Commit Graph

22879 Commits

Author SHA1 Message Date
Nick Mathewson
038bc21f88 Merge remote-tracking branch 'tor-github/pr/346' into maint-0.3.3 2018-10-30 09:33:36 -04:00
Nick Mathewson
de55df0260 remove now-unused "use" statement. 2018-10-30 09:28:10 -04:00
Nick Mathewson
262b0fe7a0 Merge remote-tracking branch 'tor-github/pr/381' into maint-0.3.5 2018-10-30 08:39:57 -04:00
Nick Mathewson
632e040659 Try to restore a proper fix for bug27740 in 0.3.5.
(I messed up the merge in 289a7dbac32a981897e12a3c250f0b6c67eec809.)
2018-10-30 07:37:20 -04:00
Nick Mathewson
c4b6b57388 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-29 15:57:31 -04:00
Alex Crichton
8285784966 Only pass -C default-linker-libraries with sanitizers
This'll help retain test compatibility until 1.31.0 is released!
2018-10-29 10:00:23 -07:00
Nick Mathewson
e9ff3e7d4a Merge branch 'bug28202_033' into bug28202_035 2018-10-25 09:16:08 -04:00
Nick Mathewson
8013e3e8b6 Merge branch 'bug28202_029' into bug28202_033 2018-10-25 09:14:06 -04:00
Nick Mathewson
0878bb961f Fix two other cases of (buf + N > end) pattern
Related to fix for 28202.
2018-10-25 09:08:02 -04:00
Nick Mathewson
368413a321 Fix possible UB in an end-of-string check in get_next_token().
Remember, you can't check to see if there are N bytes left in a
buffer by doing (buf + N < end), since the buf + N computation might
take you off the end of the buffer and result in undefined behavior.

Fixes 28202; bugfix on 0.2.0.3-alpha.
2018-10-25 09:06:13 -04:00
David Goulet
b063ca0604 node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-24 10:30:26 -04:00
Nick Mathewson
6851a08090 Merge branch 'ticket28115_035' into maint-0.3.5 2018-10-24 10:20:41 -04:00
cypherpunks
bfab7b9d35 rust/tor_log: fix C_RUST_COUPLED documentation
This file was moved in 97b15a1d7c
and moved again in e7f5f48d68.
2018-10-24 09:02:04 -04:00
Nick Mathewson
fd6078b33a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-23 19:50:53 -04:00
Nick Mathewson
b2c52f5d6d Remove a now-unused rust "use". 2018-10-23 19:50:45 -04:00
Nick Mathewson
289a7dbac3 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-10-23 19:21:44 -04:00
Nick Mathewson
7edc594ee7 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-23 19:18:23 -04:00
Nick Mathewson
169bc670dd Merge remote-tracking branch 'onionk/rust-allsupportednull1' into maint-0.3.3 2018-10-23 19:17:48 -04:00
George Kadianakis
a614731144 Documentation: Move the hs_service_descriptor_t elements around.
Move the elements around to concentrate mutable and immutable elements
together. This commit changes no code, check with --color-moved.
2018-10-23 16:43:54 +03:00
George Kadianakis
df78fb2451 Documentation: Document which descriptor elements are (im)mutable. 2018-10-23 16:43:54 +03:00
George Kadianakis
29c194e022 Func rename: Make it clear that update_all_descriptors() does intro points.
With the new refresh_service_descriptor() function we had both
refresh_service_descriptor() and update_service_descriptor() which is basically
the same thing.

This commit renames update_service_descriptor() to
update_service_descriptor_intro_points() to make it clear it's not a generic
refresh and it's only about intro points.

Commit changes no code.
2018-10-23 16:43:54 +03:00
teor
939657771c
Treat backtrace test failures as expected on most BSD-derived systems
Treat backtrace test failures as expected on NetBSD, OpenBSD, and
macOS/Darwin, until we solve bug 17808.

(FreeBSD failures have been treated as expected since 18204 in 0.2.8.)

Fixes bug 27948; bugfix on 0.2.5.2-alpha.
2018-10-23 11:21:10 +10:00
David Goulet
81c466c34a hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-22 16:34:41 -04:00
Nick Mathewson
1ae9116601 Merge remote-tracking branch 'onionk/rust-protocommas1' into maint-0.3.5 2018-10-19 14:20:57 -04:00
Nick Mathewson
d1d66866b2 Rename a function; it is used to convert a value _From_ le.
We can't use htons()/ntohs() -- those are no-ops on exactly the
wrong platforms.
2018-10-19 08:42:28 -04:00
Nick Mathewson
f8a1dc64f9 Fix a misspelled macro test that was breaking big-endian OPE
Fixes bug 28115; bugfix on 0.3.5.1-alpha.
2018-10-19 08:41:25 -04:00
David Goulet
8b2e72106a test: Add test for closing intro circuits when storing a new descriptor
This is client side and related to 27471 for previous commit that fixes this
issue.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
9ba16c4d03 hs-v3: Close client intro circuits if the descriptor is replaced
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.

Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).

The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.

Closes #27471.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
56f713b8a4 hs-v3: Always generate the descriptor cookie
It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 11:46:07 -04:00
Nick Mathewson
d1eac7830f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-18 09:12:58 -04:00
Taylor Yu
7f6c0fce46 Merge branch 'bug27800-034' into bug27800-035 2018-10-17 16:00:11 -05:00
Taylor Yu
4e7f65ee5d Merge branch 'bug27800-033' into tor-034 2018-10-17 15:42:58 -05:00
Taylor Yu
93fd924bdb Log more info for duplicate ed25519 IDs
Occasionally, key pinning doesn't catch a relay that shares an ed25519
ID with another relay.  Log the identity fingerprints and the shared
ed25519 ID when this happens, instead of making a BUG() warning.

Fixes bug 27800; bugfix on 0.3.2.1-alpha.
2018-10-17 15:39:55 -05:00
Nick Mathewson
389bae0e8b Bump to 0.3.5.3-alpha-dev 2018-10-17 14:46:00 -04:00
Roger Dingledine
df78a2730c merge in some fixes i found in a sandbox 2018-10-17 13:56:41 -04:00
Nick Mathewson
b1891068f1 Merge branch 'maint-0.3.4' 2018-10-17 13:02:23 -04:00
David Goulet
2000d04cb6 conn: Stop writing when our write bandwidth limist is exhausted
Commit 488e2b00bf introduced an issue, most
likely introduced by a bad copy paste, that made us stop reading on the
connection if our write bandwidth limit was reached.

The problem is that because "read_blocked_on_bw" was never set, the connection
was never reenabled for reading.

This is most likely the cause of #27813 where bytes were accumulating in the
kernel TCP bufers because tor was not doing reads. Only relays with
RelayBandwidthRate would suffer from this but affecting all relays connecting
to them. And using that tor option is recommended and best practice so many
many relays have it enabled.

Fixes #28089.
2018-10-17 12:25:12 -04:00
Nick Mathewson
d70ca3554e Bump to 0.3.5.3-alpha 2018-10-17 09:26:32 -04:00
Nick Mathewson
34cd1fc523 Merge remote-tracking branch 'tor-github/pr/406' 2018-10-16 21:33:38 -04:00
Nick Mathewson
63c5e09a40 Merge remote-tracking branch 'tor-github/pr/408' 2018-10-16 19:10:05 -04:00
Nick Mathewson
e97adaf8dc Argh. The unset value for OwningControllerFD is NOT -1. 2018-10-16 17:57:04 -04:00
Nick Mathewson
56a3cef4d7 Merge branch 'bug27849_redux' 2018-10-16 17:33:58 -04:00
Nick Mathewson
698629f5a9 Merge remote-tracking branch 'tor-github/pr/404' 2018-10-16 17:29:50 -04:00
Nick Mathewson
8a0b741487 Add a tor_free() in tor_gencert to fix a coverity warning 2018-10-16 17:18:46 -04:00
Neel Chauhan
f93ee8e4c4 Fix typo in comment for hs_cell_parse_introduce2() 2018-10-16 10:59:42 -04:00
David Goulet
b5731cdf2e mainloop: Set client role if ControlPort is set
It turns out that if _only_ the ControlPort is set and nothing else, tor would
simply not bootstrap and thus not start properly. Commit 67a41b6306
removed that requirement for tor to be considered a "client".

Unfortunately, this made the mainloop enable basically nothing if only the
ControlPort is set in the torrc.

This commit now makes it that we also consider the ControlPort when deciding
if we are a Client or not. It does not revert 67a41b6306 meaning
options_any_client_port_set() stays the same, not looking at the control port.

Fixes #27849.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:11:49 -04:00
Nick Mathewson
b7fbd1f329 Merge branch 'maint-0.3.4' 2018-10-16 08:04:34 -04:00
David Goulet
38599de2dd test: Update approx_time before the test starts
This way we have the same time source when the IP is created and tested later.

Fixes #27810

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:03:55 -04:00
Nick Mathewson
8b3ec74e5f Merge remote-tracking branch 'public/bug27990' 2018-10-16 08:02:01 -04:00
Nick Mathewson
11161395af Merge branch 'maint-0.3.4' 2018-10-15 12:52:54 -04:00
Nick Mathewson
633e99575f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:52:54 -04:00
Nick Mathewson
6b2ef2c559 Fix another tor_assert(0) case 2018-10-15 12:52:48 -04:00
Nick Mathewson
feed41bed3 Merge branch 'maint-0.3.4' 2018-10-15 12:47:46 -04:00
Nick Mathewson
d1ec7bb06e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:47:46 -04:00
Nick Mathewson
86e0be421f Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 12:47:46 -04:00
Nick Mathewson
5b28190c67 Fix make check-spaces. 2018-10-15 12:47:19 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
3462f8ed64 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:48:35 -04:00
Nick Mathewson
796e36e535 Adjust tor_assert_unreached()
This version of the macro makes it obvious to the compiler that
"tor_assert_unreached()" will always abort().
2018-10-15 10:46:26 -04:00
Nick Mathewson
4983322cc7 Merge branch 'maint-0.3.4' 2018-10-15 10:37:53 -04:00
Nick Mathewson
fd528a0884 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:37:52 -04:00
Nick Mathewson
dff7d3d00a Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 10:37:49 -04:00
Nick Mathewson
b113399658 Merge branch 'bug27709_029' into maint-0.2.9 2018-10-15 10:34:39 -04:00
Nick Mathewson
5e582c7ffa Explain a bit more about branch prediction in the unit-test case 2018-10-15 10:16:34 -04:00
rl1987
89c4a3a0b6 Write a comment to explain may_need_rebind condition 2018-10-15 16:18:31 +03:00
rl1987
9bb00a74bc Refrain from listener rebinding when address families differ 2018-10-15 16:18:31 +03:00
Nick Mathewson
df2b46d18c Remove a double-newline and improve a comment 2018-10-14 15:33:39 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
6925b61cfd Fix various GCC LTO warnings in the unit tests. 2018-10-14 15:25:16 -04:00
Nick Mathewson
7c8f20ba44 In tor_tls_get_my_certs(), set cert ptrs even on failure
Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.

Fixes part of 27772.
2018-10-14 15:25:16 -04:00
Nick Mathewson
dddecee291 Initialize some locals in socks5 parsing code.
These confused GCC LTO, which thought they might be used
uninitialized.  I'm pretty sure that as long as 'res' indicates
success, they will always be set to something, but let's unconfuse
the compiler in any case.
2018-10-14 15:25:16 -04:00
Nick Mathewson
370d9922a4 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-10-14 15:25:16 -04:00
Nick Mathewson
965549aa07 Use assertions so GCC LTO doesn't worry about TLS channel conversion
Part of #27772
2018-10-14 15:25:16 -04:00
Nick Mathewson
67351f6724 Merge remote-tracking branch 'tor-github/pr/380' 2018-10-12 11:39:37 -04:00
Nick Mathewson
267b8d16b1 Add timeval.h include to compat_pthreads.c for timeradd()
OpenSolaris apparently doesn't have timeradd(), so we added a
replacement, but we weren't including it here after the big
refactoring in 0.3.5.1-alpha.

Fixes bug 27963; bugfix on 0.3.5.1-alpha.
2018-10-10 12:19:56 -04:00
Nick Mathewson
a23c36ebcd Merge branch 'maint-0.3.4' 2018-10-10 11:34:49 -04:00
Nick Mathewson
e5fe8b0e3a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-10 11:34:49 -04:00
Nick Mathewson
b057623bed Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-10 11:34:48 -04:00
Karsten Loesing
119df9c1c0 Update geoip and geoip6 to the October 9 2018 database. 2018-10-10 17:26:41 +02:00
Nick Mathewson
d3d6c59557 Add sys/time.h include back to procmon.c 2018-10-10 11:26:38 -04:00
Nick Mathewson
da86a70bd8 Merge remote-tracking branch 'tor-github/pr/384' 2018-10-10 09:24:48 -04:00
Nick Mathewson
7409aa58d1 Merge remote-tracking branch 'tor-github/pr/385' 2018-10-09 12:46:46 -04:00
Nick Mathewson
361eaa9931 Merge remote-tracking branch 'public/ticket27856' 2018-10-09 09:04:53 -04:00
Neel Chauhan
3cc089ce59 Add newline between hs_client_get_random_intro_from_edge() and hs_client_receive_introduce_ack() 2018-10-05 19:54:26 -04:00
rl1987
9d886185c1 Make sure we're removing conn from old_conns *once* 2018-10-03 15:51:59 +03:00
rl1987
2b146bdb9a Refrain from using SMARTLIST_DEL_CURRENT in retry_all_listeners 2018-10-03 15:31:49 +03:00
Alex Crichton
38d644c94b Remove rlib+staticlib configuration for Rust crates
Only the final crate needs to be a `staticlib`, no need for all the
intermediate steps to produce staticlibs!
2018-10-01 22:58:44 -07:00
Alex Crichton
757a2360a4 Remove [features] from workspace Cargo.toml
Unfortunately Cargo doesn't actually parse these! Cargo should probably
print a warning saying they're not used...
2018-10-01 22:57:38 -07:00
Alex Crichton
74c1e44746 Fix segfaults related to sanitizers+jemalloc
It looks to be the case that Rust's standard allocator, jemalloc, is
incompatible with sanitizers. The incompatibility, for whatever reason,
seems to cause segfaults at runtime when jemalloc is linked with
sanitizers.

Without actually trying to figure out what's going on here this commit
instead takes the hammer of "let's remove jemalloc when testing". The
`tor_allocate` crate now by default switches to the system allocator
(eventually this will want to be the tor allocator). Most crates then
link to `tor_allocate` ot pick this up, but the `smartlist` crate had to
manually switch to the system allocator in testing and the `external`
crate had to be sure to link to `tor_allocate`.

The final gotcha here is that this patch also switches to
unconditionally passing `--target` to Cargo. For weird and arcane
reasons passing `--target` with the host target of the compiler (which
Cargo otherwise uses as the default) is different than not passing
`--target` at all. This ensure that our custom `RUSTFLAGS` with
sanitizer options doesn't make its way into build scripts, just the
final testing artifacts.
2018-10-01 22:55:59 -07:00
Alex Crichton
6ebb2c46d5 Remove the link_rust.sh.in script
This is no longer necessary with upstream rust-lang/rust changes as well
as some local tweaks. Namely:

* The `-fsanitize=address`-style options are now passed via `-C
  link-args` through `RUSTFLAGS`. This obviates the need for the shell
  script.
* The `-C default-linker-libraries`, disabling `-nodefaultlibs`, is
  passed through `RUSTFLAGS`, which is necessary to ensure that
  `-fsanitize=address` links correctly.
* The `-C linker` option is passed to ensure we're using the same C
  compiler as normal C code, although it has a bit of hackery to only
  get the `gcc` out of `gcc -std=c99`
2018-10-01 22:50:08 -07:00
Nick Mathewson
43211c3a0c Merge remote-tracking branch 'public/bug27893' 2018-10-01 12:12:33 -05:00
Nick Mathewson
58299b2927 Merge remote-tracking branch 'public/bug27728' 2018-10-01 12:06:39 -05:00
Nick Mathewson
c4e29001c4 Fix a bug where we would crash on --version.
Bug not in any released Tor.

test-stem would have caught this.
2018-10-01 12:01:51 -05:00
Nick Mathewson
886dc8b0a5 Remove routerparse include from files that dont use it 2018-10-01 11:35:11 -05:00
Nick Mathewson
d199348664 Remove versions.h include from routerparse.h 2018-10-01 11:22:47 -05:00
Nick Mathewson
5f9839ee42 Remove unused headers from routerparse.c 2018-10-01 11:17:33 -05:00
Nick Mathewson
35db3f8162 Extract addr-policy parsing code. 2018-10-01 11:17:19 -05:00
Nick Mathewson
95e2eb9083 Move summarize_protover_flags to versions.c 2018-10-01 10:48:55 -05:00
Nick Mathewson
4201203845 extract networkstatus parsing to its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
cd23903427 Pull detached-signatures code into dirauth. 2018-10-01 10:46:00 -05:00
Nick Mathewson
2be35f4d61 Split microdescriptor parser into its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
aff5bf5464 Remove addr_policy_assert_ok() as unused 2018-10-01 00:09:00 -05:00
Nick Mathewson
3100831762 Remove dump_distinct_digest_count()
It was disabled-by-default for ages, and it no longer compiles. I
think it's safe to call it obsolete.
2018-10-01 00:09:00 -05:00
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
9e65e7a36f Merge branch 'split_stats' 2018-09-27 16:26:06 -04:00
Nick Mathewson
9e1a3be064 Prevent duplicate initialization of NSS DH module
Allowing this didn't do any actual harm, since there aren't any
shared structures or leakable objects here.  Still, it's bad style
and might cause trouble in the future.

Closes ticket 27856.
2018-09-27 13:26:47 -04:00
Nick Mathewson
d0b2b5a202 Always initialize the periodic events list.
Various places in our code try to activate these events or check
their status, so we should make sure they're initialized as early as
possible.  Fixes bug 27861; bugfix on 0.3.5.1-alpha.
2018-09-27 13:24:36 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
34402ece8c geoip: fix windows compilation 2018-09-27 11:02:58 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
cypherpunks
5e74db95c2 rust: run rustfmt 2018-09-24 18:00:56 +00:00
David Goulet
18085abfcc hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-24 12:49:00 -04:00
Nick Mathewson
9767cf8cc0 Merge branch 'bug26913_033' 2018-09-24 11:17:09 -04:00
Nick Mathewson
6c739c3fb2 Fix arm compilation with openssl <1.1
Bug 27781; bugfix on 0.3.5.1-alpha.
2018-09-24 11:11:29 -04:00
Nick Mathewson
f57d8722e0 Fix the 0.3.4 part of bug 27781 (arm compilation)
Because with arm on OpenSSL <1.1 we don't define USE_EVP_AES_CTR, we
need to include crypto_util.h here.
2018-09-24 11:08:27 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
cypherpunks
b91bc1babc rust/protover: remove redundant ExceedsMax checks
This is already checked elsewhere.
2018-09-24 14:30:43 +00:00
Nick Mathewson
ae0cb94b69 Initialize mainloop events earlier, since other stuff may run them.
Fixes a stem test failure; bugfix on c7ce6b9821. Bug
not in any released Tor.
2018-09-22 17:40:04 -04:00
Nick Mathewson
7d9bea6a77 But, actually move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:49:20 -04:00
Nick Mathewson
7eea45c5c4 Move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:46:17 -04:00
Nick Mathewson
08d934b3fe Missing include in ntmain.c 2018-09-21 16:32:14 -04:00
Nick Mathewson
169f238c23 Merge remote-tracking branch 'onionk/protover-rust1' 2018-09-21 16:28:32 -04:00
cypherpunks
5c0dd1aa90 move protover_rust.c to core/or/
Missed in 667a6e8fe9.
2018-09-21 20:14:53 +00:00
Nick Mathewson
63e08f56b8 Merge remote-tracking branch 'tor-github/pr/365' 2018-09-21 16:13:59 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
9b0a17a74f Merge branch 'maint-0.3.4' 2018-09-21 09:36:31 -04:00
Nick Mathewson
e818a71905 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-21 09:35:54 -04:00
Nick Mathewson
2cadd93cea Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-21 09:35:51 -04:00
Nick Mathewson
5b04392c15 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-21 09:35:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
Nick Mathewson
55122bfe04 Bump to 0.3.5.2-alpha-dev 2018-09-21 09:11:33 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
rl1987
d40b0e73c2 Check Python version in test_rebind.py 2018-09-21 10:57:41 +03:00
rl1987
81199eaf0e Remove misleading first line in test_rebind.py
test_rebind.py actually does not require Python 3.

Bugfix on 5a11670fcaad0a58de48425ba80510effbe35628; bug not in any
Tor release.
2018-09-21 10:57:41 +03:00
cypherpunks
42558df7c8 rust/protover: return C-allocated string in protover_all_supported()
The result of CString::into_raw() is not safe to free
with free() except under finicky and fragile circumstances
that we definitely don't meet right now.

This was missed in be583a34a3.
2018-09-21 05:16:22 +00:00
cypherpunks
db89b4b152 rust/protover: fix null deref in protover_all_supported()
Fortunately with the current callers it couldn't happen in practice.

Fix on d1820c1516.
2018-09-21 04:57:26 +00:00
Nick Mathewson
1a85ac8c2d Bump to 0.3.5.2-alpha 2018-09-20 16:36:07 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
1da9741bca Remove another needless typedef 2018-09-20 14:34:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
72e30f26ec Fix a pair of errors in bug23512 2018-09-20 14:18:09 -04:00
Nick Mathewson
4e2028152d Fix an NSS socket leak-on-error found by dgoulet 2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a Use the correct macro to detect an invalid socket in tortls_nss.c
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26 Release ownership of the dummy socket that tortls_nss.c will close
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
f25323fe3f Fix socket accounting with ORConn sockets.
When we close a socket via tor_tls_free(), we previously had no way
for our socket accounting logic to learn about it.  This meant that
the socket accounting code would think we had run out of sockets,
and freak out.

Fixes bug 27795; bugfix on 0.3.5.1-alpha.
2018-09-20 12:52:29 -04:00
Nick Mathewson
1c1e84281d Add a tor_release_socket_ownership() function. 2018-09-20 12:46:47 -04:00
Nick Mathewson
bd6007d898 Merge branch 'split_routerlist_dirserv_v2' 2018-09-20 11:07:50 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
fa6d5dd268 hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 11:01:23 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
163230e240 Merge remote-tracking branch 'github/bug27139_034' into maint-0.3.4 2018-09-20 10:43:05 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
119159677b Comment fix. 2018-09-18 16:44:24 -04:00
Nick Mathewson
88a93ccc7b Merge branch 'ticket27686_035' 2018-09-18 16:40:30 -04:00
Nick Mathewson
6d33f65638 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-09-18 15:51:11 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
teor
7bf9c93ab3 Merge remote-tracking branch 'nickm/bug27741_033' into bug27741_035
Resolve conflicts due to rustfmt, and run rustfmt on the merged code.
2018-09-18 23:32:57 +10:00
Nick Mathewson
50367d06f2 Merge remote-tracking branch 'tor-github/pr/352' 2018-09-18 08:44:58 -04:00
Nick Mathewson
52191064ac Merge branch 'maint-0.3.4' 2018-09-18 08:33:13 -04:00
Nick Mathewson
2ddbaf9cdc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-18 08:31:14 -04:00
Nick Mathewson
75b95e1c8e Merge remote-tracking branch 'onionk/rust-allsupported1' into maint-0.3.3 2018-09-18 08:31:08 -04:00
Nick Mathewson
4199c8b2d0 Merge remote-tracking branch 'github/bug27073_029' 2018-09-18 08:16:42 -04:00
Nick Mathewson
9252814646 Merge remote-tracking branch 'tor-github/pr/344' 2018-09-18 08:15:02 -04:00
Nick Mathewson
50001d1c5b Merge remote-tracking branch 'asn-github/bug27764' 2018-09-18 08:10:25 -04:00
Nick Mathewson
7ca0f66b82 Bump to 0.3.5.1-alpha-dev 2018-09-18 07:52:27 -04:00
George Kadianakis
43324b0e4d Fix minor memleak in edge-case of crypto_rsa.c function. 2018-09-18 14:01:15 +03:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Mike Perry
ad10cafd9f Bug 23512: Test fix: cmux is now allocated by new_fake_channel() 2018-09-17 23:31:48 +00:00
Mike Perry
72cef61028 Merge branch 'bug23512-v4-032' into bug23512-v4-033 2018-09-17 23:31:34 +00:00
Mike Perry
dd15998d28 Remove duplicate TLS define from kist code.
Duplicate comes from introducing this define into 0.2.9, which did not yet
have KIST.
2018-09-17 23:21:58 +00:00
Mike Perry
dfd3823047 Bug 23512: Mock assert_circuit_ok in tests.
This mocking was not available in 0.2.9.
2018-09-17 23:12:53 +00:00
Mike Perry
36e81e1f59 Merge branch 'bug23512-v4-029' into bug23512-v4-032 2018-09-17 23:12:45 +00:00
Mike Perry
6af352172d Bug 23512: Test recording bytes in circ queues. 2018-09-17 22:24:25 +00:00
Mike Perry
bbaa398d26 Bug 23512: Report queued cells on or circs as written.
This avoids asymmetry in our public relay stats, which can be exploited for
guard discovery and other attacks.
2018-09-17 22:19:42 +00:00
Mike Perry
7dc435e6bc Promote rep_hist bw functions to uint64_t.
The rest of rephist uses uint64_t internally. Let's make these take it too,
so we don't have to worry about overflowing size_t on 32 bit systems.
2018-09-17 22:19:05 +00:00
Nick Mathewson
80ad15921c Remove extraneous argument from Rust protover_compute_vote()
This argument was added to match an older idea for the C api, but we
decided not to do it that way in C.

Fixes bug 27741; bugfix on 0.3.3.6 / TROVE-2018-005 fix.
2018-09-17 11:57:56 -04:00
Nick Mathewson
4fd761a418 Make CacheDirectoryGroupReadable an autobool.
Since the default cache directory is the same as the default data
directory, we don't want the default CacheDirectoryGroupReadable
value (0) to override an explicitly set "DataDirectoryGroupReadable
1".

To fix this, I'm making CacheDirectoryGroupReadable into an
autobool, and having the default (auto) value mean "Use the value of
DataDirectoryGroupReadable if the directories are the same, and 0
otherwise."

Fixes bug 26913; bugfix on 0.3.3.1-alpha when the CacheDirectory
option was introduced.
2018-09-17 11:44:59 -04:00
Nick Mathewson
f606b3cfd1 Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
2018-09-17 11:08:56 -04:00
Nick Mathewson
307275a5e4 Bump to 0.3.5.1-alpha 2018-09-17 09:12:42 -04:00
Nick Mathewson
b729bc202c Add tortls.h includes to expose critical macro. Fix #27734. 2018-09-16 22:08:02 -04:00
Nick Mathewson
a8ac21fbb5 Don't try to link C from rust doctests for nss detection
This is really annoying, since we can't use cfg(test) for doctests.
2018-09-16 14:34:31 -04:00
Nick Mathewson
078debb0de Merge branch 'bug25573-034-typefix' 2018-09-16 13:46:12 -04:00
Nick Mathewson
7fd61cf536 Fix duplicate declaration of pathbias_count_valid_cells. 2018-09-16 13:45:43 -04:00
Nick Mathewson
991bec67ee When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
2018-09-16 13:28:29 -04:00
traumschule
863e2fcb48 Update description of onion_extend_cpath() (#27333) 2018-09-16 04:01:17 +02:00
cypherpunks
1ed5e009cb rust/protover: reject extra commas
The C implementation had gotten this wrong too, in a slightly different way.

Introduced in 5af03c1ef3.

Fixes #27197; bugfix on 0.3.3.3-alpha.
2018-09-15 23:19:31 +00:00
Alexander Færøy
3477a73af9 Add proxy headers as early as possible.
This patch moves the logic that adds the proxy headers to an earlier
point in the exit connection lifetime, which ensures that the
application data cannot be written to the outbuf before the proxy header
is added.

See: https://bugs.torproject.org/4700
2018-09-15 22:17:57 +02:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
Alexander Færøy
8f085841ef Encode the 32-bit Global Identifier as 2 x 16-bit in the IPv6 address.
Without this patch we would encode the IPv6 address' last part as
::ffffffff instead of ::ffff:ffff when the GID is UINT32_MAX.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
b2092f1ced Add unittest for HiddenServiceExportCircuitID.
Had to move a function to test helpers.
2018-09-15 16:52:32 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
5d34a8cbbb Improve export_hs_client_circuit_id() function.
- Change default values.
- Beautify.
- Documentation.
2018-09-15 16:32:23 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
035166e7bf Add a missing function for windows 2018-09-14 15:02:11 -04:00
Nick Mathewson
af39649aad Explicitly ignore BIO_set_close() return val to fix #27711 2018-09-14 13:09:10 -04:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
Nick Mathewson
6f47734ea8 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 12:56:30 -04:00
Nick Mathewson
a546e07600 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-14 12:56:30 -04:00
David Goulet
0971b3ce4d hs-v3: Don't BUG() on directory permission check failure
In hs_config.c, we do validate the permission of the hidden service directory
but we do not try to create it. So, in the event that the directory doesn't
exists, we end up in the loading key code path which checks for the
permission and possibly creates the directory. On failure, don't BUG() since
there is a perfectly valid use case for that function to fail.

Fixes #27335

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:56:26 -04:00
Nick Mathewson
6e940829cc Merge remote-tracking branch 'dgoulet/ticket27040_035_01' 2018-09-14 12:54:13 -04:00
Nick Mathewson
79f8641ee5 Merge branch 'nss_countbytes_squashed' 2018-09-14 12:45:30 -04:00
Nick Mathewson
ac93c911ce Allow malloc includes in tls library 2018-09-14 12:44:56 -04:00
Nick Mathewson
126819c947 Add support for lower-level byte counting with NSS
This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't.  To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.

Closes ticket 27289.
2018-09-14 12:44:56 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb465be085 Revise our assertion and bug macros to work with -Wparentheses
On GCC and Clang, there's a feature to warn you about bad
conditionals like "if (a = b)", which should be "if (a == b)".
However, they don't warn you if there are extra parentheses around
"a = b".

Unfortunately, the tor_assert() macro and all of its kin have been
passing their inputs through stuff like PREDICT_UNLIKELY(expr) or
PREDICT_UNLIKELY(!(expr)), both of which expand to stuff with more
parentheses around "expr", thus suppressing these warnings.

To fix this, this patch introduces new macros that do not wrap
expr.  They're only used when GCC or Clang is enabled (both define
__GNUC__), since they require GCC's "({statement expression})"
syntax extension.  They're only used when we're building the
unit-test variant of the object files, since they suppress the
branch-prediction hints.

I've confirmed that tor_assert(), tor_assert_nonfatal(),
tor_assert_nonfatal_once(), BUG(), and IF_BUG_ONCE() all now give
compiler warnings when their argument is an assignment expression.

Fixes bug 27709.

Bugfix on 0.0.6, where we first introduced the "tor_assert()" macro.
2018-09-14 11:39:37 -04:00
cypherpunks
5c47f725b0 rust/protover: delete ProtoSet::retain
As the comment noted, it was horribly inefficient.
2018-09-14 15:10:22 +00:00
cypherpunks
c613d55134 rust/protover: use .and_not_in() instead of .retain() in all_supported()
.retain() would allocating a Vec of billions of integers and check them
one at a time to separate the supported versions from the unsupported.
This leads to a memory DoS.

Closes ticket 27206. Bugfix on e6625113c9.
2018-09-14 15:08:55 +00:00
cypherpunks
578f7326ed rust/protover: add ProtoSet::and_not_in()
This is a way more efficient version of retain().
2018-09-14 15:08:54 +00:00
Nick Mathewson
8f689e0eb2 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 10:48:01 -04:00
Nick Mathewson
7e406ec40f Merge branch 'maint-0.3.4' 2018-09-14 10:48:01 -04:00
Nick Mathewson
281854bab7 If options_act() fails, restore the previous value of global_options
Before 0.3.3.1-alpha, we would exit() in this case immediately.  But
now that we leave tor_main() more conventionally, we need to make
sure we restore things so as not to cause a double free.

Fixes bug 27708; bugfix on 0.3.3.1-alpha.
2018-09-14 10:34:45 -04:00
Nick Mathewson
0e4fcd3996 Merge branch 'nss_27664' 2018-09-14 10:24:46 -04:00
Nick Mathewson
e43ae24e7d Merge branch 'nss_27451' 2018-09-14 10:22:38 -04:00
Nick Mathewson
eaeb4c1082 Fix compilation of 27686 on master. 2018-09-14 10:22:11 -04:00
Nick Mathewson
994de7db53 Merge branch 'ticket27686_034' into x 2018-09-14 10:16:44 -04:00
Nick Mathewson
ab92f93421 Teach the OOM module to handle half-open stream info. #27686 2018-09-14 10:16:27 -04:00
Nick Mathewson
1ca03633fe Tweak message; only log it on a relay. 2018-09-14 09:32:39 -04:00
Nick Mathewson
12320e7f3e Merge remote-tracking branch 'neel/b21530' 2018-09-14 09:27:03 -04:00
Nick Mathewson
82b1282772 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 09:25:34 -04:00
Nick Mathewson
84e3ada71b Merge remote-tracking branch 'onionk/rust-protokeyword1-035' 2018-09-14 09:25:31 -04:00
Nick Mathewson
bb012d7941 Merge remote-tracking branch 'tor-github/pr/329' 2018-09-14 09:22:23 -04:00
Nick Mathewson
b67f3b751a Merge branch 'ticket27247' 2018-09-14 09:14:12 -04:00
Nick Mathewson
6e5e1be737 Make circuitmux ewma timing test more tolerant on 32bit osx
Since we use a 32-bit approximation for millisecond conversion here,
we can't expect so much precision.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:40:12 -04:00
Nick Mathewson
f02e8b5944 Avoid integer overflow on fast 32-bit millisecond conversion.
Multiply-then-divide is more accurate, but it runs into trouble when
our input is above INT32_MAX/numerator.  So when our value is too
large, do divide-then-multiply instead.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:39:45 -04:00
Nick Mathewson
4eabc6db47 Use a slightly more accurate formula for OSX 32-bit msec conversion
We use an optimized but less accurate formula for converting coarse
time differences to milliseconds on 32-bit OSX platforms, so that we
can avoid 64-bit division.

The old numbers were off by 0.4%.  The new numbers are off by .006%.

This should make the unit tests a bit cleaner, and our tolerances a
bit closer.
2018-09-14 08:35:06 -04:00
Nick Mathewson
88c9730817 Re-order includes to expose intptr_t to tor_api_internal.h 2018-09-14 07:11:37 -04:00
cypherpunks
bf9dc697fa Merge branch 'rust-protokeyword1-034' into rust-protokeyword1-035 2018-09-14 02:33:59 +00:00
cypherpunks
574d59c640 Merge branch 'rust-protokeyword1' into rust-protokeyword1-034 2018-09-14 02:26:31 +00:00
cypherpunks
e24195c7c1 protover: reject invalid protocol names
The spec only allows the characters [A-Za-z0-9-].

Fix on b2b2e1c7f2.
Fixes #27316; bugfix on 0.2.9.4-alpha.
2018-09-14 02:18:04 +00:00
Neel Chauhan
2c093c96b2 Add log message for Tor being non-exit by default 2018-09-13 21:50:06 -04:00
Nick Mathewson
7a0ff5beb2 In conditionvar_timeout test, wait for threads to timeout
Previously we just waited 200msec, which was not enough on slow/busy
systems.

Fixes bug 27073; bugfix on 0.2.6.3-alpha when the test was introduced.
2018-09-13 20:47:41 -04:00
Nick Mathewson
d8280216c0 Include torint.h in socketpair.c for intptr_t definition. 2018-09-13 17:54:26 -04:00
Nick Mathewson
92357a07bd Fix a 32-bit off_t/size_t warning in crypto_rsa.c
Bug not in any released Tor.
2018-09-13 17:49:39 -04:00
Nick Mathewson
83b8a76f0c Fix a shadowed-global warning in geoip.c
Bugfix on 5ab2110eb6b4ae9082430081cb2800018cf0dcd6; bug not in any
released Tor.
2018-09-13 17:48:33 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
rl1987
1e77376e1a Avoid calling node_get_all_orports() from node_is_a_configured_bridge()
All node_get_all_orports() does is allocate and return a smartlist
with at most two tor_addr_port_t members that match ORPort's of
node configuration. This is harmful for memory efficiency, as it
allocates the same stuff every time it is called. However,
node_is_a_configured_bridge() does not need to call it, as it
already has all the information to check if there is configured
bridge for a given node.

The new code is arranged in a way that hopefully makes each succeeding
linear search through bridge_list less likely.
2018-09-13 16:38:33 -04:00
Nick Mathewson
874eca6a8c Add a test case with a matching ip but mismatched identity. 2018-09-13 16:38:33 -04:00
rl1987
9741921094 Unit tests for ticket 27224.
Since this is a refactoring ticket, these tests should pass before
and after the changes are made.
2018-09-13 16:25:14 -04:00
Nick Mathewson
85aba48a66 Merge branch 'bug26470_032' 2018-09-13 13:53:42 -04:00
Mike Perry
efa2075670 Ticket #27678: Emit CIRC_BW events immediately for dropped cells.
We determine that a cell was dropped by inspecting CIRC_BW fields. If we did
not update the delivered or overhead fields after processing the cell, the
cell was dropped/not processed.

Also emit CIRC_BW events for cases where we decide to close the circuit in
this function, so vanguards can print messages about dropped cells in those
cases, too.
2018-09-13 17:45:45 +00:00
Mike Perry
80ffedd3ca Control port call to emit a CIRC_BW event for a single circuit.
This commit only moves code. No functionality has been changed.
2018-09-13 17:44:56 +00:00
Nick Mathewson
2d05500a1e Merge remote-tracking branch 'UntoSten/inform-about-conf-includes' 2018-09-13 13:35:59 -04:00
Nick Mathewson
787da5185c Merge remote-tracking branch 'onionk/strcmpstart1' 2018-09-13 13:30:53 -04:00
Nick Mathewson
e8b81d7dc5 Merge branches 'bug27684' and 'bug27685' 2018-09-13 13:09:57 -04:00
Nick Mathewson
15596f6c0c Fix a memory leak in tortls/openssl/try_to_extract_certs_from_tls
Since this is an "intrusive" test, it only shows up for openssl <1.1

This is a bugfix on 0.3.5.x; bug not in any released Tor.
2018-09-13 12:47:42 -04:00
Nick Mathewson
d28018ea1e Fix a memory leak in tortls/openssl/context_new test.
Bugfix on 0.3.5.x; bugfix not on any released Tor.
2018-09-13 12:43:37 -04:00
cypherpunks
7c26f88fd7 rust/protover: validate unknown protocol names use only allowed characters 2018-09-13 16:33:58 +00:00
Nick Mathewson
9697c2da46 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-13 11:46:04 -04:00
Nick Mathewson
3ddfd5ff25 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-13 11:46:04 -04:00
Nick Mathewson
8253428253 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-13 11:46:04 -04:00
Nick Mathewson
d44eb16b23 Merge branch 'maint-0.3.4' 2018-09-13 11:46:04 -04:00
Nick Mathewson
75d6609eb1 Run crypto_prefork() before start_daemon().
Without this, RunAsDaemon breaks NSS.

Fixes bug 27664; bug not in any released Tor.
2018-09-13 08:58:28 -04:00
David Goulet
4b646e30d8 conn: Fix memleaks in retry_all_listeners
Fixes #27670

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-12 17:51:56 -04:00
Nick Mathewson
fed2c26e60 Report UNIX connection addresses that we opened correctly.
This is an aside on ticket27670.
2018-09-12 17:42:24 -04:00
Nick Mathewson
f308e81fa7 Merge branch 'maint-0.3.4' 2018-09-12 17:25:40 -04:00
Nick Mathewson
f8d5fb42a3 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-12 17:24:41 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
9f5f67bda2 Use tor_tls_release_socket() to avoid double-closed sockets on NSS
Closes ticket 27451; bug not in any released Tor.
2018-09-12 11:32:15 -04:00
Nick Mathewson
ae5692994f Add a tor_tls_release_socket() function.
This function tells the underlying TLS object that it shouldn't
close the fd on exit.  Mostly, we hope not to have to use it, since
the NSS implementation is kludgey, but it should allow us to fix
2018-09-12 11:12:05 -04:00
Nick Mathewson
bfc847255a Merge remote-tracking branch 'dgoulet/ticket27545_035_01' 2018-09-12 10:18:11 -04:00