Commit Graph

2605 Commits

Author SHA1 Message Date
Florent Daigniere
9d6e805d28 Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-03 10:44:19 -05:00
Nick Mathewson
25f0eb4512 Add a sandbox rule to allow IP_TRANSPARENT 2014-02-02 15:47:48 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
682c2252a5 Fix some seccomp2 issues
Fix for #10563.  This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
2014-01-06 04:27:58 -05:00
Nick Mathewson
85284c33d1 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-12-18 22:04:21 -05:00
Nick Mathewson
7b87003957 Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG.  That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.

Thanks to coderman and rl1987 for diagnosing and tracking this down.
2013-12-18 11:53:07 -05:00
David Fifield
b600495441 Set CREATE_NO_WINDOW in tor_spawn_background.
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.

http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW

The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.

https://trac.torproject.org/projects/tor/ticket/9444#comment:30
2013-12-05 12:30:11 -05:00
Nick Mathewson
8f9c847fbf Restore prop198 behavior from 4677 patch
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.

Bug not in any released Tor.
2013-11-25 10:53:37 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
acd8c4f868 Avoid warning about impossible check for flags & 0
Fixes CID 743381
2013-11-22 12:42:05 -05:00
Nick Mathewson
6cbd17470d Handle unlikely negative time in tor_log_err_sigsafe
Coverity wants this; CID 1130990.
2013-11-22 12:14:11 -05:00
Nick Mathewson
3cdd7966d7 Add a _GNU_SOURCE definition to backtrace.c to fix compilation 2013-11-18 13:05:23 -05:00
Nick Mathewson
9025423471 Whoops -- add missing defined(). 2013-11-18 11:36:23 -05:00
Nick Mathewson
93c99508d2 Make header includes match declarations in pc_from_ucontext.m4
With any luck, this will clean up errors where we detect that
REG_{EIP,RIP} is present in autoconf, but when we go to include it,
it isn't there.
2013-11-18 11:34:15 -05:00
Nick Mathewson
adf2fa9b49 Fix compilation under openssl 0.9.8
It's not nice to talk about NID_aes_{128,256}_{ctr,gcm} when they
don't exist.

Fix on 84458b79a78ea7e26820bf0; bug not in any released Tor.
2013-11-18 11:25:07 -05:00
Nick Mathewson
4b9ec85e47 Fix whitespace 2013-11-18 11:13:40 -05:00
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup.
Fixes ticket 10043; patch from Joshua Datko.
2013-11-18 11:12:24 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
c2dfae78d3 Refactor format_*_number_sigsafe to have a common implementation 2013-11-18 10:43:16 -05:00
Nick Mathewson
c3ea946839 Reseolve DOCDOC and XXXXs in backtrace.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
d631ddfb59 Make backtrace handler handle signals correctly.
This meant moving a fair bit of code around, and writing a signal
cleanup function.  Still pretty nice from what I can tell, though.
2013-11-18 10:43:15 -05:00
Nick Mathewson
ce8ae49c94 Improve new assertion message logging
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
0e8ee795d9 Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4 2013-10-31 13:14:39 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
7ef9ecf6b3 Fix some whitespace; tighten the tests. 2013-10-11 12:51:07 -04:00
Nick Mathewson
3d817fa29c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:18:17 -04:00
Nick Mathewson
7b1b8c3694 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 11:18:07 -04:00
Nick Mathewson
004a9c6dd1 Fix unit test for format_helper_exit_status
Fix format_helper_exit_status to allow full HEX_ERRNO_SIZE answers,
*and* increase the buffer length again.
2013-10-10 11:15:35 -04:00
Nick Mathewson
97285bc465 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 10:55:58 -04:00
Nick Mathewson
1137817319 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 10:55:24 -04:00
Nick Mathewson
9de456a303 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 16:47:49 -04:00
Nick Mathewson
b8abadedd3 When examining interfaces to find an address, discard non-up ones.
Patch from "hantwister" on trac. Fixes bug #9904; bugfix on
0.2.3.11-alpha.
2013-10-08 16:46:29 -04:00
Nick Mathewson
72c1e5acfe Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.
2013-10-08 16:32:07 -04:00
Nick Mathewson
17bcfb2604 Raise buffer size, fix checks for format_exit_helper_status.
This is probably not an exploitable bug, since you would need to have
errno be a large negative value in the unix pluggable-transport launcher
case.  Still, best avoided.

Fixes bug 9928; bugfix on 0.2.3.18-rc.
2013-10-08 11:13:21 -04:00
Nick Mathewson
090bff2dca Merge remote-tracking branch 'public/bug6055_v2_024' 2013-09-25 14:35:18 -04:00
Nick Mathewson
ad763a336c Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e
To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
2013-09-25 14:34:24 -04:00
Nick Mathewson
1825674bd3 Fix a memory leak on getaddrinfo in sandbox. Found by coverity 2013-09-16 22:38:02 -04:00
Nick Mathewson
4ea9fbcdb1 Clean up malloc issues in sandbox.c
tor_malloc returns void *; in C, it is not necessary to cast a
void* to another pointer type before assigning it.

tor_malloc fails with an error rather than returning NULL; it's not
necessary to check its output. (In one case, doing so annoyed Coverity.)
2013-09-16 22:34:42 -04:00
Nick Mathewson
25a3ae922f Merge remote-tracking branch 'Ryman/bug6384'
Conflicts:
	src/or/config.c
	src/or/main.c
2013-09-13 12:55:53 -04:00
Nick Mathewson
f4db0f429a Fix a windows compilation warning from sandboxing branch 2013-09-13 12:43:18 -04:00
Nick Mathewson
e0b2cd061b Merge remote-tracking branch 'ctoader/gsoc-cap-stage2'
Conflicts:
	src/common/sandbox.c
2013-09-13 12:31:41 -04:00
Cristian Toader
7cf1b9cc33 fixed compilation bug on i386 due to previous fix 2013-09-12 15:38:14 +03:00
Cristian Toader
d2836c8780 bug fix: syscalls send and recv not supported for x86_64 with libseccomp 1.0.1 2013-09-12 15:30:28 +03:00
Cristian Toader
0a3d1685ae remove debugging code 2013-09-12 14:12:56 +03:00