1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2010, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Implements a generic interface buffer. Buffers are
10 * fairly opaque string holders that can read to or flush from:
11 * memory, file descriptors, or TLS connections.
13 #define BUFFERS_PRIVATE
25 /** Helper: If PARANOIA is defined, assert that the buffer in local variable
26 * <b>buf</b> is well-formed. */
27 #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
29 #define check() STMT_NIL
32 /* Implementation notes:
34 * After flirting with memmove, and dallying with ring-buffers, we're finally
35 * getting up to speed with the 1970s and implementing buffers as a linked
36 * list of small chunks. Each buffer has such a list; data is removed from
37 * the head of the list, and added at the tail. The list is singly linked,
38 * and the buffer keeps a pointer to the head and the tail.
40 * Every chunk, except the tail, contains at least one byte of data. Data in
41 * each chunk is contiguous.
43 * When you need to treat the first N characters on a buffer as a contiguous
44 * string, use the buf_pullup function to make them so. Don't do this more
47 * The major free Unix kernels have handled buffers like this since, like,
51 /* Chunk manipulation functions */
53 /** A single chunk on a buffer or in a freelist. */
54 typedef struct chunk_t
{
55 struct chunk_t
*next
; /**< The next chunk on the buffer or freelist. */
56 size_t datalen
; /**< The number of bytes stored in this chunk */
57 size_t memlen
; /**< The number of usable bytes of storage in <b>mem</b>. */
58 char *data
; /**< A pointer to the first byte of data stored in <b>mem</b>. */
59 char mem
[1]; /**< The actual memory used for storage in this chunk. May be
60 * more than one byte long. */
63 #define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])
65 /** Return the number of bytes needed to allocate a chunk to hold
66 * <b>memlen</b> bytes. */
67 #define CHUNK_ALLOC_SIZE(memlen) (CHUNK_HEADER_LEN + (memlen))
68 /** Return the number of usable bytes in a chunk allocated with
69 * malloc(<b>memlen</b>). */
70 #define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_HEADER_LEN)
72 /** Return the next character in <b>chunk</b> onto which data can be appended.
73 * If the chunk is full, this might be off the end of chunk->mem. */
75 CHUNK_WRITE_PTR(chunk_t
*chunk
)
77 return chunk
->data
+ chunk
->datalen
;
80 /** Return the number of bytes that can be written onto <b>chunk</b> without
81 * running out of space. */
83 CHUNK_REMAINING_CAPACITY(const chunk_t
*chunk
)
85 return (chunk
->mem
+ chunk
->memlen
) - (chunk
->data
+ chunk
->datalen
);
88 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
89 * to free up space at the end. */
91 chunk_repack(chunk_t
*chunk
)
93 if (chunk
->datalen
&& chunk
->data
!= &chunk
->mem
[0]) {
94 memmove(chunk
->mem
, chunk
->data
, chunk
->datalen
);
96 chunk
->data
= &chunk
->mem
[0];
99 #ifdef ENABLE_BUF_FREELISTS
100 /** A freelist of chunks. */
101 typedef struct chunk_freelist_t
{
102 size_t alloc_size
; /**< What size chunks does this freelist hold? */
103 int max_length
; /**< Never allow more than this number of chunks in the
105 int slack
; /**< When trimming the freelist, leave this number of extra
106 * chunks beyond lowest_length.*/
107 int cur_length
; /**< How many chunks on the freelist now? */
108 int lowest_length
; /**< What's the smallest value of cur_length since the
109 * last time we cleaned this freelist? */
113 chunk_t
*head
; /**< First chunk on the freelist. */
116 /** Macro to help define freelists. */
117 #define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }
119 /** Static array of freelists, sorted by alloc_len, terminated by an entry
120 * with alloc_size of 0. */
121 static chunk_freelist_t freelists
[] = {
122 FL(4096, 256, 8), FL(8192, 128, 4), FL(16384, 64, 4), FL(32768, 32, 2),
126 /** How many times have we looked for a chunk of a size that no freelist
127 * could help with? */
128 static uint64_t n_freelist_miss
= 0;
130 static void assert_freelist_ok(chunk_freelist_t
*fl
);
132 /** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if
133 * no freelist exists for that size. */
134 static INLINE chunk_freelist_t
*
135 get_freelist(size_t alloc
)
138 for (i
=0; freelists
[i
].alloc_size
<= alloc
; ++i
) {
139 if (freelists
[i
].alloc_size
== alloc
) {
140 return &freelists
[i
];
146 /** Deallocate a chunk or put it on a freelist */
148 chunk_free(chunk_t
*chunk
)
150 size_t alloc
= CHUNK_ALLOC_SIZE(chunk
->memlen
);
151 chunk_freelist_t
*freelist
= get_freelist(alloc
);
152 if (freelist
&& freelist
->cur_length
< freelist
->max_length
) {
153 chunk
->next
= freelist
->head
;
154 freelist
->head
= chunk
;
155 ++freelist
->cur_length
;
163 /** Allocate a new chunk with a given allocation size, or get one from the
164 * freelist. Note that a chunk with allocation size A can actually hold only
165 * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
166 static INLINE chunk_t
*
167 chunk_new_with_alloc_size(size_t alloc
)
170 chunk_freelist_t
*freelist
;
171 tor_assert(alloc
>= sizeof(chunk_t
));
172 freelist
= get_freelist(alloc
);
173 if (freelist
&& freelist
->head
) {
175 freelist
->head
= ch
->next
;
176 if (--freelist
->cur_length
< freelist
->lowest_length
)
177 freelist
->lowest_length
= freelist
->cur_length
;
180 /* XXXX take advantage of tor_malloc_roundup, once we know how that
181 * affects freelists. */
186 ch
= tor_malloc(alloc
);
190 ch
->memlen
= CHUNK_SIZE_WITH_ALLOC(alloc
);
191 ch
->data
= &ch
->mem
[0];
196 chunk_free(chunk_t
*chunk
)
200 static INLINE chunk_t
*
201 chunk_new_with_alloc_size(size_t alloc
)
204 ch
= tor_malloc_roundup(&alloc
);
207 ch
->memlen
= CHUNK_SIZE_WITH_ALLOC(alloc
);
208 ch
->data
= &ch
->mem
[0];
213 /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
214 * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
215 static INLINE chunk_t
*
216 chunk_grow(chunk_t
*chunk
, size_t sz
)
219 tor_assert(sz
> chunk
->memlen
);
220 offset
= chunk
->data
- chunk
->mem
;
221 chunk
= tor_realloc(chunk
, CHUNK_ALLOC_SIZE(sz
));
223 chunk
->data
= chunk
->mem
+ offset
;
227 /** If a read onto the end of a chunk would be smaller than this number, then
228 * just start a new chunk. */
229 #define MIN_READ_LEN 8
230 /** Every chunk should take up at least this many bytes. */
231 #define MIN_CHUNK_ALLOC 256
232 /** No chunk should take up more than this many bytes. */
233 #define MAX_CHUNK_ALLOC 65536
235 /** Return the allocation size we'd like to use to hold <b>target</b>
238 preferred_chunk_size(size_t target
)
240 size_t sz
= MIN_CHUNK_ALLOC
;
241 while (CHUNK_SIZE_WITH_ALLOC(sz
) < target
) {
247 /** Remove from the freelists most chunks that have not been used since the
248 * last call to buf_shrink_freelists(). */
250 buf_shrink_freelists(int free_all
)
252 #ifdef ENABLE_BUF_FREELISTS
254 for (i
= 0; freelists
[i
].alloc_size
; ++i
) {
255 int slack
= freelists
[i
].slack
;
256 assert_freelist_ok(&freelists
[i
]);
257 if (free_all
|| freelists
[i
].lowest_length
> slack
) {
258 int n_to_free
= free_all
? freelists
[i
].cur_length
:
259 (freelists
[i
].lowest_length
- slack
);
260 int n_to_skip
= freelists
[i
].cur_length
- n_to_free
;
261 int orig_n_to_free
= n_to_free
, n_freed
=0;
262 int new_length
= n_to_skip
;
263 chunk_t
**chp
= &freelists
[i
].head
;
265 log_info(LD_MM
, "Cleaning freelist for %d-byte chunks: keeping %d, "
267 (int)freelists
[i
].alloc_size
, n_to_skip
, n_to_free
);
269 tor_assert((*chp
)->next
);
276 chunk_t
*next
= chunk
->next
;
281 ++freelists
[i
].n_free
;
284 log_warn(LD_BUG
, "Freelist length for %d-byte chunks may have been "
285 "messed up somehow.", (int)freelists
[i
].alloc_size
);
286 log_warn(LD_BUG
, "There were %d chunks at the start. I decided to "
287 "keep %d. I wanted to free %d. I freed %d. I somehow think "
288 "I have %d left to free.",
289 freelists
[i
].cur_length
, n_to_skip
, orig_n_to_free
,
292 // tor_assert(!n_to_free);
293 freelists
[i
].cur_length
= new_length
;
295 freelists
[i
].lowest_length
= freelists
[i
].cur_length
;
296 assert_freelist_ok(&freelists
[i
]);
303 /** Describe the current status of the freelists at log level <b>severity</b>.
306 buf_dump_freelist_sizes(int severity
)
308 #ifdef ENABLE_BUF_FREELISTS
310 log(severity
, LD_MM
, "====== Buffer freelists:");
311 for (i
= 0; freelists
[i
].alloc_size
; ++i
) {
312 uint64_t total
= ((uint64_t)freelists
[i
].cur_length
) *
313 freelists
[i
].alloc_size
;
315 U64_FORMAT
" bytes in %d %d-byte chunks ["U64_FORMAT
316 " misses; "U64_FORMAT
" frees; "U64_FORMAT
" hits]",
317 U64_PRINTF_ARG(total
),
318 freelists
[i
].cur_length
, (int)freelists
[i
].alloc_size
,
319 U64_PRINTF_ARG(freelists
[i
].n_alloc
),
320 U64_PRINTF_ARG(freelists
[i
].n_free
),
321 U64_PRINTF_ARG(freelists
[i
].n_hit
));
323 log(severity
, LD_MM
, U64_FORMAT
" allocations in non-freelist sizes",
324 U64_PRINTF_ARG(n_freelist_miss
));
330 /** Magic value for buf_t.magic, to catch pointer errors. */
331 #define BUFFER_MAGIC 0xB0FFF312u
332 /** A resizeable buffer, optimized for reading and writing. */
334 uint32_t magic
; /**< Magic cookie for debugging: Must be set to
336 size_t datalen
; /**< How many bytes is this buffer holding right now? */
337 size_t default_chunk_size
; /**< Don't allocate any chunks smaller than
338 * this for this buffer. */
339 chunk_t
*head
; /**< First chunk in the list, or NULL for none. */
340 chunk_t
*tail
; /**< Last chunk in the list, or NULL for none. */
343 /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
344 * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
345 * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
347 * If <b>nulterminate</b> is true, ensure that there is a 0 byte in
348 * buf->head->mem right after all the data. */
350 buf_pullup(buf_t
*buf
, size_t bytes
, int nulterminate
)
358 if (buf
->datalen
< bytes
)
359 bytes
= buf
->datalen
;
362 capacity
= bytes
+ 1;
363 if (buf
->head
->datalen
>= bytes
&& CHUNK_REMAINING_CAPACITY(buf
->head
)) {
364 *CHUNK_WRITE_PTR(buf
->head
) = '\0';
369 if (buf
->head
->datalen
>= bytes
)
373 if (buf
->head
->memlen
>= capacity
) {
374 /* We don't need to grow the first chunk, but we might need to repack it.*/
375 if (CHUNK_REMAINING_CAPACITY(buf
->head
) < capacity
-buf
->datalen
)
376 chunk_repack(buf
->head
);
377 tor_assert(CHUNK_REMAINING_CAPACITY(buf
->head
) >= capacity
-buf
->datalen
);
381 /* We need to grow the chunk. */
382 chunk_repack(buf
->head
);
383 newsize
= CHUNK_SIZE_WITH_ALLOC(preferred_chunk_size(capacity
));
384 newhead
= chunk_grow(buf
->head
, newsize
);
385 tor_assert(newhead
->memlen
>= capacity
);
386 if (newhead
!= buf
->head
) {
387 if (buf
->tail
== buf
->head
)
394 while (dest
->datalen
< bytes
) {
395 size_t n
= bytes
- dest
->datalen
;
398 if (n
> src
->datalen
) {
399 memcpy(CHUNK_WRITE_PTR(dest
), src
->data
, src
->datalen
);
400 dest
->datalen
+= src
->datalen
;
401 dest
->next
= src
->next
;
402 if (buf
->tail
== src
)
406 memcpy(CHUNK_WRITE_PTR(dest
), src
->data
, n
);
410 tor_assert(dest
->datalen
== bytes
);
415 tor_assert(CHUNK_REMAINING_CAPACITY(buf
->head
));
416 *CHUNK_WRITE_PTR(buf
->head
) = '\0';
422 /** Resize buf so it won't hold extra memory that we haven't been
426 buf_shrink(buf_t
*buf
)
431 /** Remove the first <b>n</b> bytes from buf. */
433 buf_remove_from_front(buf_t
*buf
, size_t n
)
435 tor_assert(buf
->datalen
>= n
);
437 tor_assert(buf
->head
);
438 if (buf
->head
->datalen
> n
) {
439 buf
->head
->datalen
-= n
;
440 buf
->head
->data
+= n
;
444 chunk_t
*victim
= buf
->head
;
445 n
-= victim
->datalen
;
446 buf
->datalen
-= victim
->datalen
;
447 buf
->head
= victim
->next
;
448 if (buf
->tail
== victim
)
456 /** Create and return a new buf with default chunk capacity <b>size</b>.
459 buf_new_with_capacity(size_t size
)
461 buf_t
*b
= buf_new();
462 b
->default_chunk_size
= preferred_chunk_size(size
);
466 /** Allocate and return a new buffer with default capacity. */
470 buf_t
*buf
= tor_malloc_zero(sizeof(buf_t
));
471 buf
->magic
= BUFFER_MAGIC
;
472 buf
->default_chunk_size
= 4096;
476 /** Remove all data from <b>buf</b>. */
478 buf_clear(buf_t
*buf
)
480 chunk_t
*chunk
, *next
;
482 for (chunk
= buf
->head
; chunk
; chunk
= next
) {
486 buf
->head
= buf
->tail
= NULL
;
489 /** Return the number of bytes stored in <b>buf</b> */
491 buf_datalen(const buf_t
*buf
)
496 /** Return the total length of all chunks used in <b>buf</b>. */
498 buf_allocation(const buf_t
*buf
)
501 const chunk_t
*chunk
;
502 for (chunk
= buf
->head
; chunk
; chunk
= chunk
->next
) {
503 total
+= chunk
->memlen
;
508 /** Return the number of bytes that can be added to <b>buf</b> without
509 * performing any additional allocation. */
511 buf_slack(const buf_t
*buf
)
516 return CHUNK_REMAINING_CAPACITY(buf
->tail
);
519 /** Release storage held by <b>buf</b>. */
524 buf
->magic
= 0xdeadbeef;
528 /** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
529 * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
530 * than MAX_CHUNK_ALLOC. */
532 buf_add_chunk_with_capacity(buf_t
*buf
, size_t capacity
, int capped
)
535 if (CHUNK_ALLOC_SIZE(capacity
) < buf
->default_chunk_size
) {
536 chunk
= chunk_new_with_alloc_size(buf
->default_chunk_size
);
537 } else if (capped
&& CHUNK_ALLOC_SIZE(capacity
) > MAX_CHUNK_ALLOC
) {
538 chunk
= chunk_new_with_alloc_size(MAX_CHUNK_ALLOC
);
540 chunk
= chunk_new_with_alloc_size(preferred_chunk_size(capacity
));
543 tor_assert(buf
->head
);
544 buf
->tail
->next
= chunk
;
547 tor_assert(!buf
->head
);
548 buf
->head
= buf
->tail
= chunk
;
554 /** If we're using readv and writev, how many chunks are we willing to
555 * read/write at a time? */
558 /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
559 * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
560 * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
561 * and the number of bytes read otherwise. */
563 read_to_chunk(buf_t
*buf
, chunk_t
*chunk
, int fd
, size_t at_most
,
564 int *reached_eof
, int *socket_error
)
567 #if 0 && defined(HAVE_READV) && !defined(WIN32)
568 struct iovec iov
[N_IOV
];
570 size_t remaining
= at_most
;
571 for (i
=0; chunk
&& i
< N_IOV
&& remaining
; ++i
) {
572 iov
[i
].iov_base
= CHUNK_WRITE_PTR(chunk
);
573 if (remaining
> CHUNK_REMAINING_CAPACITY(chunk
))
574 iov
[i
].iov_len
= CHUNK_REMAINING_CAPACITY(chunk
);
576 iov
[i
].iov_len
= remaining
;
577 remaining
-= iov
[i
].iov_len
;
580 read_result
= readv(fd
, iov
, i
);
582 if (at_most
> CHUNK_REMAINING_CAPACITY(chunk
))
583 at_most
= CHUNK_REMAINING_CAPACITY(chunk
);
584 read_result
= tor_socket_recv(fd
, CHUNK_WRITE_PTR(chunk
), at_most
, 0);
587 if (read_result
< 0) {
588 int e
= tor_socket_errno(fd
);
589 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
592 log_warn(LD_NET
,"recv() failed: WSAENOBUFS. Not enough ram?");
597 return 0; /* would block. */
598 } else if (read_result
== 0) {
599 log_debug(LD_NET
,"Encountered eof on fd %d", (int)fd
);
602 } else { /* actually got bytes. */
603 buf
->datalen
+= read_result
;
604 #if 0 && defined(HAVE_READV) && !defined(WIN32)
605 while ((size_t)read_result
> CHUNK_REMAINING_CAPACITY(chunk
)) {
606 chunk
->datalen
+= CHUNK_REMAINING_CAPACITY(chunk
);
607 read_result
-= CHUNK_REMAINING_CAPACITY(chunk
);
612 chunk
->datalen
+= read_result
;
613 log_debug(LD_NET
,"Read %ld bytes. %d on inbuf.", (long)read_result
,
615 tor_assert(read_result
< INT_MAX
);
616 return (int)read_result
;
620 /** As read_to_chunk(), but return (negative) error code on error, blocking,
621 * or TLS, and the number of bytes read otherwise. */
623 read_to_chunk_tls(buf_t
*buf
, chunk_t
*chunk
, tor_tls_t
*tls
,
628 tor_assert(CHUNK_REMAINING_CAPACITY(chunk
) >= at_most
);
629 read_result
= tor_tls_read(tls
, CHUNK_WRITE_PTR(chunk
), at_most
);
632 buf
->datalen
+= read_result
;
633 chunk
->datalen
+= read_result
;
637 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
638 * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
639 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
640 * error; else return the number of bytes read.
642 /* XXXX021 indicate "read blocked" somehow? */
644 read_to_buf(int s
, size_t at_most
, buf_t
*buf
, int *reached_eof
,
647 /* XXXX021 It's stupid to overload the return values for these functions:
648 * "error status" and "number of bytes read" are not mutually exclusive.
651 size_t total_read
= 0;
654 tor_assert(reached_eof
);
657 while (at_most
> total_read
) {
658 size_t readlen
= at_most
- total_read
;
660 if (!buf
->tail
|| CHUNK_REMAINING_CAPACITY(buf
->tail
) < MIN_READ_LEN
) {
661 chunk
= buf_add_chunk_with_capacity(buf
, at_most
, 1);
662 if (readlen
> chunk
->memlen
)
663 readlen
= chunk
->memlen
;
665 size_t cap
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
671 r
= read_to_chunk(buf
, chunk
, s
, readlen
, reached_eof
, socket_error
);
674 return r
; /* Error */
675 tor_assert(total_read
+r
< INT_MAX
);
677 if ((size_t)r
< readlen
) { /* eof, block, or no more to read. */
681 return (int)total_read
;
684 /** As read_to_buf, but reads from a TLS connection, and returns a TLS
685 * status value rather than the number of bytes read.
687 * Using TLS on OR connections complicates matters in two ways.
689 * First, a TLS stream has its own read buffer independent of the
690 * connection's read buffer. (TLS needs to read an entire frame from
691 * the network before it can decrypt any data. Thus, trying to read 1
692 * byte from TLS can require that several KB be read from the network
693 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
694 * Because the data hasn't been read by Tor (it's still inside the TLS),
695 * this means that sometimes a connection "has stuff to read" even when
696 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
697 * used in connection.c to detect TLS objects with non-empty internal
698 * buffers and read from them again.
700 * Second, the TLS stream's events do not correspond directly to network
701 * events: sometimes, before a TLS stream can read, the network must be
702 * ready to write -- or vice versa.
705 read_to_buf_tls(tor_tls_t
*tls
, size_t at_most
, buf_t
*buf
)
708 size_t total_read
= 0;
711 while (at_most
> total_read
) {
712 size_t readlen
= at_most
- total_read
;
714 if (!buf
->tail
|| CHUNK_REMAINING_CAPACITY(buf
->tail
) < MIN_READ_LEN
) {
715 chunk
= buf_add_chunk_with_capacity(buf
, at_most
, 1);
716 if (readlen
> chunk
->memlen
)
717 readlen
= chunk
->memlen
;
719 size_t cap
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
725 r
= read_to_chunk_tls(buf
, chunk
, tls
, readlen
);
728 return r
; /* Error */
729 tor_assert(total_read
+r
< INT_MAX
);
731 if ((size_t)r
< readlen
) /* eof, block, or no more to read. */
734 return (int)total_read
;
737 /** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk
738 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
739 * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
740 * written on success, 0 on blocking, -1 on failure.
743 flush_chunk(int s
, buf_t
*buf
, chunk_t
*chunk
, size_t sz
,
744 size_t *buf_flushlen
)
746 ssize_t write_result
;
747 #if 0 && defined(HAVE_WRITEV) && !defined(WIN32)
748 struct iovec iov
[N_IOV
];
750 size_t remaining
= sz
;
751 for (i
=0; chunk
&& i
< N_IOV
&& remaining
; ++i
) {
752 iov
[i
].iov_base
= chunk
->data
;
753 if (remaining
> chunk
->datalen
)
754 iov
[i
].iov_len
= chunk
->datalen
;
756 iov
[i
].iov_len
= remaining
;
757 remaining
-= iov
[i
].iov_len
;
760 write_result
= writev(s
, iov
, i
);
762 if (sz
> chunk
->datalen
)
764 write_result
= tor_socket_send(s
, chunk
->data
, sz
, 0);
767 if (write_result
< 0) {
768 int e
= tor_socket_errno(s
);
769 if (!ERRNO_IS_EAGAIN(e
)) { /* it's a real error */
772 log_warn(LD_NET
,"write() failed: WSAENOBUFS. Not enough ram?");
776 log_debug(LD_NET
,"write() would block, returning.");
779 *buf_flushlen
-= write_result
;
780 buf_remove_from_front(buf
, write_result
);
781 tor_assert(write_result
< INT_MAX
);
782 return (int)write_result
;
786 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk
787 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
788 * more if there is a forced pending write size.) On success, deduct the
789 * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
790 * written on success, and a TOR_TLS error code on failure or blocking.
793 flush_chunk_tls(tor_tls_t
*tls
, buf_t
*buf
, chunk_t
*chunk
,
794 size_t sz
, size_t *buf_flushlen
)
800 forced
= tor_tls_get_forced_write_size(tls
);
805 tor_assert(sz
<= chunk
->datalen
);
810 r
= tor_tls_write(tls
, data
, sz
);
813 if (*buf_flushlen
> (size_t)r
)
817 buf_remove_from_front(buf
, r
);
818 log_debug(LD_NET
,"flushed %d bytes, %d ready to flush, %d remain.",
819 r
,(int)*buf_flushlen
,(int)buf
->datalen
);
823 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
824 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
825 * the number of bytes actually written, and remove the written bytes
826 * from the buffer. Return the number of bytes written on success,
827 * -1 on failure. Return 0 if write() would block.
830 flush_buf(int s
, buf_t
*buf
, size_t sz
, size_t *buf_flushlen
)
832 /* XXXX021 It's stupid to overload the return values for these functions:
833 * "error status" and "number of bytes flushed" are not mutually exclusive.
837 tor_assert(buf_flushlen
);
839 tor_assert(*buf_flushlen
<= buf
->datalen
);
840 tor_assert(sz
<= *buf_flushlen
);
845 tor_assert(buf
->head
);
846 if (buf
->head
->datalen
>= sz
)
849 flushlen0
= buf
->head
->datalen
;
851 r
= flush_chunk(s
, buf
, buf
->head
, flushlen0
, buf_flushlen
);
857 if (r
== 0 || (size_t)r
< flushlen0
) /* can't flush any more now. */
860 tor_assert(flushed
< INT_MAX
);
864 /** As flush_buf(), but writes data to a TLS connection. Can write more than
865 * <b>flushlen</b> bytes.
868 flush_buf_tls(tor_tls_t
*tls
, buf_t
*buf
, size_t flushlen
,
869 size_t *buf_flushlen
)
874 tor_assert(buf_flushlen
);
875 tor_assert(*buf_flushlen
<= buf
->datalen
);
876 tor_assert(flushlen
<= *buf_flushlen
);
877 sz
= (ssize_t
) flushlen
;
879 /* we want to let tls write even if flushlen is zero, because it might
880 * have a partial record pending */
881 check_no_tls_errors();
887 if ((ssize_t
)buf
->head
->datalen
>= sz
)
890 flushlen0
= buf
->head
->datalen
;
895 r
= flush_chunk_tls(tls
, buf
, buf
->head
, flushlen0
, buf_flushlen
);
901 if (r
== 0) /* Can't flush any more now. */
904 tor_assert(flushed
< INT_MAX
);
908 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
911 * Return the new length of the buffer on success, -1 on failure.
914 write_to_buf(const char *string
, size_t string_len
, buf_t
*buf
)
917 return (int)buf
->datalen
;
922 if (!buf
->tail
|| !CHUNK_REMAINING_CAPACITY(buf
->tail
))
923 buf_add_chunk_with_capacity(buf
, string_len
, 1);
925 copy
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
926 if (copy
> string_len
)
928 memcpy(CHUNK_WRITE_PTR(buf
->tail
), string
, copy
);
931 buf
->datalen
+= copy
;
932 buf
->tail
->datalen
+= copy
;
936 tor_assert(buf
->datalen
< INT_MAX
);
937 return (int)buf
->datalen
;
940 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
941 * onto <b>string</b>.
944 peek_from_buf(char *string
, size_t string_len
, const buf_t
*buf
)
949 /* make sure we don't ask for too much */
950 tor_assert(string_len
<= buf
->datalen
);
951 /* assert_buf_ok(buf); */
955 size_t copy
= string_len
;
957 if (chunk
->datalen
< copy
)
958 copy
= chunk
->datalen
;
959 memcpy(string
, chunk
->data
, copy
);
966 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
967 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
968 * must be \<= the number of bytes on the buffer.
971 fetch_from_buf(char *string
, size_t string_len
, buf_t
*buf
)
973 /* There must be string_len bytes in buf; write them onto string,
974 * then memmove buf back (that is, remove them from buf).
976 * Return the number of bytes still on the buffer. */
979 peek_from_buf(string
, string_len
, buf
);
980 buf_remove_from_front(buf
, string_len
);
982 tor_assert(buf
->datalen
< INT_MAX
);
983 return (int)buf
->datalen
;
986 /** Check <b>buf</b> for a variable-length cell according to the rules of link
987 * protocol version <b>linkproto</b>. If one is found, pull it off the buffer
988 * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1.
989 * Return 0 if whatever is on the start of buf_t is not a variable-length
990 * cell. Return 1 and set *<b>out</b> to NULL if there seems to be the start
991 * of a variable-length cell on <b>buf</b>, but the whole thing isn't there
994 fetch_var_cell_from_buf(buf_t
*buf
, var_cell_t
**out
, int linkproto
)
996 char hdr
[VAR_CELL_HEADER_SIZE
];
1000 /* If linkproto is unknown (0) or v2 (2), variable-length cells work as
1001 * implemented here. If it's 1, there are no variable-length cells. Tor
1002 * does not support other versions right now, and so can't negotiate them.
1008 if (buf
->datalen
< VAR_CELL_HEADER_SIZE
)
1010 peek_from_buf(hdr
, sizeof(hdr
), buf
);
1012 command
= get_uint8(hdr
+2);
1013 if (!(CELL_COMMAND_IS_VAR_LENGTH(command
)))
1016 length
= ntohs(get_uint16(hdr
+3));
1017 if (buf
->datalen
< (size_t)(VAR_CELL_HEADER_SIZE
+length
))
1019 result
= var_cell_new(length
);
1020 result
->command
= command
;
1021 result
->circ_id
= ntohs(get_uint16(hdr
));
1023 buf_remove_from_front(buf
, VAR_CELL_HEADER_SIZE
);
1024 peek_from_buf(result
->payload
, length
, buf
);
1025 buf_remove_from_front(buf
, length
);
1032 /** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
1033 * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
1034 * Return the number of bytes actually copied.
1037 move_buf_to_buf(buf_t
*buf_out
, buf_t
*buf_in
, size_t *buf_flushlen
)
1039 /* XXXX we can do way better here, but this doesn't turn up in any
1043 len
= *buf_flushlen
;
1044 if (len
> buf_in
->datalen
)
1045 len
= buf_in
->datalen
;
1047 cp
= len
; /* Remember the number of bytes we intend to copy. */
1048 tor_assert(cp
< INT_MAX
);
1050 /* This isn't the most efficient implementation one could imagine, since
1051 * it does two copies instead of 1, but I kinda doubt that this will be
1053 size_t n
= len
> sizeof(b
) ? sizeof(b
) : len
;
1054 fetch_from_buf(b
, n
, buf_in
);
1055 write_to_buf(b
, n
, buf_out
);
1058 *buf_flushlen
-= cp
;
1062 /** Internal structure: represents a position in a buffer. */
1063 typedef struct buf_pos_t
{
1064 const chunk_t
*chunk
; /**< Which chunk are we pointing to? */
1065 int pos
;/**< Which character inside the chunk's data are we pointing to? */
1066 size_t chunk_pos
; /**< Total length of all previous chunks. */
1069 /** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
1071 buf_pos_init(const buf_t
*buf
, buf_pos_t
*out
)
1073 out
->chunk
= buf
->head
;
1078 /** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
1079 * position of <b>out</b>, or later. Return -1 if no instances are found;
1080 * otherwise returns the absolute position of the character. */
1082 buf_find_pos_of_char(char ch
, buf_pos_t
*out
)
1084 const chunk_t
*chunk
;
1088 if (out
->chunk
->datalen
) {
1089 tor_assert(out
->pos
< (off_t
)out
->chunk
->datalen
);
1091 tor_assert(out
->pos
== 0);
1095 for (chunk
= out
->chunk
; chunk
; chunk
= chunk
->next
) {
1096 char *cp
= memchr(chunk
->data
+pos
, ch
, chunk
->datalen
- pos
);
1099 tor_assert(cp
- chunk
->data
< INT_MAX
);
1100 out
->pos
= (int)(cp
- chunk
->data
);
1101 return out
->chunk_pos
+ out
->pos
;
1103 out
->chunk_pos
+= chunk
->datalen
;
1110 /** Advance <b>pos</b> by a single character, if there are any more characters
1111 * in the buffer. Returns 0 on success, -1 on failure. */
1113 buf_pos_inc(buf_pos_t
*pos
)
1116 if (pos
->pos
== (off_t
)pos
->chunk
->datalen
) {
1117 if (!pos
->chunk
->next
)
1119 pos
->chunk_pos
+= pos
->chunk
->datalen
;
1120 pos
->chunk
= pos
->chunk
->next
;
1126 /** Return true iff the <b>n</b>-character string in <b>s</b> appears
1127 * (verbatim) at <b>pos</b>. */
1129 buf_matches_at_pos(const buf_pos_t
*pos
, const char *s
, size_t n
)
1135 memcpy(&p
, pos
, sizeof(p
));
1138 char ch
= p
.chunk
->data
[p
.pos
];
1142 /* If we're out of characters that don't match, we match. Check this
1143 * _before_ we test incrementing pos, in case we're at the end of the
1147 if (buf_pos_inc(&p
)<0)
1152 /** Return the first position in <b>buf</b> at which the <b>n</b>-character
1153 * string <b>s</b> occurs, or -1 if it does not occur. */
1155 buf_find_string_offset(const buf_t
*buf
, const char *s
, size_t n
)
1158 buf_pos_init(buf
, &pos
);
1159 while (buf_find_pos_of_char(*s
, &pos
) >= 0) {
1160 if (buf_matches_at_pos(&pos
, s
, n
)) {
1161 tor_assert(pos
.chunk_pos
+ pos
.pos
< INT_MAX
);
1162 return (int)(pos
.chunk_pos
+ pos
.pos
);
1164 if (buf_pos_inc(&pos
)<0)
1171 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
1172 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
1173 * If a) the headers include a Content-Length field and all bytes in
1174 * the body are present, or b) there's no Content-Length field and
1175 * all headers are present, then:
1177 * - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
1178 * - memdup body into <b>*body_out</b>, and NUL-terminate it.
1179 * - Then remove them from <b>buf</b>, and return 1.
1181 * - If headers or body is NULL, discard that part of the buf.
1182 * - If a headers or body doesn't fit in the arg, return -1.
1183 * (We ensure that the headers or body don't exceed max len,
1184 * _even if_ we're planning to discard them.)
1185 * - If force_complete is true, then succeed even if not all of the
1186 * content has arrived.
1188 * Else, change nothing and return 0.
1191 fetch_from_buf_http(buf_t
*buf
,
1192 char **headers_out
, size_t max_headerlen
,
1193 char **body_out
, size_t *body_used
, size_t max_bodylen
,
1197 size_t headerlen
, bodylen
, contentlen
;
1204 crlf_offset
= buf_find_string_offset(buf
, "\r\n\r\n", 4);
1205 if (crlf_offset
> (int)max_headerlen
||
1206 (crlf_offset
< 0 && buf
->datalen
> max_headerlen
)) {
1207 log_debug(LD_HTTP
,"headers too long.");
1209 } else if (crlf_offset
< 0) {
1210 log_debug(LD_HTTP
,"headers not all here yet.");
1213 /* Okay, we have a full header. Make sure it all appears in the first
1215 if ((int)buf
->head
->datalen
< crlf_offset
+ 4)
1216 buf_pullup(buf
, crlf_offset
+4, 0);
1217 headerlen
= crlf_offset
+ 4;
1219 headers
= buf
->head
->data
;
1220 bodylen
= buf
->datalen
- headerlen
;
1221 log_debug(LD_HTTP
,"headerlen %d, bodylen %d.", (int)headerlen
, (int)bodylen
);
1223 if (max_headerlen
<= headerlen
) {
1224 log_warn(LD_HTTP
,"headerlen %d larger than %d. Failing.",
1225 (int)headerlen
, (int)max_headerlen
-1);
1228 if (max_bodylen
<= bodylen
) {
1229 log_warn(LD_HTTP
,"bodylen %d larger than %d. Failing.",
1230 (int)bodylen
, (int)max_bodylen
-1);
1234 #define CONTENT_LENGTH "\r\nContent-Length: "
1235 p
= (char*) tor_memstr(headers
, headerlen
, CONTENT_LENGTH
);
1238 i
= atoi(p
+strlen(CONTENT_LENGTH
));
1240 log_warn(LD_PROTOCOL
, "Content-Length is less than zero; it looks like "
1241 "someone is trying to crash us.");
1245 /* if content-length is malformed, then our body length is 0. fine. */
1246 log_debug(LD_HTTP
,"Got a contentlen of %d.",(int)contentlen
);
1247 if (bodylen
< contentlen
) {
1248 if (!force_complete
) {
1249 log_debug(LD_HTTP
,"body not all here yet.");
1250 return 0; /* not all there yet */
1253 if (bodylen
> contentlen
) {
1254 bodylen
= contentlen
;
1255 log_debug(LD_HTTP
,"bodylen reduced to %d.",(int)bodylen
);
1258 /* all happy. copy into the appropriate places, and return 1 */
1260 *headers_out
= tor_malloc(headerlen
+1);
1261 fetch_from_buf(*headers_out
, headerlen
, buf
);
1262 (*headers_out
)[headerlen
] = 0; /* NUL terminate it */
1265 tor_assert(body_used
);
1266 *body_used
= bodylen
;
1267 *body_out
= tor_malloc(bodylen
+1);
1268 fetch_from_buf(*body_out
, bodylen
, buf
);
1269 (*body_out
)[bodylen
] = 0; /* NUL terminate it */
1275 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
1277 * - socks4: "socksheader username\\0"
1278 * - socks4a: "socksheader username\\0 destaddr\\0"
1279 * - socks5 phase one: "version #methods methods"
1280 * - socks5 phase two: "version command 0 addresstype..."
1281 * If it's a complete and valid handshake, and destaddr fits in
1282 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
1283 * assign to <b>req</b>, and return 1.
1285 * If it's invalid or too big, return -1.
1287 * Else it's not all there yet, leave buf alone and return 0.
1289 * If you want to specify the socks reply, write it into <b>req->reply</b>
1290 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
1292 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
1293 * the connection is possibly leaking DNS requests locally or not.
1295 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
1297 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
1301 fetch_from_buf_socks(buf_t
*buf
, socks_request_t
*req
,
1302 int log_sockstype
, int safe_socks
)
1305 char tmpbuf
[TOR_ADDR_BUF_LEN
+1];
1306 tor_addr_t destaddr
;
1309 enum {socks4
, socks4a
} socks4_prot
= socks4a
;
1310 char *next
, *startaddr
;
1313 /* If the user connects with socks4 or the wrong variant of socks5,
1314 * then log a warning to let him know that it might be unwise. */
1315 static int have_warned_about_unsafe_socks
= 0;
1317 if (buf
->datalen
< 2) /* version and another byte */
1320 buf_pullup(buf
, 128, 0);
1321 tor_assert(buf
->head
&& buf
->head
->datalen
>= 2);
1323 socksver
= *buf
->head
->data
;
1325 switch (socksver
) { /* which version of socks? */
1327 case 5: /* socks5 */
1329 if (req
->socks_version
!= 5) { /* we need to negotiate a method */
1330 unsigned char nummethods
= (unsigned char)*(buf
->head
->data
+1);
1331 tor_assert(!req
->socks_version
);
1332 if (buf
->datalen
< 2u+nummethods
)
1334 buf_pullup(buf
, 2u+nummethods
, 0);
1335 if (!nummethods
|| !memchr(buf
->head
->data
+2, 0, nummethods
)) {
1337 "socks5: offered methods don't include 'no auth'. "
1339 req
->replylen
= 2; /* 2 bytes of response */
1341 req
->reply
[1] = '\xFF'; /* reject all methods */
1344 /* remove packet from buf. also remove any other extraneous
1345 * bytes, to support broken socks clients. */
1348 req
->replylen
= 2; /* 2 bytes of response */
1349 req
->reply
[0] = 5; /* socks5 reply */
1350 req
->reply
[1] = 0; /* tell client to use "none" auth method */
1351 req
->socks_version
= 5; /* remember we've already negotiated auth */
1352 log_debug(LD_APP
,"socks5: accepted method 0");
1355 /* we know the method; read in the request */
1356 log_debug(LD_APP
,"socks5: checking request");
1357 if (buf
->datalen
< 8) /* basic info plus >=2 for addr plus 2 for port */
1358 return 0; /* not yet */
1359 tor_assert(buf
->head
->datalen
>= 8);
1360 req
->command
= (unsigned char) *(buf
->head
->data
+1);
1361 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
1362 req
->command
!= SOCKS_COMMAND_RESOLVE
&&
1363 req
->command
!= SOCKS_COMMAND_RESOLVE_PTR
) {
1364 /* not a connect or resolve or a resolve_ptr? we don't support it. */
1365 log_warn(LD_APP
,"socks5: command %d not recognized. Rejecting.",
1369 switch (*(buf
->head
->data
+3)) { /* address type */
1370 case 1: /* IPv4 address */
1371 case 4: /* IPv6 address */ {
1372 const int is_v6
= *(buf
->head
->data
+3) == 4;
1373 const unsigned addrlen
= is_v6
? 16 : 4;
1374 log_debug(LD_APP
,"socks5: ipv4 address type");
1375 if (buf
->datalen
< 6+addrlen
) /* ip/port there? */
1376 return 0; /* not yet */
1379 tor_addr_from_ipv6_bytes(&destaddr
, buf
->head
->data
+4);
1381 tor_addr_from_ipv4n(&destaddr
, get_uint32(buf
->head
->data
+4));
1383 tor_addr_to_str(tmpbuf
, &destaddr
, sizeof(tmpbuf
), 1);
1385 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
1387 "socks5 IP takes %d bytes, which doesn't fit in %d. "
1389 (int)strlen(tmpbuf
)+1,(int)MAX_SOCKS_ADDR_LEN
);
1392 strlcpy(req
->address
,tmpbuf
,sizeof(req
->address
));
1393 req
->port
= ntohs(get_uint16(buf
->head
->data
+4+addrlen
));
1394 buf_remove_from_front(buf
, 6+addrlen
);
1395 if (req
->command
!= SOCKS_COMMAND_RESOLVE_PTR
&&
1396 !addressmap_have_mapping(req
->address
,0) &&
1397 !have_warned_about_unsafe_socks
) {
1399 "Your application (using socks5 to port %d) is giving "
1400 "Tor only an IP address. Applications that do DNS resolves "
1401 "themselves may leak information. Consider using Socks4A "
1402 "(e.g. via privoxy or socat) instead. For more information, "
1403 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1404 "TorFAQ#SOCKSAndDNS.%s", req
->port
,
1405 safe_socks
? " Rejecting." : "");
1406 /*have_warned_about_unsafe_socks = 1;*/
1407 /*(for now, warn every time)*/
1408 control_event_client_status(LOG_WARN
,
1409 "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
1410 req
->address
, req
->port
);
1417 log_debug(LD_APP
,"socks5: fqdn address type");
1418 if (req
->command
== SOCKS_COMMAND_RESOLVE_PTR
) {
1419 log_warn(LD_APP
, "socks5 received RESOLVE_PTR command with "
1420 "hostname type. Rejecting.");
1423 len
= (unsigned char)*(buf
->head
->data
+4);
1424 if (buf
->datalen
< 7+len
) /* addr/port there? */
1425 return 0; /* not yet */
1426 buf_pullup(buf
, 7+len
, 0);
1427 tor_assert(buf
->head
->datalen
>= 7+len
);
1428 if (len
+1 > MAX_SOCKS_ADDR_LEN
) {
1430 "socks5 hostname is %d bytes, which doesn't fit in "
1431 "%d. Rejecting.", len
+1,MAX_SOCKS_ADDR_LEN
);
1434 memcpy(req
->address
,buf
->head
->data
+5,len
);
1435 req
->address
[len
] = 0;
1436 req
->port
= ntohs(get_uint16(buf
->head
->data
+5+len
));
1437 buf_remove_from_front(buf
, 5+len
+2);
1438 if (!tor_strisprint(req
->address
) || strchr(req
->address
,'\"')) {
1439 log_warn(LD_PROTOCOL
,
1440 "Your application (using socks5 to port %d) gave Tor "
1441 "a malformed hostname: %s. Rejecting the connection.",
1442 req
->port
, escaped(req
->address
));
1447 "Your application (using socks5 to port %d) gave "
1448 "Tor a hostname, which means Tor will do the DNS resolve "
1449 "for you. This is good.", req
->port
);
1451 default: /* unsupported */
1452 log_warn(LD_APP
,"socks5: unsupported address type %d. Rejecting.",
1453 (int) *(buf
->head
->data
+3));
1457 case 4: /* socks4 */
1458 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1459 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1461 req
->socks_version
= 4;
1462 if (buf
->datalen
< SOCKS4_NETWORK_LEN
) /* basic info available? */
1463 return 0; /* not yet */
1464 buf_pullup(buf
, 1280, 0);
1465 req
->command
= (unsigned char) *(buf
->head
->data
+1);
1466 if (req
->command
!= SOCKS_COMMAND_CONNECT
&&
1467 req
->command
!= SOCKS_COMMAND_RESOLVE
) {
1468 /* not a connect or resolve? we don't support it. (No resolve_ptr with
1470 log_warn(LD_APP
,"socks4: command %d not recognized. Rejecting.",
1475 req
->port
= ntohs(*(uint16_t*)(buf
->head
->data
+2));
1476 destip
= ntohl(*(uint32_t*)(buf
->head
->data
+4));
1477 if ((!req
->port
&& req
->command
!=SOCKS_COMMAND_RESOLVE
) || !destip
) {
1478 log_warn(LD_APP
,"socks4: Port or DestIP is zero. Rejecting.");
1482 log_debug(LD_APP
,"socks4: destip not in form 0.0.0.x.");
1483 in
.s_addr
= htonl(destip
);
1484 tor_inet_ntoa(&in
,tmpbuf
,sizeof(tmpbuf
));
1485 if (strlen(tmpbuf
)+1 > MAX_SOCKS_ADDR_LEN
) {
1486 log_debug(LD_APP
,"socks4 addr (%d bytes) too long. Rejecting.",
1487 (int)strlen(tmpbuf
));
1491 "socks4: successfully read destip (%s)", safe_str(tmpbuf
));
1492 socks4_prot
= socks4
;
1495 next
= memchr(buf
->head
->data
+SOCKS4_NETWORK_LEN
, 0,
1496 buf
->head
->datalen
-SOCKS4_NETWORK_LEN
);
1498 if (buf
->head
->datalen
>= 1024) {
1499 log_debug(LD_APP
, "Socks4 user name too long; rejecting.");
1502 log_debug(LD_APP
,"socks4: Username not here yet.");
1505 tor_assert(next
< CHUNK_WRITE_PTR(buf
->head
));
1508 if (socks4_prot
!= socks4a
&&
1509 !addressmap_have_mapping(tmpbuf
,0) &&
1510 !have_warned_about_unsafe_socks
) {
1512 "Your application (using socks4 to port %d) is giving Tor "
1513 "only an IP address. Applications that do DNS resolves "
1514 "themselves may leak information. Consider using Socks4A "
1515 "(e.g. via privoxy or socat) instead. For more information, "
1516 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1517 "TorFAQ#SOCKSAndDNS.%s", req
->port
,
1518 safe_socks
? " Rejecting." : "");
1519 /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/
1520 control_event_client_status(LOG_WARN
,
1521 "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
1526 if (socks4_prot
== socks4a
) {
1527 if (next
+1 == CHUNK_WRITE_PTR(buf
->head
)) {
1528 log_debug(LD_APP
,"socks4: No part of destaddr here yet.");
1532 next
= memchr(startaddr
, 0, CHUNK_WRITE_PTR(buf
->head
)-startaddr
);
1534 if (buf
->head
->datalen
>= 1024) {
1535 log_debug(LD_APP
,"socks4: Destaddr too long.");
1538 log_debug(LD_APP
,"socks4: Destaddr not all here yet.");
1541 if (MAX_SOCKS_ADDR_LEN
<= next
-startaddr
) {
1542 log_warn(LD_APP
,"socks4: Destaddr too long. Rejecting.");
1545 // tor_assert(next < buf->cur+buf->datalen);
1549 "Your application (using socks4a to port %d) gave "
1550 "Tor a hostname, which means Tor will do the DNS resolve "
1551 "for you. This is good.", req
->port
);
1553 log_debug(LD_APP
,"socks4: Everything is here. Success.");
1554 strlcpy(req
->address
, startaddr
? startaddr
: tmpbuf
,
1555 sizeof(req
->address
));
1556 if (!tor_strisprint(req
->address
) || strchr(req
->address
,'\"')) {
1557 log_warn(LD_PROTOCOL
,
1558 "Your application (using socks4 to port %d) gave Tor "
1559 "a malformed hostname: %s. Rejecting the connection.",
1560 req
->port
, escaped(req
->address
));
1563 /* next points to the final \0 on inbuf */
1564 buf_remove_from_front(buf
, next
- buf
->head
->data
+ 1);
1568 case 'H': /* head */
1569 case 'P': /* put/post */
1570 case 'C': /* connect */
1572 "HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
1573 "Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
1576 "<title>Tor is not an HTTP Proxy</title>\n"
1579 "<h1>Tor is not an HTTP Proxy</h1>\n"
1581 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1583 "This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.\n"
1584 "Please configure your client accordingly.\n"
1587 "See <a href=\"https://www.torproject.org/documentation.html\">"
1588 "https://www.torproject.org/documentation.html</a> for more "
1590 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1591 " IE will be willing to display it. Comment comment comment comment "
1592 " comment comment comment comment comment comment comment comment.-->\n"
1596 , MAX_SOCKS_REPLY_LEN
);
1597 req
->replylen
= strlen(req
->reply
)+1;
1599 default: /* version is not socks4 or socks5 */
1601 "Socks version %d not recognized. (Tor is not an http proxy.)",
1602 *(buf
->head
->data
));
1604 char *tmp
= tor_strndup(buf
->head
->data
, 8); /*XXXX what if longer?*/
1605 control_event_client_status(LOG_WARN
,
1606 "SOCKS_UNKNOWN_PROTOCOL DATA=\"%s\"",
1614 /** Return 1 iff buf looks more like it has an (obsolete) v0 controller
1615 * command on it than any valid v1 controller command. */
1617 peek_buf_has_control0_command(buf_t
*buf
)
1619 if (buf
->datalen
>= 4) {
1622 peek_from_buf(header
, sizeof(header
), buf
);
1623 cmd
= ntohs(get_uint16(header
+2));
1625 return 1; /* This is definitely not a v1 control command. */
1630 /** Return the index within <b>buf</b> at which <b>ch</b> first appears,
1631 * or -1 if <b>ch</b> does not appear on buf. */
1633 buf_find_offset_of_char(buf_t
*buf
, char ch
)
1637 for (chunk
= buf
->head
; chunk
; chunk
= chunk
->next
) {
1638 char *cp
= memchr(chunk
->data
, ch
, chunk
->datalen
);
1640 return offset
+ (cp
- chunk
->data
);
1642 offset
+= chunk
->datalen
;
1647 /** Try to read a single LF-terminated line from <b>buf</b>, and write it,
1648 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1649 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1650 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1651 * have a whole line yet, and return -1 if the line length exceeds
1655 fetch_from_buf_line(buf_t
*buf
, char *data_out
, size_t *data_len
)
1663 offset
= buf_find_offset_of_char(buf
, '\n');
1666 sz
= (size_t) offset
;
1667 if (sz
+2 > *data_len
) {
1671 fetch_from_buf(data_out
, sz
+1, buf
);
1672 data_out
[sz
+1] = '\0';
1677 /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
1678 * zlib state <b>state</b>, appending the result to <b>buf</b>. If
1679 * <b>done</b> is true, flush the data in the state and finish the
1680 * compression/uncompression. Return -1 on failure, 0 on success. */
1682 write_to_buf_zlib(buf_t
*buf
, tor_zlib_state_t
*state
,
1683 const char *data
, size_t data_len
,
1687 size_t old_avail
, avail
;
1690 int need_new_chunk
= 0;
1691 if (!buf
->tail
|| ! CHUNK_REMAINING_CAPACITY(buf
->tail
)) {
1692 size_t cap
= data_len
/ 4;
1693 buf_add_chunk_with_capacity(buf
, cap
, 1);
1695 next
= CHUNK_WRITE_PTR(buf
->tail
);
1696 avail
= old_avail
= CHUNK_REMAINING_CAPACITY(buf
->tail
);
1697 switch (tor_zlib_process(state
, &next
, &avail
, &data
, &data_len
, done
)) {
1707 case TOR_ZLIB_BUF_FULL
:
1709 /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
1710 * automatically, whether were going to or not. */
1715 buf
->datalen
+= old_avail
- avail
;
1716 buf
->tail
->datalen
+= old_avail
- avail
;
1717 if (need_new_chunk
) {
1718 buf_add_chunk_with_capacity(buf
, data_len
/4, 1);
1726 /** Log an error and exit if <b>buf</b> is corrupted.
1729 assert_buf_ok(buf_t
*buf
)
1732 tor_assert(buf
->magic
== BUFFER_MAGIC
);
1735 tor_assert(!buf
->tail
);
1736 tor_assert(buf
->datalen
== 0);
1740 tor_assert(buf
->tail
);
1741 for (ch
= buf
->head
; ch
; ch
= ch
->next
) {
1742 total
+= ch
->datalen
;
1743 tor_assert(ch
->datalen
<= ch
->memlen
);
1744 tor_assert(ch
->data
>= &ch
->mem
[0]);
1745 tor_assert(ch
->data
< &ch
->mem
[0]+ch
->memlen
);
1746 tor_assert(ch
->data
+ch
->datalen
<= &ch
->mem
[0] + ch
->memlen
);
1748 tor_assert(ch
== buf
->tail
);
1750 tor_assert(buf
->datalen
== total
);
1754 #ifdef ENABLE_BUF_FREELISTS
1755 /** Log an error and exit if <b>fl</b> is corrupted.
1758 assert_freelist_ok(chunk_freelist_t
*fl
)
1762 tor_assert(fl
->alloc_size
> 0);
1764 for (ch
= fl
->head
; ch
; ch
= ch
->next
) {
1765 tor_assert(CHUNK_ALLOC_SIZE(ch
->memlen
) == fl
->alloc_size
);
1768 tor_assert(n
== fl
->cur_length
);
1769 tor_assert(n
>= fl
->lowest_length
);
1770 tor_assert(n
<= fl
->max_length
);