| blob | 571f86de1fa9c185978c8b4edfc31fab7309fc35 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2010, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /**
8 * \file buffers.c
9 * \brief Implements a generic interface buffer. Buffers are
10 * fairly opaque string holders that can read to or flush from:
11 * memory, file descriptors, or TLS connections.
12 **/
13 #define BUFFERS_PRIVATE
15 #ifdef HAVE_UNISTD_H
16 #include <unistd.h>
17 #endif
18 #ifdef HAVE_SYS_UIO_H
19 #include <sys/uio.h>
20 #endif
22 //#define PARANOIA
24 #ifdef PARANOIA
25 /** Helper: If PARANOIA is defined, assert that the buffer in local variable
26 * <b>buf</b> is well-formed. */
27 #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
28 #else
29 #define check() STMT_NIL
30 #endif
32 /* Implementation notes:
33 *
34 * After flirting with memmove, and dallying with ring-buffers, we're finally
35 * getting up to speed with the 1970s and implementing buffers as a linked
36 * list of small chunks. Each buffer has such a list; data is removed from
37 * the head of the list, and added at the tail. The list is singly linked,
38 * and the buffer keeps a pointer to the head and the tail.
39 *
40 * Every chunk, except the tail, contains at least one byte of data. Data in
41 * each chunk is contiguous.
42 *
43 * When you need to treat the first N characters on a buffer as a contiguous
44 * string, use the buf_pullup function to make them so. Don't do this more
45 * than necessary.
46 *
47 * The major free Unix kernels have handled buffers like this since, like,
48 * forever.
49 */
51 /* Chunk manipulation functions */
53 /** A single chunk on a buffer or in a freelist. */
60 * more than one byte long. */
63 #define CHUNK_HEADER_LEN STRUCT_OFFSET(chunk_t, mem[0])
65 /** Return the number of bytes needed to allocate a chunk to hold
66 * <b>memlen</b> bytes. */
67 #define CHUNK_ALLOC_SIZE(memlen) (CHUNK_HEADER_LEN + (memlen))
68 /** Return the number of usable bytes in a chunk allocated with
69 * malloc(<b>memlen</b>). */
70 #define CHUNK_SIZE_WITH_ALLOC(memlen) ((memlen) - CHUNK_HEADER_LEN)
72 /** Return the next character in <b>chunk</b> onto which data can be appended.
73 * If the chunk is full, this might be off the end of chunk->mem. */
76 {
78 }
80 /** Return the number of bytes that can be written onto <b>chunk</b> without
81 * running out of space. */
84 {
86 }
88 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
89 * to free up space at the end. */
92 {
95 }
97 }
99 #ifdef ENABLE_BUF_FREELISTS
100 /** A freelist of chunks. */
104 * freelist. */
106 * chunks beyond lowest_length.*/
109 * last time we cleaned this freelist? */
116 /** Macro to help define freelists. */
117 #define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }
119 /** Static array of freelists, sorted by alloc_len, terminated by an entry
120 * with alloc_size of 0. */
124 };
125 #undef FL
126 /** How many times have we looked for a chunk of a size that no freelist
127 * could help with? */
132 /** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if
133 * no freelist exists for that size. */
136 {
141 }
142 }
144 }
146 /** Deallocate a chunk or put it on a freelist */
147 static void
149 {
160 }
161 }
163 /** Allocate a new chunk with a given allocation size, or get one from the
164 * freelist. Note that a chunk with allocation size A can actually hold only
165 * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
168 {
180 /* XXXX take advantage of tor_malloc_roundup, once we know how that
181 * affects freelists. */
184 else
187 }
193 }
194 #else
195 static void
197 {
199 }
202 {
210 }
211 #endif
213 /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
214 * new pointer to <b>chunk</b>. Old pointers are no longer valid. */
217 {
218 off_t offset;
225 }
227 /** If a read onto the end of a chunk would be smaller than this number, then
228 * just start a new chunk. */
229 #define MIN_READ_LEN 8
230 /** Every chunk should take up at least this many bytes. */
231 #define MIN_CHUNK_ALLOC 256
232 /** No chunk should take up more than this many bytes. */
233 #define MAX_CHUNK_ALLOC 65536
235 /** Return the allocation size we'd like to use to hold <b>target</b>
236 * bytes. */
239 {
243 }
245 }
247 /** Remove from the freelists most chunks that have not been used since the
248 * last call to buf_shrink_freelists(). */
249 void
251 {
252 #ifdef ENABLE_BUF_FREELISTS
272 }
282 }
287 "keep %d. I wanted to free %d. I freed %d. I somehow think "
291 }
292 // tor_assert(!n_to_free);
294 }
297 }
298 #else
300 #endif
301 }
303 /** Describe the current status of the freelists at log level <b>severity</b>.
304 */
305 void
307 {
308 #ifdef ENABLE_BUF_FREELISTS
315 U64_FORMAT" bytes in %d %d-byte chunks ["U64_FORMAT
322 }
325 #else
327 #endif
328 }
330 /** Magic value for buf_t.magic, to catch pointer errors. */
331 #define BUFFER_MAGIC 0xB0FFF312u
332 /** A resizeable buffer, optimized for reading and writing. */
335 * BUFFER_MAGIC. */
338 * this for this buffer. */
341 };
343 /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
344 * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
345 * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
346 *
347 * If <b>nulterminate</b> is true, ensure that there is a 0 byte in
348 * buf->head->mem right after all the data. */
349 static void
351 {
366 }
371 }
374 /* We don't need to grow the first chunk, but we might need to repack it.*/
381 /* We need to grow the chunk. */
390 }
391 }
411 }
412 }
417 }
420 }
422 /** Resize buf so it won't hold extra memory that we haven't been
423 * using lately.
424 */
425 void
427 {
429 }
431 /** Remove the first <b>n</b> bytes from buf. */
434 {
451 }
452 }
454 }
456 /** Create and return a new buf with default chunk capacity <b>size</b>.
457 */
458 buf_t *
460 {
464 }
466 /** Allocate and return a new buffer with default capacity. */
467 buf_t *
469 {
474 }
476 /** Remove all data from <b>buf</b>. */
477 void
479 {
485 }
487 }
489 /** Return the number of bytes stored in <b>buf</b> */
490 size_t
492 {
494 }
496 /** Return the total length of all chunks used in <b>buf</b>. */
497 size_t
499 {
504 }
506 }
508 /** Return the number of bytes that can be added to <b>buf</b> without
509 * performing any additional allocation. */
510 size_t
512 {
515 else
517 }
519 /** Release storage held by <b>buf</b>. */
520 void
522 {
526 }
528 /** Append a new chunk with enough capacity to hold <b>capacity</b> bytes to
529 * the tail of <b>buf</b>. If <b>capped</b>, don't allocate a chunk bigger
530 * than MAX_CHUNK_ALLOC. */
533 {
541 }
549 }
552 }
554 /** If we're using readv and writev, how many chunks are we willing to
555 * read/write at a time? */
556 #define N_IOV 3
558 /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
559 * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
560 * *<b>reached_eof</b> to 1. Return -1 on error, 0 on eof or blocking,
561 * and the number of bytes read otherwise. */
565 {
566 ssize_t read_result;
567 #if 0 && defined(HAVE_READV) && !defined(WIN32)
575 else
579 }
581 #else
585 #endif
590 #ifdef MS_WINDOWS
593 #endif
596 }
604 #if 0 && defined(HAVE_READV) && !defined(WIN32)
610 }
611 #endif
617 }
618 }
620 /** As read_to_chunk(), but return (negative) error code on error, blocking,
621 * or TLS, and the number of bytes read otherwise. */
625 {
635 }
637 /** Read from socket <b>s</b>, writing onto end of <b>buf</b>. Read at most
638 * <b>at_most</b> bytes, growing the buffer as necessary. If recv() returns 0
639 * (because of EOF), set *<b>reached_eof</b> to 1 and return 0. Return -1 on
640 * error; else return the number of bytes read.
641 */
642 /* XXXX021 indicate "read blocked" somehow? */
643 int
646 {
647 /* XXXX021 It's stupid to overload the return values for these functions:
648 * "error status" and "number of bytes read" are not mutually exclusive.
649 */
669 }
679 }
680 }
682 }
684 /** As read_to_buf, but reads from a TLS connection, and returns a TLS
685 * status value rather than the number of bytes read.
686 *
687 * Using TLS on OR connections complicates matters in two ways.
688 *
689 * First, a TLS stream has its own read buffer independent of the
690 * connection's read buffer. (TLS needs to read an entire frame from
691 * the network before it can decrypt any data. Thus, trying to read 1
692 * byte from TLS can require that several KB be read from the network
693 * and decrypted. The extra data is stored in TLS's decrypt buffer.)
694 * Because the data hasn't been read by Tor (it's still inside the TLS),
695 * this means that sometimes a connection "has stuff to read" even when
696 * poll() didn't return POLLIN. The tor_tls_get_pending_bytes function is
697 * used in connection.c to detect TLS objects with non-empty internal
698 * buffers and read from them again.
699 *
700 * Second, the TLS stream's events do not correspond directly to network
701 * events: sometimes, before a TLS stream can read, the network must be
702 * ready to write -- or vice versa.
703 */
704 int
706 {
723 }
733 }
735 }
737 /** Helper for flush_buf(): try to write <b>sz</b> bytes from chunk
738 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. On success, deduct
739 * the bytes written from *<b>buf_flushlen</b>. Return the number of bytes
740 * written on success, 0 on blocking, -1 on failure.
741 */
745 {
746 ssize_t write_result;
747 #if 0 && defined(HAVE_WRITEV) && !defined(WIN32)
755 else
759 }
761 #else
765 #endif
770 #ifdef MS_WINDOWS
773 #endif
775 }
783 }
784 }
786 /** Helper for flush_buf_tls(): try to write <b>sz</b> bytes from chunk
787 * <b>chunk</b> of buffer <b>buf</b> onto socket <b>s</b>. (Tries to write
788 * more if there is a forced pending write size.) On success, deduct the
789 * bytes written from *<b>buf_flushlen</b>. Return the number of bytes
790 * written on success, and a TOR_TLS error code on failure or blocking.
791 */
795 {
809 }
815 else
821 }
823 /** Write data from <b>buf</b> to the socket <b>s</b>. Write at most
824 * <b>sz</b> bytes, decrement *<b>buf_flushlen</b> by
825 * the number of bytes actually written, and remove the written bytes
826 * from the buffer. Return the number of bytes written on success,
827 * -1 on failure. Return 0 if write() would block.
828 */
829 int
831 {
832 /* XXXX021 It's stupid to overload the return values for these functions:
833 * "error status" and "number of bytes flushed" are not mutually exclusive.
834 */
848 else
859 }
862 }
864 /** As flush_buf(), but writes data to a TLS connection. Can write more than
865 * <b>flushlen</b> bytes.
866 */
867 int
870 {
873 ssize_t sz;
879 /* we want to let tls write even if flushlen is zero, because it might
880 * have a partial record pending */
889 else
893 }
906 }
908 /** Append <b>string_len</b> bytes from <b>string</b> to the end of
909 * <b>buf</b>.
910 *
911 * Return the new length of the buffer on success, -1 on failure.
912 */
913 int
915 {
933 }
938 }
940 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
941 * onto <b>string</b>.
942 */
945 {
949 /* make sure we don't ask for too much */
951 /* assert_buf_ok(buf); */
963 }
964 }
966 /** Remove <b>string_len</b> bytes from the front of <b>buf</b>, and store
967 * them into <b>string</b>. Return the new buffer size. <b>string_len</b>
968 * must be \<= the number of bytes on the buffer.
969 */
970 int
972 {
973 /* There must be string_len bytes in buf; write them onto string,
974 * then memmove buf back (that is, remove them from buf).
975 *
976 * Return the number of bytes still on the buffer. */
984 }
986 /** Check <b>buf</b> for a variable-length cell according to the rules of link
987 * protocol version <b>linkproto</b>. If one is found, pull it off the buffer
988 * and assign a newly allocated var_cell_t to *<b>out</b>, and return 1.
989 * Return 0 if whatever is on the start of buf_t is not a variable-length
990 * cell. Return 1 and set *<b>out</b> to NULL if there seems to be the start
991 * of a variable-length cell on <b>buf</b>, but the whole thing isn't there
992 * yet. */
993 int
995 {
1000 /* If linkproto is unknown (0) or v2 (2), variable-length cells work as
1001 * implemented here. If it's 1, there are no variable-length cells. Tor
1002 * does not support other versions right now, and so can't negotiate them.
1003 */
1030 }
1032 /** Move up to *<b>buf_flushlen</b> bytes from <b>buf_in</b> to
1033 * <b>buf_out</b>, and modify *<b>buf_flushlen</b> appropriately.
1034 * Return the number of bytes actually copied.
1035 */
1036 int
1038 {
1039 /* XXXX we can do way better here, but this doesn't turn up in any
1040 * profiles. */
1050 /* This isn't the most efficient implementation one could imagine, since
1051 * it does two copies instead of 1, but I kinda doubt that this will be
1052 * critical path. */
1057 }
1060 }
1062 /** Internal structure: represents a position in a buffer. */
1069 /** Initialize <b>out</b> to point to the first character of <b>buf</b>.*/
1070 static void
1072 {
1076 }
1078 /** Advance <b>out</b> to the first appearance of <b>ch</b> at the current
1079 * position of <b>out</b>, or later. Return -1 if no instances are found;
1080 * otherwise returns the absolute position of the character. */
1081 static off_t
1083 {
1092 }
1093 }
1105 }
1106 }
1108 }
1110 /** Advance <b>pos</b> by a single character, if there are any more characters
1111 * in the buffer. Returns 0 on success, -1 on failure. */
1114 {
1122 }
1124 }
1126 /** Return true iff the <b>n</b>-character string in <b>s</b> appears
1127 * (verbatim) at <b>pos</b>. */
1128 static int
1130 {
1131 buf_pos_t p;
1142 /* If we're out of characters that don't match, we match. Check this
1143 * _before_ we test incrementing pos, in case we're at the end of the
1144 * string. */
1149 }
1150 }
1152 /** Return the first position in <b>buf</b> at which the <b>n</b>-character
1153 * string <b>s</b> occurs, or -1 if it does not occur. */
1156 {
1157 buf_pos_t pos;
1166 }
1167 }
1169 }
1171 /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
1172 * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
1173 * If a) the headers include a Content-Length field and all bytes in
1174 * the body are present, or b) there's no Content-Length field and
1175 * all headers are present, then:
1176 *
1177 * - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
1178 * - memdup body into <b>*body_out</b>, and NUL-terminate it.
1179 * - Then remove them from <b>buf</b>, and return 1.
1180 *
1181 * - If headers or body is NULL, discard that part of the buf.
1182 * - If a headers or body doesn't fit in the arg, return -1.
1183 * (We ensure that the headers or body don't exceed max len,
1184 * _even if_ we're planning to discard them.)
1185 * - If force_complete is true, then succeed even if not all of the
1186 * content has arrived.
1187 *
1188 * Else, change nothing and return 0.
1189 */
1190 int
1195 {
1212 }
1213 /* Okay, we have a full header. Make sure it all appears in the first
1214 * chunk. */
1227 }
1232 }
1243 }
1245 /* if content-length is malformed, then our body length is 0. fine. */
1251 }
1252 }
1256 }
1257 }
1258 /* all happy. copy into the appropriate places, and return 1 */
1263 }
1270 }
1273 }
1275 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
1276 * of the forms
1277 * - socks4: "socksheader username\\0"
1278 * - socks4a: "socksheader username\\0 destaddr\\0"
1279 * - socks5 phase one: "version #methods methods"
1280 * - socks5 phase two: "version command 0 addresstype..."
1281 * If it's a complete and valid handshake, and destaddr fits in
1282 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
1283 * assign to <b>req</b>, and return 1.
1284 *
1285 * If it's invalid or too big, return -1.
1286 *
1287 * Else it's not all there yet, leave buf alone and return 0.
1288 *
1289 * If you want to specify the socks reply, write it into <b>req->reply</b>
1290 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
1291 *
1292 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
1293 * the connection is possibly leaking DNS requests locally or not.
1294 *
1295 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
1296 *
1297 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
1298 * undefined.
1299 */
1300 int
1303 {
1306 tor_addr_t destaddr;
1313 /* If the user connects with socks4 or the wrong variant of socks5,
1314 * then log a warning to let him know that it might be unwise. */
1337 "socks5: offered methods don't include 'no auth'. "
1343 }
1344 /* remove packet from buf. also remove any other extraneous
1345 * bytes, to support broken socks clients. */
1354 }
1355 /* we know the method; read in the request */
1364 /* not a connect or resolve or a resolve_ptr? we don't support it. */
1368 }
1380 else
1387 "socks5 IP takes %d bytes, which doesn't fit in %d. "
1391 }
1399 "Your application (using socks5 to port %d) is giving "
1400 "Tor only an IP address. Applications that do DNS resolves "
1401 "themselves may leak information. Consider using Socks4A "
1402 "(e.g. via privoxy or socat) instead. For more information, "
1403 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1406 /*have_warned_about_unsafe_socks = 1;*/
1407 /*(for now, warn every time)*/
1413 }
1415 }
1422 }
1430 "socks5 hostname is %d bytes, which doesn't fit in "
1433 }
1440 "Your application (using socks5 to port %d) gave Tor "
1444 }
1447 "Your application (using socks5 to port %d) gave "
1448 "Tor a hostname, which means Tor will do the DNS resolve "
1455 }
1458 /* http://archive.socks.permeo.com/protocol/socks4.protocol */
1459 /* http://archive.socks.permeo.com/protocol/socks4a.protocol */
1468 /* not a connect or resolve? we don't support it. (No resolve_ptr with
1469 * socks4.) */
1473 }
1480 }
1489 }
1493 }
1501 }
1504 }
1512 "Your application (using socks4 to port %d) is giving Tor "
1513 "only an IP address. Applications that do DNS resolves "
1514 "themselves may leak information. Consider using Socks4A "
1515 "(e.g. via privoxy or socat) instead. For more information, "
1516 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
1525 }
1530 }
1537 }
1540 }
1544 }
1545 // tor_assert(next < buf->cur+buf->datalen);
1549 "Your application (using socks4a to port %d) gave "
1550 "Tor a hostname, which means Tor will do the DNS resolve "
1552 }
1558 "Your application (using socks4 to port %d) gave Tor "
1562 }
1563 /* next points to the final \0 on inbuf */
1581 "It appears you have configured your web browser to use Tor as an HTTP proxy."
1588 "https://www.torproject.org/documentation.html</a> for more "
1590 "<!-- Plus this comment, to make the body response more than 512 bytes, so "
1591 " IE will be willing to display it. Comment comment comment comment "
1598 /* fall through */
1603 {
1609 }
1611 }
1612 }
1614 /** Return 1 iff buf looks more like it has an (obsolete) v0 controller
1615 * command on it than any valid v1 controller command. */
1616 int
1618 {
1626 }
1628 }
1630 /** Return the index within <b>buf</b> at which <b>ch</b> first appears,
1631 * or -1 if <b>ch</b> does not appear on buf. */
1632 static off_t
1634 {
1641 else
1643 }
1645 }
1647 /** Try to read a single LF-terminated line from <b>buf</b>, and write it,
1648 * NUL-terminated, into the *<b>data_len</b> byte buffer at <b>data_out</b>.
1649 * Set *<b>data_len</b> to the number of bytes in the line, not counting the
1650 * terminating NUL. Return 1 if we read a whole line, return 0 if we don't
1651 * have a whole line yet, and return -1 if the line length exceeds
1652 * *<b>data_len</b>.
1653 */
1654 int
1656 {
1658 off_t offset;
1670 }
1675 }
1677 /** Compress on uncompress the <b>data_len</b> bytes in <b>data</b> using the
1678 * zlib state <b>state</b>, appending the result to <b>buf</b>. If
1679 * <b>done</b> is true, flush the data in the state and finish the
1680 * compression/uncompression. Return -1 on failure, 0 on success. */
1681 int
1685 {
1694 }
1709 /* Zlib says we need more room (ZLIB_BUF_FULL). Start a new chunk
1710 * automatically, whether were going to or not. */
1712 }
1714 }
1719 }
1724 }
1726 /** Log an error and exit if <b>buf</b> is corrupted.
1727 */
1728 void
1730 {
1749 }
1751 }
1752 }
1754 #ifdef ENABLE_BUF_FREELISTS
1755 /** Log an error and exit if <b>fl</b> is corrupted.
1756 */
1757 static void
1759 {
1767 }
1771 }
1772 #endif