mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Merge remote-tracking branch 'origin/maint-0.2.4'
This commit is contained in:
commit
c547502ecb
4
changes/ticket8240
Normal file
4
changes/ticket8240
Normal file
@ -0,0 +1,4 @@
|
||||
o Major security fixes:
|
||||
- Make the default guard lifetime controllable via a new
|
||||
GuardLifetime torrc option and a GuardLifetime consensus
|
||||
parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.
|
@ -1049,6 +1049,12 @@ The following options are useful only for clients (that is, if
|
||||
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
|
||||
have at least NUM routers to use as directory guards. (Default: 3)
|
||||
|
||||
**GuardLifetime** __N__ **days**|**weeks**|**months**::
|
||||
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before
|
||||
picking a new one. If zero, we use the GuardLifetime parameter from the
|
||||
consensus directory. No value here may be less than 1 month or greater
|
||||
than 5 years; out-of-range values are clamped. (Default: 0)
|
||||
|
||||
**SafeSocks** **0**|**1**::
|
||||
When this option is enabled, Tor will reject application connections that
|
||||
use unsafe variants of the socks protocol -- ones that only provide an IP
|
||||
|
@ -172,6 +172,17 @@ int n_bits_set_u8(uint8_t v);
|
||||
* overflow. */
|
||||
#define CEIL_DIV(a,b) (((a)+(b)-1)/(b))
|
||||
|
||||
/* Return <b>v</b> if it's between <b>min</b> and <b>max</b>. Otherwise
|
||||
* return <b>min</b> if <b>v</b> is smaller than <b>min</b>, or <b>max</b> if
|
||||
* <b>b</b> is larger than <b>max</b>.
|
||||
*
|
||||
* Requires that <b>min</b> is no more than <b>max</b>. May evaluate any of
|
||||
* its arguments more than once! */
|
||||
#define CLAMP(min,v,max) \
|
||||
( ((v) < (min)) ? (min) : \
|
||||
((v) > (max)) ? (max) : \
|
||||
(v) )
|
||||
|
||||
/* String manipulation */
|
||||
|
||||
/** Allowable characters in a hexadecimal string. */
|
||||
|
@ -255,6 +255,7 @@ static config_var_t option_vars_[] = {
|
||||
#endif
|
||||
OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
|
||||
OBSOLETE("Group"),
|
||||
V(GuardLifetime, INTERVAL, "0 minutes"),
|
||||
V(HardwareAccel, BOOL, "0"),
|
||||
V(HeartbeatPeriod, INTERVAL, "6 hours"),
|
||||
V(AccelName, STRING, NULL),
|
||||
|
@ -1103,6 +1103,8 @@ static struct unit_table_t time_units[] = {
|
||||
{ "days", 24*60*60 },
|
||||
{ "week", 7*24*60*60 },
|
||||
{ "weeks", 7*24*60*60 },
|
||||
{ "month", 2629728, }, /* about 30.437 days */
|
||||
{ "months", 2629728, },
|
||||
{ NULL, 0 },
|
||||
};
|
||||
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include "entrynodes.h"
|
||||
#include "main.h"
|
||||
#include "microdesc.h"
|
||||
#include "networkstatus.h"
|
||||
#include "nodelist.h"
|
||||
#include "policies.h"
|
||||
#include "router.h"
|
||||
@ -336,6 +337,9 @@ control_event_guard_deferred(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Largest amount that we'll backdate chosen_on_date */
|
||||
#define CHOSEN_ON_DATE_SLOP (30*86400)
|
||||
|
||||
/** Add a new (preferably stable and fast) router to our
|
||||
* entry_guards list. Return a pointer to the router if we succeed,
|
||||
* or NULL if we can't find any more suitable entries.
|
||||
@ -449,6 +453,32 @@ entry_guard_free(entry_guard_t *e)
|
||||
tor_free(e);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the minimum lifetime of working entry guard, in seconds,
|
||||
* as given in the consensus networkstatus. (Plus CHOSEN_ON_DATE_SLOP,
|
||||
* so that we can do the chosen_on_date randomization while achieving the
|
||||
* desired minimum lifetime.)
|
||||
*/
|
||||
static int32_t
|
||||
guards_get_lifetime(void)
|
||||
{
|
||||
const or_options_t *options = get_options();
|
||||
#define DFLT_GUARD_LIFETIME (86400 * 30) /* One month. */
|
||||
#define MIN_GUARD_LIFETIME (86400 * 60) /* Two months. */
|
||||
#define MAX_GUARD_LIFETIME (86400 * 1826) /* Five years. */
|
||||
|
||||
if (options->GuardLifetime >= 1) {
|
||||
return CLAMP(MIN_GUARD_LIFETIME,
|
||||
options->GuardLifetime,
|
||||
MAX_GUARD_LIFETIME) + CHOSEN_ON_DATE_SLOP;
|
||||
}
|
||||
|
||||
return networkstatus_get_param(NULL, "GuardLifetime",
|
||||
DFLT_GUARD_LIFETIME,
|
||||
MIN_GUARD_LIFETIME,
|
||||
MAX_GUARD_LIFETIME) + CHOSEN_ON_DATE_SLOP;
|
||||
}
|
||||
|
||||
/** Remove any entry guard which was selected by an unknown version of Tor,
|
||||
* or which was selected by a version of Tor that's known to select
|
||||
* entry guards badly, or which was selected more 2 months ago. */
|
||||
@ -458,6 +488,7 @@ static int
|
||||
remove_obsolete_entry_guards(time_t now)
|
||||
{
|
||||
int changed = 0, i;
|
||||
int32_t guard_lifetime = guards_get_lifetime();
|
||||
|
||||
for (i = 0; i < smartlist_len(entry_guards); ++i) {
|
||||
entry_guard_t *entry = smartlist_get(entry_guards, i);
|
||||
@ -488,8 +519,8 @@ remove_obsolete_entry_guards(time_t now)
|
||||
}
|
||||
tor_free(tor_ver);
|
||||
}
|
||||
if (!version_is_bad && entry->chosen_on_date + 3600*24*60 < now) {
|
||||
/* It's been 2 months since the date listed in our state file. */
|
||||
if (!version_is_bad && entry->chosen_on_date + guard_lifetime < now) {
|
||||
/* It's been too long since the date listed in our state file. */
|
||||
msg = "was selected several months ago";
|
||||
date_is_bad = 1;
|
||||
}
|
||||
|
@ -4029,6 +4029,8 @@ typedef struct {
|
||||
* should guess a suitable value. */
|
||||
int SSLKeyLifetime;
|
||||
|
||||
/** How long (seconds) do we keep a guard before picking a new one? */
|
||||
int GuardLifetime;
|
||||
} or_options_t;
|
||||
|
||||
/** Persistent state for an onion router, as saved to disk. */
|
||||
|
Loading…
Reference in New Issue
Block a user