Commit Graph

3734 Commits

Author SHA1 Message Date
Alexander Færøy
300ac49685 Add compress_zlib.obj to src/common/Makefile.nmake.
See https://bugs.torproject.org/21663
2017-04-25 08:06:01 -04:00
Alexander Færøy
04583df452 Rename the torgzip module to compress.
See https://bugs.torproject.org/21663
2017-04-25 08:06:01 -04:00
Alexander Færøy
9d5bc1a935 Move zlib compression code into its own module.
This patch refactors the `torgzip` module to allow us to extend a common
compression API to support multiple compression backends.

Additionally we move the gzip/zlib code into its own module under the
name `compress_zlib`.

See https://bugs.torproject.org/21664
2017-04-25 08:06:01 -04:00
Alexander Færøy
e6c6606a17
Expose tor_compress_is_compression_bomb() as part of the public compression API.
This patch exposes the old `is_compression_bomb()` function as a public
API as part of the compression module.

See https://bugs.torproject.org/21663
2017-04-18 03:12:19 +02:00
Alexander Færøy
6b5172bcf2
Expose tor_compress_memory_level() as a public function in the compression module.
This patch makes the internal `get_memlevel()` a part of the public
compression API as `tor_compress_memory_level()`.

See https://bugs.torproject.org/21663
2017-04-18 02:23:25 +02:00
Alexander Færøy
3c4459bcbf
Refactor the streaming compression code.
This patch refactors our streaming compression code to allow us to
extend it with non-zlib/non-gzip based compression schemas.

See https://bugs.torproject.org/21663
2017-04-17 14:57:37 +02:00
Alexander Færøy
44cb86adbe
Rename tor_gzip_{compress,uncompress} to tor_{compress,uncompress}.
To allow us to use the API name `tor_compress` and `tor_uncompress` as
the main entry-point for all compression/uncompression and not just gzip
and zlib.

See https://bugs.torproject.org/21663
2017-04-17 14:29:10 +02:00
Alexander Færøy
e8b025dfc3
Rename zlib_compression_level_t to compression_level_t.
See https://bugs.torproject.org/21663
2017-04-17 14:22:13 +02:00
Alexander Færøy
7460b9755a
Remove unused function is_gzip_supported().
This patch removes the unused `is_gzip_supported()` and changes the
documentation string around the `compress_method_t` enumeration to
explicitly state that both `ZLIB_METHOD` and `GZIP_METHOD` are both
always supported.

Zlib version 1.2.0 was released on the 9'th of March, 2003 according to
their ChangeLog.

See https://bugs.torproject.org/21663
2017-04-17 14:11:35 +02:00
Taylor Yu
2b38bb28b4 Remove base64_decode_nopad()
Remove base64_decode_nopad() because it is redundant now that
base64_decode() correctly handles both padded and unpadded base64
encodings with "right-sized" output buffers.
2017-04-07 18:18:23 -04:00
Taylor Yu
f15818f280 Make base64_decode() check actual decoded length
base64_decode() was applying an overly conservative check on the
output buffer length that could incorrectly produce an error if the
input encoding contained padding or newlines.  Fix this by checking
the output buffer length against the actual decoded length produced
during decoding.
2017-04-07 18:13:22 -04:00
Nick Mathewson
05ef3b959d Merge branch 'maint-0.3.0' 2017-04-07 14:03:40 -04:00
Nick Mathewson
f1613b53c5 Merge remote-tracking branch 'public/bug21894_029' into maint-0.3.0 2017-04-07 14:03:25 -04:00
Nick Mathewson
f0fa7dcdf0 Merge branch 'ticket21842_squashed' 2017-04-07 13:21:15 -04:00
Nick Mathewson
7b60f0129a Remove tor-checkkey as obsolete
CVE-2008-0166 is long gone, and we no longer need a helper tool to
dump out public key moduli so folks can detect it.

Closes ticket 21842.
2017-04-07 13:21:07 -04:00
Nick Mathewson
4812441d34 Never read off the end of a buffer in base32_encode()
When we "fixed" #18280 in 4e4a7d2b0c
in 0291 it appears that we introduced a bug: The base32_encode
function can read off the end of the input buffer, if the input
buffer size modulo 5 is not equal to 0 or 3.

This is not completely horrible, for two reasons:
   * The extra bits that are read are never actually used: so this
     is only a crash when asan is enabled, in the worst case.  Not a
     data leak.

   * The input sizes passed to base32_encode are only ever multiples
      of 5. They are all either DIGEST_LEN (20), REND_SERVICE_ID_LEN
      (10), sizeof(rand_bytes) in addressmap.c (10), or an input in
      crypto.c that is forced to a multiple of 5.

So this bug can't actually trigger in today's Tor.

Closes bug 21894; bugfix on 0.2.9.1-alpha.
2017-04-07 10:47:16 -04:00
Nick Mathewson
d33c3627f4 Comment fix. (Catalyst spotted this) 2017-04-07 10:00:08 -04:00
Nick Mathewson
61f1838cdc Merge branch 'isolate_openssl' 2017-04-07 09:58:21 -04:00
Nick Mathewson
1e54bdd48a Make the warnings about terminating nuls a bit stronger
It looks like 32_encoded_size/64_encode_size APIs are inconsistent
not only in the number of "d"s they have, but also in whether they
count the terminating NUL.  Taylor noted this in 86477f4e3f,
but I think we should note the inconsistently more loudly in order
to avoid trouble.

(I ran into trouble with this when writing 30b13fd82e243713c6a0d.)
2017-04-07 09:51:08 -04:00
Taylor Yu
86477f4e3f Use baseXX length macros in baseXX_encode()
Use the new baseXX length macros to clean up the length checks in the
baseXX_encode() functions.
2017-04-06 17:43:16 -04:00
Taylor Yu
e7f40baade Add macros for baseXX encoding lengths 2017-04-06 15:43:55 -04:00
Taylor Yu
c5adab0258 Make CEIL_DIV() slightly more overflow-safe 2017-04-06 13:54:46 -04:00
Nick Mathewson
5567a80caa Explain config_line_find() behavior on duplicates. 2017-04-06 11:48:41 -04:00
Nick Mathewson
89b673f24b Add an assertion to config_line_append(). 2017-04-06 11:48:41 -04:00
Nick Mathewson
37bb3b31fa Add some "labeled storagedir" abstractions.
These add a tiny bit of structure on top of the regular storagedir
abstractions in order to store key-value lists at the head of each
document.
2017-04-06 11:48:40 -04:00
Nick Mathewson
b6f22524ee Move config line parsing function to confline.c 2017-04-04 11:11:01 -04:00
Nick Mathewson
c2947dbb86 Move config_line_t functions from confparse.c into common.
I'm doing this to storagedir to used config_line_t.
2017-04-04 11:11:01 -04:00
Nick Mathewson
28f9b68e87 Move "change cert expiration and re-sign" fn into tortls.c
This lets test_link_handshake stop including openssl headers.
2017-03-31 10:04:45 -04:00
Nick Mathewson
5ca0d6daf0 Mark many private tortls.h APIs as openssl-only.
This change lets us remove the openssl/ssl.h include from
test_link_handshake.c.
2017-03-31 10:04:45 -04:00
Nick Mathewson
a8b9aba912 Change many tortls.h declarations of private APIs to use structs
This change makes it so those those APIs will not require prior
inclusion of openssl headers.  I've left some APIs alone-- those
will change to be extra-private.
2017-03-31 10:04:45 -04:00
Nick Mathewson
3fc4f81de3 Make crypto_ed25519.c no longer depend on openssl
Now it calls through our own crypto API.
2017-03-31 10:04:44 -04:00
Nick Mathewson
e7506c03cf Isolate dmalloc/openssl bridge code to crypto.c
This makes it so main.c, and the rest of src/or, no longer need to
include any openssl headers.
2017-03-31 10:04:44 -04:00
Nick Mathewson
10888dcac6 Merge remote-tracking branch 'ahf/bugs/21757' 2017-03-27 15:02:48 +02:00
Nick Mathewson
1d617e3ed0 Check and cast st_size to size_t in storagedir code
This prevents an i386 compilation warning and fixes bug 21828. Bug not
in any released Tor.
2017-03-27 10:40:15 +02:00
Alexander Færøy
a28be68cf2
Split strings at newline in tor_get_lines_from_handle().
This patch fixes a regression described in bug #21757 that first
appeared after commit 6e78ede73f which was an attempt to fix bug #21654.

When switching from buffered I/O to direct file descriptor I/O our
output strings from get_string_from_pipe() might contain newline
characters (\n). In this patch we modify tor_get_lines_from_handle() to
ensure that the function splits the newly read string at the newline
character and thus might return multiple lines from a single call to
get_string_from_pipe().

Additionally, we add a test case to test_util_string_from_pipe() to
ensure that get_string_from_pipe() correctly returns multiple lines in a
single call.

See: https://bugs.torproject.org/21757
See: https://bugs.torproject.org/21654
2017-03-17 04:27:12 +01:00
Nick Mathewson
45d008c4aa Merge branch 'storagedir_squashed' 2017-03-16 16:03:13 -04:00
Nick Mathewson
ee253e392a Define a "storagedir" abstraction to hold numerous similar files
We could use one of these for holding "junk" descriptors and
unparseable things -- but we'll _need_ it for having cached
consensuses and diffs between them.
2017-03-16 16:01:59 -04:00
Nick Mathewson
877468c781 Now, resolve a new 64-bit warning in compat_threads.c 2017-03-16 15:34:57 -04:00
Nick Mathewson
4a4f1e44af Merge branch 'prop140_21643_diff_only_squashed' 2017-03-16 14:58:43 -04:00
Daniel Martí
590ffdb2c9 Consensus diff backend from Daniel Martí GSOC project.
(This commit was extracted by nickm based on the final outcome of
the project, taking only the changes in the files touched by this
commit from the consdiff_rebased branch.  The directory-system
changes are going to get worked on separately.)
2017-03-16 14:38:28 -04:00
Nick Mathewson
7505f452c8 Run the copyright update script. 2017-03-15 16:13:17 -04:00
Nick Mathewson
c64adaaf90 Merge branch 'bug21540_029_v2' 2017-03-15 12:17:15 -04:00
Nick Mathewson
44514058b9 Correctly handle fd-drain errors on windows workqueues
Windows doesn't let you check the socket error for a socket with
WSAGetLastError() and getsockopt(SO_ERROR).  But
getsockopt(SO_ERROR) clears the error on the socket, so you can't
call it more than once per error.

When we introduced recv_ni to help drain alert sockets, back in
0.2.6.3-alpha, we had the failure path for recv_ni call getsockopt()
twice, though: once to check for EINTR and one to check for EAGAIN.
Of course, we never got the eagain, so we treated it as an error,
and warned about: "No error".

The fix here is to have these functions return -errno on failure.

Fixes bug 21540; bugfix on 0.2.6.3-alpha.
2017-03-15 12:16:17 -04:00
Nick Mathewson
c000c7d118 Create logfiles in mode 0640
Patch from toralf; closes 21729.
2017-03-14 11:36:53 -04:00
Nick Mathewson
dc37ea8b98 Add a null statement to prevent some SMARTLIST_FOREACH() bugs.
So we require that SMARTLIST_FOREACH_END() have the name of the loop
variable in it.  But right now the only enforcement for that is to
clear the variable at the end of the loop, which is really not
sufficient: I spent 45 minutes earlier today debugging an issue
where I had said:
   SMARTLIST_FOREACH_BEGIN(spool, spooled_resource_t *, spooled) {
     ...
   } SMARTLIST_FOREACH_END(spool);

This patch makes it so that ONLY loop variables can be used, by
referring to the _sl_idx variable.
2017-03-13 16:43:30 -04:00
Alexander Færøy
02fc0a5ecf
Remove fgets() compatbility function and related tests.
This patch removes the `tor_fgets()` wrapper around `fgets(3)` since it
is no longer needed. The function was created due to inconsistency
between the returned values of `fgets(3)` on different versions of Unix
when using `fgets(3)` on non-blocking file descriptors, but with the
recent changes in bug #21654 we switch from unbuffered to direct I/O on
non-blocking file descriptors in our utility module.

We continue to use `fgets(3)` directly in the geoip and dirserv module
since this usage is considered safe.

This patch also removes the test-case that was created to detect
differences in the implementation of `fgets(3)` as well as the changes
file since these changes was not included in any releases yet.

See: https://bugs.torproject.org/21654
2017-03-09 00:10:18 +01:00
Alexander Færøy
02ef06516e
Use less-than instead of not-equal-to for comparison in read loops.
This patch changes a number of read loops in the util module to use
less-than comparison instead of not-equal-to comparison. We do this in
the case that we have a bug elsewhere that might cause `numread` to
become larger than `count` and thus become an infinite loop.
2017-03-09 00:10:17 +01:00
Alexander Færøy
6e78ede73f
Remove buffered I/O stream usage in process_handle_t.
This patch removes the buffered I/O stream usage in process_handle_t and
its related utility functions. This simplifies the code and avoids racy
code where we used buffered I/O on non-blocking file descriptors.

See: https://bugs.torproject.org/21654
2017-03-09 00:10:17 +01:00
Alexander Færøy
86de065aee
Use read(2) instead of fgets(3) when reading process output.
This patch modifies `tor_read_all_handle()` to use read(2) instead of
fgets(3) when reading the stdout from the child process. This should
eliminate the race condition that can be triggered in the 'slow/util/*'
tests on slower machines running OpenBSD, FreeBSD and HardenedBSD.

See: https://bugs.torproject.org/21654
2017-03-08 02:08:44 +01:00
Alexander Færøy
3dca5a6e71
Use tor_fgets() instead of fgets().
This patch changes our use of fgets() to tor_fgets() for more consistent
error handling across different versions of the C library.
2017-03-01 21:26:27 +01:00