Restrict unix: addresses to control and socks for now

2025-02-24 06:48:05 +01:00 · 2015-01-29 14:51:59 -05:00 · 2015-01-29 14:51:59 -05:00 · 4c1a779539
commit 4c1a779539
parent 204374f7d9
3 changed files with 26 additions and 8 deletions
--- a/src/or/config.c
+++ b/src/or/config.c
@ -5862,6 +5862,12 @@ parse_port_config(smartlist_t *out,
      goto err;
    }

+    if (unix_socket_path &&
+        ! conn_listener_type_supports_af_unix(listener_type)) {
+      log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname);
+      goto err;
+    }
+
    if (unix_socket_path) {
      port = 1;
    } else if (is_unix_socket) {
--- a/src/or/connection.c
+++ b/src/or/connection.c
@ -449,6 +449,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b)
  conn_b->linked_conn = conn_a;
 }

+/** Return true iff the provided connection listener type supports AF_UNIX
+ * sockets. */
+int
+conn_listener_type_supports_af_unix(int type)
+{
+  /* For now only control ports or SOCKS ports can be Unix domain sockets
+   * and listeners at the same time */
+  switch (type) {
+    case CONN_TYPE_CONTROL_LISTENER:
+    case CONN_TYPE_AP_LISTENER:
+      return 1;
+    default:
+      return 0;
+  }
+}
+
 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
 * necessary, close its socket if necessary, and mark the directory as dirty
 * if <b>conn</b> is an OR or OP connection.
@ -516,8 +532,7 @@ connection_free_(connection_t *conn)
    if (conn->socket_family == AF_UNIX) {
      /* For now only control and SOCKS ports can be Unix domain sockets
       * and listeners at the same time */
-      tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER ||
-                 conn->type == CONN_TYPE_AP_LISTENER);
+      tor_assert(conn_listener_type_supports_af_unix(conn->type));

      if (unlink(conn->address) < 0 && errno != ENOENT) {
        log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
@ -1172,17 +1187,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
    }
 #ifdef HAVE_SYS_UN_H
  /*
-   * AF_UNIX generic setup stuff (this covers both CONN_TYPE_CONTROL_LISTENER
-   * and CONN_TYPE_AP_LISTENER cases)
+   * AF_UNIX generic setup stuff
   */
  } else if (listensockaddr->sa_family == AF_UNIX) {
    /* We want to start reading for both AF_UNIX cases */
    start_reading = 1;

-    /* For now only control ports or SOCKS ports can be Unix domain sockets
-     * and listeners at the same time */
-    tor_assert(type == CONN_TYPE_CONTROL_LISTENER ||
-               type == CONN_TYPE_AP_LISTENER);
+    tor_assert(conn_listener_type_supports_af_unix(type));

    if (check_location_for_unix_socket(options, address,
          (type == CONN_TYPE_CONTROL_LISTENER) ?
--- a/src/or/connection.h
+++ b/src/or/connection.h
@ -17,6 +17,7 @@

 const char *conn_type_to_string(int type);
 const char *conn_state_to_string(int type, int state);
+int conn_listener_type_supports_af_unix(int type);

 dir_connection_t *dir_connection_new(int socket_family);
 or_connection_t *or_connection_new(int type, int socket_family);