Commit Graph

17836 Commits

Author SHA1 Message Date
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00
Linus Nordberg
129f26e959 Make tor-gencert create 2048 bit signing keys. 2013-12-12 17:39:22 +01:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
9c048d90b6 Merge remote-tracking branch 'public/bug10131_024' 2013-12-09 11:06:20 -05:00
Nick Mathewson
c56bb30044 Remove a check in channeltls.c that could never fail.
We were checking whether a 8-bit length field had overflowed a
503-byte buffer. Unless somebody has found a way to store "504" in a
single byte, it seems unlikely.

Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found
by David Fifield with STACK.
2013-12-09 11:02:34 -05:00
David Fifield
b600495441 Set CREATE_NO_WINDOW in tor_spawn_background.
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.

http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW

The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.

https://trac.torproject.org/projects/tor/ticket/9444#comment:30
2013-12-05 12:30:11 -05:00
Nick Mathewson
c64d522740 Merge branch 'bug4677' 2013-11-25 10:56:52 -05:00
Nick Mathewson
8f9c847fbf Restore prop198 behavior from 4677 patch
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.

Bug not in any released Tor.
2013-11-25 10:53:37 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
acd8c4f868 Avoid warning about impossible check for flags & 0
Fixes CID 743381
2013-11-22 12:42:05 -05:00
Nick Mathewson
23dae51976 Only update view of micrdescriptor pos if pos is fetchable.
It's conceivable (but probably impossible given our code) that lseek
could return -1 on an error; when that happens, we don't want off to
become -1.

Fixes CID 1035124.
2013-11-22 12:38:58 -05:00
Nick Mathewson
a7410c9199 Add checks to prevent memcmp(.,.,negative) in tests (CID 1064417) 2013-11-22 12:33:25 -05:00
Nick Mathewson
569dbcc615 Fix another unit test memory leak. CID1087949,CID1087950. 2013-11-22 12:27:41 -05:00
Nick Mathewson
7c76fd5a82 Fix a bunch of coverity-spotted unit test resource leaks
CIDs: 1130994, 1130993, 1130992, 1130991
2013-11-22 12:21:14 -05:00
Nick Mathewson
6f7eb7a0a5 Remove needless fd var from test. CID 1130989. 2013-11-22 12:16:17 -05:00
Nick Mathewson
6cbd17470d Handle unlikely negative time in tor_log_err_sigsafe
Coverity wants this; CID 1130990.
2013-11-22 12:14:11 -05:00
Nick Mathewson
027f4c82eb Whitespace cleanup 2013-11-20 11:05:00 -05:00
Nick Mathewson
03da9be2f1 Merge remote-tracking branch 'sysrqb/bug9859_5' 2013-11-20 11:03:37 -05:00
Nick Mathewson
e7165659e0 Fix crypto/digests test 2013-11-18 13:33:29 -05:00
Nick Mathewson
a7c9d64fd6 Merge branch 'finish_prop157' 2013-11-18 13:27:06 -05:00
Nick Mathewson
ec9d88e5a2 Tweak #10162 documentation a bit 2013-11-18 13:26:58 -05:00
Nick Mathewson
3cdd7966d7 Add a _GNU_SOURCE definition to backtrace.c to fix compilation 2013-11-18 13:05:23 -05:00
Nick Mathewson
d0f9a2b846 Whoops; changes files belong in changes. 2013-11-18 12:49:12 -05:00
Nick Mathewson
9025423471 Whoops -- add missing defined(). 2013-11-18 11:36:23 -05:00
Nick Mathewson
93c99508d2 Make header includes match declarations in pc_from_ucontext.m4
With any luck, this will clean up errors where we detect that
REG_{EIP,RIP} is present in autoconf, but when we go to include it,
it isn't there.
2013-11-18 11:34:15 -05:00
Nick Mathewson
adf2fa9b49 Fix compilation under openssl 0.9.8
It's not nice to talk about NID_aes_{128,256}_{ctr,gcm} when they
don't exist.

Fix on 84458b79a78ea7e26820bf0; bug not in any released Tor.
2013-11-18 11:25:07 -05:00
Nick Mathewson
bd25bda7c0 Remove 'struct timeval now' that was shadowing 'struct timeval now'.
This was a mistake in the merge commit 7a2b30fe16. It
would have made the CellStatistics code give completely bogus
results. Bug not in any released Tor.
2013-11-18 11:20:35 -05:00
Nick Mathewson
4b9ec85e47 Fix whitespace 2013-11-18 11:13:40 -05:00
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup.
Fixes ticket 10043; patch from Joshua Datko.
2013-11-18 11:12:24 -05:00
Nick Mathewson
fe0d1c6661 Merge branch 'backtrace_squashed_merged' 2013-11-18 11:01:31 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
c81f64ab44 Improve backtrace changes file 2013-11-18 10:48:14 -05:00
Nick Mathewson
c2dfae78d3 Refactor format_*_number_sigsafe to have a common implementation 2013-11-18 10:43:16 -05:00
Nick Mathewson
c3ea946839 Reseolve DOCDOC and XXXXs in backtrace.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
56e3f056e9 Tests for backtrace.c
These need to be a separate executable, since the point of backtrace.c
is that it can crash and write stuff.
2013-11-18 10:43:15 -05:00
Nick Mathewson
0cf234317f Unit tests for new functions in log.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
d631ddfb59 Make backtrace handler handle signals correctly.
This meant moving a fair bit of code around, and writing a signal
cleanup function.  Still pretty nice from what I can tell, though.
2013-11-18 10:43:15 -05:00
Nick Mathewson
2662885aa9 Use pc_from_ucontext.m4 from Google Performance Tools
This M4 module lets us learn the right way (out of at least 18
possibilities) to extract the current PC for stack-trace-fixup-in-signal
purposes.  The Google Performance Tools license is 3-clause BSD.
2013-11-18 10:43:15 -05:00
Nick Mathewson
ce8ae49c94 Improve new assertion message logging
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
b0023083c4 On Linux (and some other systems) we need -rdynamic for backtraces 2013-11-18 10:43:14 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Roger Dingledine
dfc1b62fc5 forward-port the 0.2.4.18-rc changelog 2013-11-16 23:02:26 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
9e90707602 Merge branch 'bug9093_023' into maint-0.2.3 2013-11-15 15:23:51 -05:00
Nick Mathewson
f6e07c158f Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha.  All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.

The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
2013-11-14 09:37:41 -05:00
Nick Mathewson
4aa9affec2 Fix test_cmdline_args to work with old openssl
If openssl was old, Tor would add a warning about its version in
between saying "no torrc found, using reasonable defaults" and
"configuration was valid".
2013-11-11 15:22:08 -05:00