Commit Graph

13601 Commits

Author SHA1 Message Date
Nick Mathewson
3402b14089 Merge remote-tracking branch 'asn/ticket22727_032_02' 2017-07-05 09:49:12 -04:00
Nick Mathewson
b6c8530fc3 Merge remote-tracking branch 'dgoulet/ticket22726_032_02' 2017-07-05 09:36:31 -04:00
Roger Dingledine
0fe7c42e0e general formatting / whitespace / typo fixes 2017-07-01 17:56:06 -04:00
Nick Mathewson
71b9f4f0bb Merge branch 'maint-0.3.1' 2017-06-29 15:57:49 -04:00
Nick Mathewson
1712dc98b0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-29 15:57:48 -04:00
Nick Mathewson
52c4440c48 Merge branch 'trove-2017-006' into maint-0.3.0 2017-06-29 15:57:42 -04:00
Nick Mathewson
3781678a3c Merge branch 'maint-0.3.1' 2017-06-29 11:38:06 -04:00
Nick Mathewson
31a08ba26f Merge remote-tracking branch 'public/bug22670_031' into maint-0.3.1 2017-06-29 11:34:06 -04:00
Nick Mathewson
2c718c1a12 Merge branch 'maint-0.3.1' 2017-06-29 10:43:50 -04:00
Nick Mathewson
bb5968cae1 Merge branch 'ticket22684' 2017-06-29 10:16:15 -04:00
Nick Mathewson
665baf5ed5 Consider the exit family when applying guard restrictions.
When the new path selection logic went into place, I accidentally
dropped the code that considered the _family_ of the exit node when
deciding if the guard was usable, and we didn't catch that during
code review.

This patch makes the guard_restriction_t code consider the exit
family as well, and adds some (hopefully redundant) checks for the
case where we lack a node_t for a guard but we have a bridge_info_t
for it.

Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006
and CVE-2017-0377.
2017-06-29 09:57:00 -04:00
Nick Mathewson
de5f0d8ba7 Replace crash on missing handle in consdiffmgr with nonfatal assert
Attempts to mitigate 22752.
2017-06-28 14:21:21 -04:00
Nick Mathewson
4c21d4ef7a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-28 14:03:23 -04:00
Nick Mathewson
ec9c6d7723 Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 2017-06-28 14:03:20 -04:00
Nick Mathewson
4060253749 Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 2017-06-28 13:57:54 -04:00
Nick Mathewson
75c6fdd286 whitespace fix 2017-06-28 13:53:52 -04:00
Nick Mathewson
e84127d99e Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 2017-06-28 13:48:52 -04:00
George Kadianakis
551ad20c43 nodelist: Make HSv3 protover magic numbers a bit more readable. 2017-06-28 18:32:32 +03:00
Nick Mathewson
559195ea82 Merge branch 'maint-0.3.1' 2017-06-27 18:28:38 -04:00
Alexander Færøy
0a4af86335 Return "304 not modified" if a client already have the most recent consensus.
This makes our directory code check if a client is trying to fetch a
document that matches a digest from our latest consensus document.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Alexander Færøy
07f2940b45 Set published_out for consensus cache entries in spooled_resource_estimate_size().
This patch ensures that the published_out output parameter is set to the
current consensus cache entry's "valid after" field.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Nick Mathewson
7fff6cfead Merge branch 'asn_bug22006_final_squashed' 2017-06-27 17:19:08 -04:00
George Kadianakis
a155035d20 ed25519: Dirauths validate router ed25519 pubkeys before pinning. 2017-06-27 17:17:58 -04:00
Nick Mathewson
a242d194c7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-27 11:04:44 -04:00
Nick Mathewson
711160a46f Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-27 11:04:44 -04:00
Nick Mathewson
32eba3d6aa Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-27 11:04:44 -04:00
Nick Mathewson
0576f9f433 Merge branch 'maint-0.3.1' 2017-06-27 11:04:44 -04:00
Nick Mathewson
3483f7c003 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-27 11:04:44 -04:00
Nick Mathewson
9a0fd2dbb1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-27 11:04:44 -04:00
Nick Mathewson
3de27618e6 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-27 11:04:44 -04:00
Nick Mathewson
ccae991662 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-27 11:04:44 -04:00
Nick Mathewson
8d2978b13c Fix an errant memset() into the middle of a struct in cell_pack().
This mistake causes two possible bugs. I believe they are both
harmless IRL.

BUG 1: memory stomping

When we call the memset, we are overwriting two 0 bytes past the end
of packed_cell_t.body. But I think that's harmless in practice,
because the definition of packed_cell_t is:

// ...
typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE];
  uint32_t inserted_time;
} packed_cell_t;

So we will overwrite either two bytes of inserted_time, or two bytes
of padding, depending on how the platform handles alignment.

If we're overwriting padding, that's safe.

If we are overwriting the inserted_time field, that's also safe: In
every case where we call cell_pack() from connection_or.c, we ignore
the inserted_time field. When we call cell_pack() from relay.c, we
don't set or use inserted_time until right after we have called
cell_pack(). SO I believe we're safe in that case too.

BUG 2: memory exposure

The original reason for this memset was to avoid the possibility of
accidentally leaking uninitialized ram to the network. Now
remember, if wide_circ_ids is false on a connection, we shouldn't
actually be sending more than 512 bytes of packed_cell_t.body, so
these two bytes can only leak to the network if there is another bug
somewhere else in the code that sends more data than is correct.

Fortunately, in relay.c, where we allocate packed_cell_t in
packed_cell_new() , we allocate it with tor_malloc_zero(), which
clears the RAM, right before we call cell_pack. So those
packed_cell_t.body bytes can't leak any information.

That leaves the two calls to cell_pack() in connection_or.c, which
use stack-alocated packed_cell_t instances.

In or_handshake_state_record_cell(), we pass the cell's contents to
crypto_digest_add_bytes(). When we do so, we get the number of
bytes to pass using the same setting of wide_circ_ids as we passed
to cell_pack(). So I believe that's safe.

In connection_or_write_cell_to_buf(), we also use the same setting
of wide_circ_ids in both calls. So I believe that's safe too.

I introduced this bug with 1c0e87f6d8
back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591
2017-06-27 10:47:20 -04:00
Nick Mathewson
22f441d4ee Merge branch 'maint-0.3.1' 2017-06-27 10:32:50 -04:00
Nick Mathewson
fd16dd2608 Merge branch 'bug22719_031' into maint-0.3.1 2017-06-27 10:31:33 -04:00
David Goulet
c17a04376d nodelist: Add functions to check for HS v3 support
This introduces node_supports_v3_hsdir() and node_supports_ed25519_hs_intro()
that checks the routerstatus_t of a node and if not present, checks the
routerinfo_t.

This is groundwork for proposal 224 service implementation in #20657.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:24:15 -04:00
David Goulet
82dee76740 hs: Ignore unparseable v3 introduction point
It is possible that at some point in time a client will encounter unknown or
new fields for an introduction point in a descriptor so let them ignore it for
forward compatibility.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:19:57 -04:00
Nick Mathewson
c29a559e7b Merge branch 'maint-0.3.1' 2017-06-26 14:15:21 -04:00
Nick Mathewson
d72cfb259d Patch for 22720 from huyvq: exit(1) more often
See changes file for full details.
2017-06-26 14:14:56 -04:00
Nick Mathewson
06414b9922 Merge branch 'maint-0.3.1' 2017-06-26 11:39:43 -04:00
Nick Mathewson
8f59661dba Merge branch 'bug22212_squashed' into maint-0.3.1 2017-06-26 11:27:09 -04:00
Mike Perry
0592ee45fc Demote a log message due to libevent delays.
This is a side-effect of being single-threaded. The worst cases of this are
actually Bug #16585.
2017-06-26 11:26:59 -04:00
Nick Mathewson
b546d8bc2b Try a little harder to make sure we never call tor_compress_process wrong. 2017-06-26 09:39:59 -04:00
Nick Mathewson
89d0261eb5 Merge remote-tracking branch 'isis/bug4019' 2017-06-23 14:38:20 -04:00
Nick Mathewson
80360ed9fa Merge branch 'bug3056_squashed' 2017-06-23 09:28:27 -04:00
Nick Mathewson
96fab4aaa6 Improve clarity, safety, and rate of dns spoofing log msg
Closes ticket 3056.
2017-06-23 09:28:17 -04:00
Nick Mathewson
2c49a9852d Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-22 10:56:08 -04:00
Nick Mathewson
90046a09dd Merge branch 'maint-0.3.1' 2017-06-22 10:56:08 -04:00
Nick Mathewson
bdd267e74d Combine our "don't do this if no consensus" entryguards checks
Suggested by asn on 22400 review.
2017-06-22 09:28:30 -04:00
Nick Mathewson
b9d8c8b126 Merge remote-tracking branch 'rl1987/bug22461' 2017-06-22 08:11:36 -04:00
Nick Mathewson
dc9ec519b5 Merge remote-tracking branch 'public/bug7890' 2017-06-22 08:04:12 -04:00