Commit Graph

36293 Commits

Author SHA1 Message Date
Richard Pospesel
16412c698c build: updated configure.ac to allow mingw builds with static openssl and libevent 2020-09-14 19:01:43 +02:00
Nick Mathewson
33380f6b27 Update remaining trac.tpo wiki urls 2020-09-14 11:02:38 -04:00
Alexander Færøy
1c4b140427 Check if glob() is available at build-time.
This patch disables the glob() support in the path library if glob() is
unavailable at build-time. This currently happens with the Android NDK
used for Tor Browser.

See: https://bugs.torproject.org/tpo/core/tor/40114
2020-09-10 10:51:57 -04:00
David Goulet
12c7583126 Merge branch 'maint-0.4.4' 2020-09-08 11:14:12 -04:00
George Kadianakis
85a1e6c601 statistics: Properly count all rendezvous cells (avoid undercounting).
tl;dr We were not counting cells flying from the client to the service, but we
were counting cells flying from the service to the client.

When a rendezvous cell arrives from the client to the RP, the RP forwards it to
the service.

For this to happen, the cell first passes through command_process_relay_cell()
which normally does the statistics counting. However because the `rend_circ`
circuit was not flagged with `circuit_carries_hs_traffic_stats` in
rend_mid_rendezvous(), the cell is not counted there.

Then the cell goes to circuit_receive_relay_cell() which has a special code
block based on `rend_splice` specifically for rendezvous cells, and the cell
gets directly passed to `rend_circ` via a direct call to
circuit_receive_relay_cell(). The cell never passes through
command_process_relay_cell() ever again and hence is never counted by our
rephist module.

The fix here is to flag the `rend_circ` circuit with
`circuit_carries_hs_traffic_stats` so that the cell is counted as soon as it
hits command_process_relay_cell().

Furthermore we avoid double-counting cells since the special code block of
circuit_receive_relay_cell() makes us count rendezvous cells only as they enter
the RP and not as they exit it.

Fixes #40117.
2020-09-07 13:30:21 +03:00
David Goulet
ae6430818e addr: Missing AF family to index conversion
When accessing the last_resolved_address cache we always need to convert the
AF family value to an index value else we are out of bound and thus
overflowing if we write to it.

This fix is on code that has not been released.

GeKo reported the following libasan crash using Tor Browser alpha with tor
0.4.5.0-alpha-dev (3c884bc9e0):

==4240==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55888490e388 at pc 0x5588842cc216 bp 0x7ffc8c421b00 sp 0x7ffc8c421af8
READ of size 2 at 0x55888490e388 thread T0
    #0 0x5588842cc215 in tor_addr_compare_masked
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215)
    #1 0x558884203210 in is_local_to_resolve_addr
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x4dd210)
    #2 0x558883f7e252 in channel_tls_connect
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x258252)
    #3 0x558883f87ff7 in channel_connect_for_circuit
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x261ff7)
    #4 0x558883f8bc90 in circuit_handle_first_hop
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x265c90)
    #5 0x558883f8c891 in circuit_establish_circuit
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x266891)
    #6 0x558883fc3bbc in circuit_launch_by_extend_info
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29dbbc)
    #7 0x558883fc5900
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29f900)
    #8 0x558883fc6988 in connection_ap_handshake_attach_circuit
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2a0988)
    #9 0x558883fd0d3f in connection_ap_attach_pending
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2aad3f)
    #10 0x7f4d50110885  (TorBrowser/Tor/libevent-2.1.so.7+0x22885)
    #11 0x7f4d501110de in event_base_loop
(TorBrowser/Tor/libevent-2.1.so.7+0x230de)
    #12 0x558883f69b3c in do_main_loop
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x243b3c)
    #13 0x558883f3f70c in tor_run_main
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x21970c)
    #14 0x558883f3c2f7 in tor_main
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2162f7)
    #15 0x558883f3531b in main
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x20f31b)
    #16 0x7f4d4f76acc9 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x26cc9)
    #17 0x558883f3ba00
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x215a00)

0x55888490e388 is located 24 bytes to the left of global variable
'state_mgr' defined in 'src/app/config/statefile.c:184:22'
(0x55888490e3a0) of size 8
0x55888490e388 is located 32 bytes to the right of global variable
'global_state' defined in 'src/app/config/statefile.c:204:20'
(0x55888490e360) of size 8
SUMMARY: AddressSanitizer: global-buffer-overflow
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215)
in tor_addr_compare_masked
Shadow bytes around the buggy address:
  0x0ab190919c20: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919c30: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9
  0x0ab190919c40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ab190919c50: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 00 04
  0x0ab190919c60: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
=>0x0ab190919c70: f9[f9]f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ab190919c80: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919c90: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919ca0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ab190919cb0: 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919cc0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==4240==ABORTING

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-09-03 16:07:19 +00:00
Alexander Færøy
3c884bc9e0 Merge remote-tracking branch 'tor-gitlab/mr/136' 2020-08-26 22:15:04 +00:00
Alexander Færøy
511730db2d Merge remote-tracking branch 'tor-gitlab/mr/133' 2020-08-26 21:55:39 +00:00
David Goulet
a6a97236fc Merge branch 'tor-gitlab/mr/135' 2020-08-26 11:04:53 -04:00
George Kadianakis
d4f3cfe99a Merge branch 'mr/113' 2020-08-25 20:37:04 +03:00
David Goulet
20a990cea3 ci: Add tracing build to Gitlab CI
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-08-25 10:38:48 -04:00
Neel Chauhan
90707c9264 Even argument spacing for some functions in feature/client/bridges.c 2020-08-25 09:16:58 -04:00
Nick Mathewson
75772ea096 Validate address more carefully when checking self-reachability
Previously, we would treat *any* incoming circuit on a non-local
channel as meaning that our ORPort was reachable.  With this patch,
we make sure that the address that the peer _says_ we have is the
same as the one we're trying to advertise right now.

Closes 20165. Bugfix on 4f5192b280 in 0.1.0.1-rc, when
reachability self-tests were first introduced.
2020-08-25 16:02:59 +03:00
George Kadianakis
cc4e42ee32 Merge remote-tracking branch 'tor-gitlab/mr/115' 2020-08-25 15:43:00 +03:00
David Goulet
6dc0b04319 Merge branch 'maint-0.4.4' 2020-08-25 08:23:06 -04:00
George Kadianakis
53cd1c9710 Avoid guard-related warning when upgrading from 043 to 044.
Fixes #40105.
2020-08-25 15:09:57 +03:00
George Kadianakis
4b9ed14d9b Merge remote-tracking branch 'tor-gitlab/mr/108' 2020-08-25 15:02:04 +03:00
George Kadianakis
935160ce86 Merge branch 'maint-0.4.4' 2020-08-25 14:51:23 +03:00
George Kadianakis
1397a86bbd Merge remote-tracking branch 'tor-gitlab/mr/130' into maint-0.4.4 2020-08-25 14:51:05 +03:00
Neel Chauhan
b16d82043c Include crypto_rand.h in ed25519_tor.c 2020-08-23 06:05:08 -07:00
George Kadianakis
36203e8894 Merge branch 'maint-0.4.4' 2020-08-20 14:34:56 +03:00
Neel Chauhan
6e37086f85 v3 control: Persist ONION_CLIENT_AUTH_ADD client name 2020-08-20 14:34:21 +03:00
David Goulet
f5c9f6d432 hs: Don't overwrite DoS parameters on circuit with consensus params
Turns out that the HS DoS defenses parameters were overwritten by the
consensus parameters everytime a new consensus would arrive.

This means that a service operator can still enable the defenses but as soon
as the intro point relay would get a new consensus, they would be overwritten.
And at this commit, the network is entirely disabling DoS defenses.

Fix this by introducing an "explicit" flag that indicate if the
ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid
using the consenus at once.

We are not bumping the protover HSIntro value for this because 0.4.2.x series
is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We
are confident that a backport and then upgrade path to the latest 0.4.4.x
stable coming up soon is enough to mitigate this problem in the coming months.

It avoids the upgrade path on the service side by keeping the requirement for
protover HSIntro=5.

Fixes #40109

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-08-19 09:47:34 -04:00
George Kadianakis
4e3f55fba1 Merge branch 'maint-0.4.4' 2020-08-19 13:56:34 +03:00
George Kadianakis
b1b0079675 Merge branch 'mr/124' into maint-0.4.4 2020-08-19 13:55:07 +03:00
Nick Mathewson
974abdf632 Parallelize src/test/test into chunks.
First, we introduce a flag to teach src/test/test to split its work
into chunks.  Then we replace our invocation of src/test/test in our
"make check" target with a set of 8 scripts that invoke the first
8th of the tests, the second 8th, and so on.

This change makes our "make -kj4 check" target in our hardened
gitlab build more than twice as fast, since src/test/test was taking
the longest to finish.

Closes 40098.
2020-08-19 13:46:50 +03:00
David Goulet
1089ac6f22 Merge branch 'tor-gitlab/mr/126' 2020-08-18 08:56:27 -04:00
David Goulet
80d2376f33 Merge branch 'maint-0.4.4' 2020-08-18 08:49:07 -04:00
David Goulet
deea196370 Merge branch 'tor-gitlab/mr/121' into maint-0.4.4 2020-08-18 08:49:01 -04:00
Daniel Pinto
ebaa1a1d23 Make options_init_from_torrc smaller #40102
Split implementation of several command line options from
options_init_from_torrc into smaller isolated functions.
2020-08-14 16:01:02 +01:00
Nick Mathewson
563f8610fd Revise trac.torproject.org urls to refer to gitlab replacements.
Closes #40101.
2020-08-14 09:21:28 -04:00
Nick Mathewson
7915b651d9 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-08-13 14:20:39 -04:00
Nick Mathewson
ef18fb56c9 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-08-13 14:20:39 -04:00
Nick Mathewson
8669ace2fb Merge branch 'maint-0.4.4' 2020-08-13 14:20:39 -04:00
Nick Mathewson
45d9830493 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-08-13 14:20:39 -04:00
Nick Mathewson
72484a4953 Merge remote-tracking branch 'tor-gitlab/mr/125' into maint-0.3.5 2020-08-13 14:20:27 -04:00
Nick Mathewson
e82f36bccc Update ReleasingTor.md to current practice 2020-08-13 09:56:27 -04:00
Nick Mathewson
0957a5adb2 Merge branch 'maint-0.4.4'
"ours" to avoid version bump.
2020-08-13 09:44:11 -04:00
Nick Mathewson
26b257757b Bump to 0.4.4.4-rc-dev 2020-08-13 09:43:54 -04:00
Nick Mathewson
7b4716a762 Make test_glob() pass even when run as root.
Previously the test relied on not being able to look inside 000
directories, which is a thing root _can_ do.

Bug not in any released Tor version.
2020-08-12 20:36:23 -04:00
Nick Mathewson
34919368ce Merge branch 'maint-0.4.2' into maint-0.4.3 2020-08-12 20:21:04 -04:00
Nick Mathewson
07f0210a05 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-08-12 20:21:04 -04:00
Nick Mathewson
9d77ed7be2 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-08-12 20:21:04 -04:00
Nick Mathewson
effc9739bf Merge branch 'maint-0.4.4' 2020-08-12 20:21:04 -04:00
Nick Mathewson
aeafb7f44f Improve comments in .gitlab-ci.yml 2020-08-12 20:20:58 -04:00
Nick Mathewson
41a7ab96e5 CI: Turn on stem with 044 and later. 2020-08-12 20:13:18 -04:00
Nick Mathewson
9ef991dbe3 Use correct type for gl_closedir to avoid a compiler warning 2020-08-12 14:42:30 -04:00
Nick Mathewson
e151442037 Merge remote-tracking branch 'tor-gitlab/mr/62' 2020-08-12 14:37:21 -04:00
Nick Mathewson
f9bb49d870 Fix allocation counting in clean_v2_descs_as_dir test.
Without this fix, running this test on its own would fail.

Fixes bug 40099. Bugfix on ade5005853 in 0.2.8.1-alpha.
2020-08-12 14:25:46 -04:00
Nick Mathewson
309eafbc3c Merge branch 'maint-0.4.2' into maint-0.4.3 2020-08-12 12:29:17 -04:00