search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
In my private little universe, terminals are still 80 columns. Impose a 160-characte...
[tor.git] / src / or / buffers.c
blob977a7d9a4738f628651ee869054dda6d11dfbc6e
1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004-2005 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
6 const char buffers_c_id[] = "$Id$";
7
8 /**
9 * \file buffers.c
10 * \brief Implements a generic buffer interface. Buffers are
11 * fairly opaque string holders that can read to or flush from:
12 * memory, file descriptors, or TLS connections.
13 **/
14
15 #include "or.h"
16
17 #define SENTINELS
18 #undef CHECK_AFTER_RESIZE
19 #undef PARANOIA
20 #undef NOINLINE
21
22 #ifdef SENTINELS
23 /* If SENTINELS is defined, check for attempts to write beyond the
24 * end/before the start of the buffer.
25 */
26 #define START_MAGIC 0x70370370u
27 #define END_MAGIC 0xA0B0C0D0u
28 #define RAW_MEM(m) ((void*)(((char*)m)-4))
29 #define GUARDED_MEM(m) ((void*)(((char*)m)+4))
30 #define ALLOC_LEN(ln) ((ln)+8)
31 #define SET_GUARDS(m, ln) \
32 do { set_uint32((m)-4,START_MAGIC); set_uint32((m)+ln,END_MAGIC); } while (0)
33 #else
34 #define RAW_MEM(m) (m)
35 #define GUARDED_MEM(m) (m)
36 #define ALLOC_LEN(ln) (ln)
37 #define SET_GUARDS(m,ln) do {} while (0)
38 #endif
39
40 #ifdef PARANOIA
41 #define check() do { assert_buf_ok(buf); } while (0)
42 #else
43 #define check() do { } while (0)
44 #endif
45
46 #ifdef NOINLINE
47 #undef INLINE
48 #define INLINE
49 #endif
50
51 #define BUFFER_MAGIC 0xB0FFF312u
52 /** A resizeable buffer, optimized for reading and writing. */
53 struct buf_t {
54 uint32_t magic; /**< Magic cookie for debugging: Must be set to BUFFER_MAGIC */
55 char *mem; /**< Storage for data in the buffer */
56 char *cur; /**< The first byte used for storing data in the buffer. */
57 size_t highwater; /**< Largest observed datalen since last buf_shrink */
58 size_t len; /**< Maximum amount of data that <b>mem</b> can hold. */
59 size_t datalen; /**< Number of bytes currently in <b>mem</b>. */
60 };
61
62 uint64_t buf_total_used = 0;
63 uint64_t buf_total_alloc = 0;
64
65 /** Size, in bytes, for newly allocated buffers. Should be a power of 2. */
66 #define INITIAL_BUF_SIZE (4*1024)
67 /** Size, in bytes, for minimum 'shrink' size for buffers. Buffers may start
68 * out smaller than this, but they will never autoshrink to less
69 * than this size. */
70 #define MIN_GREEDY_SHRINK_SIZE (16*1024)
71 #define MIN_LAZY_SHRINK_SIZE (4*1024)
72
73 static INLINE void peek_from_buf(char *string, size_t string_len, buf_t *buf);
74
75 /** If the contents of buf wrap around the end of the allocated space,
76 * malloc a new buf and copy the contents in starting at the
77 * beginning. This operation is relatively expensive, so it shouldn't
78 * be used e.g. for every single read or write.
79 */
80 static void
81 buf_normalize(buf_t *buf)
82 {
83 check();
84 if (buf->cur + buf->datalen <= buf->mem+buf->len) {
85 return;
86 } else {
87 char *newmem, *oldmem;
88 size_t sz = (buf->mem+buf->len)-buf->cur;
89 warn(LD_BUG, "Unexpected non-normalized buffer.");
90 newmem = GUARDED_MEM(tor_malloc(ALLOC_LEN(buf->len)));
91 SET_GUARDS(newmem, buf->len);
92 memcpy(newmem, buf->cur, sz);
93 memcpy(newmem+sz, buf->mem, buf->datalen-sz);
94 oldmem = RAW_MEM(buf->mem);
95 tor_free(oldmem); /* Can't use tor_free directly. */
96 buf->mem = buf->cur = newmem;
97 check();
98 }
99 }
100
101 /** Return the point in the buffer where the next byte will get stored. */
102 static INLINE char *
103 _buf_end(buf_t *buf)
104 {
105 char *next = buf->cur + buf->datalen;
106 char *end = buf->mem + buf->len;
107 return (next < end) ? next : (next - buf->len);
108 }
109
110 /** If the pointer <b>cp</b> has passed beyond the end of the buffer, wrap it
111 * around. */
112 static INLINE char *
113 _wrap_ptr(buf_t *buf, char *cp)
114 {
115 return (cp >= buf->mem + buf->len) ? (cp - buf->len) : cp;
116 }
117
118 /** Return the offset of <b>cp</b> within the buffer. */
119 static INLINE int
120 _buf_offset(buf_t *buf, char *cp)
121 {
122 if (cp >= buf->cur)
123 return cp - buf->cur;
124 else
125 /* return (cp - buf->mem) + buf->mem+buf->len - buf->cur */
126 return cp + buf->len - buf->cur;
127 }
128
129 /** If the range of *<b>len</b> bytes starting at <b>at</b> wraps around the
130 * end of the buffer, then set *<b>len</b> to the number of bytes starting
131 * at <b>at</b>, and set *<b>more_len</b> to the number of bytes starting
132 * at <b>buf-&gt;mem</b>. Otherwise, set *<b>more_len</b> to 0.
133 */
134 static INLINE void
135 _split_range(buf_t *buf, char *at, size_t *len,
136 size_t *more_len)
137 {
138 char *eos = at + *len;
139 check();
140 if (eos >= (buf->mem + buf->len)) {
141 *more_len = eos - (buf->mem + buf->len);
142 *len -= *more_len;
143 } else {
144 *more_len = 0;
145 }
146 }
147
148 /** Change a buffer's capacity. <b>new_capacity</b> must be \>= buf->datalen. */
149 static void
150 buf_resize(buf_t *buf, size_t new_capacity)
151 {
152 off_t offset;
153 #ifdef CHECK_AFTER_RESIZE
154 char *tmp, *tmp2;
155 #endif
156 tor_assert(buf->datalen <= new_capacity);
157 tor_assert(new_capacity);
158
159 #ifdef CHECK_AFTER_RESIZE
160 assert_buf_ok(buf);
161 tmp = tor_malloc(buf->datalen);
162 tmp2 = tor_malloc(buf->datalen);
163 peek_from_buf(tmp, buf->datalen, buf);
164 #endif
165
166 if (buf->len == new_capacity)
167 return;
168
169 offset = buf->cur - buf->mem;
170 if (offset + buf->datalen > new_capacity) {
171 /* We need to move stuff before we shrink. */
172 if (offset + buf->datalen > buf->len) {
173 /* We have:
174 *
175 * mem[0] ... mem[datalen-(len-offset)] (end of data)
176 * mem[offset] ... mem[len-1] (the start of the data)
177 *
178 * We're shrinking the buffer by (len-new_capacity) bytes, so we need
179 * to move the start portion back by that many bytes.
180 */
181 memmove(buf->cur-(buf->len-new_capacity), buf->cur,
182 buf->len-offset);
183 offset -= (buf->len-new_capacity);
184 } else {
185 /* The data doesn't wrap around, but it does extend beyond the new
186 * buffer length:
187 * mem[offset] ... mem[offset+datalen-1] (the data)
188 */
189 memmove(buf->mem, buf->cur, buf->datalen);
190 offset = 0;
191 }
192 }
193
194 /* XXX Some play code to throw away old buffers sometimes rather
195 * than constantly reallocing them; just in case this is our memory
196 * problem. It looks for now like it isn't, so disabled. -RD */
197 if (0 && new_capacity == MIN_LAZY_SHRINK_SIZE &&
198 !buf->datalen &&
199 buf->len >= 1<<16) {
200 /* don't realloc; free and malloc */
201 char *oldmem, *newmem = GUARDED_MEM(tor_malloc(ALLOC_LEN(new_capacity)));
202 SET_GUARDS(newmem, new_capacity);
203 oldmem = RAW_MEM(buf->mem);
204 tor_free(oldmem);
205 buf->mem = buf->cur = newmem;
206 } else {
207 buf->mem = GUARDED_MEM(tor_realloc(RAW_MEM(buf->mem),
208 ALLOC_LEN(new_capacity)));
209 SET_GUARDS(buf->mem, new_capacity);
210 buf->cur = buf->mem+offset;
211 }
212 buf_total_alloc += new_capacity;
213 buf_total_alloc -= buf->len;
214
215 if (offset + buf->datalen > buf->len) {
216 /* We need to move data now that we are done growing. The buffer
217 * now contains:
218 *
219 * mem[0] ... mem[datalen-(len-offset)] (end of data)
220 * mem[offset] ... mem[len-1] (the start of the data)
221 * mem[len]...mem[new_capacity] (empty space)
222 *
223 * We're growing by (new_capacity-len) bytes, so we need to move the
224 * end portion forward by that many bytes.
225 */
226 memmove(buf->cur+(new_capacity-buf->len), buf->cur,
227 buf->len-offset);
228 buf->cur += new_capacity-buf->len;
229 }
230 buf->len = new_capacity;
231
232 #ifdef CHECK_AFTER_RESIZE
233 assert_buf_ok(buf);
234 peek_from_buf(tmp2, buf->datalen, buf);
235 if (memcmp(tmp, tmp2, buf->datalen)) {
236 tor_assert(0);
237 }
238 tor_free(tmp);
239 tor_free(tmp2);
240 #endif
241 }
242
243 /** If the buffer is not large enough to hold <b>capacity</b> bytes, resize
244 * it so that it can. (The new size will be a power of 2 times the old
245 * size.)
246 */
247 static INLINE int
248 buf_ensure_capacity(buf_t *buf, size_t capacity)
249 {
250 size_t new_len;
251 if (buf->len >= capacity) /* Don't grow if we're already big enough. */
252 return 0;
253 if (capacity > MAX_BUF_SIZE) /* Don't grow past the maximum. */
254 return -1;
255 /* Find the smallest new_len equal to (2**X)*len for some X; such that
256 * new_len is at least capacity.
257 */
258 new_len = buf->len*2;
259 while (new_len < capacity)
260 new_len *= 2;
261 /* Resize the buffer. */
262 debug(LD_MM,"Growing buffer from %d to %d bytes.",
263 (int)buf->len, (int)new_len);
264 buf_resize(buf,new_len);
265 return 0;
266 }
267
268 /** Resize buf so it won't hold extra memory that we haven't been
269 * using lately (that is, since the last time we called buf_shrink).
270 * Try to shrink the buf until it is the largest factor of two that
271 * can contain <b>buf</b>-&gt;highwater, but never smaller than
272 * MIN_LAZY_SHRINK_SIZE.
273 */
274 void
275 buf_shrink(buf_t *buf)
276 {
277 size_t new_len;
278
279 new_len = buf->len;
280 while (buf->highwater < (new_len>>2) && new_len > MIN_LAZY_SHRINK_SIZE*2)
281 new_len >>= 1;
282
283 buf->highwater = buf->datalen;
284 if (new_len == buf->len)
285 return;
286
287 debug(LD_MM,"Shrinking buffer from %d to %d bytes.",
288 (int)buf->len, (int)new_len);
289 buf_resize(buf, new_len);
290 }
291
292 /** Remove the first <b>n</b> bytes from buf. */
293 static INLINE void
294 buf_remove_from_front(buf_t *buf, size_t n)
295 {
296 tor_assert(buf->datalen >= n);
297 buf->datalen -= n;
298 buf_total_used -= n;
299 if (buf->datalen) {
300 buf->cur = _wrap_ptr(buf, buf->cur+n);
301 } else {
302 buf->cur = buf->mem;
303 }
304 check();
305 }
306
307 /** Make sure that the memory in buf ends with a zero byte. */
308 static INLINE int
309 buf_nul_terminate(buf_t *buf)
310 {
311 if (buf_ensure_capacity(buf,buf->datalen+1)<0)
312 return -1;
313 *_buf_end(buf) = '\0';
314 return 0;
315 }
316
317 /** Create and return a new buf with capacity <b>size</b>. */
318 buf_t *
319 buf_new_with_capacity(size_t size)
320 {
321 buf_t *buf;
322 buf = tor_malloc_zero(sizeof(buf_t));
323 buf->magic = BUFFER_MAGIC;
324 buf->cur = buf->mem = GUARDED_MEM(tor_malloc(ALLOC_LEN(size)));
325 SET_GUARDS(buf->mem, size);
326 buf->len = size;
327
328 buf_total_alloc += size;
329 assert_buf_ok(buf);
330 return buf;
331 }
332
333 /** Allocate and return a new buffer with default capacity. */
334 buf_t *
335 buf_new(void)
336 {
337 return buf_new_with_capacity(INITIAL_BUF_SIZE);
338 }
339
340 /** Remove all data from <b>buf</b>. */
341 void
342 buf_clear(buf_t *buf)
343 {
344 buf_total_used -= buf->datalen;
345 buf->datalen = 0;
346 buf->cur = buf->mem;
347 }
348
349 /** Return the number of bytes stored in <b>buf</b> */
350 size_t
351 buf_datalen(const buf_t *buf)
352 {
353 return buf->datalen;
354 }
355
356 /** Return the maximum bytes that can be stored in <b>buf</b> before buf
357 * needs to resize. */
358 size_t
359 buf_capacity(const buf_t *buf)
360 {
361 return buf->len;
362 }
363
364 /** For testing only: Return a pointer to the raw memory stored in
365 * <b>buf</b>. */
366 const char *
367 _buf_peek_raw_buffer(const buf_t *buf)
368 {
369 return buf->cur;
370 }
371
372 /** Release storage held by <b>buf</b>. */
373 void
374 buf_free(buf_t *buf)
375 {
376 char *oldmem;
377 assert_buf_ok(buf);
378 buf->magic = 0xDEADBEEF;
379 oldmem = RAW_MEM(buf->mem);
380 tor_free(oldmem);
381 buf_total_alloc -= buf->len;
382 buf_total_used -= buf->datalen;
383 tor_free(buf);
384 }
385
386 /** Helper for read_to_buf(): read no more than at_most bytes from
387 * socket s into buffer buf, starting at the position pos. (Does not
388 * check for overflow.) Set *reached_eof to true on EOF. Return
389 * number of bytes read on success, 0 if the read would block, -1 on
390 * failure.
391 */
392 static INLINE int
393 read_to_buf_impl(int s, size_t at_most, buf_t *buf,
394 char *pos, int *reached_eof)
395 {
396 int read_result;
397
398 // log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
399 read_result = recv(s, pos, at_most, 0);
400 if (read_result < 0) {
401 int e = tor_socket_errno(s);
402 if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */
403 return -1;
404 }
405 return 0; /* would block. */
406 } else if (read_result == 0) {
407 debug(LD_NET,"Encountered eof");
408 *reached_eof = 1;
409 return 0;
410 } else { /* we read some bytes */
411 buf->datalen += read_result;
412 buf_total_used += read_result;
413 if (buf->datalen > buf->highwater)
414 buf->highwater = buf->datalen;
415 debug(LD_NET,"Read %d bytes. %d on inbuf.",read_result,
416 (int)buf->datalen);
417 return read_result;
418 }
419 }
420
421 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
422 * <b>at_most</b> bytes, resizing the buffer as necessary. If recv()
423 * returns 0, set *<b>reached_eof</b> to 1 and return 0. Return -1 on error;
424 * else return the number of bytes read. Return 0 if recv() would
425 * block.
426 */
427 int
428 read_to_buf(int s, size_t at_most, buf_t *buf, int *reached_eof)
429 {
430 int r;
431 char *next;
432 size_t at_start;
433
434 /* assert_buf_ok(buf); */
435 tor_assert(reached_eof);
436 tor_assert(s>=0);
437
438 if (buf_ensure_capacity(buf,buf->datalen+at_most))
439 return -1;
440
441 if (at_most + buf->datalen > buf->len)
442 at_most = buf->len - buf->datalen; /* take the min of the two */
443
444 if (at_most == 0)
445 return 0; /* we shouldn't read anything */
446
447 next = _buf_end(buf);
448 _split_range(buf, next, &at_most, &at_start);
449
450 r = read_to_buf_impl(s, at_most, buf, next, reached_eof);
451 check();
452 if (r < 0 || (size_t)r < at_most) {
453 return r; /* Either error, eof, block, or no more to read. */
454 }
455
456 if (at_start) {
457 int r2;
458 tor_assert(_buf_end(buf) == buf->mem);
459 r2 = read_to_buf_impl(s, at_start, buf, buf->mem, reached_eof);
460 check();
461 if (r2 < 0) {
462 return r2;
463 } else {
464 r += r2;
465 }
466 }
467 return r;
468 }
469
470 /** Helper for read_to_buf_tls(): read no more than <b>at_most</b>
471 * bytes from the TLS connection <b>tls</b> into buffer <b>buf</b>,
472 * starting at the position <b>next</b>. (Does not check for overflow.)
473 * Return number of bytes read on success, 0 if the read would block,
474 * -1 on failure.
475 */
476 static INLINE int
477 read_to_buf_tls_impl(tor_tls_t *tls, size_t at_most, buf_t *buf, char *next)
478 {
479 int r;
480
481 debug(LD_NET,"before: %d on buf, %d pending, at_most %d.",
482 (int)buf_datalen(buf), (int)tor_tls_get_pending_bytes(tls),
483 (int)at_most);
484 r = tor_tls_read(tls, next, at_most);
485 if (r<0)
486 return r;
487 buf->datalen += r;
488 buf_total_used += r;
489 if (buf->datalen > buf->highwater)
490 buf->highwater = buf->datalen;
491 debug(LD_NET,"Read %d bytes. %d on inbuf; %d pending",r,
492 (int)buf->datalen,(int)tor_tls_get_pending_bytes(tls));
493 return r;
494 }
495
496 /** As read_to_buf, but reads from a TLS connection.
497 *
498 * Using TLS on OR connections complicates matters in two ways.
499 *
500 * First, a TLS stream has its own read buffer independent of the
501 * connection's read buffer. (TLS needs to read an entire frame from
502 * the network before it can decrypt any data. Thus, trying to read 1
503 * byte from TLS can require that several KB be read from the network
504 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
505 * Because the data hasn't been read by Tor (it's still inside the TLS),
506 * this means that sometimes a connection "has stuff to read" even when
507 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
508 * used in connection.c to detect TLS objects with non-empty internal
509 * buffers and read from them again.
510 *
511 * Second, the TLS stream's events do not correspond directly to network
512 * events: sometimes, before a TLS stream can read, the network must be
513 * ready to write -- or vice versa.
514 */
515 int
516 read_to_buf_tls(tor_tls_t *tls, size_t at_most, buf_t *buf)
517 {
518 int r;
519 char *next;
520 size_t at_start;
521
522 tor_assert(tls);
523 assert_buf_ok(buf);
524
525 debug(LD_NET,"start: %d on buf, %d pending, at_most %d.",
526 (int)buf_datalen(buf), (int)tor_tls_get_pending_bytes(tls),
527 (int)at_most);
528
529 if (buf_ensure_capacity(buf, at_most+buf->datalen))
530 return TOR_TLS_ERROR;
531
532 if (at_most + buf->datalen > buf->len)
533 at_most = buf->len - buf->datalen;
534
535 if (at_most == 0)
536 return 0;
537
538 next = _buf_end(buf);
539 _split_range(buf, next, &at_most, &at_start);
540
541 r = read_to_buf_tls_impl(tls, at_most, buf, next);
542 check();
543 if (r < 0 || (size_t)r < at_most)
544 return r; /* Either error, eof, block, or no more to read. */
545
546 if (at_start) {
547 int r2;
548 tor_assert(_buf_end(buf) == buf->mem);
549 r2 = read_to_buf_tls_impl(tls, at_start, buf, buf->mem);
550 check();
551 if (r2 < 0)
552 return r2;
553 else
554 r += r2;
555 }
556 return r;
557 }
558
559 /** Helper for flush_buf(): try to write <b>sz</b> bytes from buffer
560 * <b>buf</b> onto socket <b>s</b>. On success, deduct the bytes written
561 * from *<b>buf_flushlen</b>.
562 * Return the number of bytes written on success, -1 on failure.
563 */
564 static INLINE int
565 flush_buf_impl(int s, buf_t *buf, size_t sz, size_t *buf_flushlen)
566 {
567 int write_result;
568
569 write_result = send(s, buf->cur, sz, 0);
570 if (write_result < 0) {
571 int e = tor_socket_errno(s);
572 if (!ERRNO_IS_EAGAIN(e)) { /* it's a real error */
573 return -1;
574 }
575 debug(LD_NET,"write() would block, returning.");
576 return 0;
577 } else {
578 *buf_flushlen -= write_result;
579 buf_remove_from_front(buf, write_result);
580 return write_result;
581 }
582 }
583
584 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
585 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
586 * the number of bytes actually written, and remove the written bytes
587 * from the buffer. Return the number of bytes written on success,
588 * -1 on failure. Return 0 if write() would block.
589 */
590 int
591 flush_buf(int s, buf_t *buf, size_t sz, size_t *buf_flushlen)
592 {
593 int r;
594 size_t flushed = 0;
595 size_t flushlen0, flushlen1;
596
597 /* assert_buf_ok(buf); */
598 tor_assert(buf_flushlen);
599 tor_assert(s>=0);
600 tor_assert(*buf_flushlen <= buf->datalen);
601 tor_assert(sz <= *buf_flushlen);
602
603 if (sz == 0) /* nothing to flush */
604 return 0;
605
606 flushlen0 = sz;
607 _split_range(buf, buf->cur, &flushlen0, &flushlen1);
608
609 r = flush_buf_impl(s, buf, flushlen0, buf_flushlen);
610 check();
611
612 debug(LD_NET,"%d: flushed %d bytes, %d ready to flush, %d remain.",
613 s,r,(int)*buf_flushlen,(int)buf->datalen);
614 if (r < 0 || (size_t)r < flushlen0)
615 return r; /* Error, or can't flush any more now. */
616 flushed = r;
617
618 if (flushlen1) {
619 tor_assert(buf->cur == buf->mem);
620 r = flush_buf_impl(s, buf, flushlen1, buf_flushlen);
621 check();
622 debug(LD_NET,"%d: flushed %d bytes, %d ready to flush, %d remain.",
623 s,r,(int)*buf_flushlen,(int)buf->datalen);
624 if (r<0)
625 return r;
626 flushed += r;
627 }
628 return flushed;
629 }
630
631 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from buffer
632 * <b>buf</b> onto TLS object <b>tls</b>. On success, deduct the bytes
633 * written from *<b>buf_flushlen</b>.
634 * Return the number of bytes written on success, -1 on failure.
635 */
636 static INLINE int
637 flush_buf_tls_impl(tor_tls_t *tls, buf_t *buf, size_t sz, size_t *buf_flushlen)
638 {
639 int r;
640
641 r = tor_tls_write(tls, buf->cur, sz);
642 if (r < 0) {
643 return r;
644 }
645 *buf_flushlen -= r;
646 buf_remove_from_front(buf, r);
647 debug(LD_NET,"flushed %d bytes, %d ready to flush, %d remain.",
648 r,(int)*buf_flushlen,(int)buf->datalen);
649 return r;
650 }
651
652 /** As flush_buf(), but writes data to a TLS connection.
653 */
654 int
655 flush_buf_tls(tor_tls_t *tls, buf_t *buf, size_t sz, size_t *buf_flushlen)
656 {
657 int r;
658 size_t flushed=0;
659 size_t flushlen0, flushlen1;
660 /* assert_buf_ok(buf); */
661 tor_assert(tls);
662 tor_assert(buf_flushlen);
663 tor_assert(*buf_flushlen <= buf->datalen);
664 tor_assert(sz <= *buf_flushlen);
665
666 /* we want to let tls write even if flushlen is zero, because it might
667 * have a partial record pending */
668 check_no_tls_errors();
669
670 flushlen0 = sz;
671 _split_range(buf, buf->cur, &flushlen0, &flushlen1);
672
673 r = flush_buf_tls_impl(tls, buf, flushlen0, buf_flushlen);
674 check();
675 if (r < 0 || (size_t)r < flushlen0)
676 return r; /* Error, or can't flush any more now. */
677 flushed = r;
678
679 if (flushlen1) {
680 tor_assert(buf->cur == buf->mem);
681 r = flush_buf_tls_impl(tls, buf, flushlen1, buf_flushlen);
682 check();
683 if (r<0)
684 return r;
685 flushed += r;
686 }
687 return flushed;
688 }
689
690 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
691 * <b>buf</b>.
692 *
693 * Return the new length of the buffer on success, -1 on failure.
694 */
695 int
696 write_to_buf(const char *string, size_t string_len, buf_t *buf)
697 {
698 char *next;
699 size_t len2;
700
701 /* append string to buf (growing as needed, return -1 if "too big")
702 * return total number of bytes on the buf
703 */
704
705 tor_assert(string);
706 /* assert_buf_ok(buf); */
707
708 if (buf_ensure_capacity(buf, buf->datalen+string_len)) {
709 warn(LD_MM, "buflen too small, can't hold %d bytes.", (int)(buf->datalen+string_len));
710 return -1;
711 }
712
713 next = _buf_end(buf);
714 _split_range(buf, next, &string_len, &len2);
715
716 memcpy(next, string, string_len);
717 buf->datalen += string_len;
718 buf_total_used += string_len;
719
720 if (len2) {
721 tor_assert(_buf_end(buf) == buf->mem);
722 memcpy(buf->mem, string+string_len, len2);
723 buf->datalen += len2;
724 buf_total_used += len2;
725 }
726 if (buf->datalen > buf->highwater)
727 buf->highwater = buf->datalen;
728 debug(LD_NET,"added %d bytes to buf (now %d total).",
729 (int)string_len, (int)buf->datalen);
730 check();
731 return buf->datalen;
732 }
733
734 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
735 * onto <b>string</b>.
736 */
737 static INLINE void
738 peek_from_buf(char *string, size_t string_len, buf_t *buf)
739 {
740 size_t len2;
741
742 /* There must be string_len bytes in buf; write them onto string,
743 * then memmove buf back (that is, remove them from buf).
744 *
745 * Return the number of bytes still on the buffer. */
746
747 tor_assert(string);
748 tor_assert(string_len <= buf->datalen); /* make sure we don't ask for too much */
749 /* assert_buf_ok(buf); */
750
751 _split_range(buf, buf->cur, &string_len, &len2);
752
753 memcpy(string, buf->cur, string_len);
754 if (len2) {
755 memcpy(string+string_len,buf->mem,len2);
756 }
757 }
758
759 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store them
760 * into <b>string</b>. Return the new buffer size. <b>string_len</b> must be \<=
761 * the number of bytes on the buffer.
762 */
763 int
764 fetch_from_buf(char *string, size_t string_len, buf_t *buf)
765 {
766 /* There must be string_len bytes in buf; write them onto string,
767 * then memmove buf back (that is, remove them from buf).
768 *
769 * Return the number of bytes still on the buffer. */
770
771 check();
772 peek_from_buf(string, string_len, buf);
773 buf_remove_from_front(buf, string_len);
774 check();
775 return buf->datalen;
776 }
777
778 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
779 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
780 * If a) the headers include a Content-Length field and all bytes in
781 * the body are present, or b) there's no Content-Length field and
782 * all headers are present, then:
783 *
784 * - strdup headers into <b>*headers_out</b>, and nul-terminate it.
785 * - memdup body into <b>*body_out</b>, and nul-terminate it.
786 * - Then remove them from <b>buf</b>, and return 1.
787 *
788 * - If headers or body is NULL, discard that part of the buf.
789 * - If a headers or body doesn't fit in the arg, return -1.
790 * (We ensure that the headers or body don't exceed max len,
791 * _even if_ we're planning to discard them.)
792 * - If force_complete is true, then succeed even if not all of the
793 * content has arrived.
794 *
795 * Else, change nothing and return 0.
796 */
797 int
798 fetch_from_buf_http(buf_t *buf,
799 char **headers_out, size_t max_headerlen,
800 char **body_out, size_t *body_used, size_t max_bodylen,
801 int force_complete)
802 {
803 char *headers, *body, *p;
804 size_t headerlen, bodylen, contentlen;
805
806 /* assert_buf_ok(buf); */
807 buf_normalize(buf);
808
809 if (buf_nul_terminate(buf)<0) {
810 warn(LD_BUG,"Couldn't nul-terminate buffer");
811 return -1;
812 }
813 headers = buf->cur;
814 body = strstr(headers,"\r\n\r\n");
815 if (!body) {
816 debug(LD_HTTP,"headers not all here yet.");
817 return 0;
818 }
819 body += 4; /* Skip the the CRLFCRLF */
820 headerlen = body-headers; /* includes the CRLFCRLF */
821 bodylen = buf->datalen - headerlen;
822 debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen);
823
824 if (max_headerlen <= headerlen) {
825 warn(LD_HTTP,"headerlen %d larger than %d. Failing.", (int)headerlen,
826 (int)max_headerlen-1);
827 return -1;
828 }
829 if (max_bodylen <= bodylen) {
830 warn(LD_HTTP,"bodylen %d larger than %d. Failing.", (int)bodylen, (int)max_bodylen-1);
831 return -1;
832 }
833
834 #define CONTENT_LENGTH "\r\nContent-Length: "
835 p = strstr(headers, CONTENT_LENGTH);
836 if (p) {
837 int i;
838 i = atoi(p+strlen(CONTENT_LENGTH));
839 if (i < 0) {
840 warn(LD_PROTOCOL, "Content-Length is less than zero; it looks like someone is trying to crash us.");
841 return -1;
842 }
843 contentlen = i;
844 /* if content-length is malformed, then our body length is 0. fine. */
845 debug(LD_HTTP,"Got a contentlen of %d.",(int)contentlen);
846 if (bodylen < contentlen) {
847 if (!force_complete) {
848 debug(LD_HTTP,"body not all here yet.");
849 return 0; /* not all there yet */
850 }
851 }
852 if (bodylen > contentlen) {
853 bodylen = contentlen;
854 debug(LD_HTTP,"bodylen reduced to %d.",(int)bodylen);
855 }
856 }
857 /* all happy. copy into the appropriate places, and return 1 */
858 if (headers_out) {
859 *headers_out = tor_malloc(headerlen+1);
860 memcpy(*headers_out,buf->cur,headerlen);
861 (*headers_out)[headerlen] = 0; /* null terminate it */
862 }
863 if (body_out) {
864 tor_assert(body_used);
865 *body_used = bodylen;
866 *body_out = tor_malloc(bodylen+1);
867 memcpy(*body_out,buf->cur+headerlen,bodylen);
868 (*body_out)[bodylen] = 0; /* null terminate it */
869 }
870 buf_remove_from_front(buf, headerlen+bodylen);
871 return 1;
872 }
873
874 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
875 * of the forms
876 * - socks4: "socksheader username\\0"
877 * - socks4a: "socksheader username\\0 destaddr\\0"
878 * - socks5 phase one: "version #methods methods"
879 * - socks5 phase two: "version command 0 addresstype..."
880 * If it's a complete and valid handshake, and destaddr fits in
881 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
882 * assign to <b>req</b>, and return 1.
883 *
884 * If it's invalid or too big, return -1.
885 *
886 * Else it's not all there yet, leave buf alone and return 0.
887 *
888 * If you want to specify the socks reply, write it into <b>req->reply</b>
889 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
890 *
891 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
892 * the connection is possibly leaking DNS requests locally or not.
893 *
894 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are undefined.
895 */
896 int
897 fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype)
898 {
899 unsigned char len;
900 char tmpbuf[INET_NTOA_BUF_LEN];
901 uint32_t destip;
902 enum {socks4, socks4a} socks4_prot = socks4a;
903 char *next, *startaddr;
904 struct in_addr in;
905
906 /* If the user connects with socks4 or the wrong variant of socks5,
907 * then log a warning to let him know that it might be unwise. */
908 static int have_warned_about_unsafe_socks = 0;
909
910 if (buf->datalen < 2) /* version and another byte */
911 return 0;
912 buf_normalize(buf);
913
914 switch (*(buf->cur)) { /* which version of socks? */
915
916 case 5: /* socks5 */
917
918 if (req->socks_version != 5) { /* we need to negotiate a method */
919 unsigned char nummethods = (unsigned char)*(buf->cur+1);
920 tor_assert(!req->socks_version);
921 if (buf->datalen < 2u+nummethods)
922 return 0;
923 if (!nummethods || !memchr(buf->cur+2, 0, nummethods)) {
924 warn(LD_APP,"socks5: offered methods don't include 'no auth'. Rejecting.");
925 req->replylen = 2; /* 2 bytes of response */
926 req->reply[0] = 5;
927 req->reply[1] = '\xFF'; /* reject all methods */
928 return -1;
929 }
930 buf_remove_from_front(buf,2+nummethods); /* remove packet from buf */
931
932 req->replylen = 2; /* 2 bytes of response */
933 req->reply[0] = 5; /* socks5 reply */
934 req->reply[1] = SOCKS5_SUCCEEDED;
935 req->socks_version = 5; /* remember that we've already negotiated auth */
936 debug(LD_APP,"socks5: accepted method 0");
937 return 0;
938 }
939 /* we know the method; read in the request */
940 debug(LD_APP,"socks5: checking request");
941 if (buf->datalen < 8) /* basic info plus >=2 for addr plus 2 for port */
942 return 0; /* not yet */
943 req->command = (unsigned char) *(buf->cur+1);
944 if (req->command != SOCKS_COMMAND_CONNECT &&
945 req->command != SOCKS_COMMAND_RESOLVE) {
946 /* not a connect or resolve? we don't support it. */
947 warn(LD_APP,"socks5: command %d not recognized. Rejecting.",
948 req->command);
949 return -1;
950 }
951 switch (*(buf->cur+3)) { /* address type */
952 case 1: /* IPv4 address */
953 debug(LD_APP,"socks5: ipv4 address type");
954 if (buf->datalen < 10) /* ip/port there? */
955 return 0; /* not yet */
956
957 destip = ntohl(*(uint32_t*)(buf->cur+4));
958 in.s_addr = htonl(destip);
959 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
960 if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
961 warn(LD_APP,"socks5 IP takes %d bytes, which doesn't fit in %d. Rejecting.",
962 (int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN);
963 return -1;
964 }
965 strlcpy(req->address,tmpbuf,sizeof(req->address));
966 req->port = ntohs(*(uint16_t*)(buf->cur+8));
967 buf_remove_from_front(buf, 10);
968 if (!address_is_in_virtual_range(req->address) &&
969 !have_warned_about_unsafe_socks) {
970 warn(LD_APP,"Your application (using socks5 on port %d) is giving "
971 "Tor only an IP address. Applications that do DNS resolves "
972 "themselves may leak information. Consider using Socks4A "
973 "(e.g. via privoxy or socat) instead. For more information, "
974 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
975 "TorFAQ#SOCKSAndDNS", req->port);
976 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
977 }
978 return 1;
979 case 3: /* fqdn */
980 debug(LD_APP,"socks5: fqdn address type");
981 len = (unsigned char)*(buf->cur+4);
982 if (buf->datalen < 7u+len) /* addr/port there? */
983 return 0; /* not yet */
984 if (len+1 > MAX_SOCKS_ADDR_LEN) {
985 warn(LD_APP,"socks5 hostname is %d bytes, which doesn't fit in %d. Rejecting.",
986 len+1,MAX_SOCKS_ADDR_LEN);
987 return -1;
988 }
989 memcpy(req->address,buf->cur+5,len);
990 req->address[len] = 0;
991 req->port = ntohs(get_uint16(buf->cur+5+len));
992 buf_remove_from_front(buf, 5+len+2);
993 if (log_sockstype)
994 notice(LD_APP, "Your application (using socks5 on port %d) gave "
995 "Tor a hostname, which means Tor will do the DNS resolve "
996 "for you. This is good.", req->port);
997 return 1;
998 default: /* unsupported */
999 warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",*(buf->cur+3));
1000 return -1;
1001 }
1002 tor_assert(0);
1003 case 4: /* socks4 */
1004 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1005 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1006
1007 req->socks_version = 4;
1008 if (buf->datalen < SOCKS4_NETWORK_LEN) /* basic info available? */
1009 return 0; /* not yet */
1010
1011 req->command = (unsigned char) *(buf->cur+1);
1012 if (req->command != SOCKS_COMMAND_CONNECT &&
1013 req->command != SOCKS_COMMAND_RESOLVE) {
1014 /* not a connect or resolve? we don't support it. */
1015 warn(LD_APP,"socks4: command %d not recognized. Rejecting.",
1016 req->command);
1017 return -1;
1018 }
1019
1020 req->port = ntohs(*(uint16_t*)(buf->cur+2));
1021 destip = ntohl(*(uint32_t*)(buf->mem+4));
1022 if ((!req->port && req->command!=SOCKS_COMMAND_RESOLVE) || !destip) {
1023 warn(LD_APP,"socks4: Port or DestIP is zero. Rejecting.");
1024 return -1;
1025 }
1026 if (destip >> 8) {
1027 debug(LD_APP,"socks4: destip not in form 0.0.0.x.");
1028 in.s_addr = htonl(destip);
1029 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
1030 if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
1031 debug(LD_APP,"socks4 addr (%d bytes) too long. Rejecting.",
1032 (int)strlen(tmpbuf));
1033 return -1;
1034 }
1035 debug(LD_APP,"socks4: successfully read destip (%s)", safe_str(tmpbuf));
1036 socks4_prot = socks4;
1037 }
1038
1039 next = memchr(buf->cur+SOCKS4_NETWORK_LEN, 0,
1040 buf->datalen-SOCKS4_NETWORK_LEN);
1041 if (!next) {
1042 debug(LD_APP,"socks4: Username not here yet.");
1043 return 0;
1044 }
1045 tor_assert(next < buf->cur+buf->datalen);
1046
1047 startaddr = NULL;
1048 if (socks4_prot != socks4a &&
1049 !address_is_in_virtual_range(tmpbuf) &&
1050 !have_warned_about_unsafe_socks) {
1051 warn(LD_APP,"Your application (using socks4 on port %d) is giving Tor "
1052 "only an IP address. Applications that do DNS resolves "
1053 "themselves may leak information. Consider using Socks4A (e.g. "
1054 "via privoxy or socat) instead.", req->port);
1055 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
1056 }
1057 if (socks4_prot == socks4a) {
1058 if (next+1 == buf->cur+buf->datalen) {
1059 debug(LD_APP,"socks4: No part of destaddr here yet.");
1060 return 0;
1061 }
1062 startaddr = next+1;
1063 next = memchr(startaddr, 0, buf->cur+buf->datalen-startaddr);
1064 if (!next) {
1065 debug(LD_APP,"socks4: Destaddr not all here yet.");
1066 return 0;
1067 }
1068 if (MAX_SOCKS_ADDR_LEN <= next-startaddr) {
1069 warn(LD_APP,"socks4: Destaddr too long. Rejecting.");
1070 return -1;
1071 }
1072 tor_assert(next < buf->cur+buf->datalen);
1073 if (log_sockstype)
1074 notice(LD_APP, "Your application (using socks4a on port %d) gave "
1075 "Tor a hostname, which means Tor will do the DNS resolve "
1076 "for you. This is good.", req->port);
1077 }
1078 debug(LD_APP,"socks4: Everything is here. Success.");
1079 strlcpy(req->address, startaddr ? startaddr : tmpbuf,
1080 sizeof(req->address));
1081 buf_remove_from_front(buf, next-buf->cur+1); /* next points to the final \0 on inbuf */
1082 return 1;
1083
1084 case 'G': /* get */
1085 case 'H': /* head */
1086 case 'P': /* put/post */
1087 case 'C': /* connect */
1088 strlcpy(req->reply,
1089 "HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
1090 "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
1091 "<html>\n"
1092 "<head>\n"
1093 "<title>Tor is not an HTTP Proxy</title>\n"
1094 "</head>\n"
1095 "<body>\n"
1096 "<h1>Tor is not an HTTP Proxy</h1>\n"
1097 "<p>\n"
1098 "It appears you have configured your web browser to use Tor as an HTTP Proxy.\n"
1099 "This is not correct: Tor provides a SOCKS proxy. Please configure your\n"
1100 "client accordingly.\n"
1101 "</p>\n"
1102 "<p>\n"
1103 "See <a href=\"http://tor.eff.org/documentation.html\">http://tor.eff.org/documentation.html</a> for more information.\n"
1104 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1105 " IE will be willing to display it. Comment comment comment comment "
1106 " comment comment comment comment comment comment comment comment.-->\n"
1107 "</p>\n"
1108 "</body>\n"
1109 "</html>\n"
1110 , MAX_SOCKS_REPLY_LEN);
1111 req->replylen = strlen(req->reply)+1;
1112 /* fall through */
1113 default: /* version is not socks4 or socks5 */
1114 warn(LD_APP,"Socks version %d not recognized. (Tor is not an http proxy.)",
1115 *(buf->cur));
1116 return -1;
1117 }
1118 }
1119
1120 #define CONTROL_CMD_FRAGMENTHEADER 0x0010
1121 #define CONTROL_CMD_FRAGMENT 0x0011
1122 /** If there is a complete version 0 control message waiting on buf, then store
1123 * its contents into *<b>type_out</b>, store its body's length into
1124 * *<b>len_out</b>, allocate and store a string for its body into
1125 * *<b>body_out</b>, and return 1. (body_out will always be NUL-terminated,
1126 * even if the control message body doesn't end with NUL.)
1127 *
1128 * If there is not a complete control message waiting, return 0.
1129 *
1130 * Return -1 on error; return -2 on "seems to be control protocol v1."
1131 */
1132 int
1133 fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out,
1134 char **body_out, int check_for_v1)
1135 {
1136 uint32_t msglen;
1137 uint16_t type;
1138 char tmp[4];
1139
1140 tor_assert(buf);
1141 tor_assert(len_out);
1142 tor_assert(type_out);
1143 tor_assert(body_out);
1144
1145 *len_out = 0;
1146 *body_out = NULL;
1147
1148 if (buf->datalen < 4)
1149 return 0;
1150
1151 peek_from_buf(tmp, 4, buf);
1152
1153 msglen = ntohs(get_uint16(tmp));
1154 type = ntohs(get_uint16(tmp+2));
1155 if (type > 255 && check_for_v1)
1156 return -2;
1157
1158 if (buf->datalen < 4 + (unsigned)msglen)
1159 return 0;
1160
1161 *len_out = msglen;
1162 *type_out = type;
1163 buf_remove_from_front(buf, 4);
1164 if (msglen) {
1165 *body_out = tor_malloc(msglen+1);
1166 fetch_from_buf(*body_out, msglen, buf);
1167 (*body_out)[msglen] = '\0';
1168 }
1169 return 1;
1170 }
1171
1172 /** Helper: return a pointer to the first instance of <b>c</b> in the
1173 * <b>len</b>characters after <b>start</b> on <b>buf</b>. Return NULL if the
1174 * character isn't found. */
1175 static char *
1176 find_char_on_buf(buf_t *buf, char *start, size_t len, char c)
1177 {
1178 size_t len_rest;
1179 char *cp;
1180 _split_range(buf, start, &len, &len_rest);
1181 cp = memchr(buf->cur, c, len);
1182 if (cp || !len_rest)
1183 return cp;
1184 return memchr(buf->mem, c, len_rest);
1185 }
1186
1187 /** Helper: return a pointer to the first CRLF after cp on <b>buf</b>. Return
1188 * NULL if no CRLF is found. */
1189 static char *
1190 find_crlf_on_buf(buf_t *buf, char *cp)
1191 {
1192 char *next;
1193 while (1) {
1194 size_t remaining = buf->datalen - _buf_offset(buf,cp);
1195 cp = find_char_on_buf(buf, cp, remaining, '\r');
1196 if (!cp)
1197 return NULL;
1198 next = _wrap_ptr(buf, cp+1);
1199 if (next == _buf_end(buf))
1200 return NULL;
1201 if (*next == '\n')
1202 return cp;
1203 cp = next;
1204 }
1205 }
1206
1207 /** Try to read a single CRLF-terminated line from <b>buf</b>, and write it,
1208 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1209 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1210 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1211 * have a whole line yet, and return -1 if we we need to grow the buffer.
1212 */
1213 int
1214 fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len)
1215 {
1216 char *eol;
1217 size_t sz;
1218 /* Look for a CRLF. */
1219 if (!(eol = find_crlf_on_buf(buf, buf->cur))) {
1220 return 0;
1221 }
1222 sz = _buf_offset(buf, eol);
1223 if (sz+3 > *data_len) {
1224 *data_len = sz+3;
1225 return -1;
1226 }
1227 fetch_from_buf(data_out, sz+2, buf);
1228 data_out[sz+2] = '\0';
1229 *data_len = sz+2;
1230 return 1;
1231 }
1232
1233 /** Log an error and exit if <b>buf</b> is corrupted.
1234 */
1235 void
1236 assert_buf_ok(buf_t *buf)
1237 {
1238 tor_assert(buf);
1239 tor_assert(buf->magic == BUFFER_MAGIC);
1240 tor_assert(buf->mem);
1241 tor_assert(buf->highwater <= buf->len);
1242 tor_assert(buf->datalen <= buf->highwater);
1243 #ifdef SENTINELS
1244 {
1245 uint32_t u32 = get_uint32(buf->mem - 4);
1246 tor_assert(u32 == START_MAGIC);
1247 u32 = get_uint32(buf->mem + buf->len);
1248 tor_assert(u32 == END_MAGIC);
1249 }
1250 #endif
1251 }
1252
The Onion Router