Commit Graph

23613 Commits

Author SHA1 Message Date
Alexander Færøy
0429072495 Lower log level of unlink() errors in networkstatus_set_current_consensus().
In this patch we lower the log level of the failures for the three calls
to unlink() in networkstatus_set_current_consensus(). These errors might
trigger on Windows because the memory mapped consensus file keeps the
file in open state even after we have close()'d it. Windows will then
error on the unlink() call with a "Permission denied" error.

The consequences of ignoring these errors is that we leave an unused
file around on the file-system, which is an easier way to fix this
problem right now than refactoring networkstatus_set_current_consensus().

See: https://bugs.torproject.org/29930
2019-04-25 01:59:37 +02:00
teor
231036a110
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-04-19 12:00:41 +10:00
teor
742b5b32d5
Merge remote-tracking branch 'tor-github/pr/710' into maint-0.3.5 2019-04-19 11:52:48 +10:00
teor
cb084de5e5
Merge remote-tracking branch 'tor-github/pr/726' into maint-0.3.5 2019-04-19 11:51:05 +10:00
teor
2ae67fee42
Merge remote-tracking branch 'tor-github/pr/745' into maint-0.3.5 2019-04-19 11:48:41 +10:00
teor
116970dda7
Merge remote-tracking branch 'tor-github/pr/946' into maint-0.3.4 2019-04-19 11:47:10 +10:00
teor
b1762f8d12
Merge remote-tracking branch 'tor-github/pr/638' into maint-0.3.4 2019-04-19 11:44:38 +10:00
teor
8154b33f9c
Merge remote-tracking branch 'tor-github/pr/791' into maint-0.3.4 2019-04-19 11:43:46 +10:00
teor
2460b4461f
Merge remote-tracking branch 'tor-github/pr/792' into maint-0.2.9 2019-04-19 11:42:09 +10:00
teor
ec213ae8a0
Merge remote-tracking branch 'tor-github/pr/772' into maint-0.2.9 2019-04-19 11:38:52 +10:00
George Kadianakis
6a179b1072 Merge branch 'tor-github/pr/891' into maint-0.4.0 2019-04-18 13:21:59 +03:00
teor
031ed59dba
test/relay: add a missing typedef
In 0.3.4 and later, these functions are declared in rephist.h:
STATIC uint64_t find_largest_max(bw_array_t *b);
STATIC void commit_max(bw_array_t *b);
STATIC void advance_obs(bw_array_t *b);

But in 0.2.9, they are declared in rephist.c and test_relay.c.

So compilers fail with a "must use 'struct' tag" error.

We add the missing struct typedef in test_relay.c, to match the
declarations in rephist.c.

(Merge commit 813019cc57 moves these functions into rephist.h instead.)

Fixes bug 30184; not in any released version of Tor.
2019-04-17 11:14:05 +10:00
Bernhard M. Wiedemann
8c4e68438d Do not warn about compatible OpenSSL upgrades
When releasing OpenSSL patch-level maintenance updates,
we do not want to rebuild binaries using it.
And since they guarantee ABI stability, we do not have to.

Without this patch, warning messages were produced
that confused users:
https://bugzilla.opensuse.org/show_bug.cgi?id=1129411

Fixes bug 30190; bugfix on 0.2.4.2-alpha commit 7607ad2bec

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
2019-04-17 01:55:04 +02:00
teor
05d25d06b6
rephist: fix an undeclared type compilation error
In 0.3.4 and later, we declare write_array as:
extern struct bw_array_t *write_array;
...
typedef struct bw_array_t bw_array_t;

But in 0.2.9, we declare write_array as:
typedef struct bw_array_t bw_array_t;
extern bw_array_t *write_array;

And then again in rephist.c:
typedef struct bw_array_t bw_array_t;

So some compilers fail with a duplicate declaration error.

We backport 684b396ce5, which removes the duplicate declaration.
And this commit deals with the undeclared type error.

Backports a single line from merge commit 813019cc57.

Fixes bug 30184; not in any released version of Tor.
2019-04-16 15:39:45 +10:00
Nick Mathewson
684b396ce5
Remove another needless typedef 2019-04-16 15:33:14 +10:00
Nick Mathewson
950d890f77 In warn_if_nul_found, log surrounding context.
We need to encode here instead of doing escaped(), since fwict
escaped() does not currently handle NUL bytes.

Also, use warn_if_nul_found in more cases to avoid duplication.
2019-04-15 15:33:09 -04:00
Nick Mathewson
0c42ddf28c fixup! Even more diagnostic messages for bug 28223.
Use TOR_PRIuSZ in place of %zu.
2019-04-15 15:21:18 -04:00
Nick Mathewson
802ac8ad61 Use a tor_abort_() wrapper in our util_bug.h macros
Previously, our use of abort() would break anywhere that we didn't
include stdlib.h.  This was especially troublesome in case where
tor_assert_nonfatal() was used with ALL_BUGS_ARE_FATAL, since that
one seldom gets tested.

As an alternative, we could have just made this header include
stdlib.h.  But that seems bloaty.

Fixes bug 30189; bugfix on 0.3.4.1-alpha.
2019-04-15 14:16:23 -04:00
George Kadianakis
15591e1bbd Merge branch 'tor-github/pr/948' into maint-0.4.0 2019-04-15 13:56:37 +03:00
teor
1177818c32
Merge branch 'rust-panic1-035' into rust-panic1-040 2019-04-15 10:18:59 +10:00
teor
a6d0420f7c
Merge branch 'rust-panic1-034' into rust-panic1-035
Trivial merge: a blank line was removed between 0.3.4 and 0.3.5.
2019-04-15 10:18:01 +10:00
teor
5ab5c8ec15
Merge branch 'rust-panic1' into rust-panic1-034 2019-04-15 10:15:02 +10:00
Nick Mathewson
85ff6f9114 Fix a memory leak on failure to create keys directory.
Fixes bug 30148, which is also CID 1437429 and CID 1437454. Bugfix
on 0.3.3.1-alpha, when separate key directories became a thing.
2019-04-11 18:18:14 -04:00
Nick Mathewson
40471d73e5 bump to 0.4.0.4-rc-dev 2019-04-11 17:05:38 -04:00
Nick Mathewson
b2fc57426c Bump version to 0.4.0.4-rc 2019-04-10 11:51:49 -04:00
Nick Mathewson
412bcc5b2a Merge remote-tracking branch 'tor-github/pr/926' into maint-0.4.0 2019-04-10 11:31:33 -04:00
Tobias Stoeckmann
9ce0bdd226 Prevent double free on huge files with 32 bit.
The function compat_getdelim_ is used for tor_getline if tor is compiled
on a system that lacks getline and getdelim. These systems should be
very rare, considering that getdelim is POSIX.

If this system is further a 32 bit architecture, it is possible to
trigger a double free with huge files.

If bufsiz has been already increased to 2 GB, the next chunk would
be 4 GB in size, which wraps around to 0 due to 32 bit limitations.

A realloc(*buf, 0) could be imagined as "free(*buf); return malloc(0);"
which therefore could return NULL. The code in question considers
that an error, but will keep the value of *buf pointing to already
freed memory.

The caller of tor_getline() would free the pointer again, therefore
leading to a double free.

This code can only be triggered in dirserv_read_measured_bandwidths
with a huge measured bandwith list file on a system that actually
allows to reach 2 GB of space through realloc.

It is not possible to trigger this on Linux with glibc or other major
*BSD systems even on unit tests, because these systems cannot reach
so much memory due to memory fragmentation.

This patch is effectively based on the penetration test report of
cure53 for curl available at https://cure53.de/pentest-report_curl.pdf
and explained under section "CRL-01-007 Double-free in aprintf() via
unsafe size_t multiplication (Medium)".
2019-04-10 12:46:27 +03:00
teor
12b9bfc05f
test: Also avoid reading the system default torrc in integration tests
Part of 29702.
2019-04-10 19:03:43 +10:00
rl1987
93dcfc6593
Use empty torrc file when launching tor in test_rebind.py 2019-04-10 18:45:21 +10:00
teor
454bdb22ee
Merge remote-tracking branch 'tor-github/pr/920' into maint-0.4.0 2019-04-10 18:26:49 +10:00
Nick Mathewson
ffdca3dd14 Merge branch 'bug29922_035' into maint-0.4.0 2019-04-09 13:49:58 -04:00
Nick Mathewson
9f3f99938e Actually I believe this should be an EINVAL. 2019-04-09 13:49:10 -04:00
Tobias Stoeckmann
a628e36024 Check return value of buf_move_to_buf for error.
If the concatenation of connection buffer and the buffer of linked
connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
error value.

This value is currently casted to size_t (variable n_read) and will
erroneously lead to an increasement of variable "max_to_read".

This in turn can be used to call connection_buf_read_from_socket to
store more data inside the buffer than expected and clogging the
connection buffer.

If the linked connection buffer was able to overflow INT_MAX, the call
of buf_move_to_buf would have previously internally triggered an integer
overflow, corrupting the state of the connection buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:05:22 -04:00
Tobias Stoeckmann
5a6ab3e7db Protect buffers against INT_MAX datalen overflows.
Many buffer functions have a hard limit of INT_MAX for datalen, but
this limitation is not enforced in all functions:

- buf_move_all may exceed that limit with too many chunks
- buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
- buf_new_with_data may exceed that limit (unit tests only)

This patch adds some annotations in some buf_pos_t functions to
guarantee that no out of boundary access could occur even if another
function lacks safe guards against datalen overflows.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:05:14 -04:00
Tobias Stoeckmann
0fa95308fe Check return value of buf_move_to_buf for error.
If the concatenation of connection buffer and the buffer of linked
connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
error value.

This value is currently casted to size_t (variable n_read) and will
erroneously lead to an increasement of variable "max_to_read".

This in turn can be used to call connection_buf_read_from_socket to
store more data inside the buffer than expected and clogging the
connection buffer.

If the linked connection buffer was able to overflow INT_MAX, the call
of buf_move_to_buf would have previously internally triggered an integer
overflow, corrupting the state of the connection buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:00:14 -04:00
Tobias Stoeckmann
74b2bc43fb Protect buffers against INT_MAX datalen overflows.
Many buffer functions have a hard limit of INT_MAX for datalen, but
this limitation is not enforced in all functions:

- buf_move_all may exceed that limit with too many chunks
- buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
- buf_new_with_data may exceed that limit (unit tests only)

This patch adds some annotations in some buf_pos_t functions to
guarantee that no out of boundary access could occur even if another
function lacks safe guards against datalen overflows.

  [This is a backport of the submitted patch to 0.2.9, where the
  buf_move_to_buf and buf_new_with_data functions did not exist.]
2019-04-09 11:59:20 -04:00
George Kadianakis
c7cf49dc3c Merge branch 'tor-github/pr/915' into maint-0.4.0 2019-04-09 12:24:52 +03:00
teor
92e8bdf296
Merge remote-tracking branch 'tor-github/pr/892' into maint-0.4.0 2019-04-09 11:35:41 +10:00
Nick Mathewson
a63bd87760 Detect and suppress an additional gmtime() warning in test_util.c
Fixes bug 29922; bugfix on 0.2.9.3-alpha when we tried to capture
all these warnings.  No need to backport any farther than 0.3.5,
though -- these warnings don't cause test failures before then.

This one was tricky to find because apparently it only happened on
_some_ windows builds.
2019-04-08 17:02:14 -04:00
teor
b100c9e980
Merge remote-tracking branch 'tor-github/pr/911' into maint-0.4.0 2019-04-06 12:15:41 +10:00
Nick Mathewson
5cb94cbf9d
NSS: disable TLS1.2 SHA-384 ciphersuites.
In current NSS versions, these ciphersuites don't work with
SSL_ExportKeyingMaterial(), which was causing relays to fail when
they tried to negotiate the v3 link protocol authentication.

Fixes bug 29241; bugfix on 0.4.0.1-alpha.
2019-04-06 11:06:34 +10:00
Nick Mathewson
680fd3f8fb
NSS: Log an error message when SSL_ExportKeyingMaterial() fails
Diagnostic for 29241.
2019-04-06 11:06:22 +10:00
teor
48e990359b
Merge branch 'maint-0.2.9' into maint-0.3.4 2019-04-06 09:33:11 +10:00
George Kadianakis
071a000d67 Merge branch 'tor-github/pr/906' into maint-0.4.0 2019-04-05 16:44:59 +03:00
George Kadianakis
217db9efe1 Merge branch 'tor-github/pr/902' into maint-0.4.0 2019-04-05 14:53:33 +03:00
George Kadianakis
747b74c182 Merge branch 'tor-github/pr/800' into maint-0.4.0 2019-04-05 14:51:21 +03:00
teor
da678213e0
circuitpadding: comment fixes 2019-04-05 12:17:21 +10:00
teor
387d9448de
test/circuitpadding: Delete circuitpadding_circuitsetup_machine()
This test was disabled in 0.4.0 and later, but the fix in #29298 was only
merged to 0.4.1. So this test will never be re-enabled in 0.4.0.

Part of 29500.
2019-04-05 12:17:10 +10:00
Mike Perry
b733044f7a
Bug #29500: Fix monotime mocking in circpad unittests.
Our monotime mocking forces us to call monotime_init() *before* we set the
mocked time value. monotime_init() thus stores the first ratchet value at
whatever the platform is at, and then we set fake mocked time to some later
value.

If monotime_init() gets a value from the host that is greater than what we
choose to mock time at for our unittests, all subsequent monotime_abosolute()
calls return zero, which breaks all unittests that depend on time moving
forward by updating mocked monotime values.

So, we need to adjust our mocked time to take the weird monotime_init() time
into account, when we set fake time.
2019-04-05 12:15:55 +10:00
Mike Perry
b027b06dbb
Bug 29500: Start monotime at 1000 nsec.
Hopefully this will stop monotime_absolute_usec() from returning 0 on some
platforms in the tests.
2019-04-05 12:14:11 +10:00
Mike Perry
1f48c6cd83
Bug 29500: Attempt to fix the tokens test.
Cancel the padding timer by changing order of sent vs recv (sent cancels).
2019-04-05 12:13:19 +10:00
Nick Mathewson
d016bbaa7d Merge branch 'bug29959_040_squashed' into maint-0.4.0 2019-04-04 20:26:47 -04:00
teor
8e961b2174 bwauth: Actually include the bandwidth-file-digest in authority votes
Fixes bug 29959; bugfix on 0.4.0.2-alpha.
2019-04-04 20:26:09 -04:00
Nick Mathewson
d194f6bedf Implement an DormantCanceledByStartup option
Closes ticket 29357, and comes with appropriate notions of caution.
2019-04-04 11:48:36 -04:00
Nick Mathewson
db1c1dba34 Merge branch 'bug30021_029' into bug30021_035 2019-04-04 11:26:33 -04:00
Nick Mathewson
1710f4bbd6 Do not cache bogus results from classifying client ciphers
When classifying a client's selection of TLS ciphers, if the client
ciphers are not yet available, do not cache the result. Previously,
we had cached the unavailability of the cipher list and never looked
again, which in turn led us to assume that the client only supported
the ancient V1 link protocol.  This, in turn, was causing Stem
integration tests to stall in some cases.  Fixes bug 30021; bugfix
on 0.2.4.8-alpha.
2019-04-04 11:24:55 -04:00
Nick Mathewson
5613968d57 Improve logging for 28614.
When we fixed 28614, our answer was "if we failed to load the
consensus on windows and it had a CRLF, retry it."  But we logged
the failure at "warn", and we only logged the retry at "info".

Now we log the retry at "notice", with more useful information.

Fixes bug 30004.
2019-04-03 14:30:56 -04:00
Nick Mathewson
821d29e420 fdio.c: add more includes.
This is just in case there is some rogue platform that uses a
nonstandard value for SEEK_*, and does not define that macro in
unistd.h.  I think that's unlikely, but it's conceivable.
2019-04-03 13:53:36 -04:00
Nick Mathewson
99b87d7ca4 Even more diagnostic messages for bug 28223.
Try to figure out _where exactly_ we are first encountering NULs in
microdescriptors, and what we are doing when that happens.
2019-04-03 13:53:06 -04:00
George Kadianakis
42aae0e693 Merge branch 'tor-github/pr/867' into maint-0.4.0 2019-04-03 17:59:02 +03:00
Nick Mathewson
367dd9cf02 30001: Fix a race condition in test_dir_handle_get.c
Previously we used time(NULL) to set the Expires: header in our HTTP
responses.  This made the actual contents of that header untestable,
since the unit tests have no good way to override time(), or to see
what time() was at the exact moment of the call to time() in
dircache.c.

This gave us a race in dir_handle_get/status_vote_next_bandwidth,
where the time() call in dircache.c got one value, and the call in
the tests got another value.

I'm applying our regular solution here: using approx_time() so that
the value stays the same between the code and the test.  Since
approx_time() is updated on every event callback, we shouldn't be
losing any accuracy here.

Fixes bug 30001. Bug introduced in fb4a40c32c4a7e5; not in any
released Tor.
2019-04-03 10:16:18 -04:00
Nick Mathewson
de76862fd6 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-04-03 09:27:44 -04:00
Nick Mathewson
4aa02d3c7a Merge branch 'maint-0.3.4' into maint-0.3.5 2019-04-03 09:27:43 -04:00
Nick Mathewson
3cfcfbac46 Merge branch 'maint-0.2.9' into maint-0.3.4 2019-04-03 09:27:42 -04:00
Karsten Loesing
54e249e269 Update geoip and geoip6 to the April 2 2019 database. 2019-04-03 09:26:28 +02:00
teor
194b25f0c7
dircache: Refactor handle_get_next_bandwidth() to use connection_dir_buf_add()
Implements ticket 29897.
2019-03-29 17:26:30 +10:00
rl1987
6ab1929f00
Add connection_dir_buf_add() helper function 2019-03-29 17:25:43 +10:00
teor
6d188fb4cc
Merge remote-tracking branch 'tor-github/pr/835' into maint-0.4.0 2019-03-27 12:31:07 +10:00
teor
6d057c56f1
Merge remote-tracking branch 'tor-github/pr/820' into maint-0.3.4 2019-03-27 10:01:45 +10:00
teor
9ae8d663ea
Merge remote-tracking branch 'tor-github/pr/836' into maint-0.4.0 2019-03-27 09:36:26 +10:00
George Kadianakis
06951cb3fc Merge branch 'tor-github/pr/847' into maint-0.4.0 2019-03-26 15:16:21 +02:00
teor
4258728d56
Merge remote-tracking branch 'tor-github/pr/852' into maint-0.4.0 2019-03-26 19:15:46 +10:00
juga0
da7a8d7624
dircache: fix identation and remove unneded goto 2019-03-26 17:41:17 +10:00
juga0
892b918b66
bwauth: remove declaring args, they are now in use 2019-03-26 17:41:13 +10:00
juga0
a4bf3be8bc
test: check that .../bandwidth.z is compressed 2019-03-26 17:41:09 +10:00
juga0
fb4a40c32c
test: Check bw file cache lifetime 2019-03-26 17:41:06 +10:00
juga0
7627134743
bwauth: increment bw file cache lifetime
Increment bw file cache lifetime when serving it by HTTP.
And add a constant to define that lifetime.
2019-03-26 17:41:02 +10:00
juga0
4d3502e45b
bwauth: check and use compression serving bw file 2019-03-26 17:40:58 +10:00
juga0
b75e2539f9
bwauth: check if a bw file could be read
Before serving it by HTTP.
2019-03-26 17:40:54 +10:00
juga0
ee09e5d7ea
bwauth: use flag to do not warn when file is missing
Use flag to do not warn when the bandwidth file is missing trying
to serve it by http.
Also remove double space in the assignement.
2019-03-26 17:40:50 +10:00
juga0
3eacae42b2
Serve bandwidth file used in the next vote
When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve this
bandwidth file at /tor/status-vote/next/bandwidth.z.
2019-03-26 17:40:45 +10:00
teor
828033001b
Merge remote-tracking branch 'tor-github/pr/848' into maint-0.4.0 2019-03-26 16:56:45 +10:00
rl1987
669ec64325
Fix CID 1444119
Let's use the same function exit point for BUG() codepath that we're using
for every other exit condition. That way, we're not forgetting to clean up
the memarea.
2019-03-26 12:24:45 +10:00
teor
3af9a51118
test/dir: add a 4th argument to dirserv_read_measured_bandwidths()
Part of 29806.
2019-03-26 11:49:33 +10:00
teor
b76ae3898d
Merge branch 'ticket29806_035_squashed_merged' into ticket29806_040_squashed_merged 2019-03-26 11:48:52 +10:00
Taylor Yu
5d2f5e482e
Correctly report PT vs proxy during bootstrap
Previously, or_connection_t did not record whether or not the
connection uses a pluggable transport. Instead, it stored the
underlying proxy protocol of the pluggable transport in
proxy_type. This made bootstrap reporting treat pluggable transport
connections as plain proxy connections.

Store a separate bit indicating whether a pluggable transport is in
use, and decode this during bootstrap reporting.

Fixes bug 28925; bugfix on 0.4.0.1-alpha.
2019-03-25 14:13:45 +10:00
Alexander Færøy
4be522b2e6 Pass NULL to lpApplicationName in CreateProcessA().
When NULL is given to lpApplicationName we enable Windows' "magical"
path interpretation logic, which makes Tor 0.4.x behave in the same way
as previous Tor versions did when it comes to executing binaries in
different system paths.

For more information about this have a look at the CreateProcessA()
documentation on MSDN -- especially the string interpretation example is
useful to understand this issue.

This bug was introduced in commit bfb94dd2ca.

See: https://bugs.torproject.org/29874
2019-03-25 03:10:37 +01:00
Nick Mathewson
8bc3ac6a84 Bump to 0.4.0.3-alpha-dev 2019-03-23 08:44:36 -04:00
Nick Mathewson
4b79b43e3e Merge branch 'bug29693_040_radical_squashed' into maint-0.4.0 2019-03-22 11:17:01 -04:00
George Kadianakis
a5df9402b6 prob-distr: Decrease false positive rate of stochastic tests. 2019-03-22 11:16:30 -04:00
teor
f7688cb179
test: Backport the 0.3.4 src/test/test-network.sh to 0.2.9
We need a recent test-network.sh to use new chutney features in CI.

Fixes bug 29703; bugfix on 0.2.9.1-alpha.
2019-03-22 13:20:23 +10:00
Nick Mathewson
ebc7556dd0 Bump version to 0.4.0.3-alpha 2019-03-21 09:36:19 -04:00
teor
091f8688b8
test/dir: add an extra argument to dirserv_read_measured_bandwidths()
Part of 29806.
2019-03-21 12:56:28 +10:00
teor
3adb689fbc
Merge branch 'ticket29806_034_squashed' into ticket29806_035_squashed_merged
Copy and paste the vote=0 code from the old src/or/dirserv.c
to the new src/feature/dirauth/bwauth.c.
2019-03-21 12:04:30 +10:00
juga0
4ab2e9a599
bwauth: Ignore bandwidth file lines with "vote=0"
so that the relays that would be "excluded" from the bandwidth
file because of something failed can be included to diagnose what
failed, without still including these relays in the bandwidth
authorities vote.

Closes #29806.
2019-03-21 12:00:45 +10:00
teor
41cd05562f
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-03-20 09:48:03 +10:00
teor
6bf9078ceb
Merge remote-tracking branch 'tor-github/pr/798' into maint-0.3.5 2019-03-20 09:47:31 +10:00
teor
db2ac3b9fe
Merge remote-tracking branch 'tor-github/pr/774' into maint-0.2.9 2019-03-20 09:46:10 +10:00
teor
17e3eea685
Merge remote-tracking branch 'tor-github/pr/727' into maint-0.3.5 2019-03-19 15:43:05 +10:00
teor
af21d126e6
Merge branch 'bug29706_035_minimal_merge' into bug29706_040_minimal_merge
Comment merge.
2019-03-18 11:30:37 +10:00
teor
55865a2c9c
Merge branch 'bug29706_034_minimal_merge' into bug29706_035_minimal_merge 2019-03-18 11:29:20 +10:00
teor
aec6ee201b
test/sr: update sr_state_free() to sr_state_free_all() in a comment 2019-03-18 11:28:34 +10:00
teor
1d0146e2a2
Merge branch 'bug29706_029_minimal' into bug29706_034_minimal_merge 2019-03-18 11:27:59 +10:00
teor
c44ad396f8
test/sr: Clear SRVs after init, and before setup
Already merged to 0.4.0 and later in tor-github/pr/776.
Backported to 0.2.9 and later with minor comment changes.

Part of 29706.
2019-03-18 11:12:25 +10:00
Nick Mathewson
1547fd99a6 Merge branch 'bug28656_035_squashed' into maint-0.4.0 2019-03-15 08:59:19 -04:00
teor
532f4c9103 Stop logging a BUG() warning when tor is waiting for exit descriptors
Fixes bug 28656; bugfix on 0.3.5.1-alpha.
2019-03-15 08:57:28 -04:00
Nick Mathewson
560ba98dd7 Merge remote-tracking branch 'tor-github/pr/776' into maint-0.4.0 2019-03-15 08:54:30 -04:00
Nick Mathewson
94523bffdc Merge remote-tracking branch 'tor-github/pr/791' into maint-0.4.0 2019-03-15 08:52:50 -04:00
Roger Dingledine
a3bc950e42 relays shouldn't close idle rend circuits
Allow connections to single onion services to remain idle without being
disconnected.

Relays acting as rendezvous points for single onion services were
mistakenly closing idle established rendezvous circuits after 60 seconds,
thinking that they are unused directory-fetching circuits that had served
their purpose.

Fixes bug 29665; bugfix on 0.2.1.26.
2019-03-14 12:54:16 +02:00
Roger Dingledine
add0f89c14 relays shouldn't close idle rend circuits
Allow connections to single onion services to remain idle without being
disconnected.

Relays acting as rendezvous points for single onion services were
mistakenly closing idle established rendezvous circuits after 60 seconds,
thinking that they are unused directory-fetching circuits that had served
their purpose.

Fixes bug 29665; bugfix on 0.2.1.26.
2019-03-14 12:53:33 +02:00
teor
f3b17a6b26
Merge remote-tracking branch 'tor-github/pr/795' into maint-0.3.4 2019-03-14 06:56:09 +10:00
teor
c03b1b3f08
Merge remote-tracking branch 'tor-github/pr/794' into maint-0.3.4 2019-03-14 06:55:57 +10:00
teor
66f944f79b
Merge branch 'bug28096-029-squashed' into bug28096-034-squashed
Merge the new code, and preserve the #else macro comment from 0.3.4.
2019-03-14 06:53:17 +10:00
teor
2840580cf2
Merge remote-tracking branch 'nickm/bug27073_029' into bug27073_034
Replace == with OP_EQ in test macros.
2019-03-14 06:47:32 +10:00
teor
5606cfae47
Merge remote-tracking branch 'tor-github/pr/771' into maint-0.3.4 2019-03-14 06:41:14 +10:00
teor
8bd9b2a6a0
Merge remote-tracking branch 'tor-github/pr/770' into maint-0.2.9 2019-03-14 06:37:50 +10:00
teor
90301247fd
Merge remote-tracking branch 'tor-github/pr/765' into maint-0.2.9 2019-03-14 06:37:17 +10:00
teor
530304dd77
Merge remote-tracking branch 'tor-github/pr/746' into maint-0.2.9 2019-03-14 06:36:47 +10:00
teor
eaa84234c9
Merge remote-tracking branch 'tor-github/pr/510' into maint-0.2.9 2019-03-14 06:36:11 +10:00
teor
9daae1b302
Merge remote-tracking branch 'tor-github/pr/331' into maint-0.2.9 2019-03-14 06:35:05 +10:00
teor
a9c3101e21 test/sr: Clear SRVs after init, and before setup
Part of 29706.
2019-03-13 15:29:46 +10:00
George Kadianakis
0ce32affc2 Merge branch 'tor-github/pr/763' into maint-0.4.0 2019-03-12 18:11:35 +02:00
Nick Mathewson
9c9214f2c9 Merge remote-tracking branch 'tor-github/pr/776' into maint-0.4.0 2019-03-12 11:03:37 -04:00
teor
dfc3e552a3
test/sr: update sr_state_free() to sr_state_free_all()
The function name changed between 0.2.9 and 0.3.4.
2019-03-12 11:34:52 +10:00
teor
c7854933e9
Merge branch bug29706_029_refactor into bug29706_034_refactor 2019-03-12 11:31:52 +10:00
teor
9eeff921ae sr: BUG() on NULL sr_state before doing a state_query_*()
Part of #29706.
2019-03-12 11:14:30 +10:00
teor
0cca554110 sr: Check for replacing a SRV pointer with the same pointer
Check if the new pointer is the same as the old one: if it is, it's
probably a bug:
* the caller may have confused current and previous, or
* they may have forgotten to sr_srv_dup().

Putting NULL multiple times is allowed.

Part of 29706.
2019-03-12 11:14:30 +10:00
Nick Mathewson
a9c84bfd35 Merge remote-tracking branch 'tor-github/pr/756' into maint-0.4.0 2019-03-11 09:45:31 -04:00
teor
593fde930f sr: rename srv_dup() to sr_srv_dup() 2019-03-09 12:03:12 +10:00
teor
26e6f56023 sr: Free SRVs before replacing them in state_query_put_()
Refactor the shared random state's memory management so that it actually
takes ownership of the shared random value pointers.

Fixes bug 29706; bugfix on 0.2.9.1-alpha.
2019-03-09 12:03:00 +10:00
teor
9400da9b5e test/sr: Free SRVs before replacing them in test_sr_setup_srv()
Stop leaking parts of the shared random state in the shared-random unit
tests. The previous fix in 29599 was incomplete.

Fixes bug 29706; bugfix on 0.2.9.1-alpha.
2019-03-09 11:59:52 +10:00
Nick Mathewson
c40d53ab39 Merge branch 'pr_719_squashed_040' into maint-0.4.0 2019-03-08 10:25:43 -05:00
Mike Perry
ff410edec0 Bug 29204: Inspect circuit queues before sending padding.
Mitigates OOM conditions at relays.
2019-03-08 10:25:28 -05:00
David Goulet
b4e44a371f hs-v2: Copy needed information between service on prunning
Turns out that when reloading a tor configured with hidden service(s), we
weren't copying all the needed information between the old service object to
the new one.

For instance, the desc_is_dirty timestamp wasn't which could lead to the
service uploading its descriptor much later than it would need to.

The replaycache wasn't also moved over and some intro point information as
well.

Fixes #23790

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-03-08 09:59:04 -05:00
teor
e91b999cf2
Merge branch 'bug23512-v4-029-fixes-keep-typedef' into bug23512-v4-034-fixes 2019-03-08 19:37:18 +10:00
teor
08ddf1f62b
Merge remote-tracking branch 'bug28525_029' into maint-0.3.5 2019-03-08 12:33:00 +10:00
Neel Chauhan
63b4049114
Make tor_addr_is_internal_() RFC6598 (Carrier Grade NAT) aware
Fixes 28525.
2019-03-08 12:19:12 +10:00
Nick Mathewson
3af943dcd1 Merge remote-tracking branch 'tor-github/pr/745' into maint-0.4.0 2019-03-07 08:56:35 -05:00
Nick Mathewson
9b4ecbaa7d Merge branch 'maint-0.3.5' into maint-0.4.0 2019-03-06 14:29:43 -05:00
Nick Mathewson
d6f77b99da Merge branch 'maint-0.3.4' into maint-0.3.5 2019-03-06 14:29:38 -05:00
Nick Mathewson
155b0f5521 Merge branch 'maint-0.3.3' into maint-0.3.4 2019-03-06 14:29:33 -05:00
Nick Mathewson
0c9cd7c487 Merge branch 'maint-0.2.9' into maint-0.3.3 2019-03-06 14:29:29 -05:00
Karsten Loesing
2e74edb53e Update geoip and geoip6 to the March 4 2019 database. 2019-03-06 11:45:27 +01:00
David Goulet
a999cb43df protover: Add missing Padding to translate_to_rust
This commit also explicitly set the value of the PRT enum so we can match/pin
the C enum values to the Rust one in protover/ffi.rs.

Fixes #29631

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-03-05 12:33:43 -05:00
teor
f186f21a4e
doc: Fix an incorrect comment about calling FreeLibrary() on Windows
There's an incorrect comment in compat_time.c that suggests we call
FreeLibrary() before we're done using the library's functions.
See 29642 for background.

Closes ticket 29643.
2019-03-04 11:29:15 +10:00
teor
7786198eef
Merge remote-tracking branch 'tor-github/pr/749' into maint-0.2.9 2019-03-01 14:15:00 +10:00
teor
c1ab538479
Merge remote-tracking branch 'tor-github/pr/748' into maint-0.2.9 2019-03-01 14:14:51 +10:00
teor
ecbc2e80a0
Merge remote-tracking branch 'tor-github/pr/747' into maint-0.2.9 2019-03-01 14:14:26 +10:00
Mike Perry
e8d84b18aa
Bug 25733: Avoid assert failure if all circuits time out.
Prior to #23100, we were not counting HS circuit build times in our
calculation of the timeout. This could lead to a condition where our timeout
was set too low, based on non HS circuit build times, and then we would
abandon all HS circuits, storing no valid timeouts in the histogram.

This commit avoids the assert.
2019-03-01 13:48:01 +10:00
Kris Katterjohn
389ee834b6
Log the correct "auto" port number for listening sockets
When "auto" was used for the port number for a listening socket, the
message logged after opening the socket would incorrectly say port 0
instead of the actual port used.

Fixes bug 29144; bugfix on 0.3.5.1-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-03-01 12:34:21 +10:00
Nick Mathewson
dc19d65c3b Merge remote-tracking branch 'tor-github/pr/728' into maint-0.4.0 2019-02-28 11:20:26 -05:00
teor
9b7cdd23de
doc: update the man page and sample torrc for ExitRelay
We changed the default of ExitRelay in #21530 in 0.3.5.1-alpha, but
forgot to update the documentation.

Closes 29612.
2019-02-28 11:22:20 +10:00
teor
de0969ef78
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-28 10:49:33 +10:00
teor
6a61a020ee
Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-28 10:49:19 +10:00
teor
be29dfedd9
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-28 10:45:59 +10:00
teor
524731503e
Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-28 10:45:44 +10:00
teor
3313444ef0
Merge branch 'maint-0.2.9' into maint-0.3.3 2019-02-28 10:45:30 +10:00
Nick Mathewson
56f01e58b4 Merge remote-tracking branch 'tor-github/pr/731' into maint-0.4.0 2019-02-27 09:59:33 -05:00
teor
d4b7975ce7 test/shared-random: use sr_state_free_all() rather than sr_state_free()
sr_state_free() was renamed to sr_state_free_all() between 0.2.9 and 0.3.3.

Part of 29599.
2019-02-27 15:06:53 +10:00
teor
64e082e892 Merge branch 'bug29599_029' into bug29599_033 2019-02-27 15:06:39 +10:00
teor
4d9eb4dd0e test/shared-random: Stop leaking shared random state in the unit tests
Stop leaking parts of the shared random state in the shared-random unit
tests.

Fixes bug 29599; bugfix on 0.2.9.1-alpha.
2019-02-27 15:04:40 +10:00
teor
15dc33849e
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-27 09:38:04 +10:00
teor
1a194beb2c
Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-27 09:37:50 +10:00
teor
6c966b894c
Merge branch 'maint-0.2.9' into maint-0.3.3 2019-02-27 09:37:36 +10:00
David Goulet
a5dd41b9af Merge branch 'tor-github/pr/638' into maint-0.4.0 2019-02-26 11:24:43 -05:00
Alexander Færøy
aa360b255b Fix crash bug in PT subsystem.
This patch fixes a crash bug (assertion failure) in the PT subsystem
that could get triggered if the user cancels bootstrap via the UI in
TorBrowser. This would cause Tor to call `managed_proxy_destroy()` which
called `process_free()` after it had called `process_terminate()`. This
leads to a crash when the various process callbacks returns with data
after the `process_t` have been freed using `process_free()`.

We solve this issue by ensuring that everywhere we call
`process_terminate()` we make sure to detach the `managed_proxy_t` from
the `process_t` (by calling `process_set_data(process, NULL)`) and avoid
calling `process_free()` at all in the transports code. Instead we just
call `process_terminate()` and let the process exit callback in
`managed_proxy_exit_callback()` handle the `process_free()` call by
returning true to the process subsystem.

See: https://bugs.torproject.org/29562
2019-02-26 15:43:09 +01:00
Nick Mathewson
35257a1c69 Merge remote-tracking branch 'tor-github/pr/726' into maint-0.4.0 2019-02-26 07:27:42 -05:00
Nick Mathewson
e138bb8ffc
Downgrade some LOG_ERR messages in the address/* tests to warnings
Fixes bug 29530, where the LOG_ERR messages were occurring when
we had no configured network, and so we were failing the unit tests
because of the recently-merged #28668.

Commit message edited by teor:

We backported 28668 and released it in 0.3.5.8.
This commit backports 29530 to 0.3.5.

Fixes bug 29530 in Tor 0.3.5.8.
2019-02-26 09:53:59 +10:00
Kris Katterjohn
1b9e77349f Fix some error-checking logic and a misleading error message
When IPv4Only (IPv6Only) was used but the address could not be
interpreted as a IPv4 (IPv6) address, the error message referred
to the wrong IP version.

This also fixes up the error-checking logic so it's more precise
about what's being checked.

Fixes bug 13221; bugfix on 0.2.3.9-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-02-25 16:03:42 -06:00
Nick Mathewson
1bff5646e6 Bump to 0.4.0.2-alpha-dev 2019-02-21 13:25:33 -05:00
Nick Mathewson
955ca72f95 Bump to 0.3.5.8-dev 2019-02-21 13:24:42 -05:00
Nick Mathewson
a56b9501f1 Bump to 0.3.4.11-dev 2019-02-21 13:23:46 -05:00
Nick Mathewson
fb309f6eba Bump to 0.3.3.12-dev 2019-02-21 13:22:56 -05:00
Nick Mathewson
00a93b19cf Merge branch 'maint-0.3.5' into maint-0.4.0 2019-02-21 10:08:14 -05:00
Nick Mathewson
4a8a1f76ea Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-21 10:08:14 -05:00
Nick Mathewson
5062647918 Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-21 10:08:14 -05:00
David Goulet
be84ed1a64 kist: Don't write above the highwater outbuf mark
KIST works by computing how much should be allowed to write to the kernel for
a given socket, and then it writes that amount to the outbuf.

The problem is that it could be possible that the outbuf already has lots of
data in it from a previous scheduling round (because the kernel is full/busy
and Tor was not able to flush the outbuf yet). KIST ignores that the outbuf
has been filling (is above its "highwater") and writes more anyway. The end
result is that the outbuf length would exceed INT_MAX, hence causing an
assertion error and a corresponding "Bug()" message to get printed to the
logs.

This commit makes it for KIST to take into account the outbuf length when
computing the available space.

Bug found and patch by Rob Jansen.

Closes #29168. TROVE-2019-001.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-02-21 10:07:34 -05:00
Nick Mathewson
df3484b2b0 Bump version to 0.4.0.2-alpha 2019-02-21 09:52:27 -05:00
Nick Mathewson
c663716b67 Bump to 0.3.5.8 2019-02-21 09:51:29 -05:00
Nick Mathewson
508002a4c2 Bump to 0.3.4.11 2019-02-21 09:50:22 -05:00
Nick Mathewson
41c2bf590b Update to 0.3.3.12 2019-02-21 09:49:48 -05:00
Nick Mathewson
34183f0d71 Fix a goofy change from abcde10fce that broke test-slow linking
boklm tracked this down, and it doesn't make sense.  It caused

This change goes back to the previous LDFLAGS line.
2019-02-21 09:10:15 -05:00
Roger Dingledine
5ec65be8bf Merge remote-tracking branch 'nickm/ticket29530_040' into maint-0.4.0 2019-02-20 10:39:28 -05:00
Roger Dingledine
ccab4347e5 Merge remote-tracking branch 'nickm/ticket29534_040' into maint-0.4.0 2019-02-20 10:35:56 -05:00
Roger Dingledine
249319ec5d fix typos from #28614 2019-02-20 10:32:47 -05:00
Nick Mathewson
d32e407976 Downgrade some LOG_ERR messages in the address/* tests to warnings
Fixes bug 29530, where the LOG_ERR messages were occurring when
we had no configured network, and so we were failing the unit tests
because of the recently-merged #28668.

Bug not in any released Tor.
2019-02-19 14:02:32 -05:00
Nick Mathewson
c9ff6a7f83 Mark map_anon_nofork test as skipped in 0.4.0
This test fails in some environments; since the code isn't used in
0.4.0, let's disable it for now.

Band-aid solution for #29534; bug not in any released Tor.
2019-02-19 13:14:26 -05:00
Nick Mathewson
4df31adef7 Merge remote-tracking branch 'tor-github/pr/704' into maint-0.4.0 2019-02-19 11:51:19 -05:00
Nick Mathewson
4bc55ed5ee Merge branch 'bug29145_029' into maint-0.4.0 2019-02-19 11:49:20 -05:00
Kris Katterjohn
4417ac880a Fix a compiler warning on OpenBSD
malloc_options needs to be declared extern (and declaring it extern
means we need to initialize it separately)

Fixes bug 29145; bugfix on 0.2.9.3-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-02-19 11:38:32 -05:00
Nick Mathewson
b5f3a3d6a7 Merge remote-tracking branch 'tor-github/pr/707' into maint-0.4.0 2019-02-19 11:34:21 -05:00
Nick Mathewson
26873bc4ed Merge branch 'bug28698_035' into maint-0.4.0 2019-02-19 11:27:18 -05:00
José M. Guisado
78220aae1e Add circuit time check before logging about relaxing circuit time
Signed-off-by: José M. Guisado <guigom@riseup.net>
2019-02-19 11:24:51 -05:00
Nick Mathewson
5c87add923 Merge remote-tracking branch 'tor-github/pr/701' into maint-0.4.0 2019-02-19 11:21:51 -05:00
Roger Dingledine
94f7e53d04 fix a bootstrapping string typo
introduced in 85542ee5

next step is to fix it in torspec too
2019-02-17 16:56:13 -05:00
Neel Chauhan
384c5c6188 Make test-slow compile with libevent 2019-02-16 16:03:17 -05:00
Matt Traudt
b054a6c6b9 kist: When readding chans, check correct chan's sched_heap_idx
Closes #29508

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-02-14 16:19:31 -05:00
David Goulet
6c173d00f5 Merge branch 'tor-github/pr/702' 2019-02-14 11:43:10 -05:00
George Kadianakis
00b073b1bc Merge branch 'maint-0.3.5' 2019-02-14 18:01:07 +02:00
George Kadianakis
d83c299eba Merge branch 'tor-github/pr/689' into maint-0.3.5 2019-02-14 18:00:05 +02:00