Commit Graph

3575 Commits

Author SHA1 Message Date
George Kadianakis
447ece46f5 Constify crypto_pk_get_digest(). 2014-12-02 12:15:11 +00:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
Nick Mathewson
9b11dc3617 Merge remote-tracking branch 'public/bug7484'
Conflicts:
	src/test/test_addr.c
2014-11-12 13:44:57 -05:00
Nick Mathewson
a3dafd3f58 Replace operators used as macro arguments with OP_XX macros
Part of fix for 13172
2014-11-12 13:28:07 -05:00
Nick Mathewson
2170171d84 Merge branch 'ticket13172' 2014-11-12 13:25:17 -05:00
rl1987
4b18d8931b Downgrade RSA signature verification failure error message to info loglevel. 2014-11-09 17:39:23 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
teor
ce7fd6e160 Stop crashing when a NULL filename is passed to file_status()
Stop crashing when a NULL filename is passed to file_status(),
instead, return FN_ERROR.
Also return FN_ERROR when a zero-length filename is passed to file_status().
Fixed as part of bug 13111.
2014-11-08 20:26:53 +11:00
Nick Mathewson
00f5909876 Define macros meaning <,>,==,!=,<=,>=
This lets us avoid putting operators directly in macro arguments,
and thus will help us unconfuse coccinelle.

For ticket 13172.
2014-11-06 11:21:13 -05:00
Nick Mathewson
8f645befba 11291: Fix warnings, add changes file, rename 'mask'. 2014-11-05 14:12:18 -05:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
Nick Mathewson
74cbd8d559 fix indentation 2014-11-04 00:46:32 -05:00
Nick Mathewson
254ab5a8de Use correct argument types for inet_pton.
(I blame whoever decided that using a void* for a union was a good
idea.)
2014-11-04 00:45:14 -05:00
rl1987
0da4ddda4f Checking if FQDN is actually IPv6 address string and handling that case. 2014-11-04 00:37:24 -05:00
rl1987
2f1068e68a Adding helper function that checks if string is a valid IPv6 address. 2014-11-04 00:37:21 -05:00
rl1987
e8e45ff13e Introducing helper function to validate IPv4 address strings. 2014-11-04 00:36:37 -05:00
rl1987
1ea9a6fd72 Introducing helper function to validate DNS name strings. 2014-11-04 00:35:43 -05:00
Nick Mathewson
5bcf952261 Check more thoroughly for unlogged OpenSSL errors 2014-11-02 13:04:44 -05:00
Nick Mathewson
a142fc29af Use tor_malloc_zero(x), not tor_calloc(x,sizeof(char))
(Also, fixes a wide line.)
2014-11-02 12:08:51 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
ded33cb2c7 Use the | trick to save a comparison in our calloc check. 2014-11-02 11:54:42 -05:00
Nick Mathewson
0d8abf5365 Switch to a < comparison for our calloc check; explain how it works 2014-11-02 11:54:42 -05:00
Mansour Moufid
81b452d245 Document the calloc function overflow check. 2014-11-02 11:54:42 -05:00
Mansour Moufid
06b1ef7b76 Remove a duplicate comment. 2014-11-02 11:54:42 -05:00
Mansour Moufid
3206dbdce1 Refactor the tor_reallocarray_ overflow check. 2014-11-02 11:54:42 -05:00
Mansour Moufid
aff6fa0b59 Refactor the tor_calloc_ overflow check. 2014-11-02 11:54:41 -05:00
Nick Mathewson
542b470164 Refactor {str,digest}map into a common implementation; add digest256map
Needed for #13399.
2014-10-31 10:54:12 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
teor
c9d0967dd9 Fix minor typos, two line lengths, and a repeated include 2014-10-23 02:57:11 +11:00
Nick Mathewson
653221e807 Merge remote-tracking branch 'public/bug11824_v2' 2014-10-22 11:01:50 -04:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
3826a88fc0 Merge remote-tracking branch 'teor/bug13476-improve-time-handling' 2014-10-21 13:14:27 -04:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
affa251c83 Use a macro to indicate "The ecdhe group we use by default".
This might make Coverity happier about the if statement where we
have a default case that's the same as one of the other cases. CID 1248515
2014-10-20 09:08:42 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
teor
d7b13543e2 Clamp (some) years supplied by the system to 1 CE
Clamp year values returned by system localtime(_r) and
gmtime(_r) to year 1. This ensures tor can read any
values it might write out.

Fixes bug 13476.
2014-10-20 02:47:31 +11:00
teor
238b8eaa60 Improve date validation in HTTP headers
Check all date/time values passed to tor_timegm
and parse_rfc1123_time for validity, taking leap
years into account.
Improves HTTP header validation.

Avoid unlikely signed integer overflow in tor_timegm
on systems with 32-bit time_t.
Fixes bug 13476.
2014-10-20 02:40:27 +11:00
teor
dd556fb1e6 Use correct day of year in correct_tm()
Set the correct day of year value in correct_tm() when the
system's localtime(_r) or gmtime(_r) functions fail to set struct tm.

Fixes bug 13476.
2014-10-20 02:32:05 +11:00
Nick Mathewson
33b399a7b2 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 09:09:20 -04:00
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
f1782d9c4c Clean whitespace in last patch. 2014-10-13 13:20:07 -04:00
teor
f51418aabc Avoid overflow in format_time_interval, create unit tests
Fix an instance of integer overflow in format_time_interval() when
taking the absolute value of the supplied signed interval value.
Fixes bug 13393.

Create unit tests for format_time_interval().
2014-10-12 20:50:10 +11:00
Nick Mathewson
90bce702ba Merge remote-tracking branch 'public/bug10816' 2014-10-09 10:57:19 -04:00
Nick Mathewson
bbffd0a018 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-03 19:58:25 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Andrea Shepard
5a07fb96f2 Make tor_libevent_get_base() mockable 2014-09-30 23:14:25 -07:00
Andrea Shepard
d438cf1ec9 Implement scheduler mechanism to track lists of channels wanting cells or writes; doesn't actually drive the cell flow from it yet 2014-09-30 22:48:24 -07:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
5190ec0bc4 Merge remote-tracking branch 'public/require_some_c99' 2014-09-26 11:06:41 -04:00
Nick Mathewson
6e7cbfc465 Avoid a "constant variable guards dead code" warning from coverity
Fixes CID 752028
2014-09-26 09:40:30 -04:00
Nick Mathewson
7c52a0555a Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.

Found by coverity; this is CID 1241500
2014-09-26 09:06:36 -04:00
Nick Mathewson
4e87b97872 Fix on that last fix. 2014-09-25 17:59:10 -04:00
Nick Mathewson
9190468246 Fix warnings on 32-bit builds.
When size_t is the most memory you can have, make sure that things
referring to real parts of memory are size_t, not uint64_t or off_t.

But not on any released Tor.
2014-09-25 17:50:13 -04:00
Nick Mathewson
1c5d680b3d Merge branch 'ed25519_ref10_squashed'
Conflicts:
	src/common/include.am
	src/ext/README
2014-09-25 15:11:34 -04:00
Nick Mathewson
46cda485bc Comments and tweaks based on review by asn
Add some documentation

Rename "derive" -> "blind"

Check for failure on randombytes().
2014-09-25 15:08:32 -04:00
Nick Mathewson
f0eb7ae79f More documentation for ed25519 stuff. 2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56 Support for writing ed25519 public/private components to disk.
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899 Restore the operation of extra_strong in ed25519_secret_key_generate 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c Fix API for ed25519_ref10_open()
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.

The unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839 Tweak ed25519 ref10 signing interface to use less space.
Unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
87ba033cd5 Add Ed25519 support, wrappers, and tests.
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna.  Tweaked so that it applies to ref10 instead.
2014-09-25 15:08:20 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
3b7d0ed08e Use trunnel for crypto_pwbox encoding/decoding.
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.

This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401 Adjust pwbox format: use a random IV each time
Suggested by yawning
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f Use preferred key-expansion means for pbkdf2, scrypt.
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141 Tweak and expose secret_to_key_compute_key for testing
Doing this lets me pass in a salt of an unusual length.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47 Rudimentary-but-sufficient passphrase-encrypted box code.
See crypto_pwbox.c for a description of the file format.

There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
b0767e85b8 Tell autoconf to make the compiler act as c99
Apparently some compilers want extra switches.
2014-09-25 11:36:28 -04:00
Nick Mathewson
0ca8387246 Tweak address.c to use a little c99 syntax
Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.
2014-09-25 11:22:02 -04:00
Nick Mathewson
53a94c4b4b Clear up another clangalyzer issue
"The NULL pointer warnings on the return value of
tor_addr_to_in6_addr32() are incorrect. But clang can't work this
out itself due to limited analysis depth. To teach the analyser that
the return value is safe to dereference, I applied tor_assert to the
return value."

Patch from teor.  Part of 13157.
2014-09-15 13:52:13 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
284cc9a224 Avoid an overflow on negation in format_helper_exit_status
Part of 13104; patch from teor.
2014-09-11 00:00:13 -04:00
Nick Mathewson
d2463c0cfe Avoid overflows and underflows in sscanf and friends
(Patch from teor on 13104)
2014-09-10 23:57:31 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
6e2ef4bc5e Refactor the 'deliver a log message' logic to its own function. 2014-09-10 22:58:36 -04:00
Nick Mathewson
de114587f0 Turn log loop into a for loop, and "Does this lf want this" into a fn 2014-09-10 22:39:55 -04:00
Nick Mathewson
15a318b49a Refactor pending_cb_message_t into a type with proper functions
Also, rename it.
2014-09-10 22:35:16 -04:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
David Stainton
b59fd2efb6 Fix permissions logic 2014-09-04 22:21:30 +00:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
David Stainton
59e052b896 Remove HiddenServiceDirGroupReadable from or_options_t
...and also fix whitespace.
2014-09-03 17:22:15 +00:00
David Stainton
7203040835 Fix regression nickm pointed out 2014-09-03 03:53:32 +00:00
Nick Mathewson
a14c6cb70f Make iter for DECLARE_TYPED_DIGESTMAP_FNS be a pointer.
This fixes a clangalyzer warning, and makes our C slightly better C.
2014-09-02 15:40:04 -04:00
David Stainton
6e4efb559d Fix white space 2014-09-02 18:08:57 +00:00
Nick Mathewson
9b850f9200 Add more assertions to esc_for_log to please the clangalyzer. 2014-09-02 13:29:45 -04:00
Nick Mathewson
07a16b3372 Add an assertion to read_file_to_str_until_eof
The clangalyzer doesn't believe our math here.  I'm pretty sure our
math is right.  Also, add some unit tests.
2014-09-02 13:29:11 -04:00
Nick Mathewson
1a2f2c163f Explicitly initialize addresses in tor_ersatz_socketpair
This should stop a false positive from the clangalyzer.
2014-09-02 12:58:32 -04:00
Nick Mathewson
57c48bf734 Apply the MALLOC_ZERO_WORKS fixup to tor_realloc as well.
Also, make MALLOC_ZERO_WORKS never get applied when clang analyzer is
running.  This should make the clangalyzer a little happier.
2014-09-02 12:55:20 -04:00
Nick Mathewson
00ffccd9a6 Another clang analyzer complaint wrt HT_GENERATE
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
David Stainton
6b9016fe3c Correct check_private_dir's dir mode
This commit attempts to satisfy nickm's comment on check_private_dir() permissions:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12
"""check_private_dir() ensures that the directory has bits 0700 if CPD_CHECK_MODE_ONLY is not set. Shouldn't it also ensure that the directory has bits 0050 if CPD_CHECK_MODE_ONLY is not set, and CPD_GROUP_READ is set?"""
2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
dana koch
c887e20e6a Introduce full coverage tests for module routerset.c.
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
e72a5b3c07 Move secret-to-key functionality into a separate module
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
72ba1739e2 Fix another memory leak case in sandbox.c:prot_strings()
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c Use the ARRAY_LENGTH macro more consistently. 2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d Remove the non-implemented versions of the sandbox _array() functions 2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
523587a5cf fix memory leak on failure in sandbox.c:prot_strings()
[CID 1205014]
2014-08-21 11:40:48 -04:00
Nick Mathewson
35b2e11755 Store sandbox params as char *, since that's what they are.
This allows coverity to infer that we aren't leaking them.

[Fixes a lot of CIDs]
2014-08-21 11:22:42 -04:00
Nick Mathewson
917e1042f7 Suppress coverity warning about overflowing in safe_mem_is_zero
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 11:22:42 -04:00
Nick Mathewson
7bc25b5a78 Avoid performing an assert on an always-true value
This was freaking out coverity.

[CID 743379]
2014-08-21 11:22:42 -04:00
Nick Mathewson
c43e45d0ea Suppress coverity warning about overflowing in tor_memeq.
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 10:44:13 -04:00
Nick Mathewson
0de7565dfd Check return values for fcntl in tor_spawn_background.
[CID 718609]
2014-08-21 10:38:19 -04:00
Nick Mathewson
2cf229ab60 Make the two branches of tor_tls_used_v1_handshake into one.
(Coverity thinks that "if (a) X; else X;" is probably a bug.)

[Coverity CID 1232086]
2014-08-21 10:12:54 -04:00
Nick Mathewson
7c61d10c6c Fix return value of tor_fd_seekend.
Previously, we had documented it to return -1 or 0, when in fact
lseek returns -1 or the new position in the file.

This is harmless, since we were only checking for negative values
when we used tor_fd_seekend.
2014-08-20 13:49:25 -04:00
Nick Mathewson
a32913d5aa Allow named pipes for our log files.
Closes ticket 12061. Based on a patch from "carlo von lynX" on tor-dev at
  https://lists.torproject.org/pipermail/tor-dev/2014-April/006705.html
2014-08-20 13:45:16 -04:00
Nick Mathewson
fb762f6db0 Merge remote-tracking branch 'public/bug11787' 2014-08-20 13:34:02 -04:00
Nick Mathewson
4570805efd Fix whitespace issues 2014-08-13 10:42:20 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00
Nick Mathewson
19b137bc05 Add reallocarray clone so we can stop doing multiply-then-reallocate 2014-08-13 10:39:56 -04:00
Nick Mathewson
1b551823de Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Nick Mathewson
a36cd51b59 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-17 11:34:33 +02:00
Nick Mathewson
f6a776d915 Merge remote-tracking branch 'public/bug12602_024' into maint-0.2.5 2014-07-17 11:32:16 +02:00
Nick Mathewson
66798dfdc0 Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression.  Patch from
dhill, who attributes it to "OpenBSD".  Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
2014-07-17 11:25:56 +02:00
Nick Mathewson
8c7fbdf3af fix a c99-ism 2014-07-16 15:30:14 +02:00
Nick Mathewson
867f5e6a76 Add a tor_ftruncate to replace ftruncate.
(Windows doesn't have ftruncate, and some ftruncates do not move the
file pointer to the start of the file.)
2014-07-16 13:58:55 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
58f4200789 Thread support is now required
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.

This resolves tickets 9495 and 12439.  It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
2014-06-20 10:20:10 -04:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
dd362b52f3 whitespace fixes 2014-06-16 15:18:02 -04:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
e2e588175e New testing-only tor_sleep_msec function
In the unit tests I want to loop with a delay, but I want less than
a 1 second delay.  This, sadly, requires compatibility code.
2014-06-14 11:40:27 -04:00
Nick Mathewson
34f8723dc7 On Windows, terminate processes by handle, not pid
When we create a process yourself with CreateProcess, we get a
handle to the process in the PROCESS_INFO output structure.  But
instead of using that handle, we were manually looking up a _new_
handle based on the process ID, which is a poor idea, since the
process ID might refer to a new process later on, but the handle
can't.
2014-06-14 11:40:27 -04:00
Nick Mathewson
f8344c2d28 Use waitpid code to learn when a controlled process dies
This lets us avoid sending SIGTERM to something that has already
died, since we realize it has already died, and is a fix for the
unix version of #8746.
2014-06-14 11:40:27 -04:00
Nick Mathewson
4ed03965a5 New waitpid-handler functions to run callbacks when a child exits.
Also, move 'procmon' into libor_event library, since it uses libevent.
2014-06-14 11:40:27 -04:00
Nick Mathewson
7f3563058d Fix a 32-big conversion warning in 11970 fix 2014-06-11 11:29:44 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
b883b8d1a5 Yield a real error in the bug case of sandbox_getaddrinfo() 2014-06-11 11:00:56 -04:00
Nick Mathewson
55c7a559df Merge remote-tracking branch 'public/bug12227_024' 2014-06-10 11:17:39 -04:00
Nick Mathewson
cca6198c77 Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-06-10 11:11:47 -04:00
Nick Mathewson
307aa7eb43 Spell getrlimit correctly.
Fixes bug in b0c1c700114aa8d4dfc180d85870c5bbe15fcacb; bug
12229. Bugfix not in any released Tor.  Patch from "alphawolf".
2014-06-08 22:33:38 -04:00
Nick Mathewson
a6688f9cbb sandbox: allow enough setsockopt to make ConstrainedSockets work
fixes bug 12139; bugfix on 0.2.5.1-alpha
2014-05-29 11:04:32 -04:00
Nick Mathewson
a056ffabbb sandbox: permit listen(2)
Fix for 12115; bugfix on 0.2.5.1-alpha
2014-05-27 19:28:12 -04:00
Nick Mathewson
f0945ac270 Log the errno value if seccomp_load() fails.
(This is how I found out I was trying to test with a kernel too old
for seccomp. I think.)
2014-05-27 17:34:52 -04:00
Nick Mathewson
b0c1c70011 Make sandbox.c compile on arm
This is a minimal set of changes for compilation; I need a more
recent kernel to test this stuff.
2014-05-27 17:34:52 -04:00
Nick Mathewson
e425fc7804 sandbox: revamp sandbox_getaddrinfo cacheing
The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.
2014-05-22 17:39:36 -04:00
Nick Mathewson
1a73e17801 Merge remote-tracking branch 'andrea/bug11476' 2014-05-22 16:27:29 -04:00
Nick Mathewson
fef65fa643 sandbox: permit gettid, sched_getaffinity
These are needed under some circumstances if we are running with
expensive-hardening and sandbox at the same time.

fixes 11477, bugfix on 0.2.5.4-alpha (where we introduced
expensive-hardening)
2014-05-20 15:49:01 -04:00
Nick Mathewson
c21377e7bc sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20 15:21:48 -04:00
Nick Mathewson
465982012c sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.

The longer-term solution is to have an exec() helper, but wow is
that risky.

fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
081ff5fa83 whitespace fix, more 2014-05-14 22:55:02 -04:00
Nick Mathewson
a6eea86a2c Merge branch 'bug11946' 2014-05-14 22:51:51 -04:00
Nick Mathewson
a88923e455 whitespace fix 2014-05-14 22:50:25 -04:00
Nick Mathewson
f694a443fc Improved comments on bug11946 fix 2014-05-14 22:49:38 -04:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
e12af2adb0 Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
2014-05-14 13:50:43 -04:00
Andrea Shepard
39d4e67be8 Add --disable-mempools configure option 2014-05-12 18:23:34 -07:00
Nick Mathewson
585582fc8c Merge branch 'bug9781_v2' 2014-05-12 13:35:22 -04:00
Nick Mathewson
b5e142cb1b Log an error reply from tor-fw-helper correctly.
Fix for bug 9781; bugfix on cd05f35d2c in 0.2.4.2-alpha.
2014-05-12 13:35:01 -04:00
Gisle Vanem
c7ab8587c9 Fix compilation of test_status.c with MSVC 2014-05-12 00:34:23 -04:00
dana koch
d6e6c63baf Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
a32d7e1910 Return success when get_total_system_memory() succeeds.
Fixes bug 11805; bugfix on 0.2.5.4-alpha.
2014-05-08 00:32:22 -04:00
Nick Mathewson
0ad8133a7e Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4 2014-05-07 23:04:59 -04:00
Nick Mathewson
882893c8c3 Merge remote-tracking branch 'public/bug11513_024' into maint-0.2.4 2014-05-07 23:04:48 -04:00
Nick Mathewson
8ecfcf712c Synchronize less frequently when compressing descriptors
This may improve our compression ratios.

fix for 11787
2014-05-07 10:27:52 -04:00
Nick Mathewson
de3bbc4f53 Move code-generation scripts to scripts/codegen
Now that we have a scripts/* directory, let's put the scripts we use
for generating C there.
2014-05-07 01:17:41 -04:00
Nick Mathewson
1adc98b9b5 Split portfw-error-logging code into a new function.
No code has changed; only moved. Part of a fix for 9781.
2014-05-06 21:22:40 -04:00
Nick Mathewson
c472ac4fb8 Merge remote-tracking branch 'public/bug11233_diagnose' 2014-05-01 12:37:16 -04:00
Nick Mathewson
b6c8a14bf3 Merge remote-tracking branch 'public/bug4345a_024' 2014-05-01 12:13:07 -04:00
Nick Mathewson
545e2119f2 Merge remote-tracking branch 'public/bug11605_024' 2014-04-29 14:33:39 -04:00
Nick Mathewson
9735ca6e30 resolve a typo: sanboxing->sandboxing. 2014-04-25 21:08:01 -04:00
Nick Mathewson
f0a57bd363 Make compilation of tor_memdup_nulterm() with dmalloc
Fixes bug 11605; bugfix on 0.2.4.10-alpha.
2014-04-25 13:52:07 -04:00
Nick Mathewson
d3c05a79f0 Merge branch 'scanbuild_fixes' 2014-04-25 01:24:39 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
aca05fc5c0 get_total_system_memory(): see how much RAM we have 2014-04-24 10:26:14 -04:00
Nick Mathewson
3b1f7f75a7 scan-build: memarea_strndup() undefined behavior
The memarea_strndup() function would have hit undefined behavior by
creating an 'end' pointer off the end of a string if it had ever been
given an 'n' argument bigger than the length of the memory ares that
it's scanning.  Fortunately, we never did that except in the unit
tests.  But it's not a safe behavior to leave lying around.
2014-04-19 13:16:56 -04:00
Nick Mathewson
685d450ab3 scan-build: avoid undef behaior in tor_inet_pton
If we had an address of the form "1.2.3.4" and we tried to pass it to
tor_inet_pton with AF_INET6, it was possible for our 'eow' pointer to
briefly move backwards to the point before the start of the string,
before we moved it right back to the start of the string.  C doesn't
allow that, and though we haven't yet hit a compiler that decided to
nuke us in response, it's best to fix.

So, be more explicit about requiring there to be a : before any IPv4
address part of the IPv6 address.  We would have rejected addresses
without a : for not being IPv6 later on anyway.
2014-04-19 13:14:33 -04:00
Nick Mathewson
08325b58be scan-build: Add a check for result from getaddrinfo
As documented, getaddrinfo always sets its result when it returns
no error.  But scan-build doesn't know that, and thinks we might
be def
2014-04-18 20:26:47 -04:00
Nick Mathewson
b8fe8ee748 Improved message when running sandbox on Linux without libseccomp
Previously we said "Sandbox is not implemented on this platform" on
Linux boxes without libseccomp.  Now we say that you need to build
Tor built with libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
2014-04-18 14:54:27 -04:00
Nick Mathewson
eb896d5e6f Merge remote-tracking branch 'public/ticket11528_024' 2014-04-17 12:17:14 -04:00
Nick Mathewson
9c3f7a6d35 Remove spurious libevent include in sandbox.c 2014-04-17 12:13:35 -04:00
Nick Mathewson
0b319de60f Elevate server TLS cipher preferences over client
The server cipher list is (thanks to #11513) chosen systematically to
put the best choices for Tor first.  The client cipher list is chosen
to resemble a browser.  So let's set SSL_OP_CIPHER_SERVER_PREFERENCE
to have the servers pick according to their own preference order.
2014-04-17 10:33:04 -04:00
Nick Mathewson
f41491816c Log the name of the failing syscall on failure 2014-04-16 22:23:36 -04:00
Nick Mathewson
f70cf9982a Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
OpenSSL needs this, or RAND_poll() will kill the process.

Also, refuse with EACCESS, not errno==-1 (!).
2014-04-16 22:03:18 -04:00
Nick Mathewson
6194970765 Don't allow change to ConnLimit while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
69eb278830 Use SCMP_CMP_MASKED_EQ to allow flags, not force them
Older versions of Libevent are happy to open SOCK_DGRAM sockets
non-cloexec and non-nonblocking, and then set those flags
afterwards. It's nice to be able to allow a flag to be on or off in
the sandbox without having to enumerate all its values.

Also, permit PF_INET6 sockets. (D'oh!)
2014-04-16 22:03:10 -04:00
Nick Mathewson
e6785ee16d Get Libevent's PRNG functioning under the linux sandbox
Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization.  But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}).  To make _that_ work, we
were permitting sysctl unconditionally.  That's not such a great
idea.

Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
2014-04-16 22:03:09 -04:00
Nick Mathewson
156eefca45 Make sure everything using an interned string is preceded by a log
(It's nice to know what we were about to rename before we died from
renaming it.)
2014-04-16 22:03:09 -04:00
Nick Mathewson
8dc6755f6d Introduce arg-counting macros to wrap seccomp_rule_add()
The compiler doesn't warn about this code:
       rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
           SCMP_CMP(0, SCMP_CMP_EQ, AT_FDCWD),
           SCMP_CMP(1, SCMP_CMP_EQ, param->value),
           SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|...));
but note that the arg_cnt argument above is only 1.  This means that
only the first filter (argument 0 == AT_FDCWD) is actually checked!

This patch also fixes the above error in the openat() filter.
Earlier I fixed corresponding errors in filters for rename() and
mprotect().
2014-04-16 22:03:09 -04:00
Nick Mathewson
12028c29e6 Fix sandbox protection for rename
(We were only checking the first parameter of each rename call.)
2014-04-16 22:03:09 -04:00
Nick Mathewson
739a52592b Upgrade warning about missing interned string for sandbox 2014-04-16 22:03:09 -04:00
Nick Mathewson
5aaac938a9 Have sandbox string protection include multi-valued parmeters. 2014-04-16 22:03:09 -04:00
Nick Mathewson
f268101a61 Clean up sandbox structures a bit
Drop pindex,pindex2 as unused.

Admit a type to avoid using a void*
2014-04-16 22:03:08 -04:00
Nick Mathewson
6807b76a5e Add missing rename function for non-linux platforms 2014-04-16 22:03:08 -04:00
Nick Mathewson
71eaebd971 Drop 'fr' parameter from sandbox code.
Appearently, the majority of the filenames we pass to
sandbox_cfg_allow() functions are "freeable right after". So, consider
_all_ of them safe-to-steal, and add a tor_strdup() in the few cases
that aren't.

(Maybe buggy; revise when I can test.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
cbfb8e703e Add 'rename' to the sandboxed syscalls
(If we don't restrict rename, there's not much point in restricting
open, since an attacker could always use rename to make us open
whatever they want.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
3802e32c7d Only intern one copy of each magic string for the sandbox
If we intern two copies of a string, later calls to
sandbox_intern_string will give the wrong one sometimes.
2014-04-16 22:03:08 -04:00
Nick Mathewson
ae9d6d73f5 Fix some initial sandbox issues.
Allow files that weren't in the list; Allow the _sysctl syscall;
allow accept4 with CLOEXEC and NONBLOCK.
2014-04-16 22:03:07 -04:00
Nick Mathewson
211b8cc318 Only expose clean_backtrace() if we'll implement it
Fixes windows compilation; bug not in any released Tor.

Bugfix on cc9e86db.
2014-04-16 22:00:13 -04:00
Nick Mathewson
125c8e5468 Merge remote-tracking branch 'public/bug11465' 2014-04-15 20:55:28 -04:00
dana koch
3ce3984772 Uplift status.c unit test coverage with new test cases and macros.
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
2014-04-15 15:00:34 -04:00
Nick Mathewson
2704441e7f Merge remote-tracking branch 'public/bug11513_024' 2014-04-15 14:54:25 -04:00
Nick Mathewson
bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
Nick Mathewson
cc9e86db61 Log a backtrace when the sandbox finds a failure
This involves some duplicate code between backtrace.c and sandbox.c,
but I don't see a way around it: calling more functions would mean
adding more steps to our call stack, and running clean_backtrace()
against the wrong point on the stack.
2014-04-10 15:44:52 -04:00
Nick Mathewson
196895ed7e Make the sandbox code allow the writev() syscall.
Tor doesn't use it directly, but the glibc backtrace-to-fd code does
2014-04-10 15:08:28 -04:00
Nick Mathewson
88179bd9b6 Merge remote-tracking branch 'public/update_ciphers_ff28' 2014-04-08 20:43:21 -04:00
Nick Mathewson
4231729176 Update ciphers.inc to match ff28
The major changes are to re-order some ciphers, to drop the ECDH suites
(note: *not* ECDHE: ECDHE is still there), to kill off some made-up
stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop
some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites.

This change is autogenerated by get_mozilla_ciphers.py from
Firefox 28 and OpenSSL 1.0.1g.

Resolves ticket 11438.
2014-04-08 11:42:07 -04:00
Nick Mathewson
d00dc9f7d1 Teach the get_mozilla_ciphers.py script to parse recent firefoxen 2014-04-08 11:42:07 -04:00
Nick Mathewson
595303fd1e Merge remote-tracking branch 'public/bug10363_024_squashed' 2014-04-07 23:03:04 -04:00
Nick Mathewson
9dd115d6b5 Another 10363 instance: this one in tor_memmem fallback code 2014-04-07 22:56:42 -04:00
Nick Mathewson
2ff664ee20 Merge remote-tracking branch 'public/bug10801_024'
Conflicts:
	src/common/address.c
	src/or/config.c
2014-04-05 14:50:57 -04:00
Nick Mathewson
b3469e4207 Make tor_addr_port_parse handle portless IPv6 addresses correctly.
(Not a bugfix on any Tor release; before 10801_024, it didn't handle
portless addresses at all.)
2014-04-05 14:41:37 -04:00
Nick Mathewson
fc9e84062b Merge remote-tracking branch 'public/bug4645'
Conflicts:
	src/or/dirserv.c
2014-04-01 21:49:01 -04:00
Nick Mathewson
6bef082d0a Merge remote-tracking branch 'public/bug11232' 2014-04-01 09:39:48 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
7cdb50e866 Handle tor_munmap_file(NULL) consistently 2014-03-31 11:35:39 -04:00
Andrea Shepard
dea8190111 Check strftime() return in tortls.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
0938c20fa3 Eliminate lseek() with unchecked return in tor_mmap_file() 2014-03-31 11:27:08 -04:00
Andrea Shepard
abdf1878a3 Always check returns from unlink() 2014-03-31 11:27:08 -04:00
Andrea Shepard
389251eda9 Add return value and assert for null parameter to tor_munmap_file() 2014-03-31 11:27:08 -04:00
Nick Mathewson
234dfb0c65 Better log message when writing a CR in text mode on windows
Help to diagnose #11233
2014-03-27 23:48:17 -04:00
Nick Mathewson
9c0a1adfa2 Don't do a DNS lookup on a bridge line address
Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
2014-03-27 15:31:29 -04:00
Nick Mathewson
d5e11f21cc Fix warnings from doxygen
Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
2014-03-25 11:27:43 -04:00
Roger Dingledine
c08b47977e Never run crypto_early_init() more than once
Previously we had set up all the infrastructure to avoid calling it
after the first time, but didn't actually use it.
2014-03-23 00:38:17 -04:00
Nick Mathewson
2cfc4453c2 Merge remote-tracking branch 'public/bug9683_rebased' 2014-03-23 00:20:05 -04:00
Roger Dingledine
d336d407d6 whitespace fix 2014-03-23 00:12:40 -04:00
Nick Mathewson
dfdeb6418d Fix a ubsan warning in addr_mask_get_bits
ubsan doesn't like us to do (1u<<32) when 32 is wider than
unsigned.  Fortunately, we already special-case
addr_mask_get_bits(0), so we can just change the loop bounds.
2014-03-18 10:49:39 -04:00
Nick Mathewson
2aea6ca326 Fix a ubsan warning in our ctypes replacements
ubsan doesn't like 1<<31, since that's an undefined integer
overflow.  Instead, we should do 1u<<31.
2014-03-18 10:47:26 -04:00
Nick Mathewson
204f7255f4 memarea.c: use flexible array member for mem
This make clang's memory sanitizer happier that we aren't reading
off the end of a char[1].  We hadn't replaced the char[1] with a
char[FLEXIBLE_ARRAY_MEMBER] before because we were doing a union
trick to force alignment.  Now we use __attribute__(aligned) where
available, and we do the union trick elsewhere.

Most of this patch is just replacing accesses to (x)->u.mem with
(x)->U_MEM, where U_MEM is defined as "u.mem" or "mem" depending on
our implementation.
2014-03-18 10:02:27 -04:00
Nick Mathewson
1a74360c2d Test code for implementation of faster circuit_unlink_all_from_channel
This contains the obvious implementation using the circuitmux data
structure.  It also runs the old (slow) algorithm and compares
the results of the two to make sure that they're the same.

Needs review and testing.
2014-03-14 11:57:51 -04:00
Nick Mathewson
119896cd43 Fix some leaks/missed checks in the unit tests
Coverity spotted these.
2014-03-13 10:07:10 -04:00
Nick Mathewson
663aba07e5 Fix whitespace errors, all of them mine. 2014-03-05 14:36:32 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
bb37544214 Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/common/compat_libevent.h
	src/or/relay.c
2014-03-04 11:00:02 -05:00
Nick Mathewson
46118d7d75 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	src/or/relay.c
2014-03-04 10:54:54 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
833d027778 Monotonize the OOM-killer data timers
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks.  These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation.  This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.

A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
2014-02-26 09:51:30 -05:00
Nick Mathewson
f8e3c1672d Trivial comment fix. 2014-02-25 10:23:38 -05:00
Nick Mathewson
a3ab31f5dc Threadproof our log_backtrace implementation
It's possible for two threads to hit assertion failures at the same
time.  If that happens, let's keep them from stomping on the same
cb_buf field.

Fixes bug 11048; bugfix on 0.2.5.2-alpha. Reported by "cypherpunks".
2014-02-24 12:15:32 -05:00
Nick Hopper
b063ebbc60 fixed long -> int implicit cast warning line 3453 2014-02-20 11:54:01 +00:00
Nick Mathewson
35423d397f Merge branch 'bug4900_siphash_v2' 2014-02-15 15:59:10 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
339a47e80b Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:03:29 -05:00
Sebastian Hahn
3f567f529f gcc/clang: Mark macro-generated functions as possible unused
clang 3.4 introduced a new by-default warning about unused static
functions, which we triggered heavily for the hashtable and map function
generating macros. We can use __attribute__ ((unused)) (thanks nickm for
the suggestion :-) ) to silence these warnings.
2014-02-14 23:43:15 -05:00
Nick Mathewson
ecd16edafe Disallow "*/maskbits" as an address pattern.
Fixes bug 7484. We've had this bug back in a8eaa79e03 in
0.0.2pre14, when we first started allowing address masks.
2014-02-12 16:00:26 -05:00
Nick Mathewson
52d222aafb Add tests for buffer time tracking. 2014-02-12 12:48:11 -05:00
Nick Mathewson
c1e98c8afe Randomize the global siphash key at startup
This completes our conversion to using siphash for our hash functions.
2014-02-12 12:12:58 -05:00
Nick Mathewson
d3fb846d8c Split crypto_global_init() into pre/post config
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us.  (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)

We'll also need this for making sure we initialize the siphash key
before we do any hashes.
2014-02-12 12:04:07 -05:00
Nick Mathewson
0e97c8e23e Siphash-2-4 is now our hash in nearly all cases.
I've made an exception for cases where I'm sure that users can't
influence the inputs.  This is likely to cause a slowdown somewhere,
but it's safer to siphash everything and *then* look for cases to
optimize.

This patch doesn't actually get us any _benefit_ from siphash yet,
since we don't really randomize the key at any point.
2014-02-12 11:32:10 -05:00
Nick Mathewson
9605978eb6 Get csiphash better integrated with our build system 2014-02-12 10:24:04 -05:00
Nick Mathewson
fdf68479b0 Explain CURVE25519_ENABLED: closes 9774 2014-02-07 16:16:56 -05:00
Nick Mathewson
1ebdaf5788 More hacking around spawn_func issues
This time, we use a pthread_attr to make sure that if pthread_create
succeeds, the thread is successfully detached.

This probably isn't the big thing going on with 4345, since it'd be
a bit weird for pthread_detach to be failing.  But it's worth
getting it right.
2014-02-07 13:13:15 -05:00
Florent Daigniere
01132c93fd Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-06 16:09:12 -05:00
rl1987
3a4b24c3ab Removing is_internal_IP() function. Resolves ticket 4645. 2014-02-03 14:20:17 -05:00
Florent Daigniere
9d6e805d28 Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-03 10:44:19 -05:00
Nick Mathewson
25f0eb4512 Add a sandbox rule to allow IP_TRANSPARENT 2014-02-02 15:47:48 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
682c2252a5 Fix some seccomp2 issues
Fix for #10563.  This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
2014-01-06 04:27:58 -05:00
Nick Mathewson
85284c33d1 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-12-18 22:04:21 -05:00
Nick Mathewson
7b87003957 Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG.  That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.

Thanks to coderman and rl1987 for diagnosing and tracking this down.
2013-12-18 11:53:07 -05:00
David Fifield
b600495441 Set CREATE_NO_WINDOW in tor_spawn_background.
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.

http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW

The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.

https://trac.torproject.org/projects/tor/ticket/9444#comment:30
2013-12-05 12:30:11 -05:00
Nick Mathewson
8f9c847fbf Restore prop198 behavior from 4677 patch
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.

Bug not in any released Tor.
2013-11-25 10:53:37 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
acd8c4f868 Avoid warning about impossible check for flags & 0
Fixes CID 743381
2013-11-22 12:42:05 -05:00
Nick Mathewson
6cbd17470d Handle unlikely negative time in tor_log_err_sigsafe
Coverity wants this; CID 1130990.
2013-11-22 12:14:11 -05:00
Nick Mathewson
3cdd7966d7 Add a _GNU_SOURCE definition to backtrace.c to fix compilation 2013-11-18 13:05:23 -05:00
Nick Mathewson
9025423471 Whoops -- add missing defined(). 2013-11-18 11:36:23 -05:00
Nick Mathewson
93c99508d2 Make header includes match declarations in pc_from_ucontext.m4
With any luck, this will clean up errors where we detect that
REG_{EIP,RIP} is present in autoconf, but when we go to include it,
it isn't there.
2013-11-18 11:34:15 -05:00
Nick Mathewson
adf2fa9b49 Fix compilation under openssl 0.9.8
It's not nice to talk about NID_aes_{128,256}_{ctr,gcm} when they
don't exist.

Fix on 84458b79a78ea7e26820bf0; bug not in any released Tor.
2013-11-18 11:25:07 -05:00
Nick Mathewson
4b9ec85e47 Fix whitespace 2013-11-18 11:13:40 -05:00
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup.
Fixes ticket 10043; patch from Joshua Datko.
2013-11-18 11:12:24 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
c2dfae78d3 Refactor format_*_number_sigsafe to have a common implementation 2013-11-18 10:43:16 -05:00
Nick Mathewson
c3ea946839 Reseolve DOCDOC and XXXXs in backtrace.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
d631ddfb59 Make backtrace handler handle signals correctly.
This meant moving a fair bit of code around, and writing a signal
cleanup function.  Still pretty nice from what I can tell, though.
2013-11-18 10:43:15 -05:00
Nick Mathewson
ce8ae49c94 Improve new assertion message logging
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
0e8ee795d9 Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4 2013-10-31 13:14:39 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
7ef9ecf6b3 Fix some whitespace; tighten the tests. 2013-10-11 12:51:07 -04:00
Nick Mathewson
3d817fa29c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:18:17 -04:00
Nick Mathewson
7b1b8c3694 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 11:18:07 -04:00
Nick Mathewson
004a9c6dd1 Fix unit test for format_helper_exit_status
Fix format_helper_exit_status to allow full HEX_ERRNO_SIZE answers,
*and* increase the buffer length again.
2013-10-10 11:15:35 -04:00
Nick Mathewson
97285bc465 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 10:55:58 -04:00
Nick Mathewson
1137817319 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 10:55:24 -04:00
Nick Mathewson
9de456a303 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 16:47:49 -04:00
Nick Mathewson
b8abadedd3 When examining interfaces to find an address, discard non-up ones.
Patch from "hantwister" on trac. Fixes bug #9904; bugfix on
0.2.3.11-alpha.
2013-10-08 16:46:29 -04:00
Nick Mathewson
72c1e5acfe Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.
2013-10-08 16:32:07 -04:00
Nick Mathewson
17bcfb2604 Raise buffer size, fix checks for format_exit_helper_status.
This is probably not an exploitable bug, since you would need to have
errno be a large negative value in the unix pluggable-transport launcher
case.  Still, best avoided.

Fixes bug 9928; bugfix on 0.2.3.18-rc.
2013-10-08 11:13:21 -04:00
Nick Mathewson
090bff2dca Merge remote-tracking branch 'public/bug6055_v2_024' 2013-09-25 14:35:18 -04:00
Nick Mathewson
ad763a336c Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e
To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
2013-09-25 14:34:24 -04:00
Nick Mathewson
1825674bd3 Fix a memory leak on getaddrinfo in sandbox. Found by coverity 2013-09-16 22:38:02 -04:00
Nick Mathewson
4ea9fbcdb1 Clean up malloc issues in sandbox.c
tor_malloc returns void *; in C, it is not necessary to cast a
void* to another pointer type before assigning it.

tor_malloc fails with an error rather than returning NULL; it's not
necessary to check its output. (In one case, doing so annoyed Coverity.)
2013-09-16 22:34:42 -04:00
Nick Mathewson
25a3ae922f Merge remote-tracking branch 'Ryman/bug6384'
Conflicts:
	src/or/config.c
	src/or/main.c
2013-09-13 12:55:53 -04:00
Nick Mathewson
f4db0f429a Fix a windows compilation warning from sandboxing branch 2013-09-13 12:43:18 -04:00
Nick Mathewson
e0b2cd061b Merge remote-tracking branch 'ctoader/gsoc-cap-stage2'
Conflicts:
	src/common/sandbox.c
2013-09-13 12:31:41 -04:00
Cristian Toader
7cf1b9cc33 fixed compilation bug on i386 due to previous fix 2013-09-12 15:38:14 +03:00
Cristian Toader
d2836c8780 bug fix: syscalls send and recv not supported for x86_64 with libseccomp 1.0.1 2013-09-12 15:30:28 +03:00
Cristian Toader
0a3d1685ae remove debugging code 2013-09-12 14:12:56 +03:00
Cristian Toader
4702cdc99d added extra buffer and limit to mprotect not to exceed the length of that buffer 2013-09-12 13:43:06 +03:00
Nick Mathewson
6a11b6f97d Fix osx compilation again, hopefully better this time. 2013-09-11 13:53:33 -04:00
Cristian Toader
79f94e236b added filter protection for string parameter memory 2013-09-10 14:35:11 +03:00
Cristian Toader
8e003b1c69 fixed socket syscall bug 2013-09-10 00:42:36 +03:00
Cristian Toader
3802cae959 fixed compilation error on i386 linux by moving sandbox_cfg_t definition 2013-09-10 00:04:43 +03:00
Nick Mathewson
d91c776f61 Fix check-spaces 2013-09-09 16:00:40 -04:00
Nick Mathewson
49f9c4924e Fix compilation on OSX 2013-09-09 15:59:41 -04:00
Nick Mathewson
e9ec0cb550 Do not try to add non-existent syscalls. 2013-09-09 15:37:45 -04:00
Nick Mathewson
a6ada1a50c Fix a warning related to SCMP_CMP definition in header.
SCMP_CMP(a,b,c) leaves the fourth field of the structure undefined,
giving a missing-initializer error.  All of our uses are
three-argument, so I'm overriding the default.
2013-09-09 15:16:30 -04:00
Nick Mathewson
cc35d8be84 Fix most of the --enable-gcc-warnings warnings in the sandbox code 2013-09-09 15:14:50 -04:00
Nick Mathewson
42e6ab0e14 Remove a usage of free() 2013-09-09 14:58:15 -04:00
Nick Mathewson
00fd0cc5f9 Basic compilation fixes. 2013-09-09 14:55:47 -04:00
Cristian Toader
340cca524f added missing documentation for sandbox functions 2013-09-06 21:41:45 +03:00
Cristian Toader
6a22b29641 passing hints as a const pointer to sandbox_getaddrinfo(), also one tor_free macro fails to compile.. 2013-09-06 12:39:56 +03:00
Cristian Toader
839ff0063d replaced strdup with tor_strdup 2013-09-06 12:30:01 +03:00
Cristian Toader
2a6c34750d replaced malloc/free with tor_malloc/tor_free 2013-09-06 12:29:15 +03:00
Cristian Toader
42f5737c81 switched string lengths from int to size_t in prot_strings() 2013-09-06 12:26:50 +03:00
Kevin Butler
0f070e7858 Added test for new write_chunks_to_file behaviour in #1376. 2013-09-04 23:25:41 +01:00
Kevin Butler
b539b37205 Fixed leak and added minor documentation for #6384. 2013-09-04 02:56:06 +01:00
Nick Mathewson
9b2a0f5c75 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-03 15:41:50 -04:00
Nick Mathewson
d819663b66 Avoid a double-close on one failing case of the socketpair replacement code
Fix for bug 9400, spotted by coverity. Bug introduced in revision 2cb4f7a4
(subversion revision r389).
2013-09-03 15:38:25 -04:00
Cristian Toader
55d8b8e578 fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0 2013-09-03 16:37:12 +03:00
Cristian Toader
b4b0eddd29 switched to a more generic way of handling the sandbox configuration 2013-09-02 13:54:43 +03:00
Cristian Toader
fe6e2733ab added contingency message to test for sandbox_getaddrinfo 2013-09-02 12:16:02 +03:00
Cristian Toader
c584537a03 make check-spaces fix 2013-09-02 11:45:09 +03:00
Cristian Toader
1ef0b2e1a3 changed how sb getaddrinfo works such that it supports storing multiple results 2013-09-02 11:44:04 +03:00
Kevin Butler
6e17fa6d7b Added --library-versions flag to print the compile time and runtime versions of libevent, openssl and zlib. Partially implements #6384. 2013-09-01 17:38:01 +01:00
Kevin Butler
1bdb391ed0 Added no_tempfile parameter to write_chunks_to_file to do non-atomic writes. Implements #1376. 2013-09-01 00:24:07 +01:00
Cristian Toader
3e803a1f18 make check-spaces fix 2013-08-29 16:53:12 +03:00
Cristian Toader
1118bd9910 switched from multiple mmap to one 2013-08-29 16:51:05 +03:00
Cristian Toader
f93ba9a2ef documentation update for _array functions 2013-08-29 15:44:01 +03:00
Cristian Toader
d5f43b5254 _array filter functions now rely on final NULL parameter 2013-08-29 15:42:30 +03:00
Cristian Toader
ce04d2a622 replaced boolean char with int 2013-08-29 15:19:49 +03:00
Cristian Toader
8e2b9d2844 small fixes in documentation and sandbox_getaddrinfo() 2013-08-29 12:41:17 +03:00
Cristian Toader
6cae5d706c Added doxygen struct doc and replaced func() with funct(void) 2013-08-28 20:01:52 +03:00
Cristian Toader
8b8f87a06a removed PARAM_LEN 2013-08-28 19:56:42 +03:00
Cristian Toader
b121ca581d make check-spaces fix 2013-08-26 21:28:30 +03:00
Cristian Toader
15d420b564 fix: accept4 for 64 bit 2013-08-26 20:06:46 +03:00
Cristian Toader
b10472f92b small open syscall modification (just in case) 2013-08-21 19:01:01 +03:00
Cristian Toader
bc19ea100c make check-spaces fixes 2013-08-21 17:57:15 +03:00
Cristian Toader
ed4968315e fix: sandbox_intern_string log clean up 2013-08-21 13:43:44 +03:00
Cristian Toader
8aa5517ff6 fix: flock filter update 2013-08-21 13:38:00 +03:00
Cristian Toader
71612f00ae fixed openssl open syscall, fixed sandbox_getaddrinfo 2013-08-20 13:10:07 +03:00
Cristian Toader
36aeca0ecf fix for getaddrinfo open syscall 2013-08-19 13:56:50 +03:00
Cristian Toader
a9910d89f1 finalised fix on libevent open string issue 2013-08-19 11:41:46 +03:00
Cristian Toader
c09b11b6d8 updated filters 2013-08-16 01:43:09 +03:00
Nick Mathewson
74262f1571 Merge branch 'bug5040_4773_rebase_3' 2013-08-15 12:04:56 -04:00
George Kadianakis
c5269a59b0 Test ExtORPort cookie initialization when file writing is broken. 2013-08-15 12:03:38 -04:00
Nick Mathewson
fd6749203e More unit tests for handle_client_auth_nonce
Incidentally, this business here where I make crypto_rand mockable:
this is exactly the kind of thing that would make me never want to
include test-support stuff in production builds.
2013-08-15 12:03:37 -04:00
Cristian Toader
863dd4d4b3 received feedback and fixed (partly) the socket filters 2013-08-15 00:23:51 +03:00
Cristian Toader
372e0f91fd added comments for sandbox.h 2013-08-15 00:09:07 +03:00
Cristian Toader
e2a7b484f4 partial libevent open fix 2013-08-14 23:03:38 +03:00
Cristian Toader
8a85a48b9d attempt to add stat64 filename filters; failed due to getaddrinfo.. 2013-08-12 21:14:43 +03:00
Cristian Toader
44a4464cf6 fixed memory leak, added array filter support 2013-08-10 18:04:48 +03:00
Cristian Toader
89b39db003 updated filters to work with orport 2013-08-09 19:07:20 +03:00
Cristian Toader
b3a8c08a92 orport progress (not functional), nickm suggested fixes 2013-08-07 13:13:12 +03:00
Nick Mathewson
031e695aa5 Use SOCKET_OK/TOR_INVALID_SOCKET in socketpair replacement code 2013-08-06 16:41:53 -04:00
Cristian Toader
a960e56c68 multi-configuration support using sandbox_t struct 2013-08-05 16:01:31 +03:00
Cristian Toader
356b646976 added execve and multi-configuration support 2013-08-05 15:40:23 +03:00
Cristian Toader
d897690fc7 fixes suggested by nickm 2013-08-05 14:17:46 +03:00
Andrea Shepard
468e44a0ef Fix tor_get_lines_from_handle() for make check-spaces 2013-08-02 18:49:57 -07:00
Nick Mathewson
48a4ef3f6a Fixed "unused parameter cloexec" warnings on windows 2013-08-02 10:52:57 -04:00
Nick Mathewson
d6adf05582 Split the socketpair replacement code into its own function for testing 2013-08-02 10:36:01 -04:00
Nick Mathewson
e25eb35f11 Actually use the cloexec argument in the !defined(SOCK_CLOEXEC) case 2013-08-02 10:04:21 -04:00
Peter Retzlaff
ebd4ab1506 Prepare patch for ticket 5129 for merging.
- Preserve old eventdns code.
- Add function to close sockets cross-platform, without accounting.
- Add changes/ file.
2013-08-02 09:35:24 -04:00
Nick Mathewson
5405688223 Fix compilation on Windows
(Bugfix on tests for #9288 fix; bug not in any released Tor)
2013-07-31 14:19:29 -04:00
Nick Mathewson
904a58d10f Merge branch 'bug9288_rebased'
Conflicts:
	src/test/test_pt.c
2013-07-31 13:51:15 -04:00
George Kadianakis
2e7c531fdc Prepare some mock functions to test #9288. 2013-07-31 13:34:16 -04:00
Cristian Toader
dde3ed385b removed access, set_robust_list, set_thread_area, set_tid_address, uname; added sb_poll 2013-07-31 12:05:10 +03:00
Cristian Toader
313cbe6e24 sigprocmask, epoll_ctl, prctl, mprotect, flock, futex, mremap 2013-07-31 11:35:25 +03:00
Cristian Toader
f0840ed4c9 epoll_ctl 2013-07-31 00:27:14 +03:00
Cristian Toader
5fc0e13db8 fcntl64 2013-07-30 23:52:54 +03:00
Cristian Toader
686cf4c0ff clean stable version 2013-07-30 23:43:42 +03:00
Cristian Toader
c1f5f1842e fully switched to function pointers; problems with socketcall parameters 2013-07-30 23:20:08 +03:00
Cristian Toader
442f256f25 switched to a design using filters as function pointer arrays 2013-07-30 21:23:30 +03:00
Cristian Toader
5baea85189 removed open flags (postponed), added mmap2 flags 2013-07-30 19:37:28 +03:00
Cristian Toader
871e5b35a8 small filter changes; openat as separate function 2013-07-30 19:25:56 +03:00
Cristian Toader
8022def6f0 added openat parameter filter 2013-07-29 16:30:39 +03:00
Cristian Toader
6d5b0367f6 Changes as suggested by nickm
- char* to const char* and name refactoring
- workaround for accept4 syscall
2013-07-29 14:46:47 +03:00
Cristian Toader
8f9d3da194 Investigated access4 syscall problem, small changes to filter. 2013-07-26 19:53:05 +03:00
Cristian Toader
626a2b23de integrated context for dynamic filters 2013-07-25 14:08:02 +03:00
Cristian Toader
3dfe1c0639 initia stages of runtime dynamic filters 2013-07-25 13:25:20 +03:00
Cristian Toader
abe082e7d0 dynamic parameter filter bug fixes 2013-07-24 17:15:57 +03:00
Cristian Toader
962d814e52 dynamic parameter filter (prototype, not tested) 2013-07-24 17:06:06 +03:00
Cristian Toader
e1410f20d7 added support for multiple parameters 2013-07-23 14:22:31 +03:00
Cristian Toader
c15d09293b added experimental support for open syscall path param 2013-07-23 14:01:53 +03:00
Cristian Toader
8b12170f23 added support for numeric parameters, tested with rt_sigaction 2013-07-23 10:49:56 +03:00
Cristian Toader
7cf1dbfd51 changed paramfilter type to intptr_t 2013-07-23 10:14:25 +03:00
Nick Mathewson
f6d8bc9389 Refactor the assertion-failure code into a function 2013-07-19 13:40:20 -04:00
Nick Mathewson
5343ee1a06 Add a signal-safe decimal formatting function 2013-07-19 13:26:25 -04:00
Cristian Toader
8dfa5772e7 (undo) git test.. 2013-07-18 18:28:55 +03:00
Cristian Toader
b0725c964b git test.. 2013-07-18 18:28:10 +03:00
Cristian Toader
e7e2efb717 Added getter for protected parameter 2013-07-18 18:21:37 +03:00
Cristian Toader
673349c42e Repair of some of the lost parameter filters history 2013-07-18 18:03:10 +03:00
Nick Mathewson
b551988ef4 Merge branch 'bug8929_rebase_2' 2013-07-18 08:45:13 -04:00
Nick Mathewson
713ff2f5ef Document what "escape" means in tor_escape_str_for_pt_args 2013-07-18 08:45:03 -04:00
George Kadianakis
1a0cf08841 Rename tor_escape_str_for_socks_arg() to something more generic.
Since we are going to be using that function to also escape parameters
passed to transport proxies using environment variables.
2013-07-18 08:45:03 -04:00
George Kadianakis
ea72958f25 Pass characters to be escaped to tor_escape_str_for_socks_arg().
This is in preparation for using tor_escape_str_for_socks_arg() to
escape server-side pluggable transport parameters.
2013-07-18 08:45:02 -04:00
Nick Mathewson
85178e2e93 Use format_hex_number_sigsafe to format syscalls in sandbox.c
This way, we don't have to use snprintf, which is not guaranteed to
be signal-safe.

(Technically speaking, strlen() and strlcpy() are not guaranteed to
be signal-safe by the POSIX standard. But I claim that they are on
every platform that supports libseccomp2, which is what matters
here.)
2013-07-15 13:07:09 -04:00
Nick Mathewson
9fda7e8cd1 Lightly refactor and test format_hex_number_sigsafe
Better tests for upper bounds, and for failing cases.

Also, change the function's interface to take a buffer length rather
than a maximum length, and then NUL-terminate: functions that don't
NUL-terminate are trouble waiting to happen.
2013-07-15 12:52:29 -04:00
Nick Mathewson
22977b7c1d Expose format_hex_number_..., and rename it to ..._sigsafe().
There are some other places in the code that will want a signal-safe
way to format numbers, so it shouldn't be static to util.c.
2013-07-15 12:26:55 -04:00
Nick Mathewson
449b2b7c58 Don't build format_helper_exit_status on win32
The only thing that used format_helper_exit_status on win32 was the
unit tests. This caused an error when we tried to leave a static
format_helper_exit_status lying around in a production object file.

The easiest solution is to admit that this way of dealing with process
exit status is Unix-only.
2013-07-15 12:17:23 -04:00
Nick Mathewson
c0391bae75 Merge remote-tracking branch 'public/fancy_test_tricks'
Conflicts:
	src/common/include.am

Conflict was from adding testsupport.h near where sandbox.h had
already been added.
2013-07-15 12:02:18 -04:00
Peter Palfrader
2cb59be999 Fix two pre-coffee typos 2013-07-15 09:43:37 -04:00
Peter Palfrader
5cc52b242e Document get_parent_directory more 2013-07-15 09:04:17 -04:00
Roger Dingledine
6848e29307 cosmetic cleanups 2013-07-14 02:49:34 -04:00
Roger Dingledine
de7cdc0d94 put sandbox.h in the tarball, so the tarball builds 2013-07-13 20:31:18 -04:00
Nick Mathewson
aac732322a Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed' 2013-07-12 17:12:43 -04:00
Cristian Toader
f9c1ba6493 Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00
Nick Mathewson
b6e8c74667 Add rudimentary test mocking support.
This is not the most beautiful possible implementation (it requires
decorating mockable functions with ugly macros), but it actually
works, and is portable across multiple compilers and architectures.
2013-07-10 15:22:16 -04:00
Nick Mathewson
17e9fc09c3 Coverage support: build with --enable-coverage to have tests run with gcov
If you pass the --enable-coverage flag on the command line, we build
our testing binaries with appropriate options eo enable coverage
testing.  We also build a "tor-cov" binary that has coverage enabled,
for integration tests.

On recent OSX versions, test coverage only works with clang, not gcc.
So we warn about that.

Also add a contrib/coverage script to actually run gcov with the
appropriate options to generate useful .gcov files.  (Thanks to
automake, the .o files will not have the names that gcov expects to
find.)

Also, remove generated gcda and gcno files on clean.
2013-07-10 15:22:16 -04:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Nick Mathewson
f7d654b81e Start work on fancy compiler tricks to expose extra stuff to our tests
This is mainly a matter of automake trickery: we build each static
library in two versions now: one with the TOR_UNIT_TESTS macro
defined, and one without.  When TOR_UNIT_TESTS is defined, we can
enable mocking and expose more functions. When it's not defined, we
can lock the binary down more.

The alternatives would be to have alternate build modes: a "testing
configuration" for building the libraries with test support, and a
"production configuration" for building them without.  I don't favor
that approach, since I think it would mean more people runnning
binaries build for testing, or more people not running unit tests.
2013-07-10 15:20:09 -04:00
Nick Mathewson
b5d1fded3d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 10:25:30 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
dana koch
7f67becf30 Instead of testing for __GNUC__, use CHECK_SCANF, like CHECK_PRINTF.
This lets us have the possibility of fine-tuning the check in the tor_sscanf test cases at a later date.
2013-06-14 10:52:00 -04:00
Nick Mathewson
483385d2bd Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-13 21:59:27 -04:00
Nick Mathewson
2338681efb Define SEEK_SET for platforms that lack it. 2013-06-13 21:56:35 -04:00
Nick Mathewson
caa0d15c49 If we write the annotation but not the microdescriptor, rewind.
This fixes bug 9047 (and some parts of 9031, 8922, 8883 that weren't
fixed in 8822).  Bugfix on 0.2.2.6-alpha.
2013-06-13 12:29:01 -04:00
Marek Majkowski
16d1dd134a Fix #9043 - simplyfy the code and use EVP_PKEY_cmp instead of pkey_eq / tor_tls_evp_pkey_eq 2013-06-12 13:02:06 -04:00
Nick Mathewson
616fd790ec Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-12 13:01:14 -04:00
Nick Mathewson
fff9386af8 Revert "Use the FILE_SHARE_DELETE flag for CreateFile on a mapping"
This reverts commit 884a0e269c.

I'm reverting this because it doesn't actually make the problem go
away.  It appears that instead we need to do unmap-then-replace.
2013-06-12 10:45:48 -04:00
Nick Mathewson
a64d062c95 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-12 10:01:10 -04:00
Nick Mathewson
3bdc4e5fee Merge remote-tracking branch 'public/bug2077_share_delete' into maint-0.2.4 2013-06-12 10:00:33 -04:00
Nick Mathewson
884a0e269c Use the FILE_SHARE_DELETE flag for CreateFile on a mapping
A comment by rransom on #8795 taken together with a comment by doorss
recorded on #2077 suggest that *every* attempt to replace the md cache
will fail on Vista/Win7 if we don't have the FILE_SHARE_DELETE flag
passed to CreateFile, and if we try to replace the file ourselves
before unmapping it.  I'm adding the FILE_SHARE_DELETE, since that's
this simplest fix.  Broken indexers (the favored #2077 hypothesis)
could still cause trouble here, but at least this patch should make us
stop stepping on our own feet.

Likely fix for #2077 and its numerous duplicates. Bugfix on
0.2.2.6-alpha, which first had a microdescriptor cache that would get
replaced before remapping it.
2013-06-12 09:53:46 -04:00
Nick Mathewson
7f9066ceee Make OPENSSL_free(dh_string_repr) conditional. 2013-06-10 13:49:13 -04:00
Marek Majkowski
d769cd82b5 Bug #5170 - make pkey_eq testable, introduce test_tortls.c 2013-06-10 16:21:39 +01:00
Marek Majkowski
68be3469c5 Bug 5170 - simplify i2d_PublicKey in pkey_eq 2013-06-06 13:32:46 +01:00
Marek Majkowski
a022930fda Bug #5170 - simplify i2d_X509 2013-06-06 12:45:25 +01:00
Marek Majkowski
6f1c67195c Bug #5170 - also simplify i2d_DHparams 2013-06-06 12:13:24 +01:00
Marek Majkowski
2132d036e3 Bug #5170 - i2d_RSAPublicKey supports allocating its own output buffer 2013-06-06 11:45:35 +01:00
Nick Mathewson
d3125a3e40 Merge remote-tracking branch 'karsten/task-6752-3' 2013-05-28 10:59:35 -04:00
Karsten Loesing
b0d4ca4990 Tweak #6752 patch based on comments by nickm. 2013-05-24 10:28:31 +02:00
Arlo Breault
0ab38b9366 Remove PK_PKCS1_PADDING
See #8792
2013-05-17 10:11:33 -04:00
Karsten Loesing
1293835440 Lower dir fetch retry schedules in testing networks.
Also lower maximum interval without directory requests, and raise
maximum download tries.

Implements #6752.
2013-05-16 12:08:48 +02:00
Nick Mathewson
da30adcf0f Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-04-18 11:16:05 -04:00
Nick Mathewson
9fec0c1a95 Remove a double-newline 2013-04-18 11:14:05 -04:00
Nick Mathewson
8362f8854a Merge branch 'less_charbuf_rebased' into maint-0.2.4
Conflicts:
	src/or/dirserv.c
	src/or/dirserv.h
	src/test/test_dir.c
2013-04-18 11:13:36 -04:00
Nick Mathewson
e1128d905c Fix a couple of documentation issues. 2013-04-18 11:04:57 -04:00
Nick Mathewson
cb75519bbf Refactor dirobj signature generation
Now we can compute the hash and signature of a dirobj before
concatenating the smartlist, and we don't need to play silly games
with sigbuf and realloc any more.
2013-04-18 11:04:57 -04:00
Nick Mathewson
bbc049a756 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-17 10:48:39 -04:00
Nick Mathewson
42731f69ef Merge branch 'bug8037_squashed' into maint-0.2.4 2013-04-17 10:45:45 -04:00
Nick Mathewson
a934376049 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-02 10:42:53 -04:00
Nick Mathewson
856d57531b Merge remote-tracking branch 'public/bug7707_diagnostic' into maint-0.2.4 2013-04-02 10:41:14 -04:00
Nick Mathewson
80e9ca411f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-23 18:51:15 -04:00
Nick Mathewson
8b6a952c94 Avoid clang warnings from implicit off_t->size_t cast 2013-03-23 18:50:21 -04:00
Nick Mathewson
c547502ecb Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:15:39 -04:00
Nick Mathewson
6f20a74d52 Merge branch 'bug8240_v2_squashed' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/config.c
	src/or/or.h
2013-03-19 16:15:27 -04:00
Nick Mathewson
343f7aa059 Make the guard lifetime configurable and adjustable via the consensus
Fixes 8240.

(Don't actually increase the default guard lifetime. It seems likely to
break too many things if done precipitiously.)
2013-03-19 16:02:19 -04:00
Nick Mathewson
acbfc9c8cc Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 15:32:44 -04:00
Nick Mathewson
a7b46336eb Merge remote-tracking branch 'public/bug7950' into maint-0.2.4 2013-03-19 15:32:17 -04:00
Nick Mathewson
01af92fede Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 14:27:00 -04:00
Nick Mathewson
8d29866bec Merge remote-tracking branch 'public/bug8002' into maint-0.2.4 2013-03-19 14:26:45 -04:00
Nick Mathewson
c101ecc8dc Merge remote-tracking branch 'asn/bug3594_rebased_and_fixed'
Conflicts:
	src/common/util.c
	src/or/entrynodes.h
2013-03-19 13:25:45 -04:00
Nick Mathewson
e5b79b5bb5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:44:45 -04:00
Nick Mathewson
0b827cbcb1 Fix another case of bug 8206; patch from flupzor 2013-03-18 15:44:23 -04:00
Nick Mathewson
19d6650f81 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:41:14 -04:00
Nick Mathewson
eff1cfaaf7 Merge remote-tracking branch 'public/bug6673' into maint-0.2.4 2013-03-18 15:40:50 -04:00
Nick Mathewson
a88f3e24ea Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/test/test_addr.c
2013-03-18 15:29:32 -04:00
Nick Mathewson
2ac66e59f7 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/test/test_addr.c
2013-03-18 15:28:39 -04:00
Nick Mathewson
a770e1cc22 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:30:28 -04:00
Nick Mathewson
63b67577d6 Check return values from fcntl and setsockopt
(Based on a patch from flupzor; bug #8206)
2013-03-18 14:28:38 -04:00
Nick Mathewson
b163e801bc Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/routerlist.c
2013-03-15 12:20:17 -04:00
Nick Mathewson
0cf327dc78 Merge remote-tracking branch 'public/unused_stuff' into maint-0.2.4 2013-03-15 12:17:23 -04:00
Nick Mathewson
452cfaacfc Track TLS overhead: diagnostic for bug 7707 2013-03-11 22:06:07 -04:00
Nick Mathewson
fdafe11a25 Give an #error when we want threads and OpenSSL has disabled threads
Fixes ticket 6673.
2013-03-11 13:23:10 -04:00
Roger Dingledine
331e4dcb46 Merge branch 'maint-0.2.4' 2013-03-10 23:42:14 -04:00
Roger Dingledine
0196647970 start part-way through the ssl cert lifetime
also, snap the start time and end time to a day boundary, since most
certs in the wild seem to do this.
2013-03-10 23:38:18 -04:00
Nick Mathewson
55ce9bff54 Remove unused check_fingerprint_syntax 2013-03-01 22:01:26 -05:00
Nick Mathewson
a05dc378e3 Remove unused HMAC-SHA1 function
(We're not adding any new SHA1 instances in our protocols, so this
should never actually be needed.)
2013-03-01 21:59:12 -05:00
Nick Mathewson
6dfa709030 Remove the unused addr_mask_cmp_bits 2013-03-01 14:46:34 -05:00
Nick Mathewson
24fb926726 Remove the unused parse_addr_and_port_range 2013-03-01 14:35:17 -05:00
Nick Mathewson
b528aaef03 Make sure that [::1] is recognized as a private address
Fixes bug 8377; bugfix on 0.2.1.3-alpha.
2013-03-01 12:22:57 -05:00
Nick Mathewson
c72d58cbff Merge remote-tracking branch 'public/feature8109' 2013-03-01 00:33:37 -05:00
Nick Mathewson
a4e9d67292 Remove some functions which were unused except for their tests 2013-02-23 23:38:43 -05:00
Nick Mathewson
5bfa373eee Remove some totally unused functions 2013-02-23 23:31:31 -05:00
Nick Mathewson
365e302f61 Remove a bunch of unused macro definitions 2013-02-23 23:05:25 -05:00
Nick Mathewson
1827be0bd6 Make a parse_config_line_from_str variant that gives error messages
Without this patch, there's no way to know what went wrong when we
fail to parse a torrc line entirely (that is, we can't turn it into
a K,V pair.)  This patch introduces a new function that yields an
error message on failure, so we can at least tell the user what to
look for in their nonfunctional torrc.

(Actually, it's the same function as before with a new name:
parse_config_line_from_str is now a wrapper macro that the unit
tests use.)

Fixes bug 7950; fix on 0.2.0.16-alpha (58de695f90) which first
introduced the possibility of a torrc value not parsing correctly.
2013-02-19 17:36:17 -05:00
Nick Mathewson
22804c0391 Check for CPUs more accurartely when ONLN != CONF.
There are two ways to use sysconf to ask about the number of
CPUs. When we're on a VM, we would sometimes get it wrong by asking
for the number of total CPUs (say, 64) when we should have been asking
for the number of CPUs online (say, 1 or 2).

Fix for bug 8002.
2013-02-19 02:34:36 -05:00
Nick Mathewson
da6720e9fa Make _SC_OPEN_MAX actually get used when closing fds before exec.
Fixes bug 8209; bugfix on 0.2.3.1-alpha.
2013-02-11 16:27:35 -05:00
George Kadianakis
266f8cddd8 Refactoring to make parse_bridge_line() unittestable.
- Make parse_bridge_line() return a struct.
- Make bridge_add_from_config() accept a struct.
- Make string_is_key_value() less hysterical.
2013-02-11 18:07:26 +00:00
Nick Mathewson
2b4d4ccb3d Merge remote-tracking branch 'public/bug7801_v2' 2013-02-11 11:28:08 -05:00
George Kadianakis
b5dceab175 Fix various issues pointed out by Nick and Andrea.
- Document the key=value format.
- Constify equal_sign_pos.
- Pass some strings that are about to be logged to escape().
- Update documentation and fix some bugs in tor_escape_str_for_socks_arg().
- Use string_is_key_value() in parse_bridge_line().
- Parenthesize a forgotten #define
- Add some more comments.
- Add some more unit test cases.
2013-02-09 18:46:10 +00:00
George Kadianakis
b8532bcb1e Add utility functions needed for SOCKS argument parsing. 2013-02-09 16:30:16 +00:00
Nick Mathewson
69ab7cd828 Improve comment at Andrea's request 2013-02-08 17:13:11 -05:00
Nick Mathewson
561e9becbd Merge remote-tracking branch 'public/signof_enum' 2013-02-08 16:48:50 -05:00
Nick Mathewson
8cdd8b8353 Fix numerous problems with Tor's weak RNG.
We need a weak RNG in a couple of places where the strong RNG is
both needless and too slow.  We had been using the weak RNG from our
platform's libc implementation, but that was problematic (because
many platforms have exceptionally horrible weak RNGs -- like, ones
that only return values between 0 and SHORT_MAX) and because we were
using it in a way that was wrong for LCG-based weak RNGs.  (We were
counting on the low bits of the LCG output to be as random as the
high ones, which isn't true.)

This patch adds a separate type for a weak RNG, adds an LCG
implementation for it, and uses that exclusively where we had been
using the platform weak RNG.
2013-02-08 16:28:05 -05:00
Nick Mathewson
3433216268 Merge remote-tracking branch 'public/easy_ratelim'
Conflicts:
	src/or/connection.c
2013-02-07 17:13:51 -05:00
Nick Mathewson
41200b4770 Have autoconf check whether enums are signed.
Fixes bug 7727; fix on 0.2.4.10-alpha.
2013-02-07 16:30:32 -05:00
Nick Mathewson
ba7d93db16 Merge remote-tracking branch 'public/bug7816_023'
Conflicts:
	src/common/util.c
2013-02-07 15:20:50 -05:00
Nick Mathewson
266419d244 Tolerate curve25519 backends where the high bit of the pk isn't ignored
Right now, all our curve25519 backends ignore the high bit of the
public key. But possibly, others could treat the high bit of the
public key as encoding out-of-bounds values, or as something to be
preserved. This could be used to distinguish clients with different
backends, at the cost of killing a circuit.

As a workaround, let's just clear the high bit of each public key
indiscriminately before we use it. Fix for bug 8121, reported by
rransom. Bugfix on 0.2.4.8-alpha.
2013-02-07 14:09:01 -05:00
Nick Mathewson
5ea9a90d68 Fix compilation with --disable-curve25519 option
The fix is to move the two functions to format/parse base64
curve25519 public keys into a new "crypto_format.c" file.  I could
have put them in crypto.c, but that's a big file worth splitting
anyway.

Fixes bug 8153; bugfix on 0.2.4.8-alpha where I did the fix for 7869.
2013-02-04 11:32:55 -05:00
Nick Mathewson
7301339e33 fix wide lines from tor_log rename 2013-02-01 16:19:02 -05:00
Nick Mathewson
1dd03fbc77 Fix a silly mistake in the tor_mathlog() documentation. Give it a unit test. 2013-02-01 16:09:16 -05:00
Nick Mathewson
b034d07acd Remove old wrapper code and defines for keeping log() and log(3) apart
This is the non-automated portion of bug 7599.
2013-02-01 15:49:51 -05:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
abb5519d93 typo in crypto_curve25519.c comment, spotted by rransom 2013-01-31 13:53:29 -05:00
Nick Mathewson
294ce2ea87 whitespace fix 2013-01-31 13:26:25 -05:00
Nick Mathewson
97d0872f59 Build donna32 with -fomit-frame-pointer 2013-01-30 13:08:04 -05:00
Nick Mathewson
73d605b0f7 Detect platforms where memset(0) doesn't set doubles to 0.0.
This is allowed by the C statndard, which permits you to represent
doubles any way you like, but in practice we have some code that
assumes that memset() clears doubles in structs.  Noticed as part of
7802 review; see 8081 for more info.
2013-01-29 17:38:15 -05:00
Nick Mathewson
acd72d4e3e Correctly copy microdescs/extrinfos with internal NUL bytes
Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
2013-01-26 18:01:06 -05:00
Nick Mathewson
dd77b652f2 More of b30d06255c for #6826: fix compat_libevent compilation
It looks like there was a compilation error for 6826 on some
platforms.  Removing even more now-uncallable code to handle detecting
libevent versions before 1.3e.

Fixes bug 8012; bug not in any released Tor.
2013-01-21 18:24:10 +00:00
Nick Mathewson
e0581a4b57 Replace base-{16,32,64} with base{16,32,64} in the code
Patch from onizuka generated with

 find ./ -type f -perm -u+rw -exec sed -ri 's/(Base)-(16|32|64)/\1\2/gi' {} \;

Fixes issue 6875 on Tor.
2013-01-17 16:08:28 -05:00
Nick Mathewson
60a2aa8b00 Add ntor-related modules to the Makefiles.nmake 2013-01-17 15:53:36 -05:00
Nick Mathewson
ae58303d42 Even more code-removal for 6826
(Pull on a thread and the whole sweater unravels.)
2013-01-17 14:40:12 -05:00
Nick Mathewson
514d484597 Merge branch 'bug6826_squashed' 2013-01-17 09:23:07 -05:00
Nick Mathewson
b30d06255c Drop detection logic for pre-1.3 busted libevents
This won't actually break them any worse than they were broken before:
it just removes a set of warnings that nobody was actually seeing, I
hope.

Closes 6826
2013-01-17 09:22:57 -05:00
Nick Mathewson
d094a76cc8 Merge remote-tracking branch 'public/bug6302' 2013-01-17 09:20:24 -05:00
Nick Mathewson
b998431a33 Merge branch '024_msvc_squashed'
Conflicts:
	src/or/or.h
	 srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
b7cf7bd9ae Fix an instance of snprintf; don't use _snprintf directly 2013-01-16 22:29:39 -05:00
Nick Mathewson
5e06c4ee32 When building with MSVC, call every enum bitfield unsigned
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
0558efbd62 Fix a const warning under msvc 2013-01-16 22:29:38 -05:00
Nick Mathewson
ce2513abb8 Add clean target and test subdir to makefile.nmake 2013-01-16 22:29:38 -05:00
Nick Mathewson
b7dd716195 Add missing includes and libs to makefile.nmake
Fixes bugs 7312 and 7310.
2013-01-16 22:29:38 -05:00
Nick Mathewson
0102aaeb6b Define SIZEOF_INTPTR_T when defining replacement intptr_t
Fixes bug 7669
2013-01-16 22:29:38 -05:00
Nick Mathewson
49e619c1cf Rename *_isin to *_contains
This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".

  s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
  s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
  s/smartlist_digest_isin/smartlist_contains_digest/g;
  s/smartlist_isin/smartlist_contains/g;
  s/digestset_isin/digestset_contains/g;
2013-01-16 16:57:11 -05:00
Nick Mathewson
9bd811b337 Refactor: Use SOCK_ERRNO to avoid some #ifdef _WIN32s
Fixes ticket 6302
2013-01-16 15:30:20 -05:00
Nick Mathewson
b987081941 Check for nacl headers in nacl/ subdir
Fix for bug 7972
2013-01-16 10:29:11 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Roger Dingledine
6e4a4002c5 Clean up odds and ends 2013-01-15 15:40:17 -05:00
Nick Mathewson
c9242f4fd4 Merge branch 'bug7869' 2013-01-14 12:32:00 -05:00
Nick Mathewson
a5ee3834bf Handle EWOULDBLOCK as EAGAIN if they happen to be different.
Fixes bug 7935.  Reported by 'oftc_must_be_destroyed'.
2013-01-11 16:36:54 -08:00
Nick Mathewson
31d888c834 Make the = at the end of ntor-onion-key optional.
Makes bug 7869 more easily fixable if we ever choose to do so.
2013-01-05 22:53:32 -05:00
Nick Mathewson
b1bdecd703 Merge branch 'ntor-resquashed'
Conflicts:
	src/or/cpuworker.c
	src/or/or.h
	src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
d3de0b91fb Check all crypto_rand return values for ntor. 2013-01-03 11:29:49 -05:00
Nick Mathewson
5f219ddd02 Use safe_mem_is_zero for checking curve25519 output for 0-ness
This should make the intent more explicit.  Probably needless, though.
2013-01-03 11:29:48 -05:00
Nick Mathewson
f07a5125cb Implement a constant-time safe_mem_is_zero. 2013-01-03 11:29:48 -05:00
Nick Mathewson
d907fca29b Make libcurve25519_donna get built as a .a
This lets us give it compiler flags differing from the rest of
libor-crypto.a
2013-01-03 11:29:47 -05:00
Nick Mathewson
6c883bc638 Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
2013-01-02 14:11:13 -05:00
Nick Mathewson
25c05cb747 Refactor strong os-RNG into its own function
Previously, we only used the strong OS entropy source as part of
seeding OpenSSL's RNG.  But with curve25519, we'll have occasion to
want to generate some keys using extremely-good entopy, as well as the
means to do so.  So let's!

This patch refactors the OS-entropy wrapper into its own
crypto_strongest_rand() function, and makes our new
curve25519_secret_key_generate function try it as appropriate.
2013-01-02 14:11:13 -05:00
Nick Mathewson
89ec584805 Add a wrapper around, and test and build support for, curve25519.
We want to use donna-c64 when we have a GCC with support for
64x64->uint128_t multiplying.  If not, we want to use libnacl if we
can, unless it's giving us the unsafe "ref" implementation.  And if
that isn't going to work, we'd like to use the
portable-and-safe-but-slow 32-bit "donna" implementation.

We might need more library searching for the correct libnacl,
especially once the next libnacl release is out -- it's likely to have
bunches of better curve25519 implementations.

I also define a set of curve25519 wrapper functions, though it really
shouldn't be necessary.

We should eventually make the -donna*.c files get build with
-fomit-frame-pointer, since that can make a difference.
2013-01-02 14:10:48 -05:00
Nick Mathewson
cfab9f0755 Add a data-invariant linear-search map structure
I'm going to use this for looking op keys server-side for ntor.
2013-01-02 14:10:48 -05:00
Sebastian Hahn
11e8a445c3 Fix a couple of harmless clang3.2 warnings 2012-12-31 18:23:28 +01:00
Nick Mathewson
d3aabf4db1 Fix various small leaks on error cases
Spotted by coverity, bug 7816, bugfix on various versions.
2012-12-28 22:49:32 -05:00
Nick Mathewson
f269e0f9a5 Wrapper function for the common rate-limited-log pattern. 2012-12-26 11:07:11 -05:00
Nick Mathewson
68dae4cf35 One last fix for a warning on non-EC systems 2012-12-25 22:12:18 -05:00
Nick Mathewson
ddbe28919a Be more noncomittal about performance improvement of uint128 backend. 2012-12-25 21:08:42 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
c8b3bdb782 Inform the user if they're passing up a 10x ECDH speedup. 2012-12-25 20:14:07 -05:00
Nick Mathewson
175b2678d7 Let servers choose better ciphersuites when clients support them
This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
2012-12-25 20:14:07 -05:00
Nick Mathewson
63208aa1e5 Remove the address argument from client cipher classification fns 2012-12-25 20:14:07 -05:00
Nick Mathewson
047d9e57b0 Cache the type of client cipher list we have in the tor_tls_t
We already use this classification for deciding whether (as a server)
to do a v2/v3 handshake, and we're about to start using it for
deciding whether we can use good ciphersuites too.
2012-12-25 20:14:07 -05:00
Nick Mathewson
2a26e1d45f prop198: Detect the list of ciphersuites we used to lie about having
This is less easy than you might think; we can't just look at the
client ciphers list, since openssl doesn't remember client ciphers if
it doesn't know about them.  So we have to keep a list of the "v2"
ciphers, with the ones we don't know about removed.
2012-12-25 20:14:07 -05:00
Nick Mathewson
bbaf4d9643 Configure SSL context to know about using P-256 for ECDHE. 2012-12-25 20:14:03 -05:00
Nick Mathewson
b1ff8daeb5 Nuke uses of memcmp outside of unit tests
We want to be saying fast_mem{cmp,eq,neq} when we're doing a
comparison that's allowed to exit early, or tor_mem{cmp,eq,neq} when
we need a data-invariant timing.  Direct use of memcmp tends to imply
that we haven't thought about the issue.
2012-12-13 17:34:05 -05:00
Nick Mathewson
3fa9151f26 Merge branch 'win64-7260'
Conflicts:
	src/or/dns.c
2012-12-07 14:12:17 -05:00
Nick Mathewson
6921d1fd25 Implement HKDF from RFC5869
This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.

I'm also renaming the existing KDF, now that Tor has two of them.

This is the key derivation scheme specified in ntor.

There are also unit tests.
2012-12-06 01:54:09 -05:00
Nick Mathewson
3c3084e165 Add a crypto_dh_dup, for benchmark support 2012-12-06 01:54:09 -05:00
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
6f21d2e496 Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. 2012-11-27 22:18:08 -05:00
Nick Mathewson
99669c69b3 Note limitation of parse_rfc_1123_time
RFC1123 suggests that we should handle two-year times, and a full
range of time zones, and other stuff too.  We don't.
2012-11-23 10:06:16 -05:00
Nick Mathewson
864e15cd1c In comments and logs, say "UTC" not "GMT"
Fix for #6113.

Note that the RFC1123 times we generate still all say 'GMT'.  I'm
going to suggest this is not worth changing.
2012-11-23 10:05:16 -05:00
Nick Mathewson
e6828ea634 Refer to RFC 4648 instead of the obsolete RFC 3548
Affects comments only. For ticket 6849.
2012-11-23 09:51:35 -05:00
Nick Mathewson
85e8d35fca Add some missing doxygen for ipv6 exit code 2012-11-14 23:16:57 -05:00
Nick Mathewson
898f9c8bcc Add a function to set a tor_addr_t to a null address 2012-11-14 23:16:23 -05:00
Nick Mathewson
2eb7eafc9d Add a new family-specific syntax for tor_addr_parse_mask_ports
By default, "*" means "All IPv4 addresses" with
tor_addr_parse_mask_ports, so I won't break anything.  But if the new
EXTENDED_STAR flag is provided, then * means "any address", *4 means
"any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
address" (that is, [::]/0).

This is going to let us have a syntax for specifying exit policies in
torrc that won't drive people mad.

Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
these new features, and to increase coverage.
2012-11-14 23:16:21 -05:00
Nick Mathewson
08436b27ff Merge remote-tracking branch 'origin/maint-0.2.3' 2012-11-08 20:00:54 -05:00
Nick Mathewson
e567b4482a Turn a memwipe in tor_process_handle_destroy() back to memset
It broke linking on tor-resolve.c, and it's not actually sanitizing
anything sensitive.  Fix for bug 7420; bug not on ony released Tor.
2012-11-08 19:59:54 -05:00
Nick Mathewson
81deddb08c Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/common/crypto.c
	src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
George Kadianakis
a9f786758d Add warning message when a managed proxy dies during configuration. 2012-11-06 17:53:09 -05:00
Nick Mathewson
1bfda600c3 Add a TOR_SOCKET_T_FORMAT construction for logging sockets.
We need this since win64 has a 64-bit SOCKET type.

Based on a patch from yayooo for 7260, forward-ported to 0.2.4.
2012-11-02 14:22:21 -04:00
Nick Mathewson
07656d70ed Add a PID_T_FORMAT for writing pids to logs
This is based on code by yayooo for 7260, but:

 - It allows for SIZEOF_PID_T == SIZEOF_SHORT

 - It addresses some additional cases where we weren't getting any
   warnings only because we were casting pid_t to int.
2012-11-02 14:07:01 -04:00
Nick Mathewson
5e096b6770 Remove an unused variable; part of mingw64 patch from yayooo 2012-11-02 14:03:32 -04:00
Nick Mathewson
9dee6b1dce Compile (with warnings) with mingw64
Patch from yayooo for bug 7260, forward-ported to 0.2.4.
2012-11-02 13:51:11 -04:00
Roger Dingledine
4fc866ce7f touch-ups 2012-10-26 00:39:06 -04:00
Nick Mathewson
a1c121e78e Change changes file and comment for 7189, for making it 0.2.4-only for now 2012-10-24 22:11:43 -04:00
Nick Mathewson
4a7962e439 Merge remote-tracking branch 'public/bug7189_tentative' 2012-10-24 22:07:10 -04:00
Nick Mathewson
62a49c0cc8 Only disable TLS tickets when being/acting as a server.
Fix for bug 7189.
2012-10-24 20:13:25 -04:00
Nick Mathewson
b0646cc142 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-23 21:48:50 -04:00
Nick Mathewson
8905789170 Fix binary search on lists of 0 or 1 element.
The implementation we added has a tendency to crash with lists of 0 or
one element.  That can happen if we get a consensus vote, v2
consensus, consensus, or geoip file with 0 or 1 element.  There's a
DOS opportunity there that authorities could exploit against one
another, and which an evil v2 authority could exploit against anything
downloading v2 directory information..

This fix is minimalistic: It just adds a special-case for 0- and
1-element lists.  For 0.2.4 (the current alpha series) we'll want a
better patch.

This is bug 7191; it's a fix on 0.2.0.10-alpha.
2012-10-23 21:32:26 -04:00
Andrea Shepard
fb97c0214b Rewrite smartlist_bsearch_idx() to not be broken for lists of length zero or one (fixes bug 7191) 2012-10-23 14:27:56 -07:00
Nick Mathewson
9f1b1ef4fb Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-19 01:01:26 -04:00
Nick Mathewson
a0e9dc9f55 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-19 00:58:33 -04:00
Nick Mathewson
8743080a28 Disable TLS Session Tickets, which we were apparently getting for free
OpenSSL 1.0.0 added an implementation of TLS session tickets, a
"feature" that let session resumption occur without server-side state
by giving clients an encrypted "ticket" that the client could present
later to get the session going again with the same keys as before.
OpenSSL was giving the keys to decrypt these tickets the lifetime of
the SSL contexts, which would have been terrible for PFS if we had
long-lived SSL contexts.  Fortunately, we don't.  Still, it's pretty
bad.  We should also drop these, since our use of the extension stands
out with our non-use of session cacheing.

Found by nextgens. Bugfix on all versions of Tor when built with
openssl 1.0.0 or later.  Fixes bug 7139.
2012-10-19 00:54:51 -04:00
Nick Mathewson
9f83142591 Merge remote-tracking branch 'public/bug1031' 2012-10-15 11:20:48 -04:00
Nick Mathewson
e3c746384a Fix whitespace in aes.c 2012-10-12 17:17:36 -04:00
Nick Mathewson
48b3ae8fe0 Move strlcpy and strlcat into src/ext too 2012-10-12 17:14:28 -04:00
Nick Mathewson
56c0baa523 Rename all reserved C identifiers we defined
For everything we declare that starts with _, make it end with _ instead.

This is a machine-generated patch.  To make it, start by getting the
list of reserved identifiers using:

     git ls-tree -r --name-only HEAD | grep  '\.[ch]$' | \
       xargs ctags --c-kinds=defglmpstuvx -o - | grep '^_' | \
       cut -f 1 | sort| uniq

You might need gnu ctags.

Then pipe the output through this script:
==============================

use strict;

BEGIN { print "#!/usr/bin/perl -w -i -p\n\n"; }

chomp;

next if (
     /^__attribute__/ or
     /^__func__/ or
     /^_FILE_OFFSET_BITS/ or
     /^_FORTIFY_SOURCE/ or
     /^_GNU_SOURCE/ or
     /^_WIN32/ or
     /^_DARWIN_UNLIMITED/ or
     /^_FILE_OFFSET_BITS/ or
     /^_LARGEFILE64_SOURCE/ or
     /^_LFS64_LARGEFILE/ or
     /^__cdecl/ or
     /^__attribute__/ or
     /^__func__/ or
    /^_WIN32_WINNT/);

my $ident = $_;

my $better = $ident;
$better =~ s/^_//;

$better = "${better}_";

print "s/(?<![A-Za-z0-9_])$ident(?![A-Za-z0-9_])/$better/g;\n";
==============================

Then run the resulting script on all the files you want to change.
(That is, all the C except that in src/ext.)  The resulting script was:

==============================

s/(?<![A-Za-z0-9_])_address(?![A-Za-z0-9_])/address_/g;
s/(?<![A-Za-z0-9_])_aes_fill_buf(?![A-Za-z0-9_])/aes_fill_buf_/g;
s/(?<![A-Za-z0-9_])_AllowInvalid(?![A-Za-z0-9_])/AllowInvalid_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MAX(?![A-Za-z0-9_])/AP_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MIN(?![A-Za-z0-9_])/AP_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_assert_cache_ok(?![A-Za-z0-9_])/assert_cache_ok_/g;
s/(?<![A-Za-z0-9_])_A_UNKNOWN(?![A-Za-z0-9_])/A_UNKNOWN_/g;
s/(?<![A-Za-z0-9_])_base(?![A-Za-z0-9_])/base_/g;
s/(?<![A-Za-z0-9_])_BridgePassword_AuthDigest(?![A-Za-z0-9_])/BridgePassword_AuthDigest_/g;
s/(?<![A-Za-z0-9_])_buffer_stats_compare_entries(?![A-Za-z0-9_])/buffer_stats_compare_entries_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entries_eq(?![A-Za-z0-9_])/chan_circid_entries_eq_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entry_hash(?![A-Za-z0-9_])/chan_circid_entry_hash_/g;
s/(?<![A-Za-z0-9_])_check_no_tls_errors(?![A-Za-z0-9_])/check_no_tls_errors_/g;
s/(?<![A-Za-z0-9_])_c_hist_compare(?![A-Za-z0-9_])/c_hist_compare_/g;
s/(?<![A-Za-z0-9_])_circ(?![A-Za-z0-9_])/circ_/g;
s/(?<![A-Za-z0-9_])_circuit_get_global_list(?![A-Za-z0-9_])/circuit_get_global_list_/g;
s/(?<![A-Za-z0-9_])_circuit_mark_for_close(?![A-Za-z0-9_])/circuit_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_C_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_C_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MIN_/g;
s/(?<![A-Za-z0-9_])_cmp_int_strings(?![A-Za-z0-9_])/cmp_int_strings_/g;
s/(?<![A-Za-z0-9_])_compare_cached_resolves_by_expiry(?![A-Za-z0-9_])/compare_cached_resolves_by_expiry_/g;
s/(?<![A-Za-z0-9_])_compare_digests(?![A-Za-z0-9_])/compare_digests_/g;
s/(?<![A-Za-z0-9_])_compare_digests256(?![A-Za-z0-9_])/compare_digests256_/g;
s/(?<![A-Za-z0-9_])_compare_dir_src_ents_by_authority_id(?![A-Za-z0-9_])/compare_dir_src_ents_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_duration_idx(?![A-Za-z0-9_])/compare_duration_idx_/g;
s/(?<![A-Za-z0-9_])_compare_int(?![A-Za-z0-9_])/compare_int_/g;
s/(?<![A-Za-z0-9_])_compare_networkstatus_v2_published_on(?![A-Za-z0-9_])/compare_networkstatus_v2_published_on_/g;
s/(?<![A-Za-z0-9_])_compare_old_routers_by_identity(?![A-Za-z0-9_])/compare_old_routers_by_identity_/g;
s/(?<![A-Za-z0-9_])_compare_orports(?![A-Za-z0-9_])/compare_orports_/g;
s/(?<![A-Za-z0-9_])_compare_pairs(?![A-Za-z0-9_])/compare_pairs_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_id_digest(?![A-Za-z0-9_])/compare_routerinfo_by_id_digest_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_ip_and_bw(?![A-Za-z0-9_])/compare_routerinfo_by_ip_and_bw_/g;
s/(?<![A-Za-z0-9_])_compare_signed_descriptors_by_age(?![A-Za-z0-9_])/compare_signed_descriptors_by_age_/g;
s/(?<![A-Za-z0-9_])_compare_string_ptrs(?![A-Za-z0-9_])/compare_string_ptrs_/g;
s/(?<![A-Za-z0-9_])_compare_strings_for_pqueue(?![A-Za-z0-9_])/compare_strings_for_pqueue_/g;
s/(?<![A-Za-z0-9_])_compare_strs(?![A-Za-z0-9_])/compare_strs_/g;
s/(?<![A-Za-z0-9_])_compare_tor_version_str_ptr(?![A-Za-z0-9_])/compare_tor_version_str_ptr_/g;
s/(?<![A-Za-z0-9_])_compare_vote_rs(?![A-Za-z0-9_])/compare_vote_rs_/g;
s/(?<![A-Za-z0-9_])_compare_votes_by_authority_id(?![A-Za-z0-9_])/compare_votes_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_without_first_ch(?![A-Za-z0-9_])/compare_without_first_ch_/g;
s/(?<![A-Za-z0-9_])_connection_free(?![A-Za-z0-9_])/connection_free_/g;
s/(?<![A-Za-z0-9_])_connection_mark_and_flush(?![A-Za-z0-9_])/connection_mark_and_flush_/g;
s/(?<![A-Za-z0-9_])_connection_mark_for_close(?![A-Za-z0-9_])/connection_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_connection_mark_unattached_ap(?![A-Za-z0-9_])/connection_mark_unattached_ap_/g;
s/(?<![A-Za-z0-9_])_connection_write_to_buf_impl(?![A-Za-z0-9_])/connection_write_to_buf_impl_/g;
s/(?<![A-Za-z0-9_])_ConnLimit(?![A-Za-z0-9_])/ConnLimit_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MAX(?![A-Za-z0-9_])/CONN_TYPE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MIN(?![A-Za-z0-9_])/CONN_TYPE_MIN_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MAX(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MIN(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MAX(?![A-Za-z0-9_])/CPUWORKER_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MIN(?![A-Za-z0-9_])/CPUWORKER_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_crypto_dh_get_dh(?![A-Za-z0-9_])/crypto_dh_get_dh_/g;
s/(?<![A-Za-z0-9_])_crypto_global_initialized(?![A-Za-z0-9_])/crypto_global_initialized_/g;
s/(?<![A-Za-z0-9_])_crypto_new_pk_from_rsa(?![A-Za-z0-9_])/crypto_new_pk_from_rsa_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_evp_pkey(?![A-Za-z0-9_])/crypto_pk_get_evp_pkey_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_rsa(?![A-Za-z0-9_])/crypto_pk_get_rsa_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MAX(?![A-Za-z0-9_])/DIR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MIN(?![A-Za-z0-9_])/DIR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MAX(?![A-Za-z0-9_])/DIR_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MIN(?![A-Za-z0-9_])/DIR_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_get(?![A-Za-z0-9_])/dirreq_map_get_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_put(?![A-Za-z0-9_])/dirreq_map_put_/g;
s/(?<![A-Za-z0-9_])_dns_randfn(?![A-Za-z0-9_])/dns_randfn_/g;
s/(?<![A-Za-z0-9_])_dummy(?![A-Za-z0-9_])/dummy_/g;
s/(?<![A-Za-z0-9_])_edge(?![A-Za-z0-9_])/edge_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MAX(?![A-Za-z0-9_])/END_CIRC_REASON_MAX_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MIN(?![A-Za-z0-9_])/END_CIRC_REASON_MIN_/g;
s/(?<![A-Za-z0-9_])_EOF(?![A-Za-z0-9_])/EOF_/g;
s/(?<![A-Za-z0-9_])_ERR(?![A-Za-z0-9_])/ERR_/g;
s/(?<![A-Za-z0-9_])_escaped_val(?![A-Za-z0-9_])/escaped_val_/g;
s/(?<![A-Za-z0-9_])_evdns_log(?![A-Za-z0-9_])/evdns_log_/g;
s/(?<![A-Za-z0-9_])_evdns_nameserver_add_impl(?![A-Za-z0-9_])/evdns_nameserver_add_impl_/g;
s/(?<![A-Za-z0-9_])_EVENT_MAX(?![A-Za-z0-9_])/EVENT_MAX_/g;
s/(?<![A-Za-z0-9_])_EVENT_MIN(?![A-Za-z0-9_])/EVENT_MIN_/g;
s/(?<![A-Za-z0-9_])_ExcludeExitNodesUnion(?![A-Za-z0-9_])/ExcludeExitNodesUnion_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MAX(?![A-Za-z0-9_])/EXIT_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MIN(?![A-Za-z0-9_])/EXIT_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MAX(?![A-Za-z0-9_])/EXIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MIN(?![A-Za-z0-9_])/EXIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_extrainfo_free(?![A-Za-z0-9_])/extrainfo_free_/g;
s/(?<![A-Za-z0-9_])_find_by_keyword(?![A-Za-z0-9_])/find_by_keyword_/g;
s/(?<![A-Za-z0-9_])_free_cached_dir(?![A-Za-z0-9_])/free_cached_dir_/g;
s/(?<![A-Za-z0-9_])_free_cached_resolve(?![A-Za-z0-9_])/free_cached_resolve_/g;
s/(?<![A-Za-z0-9_])_free_duplicate_routerstatus_entry(?![A-Za-z0-9_])/free_duplicate_routerstatus_entry_/g;
s/(?<![A-Za-z0-9_])_free_link_history(?![A-Za-z0-9_])/free_link_history_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_entries(?![A-Za-z0-9_])/geoip_compare_entries_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_key_to_entry(?![A-Za-z0-9_])/geoip_compare_key_to_entry_/g;
s/(?<![A-Za-z0-9_])_hex_decode_digit(?![A-Za-z0-9_])/hex_decode_digit_/g;
s/(?<![A-Za-z0-9_])_idxplus1(?![A-Za-z0-9_])/idxplus1_/g;
s/(?<![A-Za-z0-9_])__libc_enable_secure(?![A-Za-z0-9_])/_libc_enable_secure_/g;
s/(?<![A-Za-z0-9_])_log_debug(?![A-Za-z0-9_])/log_debug_/g;
s/(?<![A-Za-z0-9_])_log_err(?![A-Za-z0-9_])/log_err_/g;
s/(?<![A-Za-z0-9_])_log_fn(?![A-Za-z0-9_])/log_fn_/g;
s/(?<![A-Za-z0-9_])_log_fn_function_name(?![A-Za-z0-9_])/log_fn_function_name_/g;
s/(?<![A-Za-z0-9_])_log_global_min_severity(?![A-Za-z0-9_])/log_global_min_severity_/g;
s/(?<![A-Za-z0-9_])_log_info(?![A-Za-z0-9_])/log_info_/g;
s/(?<![A-Za-z0-9_])_log_notice(?![A-Za-z0-9_])/log_notice_/g;
s/(?<![A-Za-z0-9_])_log_prefix(?![A-Za-z0-9_])/log_prefix_/g;
s/(?<![A-Za-z0-9_])_log_warn(?![A-Za-z0-9_])/log_warn_/g;
s/(?<![A-Za-z0-9_])_magic(?![A-Za-z0-9_])/magic_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK(?![A-Za-z0-9_])/MALLOC_LOCK_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK_INIT(?![A-Za-z0-9_])/MALLOC_LOCK_INIT_/g;
s/(?<![A-Za-z0-9_])_MALLOC_UNLOCK(?![A-Za-z0-9_])/MALLOC_UNLOCK_/g;
s/(?<![A-Za-z0-9_])_microdesc_eq(?![A-Za-z0-9_])/microdesc_eq_/g;
s/(?<![A-Za-z0-9_])_microdesc_hash(?![A-Za-z0-9_])/microdesc_hash_/g;
s/(?<![A-Za-z0-9_])_MIN_TOR_TLS_ERROR_VAL(?![A-Za-z0-9_])/MIN_TOR_TLS_ERROR_VAL_/g;
s/(?<![A-Za-z0-9_])_mm_free(?![A-Za-z0-9_])/mm_free_/g;
s/(?<![A-Za-z0-9_])_NIL(?![A-Za-z0-9_])/NIL_/g;
s/(?<![A-Za-z0-9_])_n_openssl_mutexes(?![A-Za-z0-9_])/n_openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_create_cb(?![A-Za-z0-9_])/openssl_dynlock_create_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_destroy_cb(?![A-Za-z0-9_])/openssl_dynlock_destroy_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_lock_cb(?![A-Za-z0-9_])/openssl_dynlock_lock_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_locking_cb(?![A-Za-z0-9_])/openssl_locking_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_mutexes(?![A-Za-z0-9_])/openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_option_abbrevs(?![A-Za-z0-9_])/option_abbrevs_/g;
s/(?<![A-Za-z0-9_])_option_vars(?![A-Za-z0-9_])/option_vars_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MAX(?![A-Za-z0-9_])/OR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MIN(?![A-Za-z0-9_])/OR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv4(?![A-Za-z0-9_])/OutboundBindAddressIPv4_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv6(?![A-Za-z0-9_])/OutboundBindAddressIPv6_/g;
s/(?<![A-Za-z0-9_])_PDS_PREFER_TUNNELED_DIR_CONNS(?![A-Za-z0-9_])/PDS_PREFER_TUNNELED_DIR_CONNS_/g;
s/(?<![A-Za-z0-9_])_port(?![A-Za-z0-9_])/port_/g;
s/(?<![A-Za-z0-9_])__progname(?![A-Za-z0-9_])/_progname_/g;
s/(?<![A-Za-z0-9_])_PublishServerDescriptor(?![A-Za-z0-9_])/PublishServerDescriptor_/g;
s/(?<![A-Za-z0-9_])_remove_old_client_helper(?![A-Za-z0-9_])/remove_old_client_helper_/g;
s/(?<![A-Za-z0-9_])_rend_cache_entry_free(?![A-Za-z0-9_])/rend_cache_entry_free_/g;
s/(?<![A-Za-z0-9_])_routerlist_find_elt(?![A-Za-z0-9_])/routerlist_find_elt_/g;
s/(?<![A-Za-z0-9_])_SafeLogging(?![A-Za-z0-9_])/SafeLogging_/g;
s/(?<![A-Za-z0-9_])_SHORT_FILE_(?![A-Za-z0-9_])/SHORT_FILE__/g;
s/(?<![A-Za-z0-9_])_state_abbrevs(?![A-Za-z0-9_])/state_abbrevs_/g;
s/(?<![A-Za-z0-9_])_state_vars(?![A-Za-z0-9_])/state_vars_/g;
s/(?<![A-Za-z0-9_])_t(?![A-Za-z0-9_])/t_/g;
s/(?<![A-Za-z0-9_])_t32(?![A-Za-z0-9_])/t32_/g;
s/(?<![A-Za-z0-9_])_test_op_ip6(?![A-Za-z0-9_])/test_op_ip6_/g;
s/(?<![A-Za-z0-9_])_thread1_name(?![A-Za-z0-9_])/thread1_name_/g;
s/(?<![A-Za-z0-9_])_thread2_name(?![A-Za-z0-9_])/thread2_name_/g;
s/(?<![A-Za-z0-9_])_thread_test_func(?![A-Za-z0-9_])/thread_test_func_/g;
s/(?<![A-Za-z0-9_])_thread_test_mutex(?![A-Za-z0-9_])/thread_test_mutex_/g;
s/(?<![A-Za-z0-9_])_thread_test_start1(?![A-Za-z0-9_])/thread_test_start1_/g;
s/(?<![A-Za-z0-9_])_thread_test_start2(?![A-Za-z0-9_])/thread_test_start2_/g;
s/(?<![A-Za-z0-9_])_thread_test_strmap(?![A-Za-z0-9_])/thread_test_strmap_/g;
s/(?<![A-Za-z0-9_])_tor_calloc(?![A-Za-z0-9_])/tor_calloc_/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_INTERNAL(?![A-Za-z0-9_])/TOR_CHANNEL_INTERNAL_/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_C(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_C_/g;
s/(?<![A-Za-z0-9_])_tor_free(?![A-Za-z0-9_])/tor_free_/g;
s/(?<![A-Za-z0-9_])_tor_malloc(?![A-Za-z0-9_])/tor_malloc_/g;
s/(?<![A-Za-z0-9_])_tor_malloc_zero(?![A-Za-z0-9_])/tor_malloc_zero_/g;
s/(?<![A-Za-z0-9_])_tor_memdup(?![A-Za-z0-9_])/tor_memdup_/g;
s/(?<![A-Za-z0-9_])_tor_realloc(?![A-Za-z0-9_])/tor_realloc_/g;
s/(?<![A-Za-z0-9_])_tor_strdup(?![A-Za-z0-9_])/tor_strdup_/g;
s/(?<![A-Za-z0-9_])_tor_strndup(?![A-Za-z0-9_])/tor_strndup_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_SYSCALL(?![A-Za-z0-9_])/TOR_TLS_SYSCALL_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_ZERORETURN(?![A-Za-z0-9_])/TOR_TLS_ZERORETURN_/g;
s/(?<![A-Za-z0-9_])__USE_ISOC99(?![A-Za-z0-9_])/_USE_ISOC99_/g;
s/(?<![A-Za-z0-9_])_UsingTestNetworkDefaults(?![A-Za-z0-9_])/UsingTestNetworkDefaults_/g;
s/(?<![A-Za-z0-9_])_val(?![A-Za-z0-9_])/val_/g;
s/(?<![A-Za-z0-9_])_void_for_alignment(?![A-Za-z0-9_])/void_for_alignment_/g;

==============================
2012-10-12 12:22:13 -04:00
Nick Mathewson
0cb921f3e9 Convert all include-guard macros to avoid reserved identifiers.
In C, we technically aren't supposed to define our own things that
start with an underscore.

This is a purely machine-generated commit.  First, I ran this script
on all the headers in src/{common,or,test,tools/*}/*.h :
==============================

use strict;

my %macros = ();
my %skipped = ();
FILE: for my $fn (@ARGV) {
    my $f = $fn;
    if ($fn !~ /^\.\//) {
	$f = "./$fn";
    }
    $skipped{$fn} = 0;
    open(F, $fn);
    while (<F>) {
	if (/^#ifndef ([A-Za-z0-9_]+)/) {
	    $macros{$fn} = $1;
	    next FILE;
	}
    }
}

print "#!/usr/bin/perl -w -i -p\n\n";
for my $fn (@ARGV) {
    if (! exists $macros{$fn}) {
	print "# No macro known for $fn!\n" if (!$skipped{$fn});
	next;
    }
    if ($macros{$fn} !~ /_H_?$/) {
	print "# Weird macro for $fn...\n";
    }
    my $goodmacro = uc $fn;
    $goodmacro =~ s#.*/##;
    $goodmacro =~ s#[\/\-\.]#_#g;
    print "s/(?<![A-Za-z0-9_])$macros{$fn}(?![A-Za-z0-9_])/TOR_${goodmacro}/g;\n"
}
==============================

It produced the following output, which I then re-ran on those same files:

==============================

s/(?<![A-Za-z0-9_])_TOR_ADDRESS_H(?![A-Za-z0-9_])/TOR_ADDRESS_H/g;
s/(?<![A-Za-z0-9_])_TOR_AES_H(?![A-Za-z0-9_])/TOR_AES_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMPAT_H(?![A-Za-z0-9_])/TOR_COMPAT_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMPAT_LIBEVENT_H(?![A-Za-z0-9_])/TOR_COMPAT_LIBEVENT_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONTAINER_H(?![A-Za-z0-9_])/TOR_CONTAINER_H/g;
s/(?<![A-Za-z0-9_])_TOR_CRYPTO_H(?![A-Za-z0-9_])/TOR_CRYPTO_H/g;
s/(?<![A-Za-z0-9_])TOR_DI_OPS_H(?![A-Za-z0-9_])/TOR_DI_OPS_H/g;
s/(?<![A-Za-z0-9_])_TOR_MEMAREA_H(?![A-Za-z0-9_])/TOR_MEMAREA_H/g;
s/(?<![A-Za-z0-9_])_TOR_MEMPOOL_H(?![A-Za-z0-9_])/TOR_MEMPOOL_H/g;
s/(?<![A-Za-z0-9_])TOR_PROCMON_H(?![A-Za-z0-9_])/TOR_PROCMON_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORGZIP_H(?![A-Za-z0-9_])/TOR_TORGZIP_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORINT_H(?![A-Za-z0-9_])/TOR_TORINT_H/g;
s/(?<![A-Za-z0-9_])_TOR_LOG_H(?![A-Za-z0-9_])/TOR_TORLOG_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORTLS_H(?![A-Za-z0-9_])/TOR_TORTLS_H/g;
s/(?<![A-Za-z0-9_])_TOR_UTIL_H(?![A-Za-z0-9_])/TOR_UTIL_H/g;
s/(?<![A-Za-z0-9_])_TOR_BUFFERS_H(?![A-Za-z0-9_])/TOR_BUFFERS_H/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_H(?![A-Za-z0-9_])/TOR_CHANNEL_H/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_TLS_H(?![A-Za-z0-9_])/TOR_CHANNELTLS_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITBUILD_H(?![A-Za-z0-9_])/TOR_CIRCUITBUILD_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITLIST_H(?![A-Za-z0-9_])/TOR_CIRCUITLIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITUSE_H(?![A-Za-z0-9_])/TOR_CIRCUITUSE_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMMAND_H(?![A-Za-z0-9_])/TOR_COMMAND_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONFIG_H(?![A-Za-z0-9_])/TOR_CONFIG_H/g;
s/(?<![A-Za-z0-9_])TOR_CONFPARSE_H(?![A-Za-z0-9_])/TOR_CONFPARSE_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_EDGE_H(?![A-Za-z0-9_])/TOR_CONNECTION_EDGE_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_H(?![A-Za-z0-9_])/TOR_CONNECTION_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_OR_H(?![A-Za-z0-9_])/TOR_CONNECTION_OR_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONTROL_H(?![A-Za-z0-9_])/TOR_CONTROL_H/g;
s/(?<![A-Za-z0-9_])_TOR_CPUWORKER_H(?![A-Za-z0-9_])/TOR_CPUWORKER_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRECTORY_H(?![A-Za-z0-9_])/TOR_DIRECTORY_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRSERV_H(?![A-Za-z0-9_])/TOR_DIRSERV_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRVOTE_H(?![A-Za-z0-9_])/TOR_DIRVOTE_H/g;
s/(?<![A-Za-z0-9_])_TOR_DNS_H(?![A-Za-z0-9_])/TOR_DNS_H/g;
s/(?<![A-Za-z0-9_])_TOR_DNSSERV_H(?![A-Za-z0-9_])/TOR_DNSSERV_H/g;
s/(?<![A-Za-z0-9_])TOR_EVENTDNS_TOR_H(?![A-Za-z0-9_])/TOR_EVENTDNS_TOR_H/g;
s/(?<![A-Za-z0-9_])_TOR_GEOIP_H(?![A-Za-z0-9_])/TOR_GEOIP_H/g;
s/(?<![A-Za-z0-9_])_TOR_HIBERNATE_H(?![A-Za-z0-9_])/TOR_HIBERNATE_H/g;
s/(?<![A-Za-z0-9_])_TOR_MAIN_H(?![A-Za-z0-9_])/TOR_MAIN_H/g;
s/(?<![A-Za-z0-9_])_TOR_MICRODESC_H(?![A-Za-z0-9_])/TOR_MICRODESC_H/g;
s/(?<![A-Za-z0-9_])_TOR_NETWORKSTATUS_H(?![A-Za-z0-9_])/TOR_NETWORKSTATUS_H/g;
s/(?<![A-Za-z0-9_])_TOR_NODELIST_H(?![A-Za-z0-9_])/TOR_NODELIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_NTMAIN_H(?![A-Za-z0-9_])/TOR_NTMAIN_H/g;
s/(?<![A-Za-z0-9_])_TOR_ONION_H(?![A-Za-z0-9_])/TOR_ONION_H/g;
s/(?<![A-Za-z0-9_])_TOR_OR_H(?![A-Za-z0-9_])/TOR_OR_H/g;
s/(?<![A-Za-z0-9_])_TOR_POLICIES_H(?![A-Za-z0-9_])/TOR_POLICIES_H/g;
s/(?<![A-Za-z0-9_])_TOR_REASONS_H(?![A-Za-z0-9_])/TOR_REASONS_H/g;
s/(?<![A-Za-z0-9_])_TOR_RELAY_H(?![A-Za-z0-9_])/TOR_RELAY_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDCLIENT_H(?![A-Za-z0-9_])/TOR_RENDCLIENT_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDCOMMON_H(?![A-Za-z0-9_])/TOR_RENDCOMMON_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDMID_H(?![A-Za-z0-9_])/TOR_RENDMID_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDSERVICE_H(?![A-Za-z0-9_])/TOR_RENDSERVICE_H/g;
s/(?<![A-Za-z0-9_])_TOR_REPHIST_H(?![A-Za-z0-9_])/TOR_REPHIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_REPLAYCACHE_H(?![A-Za-z0-9_])/TOR_REPLAYCACHE_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTER_H(?![A-Za-z0-9_])/TOR_ROUTER_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTERLIST_H(?![A-Za-z0-9_])/TOR_ROUTERLIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTERPARSE_H(?![A-Za-z0-9_])/TOR_ROUTERPARSE_H/g;
s/(?<![A-Za-z0-9_])TOR_ROUTERSET_H(?![A-Za-z0-9_])/TOR_ROUTERSET_H/g;
s/(?<![A-Za-z0-9_])TOR_STATEFILE_H(?![A-Za-z0-9_])/TOR_STATEFILE_H/g;
s/(?<![A-Za-z0-9_])_TOR_STATUS_H(?![A-Za-z0-9_])/TOR_STATUS_H/g;
s/(?<![A-Za-z0-9_])TOR_TRANSPORTS_H(?![A-Za-z0-9_])/TOR_TRANSPORTS_H/g;
s/(?<![A-Za-z0-9_])_TOR_TEST_H(?![A-Za-z0-9_])/TOR_TEST_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_NATPMP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_NATPMP_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_UPNP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_UPNP_H/g;
==============================
2012-10-12 12:13:10 -04:00
Nick Mathewson
8586611718 Make tor_addr_is_internal log the calling function on error
This might make it a little easier to track down bug  7086.
2012-10-12 11:34:54 -04:00
Nick Mathewson
63f542a5c2 Move all externally maintained source files into src/ext
The rationale for treating these files differently is that we should
be checking upstream for changes as applicable, and merging changes
upstream as warranted.
2012-10-11 17:22:03 -04:00
Nick Mathewson
7ea904cbc0 Merge branch 'bug7011'
Conflicts:
	src/or/circuitbuild.c

The conflict was trivial, since no line of code actually changed in
both branches: There was a fmt_addr() that turned into fmt_addrport()
in bug7011, and a "if (!n_conn)" that turned into "if (!n_chan)" in
master.
2012-10-10 22:31:06 -04:00
David Fifield
78e2d8c7a8 Add fmt_addrport.
This function formats an addr:port pair, and always decorates IPv6
addresses.
2012-10-10 22:25:30 -04:00
Andrea Shepard
5543c5b202
Fix formatting in various places after 6465/6816 work 2012-10-10 00:48:36 -07:00
Andrea Shepard
f06880c855 Add LD_CHANNEL log domain in log.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
838743654c Add channel.c/channel.h for bug 6465
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 90 commits:

Add channel.c/channel.h for bug 6465
Fix make check-spaces in new channel.c/channel.h
Make sure new channel.h is in nodist_HEADERS and Makefile.nmake is up to date too
Add channel_state_t and state utility functions
Add channel_change_state()
Better comments in channel.h
Add CHANNEL_STATE_LISTENING for channel_t
Fix wide line in channel.c
Add structures/prototypes for incoming cell handling
Implement channel_queue_cell() and channel_queue_var_cell()
Implement channel_process_cells()
Fix asserts in channel_queue_cell() and channel_queue_var_cell()
Add descriptive comments for channel_queue_cell() and channel_queue_var_cell()
Implement channel cell handler getters/setters
Queue outgoing writes when not in writeable state
Drain queues and test assertions when changing channel_t state
Add log_debug() messages for channel_t stuff
Add log_debug() messages for channel_t stuff
Add some channel_t metadata
Add time_t client_used to channel_t
Add channel_touched_by_client()
Declare a few channel_t metadata queries we'll have to implement later for use by circuitbuild.c
Add next_circ_id/circ_id_type to channel_t for use by circuitbuild.c
Count n_circuits in channel_t
Channel timestamp calls
Add create timestamp for channel.h
Declare some new metadata queries on channel_t
Add get_real_remote_descr() prototype
Move active_circuits stuff to channel_t, some other or.h and channel.h changes
Make channel_t refcounted and use global lists of active channels
Update channel_request_close() and channel_change_state() for channel_t registration mechanism
Handle closing channels sensibly
Add global_identifier for channels, channel_init() internal use function
Add timestamp_last_added_nonpadding to channel_t
Better comments in channel_init()
Correctly handle next_circ_id in channel_init()
Correctly handle next_circ_id in channel_init() and even compile this time
Appease make check-spaces
Update timestamps when writing cells to channel_t
Add channel_flush_some_cells() to call channel_flush_from_first_active_circuit()
Add registered channel lookup functions
Get rid of client_used in or_connection_t; it's in channel_t now
Get rid of circ_id_type in or_connection_t; implement channel_set_circ_id_type()
Eliminate is_bad_for_new_circs in or_connection_t; implement getter/setter for it in channel_t
Eliminate next_circ_id in or_connection_t in favor of channel_t
Handle packed cells in channel_t for relay.c
Add channel_identity_map and related functions
Handle add/remove from channel identity map on state transitions
Implement channel_is_local() and channel_mark_local()
Implement channel_is_client() and channel_mark_client()
Implement channel_is_outgoing() and channel_mark_outgoing()
Eliminate declaration for redundant channel_nonopen_was_started_here()
Add channel timestamps
Add channel timestamps, fix some make-check-spaces complaints
Remove redundant channel_was_started_here() function and initiated_remotely bit
Rename channel_get_remote_descr()/channel_get_real_remote_descr() to something clearer in channel.h
Replace channel_get_write_queue_len() with sufficient and easier to implement channel_has_queued_writes() in channel.h
Change return type of channel_is_bad_for_new_circs() to int for consistency
Implement channel_has_queued_writes()
Rename channel_touched_by_client() and client_used field for consistency with other timestamps in channel.{c,h}
Implement channel_get_actual_remote_descr() and channel_get_canonical_remote_descr() in channel.{c,h}
Implement channel_matches_extend_info() in channel.{c,h}
Implement channel_get_for_extend() and channel_is_better() in channel.{c,h}
Make channel_is_better() public in channel.{c,h}
Implement channel_matches_target_addr_for_extend() in channel.{c,h}
Implement channel_is_canonical_is_reliable() in channel.{c,h}
Demoronize get_remote_descr() method prototype - what the hell was I thinking there?
Timestamp channels in the right places in channel.c
Add missing tor_assert() in channel.c
Check if the lower layer accepted a cell in channel_write_cell() et al. of channel.c
Implement channel_flush_cells() in channel.c (w00t, it builds at last)
Call channel_timestamp_drained() at the right places in channel.c
Implement channel_run_cleanup()
Support optional channel_get_remote_addr() method and use it for GeoIP in channel_do_open_actions()
Get rid of channel refcounting; it'll be too complicated to handle it properly with all the pointers from circuits to channels, and closing from channel_run_cleanup() will work okay just like with connections
Doxygenate channel.c
Appease make check-spaces in channel.c
Fix superfluous semicolons in channel.c
Add/remove channels from identity digest map in all the right places in channel.c
The cell queues on channel_t must be empty when going to a CLOSED or ERROR state
Appease make check-spaces in channel.c
Add channel_clear/set_identity_digest() and some better logging to channel.{c,h}
Fix better logging to channel.c
Avoid SIGSEGV testing for queue emptiness in channel_flush_some_cells_from_outgoing_queue()
Remove TODO about checking cell queue in channel_free(); no need for it
Appease make check-spaces in channel.c
Add channel_free_all() and support functions
Check nullness of active_circuit_pqueue in channel_free()
Fix SMARTLIST_FOREACH_END usage in channel_process_cells()
Rearrange channel_t struct to use a union distinguishing listener from cell-bearing channels in channel.{c,h}
2012-10-08 03:03:58 -07:00
Nick Mathewson
751b3aabb5 Merge remote-tracking branch 'public/openssl_1_is_best' 2012-10-04 12:50:41 -04:00
Nick Mathewson
cf182efe0d Fix comment in crypto.h; bug 6830 2012-09-21 21:55:06 -04:00
Robert Ransom
1e5cd1c7d6 Fix comment typo in tor_memeq 2012-09-17 11:13:09 -04:00
Robert Ransom
cd884c764b Fix documentation for crypto_pk_cmp_keys
Now that crypto_pk_cmp_keys might return the result of tor_memcmp, there
is no guarantee that it will only return -1, 0, or 1.  (It currently does
only return -1, 0, or 1, but that's a lucky accident due to details of the
current implementation of tor_memcmp and the particular input given to it.)

Fortunately, none of crypto_pk_cmp_keys's callers rely on this behaviour,
so changing its documentation is sufficient.
2012-09-17 11:02:53 -04:00
Robert Ransom
62babcaf0a Implement and use crypto_pk_eq_keys 2012-09-17 11:02:53 -04:00
Robert Ransom
f3916a6855 Make crypto_pk_cmp_keys do something sane for NULL keys
Fixes bug 4283; bugfix on r76
(Git commit 01aadefbfc).
2012-09-17 11:02:52 -04:00
Nick Mathewson
c3f526ed64 Merge branch '6044_nm_squashed' 2012-09-17 10:03:11 -04:00
meejah
d64bf286a1 Handle FIFOs in read_file_to_str
add read_file_to_str_until_eof which is used by read_file_to_str
if the file happens to be a FIFO.

change file_status() to return FN_FILE if st_mode matches S_IFIFO
(on not-windows) so that init_key_from_file() will read from a FIFO.
2012-09-17 10:02:24 -04:00
Nick Mathewson
523b0ec288 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-14 12:40:23 -04:00
Nick Mathewson
b1447a4312 Use file-size-fixup code on cygwin too.
We already had code on windows to fix our file sizes when we're
reading a file in text mode and its size doesn't match the size from
fstat.  But that code was only enabled when _WIN32 was defined, and
Cygwin defines __CYGWIN__ instead.

Fixes bug 6844; bugfix on 0.1.2.7-alpha.
2012-09-14 12:39:18 -04:00
Nick Mathewson
e4ce8cd969 Fix compilation with older gccs
They don't like to have #preprocessor directives inside macro arguments.

Fixes #6842; fix on 0.2.4.2-alpha.

Found by grarpamp.
2012-09-14 10:06:00 -04:00
Nick Mathewson
37953497d8 Don't compute ((uint64_t)1)<<64 in round_to_power_of_2
This would be undefined behavior if it happened. (It can't actually
happen as we're using round_to_power_of_2, since we would have to
be trying to allocate exabytes of data.)

While we're at it, fix the behavior of round_to_power_of_2(0),
and document the function better.

Fix for bug 6831.
2012-09-14 09:51:24 -04:00
Nick Mathewson
be68c1fb43 Log a notice if we're running with OpenSSL before 1.0.0.
These versions have some dubious, slow crypto implementations; 1.0.0
is a great improvement, and at this point is pretty mature.
2012-09-12 19:32:24 -04:00
Nick Mathewson
feabf4148f Drop support for openssl 0.9.7
097 hasn't seen a new version since 2007; we can drop support too.

This lets us remove our built-in sha256 implementation, and some
checks for old bugs.
2012-09-12 19:25:58 -04:00
Roger Dingledine
5977da6c60 hot: we fixed incancations to be intancations. 2012-09-12 02:51:33 -04:00
Nick Mathewson
75c9ccd4f8 Merge remote-tracking branch 'public/bug6538'
Conflicts:
	configure.ac
2012-09-11 17:51:36 -04:00
Nick Mathewson
f8a665c87d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-11 13:21:20 -04:00
Nick Mathewson
5833861f62 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/test/test_util.c
2012-09-11 13:20:15 -04:00
Nick Mathewson
973c18bf0e Fix assertion failure in tor_timegm.
Fixes bug 6811.
2012-09-11 13:13:07 -04:00
Nick Mathewson
7ff5c3f232 Downgrade "EVP ctr128 is ok" message to info
Part of 6736 effort to try to make startup quieter.
2012-09-10 10:38:22 -04:00
Nick Mathewson
1ca9e2685f Merge branch 'quiet_lib_versions_squashed' 2012-09-06 11:32:09 -04:00
Nick Mathewson
7607ad2bec Detect openssl header version doesn't match runtime version
We already do this for libevent; let's do it for openssl too.

For now, I'm making it always a warn, since this has caused some
problems in the past.  Later, we can see about making it less severe.
2012-09-06 11:31:30 -04:00
Nick Mathewson
e3a130a7eb Don't log about Libevent/OpenSSL initialization when all's well
OTOH, log the Libevent and OpenSSL versions on the first line when
we're starting Tor.
2012-09-06 11:31:22 -04:00
Nick Mathewson
ad1e8b45df Merge branch 'bug6778' 2012-09-06 11:05:16 -04:00
Nick Mathewson
e9684405ac Merge remote-tracking branch 'asn/bug4567_rebased' 2012-09-06 10:12:28 -04:00
Nick Mathewson
d2d7cab5b8 Merge remote-tracking branch 'asn/bug6779' 2012-09-06 10:12:15 -04:00
George Kadianakis
93c38b679f Log more information when we fail to terminate a process. 2012-09-06 17:03:11 +03:00
Nick Mathewson
5d162d5a7b Fix a dependency: sha256.c influences crypto.o, not crypto.c 2012-09-06 10:03:06 -04:00
Nick Mathewson
91fed2c703 Fix a build-warning when building out-of-tree
We were trying to incorporate all headers in common_sha1.i, not just
the src/common ones.

This is part of bug 6778; fix on 0.2.4.1-alpha
2012-09-06 09:56:48 -04:00
Linus Nordberg
0770e4ccdb Whitespace fixes. 2012-09-05 19:40:15 +02:00
George Kadianakis
b9551fd074 Fix some bugs that did not allow compilation on Windows. 2012-09-05 18:23:29 +03:00
George Kadianakis
44fe717524 General tweaks and fixes for Nick's comments.
* Add changes/ files.
* Edit the tor-fw-helper manpage.
* Fix check-spaces.
* Add prototype for get_list_of_ports_to_forward().
* Fix tor_parse_long() TCP port range.
* Improve doc. of tor_check_port_forwarding().
* Check for overflows in tor_check_port_forwarding().
* Demote successful port forwarding to LOG_INFO.

Conflicts:
	src/common/address.c
	src/or/circuitbuild.c
2012-09-05 18:23:28 +03:00
George Kadianakis
cd05f35d2c Refactor tor to support the new tor-fw-helper protocol.
Add handle_fw_helper_output(), a function responsible for parsing the
output of tor-fw-helper. Refactor tor_check_port_forwarding() and
run_scheduled_events() accordingly too.

We now issue warnings when we get control output from tor-fw-helper,
and we log the verbose output of tor-fw-helper in LOG_INFO.

Conflicts:
	src/common/util.c
2012-09-05 18:04:34 +03:00
George Kadianakis
03e89f0b72 Introduce get_lines_from_handle().
get_lines_from_handle() is a multiplatform function which drains lines
from a stream and stuffs it into a smartlist. It's useful for
line-based protocols, like the one managed proxy and the tor-fw-helper
protocols.
2012-09-05 18:02:27 +03:00
Nick Mathewson
ec94d0307e Merge remote-tracking branch 'linus/bug6363_only-ln' 2012-09-04 18:23:18 -04:00
Linus Nordberg
730dd9a6d0 Remove trailing semicolon from #define TOR_ADDR_NULL.
Can it ever help? I can only see harm. What am I missing?
2012-09-04 13:05:23 -04:00
Linus Nordberg
585ef06978 Add tor_addr_port_new(). 2012-09-04 12:03:42 -04:00
Nick Mathewson
485b4b7eee Rename configure.in to configure.ac
This is the preferred filename to use with Autoconf 2.50 and later.
2012-09-04 11:12:00 -04:00
Nick Mathewson
ef628649c8 Spelling fix in util.c comments 2012-08-27 16:44:54 -04:00
Nick Mathewson
7795f42e4b Merge branch 'bug6524_nm' 2012-08-27 10:33:24 -04:00
Jim Meyering
90d1c85757 build: minimal adjustments to make out-of-tree build work 2012-08-27 10:00:22 -04:00
Nick Mathewson
6d703f8db5 Make the _sha1.i file generation quieter 2012-08-23 13:14:41 -04:00
Nick Mathewson
851197f11d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 14:04:28 -04:00
Nick Mathewson
4c8fcba86c Fix more warnings from openbsd_malloc
Apparently, (void)writev is not enough to suppress the "you are
ignoring the return value!" warnings on Linux.  Instead, remove the
whole warning/error logic when compiling openbsd_malloc for Tor: we
can't use it.
2012-08-17 13:49:52 -04:00
Nick Mathewson
6a33c33a12 Fix warnings and 64-bit problems in openbsd-malloc code
The warning fixes are:
  - Only define issetugid if it's missing.
  - Explicitly ignore the return value of writev.
  - Explicitly cast the retval of readlink() to int.

The 64-bit problems are related to just storing a size_t in an int. Not cool!  Use a size_t instead.

Fix for bug 6379. Bugfix on 0.2.0.20-rc, which introduced openbsd-malloc.
2012-08-15 19:26:53 -04:00
Nick Mathewson
f45cde05f9 Remove tor_malloc_roundup().
This function never actually did us any good, and it added a little
complexity.  See the changes file for more info.
2012-08-13 13:27:32 -04:00
Nick Mathewson
e106812a77 Change smartlist_choose_node_by_bandwidth to avoid double
This should make our preferred solution to #6538 easier to
implement, avoid a bunch of potential nastiness with excessive
int-vs-double math, and generally make the code there a little less
scary.

"But wait!" you say.  "Is it really safe to do this? Won't the
results come out differently?"

Yes, but not much.  We now round every weighted bandwidth to the
nearest byte before computing on it.  This will make every node that
had a fractional part of its weighted bandwidth before either
slighty more likely or slightly less likely.  Further, the rand_bw
value was only ever set with integer precision, so it can't
accurately sample routers with tiny fractional bandwidth values
anyway.  Finally, doing repeated double-vs-uint64 comparisons is
just plain sad; it will involve an implicit cast to double, which is
never a fun thing.
2012-08-09 12:21:37 -04:00
Stewart Smith
2606c8b289 Fix up make distcheck and greatly simplify docs dependencies (although it's still a bit odd) 2012-08-09 11:03:48 -04:00
Stewart Smith
7bb04f111a fix dependencies for some generated files 2012-08-09 11:03:47 -04:00
Stewart Smith
2a4a149624 Move to non-recursive make
This gives us a few benefits:
1) make -j clean all
   this will start working, as it should. It currently doesn't.
2) increased parallel build
   recursive make will max out at number of files in a directory,
   non-recursive make doesn't have such a limitation
3) Removal of duplicate information in make files,
   less error prone

I've also slightly updated how we call AM_INIT_AUTOMAKE, as the way
that was used was not only deprecated but will be *removed* in the next
major automake release (1.13).... so probably best that we can continue
to bulid tor without requiring old automake.
(see http://www.gnu.org/software/automake/manual/html_node/Public-Macros.html )

For more reasons  why, see resources such as:
http://miller.emu.id.au/pmiller/books/rmch/
2012-08-09 11:03:47 -04:00
Nick Mathewson
f8c9cc713d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-18 10:14:40 -04:00
Nick Mathewson
78dec94307 Tweaks to 6400 changes file and docs as suggested by arma 2012-07-18 10:12:19 -04:00
Nick Mathewson
7faf115dff Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/END
The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when
you have a nice short loop body, but using it for long bodies makes
your preprocessor tell the compiler that all the code is on the same
line.  That causes grief, since compiler warnings and debugger lines
will all refer to that one line.

So, here's a new style rule: SMARTLIST_FOREACH blocks need to be
short.
2012-07-17 10:34:08 -04:00
Nick Mathewson
7e1a0bb24e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-06 08:03:16 -04:00
George Kadianakis
62c1311b3a Fix port range in parse_port_range(). 2012-07-06 08:02:14 -04:00
Nick Mathewson
7e8d7a017e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-05 05:08:54 -04:00
Nick Mathewson
e9b33ed1bf On windows, ENOBUFS starts with WSA. #6296. Fix on 0.2.18-rc 2012-07-05 05:01:00 -04:00
Nick Mathewson
da3edc4df0 Fix clang warning on d4285f03df. Not in any released tor. 2012-06-29 00:22:57 -04:00
Nick Mathewson
19a81ef020 Merge commit '81cd3d7ad641a8dbf' 2012-06-28 15:52:57 -04:00
Roger Dingledine
81cd3d7ad6 add a blurb for 0.2.3.18-rc, other minor cleanups 2012-06-28 15:32:36 -04:00
Nick Mathewson
d4285f03df Extend tor_sscanf so it can replace sscanf in rephist.c
Fixes bug 4195 and Coverity CID 448
2012-06-28 09:54:05 -04:00
Nick Mathewson
05dd0a9cd9 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 11:03:32 -04:00
Nick Mathewson
5fad3dc36b Fix a warning when using glibc's strcspn with clang.
With glibc 2.15 and clang 3.0, I get warnings from where we use the
strcpsn implementation in the header as strcspn(string, "=").  This
is apparently because clang sees that part of the strcspn macro
expands to "="[2], and doesn't realize that that part of the macro
is only evaluated when "="[1] != 0.
2012-06-26 11:02:44 -04:00
Nick Mathewson
201b852c27 Fix a compilation warning with clang 3.0
In b1ad1a1d02 we introduced an implicit (but safe)
long-to-int shortening that clang didn't like.

Warning not in any released version of Tor.
2012-06-26 10:48:31 -04:00
Nick Mathewson
888d5d08fe Merge remote-tracking branch 'public/bug2385' 2012-06-25 12:05:36 -04:00
Nick Mathewson
ffd7189b3f Don't assert in get_string_from_pipe() on len==0
We can treat this case as an EAGAIN (probably because of an
unexpected internal NUL) rather than a crash-worthy problem.

Fixes bug 6225, again.  Bug not in any released version of Tor.
2012-06-23 15:35:43 -04:00
Nick Mathewson
b1ad1a1d02 Resolve crash caused by format_helper_exit_status changes in #5557
Because the string output was no longer equal in length to
HEX_ERRNO_SIZE, the write() call would add some extra spaces and
maybe a NUL, and the NUL would trigger an assert in
get_string_from_pipe.

Fixes bug 6225; bug not in any released version of Tor.
2012-06-23 15:32:04 -04:00
Nick Mathewson
4a7e4129af Style tweaks and add a warning about NUL-termination 2012-06-22 22:21:20 -04:00
Andrea Shepard
c21af69f29 Refactor unsigned int hex formatting out of format_helper_exit_status() in util.c 2012-06-22 22:21:20 -04:00
Andrea Shepard
4c62cc6f99 Make format_helper_exit_status() avoid unnecessary spaces 2012-06-22 22:21:19 -04:00
Nick Mathewson
4a8eaad7ef Clear a couple more fields in rend_service_load_auth_keys 2012-06-18 13:13:53 -04:00
Nick Mathewson
97555f4537 fix a compiler warning added in one of my XXX023 fixes. 2012-06-15 16:43:59 -04:00
Nick Mathewson
30c4653780 Whitespace fix 2012-06-15 16:12:24 -04:00
Nick Mathewson
e62104a7d2 Move tor_gettimeofday_cached() into compat_libevent 2012-06-15 15:07:53 -04:00
Nick Mathewson
1755f792ed Refactor GETINFO process/descriptor-limit
Previously it duplicated some getrlimit code and content from compat.c;
now it doesn't.
2012-06-15 15:07:53 -04:00
Nick Mathewson
2491fff5a6 Triage the XXX023 and XXX022 comments: postpone many. 2012-06-15 15:07:52 -04:00
Nick Mathewson
37ef4f1689 Change smartlist_create->smartlist_new in bug4744 branch as merged to master 2012-06-13 12:16:02 -04:00
Nick Mathewson
aa1fc73e33 Merge branch 'bug4744_squashed' 2012-06-13 12:09:13 -04:00
Nick Mathewson
df6bd478ee Implement the client side of proposal 198
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff).  This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.

As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
2012-06-13 12:06:28 -04:00
Sebastian Hahn
9dd4e5a9b0 Fix another clang compile warning
We forgot this when we fixed 5969.
2012-06-13 16:51:56 +02:00
Nick Mathewson
667a12b471 Merge remote-tracking branch 'public/bug4592' 2012-06-11 10:34:48 -04:00
Nick Mathewson
a6180b7f29 Merge branch 'bug6097' 2012-06-11 10:14:01 -04:00
Roger Dingledine
167f6f1e96 typo noticed by "_raptor" 2012-06-07 15:35:19 -04:00
Nick Mathewson
bf9252587b Fix mingw build with -DUNICODE -D_UNICODE
This is a very blunt fix, and mostly just turns some func() calls
into FuncA() to make things build again.  Fixes bug 6097.
2012-06-07 11:59:32 -04:00
Nick Mathewson
1e5683b167 Be more careful calling wcstombs
The function is not guaranteed to NUL-terminate its output.  It
*is*, however, guaranteed not to generate more than two bytes per
multibyte character (plus terminating nul), so the general approach
I'm taking is to try to allocate enough space, AND to manually add a
NUL at the end of each buffer just in case I screwed up the "enough
space" thing.

Fixes bug 5909.
2012-06-07 11:09:38 -04:00
Nick Mathewson
d09a3ecd01 Merge remote-tracking branch 'public/getfilesize_64'
Conflicts:
	src/common/compat.c

The getfilesize change conflicted with the removal of file_handle
from the windows tor_mmap_t.
2012-06-05 11:10:42 -04:00
Nick Mathewson
b482c870ca Fix some mingw build warnings
These include:
   - Having a weird in_addr that can't be initialized with {0}
   - Needing INVALID_HANDLE_VALUE instead of -1 for file handles.
   - Having a weird dependent definition for struct stat.
   - pid is signed, not unsigned.
2012-06-05 11:06:26 -04:00
Nick Mathewson
7f45ea5c41 Merge remote-tracking branch 'public/bug3894' 2012-06-05 10:31:00 -04:00
Nick Mathewson
20d6f787aa Fix "make check-spaces" issues 2012-06-05 00:49:18 -04:00
Nick Mathewson
913067f788 Resolve about 24 DOCDOCs 2012-06-05 00:17:54 -04:00
Nick Mathewson
064e7c19c6 Missing copyright/license statement for procmon.c 2012-06-04 21:02:13 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
361260ff8f Resolve some markup complaints from doxygen 2012-06-04 19:56:33 -04:00
Nick Mathewson
f68c042637 Resolve all currently pending DOCDOC items in master 2012-06-04 19:05:51 -04:00
Nick Mathewson
329e1c65d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-04 11:36:33 -04:00
Nick Mathewson
6d85a79653 Merge remote-tracking branch 'public/bug6033' into maint-0.2.2 2012-06-04 11:33:27 -04:00
Nick Mathewson
841a8d551a Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version.  This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.

As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.

Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side.  But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not.  That could be important to keep the network running
well.

Fixes bug 6033.
2012-06-02 20:09:05 -04:00
Nick Mathewson
dff73d26f3 Merge remote-tracking branch 'public/bug5089'
Conflicts:
	src/test/test_util.c

Merge the unit tests; I added some when I did this branch against
0.2.2, and then the test format changed and master added more tests.
2012-05-31 16:21:54 -04:00
Nick Mathewson
0e207f9acb Merge remote-tracking branch 'public/close_file_mapping'
Conflicts:
	src/common/compat.h

Conflict was between replacement of MS_WINDOWS with _WIN32 in
master, and with removal of file_handle from tor_mmap_t struct in
close_file_mapping branch (for bug 5951 fix).
2012-05-31 12:38:11 -04:00
Nick Mathewson
2e58882b90 reindent CreateFile arguments. 2012-05-31 12:36:54 -04:00
Nick Mathewson
f1aae1236f Merge remote-tracking branch 'linus/bug5355_ln' 2012-05-31 12:33:16 -04:00
Nick Mathewson
ffc21b653f Merge remote-tracking branch 'origin/maint-0.2.2'
(For bug 5969 fix)
2012-05-31 00:07:52 -04:00
Nick Mathewson
3a9351b57e Fix more clang format-nonliteral warnings (bug 5969) 2012-05-30 23:59:49 -04:00
Nick Mathewson
e284894672 Add __attribute__(format)s for our varargs printf/scanf wrappers
It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments.  This is the
correct behavior for vsnprintf, vasprintf, and vscanf.

I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
2012-05-30 12:14:38 -04:00
Sebastian Hahn
a5a8296892 Fix clang 3.1 compile warning in crypto.c
(Tweaked by nickm)
2012-05-30 11:56:43 -04:00
Linus Nordberg
f998590e5b Don't stomp on errno. 2012-05-29 15:38:03 +02:00
Nick Mathewson
254504fc14 Have get_parent_directory() handle "/foo" and "/" correctly.
The parent of "/foo" is "/"; and "/" is its own parent.

This would cause Tor to fail if you tried to have a PF_UNIX control
socket in the root directory.  That would be a stupid thing to do
for other reasons, but there's no reason to fail like _this_.

Bug found by Esteban Manchado Velázquez. Fix for bug 5089; bugfix on
Tor 0.2.2.26-beta.  Unit test included.
2012-05-24 12:56:31 -04:00
Nick Mathewson
e7d34935fb Use GetFileSize correctly on win32
(Use its second parameter to find the high 32 bits of the file size;
check its return value for error conditions.)
2012-05-24 10:31:11 -04:00
Nick Mathewson
ab1b81e838 Close the windows file handle after CreateFileMapping; it isn't needed
I did the changes file; the rest came pseudonymously
2012-05-23 12:39:05 -04:00
Nick Mathewson
f35271bf3e Fix some more FreeBSD4 issues (based on a patch from grarpamp)
Apparently, freebsd 4 doesn't like malloc.h, needs sys/param.h for
MIN/MAX, and doesn't have a SIZE_MAX.

For bug 3894.
2012-05-16 14:34:17 -04:00
Nick Mathewson
d732b87e60 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-16 12:20:56 -04:00
Sebastian Hahn
679aa93e23 Fix month check in parse_http_time, add test 2012-05-16 12:15:13 -04:00
Nick Mathewson
801923ac21 Remove more dubiosity in struct tm handling. related to bug5346 2012-05-16 12:15:08 -04:00
Nick Mathewson
1abe533b33 Reject an additional type of bad date in parse_http_time 2012-05-16 12:14:48 -04:00
Esteban Manchado Velázquez
d0d9c3d71e Fix parse_http_time and add tests
* It seems parse_http_time wasn't parsing correctly any date with commas (RFCs
  1123 and 850). Fix that.
* It seems parse_http_time was reporting the wrong month (they start at 0, not
  1). Fix that.
* Add some tests for parse_http_time, covering all three formats.
2012-05-16 12:14:48 -04:00
Nick Mathewson
a925fc9189 Merge remote-tracking branch 'public/bug2822' 2012-05-16 11:10:09 -04:00
Nick Mathewson
89c1689009 Change our ciphersuite list to match ff8 2012-05-15 15:25:54 -04:00
Nick Mathewson
e3243ad5f6 Treat SW_SERVER_HELLO_B as another sign of an SSL handshake
We've been only treating SW_SERVER_HELLO_A as meaning that an SSL
handshake was happening.  But that's not right: if the initial
attempt to write a ServerHello fails, we would get a callback in
state SW_SERVER_HELLO_B instead.

(That's "instead" and not "in addition": any failed attempt to write
the hello will fail and cause the info callback not to get written.)

Fix for bug 4592; bugfix on 0.2.0.13-alpha.
2012-05-15 11:15:43 -04:00
Nick Mathewson
21e3261914 Bump _WIN32_WINNT to 0x0501 throughout the code
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.

See bug #5861.  We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49 Remove all instances of WIN32_WINNT (without leading _)
We started adding it in 59e2c77824 back in 2004, 8 years and 3
days ago.  It's time to deprogram ourselves from this cargo cult.
2012-05-14 13:36:52 -04:00
Nick Mathewson
7134be0637 MSVC build issue: add magic to make openssl headers in aes.c work 2012-05-14 13:04:13 -04:00
Nick Mathewson
02d206a58b Be a good git person: store nmakefiles in correct text fmt 2012-05-14 13:01:05 -04:00
Nick Mathewson
b6028b9e8b Fix win32 compilation of 31eb73f88e 2012-05-14 12:08:05 -04:00
Nick Mathewson
a2f0e7a65b Cut down on the OS information we give.
For uname-based detection, we now give only the OS name (e.g.,
"Darwin", "Linux".)  For Windows, we give only the Operating System
name as inferred from dw(Major|Minor)version, (e.g., "Windows XP",
"Windows 7"), and whether the VER_NT_SERVER flag is set.

For ticket 2988.
2012-05-11 17:52:53 -04:00
Nick Mathewson
e0655708a2 Merge remote-tracking branch 'asn/bug4865_take2' 2012-05-11 11:52:51 -04:00
Nick Mathewson
84ddc4b6aa Merge remote-tracking branch 'public/bug5091' 2012-05-11 11:45:40 -04:00
Nick Mathewson
62f8e3926d Merge remote-tracking branch 'public/bug4591' 2012-05-10 15:55:12 -04:00
Nick Mathewson
c78a42685f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/util.c
	src/test/test_util.c
2012-05-10 15:41:04 -04:00
Nick Mathewson
57ed459b0d Refactor new getcwd code
Make sure that the "path_length *= 2" statement can't overflow.

Move the "malloc and getcwd" loop into its own function.
2012-05-10 14:20:15 -04:00
Nick Mathewson
9b344628ed Handle out-of-range values in tor_parse_* integer functions
The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE.  If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.

Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
2012-05-07 12:25:59 -04:00
Roger Dingledine
c648f9751f fix quad typo in comments
i assume if nickm maintained "libeven" this would never have been
introduced. :)
2012-05-07 01:54:53 -04:00
Nick Mathewson
a1538d607d Fix bug 5762: detect missing accept4 that gives ENOSYS
We had been checking for EINVAL, but that means that SOCK_* isn't
supported, not that the syscall itself is missing.

Bugfix on 0.2.3.1-alpha, which started to use accept4.
2012-05-04 13:18:14 -04:00
Nick Mathewson
c03a233faa Remove __ from HAVE_EXTERN_ENVIRON_DECLARED__
I think that the trailing __ got added in false analogy to
HAVE_MACRO__func__, HAVE_MACRO__FUNC__, and HAVE_MACRO__FUNCTION__.
But those macros actually indicate the presence of __func__,
__FUNC__, and __FUNCTION__ respectively.  The __ at the end of
HAVE_EXTERN_ENVIRON_DECLARED would only be appropriate if the
environ were declared__, whatever that means.

(As a side-note, HAVE_MACRO__func__ and so on should probably be
renamed HAVE_MACRO___func__ and so on.  But that can wait.)

This is an identifier renaming only.
2012-04-30 12:52:16 -04:00
Nick Mathewson
f0212197cc Only disable cert chaining on the first TLS handshake
If the client uses a v2 cipherlist on the renegotiation handshake,
it looks as if they could fail to get a good cert chain from the
server, since they server would re-disable certificate chaining.

This patch makes it so the code that make the server side of the
first v2 handshake special can get called only once.

Fix for 4591; bugfix on 0.2.0.20-rc.
2012-04-27 12:13:56 -04:00
Nick Mathewson
9dddfe83f3 Several mingw/msvc/cross-compilation fixes
They boil down to:
 - MS_WINDOWS is dead and replaced with _WIN32, but we let a few
   instances creep in when we merged Esteban's tests.
 - Capitalizing windows header names confuses mingw.
 - #ifdef 0 ain't C.
 - One unit test wasn't compiled on windows, but was being listed
   anyway.
 - One unit test was checking for the wrong value.

Gisle Vanem found and fixed the latter 3 issues.
2012-04-26 18:36:25 -04:00
Nick Mathewson
6f5a74002a Merge remote-tracking branch 'public/bug5112' 2012-04-24 11:14:22 -04:00
Nick Mathewson
4db5a1e151 Remove needless check for a buffer that could not be NULL.
Fixes coverity CID 508: coverity scan doesn't like checking a
variable for non-NULL after it has been definitely dereferenced.

This should take us back down to zero coverity issues.
2012-04-18 10:38:39 -04:00
George Kadianakis
6d2898607b Fix issues found by nickm.
* Document fmt_addr_impl() and friends.
* Parenthesize macro arguments.
* Rename get_first_listener_addrport_for_pt() to
  get_first_listener_addrport_string().
* Handle port_cfg_t with no_listen.
* Handle failure of router_get_active_listener_port_by_type().
* Add an XXX to router_get_active_listener_port_by_type().
2012-04-12 22:42:37 +02:00
George Kadianakis
b80728a115 tor_vsscanf(): Don't return -1 if '%%' doesn't match.
tor_vsscanf() is supposed to return the current number of matches on
match failure.
2012-04-03 16:20:24 +02:00
George Kadianakis
da6e0993dc Generalize fmt_addr() to support IPv6 decorations. 2012-03-31 13:48:20 +02:00
nils
efb8a09f41 Fix tor_strtok_r_impl and test cases per bug #5091
==

Nick here. I tweaked this patch a little to make it apply cleanly to
master, to extract some common code into a function, and to replace
snprintf with tor_snprintf.

-- nickm
2012-03-30 11:01:21 -04:00