Commit Graph

15590 Commits

Author SHA1 Message Date
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
Andrea Shepard
2a95f31716 Disable middle relay queue overfill detection code due to possible guard discovery attack 2013-06-15 02:16:00 -07:00
Nick Mathewson
d780cd5fd4 Merge branch 'circuit_queue_cap-0.2.3-squashed' into maint-0.2.3 2013-06-14 01:44:46 -04:00
Nick Mathewson
9e8c104ab8 Increase the limit so leaky pipe might work 2013-06-14 01:35:21 -04:00
Andrea Shepard
4cce58d3c2 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:39:04 -07:00
Nick Mathewson
4835faebf5 Merge branch 'bug9017' into maint-0.2.3 2013-06-10 12:25:14 -04:00
Nick Mathewson
77a1935339 Fix (Open?)BSD fast-connect bug with optimistic data.
There's an assertion failure that can occur if a connection has
optimistic data waiting, and then the connect() call returns 0 on the
first attempt (rather than -1 and EINPROGRESS).  That latter behavior
from connect() appears to be an (Open?)BSDism when dealing with remote
addresses in some cases. (At least, I've only seen it reported with
the BSDs under libevent, even when the address was 127.0.0.1.  And
we've only seen this problem in Tor with OpenBSD.)

Fixes bug 9017; bugfix on 0.2.3.1-alpha, which first introduced
optimistic data. (Although you could also argue that the commented-out
connection_start_writing in 155c9b80 back in 2002 is the real source
of the issue.)
2013-06-10 12:14:49 -04:00
Nick Mathewson
fe689de084 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-06-05 11:22:02 -04:00
Karsten Loesing
d34753174e Update to the June 2013 GeoIP database. 2013-06-05 08:43:03 +02:00
Nick Mathewson
78735f8778 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-05-20 12:34:59 -04:00
Karsten Loesing
f8053179c9 Update to the May 2013 GeoIP database. 2013-05-13 15:37:43 +02:00
Nick Mathewson
96d3219176 Merge branch 'bug8844_v2' into maint-0.2.3 2013-05-09 13:14:22 -04:00
Nick Mathewson
00e2310f12 Don't run off the end of the array-of-freelists
This is a fix for bug 8844, where eugenis correctly notes that there's
a sentinel value at the end of the list-of-freelists that's never
actually checked.  It's a bug since the first version of the chunked
buffer code back in 0.2.0.16-alpha.

This would probably be a crash bug if it ever happens, but nobody's
ever reported something like this, so I'm unsure whether it can occur.
It would require write_to_buf, write_to_buf_zlib, read_to_buf, or
read_to_buf_tls to get an input size of more than 32K.  Still, it's a
good idea to fix this kind of thing!
2013-05-09 13:10:48 -04:00
Nick Mathewson
39ac1db60e Avoid busy-looping on WANTREAD within connection_handle_write
Fix for bug 5650.  Also, if we get a WANTREAD while reading while
writing, make sure we're reading.
2013-04-12 01:11:31 -04:00
Nick Mathewson
9630fb917f Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-04-08 11:09:26 -04:00
Karsten Loesing
b41f03f6df Update to the April 2013 GeoIP database. 2013-04-08 12:18:40 +02:00
Nick Mathewson
ebb95d0f78 Merge remote-tracking branch 'public/bug8377' into maint-0.2.3 2013-03-18 15:27:50 -04:00
Nick Mathewson
c6ca199888 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-03-11 13:32:01 -04:00
Karsten Loesing
3dde6d5d29 Update to the March 2013 GeoIP database. 2013-03-07 20:58:31 +01:00
Nick Mathewson
165b2c0123 Add unit test for tor_addr_is_loopback 2013-03-01 12:40:41 -05:00
Nick Mathewson
b528aaef03 Make sure that [::1] is recognized as a private address
Fixes bug 8377; bugfix on 0.2.1.3-alpha.
2013-03-01 12:22:57 -05:00
Nick Mathewson
5e0ce4c578 oops; add a missing semicolon
(Cherry-picked from fc35ee4910)
2013-02-12 10:51:20 -05:00
Nick Mathewson
e3578d52e4 Check whether ei is non-NULL before altering it.
This fixes a crash bug if we fail to generate an extrainfo
descriptor.

Fixes bug 8208; bugfix on 0.2.3.16-alpha.
2013-02-11 16:05:03 -05:00
Nick Mathewson
b840b76b04 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-02-08 10:36:34 -05:00
Karsten Loesing
adff7f944a Update to the February 2013 GeoIP database. 2013-02-08 14:39:25 +01:00
Nick Mathewson
ae15b55173 Merge branch 'bug7889_023' into maint-0.2.3 2013-01-15 16:30:07 -05:00
Nick Mathewson
1625cddf3a Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-01-14 14:24:19 -05:00
Nick Mathewson
4ccf09b1c2 Reject create/begin/etc cells with {circ,stream}ID 0.
Otherwise, it's possible to create streams or circuits with these
bogus IDs, leading to orphaned circuits or streams, or to ones that
can cause bandwidth DOS problems.

Fixes bug 7889; bugfix on all released Tors.
2013-01-14 14:02:13 -05:00
Karsten Loesing
32114d70ae Update to the January 2013 GeoIP database. 2013-01-05 08:18:26 +01:00
Nick Mathewson
52bf1556b1 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-12-13 12:51:28 -05:00
Karsten Loesing
6bdfa295b5 Add link explaining how the geoip file was created. 2012-12-13 08:45:25 +01:00
Karsten Loesing
c9a5d613a6 Update to the December 2012 GeoIP database. 2012-12-13 08:44:30 +01:00
Karsten Loesing
d2cfd52d2c Update to the November 2012 GeoIP database. 2012-12-13 08:44:20 +01:00
Roger Dingledine
88bb48e785 use a more logical operator
Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set.

Fixes bug 7464; bugfix on 0.2.3.9-alpha.
2012-11-12 23:47:21 -05:00
Nick Mathewson
e567b4482a Turn a memwipe in tor_process_handle_destroy() back to memset
It broke linking on tor-resolve.c, and it's not actually sanitizing
anything sensitive.  Fix for bug 7420; bug not on ony released Tor.
2012-11-08 19:59:54 -05:00
Nick Mathewson
9ad4776e61 Merge branch 'bug7352_023_rebased' into maint-0.2.3 2012-11-08 16:45:46 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Nick Mathewson
758428dd32 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node.
2012-10-23 22:58:38 -04:00
Nick Mathewson
b99457d429 Make unit test for bug7191 work with new smartlist_new() name 2012-10-23 21:49:46 -04:00
Nick Mathewson
b0646cc142 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-23 21:48:50 -04:00
Andrea Shepard
cb693ef56e Add some unit tests for smartlist_bsearch_idx() on short lists
Conflicts:
	src/test/test_containers.c
2012-10-23 21:35:30 -04:00
Nick Mathewson
3365def68b Add a changes file for bug 7191. 2012-10-23 21:35:30 -04:00
Nick Mathewson
8905789170 Fix binary search on lists of 0 or 1 element.
The implementation we added has a tendency to crash with lists of 0 or
one element.  That can happen if we get a consensus vote, v2
consensus, consensus, or geoip file with 0 or 1 element.  There's a
DOS opportunity there that authorities could exploit against one
another, and which an evil v2 authority could exploit against anything
downloading v2 directory information..

This fix is minimalistic: It just adds a special-case for 0- and
1-element lists.  For 0.2.4 (the current alpha series) we'll want a
better patch.

This is bug 7191; it's a fix on 0.2.0.10-alpha.
2012-10-23 21:32:26 -04:00
Roger Dingledine
2ecee3fce2 Let 0.2.3 clients exit to internal addresses if they want
Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
2012-10-23 17:18:01 -04:00
Nick Mathewson
85659d3964 Fix parse_short_policy (bug 7192.)
Our implementation of parse_short_policy was screwed up: it would
ignore the last character of every short policy.  Obviously, that's
broken.

This patch fixes the busted behavior, and adds a bunch of unit tests
to make sure the rest of that function is okay.

Fixes bug 7192; fix on 0.2.3.1-alpha.
2012-10-23 13:49:48 -04:00
Roger Dingledine
4c8b58f900 add a unit test to expose bug 7192 2012-10-22 17:09:43 -04:00
Nick Mathewson
1cc06bd35e Merge branch 'block_renegotiate_023' into maint-0.2.3 2012-10-19 14:30:31 -04:00
Nick Mathewson
b6931b0105 Merge branch 'bug7149' into maint-0.2.3 2012-10-19 03:02:57 -04:00
Robert Ransom
d3bfdd6108 Don't serve or accept v2 HS descs over a DirPort
(changes file tweaked by nickm)
2012-10-19 02:56:25 -04:00
Nick Mathewson
a0e9dc9f55 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-19 00:58:33 -04:00