Commit Graph

14228 Commits

Author SHA1 Message Date
Sebastian Hahn
2dec6597af Merge branch 'maint-0.2.2_secfix' into master_secfix
Conflicts:
	src/common/tortls.c
	src/or/connection_or.c
	src/or/dirserv.c
	src/or/or.h
2011-10-27 00:38:45 +02:00
Robert Ransom
4684ced1b3 Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.

Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
2011-10-26 23:56:47 +02:00
Robert Ransom
00fffbc1a1 Don't give the Guard flag to relays without the CVE-2011-2768 fix 2011-10-26 23:42:39 +02:00
Robert Ransom
4d0f152aad Make tor_version_same_series non-static 2011-10-26 23:36:30 +02:00
Sebastian Hahn
df05e5ef4d Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix
Conflicts:
	src/or/connection_or.c
2011-10-26 23:30:27 +02:00
Robert Ransom
a74e7fd40f Reject create cells on outgoing OR connections from bridges 2011-10-26 23:21:14 +02:00
Robert Ransom
c05bb53508 Mark which OR connections are outgoing 2011-10-26 23:21:11 +02:00
Robert Ransom
af12c39d6d Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND
Fix suggested by Nick Mathewson.
2011-10-26 23:20:56 +02:00
Nick Mathewson
638fdedcf1 Don't send a certificate chain on outgoing TLS connections from non-relays 2011-10-26 23:20:56 +02:00
Roger Dingledine
2c4e89b867 Merge branch 'maint-0.2.2' 2011-10-26 17:15:09 -04:00
Roger Dingledine
f85c56182f Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-26 17:14:39 -04:00
Nick Mathewson
a166f10414 Remove the -F option from tor-resolve.
It used to mean "Force": it would tell tor-resolve to ask tor to
resolve an address even if it ended with .onion.  But when
AutomapHostsOnResolve was added, automatically refusing to resolve
.onion hosts stopped making sense.  So in 0.2.1.16-rc (commit
298dc95dfd), we made tor-resolve happy to resolve anything.

The -F option stayed in, though, even though it didn't do anything.
Oddly, it never got documented.

Found while fixing GCC 4.6 "set, unused variable" warnings.
2011-10-26 17:13:04 -04:00
Roger Dingledine
a68867b150 manually backport a5232e0c4c 2011-10-26 17:11:52 -04:00
Roger Dingledine
9625a2e8f5 Merge branch 'maint-0.2.2' 2011-10-26 16:36:59 -04:00
Roger Dingledine
41d9d3f904 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-26 16:34:45 -04:00
Roger Dingledine
c21c8daaaf closer to a changelog for the next alpha 2011-10-26 16:13:53 -04:00
Roger Dingledine
cecc5b7aa1 stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-10-26 22:09:44 +02:00
Nick Mathewson
55d9e4b8ba Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Robert Ransom
62c29a93ba Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-10-26 22:09:44 +02:00
Sebastian Hahn
9082898944 Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Nick Mathewson
6df3869f3b Merge branch 'cov_run224_squashed' 2011-10-26 13:22:51 -04:00
Nick Mathewson
ce6a2c2f14 Changelog for recent coverity issues 2011-10-26 13:22:20 -04:00
Nick Mathewson
b1632c3fb7 Fix memory leak in retry_all_listeners: Coverity CID 485 2011-10-26 13:22:20 -04:00
Nick Mathewson
097ed9998b Fix memory leak in options_act_reversible: fix Coverity CID 486,487 2011-10-26 13:22:13 -04:00
Nick Mathewson
e0a053be01 Do not tread vpadding cell as versions cell. Not in any released version. 2011-10-26 11:50:50 -04:00
George Kadianakis
9d53c00911 Fix a NULL pointer dereference in parse_server_transport_line(). 2011-10-26 11:21:11 -04:00
Nick Mathewson
beb9097bed Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-26 11:08:19 -04:00
Nick Mathewson
4a1a89be0c Merge remote-tracking branch 'public/cov_run224_022' into maint-0.2.2 2011-10-26 11:07:28 -04:00
Sebastian Hahn
34f12437d4 Fix a couple of pluggable transport bugs
Fix coverity complaints 490, 491 and 492. Especially the one in
parse_client_transport_line() could've been a remotely triggerable
segfault, I think.
2011-10-26 16:49:24 +02:00
Nick Mathewson
d0a91386e5 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2011-10-26 14:20:47 +02:00
Sebastian Hahn
3a890b3b70 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2011-10-26 14:17:01 +02:00
Nick Mathewson
dc557e8164 Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2011-10-26 14:16:54 +02:00
Nick Mathewson
2a2301e411 Rename get_client_identity_key to get_tlsclient_identity_key 2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:16:20 +02:00
Nick Mathewson
299a78c5fe Make crypto_free_pk_env tolerate NULL arg in 0.2.1. Error-proofing against bug 988 backport 2011-10-26 14:14:05 +02:00
Robert Ransom
9976df9e56 Maintain separate server and client TLS contexts.
Fixes bug #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:13:55 +02:00
Robert Ransom
8781640111 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:08:36 +02:00
Robert Ransom
07ab559a8e Add public_server_mode function. 2011-10-26 14:03:43 +02:00
Roger Dingledine
03fea3ae91 Merge branch 'maint-0.2.2' 2011-10-26 07:53:49 -04:00
Roger Dingledine
9af3a3c419 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-26 07:47:42 -04:00
Nick Mathewson
c5a3664f27 Fix zlib macro brokenness on osx with zlib 1.2.4 and higher.
From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.
2011-10-26 07:30:11 -04:00
Roger Dingledine
a518dd6650 Merge branch 'maint-0.2.2' 2011-10-25 19:34:42 -04:00
Roger Dingledine
ac115f1125 unmangle the fingerprint example in the man page
Remove a confusing dollar sign from the example fingerprint in the
man page, and also make example fingerprint a valid one.
2011-10-25 18:24:37 -04:00
Nick Mathewson
aa3c709220 Merge branch 'ticket4294' 2011-10-25 17:53:55 -04:00
Nick Mathewson
7ab0b5ff71 Avoid likely memory fragmentation from rep_hist_note_descs_served
When you're doing malloc(sizeof(int)), something may well have gone
wrong.

This technique is a bit abusive, but we're already relying on it
working correctly in geoip.c.
2011-10-25 17:53:26 -04:00
Sebastian Hahn
7fbc018433 Add percentiles to the desc stats reporting
To get a better idea what's going on on Tonga, add some code to report
how often the most and least frequently fetched descriptor was fetched,
as well as 25, 50, 75 percentile.

Also ensure we only count bridge descriptors here.
2011-10-25 16:47:27 +02:00
Nick Mathewson
ea0518f209 Merge remote-tracking branch 'sebastian/bug4293' 2011-10-24 10:21:09 -04:00
Sebastian Hahn
f885c60501 Don't initialize desc stats for non-bridgedirauth nodes
Also make sure that calling rep_hist_note_desc_served() while stats
aren't initialized just returns.

Bug spotted by SwissTorHelp. Thanks!
2011-10-24 14:54:22 +02:00
Roger Dingledine
d5bb0d7789 checkpoint: fold in changes files 2011-10-24 02:56:35 -04:00
Roger Dingledine
2e295ae46e bump to 0.2.3.5-alpha-dev 2011-10-23 13:38:12 -04:00