Commit Graph

13041 Commits

Author SHA1 Message Date
Nick Mathewson
3802e32c7d Only intern one copy of each magic string for the sandbox
If we intern two copies of a string, later calls to
sandbox_intern_string will give the wrong one sometimes.
2014-04-16 22:03:08 -04:00
Nick Mathewson
ae9d6d73f5 Fix some initial sandbox issues.
Allow files that weren't in the list; Allow the _sysctl syscall;
allow accept4 with CLOEXEC and NONBLOCK.
2014-04-16 22:03:07 -04:00
Nick Mathewson
211b8cc318 Only expose clean_backtrace() if we'll implement it
Fixes windows compilation; bug not in any released Tor.

Bugfix on cc9e86db.
2014-04-16 22:00:13 -04:00
Nick Mathewson
438a03ef7c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-16 15:37:19 -04:00
Nick Mathewson
3fc0f9efb8 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97 remove note about dannenberg; it has upgraded. 2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21 Update the authority signing key blacklist
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Nick Mathewson
125c8e5468 Merge remote-tracking branch 'public/bug11465' 2014-04-15 20:55:28 -04:00
Nick Mathewson
03e0c7e366 Answer a question in a comment; fix a wide line. 2014-04-15 20:52:31 -04:00
Nick Mathewson
1126ce1d86 Fix compiler warning on test_status.c 2014-04-15 15:19:41 -04:00
dana koch
3ce3984772 Uplift status.c unit test coverage with new test cases and macros.
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
2014-04-15 15:00:34 -04:00
Nick Mathewson
2704441e7f Merge remote-tracking branch 'public/bug11513_024' 2014-04-15 14:54:25 -04:00
Nick Mathewson
9556668f5f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-15 14:52:12 -04:00
Nick Mathewson
f3c20a28ab Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuituse.c
2014-04-15 14:51:19 -04:00
Nick Mathewson
b2106956e0 Don't send uninitialized stack to the controller and say it's a date.
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14 21:51:30 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42 Fill in the list of blacklisted signing keys.
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Nick Mathewson
bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
Nick Mathewson
0820031419 Merge remote-tracking branch 'asn/bug11486' 2014-04-12 21:42:45 -04:00
George Kadianakis
1ec4d52e59 Add another unit test for parse_bridge_line(). 2014-04-11 21:06:53 +03:00
Nick Mathewson
cc9e86db61 Log a backtrace when the sandbox finds a failure
This involves some duplicate code between backtrace.c and sandbox.c,
but I don't see a way around it: calling more functions would mean
adding more steps to our call stack, and running clean_backtrace()
against the wrong point on the stack.
2014-04-10 15:44:52 -04:00
Nick Mathewson
196895ed7e Make the sandbox code allow the writev() syscall.
Tor doesn't use it directly, but the glibc backtrace-to-fd code does
2014-04-10 15:08:28 -04:00
Nick Mathewson
a790454368 Demote "we stalled too much while trying to write" message to INFO
Resolves ticket 5286.
2014-04-09 11:34:00 -04:00
Nick Mathewson
2f73525883 Fix a dumb C bug in the unit tests for 9841
Fixes bug 11460; bug only affects unit tests and is not in any
released version of Tor.
2014-04-09 09:20:25 -04:00
Nick Mathewson
fa6b80d6e5 Merge remote-tracking branch 'public/bug10431' 2014-04-09 08:29:21 -04:00
Roger Dingledine
aacbf551c4 note a missing word 2014-04-09 01:01:52 -04:00
Nick Mathewson
88179bd9b6 Merge remote-tracking branch 'public/update_ciphers_ff28' 2014-04-08 20:43:21 -04:00
Nick Mathewson
6a0dc0e585 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-08 20:30:30 -04:00
Nick Mathewson
08ced4a7bf Merge remote-tracking branch 'public/bug11426' 2014-04-08 16:46:34 -04:00
Nick Mathewson
689863d0a9 Merge branch 'bug2454_025_squashed' 2014-04-08 15:37:15 -04:00
Matthew Finkel
2d5a7b1842 Check for new IP addr after circuit liveliness returns
When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.
2014-04-08 15:37:01 -04:00
Nick Mathewson
b933fdcc11 Move existing policy tests from test.c to new test_policy.c 2014-04-08 14:14:12 -04:00
Nick Mathewson
d0af665758 Remove unused extern decl for a nonexistent test suite 2014-04-08 14:10:59 -04:00
Nick Mathewson
245f273aaf Merge branch 'bug7952_final'
Conflicts:
	src/test/include.am
	src/test/test.c
2014-04-08 13:55:02 -04:00
rl1987
51e13cd1ad Making entire exit policy available to Tor controller. 2014-04-08 13:50:02 -04:00
Nick Mathewson
3ac426afe8 Merge remote-tracking branch 'public/bug4241' 2014-04-08 12:41:03 -04:00
Nick Mathewson
fffc59b0e9 Merge remote-tracking branch 'public/bug9841_025' 2014-04-08 12:06:03 -04:00
Nick Mathewson
4231729176 Update ciphers.inc to match ff28
The major changes are to re-order some ciphers, to drop the ECDH suites
(note: *not* ECDHE: ECDHE is still there), to kill off some made-up
stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop
some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites.

This change is autogenerated by get_mozilla_ciphers.py from
Firefox 28 and OpenSSL 1.0.1g.

Resolves ticket 11438.
2014-04-08 11:42:07 -04:00
Nick Mathewson
d00dc9f7d1 Teach the get_mozilla_ciphers.py script to parse recent firefoxen 2014-04-08 11:42:07 -04:00
Nick Mathewson
ab1a679eef Fix a small memory leak when resolving PTR addresses
Fixes bug 11437; bugfix on 0.2.4.7-alpha.

Found by coverity; this is CID 1198198.
2014-04-07 23:29:47 -04:00
Nick Mathewson
f0bce2dc35 Fix some harmless/untriggerable memory leaks found by coverity 2014-04-07 23:20:13 -04:00
Nick Mathewson
595303fd1e Merge remote-tracking branch 'public/bug10363_024_squashed' 2014-04-07 23:03:04 -04:00
Nick Mathewson
6d9c332757 Another 10363 instance -- this one in the eventdns.c code 2014-04-07 22:56:42 -04:00
Nick Mathewson
9dd115d6b5 Another 10363 instance: this one in tor_memmem fallback code 2014-04-07 22:56:42 -04:00
Nick Mathewson
092ac26ea2 Fix undefined behavior with pointer addition in channeltls.c
In C, it's a bad idea to do this:

   char *cp = array;
   char *end = array + array_len;

   /* .... */

   if (cp + 3 >= end) { /* out of bounds */ }

because cp+3 might be more than one off the end of the array, and
you are only allowed to construct pointers to the array elements,
and to an element one past the end.  Instead you have to say

   if (cp - array + 3 >= array_len) { /* ... */ }

or something like that.

This patch fixes two of these: one in process_versions_cell
introduced in 0.2.0.10-alpha, and one in process_certs_cell
introduced in 0.2.3.6-alpha.  These are both tracked under bug
10363. "bobnomnom" found and reported both. See also 10313.

In our code, this is likely to be a problem as we used it only if we
get a nasty allocator that makes allocations end close to (void*)-1.
But it's best not to have to worry about such things at all, so
let's just fix all of these we can find.
2014-04-07 22:56:42 -04:00
Nick Mathewson
90341b4852 For missing transport, say "PT_MISSING" not "NO_ROUTE" 2014-04-07 13:44:22 -04:00