Merge remote-tracking branch 'origin/maint-0.2.4'

This commit is contained in:
Nick Mathewson 2013-03-19 16:15:39 -04:00
commit c547502ecb
7 changed files with 59 additions and 2 deletions

4
changes/ticket8240 Normal file
View File

@ -0,0 +1,4 @@
o Major security fixes:
- Make the default guard lifetime controllable via a new
GuardLifetime torrc option and a GuardLifetime consensus
parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.

View File

@ -1049,6 +1049,12 @@ The following options are useful only for clients (that is, if
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
have at least NUM routers to use as directory guards. (Default: 3) have at least NUM routers to use as directory guards. (Default: 3)
**GuardLifetime** __N__ **days**|**weeks**|**months**::
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before
picking a new one. If zero, we use the GuardLifetime parameter from the
consensus directory. No value here may be less than 1 month or greater
than 5 years; out-of-range values are clamped. (Default: 0)
**SafeSocks** **0**|**1**:: **SafeSocks** **0**|**1**::
When this option is enabled, Tor will reject application connections that When this option is enabled, Tor will reject application connections that
use unsafe variants of the socks protocol -- ones that only provide an IP use unsafe variants of the socks protocol -- ones that only provide an IP

View File

@ -172,6 +172,17 @@ int n_bits_set_u8(uint8_t v);
* overflow. */ * overflow. */
#define CEIL_DIV(a,b) (((a)+(b)-1)/(b)) #define CEIL_DIV(a,b) (((a)+(b)-1)/(b))
/* Return <b>v</b> if it's between <b>min</b> and <b>max</b>. Otherwise
* return <b>min</b> if <b>v</b> is smaller than <b>min</b>, or <b>max</b> if
* <b>b</b> is larger than <b>max</b>.
*
* Requires that <b>min</b> is no more than <b>max</b>. May evaluate any of
* its arguments more than once! */
#define CLAMP(min,v,max) \
( ((v) < (min)) ? (min) : \
((v) > (max)) ? (max) : \
(v) )
/* String manipulation */ /* String manipulation */
/** Allowable characters in a hexadecimal string. */ /** Allowable characters in a hexadecimal string. */

View File

@ -255,6 +255,7 @@ static config_var_t option_vars_[] = {
#endif #endif
OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"), OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
OBSOLETE("Group"), OBSOLETE("Group"),
V(GuardLifetime, INTERVAL, "0 minutes"),
V(HardwareAccel, BOOL, "0"), V(HardwareAccel, BOOL, "0"),
V(HeartbeatPeriod, INTERVAL, "6 hours"), V(HeartbeatPeriod, INTERVAL, "6 hours"),
V(AccelName, STRING, NULL), V(AccelName, STRING, NULL),

View File

@ -1103,6 +1103,8 @@ static struct unit_table_t time_units[] = {
{ "days", 24*60*60 }, { "days", 24*60*60 },
{ "week", 7*24*60*60 }, { "week", 7*24*60*60 },
{ "weeks", 7*24*60*60 }, { "weeks", 7*24*60*60 },
{ "month", 2629728, }, /* about 30.437 days */
{ "months", 2629728, },
{ NULL, 0 }, { NULL, 0 },
}; };

View File

@ -24,6 +24,7 @@
#include "entrynodes.h" #include "entrynodes.h"
#include "main.h" #include "main.h"
#include "microdesc.h" #include "microdesc.h"
#include "networkstatus.h"
#include "nodelist.h" #include "nodelist.h"
#include "policies.h" #include "policies.h"
#include "router.h" #include "router.h"
@ -336,6 +337,9 @@ control_event_guard_deferred(void)
#endif #endif
} }
/** Largest amount that we'll backdate chosen_on_date */
#define CHOSEN_ON_DATE_SLOP (30*86400)
/** Add a new (preferably stable and fast) router to our /** Add a new (preferably stable and fast) router to our
* entry_guards list. Return a pointer to the router if we succeed, * entry_guards list. Return a pointer to the router if we succeed,
* or NULL if we can't find any more suitable entries. * or NULL if we can't find any more suitable entries.
@ -449,6 +453,32 @@ entry_guard_free(entry_guard_t *e)
tor_free(e); tor_free(e);
} }
/**
* Return the minimum lifetime of working entry guard, in seconds,
* as given in the consensus networkstatus. (Plus CHOSEN_ON_DATE_SLOP,
* so that we can do the chosen_on_date randomization while achieving the
* desired minimum lifetime.)
*/
static int32_t
guards_get_lifetime(void)
{
const or_options_t *options = get_options();
#define DFLT_GUARD_LIFETIME (86400 * 30) /* One month. */
#define MIN_GUARD_LIFETIME (86400 * 60) /* Two months. */
#define MAX_GUARD_LIFETIME (86400 * 1826) /* Five years. */
if (options->GuardLifetime >= 1) {
return CLAMP(MIN_GUARD_LIFETIME,
options->GuardLifetime,
MAX_GUARD_LIFETIME) + CHOSEN_ON_DATE_SLOP;
}
return networkstatus_get_param(NULL, "GuardLifetime",
DFLT_GUARD_LIFETIME,
MIN_GUARD_LIFETIME,
MAX_GUARD_LIFETIME) + CHOSEN_ON_DATE_SLOP;
}
/** Remove any entry guard which was selected by an unknown version of Tor, /** Remove any entry guard which was selected by an unknown version of Tor,
* or which was selected by a version of Tor that's known to select * or which was selected by a version of Tor that's known to select
* entry guards badly, or which was selected more 2 months ago. */ * entry guards badly, or which was selected more 2 months ago. */
@ -458,6 +488,7 @@ static int
remove_obsolete_entry_guards(time_t now) remove_obsolete_entry_guards(time_t now)
{ {
int changed = 0, i; int changed = 0, i;
int32_t guard_lifetime = guards_get_lifetime();
for (i = 0; i < smartlist_len(entry_guards); ++i) { for (i = 0; i < smartlist_len(entry_guards); ++i) {
entry_guard_t *entry = smartlist_get(entry_guards, i); entry_guard_t *entry = smartlist_get(entry_guards, i);
@ -488,8 +519,8 @@ remove_obsolete_entry_guards(time_t now)
} }
tor_free(tor_ver); tor_free(tor_ver);
} }
if (!version_is_bad && entry->chosen_on_date + 3600*24*60 < now) { if (!version_is_bad && entry->chosen_on_date + guard_lifetime < now) {
/* It's been 2 months since the date listed in our state file. */ /* It's been too long since the date listed in our state file. */
msg = "was selected several months ago"; msg = "was selected several months ago";
date_is_bad = 1; date_is_bad = 1;
} }

View File

@ -4029,6 +4029,8 @@ typedef struct {
* should guess a suitable value. */ * should guess a suitable value. */
int SSLKeyLifetime; int SSLKeyLifetime;
/** How long (seconds) do we keep a guard before picking a new one? */
int GuardLifetime;
} or_options_t; } or_options_t;
/** Persistent state for an onion router, as saved to disk. */ /** Persistent state for an onion router, as saved to disk. */