if (r
< 0 || (size_t)r
< flushlen0
)
676 return r
; /* Error, or can't flush any more now. */
680 tor_assert(buf
->cur
== buf
->mem
);
681 r
= flush_buf_tls_impl(tls
, buf
, flushlen1
, buf_flushlen
);
690 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
693 * Return the new length of the buffer on success, -1 on failure.
696 write_to_buf(const char *string
, size_t string_len
, buf_t
*buf
)
701 /* append string to buf (growing as needed, return -1 if "too big")
702 * return total number of bytes on the buf
706 /* assert_buf_ok(buf); */
708 if (buf_ensure_capacity(buf
, buf
->datalen
+string_len
)) {
709 warn(LD_MM
, "buflen too small, can't hold %d bytes.", (int)(buf
->datalen
+string_len
));
713 next
= _buf_end(buf
);
714 _split_range(buf
, next
, &string_len
, &len2
);
716 memcpy(next
, string
, string_len
);
717 buf
->datalen
+= string_len
;
718 buf_total_used
+= string_len
;
721 tor_assert(_buf_end(buf
) == buf
->mem
);
722 memcpy(buf
->mem
, string
+string_len
, len2
);
723 buf
->datalen
+= len2
;
724 buf_total_used
+= len2
;
726 if (buf
->datalen
> buf
->highwater
)
727 buf
->highwater
= buf
->datalen
;
728 debug(LD_NET
,"added %d bytes to buf (now %d total).",
729 (int)string_len
, (int)buf
->datalen
);
734 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
735 * onto <b>string</b>.
738 peek_from_buf(char *string
, size_t string_len
, buf_t
*buf
)
742 /* There must be string_len bytes in buf; write them onto string,
743 * then memmove buf back (that is, remove them from buf).
745 * Return the number of bytes still on the buffer. */
748 tor_assert(string_len
<= buf
->datalen
); /* make sure we don't ask for too much */
749 /* assert_buf_ok(buf); */
751 _split_range(buf
, buf
->cur
, &string_len
, &len2
);
753 memcpy(string
, buf
->cur
, string_len
);
755 memcpy(string
+string_len
,buf
->mem
,len2
);
759 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store them
760 * into <b>string</b>. Return the new buffer size. <b>string_len</b> must be \<=
761 * the number of bytes on the buffer.
764 fetch_from_buf(char *string
, size_t string_len
, buf_t
*buf
)
766 /* There must be string_len bytes in buf; write them onto string,
767 * then memmove buf back (that is, remove them from buf).
769 * Return the number of bytes still on the buffer. */
772 peek_from_buf(string
, string_len
, buf
);
773 buf_remove_from_front(buf
, string_len
);
778 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
779 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
780 * If a) the headers include a Content-Length field and all bytes in
781 * the body are present, or b) there's no Content-Length field and
782 * all headers are present, then:
784 * - strdup headers into <b>*headers_out</b>, and nul-terminate it.
785 * - memdup body into <b>*body_out</b>, and nul-terminate it.
786 * - Then remove them from <b>buf</b>, and return 1.
788 * - If headers or body is NULL, discard that part of the buf.
789 * - If a headers or body doesn't fit in the arg, return -1.
790 * (We ensure that the headers or body don't exceed max len,
791 * _even if_ we're planning to discard them.)
792 * - If force_complete is true, then succeed even if not all of the
793 * content has arrived.
795 * Else, change nothing and return 0.
798 fetch_from_buf_http(buf_t
*buf
,
799 char **headers_out
, size_t max_headerlen
,
800 char **body_out
, size_t *body_used
, size_t max_bodylen
,
803 char *headers
, *body
, *p
;
804 size_t headerlen
, bodylen
, contentlen
;
806 /* assert_buf_ok(buf); */
809 if (buf_nul_terminate(buf
)<0) {
810 warn(LD_BUG
,"Couldn't nul-terminate buffer");
814 body
= strstr(headers
,"\r\n\r\n");
816 debug(LD_HTTP
,"headers not all here yet.");
819 body
+= 4; /* Skip the the CRLFCRLF */
820 headerlen
= body
-headers
; /* includes the CRLFCRLF */
821 bodylen
= buf
->datalen
- headerlen
;
822 debug(LD_HTTP
,"headerlen %d, bodylen %d.", (int)headerlen
, (int)bodylen
);
824 if (max_headerlen
<= headerlen
) {
825 warn(LD_HTTP
,"headerlen %d larger than %d. Failing.", (int)headerlen
,
826 (int)max_headerlen
-1);
829 if (max_bodylen
<= bodylen
) {
830 warn(LD_HTTP
,"bodylen %d larger than %d. Failing.", (int)bodylen
, (int)max_bodylen
-1);
834 #define CONTENT_LENGTH "\r\nContent-Length: "
835 p
= strstr(headers
, CONTENT_LENGTH
);
838 i
= atoi(p
+strlen(CONTENT_LENGTH
));
840 warn(LD_PROTOCOL
, "Content-Length is less than zero; it looks like someone is trying to crash us.");
844 /* if content-length is malformed, then our body length is 0. fine. */
845 debug(LD_HTTP
,"Got a contentlen of %d.",(int)contentlen
);
846 if (bodylen
< contentlen
) {
847 if (!force_complete
) {
848 debug(LD_HTTP
,"body not all here yet.");
849 return 0; /* not all there yet */
852 if (bodylen
> contentlen
) {
853 bodylen
= contentlen
;
854 debug(LD_HTTP
,"bodylen reduced to %d.",(int)bodylen
);
857 /* all happy. copy into the appropriate places, and return 1 */
859 *headers_out
= tor_malloc(headerlen
+1);
860 memcpy(*headers_out
,buf
->cur
,headerlen
);
861 (*headers_out
)[headerlen
] = 0; /* null terminate it */
864 tor_assert(body_used
);
865 *body_used
= bodylen
;
866 *body_out
= tor_malloc(bodylen
+1);
867 memcpy(*body_out
,buf
->cur
+headerlen
,bodylen
);
868 (*body_out
)[bodylen
] = 0; /* null terminate it */
870 buf_remove_from_front(buf
, headerlen
+bodylen
);
874 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
876 * - socks4: "socksheader username\\0"
877 * - socks4a: "socksheader username\\0 destaddr\\0"
878 * - socks5 phase one: "version #methods methods"
879 * - socks5 phase two: "version command 0 addresstype..."
880 * If it's a complete and valid handshake, and destaddr fits in
881 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
882 * assign to <b>req</b>, and return 1.
884 * If it's invalid or too big, return -1.
886 * Else it's not all there yet, leave buf alone and return 0.
888 * If you want to specify the socks reply, write it into <b>req->reply</b>
889 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
891 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
892 * the connection is possibly leaking DNS requests locally or not.
894 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are undefined.
897 fetch_from_buf_socks(buf_t
*buf
, socks_request_t
*req
, int log_sockstype
)
900 char tmpbuf
[INET_NTOA_BUF_LEN
];
902 enum {socks4
, socks4a
} socks4_prot
= socks4a
;
903 char *next
, *startaddr
;
906 /* If the user connects with socks4 or the wrong variant of socks5,
907 * then log a warning to let him know that it might be unwise. */
908 static int have_warned_about_unsafe_socks
= 0;
910 if (buf
->datalen
< 2) /* version and another byte */
914 switch (*(buf
->cur
)) { /* which version of socks? */
918 if (req
->socks_version
!= 5) { /* we need to negotiate a method */
919 unsigned char nummethods
= (unsigned char)*(buf
->cur
+1);
920 tor_assert(!req
->socks_version
);
921 if (buf
->datalen
< 2u+nummethods
)
923 if (!nummethods
|| !memchr(buf
->cur
+2, 0, nummethods
)) {
924 warn(LD_APP
,"socks5: offered methods don't include 'no auth'. Rejecting.");
925 req
->replylen
= 2; /* 2 bytes of response */
927 req
->reply
[1] = '\xFF'; /* reject all methods */
930 buf_remove_from_front(buf
,2+nummethods
); /* remove packet from buf */
932 req
->replylen
= 2; /* 2 bytes of response */
933 req
->reply
[0] = 5; /* socks5 reply */
934 req
->reply
[1] = SOCKS5_SUCCEEDED
;
935 req
->socks_version
= 5; /* remember that we've already negotiated auth */
936 debug(LD_APP
,"socks5: accepted method 0");
939 /* we know the method; read in the request */
940 debug(LD_APP
,"socks5: checking request");
941 if (buf
->datalen
< 8) /* basic info plus >=2 for addr plus 2 for port */
942 return 0; /* not yet */
943 req
->command
= (unsigned char) *(buf
->cur
+1);
944 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
945 req
->command
!= SOCKS_COMMAND_RESOLVE
) {
946 /* not a connect or resolve? we don't support it. */
947 warn(LD_APP
,"socks5: command %d not recognized. Rejecting.",
951 switch (*(buf
->cur
+3)) { /* address type */
952 case 1: /* IPv4 address */
953 debug(LD_APP
,"socks5: ipv4 address type");
954 if (buf
->datalen
< 10) /* ip/port there? */
955 return 0; /* not yet */
957 destip
= ntohl(*(uint32_t*)(buf
->cur
+4));
958 in
.s_addr
= htonl(destip
);
959 tor_inet_ntoa(&in
,tmpbuf
,sizeof(tmpbuf
));
960 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
961 warn(LD_APP
,"socks5 IP takes %d bytes, which doesn't fit in %d. Rejecting.",
962 (int)strlen(tmpbuf
)+1,(int)MAX_SOCKS_ADDR_LEN
);
965 strlcpy(req
->address
,tmpbuf
,sizeof(req
->address
));
966 req
->port
= ntohs(*(uint16_t*)(buf
->cur
+8));
967 buf_remove_from_front(buf
, 10);
968 if (!address_is_in_virtual_range(req
->address
) &&
969 !have_warned_about_unsafe_socks
) {
970 warn(LD_APP
,"Your application (using socks5 on port %d) is giving "
971 "Tor only an IP address. Applications that do DNS resolves "
972 "themselves may leak information. Consider using Socks4A "
973 "(e.g. via privoxy or socat) instead. For more information, "
974 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
975 "TorFAQ#SOCKSAndDNS", req
->port
);
976 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
980 debug(LD_APP
,"socks5: fqdn address type");
981 len
= (unsigned char)*(buf
->cur
+4);
982 if (buf
->datalen
< 7u+len
) /* addr/port there? */
983 return 0; /* not yet */
984 if (len
+1 > MAX_SOCKS_ADDR_LEN
) {
985 warn(LD_APP
,"socks5 hostname is %d bytes, which doesn't fit in %d. Rejecting.",
986 len
+1,MAX_SOCKS_ADDR_LEN
);
989 memcpy(req
->address
,buf
->cur
+5,len
);
990 req
->address
[len
] = 0;
991 req
->port
= ntohs(get_uint16(buf
->cur
+5+len
));
992 buf_remove_from_front(buf
, 5+len
+2);
994 notice(LD_APP
, "Your application (using socks5 on port %d) gave "
995 "Tor a hostname, which means Tor will do the DNS resolve "
996 "for you. This is good.", req
->port
);
998 default: /* unsupported */
999 warn(LD_APP
,"socks5: unsupported address type %d. Rejecting.",*(buf
->cur
+3));
1003 case 4: /* socks4 */
1004 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1005 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1007 req
->socks_version
= 4;
1008 if (buf
->datalen
< SOCKS4_NETWORK_LEN
) /* basic info available? */
1009 return 0; /* not yet */
1011 req
->command
= (unsigned char) *(buf
->cur
+1);
1012 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
1013 req
->command
!= SOCKS_COMMAND_RESOLVE
) {
1014 /* not a connect or resolve? we don't support it. */
1015 warn(LD_APP
,"socks4: command %d not recognized. Rejecting.",
1020 req
->port
= ntohs(*(uint16_t*)(buf
->cur
+2));
1021 destip
= ntohl(*(uint32_t*)(buf
->mem
+4));
1022 if ((!req
->port
&& req
->command
!=SOCKS_COMMAND_RESOLVE
) || !destip
) {
1023 warn(LD_APP
,"socks4: Port or DestIP is zero. Rejecting.");
1027 debug(LD_APP
,"socks4: destip not in form 0.0.0.x.");
1028 in
.s_addr
= htonl(destip
);
1029 tor_inet_ntoa(&in
,tmpbuf
,sizeof(tmpbuf
));
1030 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
1031 debug(LD_APP
,"socks4 addr (%d bytes) too long. Rejecting.",
1032 (int)strlen(tmpbuf
));
1035 debug(LD_APP
,"socks4: successfully read destip (%s)", safe_str(tmpbuf
));
1036 socks4_prot
= socks4
;
1039 next
= memchr(buf
->cur
+SOCKS4_NETWORK_LEN
, 0,
1040 buf
->datalen
-SOCKS4_NETWORK_LEN
);
1042 debug(LD_APP
,"socks4: Username not here yet.");
1045 tor_assert(next
< buf
->cur
+buf
->datalen
);
1048 if (socks4_prot
!= socks4a
&&
1049 !address_is_in_virtual_range(tmpbuf
) &&
1050 !have_warned_about_unsafe_socks
) {
1051 warn(LD_APP
,"Your application (using socks4 on port %d) is giving Tor "
1052 "only an IP address. Applications that do DNS resolves "
1053 "themselves may leak information. Consider using Socks4A (e.g. "
1054 "via privoxy or socat) instead.", req
->port
);
1055 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
1057 if (socks4_prot
== socks4a
) {
1058 if (next
+1 == buf
->cur
+buf
->datalen
) {
1059 debug(LD_APP
,"socks4: No part of destaddr here yet.");
1063 next
= memchr(startaddr
, 0, buf
->cur
+buf
->datalen
-startaddr
);
1065 debug(LD_APP
,"socks4: Destaddr not all here yet.");
1068 if (MAX_SOCKS_ADDR_LEN
<= next
-startaddr
) {
1069 warn(LD_APP
,"socks4: Destaddr too long. Rejecting.");
1072 tor_assert(next
< buf
->cur
+buf
->datalen
);
1074 notice(LD_APP
, "Your application (using socks4a on port %d) gave "
1075 "Tor a hostname, which means Tor will do the DNS resolve "
1076 "for you. This is good.", req
->port
);
1078 debug(LD_APP
,"socks4: Everything is here. Success.");
1079 strlcpy(req
->address
, startaddr
? startaddr
: tmpbuf
,
1080 sizeof(req
->address
));
1081 buf_remove_from_front(buf
, next
-buf
->cur
+1); /* next points to the final \0 on inbuf */
1085 case 'H': /* head */
1086 case 'P': /* put/post */
1087 case 'C': /* connect */
1089 "HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
1090 "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
1093 "<title>Tor is not an HTTP Proxy</title>\n"
1096 "<h1>Tor is not an HTTP Proxy</h1>\n"
1098 "It appears you have configured your web browser to use Tor as an HTTP Proxy.\n"
1099 "This is not correct: Tor provides a SOCKS proxy. Please configure your\n"
1100 "client accordingly.\n"
1103 "See <a href=\"http://tor.eff.org/documentation.html\">http://tor.eff.org/documentation.html</a> for more information.\n"
1104 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1105 " IE will be willing to display it. Comment comment comment comment "
1106 " comment comment comment comment comment comment comment comment.-->\n"
1110 , MAX_SOCKS_REPLY_LEN
);
1111 req
->replylen
= strlen(req
->reply
)+1;
1113 default: /* version is not socks4 or socks5 */
1114 warn(LD_APP
,"Socks version %d not recognized. (Tor is not an http proxy.)",
1120 #define CONTROL_CMD_FRAGMENTHEADER 0x0010
1121 #define CONTROL_CMD_FRAGMENT 0x0011
1122 /** If there is a complete version 0 control message waiting on buf, then store
1123 * its contents into *<b>type_out</b>, store its body's length into
1124 * *<b>len_out</b>, allocate and store a string for its body into
1125 * *<b>body_out</b>, and return 1. (body_out will always be NUL-terminated,
1126 * even if the control message body doesn't end with NUL.)
1128 * If there is not a complete control message waiting, return 0.
1130 * Return -1 on error; return -2 on "seems to be control protocol v1."
1133 fetch_from_buf_control0(buf_t
*buf
, uint32_t *len_out
, uint16_t *type_out
,
1134 char **body_out
, int check_for_v1
)
1141 tor_assert(len_out
);
1142 tor_assert(type_out
);
1143 tor_assert(body_out
);
1148 if (buf
->datalen
< 4)
1151 peek_from_buf(tmp
, 4, buf
);
1153 msglen
= ntohs(get_uint16(tmp
));
1154 type
= ntohs(get_uint16(tmp
+2));
1155 if (type
> 255 && check_for_v1
)
1158 if (buf
->datalen
< 4 + (unsigned)msglen
)
1163 buf_remove_from_front(buf
, 4);
1165 *body_out
= tor_malloc(msglen
+1);
1166 fetch_from_buf(*body_out
, msglen
, buf
);
1167 (*body_out
)[msglen
] = '\0';
1172 /** Helper: return a pointer to the first instance of <b>c</b> in the
1173 * <b>len</b>characters after <b>start</b> on <b>buf</b>. Return NULL if the
1174 * character isn't found. */
1176 find_char_on_buf(buf_t
*buf
, char *start
, size_t len
, char c
)
1180 _split_range(buf
, start
, &len
, &len_rest
);
1181 cp
= memchr(buf
->cur
, c
, len
);
1182 if (cp
|| !len_rest
)
1184 return memchr(buf
->mem
, c
, len_rest
);
1187 /** Helper: return a pointer to the first CRLF after cp on <b>buf</b>. Return
1188 * NULL if no CRLF is found. */
1190 find_crlf_on_buf(buf_t
*buf
, char *cp
)
1194 size_t remaining
= buf
->datalen
- _buf_offset(buf
,cp
);
1195 cp
= find_char_on_buf(buf
, cp
, remaining
, '\r');
1198 next
= _wrap_ptr(buf
, cp
+1);
1199 if (next
== _buf_end(buf
))
1207 /** Try to read a single CRLF-terminated line from <b>buf</b>, and write it,
1208 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1209 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1210 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1211 * have a whole line yet, and return -1 if we we need to grow the buffer.
1214 fetch_from_buf_line(buf_t
*buf
, char *data_out
, size_t *data_len
)
1218 /* Look for a CRLF. */
1219 if (!(eol
= find_crlf_on_buf(buf
, buf
->cur
))) {
1222 sz
= _buf_offset(buf
, eol
);
1223 if (sz
+3 > *data_len
) {
1227 fetch_from_buf(data_out
, sz
+2, buf
);
1228 data_out
[sz
+2] = '\0';
1233 /** Log an error and exit if <b>buf</b> is corrupted.
1236 assert_buf_ok(buf_t
*buf
)
1239 tor_assert(buf
->magic
== BUFFER_MAGIC
);
1240 tor_assert(buf
->mem
);
1241 tor_assert(buf
->highwater
<= buf
->len
);
1242 tor_assert(buf
->datalen
<= buf
->highwater
);
1245 uint32_t u32
= get_uint32(buf
->mem
- 4);
1246 tor_assert(u32
== START_MAGIC
);
1247 u32
= get_uint32(buf
->mem
+ buf
->len
);
1248 tor_assert(u32
== END_MAGIC
);