Commit Graph

23693 Commits

Author SHA1 Message Date
Nick Mathewson
fbf93614c9 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-26 15:35:07 -04:00
Nick Mathewson
c362c6a852 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-26 15:35:01 -04:00
Nick Mathewson
0ad5a6b034 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-26 15:34:56 -04:00
Nick Mathewson
09618bc488 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-26 15:34:40 -04:00
Nick Mathewson
0117e2ea0d Merge branch 'bug23030_029_v2' into maint-0.2.9 2017-07-26 12:58:17 -04:00
Nick Mathewson
32b9edeb91 Fix build warnings from Coverity related to our BUG macro
In the Linux kernel, the BUG() macro causes an instant panic.  Our
BUG() macro is different, however: it generates a nonfatal assertion
failure, and is usable as an expression.

Additionally, this patch tells util_bug.h to make all assertion
failures into fatal conditions when we're building with a static
analysis tool, so that the analysis tool can look for instances
where they're reachable.

Fixes bug 23030.
2017-07-26 12:57:49 -04:00
Nick Mathewson
6d3c5b8fb5 Merge branch 'bug22915_029_2' into maint-0.2.9 2017-07-26 12:53:13 -04:00
Nick Mathewson
fca1934c88 Suppress clang4-specific -Wdouble-promotion warnings
Wow, it sure seems like some compilers can't implement isnan() and
friends in a way that pleases themselves!

Fixes bug 22915. Bug trigged by 0.2.8.1-alpha and later; caused by
clang 4.
2017-07-26 12:53:00 -04:00
Isis Lovecruft
6d0af8dacc
In < 0.2.9.x, --enable-fatal-warnings was --enable-gcc-warnings. 2017-07-25 01:03:15 +00:00
Isis Lovecruft
c718644251
Builds on CI should use --enable-fragile-hardening.
(cherry picked from commit c91a57ccf90308c6728184b43519f96b61acb95d)
2017-07-25 00:54:11 +00:00
Isis Lovecruft
f2e3d13930
Install optional dependencies during Travis CI builds.
(cherry picked from commit 1bb00fb812c0df7a574ed62e9f53b0e8192c7d04)
2017-07-25 00:54:01 +00:00
Isis Lovecruft
d0cabbf2c5
Fix CI homebrew checks for outdated packages.
(cherry picked from commit 8f8689f70235dc19cbc5092ea148af5772a9cdc3)
2017-07-25 00:52:05 +00:00
Isis Lovecruft
7b4585e2a3
Add a changes file for bug22636. 2017-07-17 21:44:59 +00:00
Isis Lovecruft
68722a1ddf
Fix and expand upon our Travis CI configuration.
* CHANGE .travis.yml so that commands for different purposes (e.g. getting
   dependencies, building, testing) are in separate config lines and sections.
 * CHANGE .travis.yml to use their mechanism for installing dependencies via
   apt. [0]  This also allows us to not need sudo (the "sudo: false" line).
 * CHANGE Travis CI tests (the "script:" section) to build and run tests in the
   same manner as Jenkins (i.e. with --enable-fatal-warnings and
   --disable-silent-rules and run `make check`).
 * ADD Travis configuration to do all the target builds with both GCC and clang.
 * ADD make flags to build with both of the cores available.
 * ADD notifications for IRC, and configure email notifications (to the author
   of the commit) only if the branch was previously building successfully and
   the latest commit broke it.
 * ADD the ability to run the Travis build matrix for OSX as well, but leave it
   commented out by default (because it takes roughly ten times longer, due to a
   shortage of OSX build machines).
 * ADD Travis config option to cancel/fail the build early if one target has
   already failed ("fast_finish: true").
 * ADD comments to describe what our Travis config is doing and why it is
   configured that way.

[0]: https://docs.travis-ci.com/user/installing-dependencies/#Installing-Packages-on-Container-Based-Infrastructure)
2017-07-17 21:44:44 +00:00
Nick Mathewson
3a7d757140 Merge branch 'bug22916_027' into maint-0.2.9 2017-07-14 09:11:08 -04:00
Patrick O'Doherty
071e9b56b1
.travis.yml to run test suite
Installs dependencies (including rust) and runs the existing test suite.

TODO: Introduce build matrix utilizing the rust toolchain to run test
suites both with and without the rust components.
2017-07-13 22:05:58 +00:00
Nick Mathewson
3cec1783b7 Fix compiler warnings with openssl-scrypt/libscrypt test on clang
Clang didn't like that we were passing uint64_t values to an API
that wanted uint32_t.  GCC has either not cared, or has figured out
that the values in question were safe to cast to uint32_t.

Fixes bug22916; bugfix on 0.2.7.2-alpha.
2017-07-13 17:49:48 -04:00
Nick Mathewson
ed0fb21834 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-07 10:56:31 -04:00
Nick Mathewson
48e45e2fb1 Merge branch 'bug22838_028' into maint-0.2.8 2017-07-07 10:55:51 -04:00
Nick Mathewson
ae756f251f mingw fix: avoid "unused var" warning.
This is a backport of 19615bce64 to
fix bug 22838.
2017-07-07 10:54:24 -04:00
Nick Mathewson
5472066cd2 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-07 10:51:28 -04:00
Nick Mathewson
715185477d Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-07 10:51:28 -04:00
Nick Mathewson
78dfa76ddc Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-07 10:51:28 -04:00
Nick Mathewson
4858cda2df Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-07 10:51:28 -04:00
Nick Mathewson
c1e4aff384 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-07 10:51:28 -04:00
Nick Mathewson
b47249e0bb Mention TROVE-2017-007 in changes file for 22789 2017-07-07 10:51:25 -04:00
Karsten Loesing
b6acfa491e Update geoip and geoip6 to the July 4 2017 database. 2017-07-07 16:27:54 +02:00
Nick Mathewson
dfc0614840 Only disable -Wfloat-conversion on mingw when it exists.
The 22081 fix disabled -Wfloat-conversion, but -Wfloat-conversion
didn't exist in every relevant mingw; it was added in GCC 4.9.x some
time, if the documentation can be trusted.

Bug not in any released version of tor.
2017-07-05 16:10:45 -04:00
Nick Mathewson
32c0066e4b Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-05 13:43:21 -04:00
Nick Mathewson
5ff0f1ab9e Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-05 13:42:47 -04:00
Nick Mathewson
6cd6d488dc Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-05 13:42:37 -04:00
Nick Mathewson
f6420bceec Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-05 13:42:32 -04:00
Nick Mathewson
ff8c230d7c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-05 13:42:26 -04:00
Nick Mathewson
0ee15c92d5 Merge branch 'bug22789_024' into maint-0.2.4 2017-07-05 13:41:27 -04:00
Nick Mathewson
16d2bce893 Allow setsockopt(IPV6_V6ONLY) in sandbox.
Fixes bug 20247.  We started setting V6ONLY in 0.2.3.13-alpha and
added the sandbox on 0.2.5.1-alpha.
2017-07-05 13:09:21 -04:00
Nick Mathewson
bb97f680e7 Merge branch 'bug22801_028' into maint-0.2.9 2017-07-05 11:18:59 -04:00
teor
878e0d45a5 Always allow extra file descriptors when setting the connection maximum
When setting the maximum number of connections allowed by the OS,
always allow some extra file descriptors for other files.

Fixes bug 22797; bugfix on 0.2.0.10-alpha.
2017-07-05 11:15:10 -04:00
Nick Mathewson
bb3f74e66b Fix assertion failure related to openbsd strtol().
Fixes bug 22789; bugfix on 0.2.3.8-alpha.
2017-07-03 11:22:27 -04:00
Nick Mathewson
5361032219 Fix -Wfloat-conversion C warnings on mingw in clamp_double_to_int64.
We just have to suppress these warnings: Mingw's math.h uses gcc's
__builtin_choose_expr() facility to declare isnan, isfinite, and
signbit.  But as implemented in at least some versions of gcc,
__builtin_choose_expr() can generate type warnings even from
branches that are not taken.

Fixes bug 22801; bugfix on 0.2.8.1-alpha.
2017-07-03 10:59:31 -04:00
Nick Mathewson
ec9c6d7723 Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 2017-06-28 14:03:20 -04:00
Nick Mathewson
4060253749 Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 2017-06-28 13:57:54 -04:00
Nick Mathewson
f367453cb5 Mark descriptors as undownloadable when dirserv_add_() rejects them
As of ac2f6b608a in 0.2.1.19-alpha,
Sebastian fixed bug 888 by marking descriptors as "impossible" by
digest if they got rejected during the
router_load_routers_from_string() phase. This fix stopped clients
and relays from downloading the same thing over and over.

But we never made the same change for descriptors rejected during
dirserv_add_{descriptor,extrainfo}.  Instead, we tried to notice in
advance that we'd reject them with dirserv_would_reject().

This notice-in-advance check stopped working once we added
key-pinning and didn't make a corresponding key-pinning change to
dirserv_would_reject() [since a routerstatus_t doesn't include an
ed25519 key].

So as a fix, let's make the dirserv_add_*() functions mark digests
as undownloadable when they are rejected.

Fixes bug 22349; I am calling this a fix on 0.2.1.19-alpha, though
you could also argue for it being a fix on 0.2.7.2-alpha.
2017-06-27 12:01:46 -04:00
Nick Mathewson
3483f7c003 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-27 11:04:44 -04:00
Nick Mathewson
9a0fd2dbb1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-27 11:04:44 -04:00
Nick Mathewson
3de27618e6 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-27 11:04:44 -04:00
Nick Mathewson
ccae991662 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-27 11:04:44 -04:00
Nick Mathewson
711160a46f Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-27 11:04:44 -04:00
Nick Mathewson
d56f699399 Merge branch 'bug22737_024' into maint-0.2.4 2017-06-27 11:04:41 -04:00
Nick Mathewson
8d2978b13c Fix an errant memset() into the middle of a struct in cell_pack().
This mistake causes two possible bugs. I believe they are both
harmless IRL.

BUG 1: memory stomping

When we call the memset, we are overwriting two 0 bytes past the end
of packed_cell_t.body. But I think that's harmless in practice,
because the definition of packed_cell_t is:

// ...
typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE];
  uint32_t inserted_time;
} packed_cell_t;

So we will overwrite either two bytes of inserted_time, or two bytes
of padding, depending on how the platform handles alignment.

If we're overwriting padding, that's safe.

If we are overwriting the inserted_time field, that's also safe: In
every case where we call cell_pack() from connection_or.c, we ignore
the inserted_time field. When we call cell_pack() from relay.c, we
don't set or use inserted_time until right after we have called
cell_pack(). SO I believe we're safe in that case too.

BUG 2: memory exposure

The original reason for this memset was to avoid the possibility of
accidentally leaking uninitialized ram to the network. Now
remember, if wide_circ_ids is false on a connection, we shouldn't
actually be sending more than 512 bytes of packed_cell_t.body, so
these two bytes can only leak to the network if there is another bug
somewhere else in the code that sends more data than is correct.

Fortunately, in relay.c, where we allocate packed_cell_t in
packed_cell_new() , we allocate it with tor_malloc_zero(), which
clears the RAM, right before we call cell_pack. So those
packed_cell_t.body bytes can't leak any information.

That leaves the two calls to cell_pack() in connection_or.c, which
use stack-alocated packed_cell_t instances.

In or_handshake_state_record_cell(), we pass the cell's contents to
crypto_digest_add_bytes(). When we do so, we get the number of
bytes to pass using the same setting of wide_circ_ids as we passed
to cell_pack(). So I believe that's safe.

In connection_or_write_cell_to_buf(), we also use the same setting
of wide_circ_ids in both calls. So I believe that's safe too.

I introduced this bug with 1c0e87f6d8
back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591
2017-06-27 10:47:20 -04:00
Nick Mathewson
1c64133cb3 Merge remote-tracking branch 'public/bug22516_029' into maint-0.2.9 2017-06-19 13:50:49 -04:00