Commit Graph

19046 Commits

Author SHA1 Message Date
intrigeri
a8dd279fa5 Add changes file for #12939. 2014-08-27 03:32:20 +00:00
intrigeri
b4170421cc systemd unit file: ensures that the process and all its children can never gain
new privileges (#12939).
2014-08-27 03:18:26 +00:00
intrigeri
c9f30c4512 systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor (#12751).
The rest of the filesystem is accessible for reading only. Still, quoting
systemd.exec(5):

  Note that restricting access with these options does not extend to submounts
  of a directory that are created later on.
2014-08-27 03:13:53 +00:00
Nick Mathewson
b2acd3580c ed25519_ref10: use uint64_t and int64_t, not long long 2014-08-26 10:58:26 -04:00
Nick Mathewson
8b36bb9299 Add headers as needed to make ed25519_ref10 compile. 2014-08-26 10:56:22 -04:00
Nick Mathewson
8594e97c03 Add some explicit casts as needed to make ed25519_ref10 compile
Apparently, ref10 likes implicit conversions from int64 to int32 more
than our warnings do.
2014-08-26 10:14:18 -04:00
Nick Mathewson
4847136d2c Integrate ed25519_ref10 into our build system. 2014-08-26 10:11:56 -04:00
Nick Mathewson
b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622
We might use libsodium or ed25519-donna later on, but for now, let's
see whether this is fast enough.  We should use it in all cases when
performance doesn't matter.
2014-08-26 10:08:44 -04:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Isis Lovecruft
374b531dba
Add published line to @type bridge-network-status documents.
This modifies the format of the bridge networkstatus documents produced
by the BridgeAuth. The new format adds a `published` line to the header
of the file, before the `flag-thresholds` line. This is done once per
networkstatus file that is written. The timestamp in the `published`
line is the standard ISO 8601 format (with a space as the separator)
used throughout the rest of tor.

 * FIXES #12951 https://bugs.torproject.org/12951
2014-08-25 23:46:17 +00:00
Nick Mathewson
051dd9c409 Remove the assigned-but-unused chosen_named_idx local variable
It had been used in consensus method 1.  But now that 13 is the
minimum (see #10163), we don't need it around.

Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
72ba1739e2 Fix another memory leak case in sandbox.c:prot_strings()
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c Use the ARRAY_LENGTH macro more consistently. 2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d Remove the non-implemented versions of the sandbox _array() functions 2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
d6033843a4 When looking for conns to close, count the age of linked queued data
Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.
2014-08-24 13:04:45 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
d31bcc4b23 Tidy status handling in rendservice.c
We had some code to fix up the 'status' return value to -1 on error
if it wasn't set, but it was unreachable because our code was
correct.  Tweak this by initializing status to -1, and then only
setting it to 0 on success.  Also add a goto which was missing: its
absence was harmless.

[CID 718614, 718616]
2014-08-22 12:23:01 -04:00
Nick Mathewson
a8cc41a230 Merge branch 'coverity_20140821' 2014-08-21 12:14:00 -04:00
Nick Mathewson
523587a5cf fix memory leak on failure in sandbox.c:prot_strings()
[CID 1205014]
2014-08-21 11:40:48 -04:00
Nick Mathewson
35b2e11755 Store sandbox params as char *, since that's what they are.
This allows coverity to infer that we aren't leaking them.

[Fixes a lot of CIDs]
2014-08-21 11:22:42 -04:00
Nick Mathewson
446e481c90 Check for duplicate arguments to tor-gencert
Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00
Nick Mathewson
a66fff6381 Mark one use of networkstatus_check_document_signature as (void)
Also explain why we aren't checking its return value.

[CID 1198197]
2014-08-21 11:22:42 -04:00
Nick Mathewson
059e33de59 remove meaningless checks for chunks==NULL in dirserv stuff
Also, make it clearer that chunks cannot be NULL

[CID 1031750, 1031751]
2014-08-21 11:22:42 -04:00
Nick Mathewson
917e1042f7 Suppress coverity warning about overflowing in safe_mem_is_zero
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 11:22:42 -04:00
Nick Mathewson
7bc25b5a78 Avoid performing an assert on an always-true value
This was freaking out coverity.

[CID 743379]
2014-08-21 11:22:42 -04:00
Nick Mathewson
c43e45d0ea Suppress coverity warning about overflowing in tor_memeq.
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 10:44:13 -04:00
Nick Mathewson
0de7565dfd Check return values for fcntl in tor_spawn_background.
[CID 718609]
2014-08-21 10:38:19 -04:00
Nick Mathewson
377b5c0510 Allow rend_service_intro_free to get called with NULL
(We allowed it previously, but produced an LD_BUG message when it
happened, which is not consistent

Also, remove inconsistent NULL checks before calling
rend_service_intro_free.

(Removing the check is for CID 718613)
2014-08-21 10:34:29 -04:00
Nick Mathewson
c9cac69ac6 Remove a dead check for errmsg in handle_control_authenticate
Coverity doesn't like doing NULL checks on things that can't be
NULL; I like checking things where the logic for their not being
NULL is nontrivial.  Let's compromise, and make it obvious that this
field can't be NULL.

[Coverity CID 202004]
2014-08-21 10:27:43 -04:00
Nick Mathewson
e6a05c1c54 Add a missing goto to an unusable branch and make the branch LD_BUG.
(It's LD_BUG to reach this point because the hashed password values
were tested earlier from options_validate)

[Coverity CID 1232091]
2014-08-21 10:21:17 -04:00
Nick Mathewson
2a0a5fe612 Explicitly cast when dividing ints then implicitly casting to double.
Coverity thinks that when we do "double x = int1/int2;", we probably
meant "double x = ((double)int1) / int2;".  In these cases, we
didn't.

[Coverity CID 1232089 and 1232090]
2014-08-21 10:19:26 -04:00
Nick Mathewson
b6a725c67e Fix memory leaks in test_entrynodes.c
[Coverity CID 1232087 and 1232088]
2014-08-21 10:18:17 -04:00
Nick Mathewson
2cf229ab60 Make the two branches of tor_tls_used_v1_handshake into one.
(Coverity thinks that "if (a) X; else X;" is probably a bug.)

[Coverity CID 1232086]
2014-08-21 10:12:54 -04:00
Nick Mathewson
916fba2243 Merge branch 'bug12205_take2_squashed' 2014-08-20 15:32:48 -04:00
Nick Mathewson
2994f00199 Whitespace fixes 2014-08-20 15:32:35 -04:00
Nick Mathewson
a5fe84b5a6 Small cleanups to test_entry_is_time_to_retry 2014-08-20 15:31:25 -04:00
rl1987
8b539cc276 Unit testing entry_is_time_to_retry(). 2014-08-20 15:29:56 -04:00
rl1987
c731a1c68f Write comments for members of periods array. 2014-08-20 15:29:56 -04:00
rl1987
197d855009 Rewriting entry_is_time_to_retry() using table approach. 2014-08-20 15:29:55 -04:00
Nick Mathewson
01a0ab02a3 Merge branch 'bug10116_squashed' 2014-08-20 14:52:24 -04:00
Nick Mathewson
7f5a440421 Don't allocate an extra smartlist in the OOM handler
Fixes issue 10116
2014-08-20 14:50:38 -04:00
Nick Mathewson
82d4b60b91 fix remaining compilation problems 2014-08-20 14:50:37 -04:00
Nick Mathewson
7c61d10c6c Fix return value of tor_fd_seekend.
Previously, we had documented it to return -1 or 0, when in fact
lseek returns -1 or the new position in the file.

This is harmless, since we were only checking for negative values
when we used tor_fd_seekend.
2014-08-20 13:49:25 -04:00
Nick Mathewson
a32913d5aa Allow named pipes for our log files.
Closes ticket 12061. Based on a patch from "carlo von lynX" on tor-dev at
  https://lists.torproject.org/pipermail/tor-dev/2014-April/006705.html
2014-08-20 13:45:16 -04:00
Nick Mathewson
fb762f6db0 Merge remote-tracking branch 'public/bug11787' 2014-08-20 13:34:02 -04:00
Nick Mathewson
c3f04f3daa Changes file for bug 11787 2014-08-20 13:33:49 -04:00