Commit Graph

22734 Commits

Author SHA1 Message Date
David Goulet
b5731cdf2e mainloop: Set client role if ControlPort is set
It turns out that if _only_ the ControlPort is set and nothing else, tor would
simply not bootstrap and thus not start properly. Commit 67a41b6306
removed that requirement for tor to be considered a "client".

Unfortunately, this made the mainloop enable basically nothing if only the
ControlPort is set in the torrc.

This commit now makes it that we also consider the ControlPort when deciding
if we are a Client or not. It does not revert 67a41b6306 meaning
options_any_client_port_set() stays the same, not looking at the control port.

Fixes #27849.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:11:49 -04:00
Nick Mathewson
b7fbd1f329 Merge branch 'maint-0.3.4' 2018-10-16 08:04:34 -04:00
David Goulet
38599de2dd test: Update approx_time before the test starts
This way we have the same time source when the IP is created and tested later.

Fixes #27810

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:03:55 -04:00
Nick Mathewson
8b3ec74e5f Merge remote-tracking branch 'public/bug27990' 2018-10-16 08:02:01 -04:00
Nick Mathewson
11161395af Merge branch 'maint-0.3.4' 2018-10-15 12:52:54 -04:00
Nick Mathewson
633e99575f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:52:54 -04:00
Nick Mathewson
6b2ef2c559 Fix another tor_assert(0) case 2018-10-15 12:52:48 -04:00
Nick Mathewson
feed41bed3 Merge branch 'maint-0.3.4' 2018-10-15 12:47:46 -04:00
Nick Mathewson
d1ec7bb06e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:47:46 -04:00
Nick Mathewson
86e0be421f Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 12:47:46 -04:00
Nick Mathewson
5b28190c67 Fix make check-spaces. 2018-10-15 12:47:19 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
3462f8ed64 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:48:35 -04:00
Nick Mathewson
796e36e535 Adjust tor_assert_unreached()
This version of the macro makes it obvious to the compiler that
"tor_assert_unreached()" will always abort().
2018-10-15 10:46:26 -04:00
Nick Mathewson
4983322cc7 Merge branch 'maint-0.3.4' 2018-10-15 10:37:53 -04:00
Nick Mathewson
fd528a0884 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:37:52 -04:00
Nick Mathewson
dff7d3d00a Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 10:37:49 -04:00
Nick Mathewson
b113399658 Merge branch 'bug27709_029' into maint-0.2.9 2018-10-15 10:34:39 -04:00
Nick Mathewson
5e582c7ffa Explain a bit more about branch prediction in the unit-test case 2018-10-15 10:16:34 -04:00
rl1987
89c4a3a0b6 Write a comment to explain may_need_rebind condition 2018-10-15 16:18:31 +03:00
rl1987
9bb00a74bc Refrain from listener rebinding when address families differ 2018-10-15 16:18:31 +03:00
Nick Mathewson
df2b46d18c Remove a double-newline and improve a comment 2018-10-14 15:33:39 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
6925b61cfd Fix various GCC LTO warnings in the unit tests. 2018-10-14 15:25:16 -04:00
Nick Mathewson
7c8f20ba44 In tor_tls_get_my_certs(), set cert ptrs even on failure
Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.

Fixes part of 27772.
2018-10-14 15:25:16 -04:00
Nick Mathewson
dddecee291 Initialize some locals in socks5 parsing code.
These confused GCC LTO, which thought they might be used
uninitialized.  I'm pretty sure that as long as 'res' indicates
success, they will always be set to something, but let's unconfuse
the compiler in any case.
2018-10-14 15:25:16 -04:00
Nick Mathewson
370d9922a4 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-10-14 15:25:16 -04:00
Nick Mathewson
965549aa07 Use assertions so GCC LTO doesn't worry about TLS channel conversion
Part of #27772
2018-10-14 15:25:16 -04:00
Nick Mathewson
67351f6724 Merge remote-tracking branch 'tor-github/pr/380' 2018-10-12 11:39:37 -04:00
Nick Mathewson
267b8d16b1 Add timeval.h include to compat_pthreads.c for timeradd()
OpenSolaris apparently doesn't have timeradd(), so we added a
replacement, but we weren't including it here after the big
refactoring in 0.3.5.1-alpha.

Fixes bug 27963; bugfix on 0.3.5.1-alpha.
2018-10-10 12:19:56 -04:00
Nick Mathewson
a23c36ebcd Merge branch 'maint-0.3.4' 2018-10-10 11:34:49 -04:00
Nick Mathewson
e5fe8b0e3a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-10 11:34:49 -04:00
Nick Mathewson
b057623bed Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-10 11:34:48 -04:00
Karsten Loesing
119df9c1c0 Update geoip and geoip6 to the October 9 2018 database. 2018-10-10 17:26:41 +02:00
Nick Mathewson
d3d6c59557 Add sys/time.h include back to procmon.c 2018-10-10 11:26:38 -04:00
Nick Mathewson
da86a70bd8 Merge remote-tracking branch 'tor-github/pr/384' 2018-10-10 09:24:48 -04:00
Nick Mathewson
7409aa58d1 Merge remote-tracking branch 'tor-github/pr/385' 2018-10-09 12:46:46 -04:00
Nick Mathewson
361eaa9931 Merge remote-tracking branch 'public/ticket27856' 2018-10-09 09:04:53 -04:00
Neel Chauhan
3cc089ce59 Add newline between hs_client_get_random_intro_from_edge() and hs_client_receive_introduce_ack() 2018-10-05 19:54:26 -04:00
rl1987
9d886185c1 Make sure we're removing conn from old_conns *once* 2018-10-03 15:51:59 +03:00
rl1987
2b146bdb9a Refrain from using SMARTLIST_DEL_CURRENT in retry_all_listeners 2018-10-03 15:31:49 +03:00
Alex Crichton
38d644c94b Remove rlib+staticlib configuration for Rust crates
Only the final crate needs to be a `staticlib`, no need for all the
intermediate steps to produce staticlibs!
2018-10-01 22:58:44 -07:00
Alex Crichton
757a2360a4 Remove [features] from workspace Cargo.toml
Unfortunately Cargo doesn't actually parse these! Cargo should probably
print a warning saying they're not used...
2018-10-01 22:57:38 -07:00
Alex Crichton
74c1e44746 Fix segfaults related to sanitizers+jemalloc
It looks to be the case that Rust's standard allocator, jemalloc, is
incompatible with sanitizers. The incompatibility, for whatever reason,
seems to cause segfaults at runtime when jemalloc is linked with
sanitizers.

Without actually trying to figure out what's going on here this commit
instead takes the hammer of "let's remove jemalloc when testing". The
`tor_allocate` crate now by default switches to the system allocator
(eventually this will want to be the tor allocator). Most crates then
link to `tor_allocate` ot pick this up, but the `smartlist` crate had to
manually switch to the system allocator in testing and the `external`
crate had to be sure to link to `tor_allocate`.

The final gotcha here is that this patch also switches to
unconditionally passing `--target` to Cargo. For weird and arcane
reasons passing `--target` with the host target of the compiler (which
Cargo otherwise uses as the default) is different than not passing
`--target` at all. This ensure that our custom `RUSTFLAGS` with
sanitizer options doesn't make its way into build scripts, just the
final testing artifacts.
2018-10-01 22:55:59 -07:00
Alex Crichton
6ebb2c46d5 Remove the link_rust.sh.in script
This is no longer necessary with upstream rust-lang/rust changes as well
as some local tweaks. Namely:

* The `-fsanitize=address`-style options are now passed via `-C
  link-args` through `RUSTFLAGS`. This obviates the need for the shell
  script.
* The `-C default-linker-libraries`, disabling `-nodefaultlibs`, is
  passed through `RUSTFLAGS`, which is necessary to ensure that
  `-fsanitize=address` links correctly.
* The `-C linker` option is passed to ensure we're using the same C
  compiler as normal C code, although it has a bit of hackery to only
  get the `gcc` out of `gcc -std=c99`
2018-10-01 22:50:08 -07:00
Nick Mathewson
43211c3a0c Merge remote-tracking branch 'public/bug27893' 2018-10-01 12:12:33 -05:00
Nick Mathewson
58299b2927 Merge remote-tracking branch 'public/bug27728' 2018-10-01 12:06:39 -05:00
Nick Mathewson
c4e29001c4 Fix a bug where we would crash on --version.
Bug not in any released Tor.

test-stem would have caught this.
2018-10-01 12:01:51 -05:00
Nick Mathewson
886dc8b0a5 Remove routerparse include from files that dont use it 2018-10-01 11:35:11 -05:00
Nick Mathewson
d199348664 Remove versions.h include from routerparse.h 2018-10-01 11:22:47 -05:00
Nick Mathewson
5f9839ee42 Remove unused headers from routerparse.c 2018-10-01 11:17:33 -05:00
Nick Mathewson
35db3f8162 Extract addr-policy parsing code. 2018-10-01 11:17:19 -05:00
Nick Mathewson
95e2eb9083 Move summarize_protover_flags to versions.c 2018-10-01 10:48:55 -05:00
Nick Mathewson
4201203845 extract networkstatus parsing to its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
cd23903427 Pull detached-signatures code into dirauth. 2018-10-01 10:46:00 -05:00
Nick Mathewson
2be35f4d61 Split microdescriptor parser into its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
aff5bf5464 Remove addr_policy_assert_ok() as unused 2018-10-01 00:09:00 -05:00
Nick Mathewson
3100831762 Remove dump_distinct_digest_count()
It was disabled-by-default for ages, and it no longer compiles. I
think it's safe to call it obsolete.
2018-10-01 00:09:00 -05:00
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
9e65e7a36f Merge branch 'split_stats' 2018-09-27 16:26:06 -04:00
Nick Mathewson
9e1a3be064 Prevent duplicate initialization of NSS DH module
Allowing this didn't do any actual harm, since there aren't any
shared structures or leakable objects here.  Still, it's bad style
and might cause trouble in the future.

Closes ticket 27856.
2018-09-27 13:26:47 -04:00
Nick Mathewson
d0b2b5a202 Always initialize the periodic events list.
Various places in our code try to activate these events or check
their status, so we should make sure they're initialized as early as
possible.  Fixes bug 27861; bugfix on 0.3.5.1-alpha.
2018-09-27 13:24:36 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
34402ece8c geoip: fix windows compilation 2018-09-27 11:02:58 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
cypherpunks
5e74db95c2 rust: run rustfmt 2018-09-24 18:00:56 +00:00
David Goulet
18085abfcc hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-24 12:49:00 -04:00
Nick Mathewson
9767cf8cc0 Merge branch 'bug26913_033' 2018-09-24 11:17:09 -04:00
Nick Mathewson
6c739c3fb2 Fix arm compilation with openssl <1.1
Bug 27781; bugfix on 0.3.5.1-alpha.
2018-09-24 11:11:29 -04:00
Nick Mathewson
f57d8722e0 Fix the 0.3.4 part of bug 27781 (arm compilation)
Because with arm on OpenSSL <1.1 we don't define USE_EVP_AES_CTR, we
need to include crypto_util.h here.
2018-09-24 11:08:27 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
cypherpunks
b91bc1babc rust/protover: remove redundant ExceedsMax checks
This is already checked elsewhere.
2018-09-24 14:30:43 +00:00
Nick Mathewson
ae0cb94b69 Initialize mainloop events earlier, since other stuff may run them.
Fixes a stem test failure; bugfix on c7ce6b9821. Bug
not in any released Tor.
2018-09-22 17:40:04 -04:00
Nick Mathewson
7d9bea6a77 But, actually move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:49:20 -04:00
Nick Mathewson
7eea45c5c4 Move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:46:17 -04:00
Nick Mathewson
08d934b3fe Missing include in ntmain.c 2018-09-21 16:32:14 -04:00
Nick Mathewson
169f238c23 Merge remote-tracking branch 'onionk/protover-rust1' 2018-09-21 16:28:32 -04:00
cypherpunks
5c0dd1aa90 move protover_rust.c to core/or/
Missed in 667a6e8fe9.
2018-09-21 20:14:53 +00:00
Nick Mathewson
63e08f56b8 Merge remote-tracking branch 'tor-github/pr/365' 2018-09-21 16:13:59 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
9b0a17a74f Merge branch 'maint-0.3.4' 2018-09-21 09:36:31 -04:00
Nick Mathewson
e818a71905 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-21 09:35:54 -04:00
Nick Mathewson
2cadd93cea Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-21 09:35:51 -04:00
Nick Mathewson
5b04392c15 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-21 09:35:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
Nick Mathewson
55122bfe04 Bump to 0.3.5.2-alpha-dev 2018-09-21 09:11:33 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
rl1987
d40b0e73c2 Check Python version in test_rebind.py 2018-09-21 10:57:41 +03:00
rl1987
81199eaf0e Remove misleading first line in test_rebind.py
test_rebind.py actually does not require Python 3.

Bugfix on 5a11670fcaad0a58de48425ba80510effbe35628; bug not in any
Tor release.
2018-09-21 10:57:41 +03:00
cypherpunks
42558df7c8 rust/protover: return C-allocated string in protover_all_supported()
The result of CString::into_raw() is not safe to free
with free() except under finicky and fragile circumstances
that we definitely don't meet right now.

This was missed in be583a34a3.
2018-09-21 05:16:22 +00:00
cypherpunks
db89b4b152 rust/protover: fix null deref in protover_all_supported()
Fortunately with the current callers it couldn't happen in practice.

Fix on d1820c1516.
2018-09-21 04:57:26 +00:00
Nick Mathewson
1a85ac8c2d Bump to 0.3.5.2-alpha 2018-09-20 16:36:07 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
1da9741bca Remove another needless typedef 2018-09-20 14:34:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
72e30f26ec Fix a pair of errors in bug23512 2018-09-20 14:18:09 -04:00
Nick Mathewson
4e2028152d Fix an NSS socket leak-on-error found by dgoulet 2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a Use the correct macro to detect an invalid socket in tortls_nss.c
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26 Release ownership of the dummy socket that tortls_nss.c will close
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
f25323fe3f Fix socket accounting with ORConn sockets.
When we close a socket via tor_tls_free(), we previously had no way
for our socket accounting logic to learn about it.  This meant that
the socket accounting code would think we had run out of sockets,
and freak out.

Fixes bug 27795; bugfix on 0.3.5.1-alpha.
2018-09-20 12:52:29 -04:00
Nick Mathewson
1c1e84281d Add a tor_release_socket_ownership() function. 2018-09-20 12:46:47 -04:00
Nick Mathewson
bd6007d898 Merge branch 'split_routerlist_dirserv_v2' 2018-09-20 11:07:50 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
fa6d5dd268 hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 11:01:23 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
163230e240 Merge remote-tracking branch 'github/bug27139_034' into maint-0.3.4 2018-09-20 10:43:05 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
119159677b Comment fix. 2018-09-18 16:44:24 -04:00
Nick Mathewson
88a93ccc7b Merge branch 'ticket27686_035' 2018-09-18 16:40:30 -04:00
Nick Mathewson
6d33f65638 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-09-18 15:51:11 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
teor
7bf9c93ab3 Merge remote-tracking branch 'nickm/bug27741_033' into bug27741_035
Resolve conflicts due to rustfmt, and run rustfmt on the merged code.
2018-09-18 23:32:57 +10:00
Nick Mathewson
50367d06f2 Merge remote-tracking branch 'tor-github/pr/352' 2018-09-18 08:44:58 -04:00
Nick Mathewson
52191064ac Merge branch 'maint-0.3.4' 2018-09-18 08:33:13 -04:00
Nick Mathewson
2ddbaf9cdc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-18 08:31:14 -04:00
Nick Mathewson
75b95e1c8e Merge remote-tracking branch 'onionk/rust-allsupported1' into maint-0.3.3 2018-09-18 08:31:08 -04:00
Nick Mathewson
4199c8b2d0 Merge remote-tracking branch 'github/bug27073_029' 2018-09-18 08:16:42 -04:00
Nick Mathewson
9252814646 Merge remote-tracking branch 'tor-github/pr/344' 2018-09-18 08:15:02 -04:00
Nick Mathewson
50001d1c5b Merge remote-tracking branch 'asn-github/bug27764' 2018-09-18 08:10:25 -04:00
Nick Mathewson
7ca0f66b82 Bump to 0.3.5.1-alpha-dev 2018-09-18 07:52:27 -04:00
George Kadianakis
43324b0e4d Fix minor memleak in edge-case of crypto_rsa.c function. 2018-09-18 14:01:15 +03:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Mike Perry
ad10cafd9f Bug 23512: Test fix: cmux is now allocated by new_fake_channel() 2018-09-17 23:31:48 +00:00
Mike Perry
72cef61028 Merge branch 'bug23512-v4-032' into bug23512-v4-033 2018-09-17 23:31:34 +00:00
Mike Perry
dd15998d28 Remove duplicate TLS define from kist code.
Duplicate comes from introducing this define into 0.2.9, which did not yet
have KIST.
2018-09-17 23:21:58 +00:00
Mike Perry
dfd3823047 Bug 23512: Mock assert_circuit_ok in tests.
This mocking was not available in 0.2.9.
2018-09-17 23:12:53 +00:00
Mike Perry
36e81e1f59 Merge branch 'bug23512-v4-029' into bug23512-v4-032 2018-09-17 23:12:45 +00:00
Mike Perry
6af352172d Bug 23512: Test recording bytes in circ queues. 2018-09-17 22:24:25 +00:00
Mike Perry
bbaa398d26 Bug 23512: Report queued cells on or circs as written.
This avoids asymmetry in our public relay stats, which can be exploited for
guard discovery and other attacks.
2018-09-17 22:19:42 +00:00
Mike Perry
7dc435e6bc Promote rep_hist bw functions to uint64_t.
The rest of rephist uses uint64_t internally. Let's make these take it too,
so we don't have to worry about overflowing size_t on 32 bit systems.
2018-09-17 22:19:05 +00:00
Nick Mathewson
80ad15921c Remove extraneous argument from Rust protover_compute_vote()
This argument was added to match an older idea for the C api, but we
decided not to do it that way in C.

Fixes bug 27741; bugfix on 0.3.3.6 / TROVE-2018-005 fix.
2018-09-17 11:57:56 -04:00
Nick Mathewson
4fd761a418 Make CacheDirectoryGroupReadable an autobool.
Since the default cache directory is the same as the default data
directory, we don't want the default CacheDirectoryGroupReadable
value (0) to override an explicitly set "DataDirectoryGroupReadable
1".

To fix this, I'm making CacheDirectoryGroupReadable into an
autobool, and having the default (auto) value mean "Use the value of
DataDirectoryGroupReadable if the directories are the same, and 0
otherwise."

Fixes bug 26913; bugfix on 0.3.3.1-alpha when the CacheDirectory
option was introduced.
2018-09-17 11:44:59 -04:00
Nick Mathewson
f606b3cfd1 Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
2018-09-17 11:08:56 -04:00
Nick Mathewson
307275a5e4 Bump to 0.3.5.1-alpha 2018-09-17 09:12:42 -04:00
Nick Mathewson
b729bc202c Add tortls.h includes to expose critical macro. Fix #27734. 2018-09-16 22:08:02 -04:00
Nick Mathewson
a8ac21fbb5 Don't try to link C from rust doctests for nss detection
This is really annoying, since we can't use cfg(test) for doctests.
2018-09-16 14:34:31 -04:00
Nick Mathewson
078debb0de Merge branch 'bug25573-034-typefix' 2018-09-16 13:46:12 -04:00
Nick Mathewson
7fd61cf536 Fix duplicate declaration of pathbias_count_valid_cells. 2018-09-16 13:45:43 -04:00
Nick Mathewson
991bec67ee When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
2018-09-16 13:28:29 -04:00
traumschule
863e2fcb48 Update description of onion_extend_cpath() (#27333) 2018-09-16 04:01:17 +02:00
cypherpunks
1ed5e009cb rust/protover: reject extra commas
The C implementation had gotten this wrong too, in a slightly different way.

Introduced in 5af03c1ef3.

Fixes #27197; bugfix on 0.3.3.3-alpha.
2018-09-15 23:19:31 +00:00
Alexander Færøy
3477a73af9 Add proxy headers as early as possible.
This patch moves the logic that adds the proxy headers to an earlier
point in the exit connection lifetime, which ensures that the
application data cannot be written to the outbuf before the proxy header
is added.

See: https://bugs.torproject.org/4700
2018-09-15 22:17:57 +02:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
Alexander Færøy
8f085841ef Encode the 32-bit Global Identifier as 2 x 16-bit in the IPv6 address.
Without this patch we would encode the IPv6 address' last part as
::ffffffff instead of ::ffff:ffff when the GID is UINT32_MAX.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
b2092f1ced Add unittest for HiddenServiceExportCircuitID.
Had to move a function to test helpers.
2018-09-15 16:52:32 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
5d34a8cbbb Improve export_hs_client_circuit_id() function.
- Change default values.
- Beautify.
- Documentation.
2018-09-15 16:32:23 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
035166e7bf Add a missing function for windows 2018-09-14 15:02:11 -04:00
Nick Mathewson
af39649aad Explicitly ignore BIO_set_close() return val to fix #27711 2018-09-14 13:09:10 -04:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
Nick Mathewson
6f47734ea8 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 12:56:30 -04:00
Nick Mathewson
a546e07600 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-14 12:56:30 -04:00
David Goulet
0971b3ce4d hs-v3: Don't BUG() on directory permission check failure
In hs_config.c, we do validate the permission of the hidden service directory
but we do not try to create it. So, in the event that the directory doesn't
exists, we end up in the loading key code path which checks for the
permission and possibly creates the directory. On failure, don't BUG() since
there is a perfectly valid use case for that function to fail.

Fixes #27335

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:56:26 -04:00
Nick Mathewson
6e940829cc Merge remote-tracking branch 'dgoulet/ticket27040_035_01' 2018-09-14 12:54:13 -04:00
Nick Mathewson
79f8641ee5 Merge branch 'nss_countbytes_squashed' 2018-09-14 12:45:30 -04:00
Nick Mathewson
ac93c911ce Allow malloc includes in tls library 2018-09-14 12:44:56 -04:00
Nick Mathewson
126819c947 Add support for lower-level byte counting with NSS
This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't.  To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.

Closes ticket 27289.
2018-09-14 12:44:56 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb465be085 Revise our assertion and bug macros to work with -Wparentheses
On GCC and Clang, there's a feature to warn you about bad
conditionals like "if (a = b)", which should be "if (a == b)".
However, they don't warn you if there are extra parentheses around
"a = b".

Unfortunately, the tor_assert() macro and all of its kin have been
passing their inputs through stuff like PREDICT_UNLIKELY(expr) or
PREDICT_UNLIKELY(!(expr)), both of which expand to stuff with more
parentheses around "expr", thus suppressing these warnings.

To fix this, this patch introduces new macros that do not wrap
expr.  They're only used when GCC or Clang is enabled (both define
__GNUC__), since they require GCC's "({statement expression})"
syntax extension.  They're only used when we're building the
unit-test variant of the object files, since they suppress the
branch-prediction hints.

I've confirmed that tor_assert(), tor_assert_nonfatal(),
tor_assert_nonfatal_once(), BUG(), and IF_BUG_ONCE() all now give
compiler warnings when their argument is an assignment expression.

Fixes bug 27709.

Bugfix on 0.0.6, where we first introduced the "tor_assert()" macro.
2018-09-14 11:39:37 -04:00