From 0ca3f495c6fad074606ab75942b64738ed61926a Mon Sep 17 00:00:00 2001 From: Scott Dial Date: Wed, 4 May 2016 14:45:09 -0400 Subject: [PATCH 1/5] Fix dnsserv.c assertion when no supported questions are requested. The problem is that "q" is always set on the first iteration even if the question is not a supported question. This set of "q" is not necessary, and will be handled after exiting the loop if there if a supported q->type was found. [Changes file by nickm] lease enter the commit message for your changes. Lines starting --- changes/bug18710 | 6 ++++++ src/or/dnsserv.c | 4 +--- 2 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 changes/bug18710 diff --git a/changes/bug18710 b/changes/bug18710 new file mode 100644 index 000000000..269395563 --- /dev/null +++ b/changes/bug18710 @@ -0,0 +1,6 @@ + o Major bugfixes (DNS proxy): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, where the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c index ecd45be77..9b0368dd0 100644 --- a/src/or/dnsserv.c +++ b/src/or/dnsserv.c @@ -87,8 +87,6 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) for (i = 0; i < req->nquestions; ++i) { if (req->questions[i]->dns_question_class != EVDNS_CLASS_INET) continue; - if (! q) - q = req->questions[i]; switch (req->questions[i]->type) { case EVDNS_TYPE_A: case EVDNS_TYPE_AAAA: @@ -96,7 +94,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) /* We always pick the first one of these questions, if there is one. */ if (! supported_q) - supported_q = q; + supported_q = req->questions[i]; break; default: break; From 650c03127a877eb0de1cfad8afa5cb3d8474a956 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 11 Mar 2016 10:33:19 -0500 Subject: [PATCH 2/5] If we start/stop reading on a dnsserv connection, don't assert. Fixes bug 16248. Patch from cypherpunks. Bugfix on 0.2.0.1-alpha. --- src/or/main.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/or/main.c b/src/or/main.c index bd23141b9..a2b032dbc 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -517,6 +517,12 @@ connection_stop_reading(connection_t *conn) return; }); + /* if dummy conn then no socket and no event, nothing to do here */ + if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { + tor_assert(!conn->read_event); + return; + } + tor_assert(conn->read_event); if (conn->linked) { @@ -542,6 +548,12 @@ connection_start_reading(connection_t *conn) return; }); + /* if dummy conn then no socket and no event, nothing to do here */ + if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { + tor_assert(!conn->read_event); + return; + } + tor_assert(conn->read_event); if (conn->linked) { From 457d38a6e9212de3a5cab24fc59829c689f88560 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 11 Mar 2016 10:50:36 -0500 Subject: [PATCH 3/5] Change behavior on missing/present event to warn instead of asserting. Add a changes file. --- changes/bug16248 | 8 ++++++++ src/or/main.c | 49 ++++++++++++++++++++++++++++++++++++------------ 2 files changed, 45 insertions(+), 12 deletions(-) create mode 100644 changes/bug16248 diff --git a/changes/bug16248 b/changes/bug16248 new file mode 100644 index 000000000..399b7093c --- /dev/null +++ b/changes/bug16248 @@ -0,0 +1,8 @@ + o Major bugfixes (dns proxy mode, crash): + - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on + 0.2.0.1-alpha. Patch from 'cypherpunks'. + + o Minor features (bug-resistance): + - Make Tor survive errors involving connections without a corresponding + event object. Previously we'd fail with an assertion; now we produce a + log message. Related to bug 16248. diff --git a/src/or/main.c b/src/or/main.c index a2b032dbc..1200b55e2 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -506,6 +506,35 @@ connection_is_reading(connection_t *conn) (conn->read_event && event_pending(conn->read_event, EV_READ, NULL)); } +static int +connection_check_event(connection_t *conn, struct event *ev) +{ + int bad; + + if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { + bad = ev != NULL; + } else { + bad = ev == NULL; + } + + if (bad) { + log_warn(LD_BUG, "Event missing on connection %p [%s;%s]. " + "socket=%d. linked=%d. " + "is_dns_request=%d. Marked_for_close=%s:%d", + conn, + conn_type_to_string(conn->type), + conn_state_to_string(conn->type, conn->state), + (int)conn->s, (int)conn->linked, + (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request), + conn->marked_for_close_file ? conn->marked_for_close_file : "-", + conn->marked_for_close + ); + log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached."); + return -1; + } + return 0; +} + /** Tell the main loop to stop notifying conn of any read events. */ void connection_stop_reading(connection_t *conn) @@ -517,14 +546,10 @@ connection_stop_reading(connection_t *conn) return; }); - /* if dummy conn then no socket and no event, nothing to do here */ - if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { - tor_assert(!conn->read_event); + if (connection_check_event(conn, conn->read_event) < 0) { return; } - tor_assert(conn->read_event); - if (conn->linked) { conn->reading_from_linked_conn = 0; connection_stop_reading_from_linked_conn(conn); @@ -548,14 +573,10 @@ connection_start_reading(connection_t *conn) return; }); - /* if dummy conn then no socket and no event, nothing to do here */ - if (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { - tor_assert(!conn->read_event); + if (connection_check_event(conn, conn->read_event) < 0) { return; } - tor_assert(conn->read_event); - if (conn->linked) { conn->reading_from_linked_conn = 1; if (connection_should_read_from_linked_conn(conn)) @@ -594,7 +615,9 @@ connection_stop_writing(connection_t *conn) return; }); - tor_assert(conn->write_event); + if (connection_check_event(conn, conn->write_event) < 0) { + return; + } if (conn->linked) { conn->writing_to_linked_conn = 0; @@ -620,7 +643,9 @@ connection_start_writing(connection_t *conn) return; }); - tor_assert(conn->write_event); + if (connection_check_event(conn, conn->write_event) < 0) { + return; + } if (conn->linked) { conn->writing_to_linked_conn = 1; From cfeb1db2fb881db85a11d80e70a1a14c62b46950 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 14 Mar 2016 12:53:21 -0400 Subject: [PATCH 4/5] Add comments to connection_check_event(). --- src/or/main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/or/main.c b/src/or/main.c index 1200b55e2..89e5a512b 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -506,14 +506,24 @@ connection_is_reading(connection_t *conn) (conn->read_event && event_pending(conn->read_event, EV_READ, NULL)); } +/** Check whether conn is correct in having (or not having) a + * read/write event (passed in evtype == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request) { + /* DNS requests which we launch through the dnsserv.c module do not have + * any underlying socket or any underlying linked connection, so they + * shouldn't have any attached events either. + */ bad = ev != NULL; } else { + /* Everytyhing else should have an underlying socket, or a linked + * connection (which is also tracked with a read_event/write_event pair). + */ bad = ev == NULL; } From 85a2487f9704cfeff0255c5f660d977ec9c30cff Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 7 Feb 2017 09:49:23 -0500 Subject: [PATCH 5/5] Disable a log_backtrace (which 0.2.4 does not have) in 16248 fix --- src/or/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/main.c b/src/or/main.c index 89e5a512b..9e78ea04c 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -539,7 +539,7 @@ connection_check_event(connection_t *conn, struct event *ev) conn->marked_for_close_file ? conn->marked_for_close_file : "-", conn->marked_for_close ); - log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached."); + //log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached."); return -1; } return 0;