/** Remove all TRACKEXIT mappings from the addressmap for which the target * host is unknown or no longer allowed, or for which the source address * is no longer in trackexithosts. */ void addressmap_clear_excluded_trackexithosts(const or_options_t *options) { const routerset_t *allow_nodes = options->ExitNodes; const routerset_t *exclude_nodes = options->ExcludeExitNodesUnion_; if (!addressmap) return; if (routerset_is_empty(allow_nodes)) allow_nodes = NULL; if (allow_nodes == NULL && routerset_is_empty(exclude_nodes)) return; STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) { size_t len; const char *target = ent->new_address, *dot; char *nodename; const node_t *node; if (!target) { /* DNS resolving in progress */ continue; } else if (strcmpend(target, ".exit")) { /* Not a .exit mapping */ continue; } else if (ent->source != ADDRMAPSRC_TRACKEXIT) { /* Not a trackexit mapping. */ continue; } len = strlen(target); if (len < 6) continue; /* malformed. */ dot = target + len - 6; /* dot now points to just before .exit */ while (dot > target && *dot != '.') dot--; if (*dot == '.') dot++; nodename = tor_strndup(dot, len-5-(dot-target));; node = node_get_by_nickname(nodename, 0); tor_free(nodename); if (!node || (allow_nodes && !routerset_contains_node(allow_nodes, node)) || routerset_contains_node(exclude_nodes, node) || !hostname_in_track_host_exits(options, address)) { /* We don't know this one, or we want to be rid of it. */ addressmap_ent_remove(address, ent); MAP_DEL_CURRENT(address); } } STRMAP_FOREACH_END;
/** Select and create the temporary directory we'll use to run our unit tests. * Store it in <b>temp_dir</b>. Exit immediately if we can't create it. * idempotent. */ static void setup_directory(void) { static int is_setup = 0; int r; char rnd[256], rnd32[256]; if (is_setup) return; /* Due to base32 limitation needs to be a multiple of 5. */ #define RAND_PATH_BYTES 5 crypto_rand(rnd, RAND_PATH_BYTES); base32_encode(rnd32, sizeof(rnd32), rnd, RAND_PATH_BYTES); #ifdef _WIN32 { char buf[MAX_PATH]; const char *tmp = buf; const char *extra_backslash = ""; /* If this fails, we're probably screwed anyway */ if (!GetTempPathA(sizeof(buf),buf)) tmp = "c:\\windows\\temp\\"; if (strcmpend(tmp, "\\")) { /* According to MSDN, it should be impossible for GetTempPath to give us * an answer that doesn't end with \. But let's make sure. */ extra_backslash = "\\"; } tor_snprintf(temp_dir, sizeof(temp_dir), "%s%stor_test_%d_%s", tmp, extra_backslash, (int)getpid(), rnd32); r = mkdir(temp_dir); } #else /* !(defined(_WIN32)) */ tor_snprintf(temp_dir, sizeof(temp_dir), "/tmp/tor_test_%d_%s", (int) getpid(), rnd32); r = mkdir(temp_dir, 0700); if (!r) { /* undo sticky bit so tests don't get confused. */ r = chown(temp_dir, getuid(), getgid()); } #endif /* defined(_WIN32) */ if (r) { fprintf(stderr, "Can't create directory %s:", temp_dir); perror(""); exit(1); } is_setup = 1; temp_dir_setup_in_pid = getpid(); }
/** Unregister all TrackHostExits mappings from any address to * *.exitname.exit. */ void clear_trackexithost_mappings(const char *exitname) { char *suffix = NULL; if (!addressmap || !exitname) return; tor_asprintf(&suffix, ".%s.exit", exitname); tor_strlower(suffix); STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) { if (ent->source == ADDRMAPSRC_TRACKEXIT && !strcmpend(ent->new_address, suffix)) { addressmap_ent_remove(address, ent); MAP_DEL_CURRENT(address); } } STRMAP_FOREACH_END; tor_free(suffix); }
/** Run unit tests for our random number generation function and its wrappers. */ static void test_crypto_rng(void) { int i, j, allok; char data1[100], data2[100]; double d; /* Try out RNG. */ test_assert(! crypto_seed_rng(0)); crypto_rand(data1, 100); crypto_rand(data2, 100); test_memneq(data1,data2,100); allok = 1; for (i = 0; i < 100; ++i) { uint64_t big; char *host; j = crypto_rand_int(100); if (j < 0 || j >= 100) allok = 0; big = crypto_rand_uint64(U64_LITERAL(1)<<40); if (big >= (U64_LITERAL(1)<<40)) allok = 0; big = crypto_rand_uint64(U64_LITERAL(5)); if (big >= 5) allok = 0; d = crypto_rand_double(); test_assert(d >= 0); test_assert(d < 1.0); host = crypto_random_hostname(3,8,"www.",".onion"); if (strcmpstart(host,"www.") || strcmpend(host,".onion") || strlen(host) < 13 || strlen(host) > 18) allok = 0; tor_free(host); } test_assert(allok); done: ; }
static void test_virtaddrmap_persist(void *data) { (void)data; const char *a, *b, *c; tor_addr_t addr; char *ones = NULL; addressmap_init(); // Try a hostname. a = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME, tor_strdup("foobar.baz")); tt_assert(a); tt_assert(!strcmpend(a, ".virtual")); // mock crypto_rand to repeat the same result twice; make sure we get // different outcomes. (Because even though the odds for receiving the // same 80-bit address twice is only 1/2^40, it could still happen for // some user -- but running our test through 2^40 iterations isn't // reasonable.) canned_data = "1234567890" // the first call returns this. "1234567890" // the second call returns this. "abcdefghij"; // the third call returns this. canned_data_len = 30; MOCK(crypto_rand, crypto_canned); a = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME, tor_strdup("quuxit.baz")); b = addressmap_register_virtual_address(RESOLVED_TYPE_HOSTNAME, tor_strdup("nescio.baz")); tt_assert(a); tt_assert(b); tt_str_op(a, OP_EQ, "gezdgnbvgy3tqojq.virtual"); tt_str_op(b, OP_EQ, "mfrggzdfmztwq2lk.virtual"); // Now try something to get us an ipv4 address UNMOCK(crypto_rand); tt_int_op(0,OP_EQ, parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, NULL)); a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4, tor_strdup("foobar.baz")); tt_assert(a); tt_assert(!strcmpstart(a, "192.168.")); tor_addr_parse(&addr, a); tt_int_op(AF_INET, OP_EQ, tor_addr_family(&addr)); b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4, tor_strdup("quuxit.baz")); tt_str_op(b, OP_NE, a); tt_assert(!strcmpstart(b, "192.168.")); // Try some canned entropy and verify all the we discard duplicates, // addresses that end with 0, and addresses that end with 255. MOCK(crypto_rand, crypto_canned); canned_data = "\x01\x02\x03\x04" // okay "\x01\x02\x03\x04" // duplicate "\x03\x04\x00\x00" // bad ending 1 "\x05\x05\x00\xff" // bad ending 2 "\x05\x06\x07\xf0"; // okay canned_data_len = 20; a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4, tor_strdup("wumble.onion")); b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4, tor_strdup("wumpus.onion")); tt_str_op(a, OP_EQ, "192.168.3.4"); tt_str_op(b, OP_EQ, "192.168.7.240"); // Now try IPv6! UNMOCK(crypto_rand); tt_int_op(0,OP_EQ, parse_virtual_addr_network("1010:F000::/20", AF_INET6, 0, NULL)); a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6, tor_strdup("foobar.baz")); tt_assert(a); tt_assert(!strcmpstart(a, "[1010:f")); tor_addr_parse(&addr, a); tt_int_op(AF_INET6, OP_EQ, tor_addr_family(&addr)); b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6, tor_strdup("quuxit.baz")); tt_str_op(b, OP_NE, a); tt_assert(!strcmpstart(b, "[1010:f")); // Try IPv6 with canned entropy, to make sure we detect duplicates. MOCK(crypto_rand, crypto_canned); canned_data = "acanthopterygian" // okay "cinematographist" // okay "acanthopterygian" // duplicate "acanthopterygian" // duplicate "acanthopterygian" // duplicate "cinematographist" // duplicate "coadministration"; // okay canned_data_len = 16 * 7; a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6, tor_strdup("wuffle.baz")); b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6, tor_strdup("gribble.baz")); c = addressmap_register_virtual_address(RESOLVED_TYPE_IPV6, tor_strdup("surprisingly-legible.baz")); tt_str_op(a, OP_EQ, "[1010:f16e:7468:6f70:7465:7279:6769:616e]"); tt_str_op(b, OP_EQ, "[1010:fe65:6d61:746f:6772:6170:6869:7374]"); tt_str_op(c, OP_EQ, "[1010:f164:6d69:6e69:7374:7261:7469:6f6e]"); // Try address exhaustion: make sure we can actually fail if we // get too many already-existing addresses. canned_data_len = 128*1024; canned_data = ones = tor_malloc(canned_data_len); memset(ones, 1, canned_data_len); // There is some chance this one will fail if a previous random // allocation gave out the address already. a = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4, tor_strdup("might-work.onion")); if (a) { tt_str_op(a, OP_EQ, "192.168.1.1"); } setup_capture_of_logs(LOG_WARN); // This one will definitely fail, since we've set up the RNG to hand // out "1" forever. b = addressmap_register_virtual_address(RESOLVED_TYPE_IPV4, tor_strdup("wont-work.onion")); tt_assert(b == NULL); expect_single_log_msg_containing("Ran out of virtual addresses!"); done: UNMOCK(crypto_rand); tor_free(ones); addressmap_free_all(); teardown_capture_of_logs(); }