| blob | 710374638b99e0da011e78f58c8d2b08a75b47b3 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2011, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file buffers.c
9 * \brief Implements a generic interface buffer. Buffers are
10 * fairly opaque string holders that can read to or flush from:
11 * memory, file descriptors, or TLS connections.
12 **/
13 #define BUFFERS_PRIVATE
15 #ifdef HAVE_UNISTD_H
16 #include <unistd.h>
17 #endif
18 #ifdef HAVE_SYS_UIO_H
19 #include <sys/uio.h>
20 #endif
22 //#define PARANOIA
24 #ifdef PARANOIA
25 /** Helper: If PARANOIA is defined, assert that the buffer in local variable
26 * <b>buf</b> is well-formed. */
27 #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
28 #else
29 #define check() STMT_NIL
30 #endif
32 /* Implementation notes:
33 *
34 * After flirting with memmove, and dallying with ring-buffers, we're finally
35 * getting up to speed with the 1970s and implementing buffers as a linked
36 * list of small chunks. Each buffer has such a list; data is removed from
37 * the head of the list, and added at the tail. The list is singly linked,
38 * and the buffer keeps a pointer to the head and the tail.
39 *
40 * Every chunk, except the tail, contains at least one byte of data. Data in
41 * each chunk is contiguous.
42 *
43 * When you need to treat the first N characters on a buffer as a contiguous
44 * string, use the buf_pullup function to make them so. Don't do this more
45 * than necessary.
46 *
47 * The major free Unix kernels have handled buffers like this since, like,
48 * forever.
49 */
51 /* Chunk manipulation functions */
53 /** A single chunk on a buffer or in a freelist. */
60 * more than one byte long. */
63 #define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])
65 /** Return the number of bytes needed to allocate a chunk to hold
66 * <b>memlen</b> bytes. */
67 #define CHUNK_ALLOC_SIZE(memlen) (CHUNK_HEADER_LEN + (memlen))
68 /** Return the number of usable bytes in a chunk allocated with
69 * malloc(<b>memlen</b>). */
70 #define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_HEADER_LEN)
72 /** Return the next character in <b>chunk</b> onto which data can be appended.
73 * If the chunk is full, this might be off the end of chunk->mem. */
76 {
78 }
80 /** Return the number of bytes that can be written onto <b>chunk</b> without
81 * running out of space. */
84 {
86 }
88 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
89 * to free up space at the end. */
92 {
95 }
97 }
99 #ifdef ENABLE_BUF_FREELISTS
100 /** A freelist of chunks. */
104 * freelist. */
106 * chunks beyond lowest_length.*/
109 * last time we cleaned this freelist? */
116 /** Macro to help define freelists. */
117 #define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }
119 /** Static array of freelists, sorted by alloc_len, terminated by an entry
120 * with alloc_size of 0. */
124 };
125 #undef FL
126 /** How many times have we looked for a chunk of a size that no freelist
127 * could help with? */
132 /** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if
133 * no freelist exists for that size. */
136 {
141 }
142 }
144 }
146 /** Deallocate a chunk or put it on a freelist */
147 static void
149 {
160 }
161 }
163 /** Allocate a new chunk with a given allocation size, or get one from the
164 * freelist. Note that a chunk with allocation size A can actually hold only
165 * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
168 {
180 /* XXXX take advantage of tor_malloc_roundup, once we know how that
181 * affects freelists. */
184 else
187 }
193 }
194 #else
195 static void
197 {
199 }
202 {
210 }
211 #endif
213 /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
214 * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
217 {
218 off_t offset;
225 }
227 /** If a read onto the end of a chunk would be smaller than this number, then
228 * just start a new chunk. */
229 #define MIN_READ_LEN 8
230 /** Every chunk should take up at least this many bytes. */
231 #define MIN_CHUNK_ALLOC 256
232 /** No chunk should take up more than this many bytes. */
233 #define MAX_CHUNK_ALLOC 65536
235 /** Return the allocation size we'd like to use to hold <b>target</b>
236 * bytes. */
239 {
243 }
245 }
247 /** Remove from the freelists most chunks that have not been used since the
248 * last call to buf_shrink_freelists(). */
249 void
251 {
252 #ifdef ENABLE_BUF_FREELISTS
271 }
281 }
286 "keep %d. I wanted to free %d. I freed %d. I somehow think "
290 }
291 // tor_assert(!n_to_free);
296 }
299 }
301 #else
303 #endif
304 }
306 /** Describe the current status of the freelists at log level <b>severity</b>.
307 */
308 void
310 {
311 #ifdef ENABLE_BUF_FREELISTS
318 U64_FORMAT" bytes in %d %d-byte chunks ["U64_FORMAT
325 }
328 #else
330 #endif
331 }
333 /** Magic value for buf_t.magic, to catch pointer errors. */
334 #define BUFFER_MAGIC 0xB0FFF312u
335 /** A resizeable buffer, optimized for reading and writing. */
338 * BUFFER_MAGIC. */
341 * this for this buffer. */
344 };
346 /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
347 * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
348 * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
349 *
350 * If <b>nulterminate</b> is true, ensure that there is a 0 byte in
351 * buf->head->mem right after all the data. */
352 static void
354 {
369 }
374 }
377 /* We don't need to grow the first chunk, but we might need to repack it.*/
384 /* We need to grow the chunk. */
393 }
394 }
414 }
415 }
420 }
423 }
425 /** Resize buf so it won't hold extra memory that we haven't been
426 * using lately.
427 */
428 void
430 {
432 }
434 /** Remove the first <b>n</b> bytes from buf. */
437 {
454 }
455 }
457 }
459 /** Create and return a new buf with default chunk capacity <b>size</b>.
460 */
461 buf_t *
463 {
467 }
469 /** Allocate and return a new buffer with default capacity. */
470 buf_t *
472 {
477 }
479 /** Remove all data from <b>buf</b>. */
480 void
482 {
488 }
490 }
492 /** Return the number of bytes stored in <b>buf</b> */
493 size_t
495 {
497 }
499 /** Return the total length of all chunks used in <b>buf</b>. */
500 size_t
502 {
507 }
509 }
511 /** Return the number of bytes that can be added to <b>buf</b> without
512 * performing any additional allocation. */
513 size_t
515 {
518 else
520 }
522 /** Release storage held by <b>buf</b>. */
523 void
525 {
529 }
531 /** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
532 * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
533 * than MAX_CHUNK_ALLOC. */
536 {
544 }
552 }
555 }
557 /** If we're using readv and writev, how many chunks are we willing to
558 * read/write at a time? */
559 #define N_IOV 3
561 /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
562 * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
563 * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
564 * and the number of bytes read otherwise. */
568 {
569 ssize_t read_result;
570 #if 0 && defined(HAVE_READV) && !defined(WIN32)
578 else
582 }
584 #else
588 #endif
593 #ifdef MS_WINDOWS
596 #endif
599 }
607 #if 0 && defined(HAVE_READV) && !defined(WIN32)
613 }
614 #endif
620 }
621 }
623 /** As read_to_chunk(), but return (negative) error code on error, blocking,
624 * or TLS, and the number of bytes read otherwise. */
628 {
638 }
640 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
641 * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
642 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
643 * error; else return the number of bytes read.
644 */
645 /* XXXX021 indicate "read blocked" somehow? */
646 int
649 {
650 /* XXXX021 It's stupid to overload the return values for these functions:
651 * "error status" and "number of bytes read" are not mutually exclusive.
652 */
672 }
682 }
683 }
685 }
687 /** As read_to_buf, but reads from a TLS connection, and returns a TLS
688 * status value rather than the number of bytes read.
689 *
690 * Using TLS on OR connections complicates matters in two ways.
691 *
692 * First, a TLS stream has its own read buffer independent of the
693 * connection's read buffer. (TLS needs to read an entire frame from
694 * the network before it can decrypt any data. Thus, trying to read 1
695 * byte from TLS can require that several KB be read from the network
696 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
697 * Because the data hasn't been read by Tor (it's still inside the TLS),
698 * this means that sometimes a connection "has stuff to read" even when
699 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
700 * used in connection.c to detect TLS objects with non-empty internal
701 * buffers and read from them again.
702 *
703 * Second, the TLS stream's events do not correspond directly to network
704 * events: sometimes, before a TLS stream can read, the network must be
705 * ready to write -- or vice versa.
706 */
707 int
709 {
726 }
736 }
738 }
740 /** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk
741 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
742 * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
743 * written on success, 0 on blocking, -1 on failure.
744 */
748 {
749 ssize_t write_result;
750 #if 0 && defined(HAVE_WRITEV) && !defined(WIN32)
758 else
762 }
764 #else
768 #endif
773 #ifdef MS_WINDOWS
776 #endif
778 }
786 }
787 }
789 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk
790 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
791 * more if there is a forced pending write size.) On success, deduct the
792 * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
793 * written on success, and a TOR_TLS error code on failure or blocking.
794 */
798 {
812 }
818 else
824 }
826 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
827 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
828 * the number of bytes actually written, and remove the written bytes
829 * from the buffer. Return the number of bytes written on success,
830 * -1 on failure. Return 0 if write() would block.
831 */
832 int
834 {
835 /* XXXX021 It's stupid to overload the return values for these functions:
836 * "error status" and "number of bytes flushed" are not mutually exclusive.
837 */
851 else
862 }
865 }
867 /** As flush_buf(), but writes data to a TLS connection. Can write more than
868 * <b>flushlen</b> bytes.
869 */
870 int
873 {
876 ssize_t sz;
882 /* we want to let tls write even if flushlen is zero, because it might
883 * have a partial record pending */
892 else
896 }
909 }
911 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
912 * <b>buf</b>.
913 *
914 * Return the new length of the buffer on success, -1 on failure.
915 */
916 int
918 {
936 }
941 }
943 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
944 * onto <b>string</b>.
945 */
948 {
952 /* make sure we don't ask for too much */
954 /* assert_buf_ok(buf); */
966 }
967 }
969 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
970 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
971 * must be \<= the number of bytes on the buffer.
972 */
973 int
975 {
976 /* There must be string_len bytes in buf; write them onto string,
977 * then memmove buf back (that is, remove them from buf).
978 *
979 * Return the number of bytes still on the buffer. */
987 }
989 /** Check <b>buf</b> for a variable-length cell according to the rules of link
990 * protocol version <b>linkproto</b>. If one is found, pull it off the buffer
991 * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1.
992 * Return 0 if whatever is on the start of buf_t is not a variable-length
993 * cell. Return 1 and set *<b>out</b> to NULL if there seems to be the start
994 * of a variable-length cell on <b>buf</b>, but the whole thing isn't there
995 * yet. */
996 int
998 {
1003 /* If linkproto is unknown (0) or v2 (2), variable-length cells work as
1004 * implemented here. If it's 1, there are no variable-length cells. Tor
1005 * does not support other versions right now, and so can't negotiate them.
1006 */
1033 }
1035 /** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
1036 * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
1037 * Return the number of bytes actually copied.
1038 */
1039 int
1041 {
1042 /* XXXX we can do way better here, but this doesn't turn up in any
1043 * profiles. */
1053 /* This isn't the most efficient implementation one could imagine, since
1054 * it does two copies instead of 1, but I kinda doubt that this will be
1055 * critical path. */
1060 }
1063 }
1065 /** Internal structure: represents a position in a buffer. */
1072 /** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
1073 static void
1075 {
1079 }
1081 /** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
1082 * position of <b>out</b>, or later. Return -1 if no instances are found;
1083 * otherwise returns the absolute position of the character. */
1084 static off_t
1086 {
1095 }
1096 }
1108 }
1109 }
1111 }
1113 /** Advance <b>pos</b> by a single character, if there are any more characters
1114 * in the buffer. Returns 0 on success, -1 on failure. */
1117 {
1125 }
1127 }
1129 /** Return true iff the <b>n</b>-character string in <b>s</b> appears
1130 * (verbatim) at <b>pos</b>. */
1131 static int
1133 {
1134 buf_pos_t p;
1145 /* If we're out of characters that don't match, we match. Check this
1146 * _before_ we test incrementing pos, in case we're at the end of the
1147 * string. */
1152 }
1153 }
1155 /** Return the first position in <b>buf</b> at which the <b>n</b>-character
1156 * string <b>s</b> occurs, or -1 if it does not occur. */
1159 {
1160 buf_pos_t pos;
1169 }
1170 }
1172 }
1174 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
1175 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
1176 * If a) the headers include a Content-Length field and all bytes in
1177 * the body are present, or b) there's no Content-Length field and
1178 * all headers are present, then:
1179 *
1180 * - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
1181 * - memdup body into <b>*body_out</b>, and NUL-terminate it.
1182 * - Then remove them from <b>buf</b>, and return 1.
1183 *
1184 * - If headers or body is NULL, discard that part of the buf.
1185 * - If a headers or body doesn't fit in the arg, return -1.
1186 * (We ensure that the headers or body don't exceed max len,
1187 * _even if_ we're planning to discard them.)
1188 * - If force_complete is true, then succeed even if not all of the
1189 * content has arrived.
1190 *
1191 * Else, change nothing and return 0.
1192 */
1193 int
1198 {
1215 }
1216 /* Okay, we have a full header. Make sure it all appears in the first
1217 * chunk. */
1230 }
1235 }
1246 }
1248 /* if content-length is malformed, then our body length is 0. fine. */
1254 }
1255 }
1259 }
1260 }
1261 /* all happy. copy into the appropriate places, and return 1 */
1266 }
1273 }
1276 }
1278 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
1279 * of the forms
1280 * - socks4: "socksheader username\\0"
1281 * - socks4a: "socksheader username\\0 destaddr\\0"
1282 * - socks5 phase one: "version #methods methods"
1283 * - socks5 phase two: "version command 0 addresstype..."
1284 * If it's a complete and valid handshake, and destaddr fits in
1285 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
1286 * assign to <b>req</b>, and return 1.
1287 *
1288 * If it's invalid or too big, return -1.
1289 *
1290 * Else it's not all there yet, leave buf alone and return 0.
1291 *
1292 * If you want to specify the socks reply, write it into <b>req->reply</b>
1293 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
1294 *
1295 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
1296 * the connection is possibly leaking DNS requests locally or not.
1297 *
1298 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
1299 *
1300 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
1301 * undefined.
1302 */
1303 int
1306 {
1309 tor_addr_t destaddr;
1316 /* If the user connects with socks4 or the wrong variant of socks5,
1317 * then log a warning to let him know that it might be unwise. */
1340 "socks5: offered methods don't include 'no auth'. "
1346 }
1347 /* remove packet from buf. also remove any other extraneous
1348 * bytes, to support broken socks clients. */
1357 }
1358 /* we know the method; read in the request */
1367 /* not a connect or resolve or a resolve_ptr? we don't support it. */
1371 }
1383 else
1390 "socks5 IP takes %d bytes, which doesn't fit in %d. "
1394 }
1402 "Your application (using socks5 to port %d) is giving "
1403 "Tor only an IP address. Applications that do DNS resolves "
1404 "themselves may leak information. Consider using Socks4A "
1405 "(e.g. via privoxy or socat) instead. For more information, "
1406 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1409 /*have_warned_about_unsafe_socks = 1;*/
1410 /*(for now, warn every time)*/
1416 }
1418 }
1425 }
1433 "socks5 hostname is %d bytes, which doesn't fit in "
1436 }
1443 "Your application (using socks5 to port %d) gave Tor "
1447 }
1450 "Your application (using socks5 to port %d) gave "
1451 "Tor a hostname, which means Tor will do the DNS resolve "
1458 }
1461 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1462 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1471 /* not a connect or resolve? we don't support it. (No resolve_ptr with
1472 * socks4.) */
1476 }
1483 }
1492 }
1496 }
1504 }
1507 }
1515 "Your application (using socks4 to port %d) is giving Tor "
1516 "only an IP address. Applications that do DNS resolves "
1517 "themselves may leak information. Consider using Socks4A "
1518 "(e.g. via privoxy or socat) instead. For more information, "
1519 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1528 }
1533 }
1540 }
1543 }
1547 }
1548 // tor_assert(next < buf->cur+buf->datalen);
1552 "Your application (using socks4a to port %d) gave "
1553 "Tor a hostname, which means Tor will do the DNS resolve "
1555 }
1561 "Your application (using socks4 to port %d) gave Tor "
1565 }
1566 /* next points to the final \0 on inbuf */
1584 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1591 "https://www.torproject.org/documentation.html</a> for more "
1593 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1594 " IE will be willing to display it. Comment comment comment comment "
1601 /* fall through */
1606 {
1612 }
1614 }
1615 }
1617 /** Return 1 iff buf looks more like it has an (obsolete) v0 controller
1618 * command on it than any valid v1 controller command. */
1619 int
1621 {
1629 }
1631 }
1633 /** Return the index within <b>buf</b> at which <b>ch</b> first appears,
1634 * or -1 if <b>ch</b> does not appear on buf. */
1635 static off_t
1637 {
1644 else
1646 }
1648 }
1650 /** Try to read a single LF-terminated line from <b>buf</b>, and write it,
1651 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1652 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1653 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1654 * have a whole line yet, and return -1 if the line length exceeds
1655 * *<b>data_len</b>.
1656 */
1657 int
1659 {
1661 off_t offset;
1673 }
1678 }
1680 /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
1681 * zlib state <b>state</b>, appending the result to <b>buf</b>. If
1682 * <b>done</b> is true, flush the data in the state and finish the
1683 * compression/uncompression. Return -1 on failure, 0 on success. */
1684 int
1688 {
1697 }
1712 /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
1713 * automatically, whether were going to or not. */
1715 }
1717 }
1722 }
1727 }
1729 /** Log an error and exit if <b>buf</b> is corrupted.
1730 */
1731 void
1733 {
1752 }
1754 }
1755 }
1757 #ifdef ENABLE_BUF_FREELISTS
1758 /** Log an error and exit if <b>fl</b> is corrupted.
1759 */
1760 static void
1762 {
1770 }
1774 }
1775 #endif