| blob | 366704ee0d2829279b69be2332d0b7c79a13e0df |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
9 /**
10 * \file buffers.c
11 * \brief Implements a generic buffer interface. Buffers are
12 * fairly opaque string holders that can read to or flush from:
13 * memory, file descriptors, or TLS connections.
14 **/
18 #define SENTINELS
19 #undef CHECK_AFTER_RESIZE
20 #undef PARANOIA
21 #undef NOINLINE
23 /* If SENTINELS is defined, check for attempts to write beyond the
24 * end/before the start of the buffer.
25 */
26 #ifdef SENTINELS
27 /** 4-byte value to write at the start of each buffer memory region. */
28 #define START_MAGIC 0x70370370u
29 /** 4-byte value to write at the end of each buffer memory region. */
30 #define END_MAGIC 0xA0B0C0D0u
31 /** Given buf->mem, yield a pointer to the raw memory region (for free(),
32 * realloc(), and so on). */
33 #define RAW_MEM(m) ((void*)(((char*)m)-4))
34 /** Given a pointer to the raw memory region (from malloc() or realloc()),
35 * yield the correct value for buf->mem (just past the first sentinel). */
36 #define GUARDED_MEM(m) ((void*)(((char*)m)+4))
37 /** How much memory do we need to allocate for a buffer to hold <b>ln</b> bytes
38 * of data? */
39 #define ALLOC_LEN(ln) ((ln)+8)
40 /** Initialize the sentinel values on <b>m</b> (a value of buf->mem), which
41 * has <b>ln</b> useful bytes. */
42 #define SET_GUARDS(m, ln) \
43 do { set_uint32((m)-4,START_MAGIC); set_uint32((m)+ln,END_MAGIC); } while (0)
44 #else
45 #define RAW_MEM(m) (m)
46 #define GUARDED_MEM(m) (m)
47 #define ALLOC_LEN(ln) (ln)
48 #define SET_GUARDS(m,ln) do {} while (0)
49 #endif
51 #ifdef PARANOIA
52 #define check() do { assert_buf_ok(buf); } while (0)
53 #else
54 #define check() do { } while (0)
55 #endif
57 #ifdef NOINLINE
58 #undef INLINE
59 #define INLINE
60 #endif
62 /** Magic value for buf_t.magic, to catch pointer errors. */
63 #define BUFFER_MAGIC 0xB0FFF312u
64 /** A resizeable buffer, optimized for reading and writing. */
67 * BUFFER_MAGIC. */
73 * than 'len' if we shortened 'len' by a few bytes to make
74 * zlib wrap around more easily. */
76 };
78 /** How many bytes, total, are used in all buffers? */
80 /** How many bytes, total, are allocated in all buffers? */
83 /** Size, in bytes, for newly allocated buffers. Should be a power of 2. */
84 #define INITIAL_BUF_SIZE (4*1024)
85 /** Size, in bytes, for minimum 'shrink' size for buffers. Buffers may start
86 * out smaller than this, but they will never autoshrink to less
87 * than this size. */
88 #define MIN_LAZY_SHRINK_SIZE (4*1024)
92 /** If the contents of buf wrap around the end of the allocated space,
93 * malloc a new buf and copy the contents in starting at the
94 * beginning. This operation is relatively expensive, so it shouldn't
95 * be used e.g. for every single read or write.
96 */
97 static void
99 {
116 }
117 }
119 /** Return the point in the buffer where the next byte will get stored. */
122 {
126 }
128 /** If the pointer <b>cp</b> has passed beyond the end of the buffer, wrap it
129 * around. */
132 {
134 }
136 /** Return the offset of <b>cp</b> within the buffer. */
139 {
142 else
143 /* return (cp - buf->mem) + buf->mem+buf->len - buf->cur */
145 }
147 /** If the range of *<b>len</b> bytes starting at <b>at</b> wraps around the
148 * end of the buffer, then set *<b>len</b> to the number of bytes starting
149 * at <b>at</b>, and set *<b>more_len</b> to the number of bytes starting
150 * at <b>buf->mem</b>. Otherwise, set *<b>more_len</b> to 0.
151 */
155 {
163 }
164 }
166 /** Change a buffer's capacity. <b>new_capacity</b> must be \>=
167 * buf->datalen. */
168 static void
170 {
171 off_t offset;
172 #ifdef CHECK_AFTER_RESIZE
174 #endif
178 #ifdef CHECK_AFTER_RESIZE
183 #endif
190 /* We need to move stuff before we shrink. */
192 /* We have:
193 *
194 * mem[0] ... mem[datalen-(len-offset)] (end of data)
195 * mem[offset] ... mem[len-1] (the start of the data)
196 *
197 * We're shrinking the buffer by (len-new_capacity) bytes, so we need
198 * to move the start portion back by that many bytes.
199 */
204 /* The data doesn't wrap around, but it does extend beyond the new
205 * buffer length:
206 * mem[offset] ... mem[offset+datalen-1] (the data)
207 */
210 }
211 }
213 /* XXX Some play code to throw away old buffers sometimes rather
214 * than constantly reallocing them; just in case this is our memory
215 * problem. It looks for now like it isn't, so disabled. -RD */
219 /* don't realloc; free and malloc */
230 }
235 /* We need to move data now that we are done growing. The buffer
236 * now contains:
237 *
238 * mem[0] ... mem[datalen-(len-offset)] (end of data)
239 * mem[offset] ... mem[len-1] (the start of the data)
240 * mem[len]...mem[new_capacity] (empty space)
241 *
242 * We're growing by (new_capacity-len) bytes, so we need to move the
243 * end portion forward by that many bytes.
244 */
248 }
251 #ifdef CHECK_AFTER_RESIZE
256 }
259 #endif
260 }
262 /** If the buffer is not large enough to hold <b>capacity</b> bytes, resize
263 * it so that it can. (The new size will be a power of 2 times the old
264 * size.)
265 */
268 {
274 /* Find the smallest new_len equal to (2**X) for some X; such that
275 * new_len is at least capacity, and at least 2*buf->len.
276 */
283 /* Resize the buffer. */
288 }
290 /** Resize buf so it won't hold extra memory that we haven't been
291 * using lately (that is, since the last time we called buf_shrink).
292 * Try to shrink the buf until it is the largest factor of two that
293 * can contain <b>buf</b>->highwater, but never smaller than
294 * MIN_LAZY_SHRINK_SIZE.
295 */
296 void
298 {
312 }
314 /** Remove the first <b>n</b> bytes from buf. */
317 {
325 }
327 }
329 /** Make sure that the memory in buf ends with a zero byte. */
332 {
337 }
339 /** Create and return a new buf with capacity <b>size</b>. */
340 buf_t *
342 {
353 }
355 /** Allocate and return a new buffer with default capacity. */
356 buf_t *
358 {
360 }
362 /** Remove all data from <b>buf</b>. */
363 void
365 {
370 }
372 /** Return the number of bytes stored in <b>buf</b> */
373 size_t
375 {
377 }
379 /** Return the maximum bytes that can be stored in <b>buf</b> before buf
380 * needs to resize. */
381 size_t
383 {
385 }
387 /** For testing only: Return a pointer to the raw memory stored in
388 * <b>buf</b>. */
391 {
393 }
395 /** Release storage held by <b>buf</b>. */
396 void
398 {
407 }
409 /** Helper for read_to_buf(): read no more than at_most bytes from
410 * socket s into buffer buf, starting at the position pos. (Does not
411 * check for overflow.) Set *reached_eof to true on EOF. Return
412 * number of bytes read on success, 0 if the read would block, -1 on
413 * failure.
414 */
418 {
421 // log_fn(LOG_DEBUG,"reading at most %d bytes.",at_most);
426 #ifdef MS_WINDOWS
429 #endif
431 }
445 }
446 }
448 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
449 * <b>at_most</b> bytes, resizing the buffer as necessary. If recv()
450 * returns 0, set *<b>reached_eof</b> to 1 and return 0. Return -1 on error;
451 * else return the number of bytes read. Return 0 if recv() would
452 * block.
453 */
454 int
456 {
461 /* assert_buf_ok(buf); */
481 }
492 }
493 }
495 }
497 /** Helper for read_to_buf_tls(): read no more than <b>at_most</b>
498 * bytes from the TLS connection <b>tls</b> into buffer <b>buf</b>,
499 * starting at the position <b>next</b>. (Does not check for overflow.)
500 * Return number of bytes read on success, 0 if the read would block,
501 * -1 on failure.
502 */
505 {
521 }
523 /** As read_to_buf, but reads from a TLS connection.
524 *
525 * Using TLS on OR connections complicates matters in two ways.
526 *
527 * First, a TLS stream has its own read buffer independent of the
528 * connection's read buffer. (TLS needs to read an entire frame from
529 * the network before it can decrypt any data. Thus, trying to read 1
530 * byte from TLS can require that several KB be read from the network
531 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
532 * Because the data hasn't been read by Tor (it's still inside the TLS),
533 * this means that sometimes a connection "has stuff to read" even when
534 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
535 * used in connection.c to detect TLS objects with non-empty internal
536 * buffers and read from them again.
537 *
538 * Second, the TLS stream's events do not correspond directly to network
539 * events: sometimes, before a TLS stream can read, the network must be
540 * ready to write -- or vice versa.
541 */
542 int
544 {
580 else
582 }
584 }
586 /** Helper for flush_buf(): try to write <b>sz</b> bytes from buffer
587 * <b>buf</b> onto socket <b>s</b>. On success, deduct the bytes written
588 * from *<b>buf_flushlen</b>.
589 * Return the number of bytes written on success, -1 on failure.
590 */
593 {
600 #ifdef MS_WINDOWS
603 #endif
605 }
612 }
613 }
615 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
616 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
617 * the number of bytes actually written, and remove the written bytes
618 * from the buffer. Return the number of bytes written on success,
619 * -1 on failure. Return 0 if write() would block.
620 */
621 int
623 {
628 /* assert_buf_ok(buf); */
658 }
660 }
662 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes (or more if
663 * required by a previous write) from buffer <b>buf</b> onto TLS object
664 * <b>tls</b>. On success, deduct the bytes written from
665 * *<b>buf_flushlen</b>. Return the number of bytes written on success, -1 on
666 * failure.
667 */
670 {
680 }
686 }
688 /** As flush_buf(), but writes data to a TLS connection.
689 */
690 int
692 {
696 /* assert_buf_ok(buf); */
702 /* we want to let tls write even if flushlen is zero, because it might
703 * have a partial record pending */
711 }
726 }
728 }
730 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
731 * <b>buf</b>.
732 *
733 * Return the new length of the buffer on success, -1 on failure.
734 */
735 int
737 {
741 /* append string to buf (growing as needed, return -1 if "too big")
742 * return total number of bytes on the buf
743 */
746 /* assert_buf_ok(buf); */
752 }
766 }
773 }
775 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
776 * onto <b>string</b>.
777 */
780 {
783 /* There must be string_len bytes in buf; write them onto string,
784 * then memmove buf back (that is, remove them from buf).
785 *
786 * Return the number of bytes still on the buffer. */
789 /* make sure we don't ask for too much */
791 /* assert_buf_ok(buf); */
798 }
799 }
801 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
802 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
803 * must be \<= the number of bytes on the buffer.
804 */
805 int
807 {
808 /* There must be string_len bytes in buf; write them onto string,
809 * then memmove buf back (that is, remove them from buf).
810 *
811 * Return the number of bytes still on the buffer. */
818 }
820 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
821 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
822 * If a) the headers include a Content-Length field and all bytes in
823 * the body are present, or b) there's no Content-Length field and
824 * all headers are present, then:
825 *
826 * - strdup headers into <b>*headers_out</b>, and nul-terminate it.
827 * - memdup body into <b>*body_out</b>, and nul-terminate it.
828 * - Then remove them from <b>buf</b>, and return 1.
829 *
830 * - If headers or body is NULL, discard that part of the buf.
831 * - If a headers or body doesn't fit in the arg, return -1.
832 * (We ensure that the headers or body don't exceed max len,
833 * _even if_ we're planning to discard them.)
834 * - If force_complete is true, then succeed even if not all of the
835 * content has arrived.
836 *
837 * Else, change nothing and return 0.
838 */
839 int
844 {
848 /* assert_buf_ok(buf); */
854 }
860 }
870 }
875 }
886 }
888 /* if content-length is malformed, then our body length is 0. fine. */
894 }
895 }
899 }
900 }
901 /* all happy. copy into the appropriate places, and return 1 */
906 }
913 }
916 }
918 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
919 * of the forms
920 * - socks4: "socksheader username\\0"
921 * - socks4a: "socksheader username\\0 destaddr\\0"
922 * - socks5 phase one: "version #methods methods"
923 * - socks5 phase two: "version command 0 addresstype..."
924 * If it's a complete and valid handshake, and destaddr fits in
925 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
926 * assign to <b>req</b>, and return 1.
927 *
928 * If it's invalid or too big, return -1.
929 *
930 * Else it's not all there yet, leave buf alone and return 0.
931 *
932 * If you want to specify the socks reply, write it into <b>req->reply</b>
933 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
934 *
935 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
936 * the connection is possibly leaking DNS requests locally or not.
937 *
938 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
939 *
940 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
941 * undefined.
942 */
943 int
946 {
954 /* If the user connects with socks4 or the wrong variant of socks5,
955 * then log a warning to let him know that it might be unwise. */
973 "socks5: offered methods don't include 'no auth'. "
979 }
980 /* remove packet from buf. also remove any other extraneous
981 * bytes, to support broken socks clients. */
990 }
991 /* we know the method; read in the request */
1000 /* not a connect or resolve or a resolve_ptr? we don't support it. */
1004 }
1016 "socks5 IP takes %d bytes, which doesn't fit in %d. "
1020 }
1028 "Your application (using socks5 on port %d) is giving "
1029 "Tor only an IP address. Applications that do DNS resolves "
1030 "themselves may leak information. Consider using Socks4A "
1031 "(e.g. via privoxy or socat) instead. For more information, "
1032 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1035 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
1041 }
1050 "socks5 hostname is %d bytes, which doesn't fit in "
1053 }
1058 }
1065 "Your application (using socks5 on port %d) gave Tor "
1069 }
1072 "Your application (using socks5 on port %d) gave "
1073 "Tor a hostname, which means Tor will do the DNS resolve "
1080 }
1083 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1084 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1094 /* not a connect or resolve? we don't support it. (No resolve_ptr with
1095 * socks4.) */
1099 }
1106 }
1115 }
1119 }
1126 }
1134 "Your application (using socks4 on port %d) is giving Tor "
1135 "only an IP address. Applications that do DNS resolves "
1136 "themselves may leak information. Consider using Socks4A "
1137 "(e.g. via privoxy or socat) instead. For more information, "
1138 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1141 // have_warned_about_unsafe_socks = 1; // (for now, warn every time)
1147 }
1152 }
1158 }
1162 }
1167 "Your application (using socks4a on port %d) gave "
1168 "Tor a hostname, which means Tor will do the DNS resolve "
1170 }
1176 "Your application (using socks4 on port %d) gave Tor "
1180 }
1181 /* next points to the final \0 on inbuf */
1199 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1207 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1208 " IE will be willing to display it. Comment comment comment comment "
1215 /* fall through */
1220 {
1226 }
1228 }
1229 }
1231 /** If there is a complete version 0 control message waiting on buf, then store
1232 * its contents into *<b>type_out</b>, store its body's length into
1233 * *<b>len_out</b>, allocate and store a string for its body into
1234 * *<b>body_out</b>, and return 1. (body_out will always be NUL-terminated,
1235 * even if the control message body doesn't end with NUL.)
1236 *
1237 * If there is not a complete control message waiting, return 0.
1238 *
1239 * Return -1 on error; return -2 on "seems to be control protocol v1."
1240 */
1241 int
1244 {
1277 }
1279 }
1281 /** Helper: return a pointer to the first instance of <b>c</b> in the
1282 * <b>len</b>characters after <b>start</b> on <b>buf</b>. Return NULL if the
1283 * character isn't found. */
1286 {
1294 }
1296 /** Helper: return a pointer to the first CRLF after cp on <b>buf</b>. Return
1297 * NULL if no CRLF is found. */
1300 {
1313 }
1314 }
1316 /** Try to read a single CRLF-terminated line from <b>buf</b>, and write it,
1317 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1318 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1319 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1320 * have a whole line yet, and return -1 if we we need to grow the buffer.
1321 */
1322 int
1324 {
1327 /* Look for a CRLF. */
1330 }
1335 }
1340 }
1342 /** Try to read a single LF-terminated line from <b>buf</b>, and write it,
1343 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1344 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1345 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1346 * have a whole line yet, and return -1 if the line length exceeds
1347 *<b>data_len</b>.
1348 */
1349 int
1351 {
1363 }
1368 }
1370 /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
1371 * zlib state <b>state</b>, appending the result to <b>buf</b>. If
1372 * <b>done</b> is true, flush the data in the state and finish the
1373 * compression/uncompression. Return -1 on failure, 0 on success. */
1374 int
1378 {
1387 else
1401 /* Zlib says we need more room (ZLIB_BUF_FULL), and we're not about
1402 * to wrap around (avail != 0), and resizing won't actually make us
1403 * un-full: we're at the end of the buffer, and zlib refuses to
1404 * append more here, but there's a pile of free space at the start
1405 * of the buffer (about 1K). So chop a few characters off the
1406 * end of the buffer. This feels silly; anybody got a better hack?
1407 *
1408 * (We don't just want to expand the buffer nevertheless. Consider a
1409 * 1/3 full buffer with a single byte free at the end. zlib will
1410 * often refuse to append to that, and so we want to use the
1411 * beginning, not double the buffer to be just 1/6 full.)
1412 */
1415 }
1417 }
1424 }
1426 /** Log an error and exit if <b>buf</b> is corrupted.
1427 */
1428 void
1430 {
1436 #ifdef SENTINELS
1437 {
1442 }
1443 #endif
1444 }