Commit Graph

13152 Commits

Author SHA1 Message Date
Nick Mathewson
02d89c5c66 Remove an extraneous "if" in the 4424 fix 2011-11-07 11:46:51 -05:00
Robert Ransom
65a0d7e7ef Don't leak an extend_info_t in rend_client_any_intro_points_usable 2011-11-07 08:35:51 -08:00
Nick Mathewson
972564630e Merge branch 'bug4383_nm' into maint-0.2.2 2011-11-03 13:23:59 -04:00
George Kadianakis
3ae96845d3 Fix a memleak when fetching descriptors for bridges in ExcludeNodes. 2011-11-03 13:23:50 -04:00
Nick Mathewson
16dbcafb06 Merge remote-tracking branch 'erinn/win-bundle-fix' into maint-0.2.2 2011-10-30 21:28:19 -04:00
Erinn Clark
a6ea34977b remove absolute path from contrib/package_nsis-mingw.sh in order to make it easier to automatically build tor expert bundle 2011-10-31 00:52:52 +00:00
Sebastian Hahn
c5c5f859d3 Add a changes file for the 4340 fix 2011-10-29 11:21:37 +02:00
Sebastian Hahn
dfdb4fde1a Disable stats requiring geoip info if we have none
In other parts of the code we will otherwise attempt to collect these
statistics, and that will lead to crashes.
2011-10-29 11:20:02 +02:00
Nick Mathewson
cf8bffa359 Discard all cells on a marked connection
Fix for bug 4299
2011-10-28 17:04:15 -04:00
Sebastian Hahn
f6b1dc2805 Fix typo, spotted by tmpname0901. Thanks! 2011-10-28 09:52:24 -04:00
Roger Dingledine
48bafb47ac bump maint-0.2.2 to 0.2.2.34-dev 2011-10-27 20:50:48 -04:00
Roger Dingledine
9c2ca5b52f Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-27 20:03:21 -04:00
Roger Dingledine
5d3095152e bump maint to 0.2.1.31 2011-10-27 20:01:58 -04:00
Robert Ransom
4684ced1b3 Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.

Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
2011-10-26 23:56:47 +02:00
Robert Ransom
00fffbc1a1 Don't give the Guard flag to relays without the CVE-2011-2768 fix 2011-10-26 23:42:39 +02:00
Robert Ransom
4d0f152aad Make tor_version_same_series non-static 2011-10-26 23:36:30 +02:00
Sebastian Hahn
df05e5ef4d Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix
Conflicts:
	src/or/connection_or.c
2011-10-26 23:30:27 +02:00
Robert Ransom
a74e7fd40f Reject create cells on outgoing OR connections from bridges 2011-10-26 23:21:14 +02:00
Robert Ransom
c05bb53508 Mark which OR connections are outgoing 2011-10-26 23:21:11 +02:00
Robert Ransom
af12c39d6d Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND
Fix suggested by Nick Mathewson.
2011-10-26 23:20:56 +02:00
Nick Mathewson
638fdedcf1 Don't send a certificate chain on outgoing TLS connections from non-relays 2011-10-26 23:20:56 +02:00
Roger Dingledine
f85c56182f Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-26 17:14:39 -04:00
Nick Mathewson
a166f10414 Remove the -F option from tor-resolve.
It used to mean "Force": it would tell tor-resolve to ask tor to
resolve an address even if it ended with .onion.  But when
AutomapHostsOnResolve was added, automatically refusing to resolve
.onion hosts stopped making sense.  So in 0.2.1.16-rc (commit
298dc95dfd), we made tor-resolve happy to resolve anything.

The -F option stayed in, though, even though it didn't do anything.
Oddly, it never got documented.

Found while fixing GCC 4.6 "set, unused variable" warnings.
2011-10-26 17:13:04 -04:00
Roger Dingledine
a68867b150 manually backport a5232e0c4c 2011-10-26 17:11:52 -04:00
Roger Dingledine
41d9d3f904 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-26 16:34:45 -04:00
Roger Dingledine
cecc5b7aa1 stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-10-26 22:09:44 +02:00
Nick Mathewson
55d9e4b8ba Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Robert Ransom
62c29a93ba Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-10-26 22:09:44 +02:00
Sebastian Hahn
9082898944 Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Nick Mathewson
4a1a89be0c Merge remote-tracking branch 'public/cov_run224_022' into maint-0.2.2 2011-10-26 11:07:28 -04:00
Nick Mathewson
d0a91386e5 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2011-10-26 14:20:47 +02:00
Sebastian Hahn
3a890b3b70 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2011-10-26 14:17:01 +02:00
Nick Mathewson
dc557e8164 Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2011-10-26 14:16:54 +02:00
Nick Mathewson
2a2301e411 Rename get_client_identity_key to get_tlsclient_identity_key 2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:16:20 +02:00
Nick Mathewson
299a78c5fe Make crypto_free_pk_env tolerate NULL arg in 0.2.1. Error-proofing against bug 988 backport 2011-10-26 14:14:05 +02:00
Robert Ransom
9976df9e56 Maintain separate server and client TLS contexts.
Fixes bug #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:13:55 +02:00
Robert Ransom
8781640111 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:08:36 +02:00
Robert Ransom
07ab559a8e Add public_server_mode function. 2011-10-26 14:03:43 +02:00
Roger Dingledine
9af3a3c419 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-26 07:47:42 -04:00
Nick Mathewson
c5a3664f27 Fix zlib macro brokenness on osx with zlib 1.2.4 and higher.
From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.
2011-10-26 07:30:11 -04:00
Roger Dingledine
ac115f1125 unmangle the fingerprint example in the man page
Remove a confusing dollar sign from the example fingerprint in the
man page, and also make example fingerprint a valid one.
2011-10-25 18:24:37 -04:00
Nick Mathewson
3cb79a0286 Merge remote-tracking branch 'rransom-tor/bug4251-022' into maint-0.2.2 2011-10-20 00:01:58 -04:00
Nick Mathewson
5aa45ed6af Fix crash when changing node restrictions with DNS lookup in progress
Fixes bug 4259, bugfix on 0.2.2.25-alpha.  Bugfix by "Tey'".

Original message by submitter:

  Changing nodes restrictions using a controller while Tor is doing
  DNS resolution could makes Tor crashes (on WinXP at least). The
  problem can be repeated by trying to reach a non-existent domain
  using Tor:

    curl --socks4a 127.0.0.1:9050 inexistantdomain.ext

  .. and changing the ExitNodes parameter through the control port
  before Tor returns a DNS resolution error (of course, the following
  command won't work directly if the control port is password
  protected):

    echo SETCONF ExitNodes=TinyTurtle | nc -v 127.0.0.1 9051

  Using a non-existent domain is needed to repeat the issue so that
  Tor takes a few seconds for resolving the domain (which allows us to
  change the configuration). Tor will crash while processing the
  configuration change.

  The bug is located in the addressmap_clear_excluded_trackexithosts
  method which iterates over the entries of the addresses map in order
  to check whether the changes made to the configuration will impact
  those entries. When a DNS resolving is in progress, the new_adress
  field of the associated entry will be set to NULL. The method
  doesn't expect this field to be NULL, hence the crash.
2011-10-19 23:14:05 -04:00
Robert Ransom
739c21e97b Free rend_data and intro_key when extra intro circs become general-purpose 2011-10-18 07:08:02 -07:00
Roger Dingledine
56180d169a Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-13 10:14:16 -04:00
Karsten Loesing
ee545cd4cb Update to the October 2011 GeoIP database. 2011-10-13 10:13:40 -04:00
Robert Ransom
9648f034c0 Update documentation comment for rend_client_reextend_intro_circuit
One of its callers assumes a non-zero result indicates a permanent failure
(i.e. the current attempt to connect to this HS either has failed or is
 doomed).  The other caller only requires that this function's result
never equal -2.

Bug reported by Sebastian Hahn.
2011-10-10 05:33:53 -07:00
Robert Ransom
274b25de12 Don't launch a useless circuit in rend_client_reextend_intro_circuit
Fixes bug 4212.  Bug reported by katmagic and found by Sebastian.
2011-10-10 03:05:19 -07:00
Nick Mathewson
f37d24c550 Note ticket and source version for feature3951 in changes file 2011-10-07 16:47:43 -04:00