| blob | 6b8ac099186389e042792e57d8ad482edafc0799 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2008, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file buffers.c
9 * \brief Implements a generic interface buffer. Buffers are
10 * fairly opaque string holders that can read to or flush from:
11 * memory, file descriptors, or TLS connections.
12 **/
13 #define BUFFERS_PRIVATE
15 #ifdef HAVE_UNISTD_H
16 #include <unistd.h>
17 #endif
18 #ifdef HAVE_SYS_UIO_H
19 #include <sys/uio.h>
20 #endif
22 //#define PARANOIA
24 #ifdef PARANOIA
25 /** Helper: If PARANOIA is defined, assert that the buffer in local variable
26 * <b>buf</b> is well-formed. */
27 #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
28 #else
29 #define check() STMT_NIL
30 #endif
32 /* Implementation notes:
33 *
34 * After flirting with memmove, and dallying with ring-buffers, we're finally
35 * getting up to speed with the 1970s and implementing buffers as a linked
36 * list of small chunks. Each buffer has such a list; data is removed from
37 * the head of the list, and added at the tail. The list is singly linked,
38 * and the buffer keeps a pointer to the head and the tail.
39 *
40 * Every chunk, except the tail, contains at least one byte of data. Data in
41 * each chunk is contiguous.
42 *
43 * When you need to treat the first N characters on a buffer as a contiguous
44 * string, use the buf_pullup function to make them so. Don't do this more
45 * than necessary.
46 *
47 * The major free Unix kernels have handled buffers like this since, like,
48 * forever.
49 */
51 /* Chunk manipulation functions */
53 /** A single chunk on a buffer or in a freelist. */
60 * more than one byte long. */
63 #define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])
65 /** Return the number of bytes needed to allocate a chunk to hold
66 * <b>memlen</b> bytes. */
67 #define CHUNK_ALLOC_SIZE(memlen) (CHUNK_HEADER_LEN + (memlen))
68 /** Return the number of usable bytes in a chunk allocated with
69 * malloc(<b>memlen</b>). */
70 #define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_HEADER_LEN)
72 /** Return the next character in <b>chunk</b> onto which data can be appended.
73 * If the chunk is full, this might be off the end of chunk->mem. */
76 {
78 }
80 /** Return the number of bytes that can be written onto <b>chunk</b> without
81 * running out of space. */
84 {
86 }
88 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
89 * to free up space at the end. */
92 {
95 }
97 }
99 #ifdef ENABLE_BUF_FREELISTS
100 /** A freelist of chunks. */
104 * freelist. */
106 * chunks beyond lowest_length.*/
109 * last time we cleaned this freelist? */
116 /** Macro to help define freelists. */
117 #define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }
119 /** Static array of freelists, sorted by alloc_len, terminated by an entry
120 * with alloc_size of 0. */
124 };
125 #undef FL
126 /** How many times have we looked for a chunk of a size that no freelist
127 * could help with? */
132 /** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if
133 * no freelist exists for that size. */
136 {
141 }
142 }
144 }
146 /** Deallocate a chunk or put it on a freelist */
147 static void
149 {
160 }
161 }
163 /** Allocate a new chunk with a given allocation size, or get one from the
164 * freelist. Note that a chunk with allocation size A can actualy hold only
165 * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
168 {
180 /* XXXX take advantage of tor_malloc_roundup, once we know how that
181 * affects freelists. */
184 else
187 }
193 }
194 #else
195 static void
197 {
199 }
202 {
210 }
211 #endif
213 /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
214 * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
217 {
218 off_t offset;
225 }
227 /** If a read onto the end of a chunk would be smaller than this number, then
228 * just start a new chunk. */
229 #define MIN_READ_LEN 8
230 /** Every chunk should take up at least this many bytes. */
231 #define MIN_CHUNK_ALLOC 256
232 /** No chunk should take up more than this many bytes. */
233 #define MAX_CHUNK_ALLOC 65536
235 /** Return the allocation size we'd like to use to hold <b>target</b>
236 * bytes. */
239 {
243 }
245 }
247 /** Remove from the freelists most chunks that have not been used since the
248 * last call to buf_shrink_freelists(). */
249 void
251 {
252 #ifdef ENABLE_BUF_FREELISTS
271 }
280 }
283 }
286 }
287 #else
289 #endif
290 }
292 /** Describe the current status of the freelists at log level <b>severity</b>.
293 */
294 void
296 {
297 #ifdef ENABLE_BUF_FREELISTS
304 U64_FORMAT" bytes in %d %d-byte chunks ["U64_FORMAT
311 }
314 #else
316 #endif
317 }
319 /** Magic value for buf_t.magic, to catch pointer errors. */
320 #define BUFFER_MAGIC 0xB0FFF312u
321 /** A resizeable buffer, optimized for reading and writing. */
324 * BUFFER_MAGIC. */
327 * this for this buffer. */
330 };
332 /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
333 * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
334 * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
335 *
336 * If <b>nulterminate</b> is true, ensure that there is a 0 byte in
337 * buf->head->mem right after all the data. */
338 static void
340 {
355 }
360 }
363 /* We don't need to grow the first chunk, but we might need to repack it.*/
370 /* We need to grow the chunk. */
379 }
380 }
400 }
401 }
406 }
409 }
411 /** Resize buf so it won't hold extra memory that we haven't been
412 * using lately.
413 */
414 void
416 {
418 }
420 /** Remove the first <b>n</b> bytes from buf. */
423 {
440 }
441 }
443 }
445 /** Create and return a new buf with default chunk capacity <b>size</b>.
446 */
447 buf_t *
449 {
453 }
455 /** Allocate and return a new buffer with default capacity. */
456 buf_t *
458 {
463 }
465 /** Remove all data from <b>buf</b>. */
466 void
468 {
474 }
476 }
478 /** Return the number of bytes stored in <b>buf</b> */
479 size_t
481 {
483 }
485 /** Return the total length of all chunks used in <b>buf</b>. */
486 size_t
488 {
493 }
495 }
497 /** Return the number of bytes that can be added to <b>buf</b> without
498 * performing any additional allocation. */
499 size_t
501 {
504 else
506 }
508 /** Release storage held by <b>buf</b>. */
509 void
511 {
515 }
517 /** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
518 * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
519 * than MAX_CHUNK_ALLOC. */
522 {
530 }
538 }
541 }
543 /** If we're using readv and writev, how many chunks are we willing to
544 * read/write at a time? */
545 #define N_IOV 3
547 /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
548 * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
549 * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
550 * and the number of bytes read otherwise. */
554 {
555 ssize_t read_result;
556 #if 0 && defined(HAVE_READV) && !defined(WIN32)
564 else
568 }
570 #else
574 #endif
579 #ifdef MS_WINDOWS
582 #endif
585 }
593 #if 0 && defined(HAVE_READV) && !defined(WIN32)
599 }
600 #endif
606 }
607 }
609 /** As read_to_chunk(), but return (negative) error code on error, blocking,
610 * or TLS, and the number of bytes read otherwise. */
614 {
624 }
626 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
627 * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
628 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
629 * error; else return the number of bytes read.
630 */
631 /* XXXX021 indicate "read blocked" somehow? */
632 int
635 {
636 /* XXXX021 It's stupid to overload the return values for these functions:
637 * "error status" and "number of bytes read" are not mutually exclusive.
638 */
658 }
668 }
669 }
671 }
673 /** As read_to_buf, but reads from a TLS connection, and returns a TLS
674 * status value rather than the number of bytes read.
675 *
676 * Using TLS on OR connections complicates matters in two ways.
677 *
678 * First, a TLS stream has its own read buffer independent of the
679 * connection's read buffer. (TLS needs to read an entire frame from
680 * the network before it can decrypt any data. Thus, trying to read 1
681 * byte from TLS can require that several KB be read from the network
682 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
683 * Because the data hasn't been read by Tor (it's still inside the TLS),
684 * this means that sometimes a connection "has stuff to read" even when
685 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
686 * used in connection.c to detect TLS objects with non-empty internal
687 * buffers and read from them again.
688 *
689 * Second, the TLS stream's events do not correspond directly to network
690 * events: sometimes, before a TLS stream can read, the network must be
691 * ready to write -- or vice versa.
692 */
693 int
695 {
712 }
722 }
724 }
726 /** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk
727 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
728 * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
729 * written on success, 0 on blocking, -1 on failure.
730 */
734 {
735 ssize_t write_result;
736 #if 0 && defined(HAVE_WRITEV) && !defined(WIN32)
744 else
748 }
750 #else
754 #endif
759 #ifdef MS_WINDOWS
762 #endif
764 }
772 }
773 }
775 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk
776 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
777 * more if there is a forced pending write size.) On success, deduct the
778 * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
779 * written on success, and a TOR_TLS error code on failue or blocking.
780 */
784 {
798 }
804 else
810 }
812 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
813 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
814 * the number of bytes actually written, and remove the written bytes
815 * from the buffer. Return the number of bytes written on success,
816 * -1 on failure. Return 0 if write() would block.
817 */
818 int
820 {
821 /* XXXX021 It's stupid to overload the return values for these functions:
822 * "error status" and "number of bytes flushed" are not mutually exclusive.
823 */
837 else
848 }
851 }
853 /** As flush_buf(), but writes data to a TLS connection. Can write more than
854 * <b>flushlen</b> bytes.
855 */
856 int
859 {
862 ssize_t sz;
868 /* we want to let tls write even if flushlen is zero, because it might
869 * have a partial record pending */
878 else
882 }
895 }
897 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
898 * <b>buf</b>.
899 *
900 * Return the new length of the buffer on success, -1 on failure.
901 */
902 int
904 {
922 }
927 }
929 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
930 * onto <b>string</b>.
931 */
934 {
938 /* make sure we don't ask for too much */
940 /* assert_buf_ok(buf); */
952 }
953 }
955 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
956 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
957 * must be \<= the number of bytes on the buffer.
958 */
959 int
961 {
962 /* There must be string_len bytes in buf; write them onto string,
963 * then memmove buf back (that is, remove them from buf).
964 *
965 * Return the number of bytes still on the buffer. */
973 }
975 /** Check <b>buf</b> for a variable-length cell according to the rules of link
976 * protocol version <b>linkproto</b>. If one is found, pull it off the buffer
977 * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1.
978 * Return 0 if whatever is on the start of buf_t is not a variable-length
979 * cell. Return 1 and set *<b>out</b> to NULL if there seems to be the start
980 * of a variable-length cell on <b>buf</b>, but the whole thing isn't there
981 * yet. */
982 int
984 {
989 /* If linkproto is unknown (0) or v2 (2), variable-length cells work as
990 * implemented here. If it's 1, there are no variable-length cells. Tor
991 * does not support other versions right now, and so can't negotiate them.
992 */
1019 }
1021 /** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
1022 * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
1023 * Return the number of bytes actually copied.
1024 */
1025 int
1027 {
1028 /* XXXX we can do way better here, but this doesn't turn up in any
1029 * profiles. */
1039 /* This isn't the most efficient implementation one could imagine, since
1040 * it does two copies instead of 1, but I kinda doubt that this will be
1041 * critical path. */
1046 }
1049 }
1051 /** Internal structure: represents a position in a buffer. */
1058 /** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
1059 static void
1061 {
1065 }
1067 /** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
1068 * position of <b>out</b>, or later. Return -1 if no instances are found;
1069 * otherwise returns the absolute position of the character. */
1070 static off_t
1072 {
1081 }
1082 }
1094 }
1095 }
1097 }
1099 /** Advance <b>pos</b> by a single character, if there are any more characters
1100 * in the buffer. Returns 0 on sucess, -1 on failure. */
1103 {
1111 }
1113 }
1115 /** Return true iff the <b>n</b>-character string in <b>s</b> appears
1116 * (verbatim) at <b>pos</b>. */
1117 static int
1119 {
1120 buf_pos_t p;
1131 /* If we're out of characters that don't match, we match. Check this
1132 * _before_ we test incrementing pos, in case we're at the end of the
1133 * string. */
1138 }
1139 }
1141 /** Return the first position in <b>buf</b> at which the <b>n</b>-character
1142 * string <b>s</b> occurs, or -1 if it does not occur. */
1145 {
1146 buf_pos_t pos;
1155 }
1156 }
1158 }
1160 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
1161 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain nuls.)
1162 * If a) the headers include a Content-Length field and all bytes in
1163 * the body are present, or b) there's no Content-Length field and
1164 * all headers are present, then:
1165 *
1166 * - strdup headers into <b>*headers_out</b>, and nul-terminate it.
1167 * - memdup body into <b>*body_out</b>, and nul-terminate it.
1168 * - Then remove them from <b>buf</b>, and return 1.
1169 *
1170 * - If headers or body is NULL, discard that part of the buf.
1171 * - If a headers or body doesn't fit in the arg, return -1.
1172 * (We ensure that the headers or body don't exceed max len,
1173 * _even if_ we're planning to discard them.)
1174 * - If force_complete is true, then succeed even if not all of the
1175 * content has arrived.
1176 *
1177 * Else, change nothing and return 0.
1178 */
1179 int
1184 {
1201 }
1202 /* Okay, we have a full header. Make sure it all appears in the first
1203 * chunk. */
1216 }
1221 }
1232 }
1234 /* if content-length is malformed, then our body length is 0. fine. */
1240 }
1241 }
1245 }
1246 }
1247 /* all happy. copy into the appropriate places, and return 1 */
1252 }
1259 }
1262 }
1264 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
1265 * of the forms
1266 * - socks4: "socksheader username\\0"
1267 * - socks4a: "socksheader username\\0 destaddr\\0"
1268 * - socks5 phase one: "version #methods methods"
1269 * - socks5 phase two: "version command 0 addresstype..."
1270 * If it's a complete and valid handshake, and destaddr fits in
1271 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
1272 * assign to <b>req</b>, and return 1.
1273 *
1274 * If it's invalid or too big, return -1.
1275 *
1276 * Else it's not all there yet, leave buf alone and return 0.
1277 *
1278 * If you want to specify the socks reply, write it into <b>req->reply</b>
1279 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
1280 *
1281 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
1282 * the connection is possibly leaking DNS requests locally or not.
1283 *
1284 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
1285 *
1286 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
1287 * undefined.
1288 */
1289 int
1292 {
1295 tor_addr_t destaddr;
1302 /* If the user connects with socks4 or the wrong variant of socks5,
1303 * then log a warning to let him know that it might be unwise. */
1326 "socks5: offered methods don't include 'no auth'. "
1332 }
1333 /* remove packet from buf. also remove any other extraneous
1334 * bytes, to support broken socks clients. */
1343 }
1344 /* we know the method; read in the request */
1353 /* not a connect or resolve or a resolve_ptr? we don't support it. */
1357 }
1369 else
1376 "socks5 IP takes %d bytes, which doesn't fit in %d. "
1380 }
1388 "Your application (using socks5 to port %d) is giving "
1389 "Tor only an IP address. Applications that do DNS resolves "
1390 "themselves may leak information. Consider using Socks4A "
1391 "(e.g. via privoxy or socat) instead. For more information, "
1392 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1395 /*have_warned_about_unsafe_socks = 1;*/
1396 /*(for now, warn every time)*/
1402 }
1404 }
1411 }
1419 "socks5 hostname is %d bytes, which doesn't fit in "
1422 }
1429 "Your application (using socks5 to port %d) gave Tor "
1433 }
1436 "Your application (using socks5 to port %d) gave "
1437 "Tor a hostname, which means Tor will do the DNS resolve "
1444 }
1447 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1448 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1457 /* not a connect or resolve? we don't support it. (No resolve_ptr with
1458 * socks4.) */
1462 }
1469 }
1478 }
1482 }
1490 }
1493 }
1501 "Your application (using socks4 to port %d) is giving Tor "
1502 "only an IP address. Applications that do DNS resolves "
1503 "themselves may leak information. Consider using Socks4A "
1504 "(e.g. via privoxy or socat) instead. For more information, "
1505 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1514 }
1519 }
1526 }
1529 }
1533 }
1534 // tor_assert(next < buf->cur+buf->datalen);
1538 "Your application (using socks4a to port %d) gave "
1539 "Tor a hostname, which means Tor will do the DNS resolve "
1541 }
1547 "Your application (using socks4 to port %d) gave Tor "
1551 }
1552 /* next points to the final \0 on inbuf */
1570 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1577 "https://www.torproject.org/documentation.html</a> for more "
1579 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1580 " IE will be willing to display it. Comment comment comment comment "
1587 /* fall through */
1592 {
1598 }
1600 }
1601 }
1603 /** Return 1 iff buf looks more like it has an (obsolete) v0 controller
1604 * command on it than any valid v1 controller command. */
1605 int
1607 {
1615 }
1617 }
1619 /** Return the index within <b>buf</b> at which <b>ch</b> first appears,
1620 * or -1 if <b>ch</b> does not appear on buf. */
1621 static off_t
1623 {
1630 else
1632 }
1634 }
1636 /** Try to read a single LF-terminated line from <b>buf</b>, and write it,
1637 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1638 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1639 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1640 * have a whole line yet, and return -1 if the line length exceeds
1641 * *<b>data_len</b>.
1642 */
1643 int
1645 {
1647 off_t offset;
1659 }
1664 }
1666 /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
1667 * zlib state <b>state</b>, appending the result to <b>buf</b>. If
1668 * <b>done</b> is true, flush the data in the state and finish the
1669 * compression/uncompression. Return -1 on failure, 0 on success. */
1670 int
1674 {
1683 }
1698 /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
1699 * automatically, whether were going to or not. */
1701 }
1703 }
1708 }
1713 }
1715 /** Log an error and exit if <b>buf</b> is corrupted.
1716 */
1717 void
1719 {
1738 }
1740 }
1741 }
1743 #ifdef ENABLE_BUF_FREELISTS
1744 /** Log an error and exit if <b>fl</b> is corrupted.
1745 */
1746 static void
1748 {
1756 }
1760 }
1761 #endif