1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char buffers_c_id
[] =
11 * \brief Implements a generic buffer interface. Buffers are
12 * fairly opaque string holders that can read to or flush from:
13 * memory, file descriptors, or TLS connections.
19 #undef CHECK_AFTER_RESIZE
24 /* If SENTINELS is defined, check for attempts to write beyond the
25 * end/before the start of the buffer.
27 #define START_MAGIC 0x70370370u
28 #define END_MAGIC 0xA0B0C0D0u
29 #define RAW_MEM(m) ((void*)(((char*)m)-4))
30 #define GUARDED_MEM(m) ((void*)(((char*)m)+4))
31 #define ALLOC_LEN(ln) ((ln)+8)
32 #define SET_GUARDS(m, ln) \
33 do { set_uint32((m)-4,START_MAGIC); set_uint32((m)+ln,END_MAGIC); } while (0)
35 #define RAW_MEM(m) (m)
36 #define GUARDED_MEM(m) (m)
37 #define ALLOC_LEN(ln) (ln)
38 #define SET_GUARDS(m,ln) do {} while (0)
42 #define check() do { assert_buf_ok(buf); } while (0)
44 #define check() do { } while (0)
52 #define BUFFER_MAGIC 0xB0FFF312u
53 /** A resizeable buffer, optimized for reading and writing. */
55 uint32_t magic
; /**< Magic cookie for debugging: Must be set to
57 char *mem
; /**< Storage for data in the buffer */
58 char *cur
; /**< The first byte used for storing data in the buffer. */
59 size_t highwater
; /**< Largest observed datalen since last buf_shrink */
60 size_t len
; /**< Maximum amount of data that <b>mem</b> can hold. */
61 size_t datalen
; /**< Number of bytes currently in <b>mem</b>. */
64 uint64_t buf_total_used
= 0;
65 uint64_t buf_total_alloc
= 0;
67 /** Size, in bytes, for newly allocated buffers. Should be a power of 2. */
68 #define INITIAL_BUF_SIZE (4*1024)
69 /** Size, in bytes, for minimum 'shrink' size for buffers. Buffers may start
70 * out smaller than this, but they will never autoshrink to less
72 #define MIN_LAZY_SHRINK_SIZE (4*1024)
74 static INLINE
void peek_from_buf(char *string
, size_t string_len
, buf_t
*buf
);
76 /** If the contents of buf wrap around the end of the allocated space,
77 * malloc a new buf and copy the contents in starting at the
78 * beginning. This operation is relatively expensive, so it shouldn't
79 * be used e.g. for every single read or write.
82 buf_normalize(buf_t
*buf
)
85 if (buf
->cur
+ buf
->datalen
<= buf
->mem
+buf
->len
) {
88 char *newmem
, *oldmem
;
89 size_t sz
= (buf
->mem
+buf
->len
)-buf
->cur
;
90 log_warn(LD_BUG
, "Unexpected non-normalized buffer.");
91 newmem
= GUARDED_MEM(tor_malloc(ALLOC_LEN(buf
->len
)));
92 SET_GUARDS(newmem
, buf
->len
);
93 memcpy(newmem
, buf
->cur
, sz
);
94 memcpy(newmem
+sz
, buf
->mem
, buf
->datalen
-sz
);
95 oldmem
= RAW_MEM(buf
->mem
);
96 tor_free(oldmem
); /* Can't use tor_free directly. */
97 buf
->mem
= buf
->cur
= newmem
;
102 /** Return the point in the buffer where the next byte will get stored. */
106 char *next
= buf
->cur
+ buf
->datalen
;
107 char *end
= buf
->mem
+ buf
->len
;
108 return (next
< end
) ? next
: (next
- buf
->len
);
111 /** If the pointer <b>cp</b> has passed beyond the end of the buffer, wrap it
114 _wrap_ptr(buf_t
*buf
, char *cp
)
116 return (cp
>= buf
->mem
+ buf
->len
) ? (cp
- buf
->len
) : cp
;
119 /** Return the offset of <b>cp</b> within the buffer. */
121 _buf_offset(buf_t
*buf
, char *cp
)
124 return cp
- buf
->cur
;
126 /* return (cp - buf->mem) + buf->mem+buf->len - buf->cur */
127 return cp
+ buf
->len
- buf
->cur
;
130 /** If the range of *<b>len</b> bytes starting at <b>at</b> wraps around the
131 * end of the buffer, then set *<b>len</b> to the number of bytes starting
132 * at <b>at</b>, and set *<b>more_len</b> to the number of bytes starting
133 * at <b>buf->mem</b>. Otherwise, set *<b>more_len</b> to 0.
136 _split_range(buf_t
*buf
, char *at
, size_t *len
,
139 char *eos
= at
+ *len
;
141 if (eos
>= (buf
->mem
+ buf
->len
)) {
142 *more_len
= eos
- (buf
->mem
+ buf
->len
);
149 /** Change a buffer's capacity. <b>new_capacity</b> must be \>=
152 buf_resize(buf_t
*buf
, size_t new_capacity
)
155 #ifdef CHECK_AFTER_RESIZE
158 tor_assert(buf
->datalen
<= new_capacity
);
159 tor_assert(new_capacity
);
161 #ifdef CHECK_AFTER_RESIZE
163 tmp
= tor_malloc(buf
->datalen
);
164 tmp2
= tor_malloc(buf
->datalen
);
165 peek_from_buf(tmp
, buf
->datalen
, buf
);
168 if (buf
->len
== new_capacity
)
171 offset
= buf
->cur
- buf
->mem
;
172 if (offset
+ buf
->datalen
> new_capacity
) {
173 /* We need to move stuff before we shrink. */
174 if (offset
+ buf
->datalen
> buf
->len
) {
177 * mem[0] ... mem[datalen-(len-offset)] (end of data)
178 * mem[offset] ... mem[len-1] (the start of the data)
180 * We're shrinking the buffer by (len-new_capacity) bytes, so we need
181 * to move the start portion back by that many bytes.
183 memmove(buf
->cur
-(buf
->len
-new_capacity
), buf
->cur
,
185 offset
-= (buf
->len
-new_capacity
);
187 /* The data doesn't wrap around, but it does extend beyond the new
189 * mem[offset] ... mem[offset+datalen-1] (the data)
191 memmove(buf
->mem
, buf
->cur
, buf
->datalen
);
196 /* XXX Some play code to throw away old buffers sometimes rather
197 * than constantly reallocing them; just in case this is our memory
198 * problem. It looks for now like it isn't, so disabled. -RD */
199 if (0 && new_capacity
== MIN_LAZY_SHRINK_SIZE
&&
202 /* don't realloc; free and malloc */
203 char *oldmem
, *newmem
= GUARDED_MEM(tor_malloc(ALLOC_LEN(new_capacity
)));
204 SET_GUARDS(newmem
, new_capacity
);
205 oldmem
= RAW_MEM(buf
->mem
);
207 buf
->mem
= buf
->cur
= newmem
;
209 buf
->mem
= GUARDED_MEM(tor_realloc(RAW_MEM(buf
->mem
),
210 ALLOC_LEN(new_capacity
)));
211 SET_GUARDS(buf
->mem
, new_capacity
);
212 buf
->cur
= buf
->mem
+offset
;
214 buf_total_alloc
+= new_capacity
;
215 buf_total_alloc
-= buf
->len
;
217 if (offset
+ buf
->datalen
> buf
->len
) {
218 /* We need to move data now that we are done growing. The buffer
221 * mem[0] ... mem[datalen-(len-offset)] (end of data)
222 * mem[offset] ... mem[len-1] (the start of the data)
223 * mem[len]...mem[new_capacity] (empty space)
225 * We're growing by (new_capacity-len) bytes, so we need to move the
226 * end portion forward by that many bytes.
228 memmove(buf
->cur
+(new_capacity
-buf
->len
), buf
->cur
,
230 buf
->cur
+= new_capacity
-buf
->len
;
232 buf
->len
= new_capacity
;
234 #ifdef CHECK_AFTER_RESIZE
236 peek_from_buf(tmp2
, buf
->datalen
, buf
);
237 if (memcmp(tmp
, tmp2
, buf
->datalen
)) {
245 /** If the buffer is not large enough to hold <b>capacity</b> bytes, resize
246 * it so that it can. (The new size will be a power of 2 times the old
250 buf_ensure_capacity(buf_t
*buf
, size_t capacity
)
253 if (buf
->len
>= capacity
) /* Don't grow if we're already big enough. */
255 if (capacity
> MAX_BUF_SIZE
) /* Don't grow past the maximum. */
257 /* Find the smallest new_len equal to (2**X)*len for some X; such that
258 * new_len is at least capacity.
260 new_len
= buf
->len
*2;
261 while (new_len
< capacity
)
263 /* Resize the buffer. */
264 log_debug(LD_MM
,"Growing buffer from %d to %d bytes.",
265 (int)buf
->len
, (int)new_len
);
266 buf_resize(buf
,new_len
);
270 /** Resize buf so it won't hold extra memory that we haven't been
271 * using lately (that is, since the last time we called buf_shrink).
272 * Try to shrink the buf until it is the largest factor of two that
273 * can contain <b>buf</b>->highwater, but never smaller than
274 * MIN_LAZY_SHRINK_SIZE.
277 buf_shrink(buf_t
*buf
)
282 while (buf
->highwater
< (new_len
>>2) && new_len
> MIN_LAZY_SHRINK_SIZE
*2)
285 buf
->highwater
= buf
->datalen
;
286 if (new_len
== buf
->len
)
289 log_debug(LD_MM
,"Shrinking buffer from %d to %d bytes.",
290 (int)buf
->len
, (int)new_len
);
291 buf_resize(buf
, new_len
);
294 /** Remove the first <b>n</b> bytes from buf. */
296 buf_remove_from_front(buf_t
*buf
, size_t n
)
298 tor_assert(buf
->datalen
>= n
);
302 buf
->cur
= _wrap_ptr(buf
, buf
->cur
+n
);
309 /** Make sure that the memory in buf ends with a zero byte. */
311 buf_nul_terminate(buf_t
*buf
)
313 if (buf_ensure_capacity(buf
,buf
->datalen
+1)<0)
315 *_buf_end(buf
) = '\0';
319 /** Create and return a new buf with capacity <b>size</b>. */
321 buf_new_with_capacity(size_t size
)
324 buf
= tor_malloc_zero(sizeof(buf_t
));
325 buf
->magic
= BUFFER_MAGIC
;
326 buf
->cur
= buf
->mem
= GUARDED_MEM(tor_malloc(ALLOC_LEN(size
)));
327 SET_GUARDS(buf
->mem
, size
);
330 buf_total_alloc
+= size
;
335 /** Allocate and return a new buffer with default capacity. */
339 return buf_new_with_capacity(INITIAL_BUF_SIZE
);
342 /** Remove all data from <b>buf</b>. */
344 buf_clear(buf_t
*buf
)
346 buf_total_used
-= buf
->datalen
;
351 /** Return the number of bytes stored in <b>buf</b> */
353 buf_datalen(const buf_t
*buf
)
358 /** Return the maximum bytes that can be stored in <b>buf</b> before buf
359 * needs to resize. */
361 buf_capacity(const buf_t
*buf
)
366 /** For testing only: Return a pointer to the raw memory stored in
369 _buf_peek_raw_buffer(const buf_t
*buf
)
374 /** Release storage held by <b>buf</b>. */
380 buf
->magic
= 0xDEADBEEF;
381 oldmem
= RAW_MEM(buf
->mem
);
383 buf_total_alloc
-= buf
->len
;
384 buf_total_used
-= buf
->datalen
;
388 /** Helper for read_to_buf(): read no more than at_most bytes from
389 * socket s into buffer buf, starting at the position pos. (Does not
390 * check for overflow.) Set *reached_eof to true on EOF. Return
391 * number of bytes read on success, 0 if the read would block, -1 on
395 read_to_buf_impl(int s
, size_t at_most
, buf_t
*buf
,
396 char *pos
, int *reached_eof
)
400 // log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
401 read_result
= recv(s
, pos
, at_most
, 0);
402 if (read_result
< 0) {
403 int e
= tor_socket_errno(s
);
404 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
407 return 0; /* would block. */
408 } else if (read_result
== 0) {
409 log_debug(LD_NET
,"Encountered eof");
412 } else { /* we read some bytes */
413 buf
->datalen
+= read_result
;
414 buf_total_used
+= read_result
;
415 if (buf
->datalen
> buf
->highwater
)
416 buf
->highwater
= buf
->datalen
;
417 log_debug(LD_NET
,"Read %d bytes. %d on inbuf.",read_result
,
423 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
424 * <b>at_most</b> bytes, resizing the buffer as necessary. If recv()
425 * returns 0, set *<b>reached_eof</b> to 1 and return 0. Return -1 on error;
426 * else return the number of bytes read. Return 0 if recv() would
430 read_to_buf(int s
, size_t at_most
, buf_t
*buf
, int *reached_eof
)
436 /* assert_buf_ok(buf); */
437 tor_assert(reached_eof
);
440 if (buf_ensure_capacity(buf
,buf
->datalen
+at_most
))
443 if (at_most
+ buf
->datalen
> buf
->len
)
444 at_most
= buf
->len
- buf
->datalen
; /* take the min of the two */
447 return 0; /* we shouldn't read anything */
449 next
= _buf_end(buf
);
450 _split_range(buf
, next
, &at_most
, &at_start
);
452 r
= read_to_buf_impl(s
, at_most
, buf
, next
, reached_eof
);
454 if (r
< 0 || (size_t)r
< at_most
) {
455 return r
; /* Either error, eof, block, or no more to read. */
460 tor_assert(_buf_end(buf
) == buf
->mem
);
461 r2
= read_to_buf_impl(s
, at_start
, buf
, buf
->mem
, reached_eof
);
472 /** Helper for read_to_buf_tls(): read no more than <b>at_most</b>
473 * bytes from the TLS connection <b>tls</b> into buffer <b>buf</b>,
474 * starting at the position <b>next</b>. (Does not check for overflow.)
475 * Return number of bytes read on success, 0 if the read would block,
479 read_to_buf_tls_impl(tor_tls_t
*tls
, size_t at_most
, buf_t
*buf
, char *next
)
483 log_debug(LD_NET
,"before: %d on buf, %d pending, at_most %d.",
484 (int)buf_datalen(buf
), (int)tor_tls_get_pending_bytes(tls
),
486 r
= tor_tls_read(tls
, next
, at_most
);
491 if (buf
->datalen
> buf
->highwater
)
492 buf
->highwater
= buf
->datalen
;
493 log_debug(LD_NET
,"Read %d bytes. %d on inbuf; %d pending",r
,
494 (int)buf
->datalen
,(int)tor_tls_get_pending_bytes(tls
));
498 /** As read_to_buf, but reads from a TLS connection.
500 * Using TLS on OR connections complicates matters in two ways.
502 * First, a TLS stream has its own read buffer independent of the
503 * connection's read buffer. (TLS needs to read an entire frame from
504 * the network before it can decrypt any data. Thus, trying to read 1
505 * byte from TLS can require that several KB be read from the network
506 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
507 * Because the data hasn't been read by Tor (it's still inside the TLS),
508 * this means that sometimes a connection "has stuff to read" even when
509 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
510 * used in connection.c to detect TLS objects with non-empty internal
511 * buffers and read from them again.
513 * Second, the TLS stream's events do not correspond directly to network
514 * events: sometimes, before a TLS stream can read, the network must be
515 * ready to write -- or vice versa.
518 read_to_buf_tls(tor_tls_t
*tls
, size_t at_most
, buf_t
*buf
)
527 log_debug(LD_NET
,"start: %d on buf, %d pending, at_most %d.",
528 (int)buf_datalen(buf
), (int)tor_tls_get_pending_bytes(tls
),
531 if (buf_ensure_capacity(buf
, at_most
+buf
->datalen
))
532 return TOR_TLS_ERROR
;
534 if (at_most
+ buf
->datalen
> buf
->len
)
535 at_most
= buf
->len
- buf
->datalen
;
540 next
= _buf_end(buf
);
541 _split_range(buf
, next
, &at_most
, &at_start
);
543 r
= read_to_buf_tls_impl(tls
, at_most
, buf
, next
);
545 if (r
< 0 || (size_t)r
< at_most
)
546 return r
; /* Either error, eof, block, or no more to read. */
550 tor_assert(_buf_end(buf
) == buf
->mem
);
551 r2
= read_to_buf_tls_impl(tls
, at_start
, buf
, buf
->mem
);
561 /** Helper for flush_buf(): try to write <b>sz</b> bytes from buffer
562 * <b>buf</b> onto socket <b>s</b>. On success, deduct the bytes written
563 * from *<b>buf_flushlen</b>.
564 * Return the number of bytes written on success, -1 on failure.
567 flush_buf_impl(int s
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
571 write_result
= send(s
, buf
->cur
, sz
, 0);
572 if (write_result
< 0) {
573 int e
= tor_socket_errno(s
);
574 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
577 log_debug(LD_NET
,"write() would block, returning.");
580 *buf_flushlen
-= write_result
;
581 buf_remove_from_front(buf
, write_result
);
586 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
587 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
588 * the number of bytes actually written, and remove the written bytes
589 * from the buffer. Return the number of bytes written on success,
590 * -1 on failure. Return 0 if write() would block.
593 flush_buf(int s
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
597 size_t flushlen0
, flushlen1
;
599 /* assert_buf_ok(buf); */
600 tor_assert(buf_flushlen
);
602 tor_assert(*buf_flushlen
<= buf
->datalen
);
603 tor_assert(sz
<= *buf_flushlen
);
605 if (sz
== 0) /* nothing to flush */
609 _split_range(buf
, buf
->cur
, &flushlen0
, &flushlen1
);
611 r
= flush_buf_impl(s
, buf
, flushlen0
, buf_flushlen
);
614 log_debug(LD_NET
,"%d: flushed %d bytes, %d ready to flush, %d remain.",
615 s
,r
,(int)*buf_flushlen
,(int)buf
->datalen
);
616 if (r
< 0 || (size_t)r
< flushlen0
)
617 return r
; /* Error, or can't flush any more now. */
621 tor_assert(buf
->cur
== buf
->mem
);
622 r
= flush_buf_impl(s
, buf
, flushlen1
, buf_flushlen
);
624 log_debug(LD_NET
,"%d: flushed %d bytes, %d ready to flush, %d remain.",
625 s
,r
,(int)*buf_flushlen
,(int)buf
->datalen
);
633 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from buffer
634 * <b>buf</b> onto TLS object <b>tls</b>. On success, deduct the bytes
635 * written from *<b>buf_flushlen</b>.
636 * Return the number of bytes written on success, -1 on failure.
639 flush_buf_tls_impl(tor_tls_t
*tls
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
643 r
= tor_tls_write(tls
, buf
->cur
, sz
);
648 buf_remove_from_front(buf
, r
);
649 log_debug(LD_NET
,"flushed %d bytes, %d ready to flush, %d remain.",
650 r
,(int)*buf_flushlen
,(int)buf
->datalen
);
654 /** As flush_buf(), but writes data to a TLS connection.
657 flush_buf_tls(tor_tls_t
*tls
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
661 size_t flushlen0
, flushlen1
;
662 /* assert_buf_ok(buf); */
664 tor_assert(buf_flushlen
);
665 tor_assert(*buf_flushlen
<= buf
->datalen
);
666 tor_assert(sz
<= *buf_flushlen
);
668 /* we want to let tls write even if flushlen is zero, because it might
669 * have a partial record pending */
670 check_no_tls_errors();
673 _split_range(buf
, buf
->cur
, &flushlen0
, &flushlen1
);
675 r
= flush_buf_tls_impl(tls
, buf
, flushlen0
, buf_flushlen
);
677 if (r
< 0 || (size_t)r
< flushlen0
)
678 return r
; /* Error, or can't flush any more now. */
682 tor_assert(buf
->cur
== buf
->mem
);
683 r
= flush_buf_tls_impl(tls
, buf
, flushlen1
, buf_flushlen
);
692 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
695 * Return the new length of the buffer on success, -1 on failure.
698 write_to_buf(const char *string
, size_t string_len
, buf_t
*buf
)
703 /* append string to buf (growing as needed, return -1 if "too big")
704 * return total number of bytes on the buf
708 /* assert_buf_ok(buf); */
710 if (buf_ensure_capacity(buf
, buf
->datalen
+string_len
)) {
711 log_warn(LD_MM
, "buflen too small, can't hold %d bytes.",
712 (int)(buf
->datalen
+string_len
));
716 next
= _buf_end(buf
);
717 _split_range(buf
, next
, &string_len
, &len2
);
719 memcpy(next
, string
, string_len
);
720 buf
->datalen
+= string_len
;
721 buf_total_used
+= string_len
;
724 tor_assert(_buf_end(buf
) == buf
->mem
);
725 memcpy(buf
->mem
, string
+string_len
, len2
);
726 buf
->datalen
+= len2
;
727 buf_total_used
+= len2
;
729 if (buf
->datalen
> buf
->highwater
)
730 buf
->highwater
= buf
->datalen
;
731 log_debug(LD_NET
,"added %d bytes to buf (now %d total).",
732 (int)string_len
, (int)buf
->datalen
);
737 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
738 * onto <b>string</b>.
741 peek_from_buf(char *string
, size_t string_len
, buf_t
*buf
)
745 /* There must be string_len bytes in buf; write them onto string,
746 * then memmove buf back (that is, remove them from buf).
748 * Return the number of bytes still on the buffer. */
751 /* make sure we don't ask for too much */
752 tor_assert(string_len
<= buf
->datalen
);
753 /* assert_buf_ok(buf); */
755 _split_range(buf
, buf
->cur
, &string_len
, &len2
);
757 memcpy(string
, buf
->cur
, string_len
);
759 memcpy(string
+string_len
,buf
->mem
,len2
);
763 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
764 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
765 * must be \<= the number of bytes on the buffer.
768 fetch_from_buf(char *string
, size_t string_len
, buf_t
*buf
)
770 /* There must be string_len bytes in buf; write them onto string,
771 * then memmove buf back (that is, remove them from buf).
773 * Return the number of bytes still on the buffer. */
776 peek_from_buf(string
, string_len
, buf
);
777 buf_remove_from_front(buf
, string_len
);
782 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
783 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
784 * If a) the headers include a Content-Length field and all bytes in
785 * the body are present, or b) there's no Content-Length field and
786 * all headers are present, then:
788 * - strdup headers into <b>*headers_out</b>, and nul-terminate it.
789 * - memdup body into <b>*body_out</b>, and nul-terminate it.
790 * - Then remove them from <b>buf</b>, and return 1.
792 * - If headers or body is NULL, discard that part of the buf.
793 * - If a headers or body doesn't fit in the arg, return -1.
794 * (We ensure that the headers or body don't exceed max len,
795 * _even if_ we're planning to discard them.)
796 * - If force_complete is true, then succeed even if not all of the
797 * content has arrived.
799 * Else, change nothing and return 0.
802 fetch_from_buf_http(buf_t
*buf
,
803 char **headers_out
, size_t max_headerlen
,
804 char **body_out
, size_t *body_used
, size_t max_bodylen
,
807 char *headers
, *body
, *p
;
808 size_t headerlen
, bodylen
, contentlen
;
810 /* assert_buf_ok(buf); */
813 if (buf_nul_terminate(buf
)<0) {
814 log_warn(LD_BUG
,"Couldn't nul-terminate buffer");
818 body
= strstr(headers
,"\r\n\r\n");
820 log_debug(LD_HTTP
,"headers not all here yet.");
823 body
+= 4; /* Skip the the CRLFCRLF */
824 headerlen
= body
-headers
; /* includes the CRLFCRLF */
825 bodylen
= buf
->datalen
- headerlen
;
826 log_debug(LD_HTTP
,"headerlen %d, bodylen %d.", (int)headerlen
, (int)bodylen
);
828 if (max_headerlen
<= headerlen
) {
829 log_warn(LD_HTTP
,"headerlen %d larger than %d. Failing.",
830 (int)headerlen
, (int)max_headerlen
-1);
833 if (max_bodylen
<= bodylen
) {
834 log_warn(LD_HTTP
,"bodylen %d larger than %d. Failing.",
835 (int)bodylen
, (int)max_bodylen
-1);
839 #define CONTENT_LENGTH "\r\nContent-Length: "
840 p
= strstr(headers
, CONTENT_LENGTH
);
843 i
= atoi(p
+strlen(CONTENT_LENGTH
));
845 log_warn(LD_PROTOCOL
, "Content-Length is less than zero; it looks like "
846 "someone is trying to crash us.");
850 /* if content-length is malformed, then our body length is 0. fine. */
851 log_debug(LD_HTTP
,"Got a contentlen of %d.",(int)contentlen
);
852 if (bodylen
< contentlen
) {
853 if (!force_complete
) {
854 log_debug(LD_HTTP
,"body not all here yet.");
855 return 0; /* not all there yet */
858 if (bodylen
> contentlen
) {
859 bodylen
= contentlen
;
860 log_debug(LD_HTTP
,"bodylen reduced to %d.",(int)bodylen
);
863 /* all happy. copy into the appropriate places, and return 1 */
865 *headers_out
= tor_malloc(headerlen
+1);
866 memcpy(*headers_out
,buf
->cur
,headerlen
);
867 (*headers_out
)[headerlen
] = 0; /* null terminate it */
870 tor_assert(body_used
);
871 *body_used
= bodylen
;
872 *body_out
= tor_malloc(bodylen
+1);
873 memcpy(*body_out
,buf
->cur
+headerlen
,bodylen
);
874 (*body_out
)[bodylen
] = 0; /* null terminate it */
876 buf_remove_from_front(buf
, headerlen
+bodylen
);
880 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
882 * - socks4: "socksheader username\\0"
883 * - socks4a: "socksheader username\\0 destaddr\\0"
884 * - socks5 phase one: "version #methods methods"
885 * - socks5 phase two: "version command 0 addresstype..."
886 * If it's a complete and valid handshake, and destaddr fits in
887 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
888 * assign to <b>req</b>, and return 1.
890 * If it's invalid or too big, return -1.
892 * Else it's not all there yet, leave buf alone and return 0.
894 * If you want to specify the socks reply, write it into <b>req->reply</b>
895 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
897 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
898 * the connection is possibly leaking DNS requests locally or not.
900 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
904 fetch_from_buf_socks(buf_t
*buf
, socks_request_t
*req
, int log_sockstype
)
907 char tmpbuf
[INET_NTOA_BUF_LEN
];
909 enum {socks4
, socks4a
} socks4_prot
= socks4a
;
910 char *next
, *startaddr
;
913 /* If the user connects with socks4 or the wrong variant of socks5,
914 * then log a warning to let him know that it might be unwise. */
915 static int have_warned_about_unsafe_socks
= 0;
917 if (buf
->datalen
< 2) /* version and another byte */
921 switch (*(buf
->cur
)) { /* which version of socks? */
925 if (req
->socks_version
!= 5) { /* we need to negotiate a method */
926 unsigned char nummethods
= (unsigned char)*(buf
->cur
+1);
927 tor_assert(!req
->socks_version
);
928 if (buf
->datalen
< 2u+nummethods
)
930 if (!nummethods
|| !memchr(buf
->cur
+2, 0, nummethods
)) {
932 "socks5: offered methods don't include 'no auth'. "
934 req
->replylen
= 2; /* 2 bytes of response */
936 req
->reply
[1] = '\xFF'; /* reject all methods */
939 buf_remove_from_front(buf
,2+nummethods
); /* remove packet from buf */
941 req
->replylen
= 2; /* 2 bytes of response */
942 req
->reply
[0] = 5; /* socks5 reply */
943 req
->reply
[1] = SOCKS5_SUCCEEDED
;
944 req
->socks_version
= 5; /* remember we've already negotiated auth */
945 log_debug(LD_APP
,"socks5: accepted method 0");
948 /* we know the method; read in the request */
949 log_debug(LD_APP
,"socks5: checking request");
950 if (buf
->datalen
< 8) /* basic info plus >=2 for addr plus 2 for port */
951 return 0; /* not yet */
952 req
->command
= (unsigned char) *(buf
->cur
+1);
953 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
954 req
->command
!= SOCKS_COMMAND_RESOLVE
) {
955 /* not a connect or resolve? we don't support it. */
956 log_warn(LD_APP
,"socks5: command %d not recognized. Rejecting.",
960 switch (*(buf
->cur
+3)) { /* address type */
961 case 1: /* IPv4 address */
962 log_debug(LD_APP
,"socks5: ipv4 address type");
963 if (buf
->datalen
< 10) /* ip/port there? */
964 return 0; /* not yet */
966 destip
= ntohl(*(uint32_t*)(buf
->cur
+4));
967 in
.s_addr
= htonl(destip
);
968 tor_inet_ntoa(&in
,tmpbuf
,sizeof(tmpbuf
));
969 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
971 "socks5 IP takes %d bytes, which doesn't fit in %d. "
973 (int)strlen(tmpbuf
)+1,(int)MAX_SOCKS_ADDR_LEN
);
976 strlcpy(req
->address
,tmpbuf
,sizeof(req
->address
));
977 req
->port
= ntohs(*(uint16_t*)(buf
->cur
+8));
978 buf_remove_from_front(buf
, 10);
979 if (!address_is_in_virtual_range(req
->address
) &&
980 !have_warned_about_unsafe_socks
) {
982 "Your application (using socks5 on port %d) is giving "
983 "Tor only an IP address. Applications that do DNS resolves "
984 "themselves may leak information. Consider using Socks4A "
985 "(e.g. via privoxy or socat) instead. For more information, "
986 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
987 "TorFAQ#SOCKSAndDNS", req
->port
);
988 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
992 log_debug(LD_APP
,"socks5: fqdn address type");
993 len
= (unsigned char)*(buf
->cur
+4);
994 if (buf
->datalen
< 7u+len
) /* addr/port there? */
995 return 0; /* not yet */
996 if (len
+1 > MAX_SOCKS_ADDR_LEN
) {
998 "socks5 hostname is %d bytes, which doesn't fit in "
999 "%d. Rejecting.", len
+1,MAX_SOCKS_ADDR_LEN
);
1002 memcpy(req
->address
,buf
->cur
+5,len
);
1003 req
->address
[len
] = 0;
1004 req
->port
= ntohs(get_uint16(buf
->cur
+5+len
));
1005 buf_remove_from_front(buf
, 5+len
+2);
1006 if (!tor_strisprint(req
->address
) || strchr(req
->address
,'\"')) {
1007 log_warn(LD_PROTOCOL
,
1008 "Your application (using socks5 on port %d) gave Tor "
1009 "a malformed hostname: %s. Rejecting the connection.",
1010 req
->port
, escaped(req
->address
));
1016 "Your application (using socks5 on port %d) gave "
1017 "Tor a hostname, which means Tor will do the DNS resolve "
1018 "for you. This is good.", req
->port
);
1020 default: /* unsupported */
1021 log_warn(LD_APP
,"socks5: unsupported address type %d. Rejecting.",
1026 case 4: /* socks4 */
1027 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1028 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1030 req
->socks_version
= 4;
1031 if (buf
->datalen
< SOCKS4_NETWORK_LEN
) /* basic info available? */
1032 return 0; /* not yet */
1034 req
->command
= (unsigned char) *(buf
->cur
+1);
1035 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
1036 req
->command
!= SOCKS_COMMAND_RESOLVE
) {
1037 /* not a connect or resolve? we don't support it. */
1038 log_warn(LD_APP
,"socks4: command %d not recognized. Rejecting.",
1043 req
->port
= ntohs(*(uint16_t*)(buf
->cur
+2));
1044 destip
= ntohl(*(uint32_t*)(buf
->mem
+4));
1045 if ((!req
->port
&& req
->command
!=SOCKS_COMMAND_RESOLVE
) || !destip
) {
1046 log_warn(LD_APP
,"socks4: Port or DestIP is zero. Rejecting.");
1050 log_debug(LD_APP
,"socks4: destip not in form 0.0.0.x.");
1051 in
.s_addr
= htonl(destip
);
1052 tor_inet_ntoa(&in
,tmpbuf
,sizeof(tmpbuf
));
1053 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
1054 log_debug(LD_APP
,"socks4 addr (%d bytes) too long. Rejecting.",
1055 (int)strlen(tmpbuf
));
1059 "socks4: successfully read destip (%s)", safe_str(tmpbuf
));
1060 socks4_prot
= socks4
;
1063 next
= memchr(buf
->cur
+SOCKS4_NETWORK_LEN
, 0,
1064 buf
->datalen
-SOCKS4_NETWORK_LEN
);
1066 log_debug(LD_APP
,"socks4: Username not here yet.");
1069 tor_assert(next
< buf
->cur
+buf
->datalen
);
1072 if (socks4_prot
!= socks4a
&&
1073 !address_is_in_virtual_range(tmpbuf
) &&
1074 !have_warned_about_unsafe_socks
) {
1076 "Your application (using socks4 on port %d) is giving Tor "
1077 "only an IP address. Applications that do DNS resolves "
1078 "themselves may leak information. Consider using Socks4A "
1079 "(e.g. via privoxy or socat) instead.", req
->port
);
1080 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
1082 if (socks4_prot
== socks4a
) {
1083 if (next
+1 == buf
->cur
+buf
->datalen
) {
1084 log_debug(LD_APP
,"socks4: No part of destaddr here yet.");
1088 next
= memchr(startaddr
, 0, buf
->cur
+buf
->datalen
-startaddr
);
1090 log_debug(LD_APP
,"socks4: Destaddr not all here yet.");
1093 if (MAX_SOCKS_ADDR_LEN
<= next
-startaddr
) {
1094 log_warn(LD_APP
,"socks4: Destaddr too long. Rejecting.");
1097 tor_assert(next
< buf
->cur
+buf
->datalen
);
1101 "Your application (using socks4a on port %d) gave "
1102 "Tor a hostname, which means Tor will do the DNS resolve "
1103 "for you. This is good.", req
->port
);
1105 log_debug(LD_APP
,"socks4: Everything is here. Success.");
1106 strlcpy(req
->address
, startaddr
? startaddr
: tmpbuf
,
1107 sizeof(req
->address
));
1108 if (!tor_strisprint(req
->address
) || strchr(req
->address
,'\"')) {
1109 log_warn(LD_PROTOCOL
,
1110 "Your application (using socks4 on port %d) gave Tor "
1111 "a malformed hostname: %s. Rejecting the connection.",
1112 req
->port
, escaped(req
->address
));
1115 /* next points to the final \0 on inbuf */
1116 buf_remove_from_front(buf
, next
-buf
->cur
+1);
1120 case 'H': /* head */
1121 case 'P': /* put/post */
1122 case 'C': /* connect */
1124 "HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
1125 "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
1128 "<title>Tor is not an HTTP Proxy</title>\n"
1131 "<h1>Tor is not an HTTP Proxy</h1>\n"
1133 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1135 "This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.\n"
1136 "Please configure your client accordingly.\n"
1139 "See <a href=\"http://tor.eff.org/documentation.html\">"
1140 "http://tor.eff.org/documentation.html</a> for more information.\n"
1141 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1142 " IE will be willing to display it. Comment comment comment comment "
1143 " comment comment comment comment comment comment comment comment.-->\n"
1147 , MAX_SOCKS_REPLY_LEN
);
1148 req
->replylen
= strlen(req
->reply
)+1;
1150 default: /* version is not socks4 or socks5 */
1152 "Socks version %d not recognized. (Tor is not an http proxy.)",
1158 /** If there is a complete version 0 control message waiting on buf, then store
1159 * its contents into *<b>type_out</b>, store its body's length into
1160 * *<b>len_out</b>, allocate and store a string for its body into
1161 * *<b>body_out</b>, and return 1. (body_out will always be NUL-terminated,
1162 * even if the control message body doesn't end with NUL.)
1164 * If there is not a complete control message waiting, return 0.
1166 * Return -1 on error; return -2 on "seems to be control protocol v1."
1169 fetch_from_buf_control0(buf_t
*buf
, uint32_t *len_out
, uint16_t *type_out
,
1170 char **body_out
, int check_for_v1
)
1177 tor_assert(len_out
);
1178 tor_assert(type_out
);
1179 tor_assert(body_out
);
1184 if (buf
->datalen
< 4)
1187 peek_from_buf(tmp
, 4, buf
);
1189 msglen
= ntohs(get_uint16(tmp
));
1190 type
= ntohs(get_uint16(tmp
+2));
1191 if (type
> 255 && check_for_v1
)
1194 if (buf
->datalen
< 4 + (unsigned)msglen
)
1199 buf_remove_from_front(buf
, 4);
1201 *body_out
= tor_malloc(msglen
+1);
1202 fetch_from_buf(*body_out
, msglen
, buf
);
1203 (*body_out
)[msglen
] = '\0';
1208 /** Helper: return a pointer to the first instance of <b>c</b> in the
1209 * <b>len</b>characters after <b>start</b> on <b>buf</b>. Return NULL if the
1210 * character isn't found. */
1212 find_char_on_buf(buf_t
*buf
, char *start
, size_t len
, char c
)
1216 _split_range(buf
, start
, &len
, &len_rest
);
1217 cp
= memchr(buf
->cur
, c
, len
);
1218 if (cp
|| !len_rest
)
1220 return memchr(buf
->mem
, c
, len_rest
);
1223 /** Helper: return a pointer to the first CRLF after cp on <b>buf</b>. Return
1224 * NULL if no CRLF is found. */
1226 find_crlf_on_buf(buf_t
*buf
, char *cp
)
1230 size_t remaining
= buf
->datalen
- _buf_offset(buf
,cp
);
1231 cp
= find_char_on_buf(buf
, cp
, remaining
, '\r');
1234 next
= _wrap_ptr(buf
, cp
+1);
1235 if (next
== _buf_end(buf
))
1243 /** Try to read a single CRLF-terminated line from <b>buf</b>, and write it,
1244 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1245 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1246 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1247 * have a whole line yet, and return -1 if we we need to grow the buffer.
1250 fetch_from_buf_line(buf_t
*buf
, char *data_out
, size_t *data_len
)
1254 /* Look for a CRLF. */
1255 if (!(eol
= find_crlf_on_buf(buf
, buf
->cur
))) {
1258 sz
= _buf_offset(buf
, eol
);
1259 if (sz
+3 > *data_len
) {
1263 fetch_from_buf(data_out
, sz
+2, buf
);
1264 data_out
[sz
+2] = '\0';
1269 /** Log an error and exit if <b>buf</b> is corrupted.
1272 assert_buf_ok(buf_t
*buf
)
1275 tor_assert(buf
->magic
== BUFFER_MAGIC
);
1276 tor_assert(buf
->mem
);
1277 tor_assert(buf
->highwater
<= buf
->len
);
1278 tor_assert(buf
->datalen
<= buf
->highwater
);
1281 uint32_t u32
= get_uint32(buf
->mem
- 4);
1282 tor_assert(u32
== START_MAGIC
);
1283 u32
= get_uint32(buf
->mem
+ buf
->len
);
1284 tor_assert(u32
== END_MAGIC
);