From 8520071f2313ae6973082ca7cb5680a9df88ce78 Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 26 Sep 2019 17:25:17 +1000 Subject: [PATCH 1/7] Travis: Unroll the build matrix into matrix: include: The jobs should be the same, but Travis may display them differently. Part of 31859. --- .travis.yml | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/.travis.yml b/.travis.yml index a2bc6395df..b18335d743 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,14 +5,12 @@ cache: compiler: - gcc - - clang os: - linux - - osx -## The build matrix in the following stanza expands into builds for each -## OS and compiler. +## We don't use the build matrix cross-product, because it makes too many jobs +## Instead, we list each job under matrix: include: env: global: ## The Travis CI environment allows us two cores, so let's use both. @@ -23,15 +21,17 @@ env: ## We turn off asciidoc by default, because it's slow - ASCIIDOC_OPTIONS="--disable-asciidoc" matrix: - ## We want to use each build option at least once - ## - ## We don't list default variable values, because we set the defaults - ## in global (or the default is unset) + ## This matrix entry is required, but it doesn't actually create any jobs - matrix: - ## include creates builds with gcc, linux + ## include creates builds with gcc, linux, unless we override those defaults include: + ## gcc is the default compiler for most jobs, so we want a clang Linux job + - compiler: clang + ## clang is the default macOS compiler, so we use it for the macOS job + - compiler: clang + os: osx ## We include a single coverage build with the best options for coverage - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" ## We only want to check these build option combinations once @@ -52,18 +52,11 @@ matrix: ## https://github.com/travis-ci/travis-ci/issues/1696 # fast_finish: true - ## Careful! We use global envs, which makes it hard to exclude or - ## allow failures by env: + ## Careful! We use global envs, which makes it hard to allow failures by env: ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures - exclude: - ## gcc on OSX is less useful, because the default compiler is clang. - - compiler: gcc - os: osx - ## gcc on Linux with no env is redundant, because all the custom builds use - ## gcc on Linux - - compiler: gcc - os: linux - env: + # allow_failures: + # - compiler: gcc + # os: linux ## (Linux only) Use the latest Linux image (Ubuntu Trusty) dist: trusty From 4e4297830ec04da32dda1b9424847f4710cc202e Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 26 Sep 2019 17:39:46 +1000 Subject: [PATCH 2/7] Travis: Remove a redundant clang Linux job Part of 31859. --- .travis.yml | 2 -- changes/ticket31859 | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 changes/ticket31859 diff --git a/.travis.yml b/.travis.yml index b18335d743..f47fe8bb2c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,8 +27,6 @@ env: matrix: ## include creates builds with gcc, linux, unless we override those defaults include: - ## gcc is the default compiler for most jobs, so we want a clang Linux job - - compiler: clang ## clang is the default macOS compiler, so we use it for the macOS job - compiler: clang os: osx diff --git a/changes/ticket31859 b/changes/ticket31859 new file mode 100644 index 0000000000..0eb8a42e9a --- /dev/null +++ b/changes/ticket31859 @@ -0,0 +1,3 @@ + o Testing: + - Remove some redundant Travis CI jobs, to speed up CI. + Closes ticket 31859. From 1e0e23c1e48ebc388f7a16a08a3f12e01db15bfa Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 26 Sep 2019 17:44:41 +1000 Subject: [PATCH 3/7] Travis: Add a macOS chutney job, but don't wait for it to finish Since Travis macOS has IPv6 support (and Travis Linux does not), chutney will now run its IPv6 networks as part of Travis CI. But since chutney is slow, don't wait for the macOS chutney to finish. (Travis have fixed the duplicate notification bug in fast_finish. So we can use fast_finish and allow_failure to finish early. Unfortunately, allow_failure also means we ignore failures in macOS chutney.) Also make sure that we have: * a compile on each platform, with each compiler, * a check on each platform, and * a check on each compiler. Finally, sort builds: allow fail last, macOS first, slowest first. Closes ticket 30860. Closes ticket 31859 for 0.2.9. --- .travis.yml | 39 +++++++++++++++++++-------------------- changes/ticket30860 | 3 +++ changes/ticket31859 | 2 +- 3 files changed, 23 insertions(+), 21 deletions(-) create mode 100644 changes/ticket30860 diff --git a/.travis.yml b/.travis.yml index f47fe8bb2c..564c97dbfd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,34 +27,33 @@ env: matrix: ## include creates builds with gcc, linux, unless we override those defaults include: - ## clang is the default macOS compiler, so we use it for the macOS job + ## We run basic tests on macOS - compiler: clang os: osx + ## We run chutney on Linux, because it's faster than chutney on macOS + - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" + ## We check asciidoc with distcheck, to make sure we remove doc products + ## We use Linux clang, because there are no other Linux clang jobs + - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes" + compiler: clang ## We include a single coverage build with the best options for coverage - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" - ## We only want to check these build option combinations once - ## (they shouldn't vary by compiler or OS) - ## We run coverage with hardening off, which seems like enough - # - env: HARDENING_OPTIONS="" - ## We check asciidoc with distcheck, to make sure we remove doc products - - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes" - # We also try running a hardened clang build with chutney on Linux. - - env: CHUTNEY="yes" SKIP_MAKE_CHECK="yes" CHUTNEY_ALLOW_FAILURES="2" - compiler: clang + ## We run chutney on macOS, because macOS Travis has IPv6 + - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" + os: osx - ## Uncomment to allow the build to report success (with non-required - ## sub-builds continuing to run) if all required sub-builds have - ## succeeded. This is somewhat buggy currently: it can cause - ## duplicate notifications and prematurely report success if a - ## single sub-build has succeeded. See - ## https://github.com/travis-ci/travis-ci/issues/1696 - # fast_finish: true + ## Allow the build to report success (with non-required sub-builds + ## continuing to run) if all required sub-builds have succeeded. + fast_finish: true ## Careful! We use global envs, which makes it hard to allow failures by env: ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures - # allow_failures: - # - compiler: gcc - # os: linux + allow_failures: + ## macOS chutney is very slow, so we let the build finish before it's done + ## We'd like to fast finish, but still eventually show failures. + ## But Travis doesn't have that option. + - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" + os: osx ## (Linux only) Use the latest Linux image (Ubuntu Trusty) dist: trusty diff --git a/changes/ticket30860 b/changes/ticket30860 new file mode 100644 index 0000000000..b946f735c4 --- /dev/null +++ b/changes/ticket30860 @@ -0,0 +1,3 @@ + o Testing: + - Run the chutney IPv6 networks as part of Travis CI. + Closes ticket 30860. diff --git a/changes/ticket31859 b/changes/ticket31859 index 0eb8a42e9a..dbc591e00b 100644 --- a/changes/ticket31859 +++ b/changes/ticket31859 @@ -1,3 +1,3 @@ o Testing: - - Remove some redundant Travis CI jobs, to speed up CI. + - Simplify the Travis CI build matrix, and optimise for build time. Closes ticket 31859. From 4482d6fde5b0b8a0261dd31889a23b789844a486 Mon Sep 17 00:00:00 2001 From: teor Date: Tue, 1 Oct 2019 17:28:26 +1000 Subject: [PATCH 4/7] Travis: Split jobs, add essential jobs, remove redundant jobs Part of 31859 for 0.3.5. --- .travis.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1f555c69cd..670b0536fc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -46,14 +46,15 @@ matrix: ## We run chutney on macOS, because macOS Travis has IPv6 - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" os: osx - # We clone our stem repo and run `make test-stem` + ## We clone our stem repo and run `make test-stem` - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes" - ## Check rust online with distcheck, to make sure we remove rust products - - env: DISTCHECK="yes" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" - ## Check disable module dirauth with and without rust - - env: MODULES_OPTIONS="--disable-module-dirauth" RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true + ## We check disable module dirauth - env: MODULES_OPTIONS="--disable-module-dirauth" - ## Check NSS + ## We run rust on macOS, because we have seen macOS rust failures before + - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" + compiler: clang + os: osx + ## We check NSS - env: NSS_OPTIONS="--enable-nss" ## Allow the build to report success (with non-required sub-builds From 632e707397ce95632f4c059a0d285870624eaa33 Mon Sep 17 00:00:00 2001 From: teor Date: Tue, 1 Oct 2019 17:32:46 +1000 Subject: [PATCH 5/7] Travis: Keep the macOS Rust job, but don't wait for it to finish Since Rust on macOS is slow, don't wait for the macOS Rust job to finish. Instead, split rust into slow rust (macOS) and fast rust (Linux). And allow the build to finish before slow rust finishes. Also make sure that we have: * a Rust build on each platform, * a Rust build with each compiler, and * a check on all our Rust builds. Finally, sort builds: allow fail last, macOS first, slowest first. Closes 31859 for 0.3.5. --- .travis.yml | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index 670b0536fc..65088d556d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,25 +37,30 @@ matrix: ## We run basic tests on macOS - compiler: clang os: osx + ## We check NSS + ## NSS is a fast job, clang is slower on Linux, so we do NSS clang + - env: NSS_OPTIONS="--enable-nss" + compiler: clang ## We run chutney on Linux, because it's faster than chutney on macOS - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" - ## We check asciidoc with distcheck, to make sure we remove doc products - - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes" ## We include a single coverage build with the best options for coverage - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" - ## We run chutney on macOS, because macOS Travis has IPv6 - - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" - os: osx - ## We clone our stem repo and run `make test-stem` - - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes" + ## We run rust on Linux, because it's faster than rust on macOS + ## We check rust offline + - env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true + ## We check asciidoc with distcheck, to make sure we remove doc products + - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes" ## We check disable module dirauth - env: MODULES_OPTIONS="--disable-module-dirauth" ## We run rust on macOS, because we have seen macOS rust failures before - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" compiler: clang os: osx - ## We check NSS - - env: NSS_OPTIONS="--enable-nss" + ## We run chutney on macOS, because macOS Travis has IPv6 + - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" + os: osx + ## We clone our stem repo and run `make test-stem` + - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes" ## Allow the build to report success (with non-required sub-builds ## continuing to run) if all required sub-builds have succeeded. @@ -64,9 +69,12 @@ matrix: ## Careful! We use global envs, which makes it hard to allow failures by env: ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures allow_failures: - ## macOS chutney is very slow, so we let the build finish before it's done - ## We'd like to fast finish, but still eventually show failures. - ## But Travis doesn't have that option. + ## macOS rust and chutney are very slow, so we let the build finish before + ## they are done. We'd like to fast finish, but still eventually show + ## any failures in the build status. But Travis doesn't have that ability. + - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" + compiler: clang + os: osx - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" os: osx ## test-stem sometimes hangs on Travis From b0bf7e7b606e45cff5988106febe157009c2f561 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 2 Oct 2019 10:09:02 +1000 Subject: [PATCH 6/7] Travis: Allow the build to finish before the macOS Rust job When we merged TOR_RUST_VERSION from master, the allow_failures rule did not match any more. Update it to make it match. Closes 31859 for master. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ec3827d316..00c967e341 100644 --- a/.travis.yml +++ b/.travis.yml @@ -74,7 +74,7 @@ matrix: ## macOS rust and chutney are very slow, so we let the build finish before ## they are done. We'd like to fast finish, but still eventually show ## any failures in the build status. But Travis doesn't have that ability. - - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" + - env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" compiler: clang os: osx - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" From 09e6c0f7c7b91a73c73df197e45072a96240ea8d Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 15 Oct 2019 08:54:11 -0400 Subject: [PATCH 7/7] hs-v3: Fix possible memory leak in error code path Found by coverity CID 1454769. There were a second possible leak that is also fixed in this commit. Fixes #32063 Signed-off-by: David Goulet --- changes/ticket32063 | 3 +++ src/feature/hs/hs_cell.c | 13 +++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 changes/ticket32063 diff --git a/changes/ticket32063 b/changes/ticket32063 new file mode 100644 index 0000000000..2c0246917c --- /dev/null +++ b/changes/ticket32063 @@ -0,0 +1,3 @@ + o Minor bugfixes (hs-v3, memory leak): + - Fix memory leak in unlikely error code path when encoding HS DoS establish + intro extension cell. Fixes bug 32063; bugfix on 0.4.2.1-alpha. diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index d691a1b007..df59f73c1b 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -503,8 +503,8 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, ssize_t ret; size_t dos_ext_encoded_len; uint8_t *field_array; - trn_cell_extension_field_t *field; - trn_cell_extension_dos_t *dos_ext; + trn_cell_extension_field_t *field = NULL; + trn_cell_extension_dos_t *dos_ext = NULL; tor_assert(service_config); tor_assert(extensions); @@ -530,7 +530,7 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, /* Set the field with the encoded DoS extension. */ ret = trn_cell_extension_dos_encoded_len(dos_ext); if (BUG(ret <= 0)) { - return -1; + goto err; } dos_ext_encoded_len = ret; /* Set length field and the field array size length. */ @@ -541,7 +541,7 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, ret = trn_cell_extension_dos_encode(field_array, trn_cell_extension_field_getlen_field(field), dos_ext); if (BUG(ret <= 0)) { - return -1; + goto err; } tor_assert(ret == (ssize_t) dos_ext_encoded_len); @@ -557,6 +557,11 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, trn_cell_extension_dos_free(dos_ext); return 0; + + err: + trn_cell_extension_field_free(field); + trn_cell_extension_dos_free(dos_ext); + return -1; } /* ========== */