From 681802817deb6fb93b95f8284856fd42f3556600 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 4 Mar 2015 12:24:51 +0100 Subject: [PATCH 1/3] Make TransProxyType ipfw work correctly Fixes bug 15064; bugfix on 0.2.5.4-alpha. --- changes/bug15064 | 4 ++++ src/or/connection_edge.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changes/bug15064 diff --git a/changes/bug15064 b/changes/bug15064 new file mode 100644 index 000000000..e6bd747b1 --- /dev/null +++ b/changes/bug15064 @@ -0,0 +1,4 @@ + o Major bugfixes (FreeBSD IPFW transparent proxy): + - Fix address detection with FreeBSD transparent proxies, + when "TransProxyType ipfw" is in use. + Fixes bug 15064; bugfix on 0.2.5.4-alpha. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 49f9ba497..1eeb22fce 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1531,7 +1531,8 @@ connection_ap_get_original_destination(entry_connection_t *conn, if (options->TransProxyType_parsed == TPT_PF_DIVERT) return destination_from_socket(conn, req); - if (options->TransProxyType_parsed == TPT_DEFAULT) + if (options->TransProxyType_parsed == TPT_DEFAULT || + options->TransProxyType_parsed == TPT_IPFW) return destination_from_pf(conn, req); (void)conn; From 24c031b1a28658c921a746f4d58f3ca5e9994108 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 9 Mar 2015 15:09:49 -0400 Subject: [PATCH 2/3] Don't use checked strl{cat,cpy} on OSX. There is a bug in the overlap-checking in strlcat that can crash Tor servers. Fixes bug 15205; this is an OSX bug, not a Tor bug. --- changes/bug15205 | 5 +++++ src/common/compat.h | 12 ++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 changes/bug15205 diff --git a/changes/bug15205 b/changes/bug15205 new file mode 100644 index 000000000..0cb9f3f4b --- /dev/null +++ b/changes/bug15205 @@ -0,0 +1,5 @@ + o Major bugfixes (crash, OSX, security): + - Fix a remote denial-of-service opportunity caused by a bug + in OSX's _strlcat_chk() function. Fixes bug 15205; bug first + appeared in OSX 10.9. + diff --git a/src/common/compat.h b/src/common/compat.h index ec7d2415e..531e88f1b 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -224,6 +224,18 @@ extern INLINE double U64_TO_DBL(uint64_t x) { #define strncasecmp _strnicmp #define strcasecmp _stricmp #endif + +#if defined __APPLE__ +/* On OSX 10.9 and later, the overlap-checking code for strlcat would + * appear to have a severe bug that can sometimes cause aborts in Tor. + * Instead, use the non-checking variants. This is sad. + * + * See https://trac.torproject.org/projects/tor/ticket/15205 + */ +#undef strlcat +#undef strlcpy +#endif + #ifndef HAVE_STRLCAT size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2)); #endif From 9063f29160615b379f907009e7158f1fcf1ed84c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 12 Mar 2015 12:49:08 -0400 Subject: [PATCH 3/3] Revert "Make TransProxyType ipfw work correctly" This reverts commit 681802817deb6fb93b95f8284856fd42f3556600. (I didn't mean to backport this, but somehow I had based my branch for #15205 on it.) --- changes/bug15064 | 4 ---- src/or/connection_edge.c | 3 +-- 2 files changed, 1 insertion(+), 6 deletions(-) delete mode 100644 changes/bug15064 diff --git a/changes/bug15064 b/changes/bug15064 deleted file mode 100644 index e6bd747b1..000000000 --- a/changes/bug15064 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (FreeBSD IPFW transparent proxy): - - Fix address detection with FreeBSD transparent proxies, - when "TransProxyType ipfw" is in use. - Fixes bug 15064; bugfix on 0.2.5.4-alpha. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 1eeb22fce..49f9ba497 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1531,8 +1531,7 @@ connection_ap_get_original_destination(entry_connection_t *conn, if (options->TransProxyType_parsed == TPT_PF_DIVERT) return destination_from_socket(conn, req); - if (options->TransProxyType_parsed == TPT_DEFAULT || - options->TransProxyType_parsed == TPT_IPFW) + if (options->TransProxyType_parsed == TPT_DEFAULT) return destination_from_pf(conn, req); (void)conn;