Nick Mathewson
b4b1882da0
Merge branch 'bug34077_041' into bug34077_042
2020-04-30 22:59:08 -04:00
Nick Mathewson
d7e166bd95
Fix a GCC 10.0.1 compilation warning.
...
Fixes 34077 for 0.4.1; bugfix on 0.4.0.3-alpha. (Specifically, GCC
first gives this warning for 9eeff921ae
)
2020-04-30 22:56:31 -04:00
teor
6dc9930d3a
Merge branch 'pr1870_squashed'
2020-04-30 22:22:09 +10:00
Neel Chauhan
7bf257b129
Define and use TOR_ADDRPORT_BUF_LEN
2020-04-30 22:21:48 +10:00
teor
3eca667ae4
relay: Fix a comment typo in the selftest.c header
2020-04-30 13:54:40 +10:00
Nick Mathewson
49800cf539
Merge remote-tracking branch 'tor-github/pr/1864/head'
2020-04-29 19:16:40 -04:00
teor
15a4180a7e
relay: Refactor can extend over IPv6 checks
...
Split "can extend over IPv6" and "has advertised IPv6 ORPort" into
separate functions. They currently have the same result, but this may
change in 33818 with ExtendAllowIPv6Addresses.
Part of 33817.
2020-04-30 06:54:42 +10:00
teor
066d2deb3d
channel: Refactor matches target address function
...
Refactor channel_matches_target_addr_for_extend() to return a boolean
result.
Part of 33817.
2020-04-30 06:54:42 +10:00
teor
496ddd2877
relay: Refactor extend address validity function
...
Rename the function, and give it a boolean return value.
No behaviour change.
Part of 33817.
2020-04-30 06:54:42 +10:00
teor
cd7e2fc210
net: Make all address bytes functions take uint8_t *
...
Part of 33817.
2020-04-30 06:54:42 +10:00
teor
f62b051e87
Rename tor_addr_get_ipv6_bytes to tor_addr_copy_ipv6_bytes
...
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
tor_addr_get_ipv6_bytes tor_addr_copy_ipv6_bytes
2020-04-30 05:54:39 +10:00
teor
bcec1ec071
relay: Refactor choosing extend IPs
...
Flatten the logic in circuit_choose_ip_ap_for_extend().
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
df5ea29775
relay: Add tests for choosing extend IPs
...
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
9a6186c267
relay: Refactor circuit_open_connection_for_extend()
...
Refactor circuit_open_connection_for_extend(), splitting out the IP
address choice code into a new function.
Adds unit tests. No behaviour changes in tor.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
cab05a84cd
relay: Add IP version tests for circuit extends
...
Add IPv4-only and IPv6-only tests for
circuit_open_connection_for_extend().
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
c3e058dfac
relay: Choose between IPv4 and IPv6 extends at random
...
When an EXTEND2 cell has an IPv4 and an IPv6 address, choose one of them
uniformly at random.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
a0b12f3cd4
relay/circuitbuild: Refactor open connection for extend
...
Re-use the newly created extend_info to launch the connection in
circuit_open_connection_for_extend().
No behaviour change.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
063505446f
test/circuitbuild: Disable some tests when ALL_BUGS_ARE_FATAL
...
Some tests use IF_BUG_ONCE(), which is fatal when ALL_BUGS_ARE_FATAL,
after the fixes in 33917.
Also run "make autostyle" on these changes.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
6c458d2d6e
log/util_bug: Make IF_BUG_ONCE() support ALL_BUGS_ARE_FATAL
...
... and DISABLE_ASSERTS_IN_UNIT_TESTS.
Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL and
DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes.
Implements these modes for IF_BUG_ONCE(). (It used to log a non-fatal
warning, regardless of the debugging mode.)
Fixes bug 33917; bugfix on 0.2.9.1-alpha.
2020-04-29 22:43:09 +10:00
teor
16f3f6a1af
relay/circuitbuild: Re-use IPv6 connections for circuits
...
Search for existing connections using the remote IPv4 and IPv6
addresses.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
ec5f4f3c5a
relay/circuitbuild: Report IPv6 addresses in a debug log
...
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
f8f688b309
channel: Make channel_matches_target_addr_for_extend() static
...
It isn't used outside channel.c.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
bad1181b5d
relay/circuitbuild: Consider IPv6-only extends valid
...
Allow extend cells with IPv6-only link specifiers.
Warn and fail if both IPv4 and IPv6 are invalid.
Also warn if the IPv4 or IPv6 addresses are unexpectedly internal,
but continue with the valid address.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
7cef02ec1f
test/circuitbuild: Show bad addresses in some logs
...
Disable SafeLogging for some extend tests, so we can check the actual
addresses.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
44f71e08c4
relay: Log the address in circuit protocol warnings
...
Always log the address family in extend protocol warnings.
If SafeLogging is 0, also log the address and port.
Diagnostics for 33817.
2020-04-29 22:43:09 +10:00
teor
a72e017e7f
net: Add fmt_addrport_ap() and fmt_addr_family()
...
Add fmt_addrport_ap(), a macro that takes a tor_addr_port_t, and uses
it to call fmt_addrport().
Add fmt_addr_family(), a function that returns a string constant
describing the address family.
Utility functions for 33817.
2020-04-29 22:43:09 +10:00
teor
e9d04b05c6
net: Remove an extra space in address.h
2020-04-29 22:43:09 +10:00
teor
ffc2fd001a
relay: Refactor address checks into a function
...
No behaviour change.
Part of 33817.
2020-04-29 22:43:09 +10:00
teor
07c008c672
relay: Refactor address and port checks
...
tor_addr_port_is_valid_ap(ap, 0) checks if the address or port are
zero, exactly like the previous code.
Preparation for 33817.
2020-04-29 22:43:09 +10:00
teor
587a7fbcf6
core/or: Check extends for zero addresses and ports
...
Check for invalid zero IPv4 addresses and ports, when sending and
receiving extend cells.
Fixes bug 33900; bugfix on 0.2.4.8-alpha.
2020-04-29 22:43:09 +10:00
teor
f6c8a8c538
test/cell_formats: Expand the IPv6-only EXTEND2 test
...
Part of 33901.
2020-04-29 22:43:09 +10:00
teor
bd6ab90ad4
core/or: Support IPv6 EXTEND2 cells
...
Allow clients and relays to send dual-stack and IPv6-only EXTEND2 cells.
Parse dual-stack and IPv6-only EXTEND2 cells on relays.
Relays do not make connections or extend circuits via IPv6: that's the
next step.
Closes ticket 33901.
2020-04-29 22:43:09 +10:00
Nick Mathewson
cbe9e56590
Merge remote-tracking branch 'tor-github/pr/1868/head'
2020-04-29 08:32:44 -04:00
teor
3253c357ee
Run "make autostyle"
2020-04-29 22:08:33 +10:00
teor
6eec43161a
rand: Clarify the crypto_rand_uint() range
2020-04-29 21:50:37 +10:00
teor
398e0e0247
nodelist: Remove an outdated comment
...
Part of 33817.
2020-04-29 21:50:26 +10:00
teor
7517e1b5d3
channeltls: Clarify a relay impersonation defence
...
Clarify the comments in channel_tls_matches_target_method(), and make
it clear that the attack is a covert attack.
2020-04-28 21:11:10 +10:00
Nick Mathewson
4dd4dbf046
Merge remote-tracking branch 'onionk/inbufoverflow1-043' into ticket33131_044
2020-04-24 08:15:53 -04:00
Nick Mathewson
7f9eaec538
Merge remote-tracking branch 'tor-github/pr/1862/head'
2020-04-24 08:14:59 -04:00
Nick Mathewson
b2849f449b
Merge branch 'maint-0.4.3'
2020-04-21 12:22:37 -04:00
teor
42507429ce
channeltls: Stop truncating IPv6 in logs
...
Stop truncating IPv6 addresses and ports in channel and connection logs.
Fixes bug 33918; bugfix on 0.2.4.4-alpha.
2020-04-21 12:22:30 -04:00
teor
e3b1e617ae
test/channel: Fix a comment typo
2020-04-15 19:45:56 +10:00
Nick Mathewson
77e65076ab
Merge remote-tracking branch 'tor-github/pr/1860/head'
2020-04-14 11:52:00 -04:00
teor
a2daca594b
core/or: Update file comment in connection_or.c
...
Fix a typo, and say "v3 (and later) handshake".
Comment-only change.
2020-04-14 14:55:37 +10:00
teor
8c55d34e0a
core/or: Accurately log remote relay IPv6 addresses
...
Log IPv6 addresses on connections where this relay is the responder.
Previously, responding relays would replace the remote IPv6 address with
the IPv4 address from the consensus.
(The port is replaced with the IPv6 ORPort from the consensus, we will
resolve this issue in 33898.)
Fixes bug 33899; bugfix on 0.3.1.1-alpha.
2020-04-14 12:21:49 +10:00
teor
41fa07f751
core/or: Allow IPv6 connections to be canonical
...
Consider IPv6 addresses when checking if a connection is canonical.
In 17604, relays assumed that a remote relay could consider an IPv6
connection canonical, but did not set the canonical flag on their side
of the connection.
Fixes bug 33899; bugfix on 0.3.1.1-alpha.
2020-04-14 12:16:48 +10:00
teor
ab8ff32bec
core/or: Remove unused function prototype
...
Remove the unused function prototype for connection_or_get_for_extend().
There is no function implementation.
Part of 33817.
2020-04-14 10:37:20 +10:00
Nick Mathewson
2e80d7f193
bump to 0.4.3.4-rc-dev
2020-04-13 17:02:20 -04:00
Nick Mathewson
e22a8d9c95
Merge branch 'maint-0.4.3'
2020-04-13 14:14:41 -04:00
Nick Mathewson
55cb6c3fcd
Merge branch 'bug33545_043_squashed' into maint-0.4.3
2020-04-13 14:13:44 -04:00
George Kadianakis
f2f718bca5
hs-v3: Change all-zeroes hard-assert to a BUG-and-err.
...
And also disallow all-zeroes keys from the filesystem; add a test for it too.
2020-04-13 14:13:33 -04:00
George Kadianakis
37bcc9f3d2
hs-v3: Don't allow registration of an all-zeroes client auth key.
...
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().
We fixed that by making sure that an all-zeroes client auth key will not be
used.
There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
2020-04-13 14:13:33 -04:00
Neel Chauhan
a638514783
Fix typo in router_build_fresh_unsigned_routerinfo() comment
2020-04-12 12:43:21 -07:00
Nick Mathewson
80031db32a
Merge remote-tracking branch 'tor-github/pr/1801/head'
2020-04-09 11:50:20 -04:00
Nick Mathewson
bfea7a7326
bump to 0.4.3.4-rc
2020-04-09 08:38:41 -04:00
Nick Mathewson
25729910af
Merge branch 'maint-0.4.3'
2020-04-09 08:33:36 -04:00
Nick Mathewson
c4da0a5094
Add fsync to list of syscalls permitted by sandbox
...
(Our fix for 33087 requires this, I believe.)
2020-04-09 08:33:19 -04:00
Nick Mathewson
c2aea6134a
Merge remote-tracking branch 'tor-github/pr/1723/head' into maint-0.4.3
2020-04-09 08:30:14 -04:00
Nick Mathewson
29693b83bc
Make sure that we free 'addr' at the end of a pair of addr tests
...
Fixes a couple of Coverity warnings about possible memory leaks.
Bug not in any released Tor.
2020-04-09 07:54:23 -04:00
David Goulet
cca9e1c803
hs-v3: Several fixes after #32542 review
...
asn: Accidentally left this commit out when merging #32542 , so cherry-picking
it now.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-09 13:59:18 +03:00
teor
f6efb3a184
Merge branch 'pr1854_squashed' into maint-0.4.3
...
Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6).
2020-04-09 11:05:59 +10:00
David Goulet
cd2121a126
client: Revert setting PreferIPv6 on by default
...
This change broke torsocks that by default is expecting an IPv4 for hostname
resolution because it can't ask tor for a specific IP version with the SOCKS5
extension.
PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that
was expecting an IPv4.
Torsocks is probably a very unique case because the runtime flow is that it
hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back
for the connect() to happen.
The libc has DNS resolution functions that allows the caller to request a
specific INET family but torsocks can't tell tor to resolve the hostname only
to an IPv4 or IPv6 and thus by default fallsback to IPv4.
Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x
series in the hope that we add this SOCKS5 extension to tor for DNS resolution
and then change torsocks to use that.
Fixes #33804
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-09 11:05:32 +10:00
teor
2d6f00e45b
Merge branch 'maint-0.4.2' into maint-0.4.3
2020-04-09 11:03:34 +10:00
teor
2d7e08d57e
Merge branch 'maint-0.4.1' into maint-0.4.2
2020-04-09 11:03:27 +10:00
teor
987f2fa50a
Merge branch 'maint-0.3.5' into maint-0.4.1
2020-04-09 11:03:20 +10:00
teor
d380acaeca
Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
2020-04-09 11:02:49 +10:00
teor
cb262930f5
relay: Run "make autostyle"
...
But only take the changes from the relay module.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
00a45a900e
test/circuitbuild: Add a test for onionskin_answer()
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
d79e5d52bc
relay/circuitbuild: Refactor circuit_extend()
...
Make the "else" case explicit at the end of the function.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
6d75f3244f
test/circuitbuild: Add tests for circuit_extend()
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2b66429fcf
core/or: Make some functions mockable
...
Preparation for testing circuit_extend().
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
8f3cbe755b
channel: Rewrite the channel_get_for_extend() comments
...
Explain what the function does now.
Fix some typos.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
7bc3413322
test/circuitbuild: Add tests for open_connection_for_extend
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
42fdbbb50b
circuitbuild: Make some functions mockable
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
46980d767d
test/circuitbuild: Add tests for extend_lspec_valid
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
327688b968
test/circuitbuild: Make some tests fork
...
Since we're testing IF_BUG_ONCE(), we need to fork.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
cbfb826513
test/circuitbuild: Tests for adding ed25519 keys
...
Add tests for circuit_extend_add_ed25519_helper().
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
f8fef609f6
nodelist: Make some functions mockable
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
eb11c9d07c
test/circuitbuild: Add a test for extend_state_valid
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
7261078566
test/circuitbuid: Fix new_route_len_unhandled_exit
...
Make test_new_route_len_unhandled_exit more robust, by always tearing
down logs. (Rather than just tearing them down on success.)
2020-04-09 11:00:04 +10:00
teor
3334f63516
test/circuitbuild: Refactor test case array
...
Avoid repeating test names.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
ec632b01db
relay: End circuitbuild logs with "."
...
Consistent logs make testing easier.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
4f9f56be47
relay: Check for NULL arguments in circuitbuild
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
b10b287589
relay: Make circuitbuild functions STATIC
...
Allow the circuitbuild_relay functions to be accessed by the unit tests.
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
44f634d0be
relay: Remove a redundant function return value
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
ca9565b9f7
relay: Split out opening a connection for an extend
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2640030b10
relay: Refactor some long lines from circuit_extend()
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
5cb2bbea7d
relay: Split link specifier checks from circuit_extend()
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
2563d74a5c
relay: Split state checks out of circuit_extend()
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
beee9ca608
relay: Improve the comments on onionskin_answer()
...
Part of 33633.
2020-04-09 11:00:04 +10:00
teor
c9b674d511
relay: Protocol warn when a client gets an extend
...
circuit_extend() may be called when a client receives an extend cell,
even if the relay module is disabled.
Log a protocol warning when the relay module is disabled.
Part of 33633.
2020-04-09 10:59:51 +10:00
Roger Dingledine
9bd73da7cf
fix typos from #32542
2020-04-08 19:13:52 -04:00
George Kadianakis
7a82c972ef
Merge branch 'tor-github/pr/1857'
2020-04-08 18:15:37 +03:00
David Goulet
9b72a561f5
test: Unit test for missing ExtendedErrors
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 18:15:21 +03:00
David Goulet
c1bf819a31
Merge branch 'maint-0.4.3'
2020-04-08 09:42:13 -04:00
Mrigyen Sawant
34faee0600
Correct 'was not internal' to 'was internal' in test_external_ip()
2020-04-08 09:41:58 -04:00
George Kadianakis
0b0b8a5b6d
Merge branch 'tor-github/pr/1855'
2020-04-08 16:31:37 +03:00
David Goulet
6ab11bbf30
hs-v3: Report SOCKS ExtendedErrors when all intro timed out
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00
David Goulet
cf39276f78
hs-v3: Report rendezvous circuit failure SOCKS ExtendedErrors
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00
David Goulet
fdd6352506
hs-v3: Report introduction failure SOCKS ExtendedErrors
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-04-08 07:56:54 -04:00