channel_dumpstats(severity);
channel_listener_dumpstats(severity);
+ // TODO CGO: Use of RELAY_PAYLOAD_SIZE_MAX may make this a bit wrong.
tor_log(severity, LD_NET,
"Cells processed: %"PRIu64" padding\n"
" %"PRIu64" create\n"
if (stats_n_data_cells_packaged)
tor_log(severity,LD_NET,"Average packaged cell fullness: %2.3f%%",
100*(((double)stats_n_data_bytes_packaged) /
- ((double)stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE)) );
+ ((double)stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE_MAX)) );
if (stats_n_data_cells_received)
tor_log(severity,LD_NET,"Average delivered cell fullness: %2.3f%%",
100*(((double)stats_n_data_bytes_received) /
- ((double)stats_n_data_cells_received*RELAY_PAYLOAD_SIZE)) );
+ ((double)stats_n_data_cells_received*RELAY_PAYLOAD_SIZE_MAX)) );
cpuworker_log_onionskin_overhead(severity, ONION_HANDSHAKE_TYPE_TAP, "TAP");
cpuworker_log_onionskin_overhead(severity, ONION_HANDSHAKE_TYPE_NTOR,"ntor");
static ssize_t
connection_bucket_read_limit(connection_t *conn, time_t now)
{
- int base = RELAY_PAYLOAD_SIZE;
+ int base = RELAY_PAYLOAD_SIZE_MAX;
int priority = conn->type != CONN_TYPE_DIR;
ssize_t conn_bucket = -1;
size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
ssize_t
connection_bucket_write_limit(connection_t *conn, time_t now)
{
- int base = RELAY_PAYLOAD_SIZE;
+ int base = RELAY_PAYLOAD_SIZE_MAX;
int priority = conn->type != CONN_TYPE_DIR;
size_t conn_bucket = buf_datalen(conn->outbuf);
size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
{
uint8_t command = 0;
uint16_t payload_len=0;
- uint8_t payload[RELAY_PAYLOAD_SIZE];
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX];
if (extend_cell_format(&command, &payload_len, payload, &ec)<0) {
log_warn(LD_CIRC,"Couldn't format extend cell");
return -END_CIRC_REASON_INTERNAL;
}
+ if (payload_len > circuit_max_relay_payload(
+ TO_CIRCUIT(circ), hop->prev, command)) {
+ log_warn(LD_BUG, "Generated a too-long extend cell");
+ return -END_CIRC_REASON_INTERNAL;
+ }
+
/* send it to hop->prev, because that relay will transfer
* it to a create cell and then send to hop */
if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
{
if (!circ) return;
- tor_assertf_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE,
+ tor_assertf_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE_MAX,
"Wrong relay_body_len: %d (should be at most %d)",
- relay_body_len, RELAY_PAYLOAD_SIZE);
+ relay_body_len, RELAY_PAYLOAD_SIZE_MAX);
circ->n_delivered_written_circ_bw =
tor_add_u32_nowrap(circ->n_delivered_written_circ_bw, relay_body_len);
+ // TODO CGO: I think this may now be somewhat incorrect.
circ->n_overhead_written_circ_bw =
tor_add_u32_nowrap(circ->n_overhead_written_circ_bw,
- RELAY_PAYLOAD_SIZE-relay_body_len);
+ RELAY_PAYLOAD_SIZE_MAX-relay_body_len);
}
/**
{
if (!circ) return;
- tor_assert_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE);
+ tor_assert_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE_MAX);
circ->n_delivered_read_circ_bw =
tor_add_u32_nowrap(circ->n_delivered_read_circ_bw, relay_body_len);
+ // TODO CGO: I think this may now be somewhat incorrect.
circ->n_overhead_read_circ_bw =
tor_add_u32_nowrap(circ->n_overhead_read_circ_bw,
- RELAY_PAYLOAD_SIZE-relay_body_len);
+ RELAY_PAYLOAD_SIZE_MAX-relay_body_len);
}
} else { /* pack it into an extended relay cell, and send it. */
uint8_t command=0;
uint16_t len=0;
- uint8_t payload[RELAY_PAYLOAD_SIZE];
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX];
log_debug(LD_OR,
"Converting created cell to extended relay cell, sending.");
memset(payload, 0, sizeof(payload));
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
return;
}
+ if (len > circuit_max_relay_payload(circ, NULL, command)) {
+ log_fn(LOG_PROTOCOL_WARN, LD_OR, "Created cell too big to package.");
+ circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
+ return;
+ }
relay_send_command_from_edge(0, circ, command,
(const char*)payload, len, NULL);
trn_cell_conflux_link_getlen_payload(cell), payload);
/* Encode cell. */
- cell_len = trn_cell_conflux_link_encode(cell_out, RELAY_PAYLOAD_SIZE, cell);
+ cell_len = trn_cell_conflux_link_encode(cell_out,
+ RELAY_PAYLOAD_SIZE_MAX, cell);
trn_cell_conflux_link_payload_v1_free(payload);
trn_cell_conflux_link_free(cell);
tor_assert(cell_out);
cell = trn_cell_conflux_linked_ack_new();
- cell_len = trn_cell_conflux_linked_ack_encode(cell_out, RELAY_PAYLOAD_SIZE,
+ cell_len = trn_cell_conflux_linked_ack_encode(cell_out,
+ RELAY_PAYLOAD_SIZE_MAX,
cell);
trn_cell_conflux_linked_ack_free(cell);
bool
conflux_cell_send_link(const conflux_cell_link_t *link, origin_circuit_t *circ)
{
- uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX] = {0};
ssize_t cell_len;
tor_assert(link);
bool
conflux_cell_send_linked(const conflux_cell_link_t *link, or_circuit_t *circ)
{
- uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX] = {0};
ssize_t cell_len;
tor_assert(link);
bool
conflux_cell_send_linked_ack(origin_circuit_t *circ)
{
- uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX] = {0};
ssize_t cell_len;
tor_assert(circ);
trn_cell_conflux_switch_set_seqnum(switch_cell, (uint32_t)relative_seq);
- if (trn_cell_conflux_switch_encode(cell.payload, RELAY_PAYLOAD_SIZE,
+ if (trn_cell_conflux_switch_encode(cell.payload, RELAY_PAYLOAD_SIZE_MAX,
switch_cell) < 0) {
log_warn(LD_BUG, "Failed to encode conflux switch cell");
ret = false;
}
/* Send the switch command to the new hop */
+ // TODO CGO XXXXX Fix bug #41056.
if (CIRCUIT_IS_ORIGIN(send_circ)) {
relay_send_command_from_edge(0, send_circ,
RELAY_COMMAND_CONFLUX_SWITCH,
(const char*)cell.payload,
- RELAY_PAYLOAD_SIZE,
+ RELAY_PAYLOAD_SIZE_MAX,
TO_ORIGIN_CIRCUIT(send_circ)->cpath->prev);
} else {
relay_send_command_from_edge(0, send_circ,
RELAY_COMMAND_CONFLUX_SWITCH,
(const char*)cell.payload,
- RELAY_PAYLOAD_SIZE, NULL);
+ RELAY_PAYLOAD_SIZE_MAX,
+ NULL);
}
end:
trn_cell_conflux_switch_free(switch_cell);
return ret;
}
-
void
flow_control_new_consensus_params(const networkstatus_t *ns)
{
+ // TODO CGO: These numbers might be wrong for the v1 cell format!
+
#define CC_XOFF_CLIENT_DFLT 500
#define CC_XOFF_CLIENT_MIN 1
#define CC_XOFF_CLIENT_MAX 10000
xoff_client = networkstatus_get_param(ns, "cc_xoff_client",
CC_XOFF_CLIENT_DFLT,
CC_XOFF_CLIENT_MIN,
- CC_XOFF_CLIENT_MAX)*RELAY_PAYLOAD_SIZE;
+ CC_XOFF_CLIENT_MAX)*RELAY_PAYLOAD_SIZE_MAX;
#define CC_XOFF_EXIT_DFLT 500
#define CC_XOFF_EXIT_MIN 1
xoff_exit = networkstatus_get_param(ns, "cc_xoff_exit",
CC_XOFF_EXIT_DFLT,
CC_XOFF_EXIT_MIN,
- CC_XOFF_EXIT_MAX)*RELAY_PAYLOAD_SIZE;
+ CC_XOFF_EXIT_MAX)*RELAY_PAYLOAD_SIZE_MAX;
#define CC_XON_CHANGE_PCT_DFLT 25
#define CC_XON_CHANGE_PCT_MIN 1
xon_rate_bytes = networkstatus_get_param(ns, "cc_xon_rate",
CC_XON_RATE_BYTES_DFLT,
CC_XON_RATE_BYTES_MIN,
- CC_XON_RATE_BYTES_MAX)*RELAY_PAYLOAD_SIZE;
+ CC_XON_RATE_BYTES_MAX)*RELAY_PAYLOAD_SIZE_MAX;
#define CC_XON_EWMA_CNT_DFLT (2)
#define CC_XON_EWMA_CNT_MIN (2)
* do this because writes only happen when the socket unblocks, so
* may not otherwise notice accumulation of data in the outbuf for
* advisory XONs. */
- if (total_buffered > MAX_EXPECTED_CELL_BURST*RELAY_PAYLOAD_SIZE) {
+ // TODO CGO: This might be wrong for the v1 cell format!
+ if (total_buffered > MAX_EXPECTED_CELL_BURST*RELAY_PAYLOAD_SIZE_MAX) {
flow_control_decide_xon(stream, 0);
}
return ret;
}
-
int
connection_edge_end(edge_connection_t *conn, uint8_t reason)
{
- char payload[RELAY_PAYLOAD_SIZE];
+ char payload[RELAY_PAYLOAD_SIZE_MAX];
size_t payload_len=1;
circuit_t *circ;
uint8_t control_reason = reason;
MOCK_IMPL(int,
connection_ap_handshake_send_begin,(entry_connection_t *ap_conn))
{
- char payload[CELL_PAYLOAD_SIZE];
- int payload_len;
+ char payload[RELAY_PAYLOAD_SIZE_MAX];
+ size_t payload_len;
int begin_type;
const or_options_t *options = get_options();
origin_circuit_t *circ;
return -1;
}
+ size_t payload_max = circuit_max_relay_payload(
+ edge_conn->on_circuit, edge_conn->cpath_layer,
+ RELAY_COMMAND_BEGIN);
/* Set up begin cell flags. */
edge_conn->begincell_flags = connection_ap_get_begincell_flags(ap_conn);
- tor_snprintf(payload,RELAY_PAYLOAD_SIZE, "%s:%d",
+ tor_snprintf(payload,payload_max, "%s:%d",
(circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
circ->base_.purpose == CIRCUIT_PURPOSE_CONFLUX_LINKED ||
circ->base_.purpose == CIRCUIT_PURPOSE_CONTROLLER) ?
ap_conn->socks_request->address : "",
ap_conn->socks_request->port);
- payload_len = (int)strlen(payload)+1;
- if (payload_len <= RELAY_PAYLOAD_SIZE - 4 && edge_conn->begincell_flags) {
+ payload_len = strlen(payload)+1;
+ if (payload_len <= payload_max - 4 && edge_conn->begincell_flags) {
set_uint32(payload + payload_len, htonl(edge_conn->begincell_flags));
payload_len += 4;
}
handshake_type = ntohs(get_uint16(p));
handshake_len = ntohs(get_uint16(p+2));
- if (handshake_len > CELL_PAYLOAD_SIZE - 4 || handshake_len > p_len - 4)
+ if (handshake_len > MAX_CREATE_LEN || handshake_len > p_len - 4)
return -1;
if (handshake_type == ONION_HANDSHAKE_TYPE_FAST)
return -1;
return -1;
break;
case CELL_CREATED2:
- if (cell->handshake_len > RELAY_PAYLOAD_SIZE-2)
+ if (cell->handshake_len > MAX_CREATED_LEN)
return -1;
break;
}
const uint8_t *p = cell_in->payload;
cell_out->cell_type = CELL_CREATED2;
cell_out->handshake_len = ntohs(get_uint16(p));
- if (cell_out->handshake_len > CELL_PAYLOAD_SIZE - 2)
+ if (cell_out->handshake_len > MAX_CREATED_LEN)
return -1;
memcpy(cell_out->reply, p+2, cell_out->handshake_len);
break;
tor_assert(cell_out);
tor_assert(payload);
- if (payload_length > RELAY_PAYLOAD_SIZE)
+ if (payload_length > RELAY_PAYLOAD_SIZE_MAX)
return -1;
switch (command) {
tor_assert(payload);
memset(cell_out, 0, sizeof(*cell_out));
- if (payload_len > RELAY_PAYLOAD_SIZE)
+ if (payload_len > RELAY_PAYLOAD_SIZE_MAX)
return -1;
switch (command) {
cell_out->cell_type = RELAY_COMMAND_EXTENDED2;
cell_out->created_cell.cell_type = CELL_CREATED2;
cell_out->created_cell.handshake_len = ntohs(get_uint16(payload));
- if (cell_out->created_cell.handshake_len > RELAY_PAYLOAD_SIZE - 2 ||
+ if (cell_out->created_cell.handshake_len > RELAY_PAYLOAD_SIZE_MAX - 2 ||
cell_out->created_cell.handshake_len > payload_len - 2)
return -1;
memcpy(cell_out->created_cell.reply, payload+2,
/** Format the EXTEND{,2} cell in <b>cell_in</b>, storing its relay payload in
* <b>payload_out</b>, the number of bytes used in *<b>len_out</b>, and the
* relay command in *<b>command_out</b>. The <b>payload_out</b> must have
- * RELAY_PAYLOAD_SIZE bytes available. Return 0 on success, -1 on failure. */
+ * RELAY_PAYLOAD_SIZE_MAX bytes available.
+ *
+ * Return 0 on success, -1 on failure. */
int
extend_cell_format(uint8_t *command_out, uint16_t *len_out,
uint8_t *payload_out, const extend_cell_t *cell_in)
p = payload_out;
- memset(p, 0, RELAY_PAYLOAD_SIZE);
+ memset(p, 0, RELAY_PAYLOAD_SIZE_MAX);
switch (cell_in->cell_type) {
case RELAY_COMMAND_EXTEND:
cell_in->create_cell.handshake_len);
ssize_t len_encoded = extend2_cell_body_encode(
- payload_out, RELAY_PAYLOAD_SIZE,
+ payload_out, RELAY_PAYLOAD_SIZE_MAX,
cell);
extend2_cell_body_free(cell);
if (len_encoded < 0 || len_encoded > UINT16_MAX)
/** Format the EXTENDED{,2} cell in <b>cell_in</b>, storing its relay payload
* in <b>payload_out</b>, the number of bytes used in *<b>len_out</b>, and the
* relay command in *<b>command_out</b>. The <b>payload_out</b> must have
- * RELAY_PAYLOAD_SIZE bytes available. Return 0 on success, -1 on failure. */
+ * RELAY_PAYLOAD_SIZE_MAX bytes available.
+ *
+ * Return 0 on success, -1 on failure. */
int
extended_cell_format(uint8_t *command_out, uint16_t *len_out,
uint8_t *payload_out, const extended_cell_t *cell_in)
return -1;
p = payload_out;
- memset(p, 0, RELAY_PAYLOAD_SIZE);
+ memset(p, 0, RELAY_PAYLOAD_SIZE_MAX);
switch (cell_in->cell_type) {
case RELAY_COMMAND_EXTENDED:
*command_out = RELAY_COMMAND_EXTENDED2;
*len_out = 2 + cell_in->created_cell.handshake_len;
set_uint16(payload_out, htons(cell_in->created_cell.handshake_len));
- if (2+cell_in->created_cell.handshake_len > RELAY_PAYLOAD_SIZE)
+ if (cell_in->created_cell.handshake_len > MAX_CREATED_LEN)
return -1;
memcpy(payload_out+2, cell_in->created_cell.reply,
cell_in->created_cell.handshake_len);
#define MAX_ONIONSKIN_CHALLENGE_LEN 255
#define MAX_ONIONSKIN_REPLY_LEN 255
+#define MAX_CREATE_LEN (CELL_PAYLOAD_SIZE - 4)
+#define MAX_CREATED_LEN (CELL_PAYLOAD_SIZE - 2)
+
/** A parsed CREATE, CREATE_FAST, or CREATE2 cell. */
typedef struct create_cell_t {
/** The cell command. One of CREATE{,_FAST,2} */
/** The number of bytes used in <b>onionskin</b>. */
uint16_t handshake_len;
/** The client-side message for the circuit creation handshake. */
- uint8_t onionskin[CELL_PAYLOAD_SIZE - 4];
+ uint8_t onionskin[MAX_CREATE_LEN];
} create_cell_t;
/** A parsed CREATED, CREATED_FAST, or CREATED2 cell. */
/** The number of bytes used in <b>reply</b>. */
uint16_t handshake_len;
/** The server-side message for the circuit creation handshake. */
- uint8_t reply[CELL_PAYLOAD_SIZE - 2];
+ uint8_t reply[MAX_CREATED_LEN];
} created_cell_t;
/** A parsed RELAY_EXTEND or RELAY_EXTEND2 cell */
return wide_circ_ids ? 4 : 2;
}
-/* TODO #41051: It would be better if these went away. */
-/** Number of bytes in a relay cell's header (not including general cell
- * header). */
-/** Largest number of bytes that can fit in a relay cell payload. */
-#define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-(1+2+2+4+2))
-
/** Number of bytes used for a relay cell's header, in the v0 format. */
#define RELAY_HEADER_SIZE_V0 (1+2+2+4+2)
/** Number of bytes used for a relay cell's header, in the v1 format,
* if a StreamID is used. */
#define RELAY_HEADER_SIZE_V1_WITH_STREAM_ID (16+1+2+2)
+/** Largest number of bytes that can fit in any relay cell payload.
+ *
+ * Note that the actual maximum may be smaller if the V1 cell format
+ * is in use; see relay_cell_max_payload_size() for the real maximum.
+ */
+#define RELAY_PAYLOAD_SIZE_MAX (CELL_PAYLOAD_SIZE - RELAY_HEADER_SIZE_V0)
+
+/** Smallest capacity of any relay cell payload. */
+#define RELAY_PAYLOAD_SIZE_MIN \
+ (CELL_PAYLOAD_SIZE - RELAY_HEADER_SIZE_V1_WITH_STREAM_ID)
+
+#ifdef TOR_UNIT_TESTS
+// This name is for testing only.
+#define RELAY_PAYLOAD_SIZE RELAY_PAYLOAD_SIZE_MAX
+#endif
+
/** Identifies a circuit on an or_connection */
typedef uint32_t circid_t;
/** Identifies a stream on a circuit */
*errcode_out = 0;
- if (msg->length > RELAY_PAYLOAD_SIZE)
+ if (msg->length > RELAY_PAYLOAD_SIZE_MAX)
return -1;
addrs = smartlist_new();
}
/* Build and encode a version 1 SENDME cell into payload, which must be at
- * least of RELAY_PAYLOAD_SIZE bytes, using the digest for the cell data.
+ * least of RELAY_PAYLOAD_SIZE_MAX bytes, using the digest for the cell data.
*
* Return the size in bytes of the encoded cell in payload. A negative value
* is returned on encoding failure. */
sendme_cell_get_data_len(cell));
/* Finally, encode the cell into the payload. */
- len = sendme_cell_encode(payload, RELAY_PAYLOAD_SIZE, cell);
+ len = sendme_cell_encode(payload, RELAY_PAYLOAD_SIZE_MAX, cell);
sendme_cell_free(cell);
return len;
const uint8_t *cell_digest)
{
uint8_t emit_version;
- uint8_t payload[RELAY_PAYLOAD_SIZE];
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX];
ssize_t payload_len;
tor_assert(circ);
}
double fullness_pct = 100;
+ // TODO CGO: This is slightly wrong?
if (stats_n_data_cells_packaged && !hibernating) {
fullness_pct =
100*(((double)stats_n_data_bytes_packaged) /
- ((double)stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE));
+ ((double)stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE_MAX));
}
const double overhead_pct = ( r - 1.0 ) * 100.0;
pathbias_send_usable_probe(circuit_t *circ)
{
/* Based on connection_ap_handshake_send_begin() */
- char payload[CELL_PAYLOAD_SIZE];
+ char payload[RELAY_PAYLOAD_SIZE_MAX];
int payload_len;
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
crypt_path_t *cpath_layer = NULL;
return -1;
}
- tor_snprintf(payload,RELAY_PAYLOAD_SIZE, "%s:25", probe_nonce);
+ tor_snprintf(payload,RELAY_PAYLOAD_SIZE_MAX, "%s:25", probe_nonce);
payload_len = (int)strlen(payload)+1;
// XXX: need this? Can we assume ipv4 will always be supported?
{
size_t offset = 0;
size_t mac_msg_len;
- uint8_t mac_msg[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t mac_msg[RELAY_PAYLOAD_SIZE_MAX] = {0};
tor_assert(encoded_cell);
tor_assert(encrypted);
size_t offset = 0;
ssize_t encrypted_len;
ssize_t encoded_cell_len, encoded_enc_cell_len;
- uint8_t encoded_cell[RELAY_PAYLOAD_SIZE] = {0};
- uint8_t encoded_enc_cell[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t encoded_cell[RELAY_PAYLOAD_SIZE_MAX] = {0};
+ uint8_t encoded_enc_cell[RELAY_PAYLOAD_SIZE_MAX] = {0};
uint8_t *encrypted = NULL;
uint8_t mac[DIGEST256_LEN];
crypto_cipher_t *cipher = NULL;
* ENCRYPTED_DATA and MAC length. */
encrypted_len = sizeof(data->client_kp->pubkey) + encoded_enc_cell_len +
sizeof(mac);
- tor_assert(encrypted_len < RELAY_PAYLOAD_SIZE);
+ tor_assert(encrypted_len < RELAY_PAYLOAD_SIZE_MAX);
encrypted = tor_malloc_zero(encrypted_len);
/* Put the CLIENT_PK first. */
ssize_t tmp_cell_mac_offset =
sig_len + sizeof(cell->sig_len) +
trn_cell_establish_intro_getlen_handshake_mac(cell);
- uint8_t tmp_cell_enc[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t tmp_cell_enc[RELAY_PAYLOAD_SIZE_MAX] = {0};
uint8_t mac[TRUNNEL_SHA3_256_LEN], *handshake_ptr;
/* We first encode the current fields we have in the cell so we can
{
ssize_t tmp_cell_enc_len = 0;
ssize_t tmp_cell_sig_offset = (sig_len + sizeof(cell->sig_len));
- uint8_t tmp_cell_enc[RELAY_PAYLOAD_SIZE] = {0}, *sig_ptr;
+ uint8_t tmp_cell_enc[RELAY_PAYLOAD_SIZE_MAX] = {0}, *sig_ptr;
ed25519_signature_t sig;
/* We first encode the current fields we have in the cell so we can
}
/* Encode the cell. Can't be bigger than a standard cell. */
- cell_len = trn_cell_establish_intro_encode(cell_out, RELAY_PAYLOAD_SIZE,
+ cell_len = trn_cell_establish_intro_encode(cell_out,
+ RELAY_PAYLOAD_SIZE_MAX,
cell);
done:
memcpy(trn_cell_rendezvous1_getarray_handshake_info(cell),
rendezvous_handshake_info, rendezvous_handshake_info_len);
/* Encoding. */
- cell_len = trn_cell_rendezvous1_encode(cell_out, RELAY_PAYLOAD_SIZE, cell);
+ cell_len = trn_cell_rendezvous1_encode(cell_out,
+ RELAY_PAYLOAD_SIZE_MAX, cell);
tor_assert(cell_len > 0);
trn_cell_rendezvous1_free(cell);
introduce1_set_encrypted(cell, data);
/* Final encoding. */
- cell_len = trn_cell_introduce1_encode(cell_out, RELAY_PAYLOAD_SIZE, cell);
+ cell_len = trn_cell_introduce1_encode(cell_out,
+ RELAY_PAYLOAD_SIZE_MAX, cell);
trn_cell_introduce1_free(cell);
return cell_len;
hs_service_intro_point_t *ip, origin_circuit_t *circ)
{
ssize_t cell_len;
- uint8_t payload[RELAY_PAYLOAD_SIZE];
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX];
tor_assert(service);
tor_assert(ip);
origin_circuit_t *circ)
{
size_t payload_len;
- uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX] = {0};
tor_assert(service);
tor_assert(circ);
{
int ret = -1;
ssize_t payload_len;
- uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t payload[RELAY_PAYLOAD_SIZE_MAX] = {0};
hs_cell_introduce1_data_t intro1_data;
tor_assert(intro_circ);
hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
{
ssize_t cell_len = 0;
- uint8_t cell[RELAY_PAYLOAD_SIZE] = {0};
+ uint8_t cell[RELAY_PAYLOAD_SIZE_MAX] = {0};
tor_assert(circ);
tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type,
const cached_resolve_t *resolved))
{
- char buf[RELAY_PAYLOAD_SIZE], *cp = buf;
+ // (We use the minimum here to ensure that we never
+ // generate a too-big message.)
+ char buf[RELAY_PAYLOAD_SIZE_MIN], *cp = buf;
size_t buflen = 0;
uint32_t ttl;
send_resolved_hostname_cell,(edge_connection_t *conn,
const char *hostname))
{
- char buf[RELAY_PAYLOAD_SIZE];
+ char buf[RELAY_PAYLOAD_SIZE_MAX];
size_t buflen;
uint32_t ttl;
size_t namelen = strlen(hostname);
- tor_assert(namelen < 256);
+ if (BUG(namelen >= 256)) {
+ return;
+ }
ttl = conn->address_ttl;
buf[0] = RESOLVED_TYPE_HOSTNAME;
memset(b, 0, sizeof(b));
crypto_rand((char*)b, 496);
cell.command = CELL_CREATED2;
- memcpy(cell.payload, "\x01\xF1", 2);
+ memcpy(cell.payload, "\x02\xFF", 2);
tt_int_op(-1, OP_EQ, created_cell_parse(&cc, &cell));
/* Unformattable CREATED2 cell: too long! */
- cc.handshake_len = 497;
+ cc.handshake_len = 508;
tt_int_op(-1, OP_EQ, created_cell_format(&cell2, &cc));
done:
projects / thirdparty / tor.git / commitdiff
