search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
more friendly warning when a connection buffer overflows
[tor.git] / src / or / buffers.c
blob2ca05a0fce72d23bac27ad7c5d8713862272f3b7
1 /* Copyright 2001,2002,2003 Roger Dingledine, Matej Pfajfar. */
2 /* See LICENSE for licensing information */
3 /* $Id$ */
4
5 /* buffers.c */
6
7 #include "or.h"
8
9 struct buf_t {
10 char *mem;
11 size_t len;
12 size_t datalen;
13 };
14
15 /* Size, in bytes, for newly allocated buffers. Should be a power of 2. */
16 #define INITIAL_BUF_SIZE (4*1024)
17 /* Maximum size, in bytes, for resized buffers. */
18 #define MAX_BUF_SIZE (1024*1024)
19 /* Size, in bytes, for minimum 'shrink' size for buffers. Buffers may start
20 * out smaller than this, but they will never autoshrink to less
21 * than this size. */
22 #define MIN_BUF_SHRINK_SIZE (16*1024)
23 #define BUF_OK(b) ((b) && (b)->mem && (b)->datalen <= (b)->len)
24
25 /* Change a buffer's capacity. Must only be called when */
26 static INLINE void buf_resize(buf_t *buf, size_t new_capacity)
27 {
28 assert(buf->datalen <= new_capacity);
29 assert(new_capacity);
30 buf->mem = tor_realloc(buf->mem, new_capacity);
31 buf->len = new_capacity;
32 }
33
34 /* If the buffer is not large enough to hold "capacity" bytes, resize
35 * it so that it can. (The new size will be a power of 2 times the old
36 * size.)
37 */
38 static INLINE int buf_ensure_capacity(buf_t *buf, size_t capacity)
39 {
40 size_t new_len;
41 if (buf->len >= capacity) /* Don't grow if we're already big enough. */
42 return 0;
43 if (capacity > MAX_BUF_SIZE) /* Don't grow past the maximum. */
44 return -1;
45 /* Find the smallest new_len equal to (2**X)*len for some X; such that
46 * new_len is at least capacity.
47 */
48 new_len = buf->len*2;
49 while (new_len < capacity)
50 new_len *= 2;
51 /* Resize the buffer. */
52 log_fn(LOG_DEBUG,"Growing buffer from %d to %d bytes.",
53 (int)buf->len, (int)new_len);
54 buf_resize(buf,new_len);
55 return 0;
56 }
57
58 /* If the buffer is at least 2*MIN_BUF_SHRINK_SIZE bytes in capacity,
59 * and if the buffer is less than 1/4 full, shrink the buffer until
60 * one of the above no longer holds. (We shrink the buffer by
61 * dividing by powers of 2.)
62 */
63 static INLINE void buf_shrink_if_underfull(buf_t *buf) {
64 size_t new_len;
65 /* If the buffer is at least .25 full, or if shrinking the buffer would
66 * put it onder MIN_BUF_SHRINK_SIZE, don't do it. */
67 if (buf->datalen >= buf->len/4 || buf->len < 2*MIN_BUF_SHRINK_SIZE)
68 return;
69 /* Shrink new_len by powers of 2 until: datalen is at least 1/4 of
70 * new_len, OR shrinking new_len more would put it under
71 * MIN_BUF_SHRINK_SIZE.
72 */
73 new_len = buf->len / 2;
74 while (buf->datalen < new_len/4 && new_len/2 > MIN_BUF_SHRINK_SIZE)
75 new_len /= 2;
76 log_fn(LOG_DEBUG,"Shrinking buffer from %d to %d bytes.",
77 (int)buf->len, (int)new_len);
78 buf_resize(buf, new_len);
79 }
80
81 /* Remove the first 'n' bytes from buf.
82 */
83 static INLINE void buf_remove_from_front(buf_t *buf, size_t n) {
84 assert(buf->datalen >= n);
85 buf->datalen -= n;
86 memmove(buf->mem, buf->mem+n, buf->datalen);
87 buf_shrink_if_underfull(buf);
88 }
89
90 /* Find the first instance of str on buf. If none exists, return -1.
91 * Otherwise, return index of the first character in buf _after_ the
92 * first instance of str.
93 */
94 static int find_str_in_str(const char *str, int str_len,
95 const char *buf, int buf_len)
96 {
97 const char *location;
98 const char *last_possible = buf + buf_len - str_len;
99
100 assert(str && str_len > 0 && buf);
101
102 if(buf_len < str_len)
103 return -1;
104
105 for(location = buf; location <= last_possible; location++)
106 if((*location == *str) && !memcmp(location+1, str+1, str_len-1))
107 return location-buf+str_len;
108
109 return -1;
110 }
111
112 int find_on_inbuf(char *string, int string_len, buf_t *buf) {
113 return find_str_in_str(string, string_len, buf->mem, buf->datalen);
114 }
115
116 /* Create and return a new buf of size 'size'
117 */
118 buf_t *buf_new_with_capacity(size_t size) {
119 buf_t *buf;
120 buf = (buf_t*)tor_malloc(sizeof(buf_t));
121 buf->mem = (char *)tor_malloc(size);
122 buf->len = size;
123 buf->datalen = 0;
124 // memset(buf->mem,0,size);
125
126 assert(BUF_OK(buf));
127 return buf;
128 }
129
130 buf_t *buf_new()
131 {
132 return buf_new_with_capacity(INITIAL_BUF_SIZE);
133 }
134
135
136 size_t buf_datalen(const buf_t *buf)
137 {
138 return buf->datalen;
139 }
140
141 size_t buf_capacity(const buf_t *buf)
142 {
143 return buf->len;
144 }
145
146 const char *_buf_peek_raw_buffer(const buf_t *buf)
147 {
148 return buf->mem;
149 }
150
151 void buf_free(buf_t *buf) {
152 assert(buf && buf->mem);
153 free(buf->mem);
154 free(buf);
155 }
156
157 /* read from socket s, writing onto end of buf.
158 * read at most 'at_most' bytes, and in any case don't read more than will fit based on buflen.
159 * If read() returns 0, set *reached_eof to 1 and return 0. If you want to tear
160 * down the connection return -1, else return the number of bytes read.
161 */
162 int read_to_buf(int s, int at_most, buf_t *buf, int *reached_eof) {
163
164 int read_result;
165 #ifdef MS_WINDOWS
166 int e;
167 #endif
168
169 assert(BUF_OK(buf) && reached_eof && (s>=0));
170
171 if (buf_ensure_capacity(buf,buf->datalen+at_most))
172 return -1;
173
174 if(at_most > buf->len - buf->datalen)
175 at_most = buf->len - buf->datalen; /* take the min of the two */
176
177 if(at_most == 0)
178 return 0; /* we shouldn't read anything */
179
180 // log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
181 read_result = read(s, buf->mem+buf->datalen, at_most);
182 if (read_result < 0) {
183 if(!ERRNO_EAGAIN(errno)) { /* it's a real error */
184 return -1;
185 }
186 #ifdef MS_WINDOWS
187 e = correct_socket_errno(s);
188 if(!ERRNO_EAGAIN(e)) { /* no, it *is* a real error! */
189 return -1;
190 }
191 #endif
192 return 0;
193 } else if (read_result == 0) {
194 log_fn(LOG_DEBUG,"Encountered eof");
195 *reached_eof = 1;
196 return 0;
197 } else { /* we read some bytes */
198 buf->datalen += read_result;
199 log_fn(LOG_DEBUG,"Read %d bytes. %d on inbuf.",read_result,
200 (int)buf->datalen);
201 return read_result;
202 }
203 }
204
205 int read_to_buf_tls(tor_tls *tls, int at_most, buf_t *buf) {
206 int r;
207 assert(tls && BUF_OK(buf));
208
209 if (buf_ensure_capacity(buf, at_most+buf->datalen))
210 return -1;
211
212 if (at_most > buf->len - buf->datalen)
213 at_most = buf->len - buf->datalen;
214
215 if (at_most == 0)
216 return 0;
217
218 r = tor_tls_read(tls, buf->mem+buf->datalen, at_most);
219 if (r<0)
220 return r;
221 buf->datalen += r;
222 log_fn(LOG_DEBUG,"Read %d bytes. %d on inbuf.",r, (int)buf->datalen);
223 return r;
224 }
225
226 int flush_buf(int s, buf_t *buf, int *buf_flushlen)
227 {
228
229 /* push from buf onto s
230 * then memmove to front of buf
231 * return -1 or how many bytes remain to be flushed */
232
233 int write_result;
234 #ifdef MS_WINDOWS
235 int e;
236 #endif
237
238 assert(BUF_OK(buf) && buf_flushlen && (s>=0) && (*buf_flushlen <= buf->datalen));
239
240 if(*buf_flushlen == 0) /* nothing to flush */
241 return 0;
242
243 write_result = write(s, buf->mem, *buf_flushlen);
244 if (write_result < 0) {
245 if(!ERRNO_EAGAIN(errno)) { /* it's a real error */
246 return -1;
247 }
248 #ifdef MS_WINDOWS
249 e = correct_socket_errno(s);
250 if(!ERRNO_EAGAIN(e)) { /* no, it *is* a real error! */
251 return -1;
252 }
253 #endif
254 log_fn(LOG_DEBUG,"write() would block, returning.");
255 return 0;
256 } else {
257 *buf_flushlen -= write_result;
258 buf_remove_from_front(buf, write_result);
259 log_fn(LOG_DEBUG,"%d: flushed %d bytes, %d ready to flush, %d remain.",
260 s,write_result,*buf_flushlen,(int)buf->datalen);
261
262 return *buf_flushlen;
263 /* XXX USE_TLS should change to return write_result like any sane function would */
264 }
265 }
266
267 int flush_buf_tls(tor_tls *tls, buf_t *buf, int *buf_flushlen)
268 {
269 int r;
270 assert(tls && BUF_OK(buf) && buf_flushlen);
271
272 /* we want to let tls write even if flushlen is zero, because it might
273 * have a partial record pending */
274 r = tor_tls_write(tls, buf->mem, *buf_flushlen);
275 if (r < 0) {
276 return r;
277 }
278 *buf_flushlen -= r;
279 buf_remove_from_front(buf, r);
280 log_fn(LOG_DEBUG,"flushed %d bytes, %d ready to flush, %d remain.",
281 r,*buf_flushlen,(int)buf->datalen);
282 return r;
283 }
284
285 int write_to_buf(const char *string, int string_len, buf_t *buf) {
286
287 /* append string to buf (growing as needed, return -1 if "too big")
288 * return total number of bytes on the buf
289 */
290
291 assert(string && BUF_OK(buf));
292
293 if (buf_ensure_capacity(buf, buf->datalen+string_len))
294 log_fn(LOG_WARN, "buflen too small, can't hold %d bytes.",buf->datalen+string_len);
295 return -1;
296
297 memcpy(buf->mem+buf->datalen, string, string_len);
298 buf->datalen += string_len;
299 log_fn(LOG_DEBUG,"added %d bytes to buf (now %d total).",string_len, (int)buf->datalen);
300 return buf->datalen;
301 }
302
303 int fetch_from_buf(char *string, int string_len, buf_t *buf) {
304
305 /* There must be string_len bytes in buf; write them onto string,
306 * then memmove buf back (that is, remove them from buf).
307 *
308 * Return the number of bytes still on the buffer. */
309
310 assert(string && BUF_OK(buf));
311 assert(string_len <= buf->datalen); /* make sure we don't ask for too much */
312
313 memcpy(string,buf->mem,string_len);
314 buf_remove_from_front(buf, string_len);
315 return buf->datalen;
316 }
317
318 /* There is a (possibly incomplete) http statement on *buf, of the
319 * form "%s\r\n\r\n%s", headers, body.
320 * If a) the headers include a Content-Length field and all bytes in
321 * the body are present, or b) there's no Content-Length field and
322 * all headers are present, then:
323 * copy headers and body into the supplied args (and null terminate
324 * them), remove them from buf, and return 1.
325 * (If headers or body is NULL, discard that part of the buf.)
326 * If a headers or body doesn't fit in the arg, return -1.
327 *
328 * Else, change nothing and return 0.
329 */
330 int fetch_from_buf_http(buf_t *buf,
331 char *headers_out, int max_headerlen,
332 char *body_out, int max_bodylen) {
333 char *headers, *body;
334 int i;
335 int headerlen, bodylen, contentlen;
336
337 assert(BUF_OK(buf));
338
339 headers = buf->mem;
340 i = find_on_inbuf("\r\n\r\n", 4, buf);
341 if(i < 0) {
342 log_fn(LOG_DEBUG,"headers not all here yet.");
343 return 0;
344 }
345 body = buf->mem+i;
346 headerlen = body-headers; /* includes the CRLFCRLF */
347 bodylen = buf->datalen - headerlen;
348 log_fn(LOG_DEBUG,"headerlen %d, bodylen %d.",headerlen,bodylen);
349
350 if(headers_out && max_headerlen <= headerlen) {
351 log_fn(LOG_WARN,"headerlen %d larger than %d. Failing.", headerlen, max_headerlen-1);
352 return -1;
353 }
354 if(body_out && max_bodylen <= bodylen) {
355 log_fn(LOG_WARN,"bodylen %d larger than %d. Failing.", bodylen, max_bodylen-1);
356 return -1;
357 }
358
359 #define CONTENT_LENGTH "\r\nContent-Length: "
360 i = find_str_in_str(CONTENT_LENGTH, strlen(CONTENT_LENGTH),
361 headers, headerlen);
362 if(i > 0) {
363 contentlen = atoi(headers+i);
364 /* XXX What if content-length is malformed? */
365 log_fn(LOG_DEBUG,"Got a contentlen of %d.",contentlen);
366 if(bodylen < contentlen) {
367 log_fn(LOG_DEBUG,"body not all here yet.");
368 return 0; /* not all there yet */
369 }
370 bodylen = contentlen;
371 log_fn(LOG_DEBUG,"bodylen reduced to %d.",bodylen);
372 }
373 /* all happy. copy into the appropriate places, and return 1 */
374 if(headers_out) {
375 memcpy(headers_out,buf->mem,headerlen);
376 headers_out[headerlen] = 0; /* null terminate it */
377 }
378 if(body_out) {
379 memcpy(body_out,buf->mem+headerlen,bodylen);
380 body_out[bodylen] = 0; /* null terminate it */
381 }
382 buf_remove_from_front(buf, headerlen+bodylen);
383 return 1;
384 }
385
386 /* There is a (possibly incomplete) socks handshake on buf, of one
387 * of the forms
388 * socks4: "socksheader username\0"
389 * socks4a: "socksheader username\0 destaddr\0"
390 * socks5 phase one: "version #methods methods"
391 * socks5 phase two: "version command 0 addresstype..."
392 * If it's a complete and valid handshake, and destaddr fits in
393 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
394 * assign to *req, and return 1.
395 * If it's invalid or too big, return -1.
396 * Else it's not all there yet, leave buf alone and return 0.
397 * If you want to specify the socks reply, write it into *reply
398 * and set *replylen, else leave *replylen alone.
399 * If returning 0 or -1, *addr_out and *port_out are undefined.
400 */
401 int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
402 unsigned char len;
403 char *tmpbuf=NULL;
404 uint32_t destip;
405 enum {socks4, socks4a} socks4_prot = socks4a;
406 char *next, *startaddr;
407 struct in_addr in;
408
409 if(buf->datalen < 2) /* version and another byte */
410 return 0;
411 switch(*(buf->mem)) { /* which version of socks? */
412
413 case 5: /* socks5 */
414
415 if(req->socks_version != 5) { /* we need to negotiate a method */
416 unsigned char nummethods = (unsigned char)*(buf->mem+1);
417 assert(!req->socks_version);
418 log_fn(LOG_DEBUG,"socks5: learning offered methods");
419 if(buf->datalen < 2+nummethods)
420 return 0;
421 if(!nummethods || !memchr(buf->mem+2, 0, nummethods)) {
422 log_fn(LOG_WARN,"socks5: offered methods don't include 'no auth'. Rejecting.");
423 req->replylen = 2; /* 2 bytes of response */
424 req->reply[0] = 5; /* socks5 reply */
425 req->reply[1] = 0xFF; /* reject all methods */
426 return -1;
427 }
428 buf_remove_from_front(buf,2+nummethods);/* remove packet from buf */
429
430 req->replylen = 2; /* 2 bytes of response */
431 req->reply[0] = 5; /* socks5 reply */
432 req->reply[1] = 0; /* choose the 'no auth' method */
433 req->socks_version = 5; /* remember that we've already negotiated auth */
434 log_fn(LOG_DEBUG,"socks5: accepted method 0");
435 return 0;
436 }
437 /* we know the method; read in the request */
438 log_fn(LOG_DEBUG,"socks5: checking request");
439 if(buf->datalen < 8) /* basic info plus >=2 for addr plus 2 for port */
440 return 0; /* not yet */
441 if(*(buf->mem+1) != 1) { /* not a connect? we don't support it. */
442 log_fn(LOG_WARN,"socks5: command %d not '1'.",*(buf->mem+1));
443 return -1;
444 }
445 switch(*(buf->mem+3)) { /* address type */
446 case 1: /* IPv4 address */
447 log_fn(LOG_DEBUG,"socks5: ipv4 address type");
448 if(buf->datalen < 10) /* ip/port there? */
449 return 0; /* not yet */
450 destip = ntohl(*(uint32_t*)(buf->mem+4));
451 in.s_addr = htonl(destip);
452 tmpbuf = inet_ntoa(in);
453 if(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
454 log_fn(LOG_WARN,"socks5 IP takes %d bytes, which doesn't fit in %d",
455 strlen(tmpbuf)+1,MAX_SOCKS_ADDR_LEN);
456 return -1;
457 }
458 strcpy(req->address,tmpbuf);
459 req->port = ntohs(*(uint16_t*)(buf->mem+8));
460 buf_remove_from_front(buf, 10);
461 return 1;
462 case 3: /* fqdn */
463 log_fn(LOG_DEBUG,"socks5: fqdn address type");
464 len = (unsigned char)*(buf->mem+4);
465 if(buf->datalen < 7+len) /* addr/port there? */
466 return 0; /* not yet */
467 if(len+1 > MAX_SOCKS_ADDR_LEN) {
468 log_fn(LOG_WARN,"socks5 hostname is %d bytes, which doesn't fit in %d",
469 len+1,MAX_SOCKS_ADDR_LEN);
470 return -1;
471 }
472 memcpy(req->address,buf->mem+5,len);
473 req->address[len] = 0;
474 req->port = ntohs(*(uint16_t*)(buf->mem+5+len));
475 buf_remove_from_front(buf, 5+len+2);
476 return 1;
477 default: /* unsupported */
478 log_fn(LOG_WARN,"socks5: unsupported address type %d",*(buf->mem+3));
479 return -1;
480 }
481 assert(0);
482 case 4: /* socks4 */
483
484 req->socks_version = 4;
485 if(buf->datalen < SOCKS4_NETWORK_LEN) /* basic info available? */
486 return 0; /* not yet */
487
488 if(*(buf->mem+1) != 1) { /* not a connect? we don't support it. */
489 log_fn(LOG_WARN,"socks4: command %d not '1'.",*(buf->mem+1));
490 return -1;
491 }
492
493 req->port = ntohs(*(uint16_t*)(buf->mem+2));
494 destip = ntohl(*(uint32_t*)(buf->mem+4));
495 if(!req->port || !destip) {
496 log_fn(LOG_WARN,"socks4: Port or DestIP is zero.");
497 return -1;
498 }
499 if(destip >> 8) {
500 log_fn(LOG_DEBUG,"socks4: destip not in form 0.0.0.x.");
501 in.s_addr = htonl(destip);
502 tmpbuf = inet_ntoa(in);
503 if(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
504 log_fn(LOG_WARN,"socks4 addr (%d bytes) too long.", strlen(tmpbuf));
505 return -1;
506 }
507 log_fn(LOG_DEBUG,"socks4: successfully read destip (%s)", tmpbuf);
508 socks4_prot = socks4;
509 }
510
511 next = memchr(buf->mem+SOCKS4_NETWORK_LEN, 0, buf->datalen);
512 if(!next) {
513 log_fn(LOG_DEBUG,"Username not here yet.");
514 return 0;
515 }
516
517 startaddr = next+1;
518 if(socks4_prot == socks4a) {
519 next = memchr(startaddr, 0, buf->mem+buf->datalen-startaddr);
520 if(!next) {
521 log_fn(LOG_DEBUG,"Destaddr not here yet.");
522 return 0;
523 }
524 if(MAX_SOCKS_ADDR_LEN <= next-startaddr) {
525 log_fn(LOG_WARN,"Destaddr too long.");
526 return -1;
527 }
528 }
529 log_fn(LOG_DEBUG,"Everything is here. Success.");
530 strcpy(req->address, socks4_prot == socks4 ? tmpbuf : startaddr);
531 buf_remove_from_front(buf, next-buf->mem+1); /* next points to the final \0 on inbuf */
532 return 1;
533
534 default: /* version is not socks4 or socks5 */
535 log_fn(LOG_WARN,"Socks version %d not recognized. (Tor is not an httpd proxy.)",*(buf->mem));
536 return -1;
537 }
538 }
539
540 /*
541 Local Variables:
542 mode:c
543 indent-tabs-mode:nil
544 c-basic-offset:2
545 End:
546 */
The Onion Router