Nick Mathewson
44f0dfa53b
Use real pointers in unit tests, not (void*)101 etc
...
The clangalyzer hates (void*)101 etc
2014-09-02 13:56:54 -04:00
Nick Mathewson
32b88d2565
Don't include a backtrace test for dereferencing 0 under analyzers
...
They hate this.
2014-09-02 13:56:31 -04:00
Nick Mathewson
9b850f9200
Add more assertions to esc_for_log to please the clangalyzer.
2014-09-02 13:29:45 -04:00
Nick Mathewson
07a16b3372
Add an assertion to read_file_to_str_until_eof
...
The clangalyzer doesn't believe our math here. I'm pretty sure our
math is right. Also, add some unit tests.
2014-09-02 13:29:11 -04:00
Nick Mathewson
1a2f2c163f
Explicitly initialize addresses in tor_ersatz_socketpair
...
This should stop a false positive from the clangalyzer.
2014-09-02 12:58:32 -04:00
Nick Mathewson
57c48bf734
Apply the MALLOC_ZERO_WORKS fixup to tor_realloc as well.
...
Also, make MALLOC_ZERO_WORKS never get applied when clang analyzer is
running. This should make the clangalyzer a little happier.
2014-09-02 12:55:20 -04:00
Nick Mathewson
00ffccd9a6
Another clang analyzer complaint wrt HT_GENERATE
...
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product. But that makes any sane analyzer
worry about overflow.
This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h. Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956
Fix a number of clang analyzer false-positives
...
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.
Closes 13036. Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
67c0ad5426
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-09-01 16:23:34 -04:00
rl1987
8139db3725
Adding changes file.
2014-09-01 16:22:52 -04:00
Nick Mathewson
87f9c51f64
Avoid unsigned/sign compare warning from last patch.
2014-09-01 15:42:17 -04:00
Philip Van Hoof
60a3897ed9
Bounds check while looping over a fixed size table or array
...
(Edited to use existing ARRAY_LENGTH macro --nickm)
2014-09-01 15:40:47 -04:00
Nick Mathewson
f113a263de
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95
Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5
2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f
Downgrade "Unexpected onionskin length after decryption" warning
...
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.
Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd
Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
...
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.
Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Nick Mathewson
573d62748a
Fix some coverity warnings in new routerset tests
2014-08-29 15:09:27 -04:00
dana koch
c887e20e6a
Introduce full coverage tests for module routerset.c.
...
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
e72a5b3c07
Move secret-to-key functionality into a separate module
...
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20
Rename secret_to_key to secret_to_key_rfc2440
2014-08-28 11:20:31 -04:00
Nick Mathewson
cc3b04a8c1
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd
Resume expanding abbreviations for command-line options
...
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).
Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b
Initialize crash handler in unit tests
...
This way, we don't get locking failures when we hit an assertion in
the unit tests. Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
intrigeri
9f0161f73d
Add changes file for #12751 .
2014-08-27 03:33:05 +00:00
intrigeri
a8dd279fa5
Add changes file for #12939 .
2014-08-27 03:32:20 +00:00
intrigeri
b4170421cc
systemd unit file: ensures that the process and all its children can never gain
...
new privileges (#12939 ).
2014-08-27 03:18:26 +00:00
intrigeri
c9f30c4512
systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor ( #12751 ).
...
The rest of the filesystem is accessible for reading only. Still, quoting
systemd.exec(5):
Note that restricting access with these options does not extend to submounts
of a directory that are created later on.
2014-08-27 03:13:53 +00:00
Nick Mathewson
b2acd3580c
ed25519_ref10: use uint64_t and int64_t, not long long
2014-08-26 10:58:26 -04:00
Nick Mathewson
8b36bb9299
Add headers as needed to make ed25519_ref10 compile.
2014-08-26 10:56:22 -04:00
Nick Mathewson
8594e97c03
Add some explicit casts as needed to make ed25519_ref10 compile
...
Apparently, ref10 likes implicit conversions from int64 to int32 more
than our warnings do.
2014-08-26 10:14:18 -04:00
Nick Mathewson
4847136d2c
Integrate ed25519_ref10 into our build system.
2014-08-26 10:11:56 -04:00
Nick Mathewson
b40ac6808f
Add the ed25519 ref10 code verbatim from supercop-20140622
...
We might use libsodium or ed25519-donna later on, but for now, let's
see whether this is fast enough. We should use it in all cases when
performance doesn't matter.
2014-08-26 10:08:44 -04:00
Nick Mathewson
fdb7fc70d0
Merge remote-tracking branch 'public/bug10163'
2014-08-26 09:44:16 -04:00
Nick Mathewson
051dd9c409
Remove the assigned-but-unused chosen_named_idx local variable
...
It had been used in consensus method 1. But now that 13 is the
minimum (see #10163 ), we don't need it around.
Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
72ba1739e2
Fix another memory leak case in sandbox.c:prot_strings()
...
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c
Use the ARRAY_LENGTH macro more consistently.
2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d
Remove the non-implemented versions of the sandbox _array() functions
2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1
Whitespace fixes
2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f
Terser ways to sandbox-allow related filenames
...
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed. Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e
Merge branch 'bug11792_1_squashed'
...
Conflicts:
src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
d6033843a4
When looking for conns to close, count the age of linked queued data
...
Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.
2014-08-24 13:04:45 -04:00
Nick Mathewson
68e430a6fb
Kill non-tunneled directory connections when handling OOM.
...
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67
Count zlib buffer memory towards OOM totals.
...
Part of 11792.
(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
d31bcc4b23
Tidy status handling in rendservice.c
...
We had some code to fix up the 'status' return value to -1 on error
if it wasn't set, but it was unreachable because our code was
correct. Tweak this by initializing status to -1, and then only
setting it to 0 on success. Also add a goto which was missing: its
absence was harmless.
[CID 718614, 718616]
2014-08-22 12:23:01 -04:00
Nick Mathewson
a8cc41a230
Merge branch 'coverity_20140821'
2014-08-21 12:14:00 -04:00
Nick Mathewson
523587a5cf
fix memory leak on failure in sandbox.c:prot_strings()
...
[CID 1205014]
2014-08-21 11:40:48 -04:00
Nick Mathewson
35b2e11755
Store sandbox params as char *, since that's what they are.
...
This allows coverity to infer that we aren't leaking them.
[Fixes a lot of CIDs]
2014-08-21 11:22:42 -04:00
Nick Mathewson
446e481c90
Check for duplicate arguments to tor-gencert
...
Found by coverity, which noticed that if you said
tor-gencert -i identity1 -i identity2
we would leak "identity1".
[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00