Commit Graph

27201 Commits

Author SHA1 Message Date
Nick Mathewson
67a313f0ec Merge branch 'maint-0.2.5' into maint-0.2.9 2018-03-13 10:58:02 -04:00
Karsten Loesing
3418a3a7f0 Update geoip and geoip6 to the March 8 2018 database. 2018-03-13 10:57:49 -04:00
Nick Mathewson
094294dbb1 Merge branch 'bug25474_032' into maint-0.3.2 2018-03-13 13:41:11 +01:00
Nick Mathewson
53a807e1e9 Add a missing prototype to our libevent configure stanza.
Fixes bug 25474; bugfix on 0.3.2.5-alpha.
2018-03-13 13:37:26 +01:00
Isis Lovecruft
9191d962f9
changes: Fix changes file for bug25450.
It didn't like me insulting my patch, I guess.
2018-03-08 20:50:57 +00:00
Isis Lovecruft
0545f64d24
test: Increase time limit for IP creation in an HS test.
This should avoid most intermittent test failures on developer and CI machines,
but there could (and probably should) be a more elegant solution.

Also, this test was testing that the IP was created and its expiration time was
set to a time greater than or equal to `now+INTRO_POINT_LIFETIME_MIN_SECONDS+5`:

    /* Time to expire MUST also be in that range. We add 5 seconds because
     * there could be a gap between setting now and the time taken in
     * service_intro_point_new. On ARM, it can be surprisingly slow... */
    tt_u64_op(ip->time_to_expire, OP_GE,
              now + INTRO_POINT_LIFETIME_MIN_SECONDS + 5);

However, this appears to be a typo, since, according to the comment above it,
adding five seconds was done because the IP creation can be slow on some
systems.  But the five seconds is added to the *minimum* time we're comparing
against, and so it actually functions to make this test *more* likely to fail on
slower systems.  (It should either subtract five seconds, or instead add it to
time_to_expire.)

 * FIXES #25450: https://bugs.torproject.org/25450
2018-03-08 20:50:50 +00:00
Nick Mathewson
0026d1a673 bump version to 0.3.2.10-dev 2018-03-03 11:33:27 -05:00
Nick Mathewson
d81a5231ee Merge branch 'maint-0.3.1' into maint-0.3.2
"ours" merge to avoid version bump
2018-03-03 11:33:02 -05:00
Nick Mathewson
0aa794d309 version bump to 0.3.1.10-dev 2018-03-03 11:32:51 -05:00
Nick Mathewson
2e2aacca2a Merge branch 'maint-0.2.9' into maint-0.3.1
"ours" merge to avoid version bump.
2018-03-03 11:32:29 -05:00
Nick Mathewson
9eb6f9d3c8 Bump version to 0.2.9.15-dev 2018-03-03 11:32:16 -05:00
Nick Mathewson
1ec386561e version bump to 0.3.2.10 2018-03-01 16:43:35 -05:00
Nick Mathewson
5b0ae08400 Merge branch 'maint-0.3.1' into maint-0.3.2
"ours" to avoid version bump.
2018-03-01 16:43:10 -05:00
Nick Mathewson
c527a8a9c9 Update to 0.3.1.10 2018-03-01 16:43:01 -05:00
Nick Mathewson
805a785780 Merge branch 'maint-0.2.9' into maint-0.3.1
"ours" merge to avoid version bump.
2018-03-01 16:42:25 -05:00
Nick Mathewson
35753c0774 version bump to 0.2.9.15 2018-03-01 16:42:17 -05:00
Nick Mathewson
d01abb9346 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-01 16:07:59 -05:00
Nick Mathewson
d4a758e083 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-01 16:07:59 -05:00
Nick Mathewson
c1bb8836ff Protover tests: disable some obsoleted tests
These were meant to demonstrate old behavior, or old rust behavior.

One of them _should_ work in Rust, but won't because of
implementation details.  We'll fix that up later.
2018-03-01 16:05:17 -05:00
Nick Mathewson
c5295cc1be Spec conformance on protover: always reject ranges where lo>hi 2018-03-01 16:05:17 -05:00
Nick Mathewson
1fe0bae508 Forbid UINT32_MAX as a protocol version
The C code and the rust code had different separate integer overflow
bugs here.  That suggests that we're better off just forbidding this
pathological case.

Also, add tests for expected behavior on receiving a bad protocol
list in a consensus.

Fixes another part of 25249.
2018-03-01 16:05:17 -05:00
Nick Mathewson
8b405c609e Forbid "-0" as a protocol version.
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
2018-03-01 16:05:17 -05:00
Nick Mathewson
0953c43c95 Add more of Teor's protover tests.
These are as Teor wrote them; I've disabled the ones that don't pass
yet, with XXXX comments.
2018-03-01 16:05:17 -05:00
Nick Mathewson
d3a1bdbf56 Add some protover vote round-trip tests from Teor.
I've refactored these to be a separate function, to avoid tricky
merge conflicts.

Some of these are disabled with "XXXX" comments; they should get
fixed moving forward.
2018-03-01 16:05:17 -05:00
Nick Mathewson
a83650852d Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly
signed consensus, so it's not as bad as 25074.

Fixes bug 25251; also tracked as TROVE-2018-004.
2018-03-01 16:05:17 -05:00
Nick Mathewson
65f2eec694 Correctly handle NULL returns from parse_protocol_list when voting.
In some cases we had checked for it, but in others we had not.  One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.

Fixes TROVE-2018-001.
2018-03-01 16:05:17 -05:00
Taylor Yu
09484b9449 Document how to allow partial Travis failures
Add some commented-out allow_failures clauses to make it easier to
temporarily allow less-critical sub-builds to fail while still
reporting success.
2018-03-01 13:18:33 -06:00
Nick Mathewson
bcfb034957 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-21 11:53:50 -05:00
Nick Mathewson
ac1942ac58 Update the .gitmodules to refer to project-level tor-rust-dependencies
Closes most of #25323.
2018-02-21 11:53:04 -05:00
Nick Mathewson
bd71e0a0c8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-16 09:54:13 -05:00
Nick Mathewson
2bcd264a28 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-16 09:48:11 -05:00
Nick Mathewson
cb92d47dec Merge remote-tracking branch 'dgoulet/ticket24902_029_05' into maint-0.2.9 2018-02-16 09:41:06 -05:00
Nick Mathewson
c67adddacb Remove changes file for 24898-029 backports in maint-0.3.2
These patches were already merged, and so don't need a changes file
in these branches.
2018-02-16 08:48:46 -05:00
Nick Mathewson
c8b087d901 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-16 08:47:41 -05:00
Nick Mathewson
3930ffdf63 Merge branch 'maint-0.2.9' into maint-0.3.1
"ours" merge to avoid conflicts with the cherry-picked fix for 24898.
2018-02-16 08:47:12 -05:00
Roger Dingledine
d21e5cfc24 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.

[Cherry-picked]
2018-02-16 08:46:57 -05:00
Roger Dingledine
2b99350ca4 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
2018-02-16 08:46:31 -05:00
Roger Dingledine
8d5dcdbda2 backport to make channel_is_client() accurate
This commit takes a piece of commit af8cadf3a9 and a piece of commit
46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.
2018-02-16 08:39:10 -05:00
Nick Mathewson
cb9a322b67 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-13 16:55:19 -05:00
Nick Mathewson
f647035b37 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-13 16:55:18 -05:00
Taylor Yu
f0ed7895ca fix make check-changes 2018-02-13 15:07:55 -06:00
David Goulet
e7f6314782 Make check-changes happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 14:56:31 -05:00
David Goulet
9cf8d669fa man: Document default values if not in the consensus for DoS mitigation
Fixes #25236

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 14:21:47 -05:00
David Goulet
b60ffc5ce0 Merge remote-tracking branch 'dgoulet/bug25223_029_01' into ticket24902_029_05 2018-02-13 13:11:10 -05:00
David Goulet
305e39d0f8 dos: Add extra safety asserts in cc_stats_refill_bucket()
Never allow the function to set a bucket value above the allowed circuit
burst.

Closes #25202

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:41:21 -05:00
David Goulet
4fe4f8179f dos: Don't set consensus param if we aren't a public relay
We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.

Fixes #25223

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:35:41 -05:00
Nick Mathewson
b062730a11 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-13 08:50:59 -05:00
Nick Mathewson
17a923941a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-13 08:50:58 -05:00
David Goulet
e658dad625 dirserv: Improve returned message when relay is rejected
Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.

Fixes #25170

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 08:47:42 -05:00
Nick Mathewson
1555946e20 Have tor_addr hashes return a randomized hash for AF_UNSPEC.
We don't expect this to come up very much, but we may as well make
sure that the value isn't predictable (as we do for the other
addresses) in case the issue ever comes up.

Spotted by teor.
2018-02-12 11:14:36 -05:00