Commit Graph

18800 Commits

Author SHA1 Message Date
Nick Mathewson
93b28972c1 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-08-03 08:44:31 -04:00
Nick Mathewson
9696021593 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-08-03 08:44:31 -04:00
Nick Mathewson
f33c96610f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-03 08:44:31 -04:00
Nick Mathewson
e220e6e437 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-03 08:44:31 -04:00
Karsten Loesing
1280de42a4 Update geoip and geoip6 to the August 3 2017 database. 2017-08-03 10:00:54 +02:00
Nick Mathewson
a9a8d53dec Merge branch 'bug23071_031' into maint-0.3.1 2017-08-02 12:51:42 -04:00
Nick Mathewson
ee849ee8b6 Make the hs_ntor_ref logic more correct when there is no sha3 module 2017-08-02 12:44:46 -04:00
Nick Mathewson
8925e84beb version bump to 0.3.0.10-dev 2017-08-02 12:28:34 -04:00
Nick Mathewson
4f7955d5de Bump to 0.3.0.10 2017-08-01 14:38:49 -04:00
David Goulet
ff9c529667 hs: Cleanup logging statement in hs_intropoint.c
One log statement was a warning and has been forgotten. It is triggered for a
successful attempt at introducting from a client.

It has been reported here:
https://lists.torproject.org/pipermail/tor-relays/2017-August/012689.html

Three other log_warn() statement changed to protocol warning because they are
errors that basically can come from the network and thus triggered by anyone.

Fixes #23078.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-01 14:15:47 -04:00
Nick Mathewson
9c294d29ea bump to 0.3.1.5-alpha-dev 2017-08-01 12:08:30 -04:00
Nick Mathewson
58e1c6dd86 Merge remote-tracking branch 'public/bug19769_19025_029' into maint-0.2.9 2017-08-01 11:30:29 -04:00
Nick Mathewson
8500f0e4e1 Merge remote-tracking branch 'public/bug20059_024_v2' into maint-0.2.9 2017-08-01 11:28:36 -04:00
Nick Mathewson
84c4a2bc3f Merge remote-tracking branch 'public/bug20270_029' into maint-0.3.0 2017-08-01 11:24:02 -04:00
Nick Mathewson
7c68b2f1a5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:23:00 -04:00
Nick Mathewson
2b94b0ea72 Merge remote-tracking branch 'public/bug22245_024' into maint-0.2.9 2017-08-01 11:22:42 -04:00
Nick Mathewson
1d48712c28 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:21:19 -04:00
Nick Mathewson
f6ecda8400 Merge remote-tracking branch 'public/bug18100_029' into maint-0.2.9 2017-08-01 11:21:14 -04:00
Nick Mathewson
4a19498edc Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-01 11:19:30 -04:00
Nick Mathewson
9d24a352c0 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:19:30 -04:00
Nick Mathewson
0e7558ab64 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-08-01 11:19:29 -04:00
Nick Mathewson
925ef048a9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-08-01 11:19:29 -04:00
Nick Mathewson
a48ae2aa67 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-08-01 11:19:29 -04:00
Nick Mathewson
6862eada65 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-08-01 11:19:29 -04:00
Nick Mathewson
0bfd1c318c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-08-01 11:19:28 -04:00
Nick Mathewson
ec99f038fa Improve the keypin failure message
Closes the human-factors part of ticket 22348.
2017-07-31 20:40:23 -04:00
Nick Mathewson
8b5b7d470f Fix the hs_ntor integration tests to work with the pysha3 module
The sha3 module should still work.  Fixes bug 23071; bugfix on
0.3.1.1-alpha.
2017-07-31 20:28:42 -04:00
Nick Mathewson
2cb8c8d99f Bump to 0.3.1.5-alpha 2017-07-31 14:29:33 -04:00
Nick Mathewson
eb677c5870 Fix an unreachable memory leak in the unit tests
This is CID 1415726.
2017-07-28 09:52:34 -04:00
Nick Mathewson
911e2dc530 Merge branch 'bug23053_029' into maint-0.3.1 2017-07-28 09:50:16 -04:00
Nick Mathewson
9a0f38a349 Fix a small memory leak when parsing unix: ports twice
Fixes bug 23053; CID 1415725.
2017-07-28 09:49:42 -04:00
Nick Mathewson
af3079a492 Try to work around a compile warning in workqueue.c 2017-07-27 20:32:59 -04:00
Nick Mathewson
ba334c00da Merge branch 'multi-priority_squashed' into maint-0.3.1 2017-07-27 16:29:34 -04:00
Nick Mathewson
fdd8156ea3 Fix the cpuworker.c documentation to mention all the kinds of work 2017-07-27 16:28:59 -04:00
Nick Mathewson
f5a852de91 Note that threadpool_queue_work...() can't actually return NULL 2017-07-27 16:28:59 -04:00
Nick Mathewson
250c88014d Always start with one additional worker thread
Now that half the threads are permissive and half are strict, we
need to make sure we have at least two threads, so that we'll
have at least one of each kind.
2017-07-27 16:28:59 -04:00
Nick Mathewson
0ae0b5aa41 Queue consensus diffs at LOW priority.
Fixes bug 22883.
2017-07-27 16:28:59 -04:00
Nick Mathewson
bddea78ded Fix a pair of stale comments in workqueue.c
These comments said that each thread had a separate queue, but we
haven't been using that design for some while.
2017-07-27 16:28:59 -04:00
Nick Mathewson
efadebf7c3 Make the chance for priority inversion thread-specific
Instead of choosing a lower-priority job with a 1/37 chance, have
the chance be 1/37 for half the threads, and 1/2147483647 for the
other half.  This way if there are very slow jobs of low priority,
they shouldn't be able to grab all the threads when there is better
work to do.
2017-07-27 16:28:59 -04:00
Nick Mathewson
10e0bff4ca Add support for multi-priority workqueues
Each piece of queued work now has an associated priority value; each
priority goes on a separate queue.

With probability (N-1)/N, the workers will take work from the highest
priority nonempty queue.  Otherwise, they'll look for work in a
queue of lower priority.  This behavior is meant to prevent
starvation for lower-priority tasks.
2017-07-27 16:28:05 -04:00
cypherpunks
89c0a00a9a Remove unused variables in donna's SSE2 code
Fixes unused-const-variable warnings with GCC on 32-bit x86 systems.

Closes #22895.
2017-07-27 11:26:13 -04:00
Nick Mathewson
ced2dd5f92 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-27 08:23:37 -04:00
Nick Mathewson
ad35e595e5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-27 08:23:36 -04:00
Nick Mathewson
24ddf5862e Merge remote-tracking branch 'public/bug20247_029' into maint-0.2.9 2017-07-27 08:23:34 -04:00
Nick Mathewson
431c8d09ee Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:58:22 -04:00
Nick Mathewson
18734d3b25 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:58:22 -04:00
Nick Mathewson
32b9edeb91 Fix build warnings from Coverity related to our BUG macro
In the Linux kernel, the BUG() macro causes an instant panic.  Our
BUG() macro is different, however: it generates a nonfatal assertion
failure, and is usable as an expression.

Additionally, this patch tells util_bug.h to make all assertion
failures into fatal conditions when we're building with a static
analysis tool, so that the analysis tool can look for instances
where they're reachable.

Fixes bug 23030.
2017-07-26 12:57:49 -04:00
Nick Mathewson
30a98c765f Merge branch 'bug22927_031' into maint-0.3.1 2017-07-26 12:54:37 -04:00
Nick Mathewson
3c017e823b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:53:38 -04:00
Nick Mathewson
d068f3359f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:53:38 -04:00
Nick Mathewson
6d3c5b8fb5 Merge branch 'bug22915_029_2' into maint-0.2.9 2017-07-26 12:53:13 -04:00
Nick Mathewson
fca1934c88 Suppress clang4-specific -Wdouble-promotion warnings
Wow, it sure seems like some compilers can't implement isnan() and
friends in a way that pleases themselves!

Fixes bug 22915. Bug trigged by 0.2.8.1-alpha and later; caused by
clang 4.
2017-07-26 12:53:00 -04:00
Nick Mathewson
2ae51ed5e2 Fix zstd 1.3.0 trouble: Be more respectful of its state machine
In zstd 1.3.0, once you have called ZSTD_endStream and been told
that your putput buffer is full, it really doesn't want you to call
ZSTD_compressStream again.  ZSTD 1.2.0 didn't seem to mind about
this.

This patch fixes the issue by making sure never to call
ZSTD_endStream if there's any more data on the input buffer to
process, by flushing even when we're about to call "endStream", and
by never calling "compress" or "flush" after "endStream".
2017-07-14 16:31:29 -04:00
Nick Mathewson
f5d2f79aca Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-14 09:11:14 -04:00
Nick Mathewson
52c1754ff6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-14 09:11:14 -04:00
Nick Mathewson
3a7d757140 Merge branch 'bug22916_027' into maint-0.2.9 2017-07-14 09:11:08 -04:00
Nick Mathewson
bbc75faed1 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-14 09:06:44 -04:00
Nick Mathewson
c1afbbe8fe Merge branch 'bug22803_030' into maint-0.3.0 2017-07-14 09:06:33 -04:00
Nick Mathewson
3cec1783b7 Fix compiler warnings with openssl-scrypt/libscrypt test on clang
Clang didn't like that we were passing uint64_t values to an API
that wanted uint32_t.  GCC has either not cared, or has figured out
that the values in question were safe to cast to uint32_t.

Fixes bug22916; bugfix on 0.2.7.2-alpha.
2017-07-13 17:49:48 -04:00
Nick Mathewson
66258f8878 Merge branch 'fewer-diffs' into maint-0.3.1 2017-07-13 16:55:02 -04:00
Nick Mathewson
1ea155b28f Merge branch 'bug22520_031' into maint-0.3.1 2017-07-13 16:52:16 -04:00
Nick Mathewson
e6d2059751 Merge remote-tracking branch 'isis/bug22830_0.3.1' into maint-0.3.1 2017-07-13 16:51:09 -04:00
Chelsea H. Komlo
eb355e031e
use CARGO_HOME instead of HOME when building with rust 2017-07-13 18:12:35 +00:00
Nick Mathewson
abb9a5bdda New configuration option MaxConsensusAgeForDiffs
Relay operators (especially bridge operators) can use this to lower
or raise the number of consensuses that they're willing to hold for
diff generation purposes.

This enables a workaround for bug 22883.
2017-07-12 13:15:16 -04:00
Nick Mathewson
5636b160d4 Merge branch 'bug22349_029' into maint-0.3.1 2017-07-12 10:15:49 -04:00
Nick Mathewson
e111cfcd54 Restore openssl and libscrypt includes in test_crypto_slow.c
This reverts part of commit 706c44a6ce.

It was a mistake to remove these includes: they were needed on
systems where we have openssl 1.1.0 *and* libscrypt, and where we
were validating the one against the other.

Fixes bug 22892; bugfix on 0.3.1.1-alpha.
2017-07-12 09:23:15 -04:00
Matt Traudt
1ff98a7e89 Make consdiff tests pass on OS X too 2017-07-10 15:27:01 -04:00
Nick Mathewson
63ceadb485 Use LANG_ENGLISH in windows error messages
This change prevents us from generating corrupt messages when we
are confused about codepage settings, and makes Windows errors
consistent with the rest of our logs.

Fixes bug 22520; bugfix on 0.1.2.8-alpha.  Patch from "Vort".
2017-07-07 13:12:45 -04:00
Nick Mathewson
ed0fb21834 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-07 10:56:31 -04:00
Nick Mathewson
66c85cd881 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-07 10:56:31 -04:00
Nick Mathewson
ae756f251f mingw fix: avoid "unused var" warning.
This is a backport of 19615bce64 to
fix bug 22838.
2017-07-07 10:54:24 -04:00
Karsten Loesing
b6acfa491e Update geoip and geoip6 to the July 4 2017 database. 2017-07-07 16:27:54 +02:00
Nick Mathewson
9919638e98 Fix a wide line from 22207 2017-07-05 17:37:06 -04:00
Nick Mathewson
2251667ff2 Merge remote-tracking branch 'karsten/task-22207' into maint-0.3.1 2017-07-05 17:00:43 -04:00
Nick Mathewson
55777b3ff9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 16:11:48 -04:00
Nick Mathewson
15b13578e8 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 16:11:48 -04:00
Nick Mathewson
dfc0614840 Only disable -Wfloat-conversion on mingw when it exists.
The 22081 fix disabled -Wfloat-conversion, but -Wfloat-conversion
didn't exist in every relevant mingw; it was added in GCC 4.9.x some
time, if the documentation can be trusted.

Bug not in any released version of tor.
2017-07-05 16:10:45 -04:00
Nick Mathewson
9383fa3851 Fix mixed-sign comparison warning in fix for 22797. 2017-07-05 15:56:57 -04:00
Nick Mathewson
759154b1ad Fix unit test memory leak in certs_ok_ed25519.
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
2017-07-05 15:42:25 -04:00
Nick Mathewson
546f5b364b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 13:43:31 -04:00
Nick Mathewson
5434b2451e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 13:43:31 -04:00
Nick Mathewson
32c0066e4b Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-05 13:43:21 -04:00
Nick Mathewson
5ff0f1ab9e Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-05 13:42:47 -04:00
Nick Mathewson
6cd6d488dc Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-05 13:42:37 -04:00
Nick Mathewson
f6420bceec Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-05 13:42:32 -04:00
Nick Mathewson
ff8c230d7c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-05 13:42:26 -04:00
Nick Mathewson
16d2bce893 Allow setsockopt(IPV6_V6ONLY) in sandbox.
Fixes bug 20247.  We started setting V6ONLY in 0.2.3.13-alpha and
added the sandbox on 0.2.5.1-alpha.
2017-07-05 13:09:21 -04:00
Nick Mathewson
8bc70a2ad2 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 11:19:03 -04:00
Nick Mathewson
0f97f963e3 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 11:19:03 -04:00
Nick Mathewson
bb97f680e7 Merge branch 'bug22801_028' into maint-0.2.9 2017-07-05 11:18:59 -04:00
Nick Mathewson
e88aa98451 Merge branch 'teor-bug22797-025' into maint-0.3.1 2017-07-05 11:16:30 -04:00
teor
878e0d45a5 Always allow extra file descriptors when setting the connection maximum
When setting the maximum number of connections allowed by the OS,
always allow some extra file descriptors for other files.

Fixes bug 22797; bugfix on 0.2.0.10-alpha.
2017-07-05 11:15:10 -04:00
Nick Mathewson
bb3f74e66b Fix assertion failure related to openbsd strtol().
Fixes bug 22789; bugfix on 0.2.3.8-alpha.
2017-07-03 11:22:27 -04:00
Nick Mathewson
5361032219 Fix -Wfloat-conversion C warnings on mingw in clamp_double_to_int64.
We just have to suppress these warnings: Mingw's math.h uses gcc's
__builtin_choose_expr() facility to declare isnan, isfinite, and
signbit.  But as implemented in at least some versions of gcc,
__builtin_choose_expr() can generate type warnings even from
branches that are not taken.

Fixes bug 22801; bugfix on 0.2.8.1-alpha.
2017-07-03 10:59:31 -04:00
Nick Mathewson
83dc072e67 Bump version to 0.3.1.4-alpha-dev 2017-06-29 18:45:49 -04:00
Nick Mathewson
d9427c00df bump to 0.3.0.9-dev 2017-06-29 18:44:43 -04:00
Nick Mathewson
a53573559f Bump 0.3.1 to 0.3.1.4-alpha 2017-06-29 16:36:50 -04:00
Nick Mathewson
98ffb2e722 Update maint-0.3.0 to 0.3.0.9 2017-06-29 16:35:40 -04:00
Nick Mathewson
1712dc98b0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-29 15:57:48 -04:00
Nick Mathewson
52c4440c48 Merge branch 'trove-2017-006' into maint-0.3.0 2017-06-29 15:57:42 -04:00
Nick Mathewson
31a08ba26f Merge remote-tracking branch 'public/bug22670_031' into maint-0.3.1 2017-06-29 11:34:06 -04:00
Nick Mathewson
88666d0482 Adjust unit tests to account for fix to bug 22753.
Our mock network put all the guards on the same IPv4 address, which
doesn't fly when we start applying EnforceDistinctSubnets.  So in
this commit, I disable EnforceDistinctSubnets when running the old
guard_restriction_t test.

This commit also adds a regression test for #22753.
2017-06-29 10:11:21 -04:00
Nick Mathewson
665baf5ed5 Consider the exit family when applying guard restrictions.
When the new path selection logic went into place, I accidentally
dropped the code that considered the _family_ of the exit node when
deciding if the guard was usable, and we didn't catch that during
code review.

This patch makes the guard_restriction_t code consider the exit
family as well, and adds some (hopefully redundant) checks for the
case where we lack a node_t for a guard but we have a bridge_info_t
for it.

Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006
and CVE-2017-0377.
2017-06-29 09:57:00 -04:00
Nick Mathewson
a088a08eeb Log real error message when unable to remove a storagedir file
Attempts to help diagnose 22752.
2017-06-28 14:24:27 -04:00
Nick Mathewson
de5f0d8ba7 Replace crash on missing handle in consdiffmgr with nonfatal assert
Attempts to mitigate 22752.
2017-06-28 14:21:21 -04:00
Nick Mathewson
4c21d4ef7a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-28 14:03:23 -04:00
Nick Mathewson
ec9c6d7723 Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 2017-06-28 14:03:20 -04:00
Nick Mathewson
4060253749 Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 2017-06-28 13:57:54 -04:00
Nick Mathewson
75c6fdd286 whitespace fix 2017-06-28 13:53:52 -04:00
Nick Mathewson
e84127d99e Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 2017-06-28 13:48:52 -04:00
Alexander Færøy
c239b2fc9c Fix crash in LZMA module when the Sandbox is enabled.
This patch fixes a crash in our LZMA module where liblzma will allocate
slightly more data than it is allowed to by its limit, which leads to a
crash.

See: https://bugs.torproject.org/22751
2017-06-28 10:00:24 -04:00
Alexander Færøy
0a4af86335 Return "304 not modified" if a client already have the most recent consensus.
This makes our directory code check if a client is trying to fetch a
document that matches a digest from our latest consensus document.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Alexander Færøy
07f2940b45 Set published_out for consensus cache entries in spooled_resource_estimate_size().
This patch ensures that the published_out output parameter is set to the
current consensus cache entry's "valid after" field.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Nick Mathewson
f367453cb5 Mark descriptors as undownloadable when dirserv_add_() rejects them
As of ac2f6b608a in 0.2.1.19-alpha,
Sebastian fixed bug 888 by marking descriptors as "impossible" by
digest if they got rejected during the
router_load_routers_from_string() phase. This fix stopped clients
and relays from downloading the same thing over and over.

But we never made the same change for descriptors rejected during
dirserv_add_{descriptor,extrainfo}.  Instead, we tried to notice in
advance that we'd reject them with dirserv_would_reject().

This notice-in-advance check stopped working once we added
key-pinning and didn't make a corresponding key-pinning change to
dirserv_would_reject() [since a routerstatus_t doesn't include an
ed25519 key].

So as a fix, let's make the dirserv_add_*() functions mark digests
as undownloadable when they are rejected.

Fixes bug 22349; I am calling this a fix on 0.2.1.19-alpha, though
you could also argue for it being a fix on 0.2.7.2-alpha.
2017-06-27 12:01:46 -04:00
Nick Mathewson
3483f7c003 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-27 11:04:44 -04:00
Nick Mathewson
9a0fd2dbb1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-27 11:04:44 -04:00
Nick Mathewson
3de27618e6 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-27 11:04:44 -04:00
Nick Mathewson
ccae991662 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-27 11:04:44 -04:00
Nick Mathewson
a242d194c7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-27 11:04:44 -04:00
Nick Mathewson
711160a46f Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-27 11:04:44 -04:00
Nick Mathewson
32eba3d6aa Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-27 11:04:44 -04:00
Nick Mathewson
8d2978b13c Fix an errant memset() into the middle of a struct in cell_pack().
This mistake causes two possible bugs. I believe they are both
harmless IRL.

BUG 1: memory stomping

When we call the memset, we are overwriting two 0 bytes past the end
of packed_cell_t.body. But I think that's harmless in practice,
because the definition of packed_cell_t is:

// ...
typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE];
  uint32_t inserted_time;
} packed_cell_t;

So we will overwrite either two bytes of inserted_time, or two bytes
of padding, depending on how the platform handles alignment.

If we're overwriting padding, that's safe.

If we are overwriting the inserted_time field, that's also safe: In
every case where we call cell_pack() from connection_or.c, we ignore
the inserted_time field. When we call cell_pack() from relay.c, we
don't set or use inserted_time until right after we have called
cell_pack(). SO I believe we're safe in that case too.

BUG 2: memory exposure

The original reason for this memset was to avoid the possibility of
accidentally leaking uninitialized ram to the network. Now
remember, if wide_circ_ids is false on a connection, we shouldn't
actually be sending more than 512 bytes of packed_cell_t.body, so
these two bytes can only leak to the network if there is another bug
somewhere else in the code that sends more data than is correct.

Fortunately, in relay.c, where we allocate packed_cell_t in
packed_cell_new() , we allocate it with tor_malloc_zero(), which
clears the RAM, right before we call cell_pack. So those
packed_cell_t.body bytes can't leak any information.

That leaves the two calls to cell_pack() in connection_or.c, which
use stack-alocated packed_cell_t instances.

In or_handshake_state_record_cell(), we pass the cell's contents to
crypto_digest_add_bytes(). When we do so, we get the number of
bytes to pass using the same setting of wide_circ_ids as we passed
to cell_pack(). So I believe that's safe.

In connection_or_write_cell_to_buf(), we also use the same setting
of wide_circ_ids in both calls. So I believe that's safe too.

I introduced this bug with 1c0e87f6d8
back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591
2017-06-27 10:47:20 -04:00
Nick Mathewson
fd16dd2608 Merge branch 'bug22719_031' into maint-0.3.1 2017-06-27 10:31:33 -04:00
Nick Mathewson
32596016a2 Merge branch 'bug22105_031' into maint-0.3.1 2017-06-26 14:30:17 -04:00
Nick Mathewson
d72cfb259d Patch for 22720 from huyvq: exit(1) more often
See changes file for full details.
2017-06-26 14:14:56 -04:00
Nick Mathewson
8f59661dba Merge branch 'bug22212_squashed' into maint-0.3.1 2017-06-26 11:27:09 -04:00
Mike Perry
0592ee45fc Demote a log message due to libevent delays.
This is a side-effect of being single-threaded. The worst cases of this are
actually Bug #16585.
2017-06-26 11:26:59 -04:00
Nick Mathewson
0c7c49483f Fix a coverity warning about a no-op assert with-64 bit size_t
This is CID 1403400
2017-06-26 10:31:13 -04:00
Nick Mathewson
b546d8bc2b Try a little harder to make sure we never call tor_compress_process wrong. 2017-06-26 09:39:59 -04:00
Mike Perry
79e2e4d3cb Ticket #17857: Padding off-switch for single hop connections
This doesn't apply to currently active connections.. yet...
2017-06-23 16:53:39 -04:00
Nick Mathewson
2c49a9852d Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-22 10:56:08 -04:00
Nick Mathewson
bdd267e74d Combine our "don't do this if no consensus" entryguards checks
Suggested by asn on 22400 review.
2017-06-22 09:28:30 -04:00
Nick Mathewson
784b29a2bf Merge branch 'bug22356_029' into maint-0.3.1 2017-06-21 13:54:02 -04:00
Nick Mathewson
e51e7bd38b Merge branch 'bug22502_redux_031' into maint-0.3.1 2017-06-20 20:27:48 -04:00
Nick Mathewson
c999e84436 Merge branch 'bug22672_031' into maint-0.3.1 2017-06-20 20:26:45 -04:00
Nick Mathewson
392e5457b8 Merge remote-tracking branch 'argonblue/bug22638' into maint-0.3.1 2017-06-20 13:35:38 -04:00
Nick Mathewson
9328bd524e Enforce the rule that COMPRESS_OK means progress was made.
If COMPRESS_OK occurs but data is neither consumed nor generated,
treat it as a BUG and a COMPRESS_ERROR.

This change is meant to prevent infinite loops in the case where
we've made a mistake in one of our compression backends.

Closes ticket 22672.
2017-06-20 12:26:57 -04:00
Nick Mathewson
945256188a mingw/windows printf lacks %zd ; use %lu and casts instead
(This approach can lose accuracy, but it's only in debug-level messages.)

Fixes windows compilation. Bugfix on recent compress.c changes; bug
not in any released Tor.
2017-06-20 12:12:55 -04:00
Nick Mathewson
5537e1fc45 If we successfully decompress an HTTP body, return immediately.
This prevents us from calling
allowed_anonymous_connection_compression_method() on the unused
guessed method (if any), and rejecting something that was already
safe to use.
2017-06-20 12:08:12 -04:00
Nick Mathewson
d8cd68caf1 If a _guessed_ compression method fails, it is never PROTOCOL_WARN.
Rationale: When use a guessed compression method, we already gave a
PROTOCOL_WARN when our guess differed from the declared method,
AND we gave a PROTOCOL_WARN when the declared method failed.  It is
not a protocol problem that the guessed method failed too; it's just
a recovery attempt that failed.
2017-06-20 12:08:11 -04:00
Nick Mathewson
7b3161f008 It should be a PROTOCOL_WARN when we have an incorrect content-encoding.
Rationale: The server did not obey the protocol, and its
content-encoding got munged. That's what PROTOCOL_WARN is for.
2017-06-20 12:08:11 -04:00
Nick Mathewson
9018da06c7 Short-circuit the no-decompression-needed case, for clarity
This commit is mostly just deindentation.
2017-06-20 11:46:54 -04:00
Nick Mathewson
c0e9698fca Extract "decompress" portion of connection_dir_client_reached_eof() 2017-06-20 11:43:37 -04:00
Taylor Yu
25edb41e6f Fix compress_none.c header comment
The Doxygen \file markup for compress_none.c had the wrong filename.
Fixes #22638.
2017-06-20 11:27:17 -04:00
Nick Mathewson
782eb02b79 Send the correct content-encoding when serving cached_dir_t objects
A cached_dir_t object (for now) is always compressed with
DEFLATE_METHOD, but in handle_get_status_vote() to we were using the
general compression-negotiation code decide what compression to
claim we were using.

This was one of the reasons behind 22502.

Fixes bug 22669; bugfix on 0.3.1.1-alpha
2017-06-20 11:26:51 -04:00
Nick Mathewson
eb632afb17 Correct the fix to bug 22629 to permit trailing non-garbage
This change makes it so that we can decompress concatenated zstd
outputs.
2017-06-20 10:24:22 -04:00
Nick Mathewson
94a1b8b66c Add a unit test for decompressing concatenated inputs. 2017-06-20 10:21:35 -04:00
Nick Mathewson
1c0459f19a Merge remote-tracking branch 'teor/bug22502' into maint-0.3.1 2017-06-20 10:04:16 -04:00
Nick Mathewson
32e486de97 Don't expand guard sample set unless consensus is "reasonably live"
Fixes what I think is the main root cause of 22400. Bugfix on
0.3.0.1-alpha.
2017-06-19 15:48:47 -04:00
Nick Mathewson
1721487bea Remove hardwired libfuzzer path; closes 22105. 2017-06-19 15:35:46 -04:00
Nick Mathewson
e3efc076c5 Downgrade "assign_to_cpuworker failed" to INFO.
Closes ticket 22356
2017-06-19 15:24:33 -04:00
Nick Mathewson
eff5e29404 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-19 13:52:19 -04:00
Nick Mathewson
71c701927a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-19 13:52:19 -04:00
Nick Mathewson
59f29970fa Permit the fchmod system call.
Fixes bug 22516; bugfix on 0.2.5.4-alpha.
2017-06-16 14:03:02 -04:00
teor
7d535ea9d3
Add extra logging during compression and decompression
This helps diagnose failures.

Part of #22502.
2017-06-16 09:48:18 +10:00
teor
cbaf0c049c
Return TOR_COMPRESS_BUFFER_FULL when zstd has additional input
Fixes #22628.
2017-06-16 09:47:32 +10:00
teor
617e1da636
Remove a redundant conditional in tor_zstd_compress_process
Part of #22502
2017-06-16 09:46:46 +10:00
teor
7605bd528e
Move a comment to the right place in tor_zstd_compress_process
Part of #22502
2017-06-16 09:45:58 +10:00
teor
952c9073ad
Check for trailing input garbage in tor_compress_impl() when decompressing
Fixes #22629.
2017-06-16 09:41:29 +10:00
teor
8e1b37a4aa
Check if tor_compress_new() returns NULL in tor_compress_impl()
Partial fix to 22626.
2017-06-16 09:38:18 +10:00
Karsten Loesing
5b5e20a478 Add "fingerprint" line to bridge network status.
Implements #22207.
2017-06-11 10:21:36 +02:00
Nick Mathewson
493d9cd17b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-09 09:58:46 -04:00
Nick Mathewson
cd7d006e08 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-09 09:58:46 -04:00
Nick Mathewson
3f40d9ec20 Merge branch 'maint-0.3.0' 2017-06-09 09:58:46 -04:00
Nick Mathewson
307be8d4a7 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-09 09:58:45 -04:00
Nick Mathewson
24ee8595bf Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-09 09:58:45 -04:00
Nick Mathewson
3913f959e3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-09 09:58:45 -04:00
Nick Mathewson
325c507a09 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-09 09:58:45 -04:00
Karsten Loesing
104e8fa751 Update geoip and geoip6 to the June 8 2017 database. 2017-06-09 15:47:49 +02:00
Nick Mathewson
6e7551c50d Add -dev to version number. 2017-06-08 14:05:32 -04:00
Nick Mathewson
90758b2606 Add -dev to version number. 2017-06-08 14:05:29 -04:00
Nick Mathewson
5e554215dd Add -dev to version number. 2017-06-08 14:05:27 -04:00
Nick Mathewson
5c47b92747 Add -dev to version number. 2017-06-08 14:05:22 -04:00
Nick Mathewson
44c8cb986d Add -dev to version number. 2017-06-08 14:05:18 -04:00
Nick Mathewson
95a88f7283 Add -dev to version number. 2017-06-08 14:05:16 -04:00
Nick Mathewson
f3804f5999 Add -dev to version number. 2017-06-08 14:05:13 -04:00
Nick Mathewson
ec3ce773ad Add -dev to version number. 2017-06-08 14:05:08 -04:00
Nick Mathewson
792931d53d Bump to 0.2.8.14 2017-06-08 09:27:54 -04:00
Nick Mathewson
2efe0275bc Bump to 0.2.7.8 2017-06-08 09:27:34 -04:00
Nick Mathewson
0de4620375 Bump to 0.2.6.12 2017-06-08 09:26:20 -04:00
Nick Mathewson
fa73f59ad3 bump to 0.2.5.14 2017-06-08 09:26:00 -04:00
Nick Mathewson
8e439a66f3 Bump to 0.2.4.29 2017-06-08 09:25:31 -04:00
Nick Mathewson
b533220249 bump to 0.2.9.11 2017-06-08 09:24:38 -04:00
Nick Mathewson
a0664fd0c3 bump to 0.3.0.8 2017-06-08 09:24:28 -04:00
Nick Mathewson
78d4200abe Bump to 0.3.1.3-alpha. 2017-06-08 09:24:16 -04:00
Nick Mathewson
d15d09a968 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-08 09:21:15 -04:00
Nick Mathewson
c1646d6e89 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-08 09:21:15 -04:00
Nick Mathewson
40bccc2004 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-08 09:21:15 -04:00
Nick Mathewson
dec7998f5c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-08 09:21:15 -04:00
Nick Mathewson
987c7cae70 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-08 09:21:15 -04:00
Nick Mathewson
53011e3e54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-08 09:21:15 -04:00
Nick Mathewson
83135d75a3 Merge branch 'maint-0.3.0' 2017-06-08 09:21:15 -04:00
David Goulet
56a7c5bc15 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
On an hidden service rendezvous circuit, a BEGIN_DIR could be sent
(maliciously) which would trigger a tor_assert() because
connection_edge_process_relay_cell() thought that the circuit is an
or_circuit_t but is an origin circuit in reality.

Fixes #22494

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:21:10 -04:00
Nick Mathewson
9acca04025 Merge branch 'maint-0.3.0' 2017-06-08 09:17:32 -04:00
David Goulet
79b59a2dfc TROVE-2017-004: Fix assertion failure in relay_send_end_cell_from_edge_
This fixes an assertion failure in relay_send_end_cell_from_edge_() when an
origin circuit and a cpath_layer = NULL were passed.

A service rendezvous circuit could do such a thing when a malformed BEGIN cell
is received but shouldn't in the first place because the service needs to send
an END cell on the circuit for which it can not do without a cpath_layer.

Fixes #22493

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:14:10 -04:00
Nick Mathewson
9ab45d621c Merge branch 'maint-0.3.0' 2017-06-06 11:34:11 -04:00
Nick Mathewson
68c3df69de Repair the unit test behavior of my fix for 22508.
Apparently, the unit tests relied on being able to make ed->x509
link certs even when they hadn't set any server flags in the
options.  So instead of making "client" mean "never generate an
ed->x509 cert", we'll have it mean "it's okay not to generate an
ed->x509 cert".

(Going with a minimal fix here, since this is supposed to be a
stable version.)
2017-06-06 11:32:01 -04:00
Nick Mathewson
14ffcc003d Merge branch 'maint-0.3.0' 2017-06-06 09:32:45 -04:00
Nick Mathewson
4ed0f0d62f Make generate_ed_link_cert() a no-op on clients.
Fixes bug 22508; bug not in any released Tor.
2017-06-06 09:32:11 -04:00
Nick Mathewson
5343d2b03c Merge branch 'maint-0.3.0' 2017-06-05 16:35:40 -04:00