| blob | 69dc0ad7c92317dc3c007007df1f60949469e8a2 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
9 /**
10 * \file buffers.c
11 * \brief Implements a generic buffer interface. Buffers are
12 * fairly opaque string holders that can read to or flush from:
13 * memory, file descriptors, or TLS connections.
14 **/
18 #define SENTINELS
19 #undef CHECK_AFTER_RESIZE
20 #undef PARANOIA
21 #undef NOINLINE
23 #ifdef SENTINELS
24 /* If SENTINELS is defined, check for attempts to write beyond the
25 * end/before the start of the buffer.
26 */
27 #define START_MAGIC 0x70370370u
28 #define END_MAGIC 0xA0B0C0D0u
29 #define RAW_MEM(m) ((void*)(((char*)m)-4))
30 #define GUARDED_MEM(m) ((void*)(((char*)m)+4))
31 #define ALLOC_LEN(ln) ((ln)+8)
32 #define SET_GUARDS(m, ln) \
33 do { set_uint32((m)-4,START_MAGIC); set_uint32((m)+ln,END_MAGIC); } while (0)
34 #else
35 #define RAW_MEM(m) (m)
36 #define GUARDED_MEM(m) (m)
37 #define ALLOC_LEN(ln) (ln)
38 #define SET_GUARDS(m,ln) do {} while (0)
39 #endif
41 #ifdef PARANOIA
42 #define check() do { assert_buf_ok(buf); } while (0)
43 #else
44 #define check() do { } while (0)
45 #endif
47 #ifdef NOINLINE
48 #undef INLINE
49 #define INLINE
50 #endif
52 #define BUFFER_MAGIC 0xB0FFF312u
53 /** A resizeable buffer, optimized for reading and writing. */
56 * BUFFER_MAGIC */
62 };
67 /** Size, in bytes, for newly allocated buffers. Should be a power of 2. */
68 #define INITIAL_BUF_SIZE (4*1024)
69 /** Size, in bytes, for minimum 'shrink' size for buffers. Buffers may start
70 * out smaller than this, but they will never autoshrink to less
71 * than this size. */
72 #define MIN_LAZY_SHRINK_SIZE (4*1024)
76 /** If the contents of buf wrap around the end of the allocated space,
77 * malloc a new buf and copy the contents in starting at the
78 * beginning. This operation is relatively expensive, so it shouldn't
79 * be used e.g. for every single read or write.
80 */
81 static void
83 {
99 }
100 }
102 /** Return the point in the buffer where the next byte will get stored. */
105 {
109 }
111 /** If the pointer <b>cp</b> has passed beyond the end of the buffer, wrap it
112 * around. */
115 {
117 }
119 /** Return the offset of <b>cp</b> within the buffer. */
122 {
125 else
126 /* return (cp - buf->mem) + buf->mem+buf->len - buf->cur */
128 }
130 /** If the range of *<b>len</b> bytes starting at <b>at</b> wraps around the
131 * end of the buffer, then set *<b>len</b> to the number of bytes starting
132 * at <b>at</b>, and set *<b>more_len</b> to the number of bytes starting
133 * at <b>buf->mem</b>. Otherwise, set *<b>more_len</b> to 0.
134 */
138 {
146 }
147 }
149 /** Change a buffer's capacity. <b>new_capacity</b> must be \>=
150 * buf->datalen. */
151 static void
153 {
154 off_t offset;
155 #ifdef CHECK_AFTER_RESIZE
157 #endif
161 #ifdef CHECK_AFTER_RESIZE
166 #endif
173 /* We need to move stuff before we shrink. */
175 /* We have:
176 *
177 * mem[0] ... mem[datalen-(len-offset)] (end of data)
178 * mem[offset] ... mem[len-1] (the start of the data)
179 *
180 * We're shrinking the buffer by (len-new_capacity) bytes, so we need
181 * to move the start portion back by that many bytes.
182 */
187 /* The data doesn't wrap around, but it does extend beyond the new
188 * buffer length:
189 * mem[offset] ... mem[offset+datalen-1] (the data)
190 */
193 }
194 }
196 /* XXX Some play code to throw away old buffers sometimes rather
197 * than constantly reallocing them; just in case this is our memory
198 * problem. It looks for now like it isn't, so disabled. -RD */
202 /* don't realloc; free and malloc */
213 }
218 /* We need to move data now that we are done growing. The buffer
219 * now contains:
220 *
221 * mem[0] ... mem[datalen-(len-offset)] (end of data)
222 * mem[offset] ... mem[len-1] (the start of the data)
223 * mem[len]...mem[new_capacity] (empty space)
224 *
225 * We're growing by (new_capacity-len) bytes, so we need to move the
226 * end portion forward by that many bytes.
227 */
231 }
234 #ifdef CHECK_AFTER_RESIZE
239 }
242 #endif
243 }
245 /** If the buffer is not large enough to hold <b>capacity</b> bytes, resize
246 * it so that it can. (The new size will be a power of 2 times the old
247 * size.)
248 */
251 {
257 /* Find the smallest new_len equal to (2**X)*len for some X; such that
258 * new_len is at least capacity.
259 */
263 /* Resize the buffer. */
268 }
270 /** Resize buf so it won't hold extra memory that we haven't been
271 * using lately (that is, since the last time we called buf_shrink).
272 * Try to shrink the buf until it is the largest factor of two that
273 * can contain <b>buf</b>->highwater, but never smaller than
274 * MIN_LAZY_SHRINK_SIZE.
275 */
276 void
278 {
292 }
294 /** Remove the first <b>n</b> bytes from buf. */
297 {
305 }
307 }
309 /** Make sure that the memory in buf ends with a zero byte. */
312 {
317 }
319 /** Create and return a new buf with capacity <b>size</b>. */
320 buf_t *
322 {
333 }
335 /** Allocate and return a new buffer with default capacity. */
336 buf_t *
338 {
340 }
342 /** Remove all data from <b>buf</b>. */
343 void
345 {
349 }
351 /** Return the number of bytes stored in <b>buf</b> */
352 size_t
354 {
356 }
358 /** Return the maximum bytes that can be stored in <b>buf</b> before buf
359 * needs to resize. */
360 size_t
362 {
364 }
366 /** For testing only: Return a pointer to the raw memory stored in
367 * <b>buf</b>. */
370 {
372 }
374 /** Release storage held by <b>buf</b>. */
375 void
377 {
386 }
388 /** Helper for read_to_buf(): read no more than at_most bytes from
389 * socket s into buffer buf, starting at the position pos. (Does not
390 * check for overflow.) Set *reached_eof to true on EOF. Return
391 * number of bytes read on success, 0 if the read would block, -1 on
392 * failure.
393 */
397 {
400 // log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
406 }
420 }
421 }
423 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
424 * <b>at_most</b> bytes, resizing the buffer as necessary. If recv()
425 * returns 0, set *<b>reached_eof</b> to 1 and return 0. Return -1 on error;
426 * else return the number of bytes read. Return 0 if recv() would
427 * block.
428 */
429 int
431 {
436 /* assert_buf_ok(buf); */
456 }
467 }
468 }
470 }
472 /** Helper for read_to_buf_tls(): read no more than <b>at_most</b>
473 * bytes from the TLS connection <b>tls</b> into buffer <b>buf</b>,
474 * starting at the position <b>next</b>. (Does not check for overflow.)
475 * Return number of bytes read on success, 0 if the read would block,
476 * -1 on failure.
477 */
480 {
496 }
498 /** As read_to_buf, but reads from a TLS connection.
499 *
500 * Using TLS on OR connections complicates matters in two ways.
501 *
502 * First, a TLS stream has its own read buffer independent of the
503 * connection's read buffer. (TLS needs to read an entire frame from
504 * the network before it can decrypt any data. Thus, trying to read 1
505 * byte from TLS can require that several KB be read from the network
506 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
507 * Because the data hasn't been read by Tor (it's still inside the TLS),
508 * this means that sometimes a connection "has stuff to read" even when
509 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
510 * used in connection.c to detect TLS objects with non-empty internal
511 * buffers and read from them again.
512 *
513 * Second, the TLS stream's events do not correspond directly to network
514 * events: sometimes, before a TLS stream can read, the network must be
515 * ready to write -- or vice versa.
516 */
517 int
519 {
555 else
557 }
559 }
561 /** Helper for flush_buf(): try to write <b>sz</b> bytes from buffer
562 * <b>buf</b> onto socket <b>s</b>. On success, deduct the bytes written
563 * from *<b>buf_flushlen</b>.
564 * Return the number of bytes written on success, -1 on failure.
565 */
568 {
576 }
583 }
584 }
586 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
587 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
588 * the number of bytes actually written, and remove the written bytes
589 * from the buffer. Return the number of bytes written on success,
590 * -1 on failure. Return 0 if write() would block.
591 */
592 int
594 {
599 /* assert_buf_ok(buf); */
629 }
631 }
633 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from buffer
634 * <b>buf</b> onto TLS object <b>tls</b>. On success, deduct the bytes
635 * written from *<b>buf_flushlen</b>.
636 * Return the number of bytes written on success, -1 on failure.
637 */
640 {
646 }
652 }
654 /** As flush_buf(), but writes data to a TLS connection.
655 */
656 int
658 {
662 /* assert_buf_ok(buf); */
668 /* we want to let tls write even if flushlen is zero, because it might
669 * have a partial record pending */
688 }
690 }
692 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
693 * <b>buf</b>.
694 *
695 * Return the new length of the buffer on success, -1 on failure.
696 */
697 int
699 {
703 /* append string to buf (growing as needed, return -1 if "too big")
704 * return total number of bytes on the buf
705 */
708 /* assert_buf_ok(buf); */
714 }
728 }
735 }
737 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
738 * onto <b>string</b>.
739 */
742 {
745 /* There must be string_len bytes in buf; write them onto string,
746 * then memmove buf back (that is, remove them from buf).
747 *
748 * Return the number of bytes still on the buffer. */
751 /* make sure we don't ask for too much */
753 /* assert_buf_ok(buf); */
760 }
761 }
763 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
764 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
765 * must be \<= the number of bytes on the buffer.
766 */
767 int
769 {
770 /* There must be string_len bytes in buf; write them onto string,
771 * then memmove buf back (that is, remove them from buf).
772 *
773 * Return the number of bytes still on the buffer. */
780 }
782 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
783 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
784 * If a) the headers include a Content-Length field and all bytes in
785 * the body are present, or b) there's no Content-Length field and
786 * all headers are present, then:
787 *
788 * - strdup headers into <b>*headers_out</b>, and nul-terminate it.
789 * - memdup body into <b>*body_out</b>, and nul-terminate it.
790 * - Then remove them from <b>buf</b>, and return 1.
791 *
792 * - If headers or body is NULL, discard that part of the buf.
793 * - If a headers or body doesn't fit in the arg, return -1.
794 * (We ensure that the headers or body don't exceed max len,
795 * _even if_ we're planning to discard them.)
796 * - If force_complete is true, then succeed even if not all of the
797 * content has arrived.
798 *
799 * Else, change nothing and return 0.
800 */
801 int
806 {
810 /* assert_buf_ok(buf); */
816 }
822 }
832 }
837 }
848 }
850 /* if content-length is malformed, then our body length is 0. fine. */
856 }
857 }
861 }
862 }
863 /* all happy. copy into the appropriate places, and return 1 */
868 }
875 }
878 }
880 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
881 * of the forms
882 * - socks4: "socksheader username\\0"
883 * - socks4a: "socksheader username\\0 destaddr\\0"
884 * - socks5 phase one: "version #methods methods"
885 * - socks5 phase two: "version command 0 addresstype..."
886 * If it's a complete and valid handshake, and destaddr fits in
887 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
888 * assign to <b>req</b>, and return 1.
889 *
890 * If it's invalid or too big, return -1.
891 *
892 * Else it's not all there yet, leave buf alone and return 0.
893 *
894 * If you want to specify the socks reply, write it into <b>req->reply</b>
895 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
896 *
897 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
898 * the connection is possibly leaking DNS requests locally or not.
899 *
900 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
901 * undefined.
902 */
903 int
905 {
913 /* If the user connects with socks4 or the wrong variant of socks5,
914 * then log a warning to let him know that it might be unwise. */
932 "socks5: offered methods don't include 'no auth'. "
938 }
947 }
948 /* we know the method; read in the request */
955 /* not a connect or resolve? we don't support it. */
959 }
971 "socks5 IP takes %d bytes, which doesn't fit in %d. "
975 }
982 "Your application (using socks5 on port %d) is giving "
983 "Tor only an IP address. Applications that do DNS resolves "
984 "themselves may leak information. Consider using Socks4A "
985 "(e.g. via privoxy or socat) instead. For more information, "
986 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
988 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
989 }
998 "socks5 hostname is %d bytes, which doesn't fit in "
1001 }
1008 "Your application (using socks5 on port %d) gave Tor "
1012 }
1016 "Your application (using socks5 on port %d) gave "
1017 "Tor a hostname, which means Tor will do the DNS resolve "
1024 }
1027 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1028 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1037 /* not a connect or resolve? we don't support it. */
1041 }
1048 }
1057 }
1061 }
1068 }
1076 "Your application (using socks4 on port %d) is giving Tor "
1077 "only an IP address. Applications that do DNS resolves "
1078 "themselves may leak information. Consider using Socks4A "
1080 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
1081 }
1086 }
1092 }
1096 }
1101 "Your application (using socks4a on port %d) gave "
1102 "Tor a hostname, which means Tor will do the DNS resolve "
1104 }
1110 "Your application (using socks4 on port %d) gave Tor "
1114 }
1115 /* next points to the final \0 on inbuf */
1133 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1141 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1142 " IE will be willing to display it. Comment comment comment comment "
1149 /* fall through */
1155 }
1156 }
1158 /** If there is a complete version 0 control message waiting on buf, then store
1159 * its contents into *<b>type_out</b>, store its body's length into
1160 * *<b>len_out</b>, allocate and store a string for its body into
1161 * *<b>body_out</b>, and return 1. (body_out will always be NUL-terminated,
1162 * even if the control message body doesn't end with NUL.)
1163 *
1164 * If there is not a complete control message waiting, return 0.
1165 *
1166 * Return -1 on error; return -2 on "seems to be control protocol v1."
1167 */
1168 int
1171 {
1204 }
1206 }
1208 /** Helper: return a pointer to the first instance of <b>c</b> in the
1209 * <b>len</b>characters after <b>start</b> on <b>buf</b>. Return NULL if the
1210 * character isn't found. */
1213 {
1221 }
1223 /** Helper: return a pointer to the first CRLF after cp on <b>buf</b>. Return
1224 * NULL if no CRLF is found. */
1227 {
1240 }
1241 }
1243 /** Try to read a single CRLF-terminated line from <b>buf</b>, and write it,
1244 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1245 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1246 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1247 * have a whole line yet, and return -1 if we we need to grow the buffer.
1248 */
1249 int
1251 {
1254 /* Look for a CRLF. */
1257 }
1262 }
1267 }
1269 /** Log an error and exit if <b>buf</b> is corrupted.
1270 */
1271 void
1273 {
1279 #ifdef SENTINELS
1280 {
1285 }
1286 #endif
1287 }