Commit Graph

24182 Commits

Author SHA1 Message Date
Nick Mathewson
c4c5ee8cd4 Merge branch 'maint-0.2.9' 2017-02-07 08:39:48 -05:00
Nick Mathewson
0f46f7d1ec Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-07 08:39:39 -05:00
Nick Mathewson
7b24f3e0fe Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-07 08:39:33 -05:00
Nick Mathewson
eb72365554 Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 08:39:25 -05:00
Nick Mathewson
8936c50d83 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:39:07 -05:00
Nick Mathewson
05ec055c41 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:38:59 -05:00
Nick Mathewson
51675f97d3 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 2017-02-07 08:37:07 -05:00
Nick Mathewson
da0d5ad983 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:34:37 -05:00
Nick Mathewson
332543baed Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:34:08 -05:00
Nick Mathewson
6cb8c0fd4e Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
2017-02-07 08:33:51 -05:00
teor (Tim Wilson-Brown)
fb7d1f41b4 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2017-02-07 08:33:39 -05:00
Nick Mathewson
640b402232 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:32:10 -05:00
John Brooks
053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
54ec335434 Bump to 0.3.0.3-alpha-dev 2017-02-03 13:58:50 -05:00
Nick Mathewson
bb2ea3642d a few more changelog edits 2017-02-03 13:44:20 -05:00
Nick Mathewson
353f1235bc changelog fixes; thanks dgoulet! 2017-02-03 13:29:16 -05:00
Nick Mathewson
7878668cab Add a blurb, edit the changelog 2017-02-03 12:04:40 -05:00
Nick Mathewson
39606aece5 Fix "make distcheck".
I had forgotten to include the fuzz_static_testcases.sh script in
EXTRA_DIST.
2017-02-03 12:04:08 -05:00
Nick Mathewson
80a5beae62 Bump version to 0.3.0.3-alpha 2017-02-03 11:33:11 -05:00
Nick Mathewson
a54b269c95 Start on an 0.3.0.3-alpha changelog 2017-02-03 10:50:36 -05:00
Nick Mathewson
bc9121d5c9 Merge branch 'bug21372_squashed' 2017-02-03 10:35:23 -05:00
Nick Mathewson
19e25d5cab Prevention: never die from extend_info_from_node() failure.
Bug 21242 occurred because we asserted that extend_info_from_node()
had succeeded...even though we already had the code to handle such a
failure.  We fixed that in 93b39c5162.

But there were four other cases in our code where we called
extend_info_from_node() and either tor_assert()ed that it returned
non-NULL, or [in one case] silently assumed that it returned
non-NULL. That's not such a great idea.  This patch makes those
cases check for a bug of this kind instead.

Fixes bug 21372; bugfix on 0.2.3.1-alpha when
extend_info_from_node() was introduced.
2017-02-03 10:35:07 -05:00
Nick Mathewson
0740d67e54 further lintchanges fixes 2017-02-03 10:24:40 -05:00
Nick Mathewson
9d5a9feb40 Merge branch 'dgoulet/bug21302_030_01_squashed' 2017-02-03 09:54:24 -05:00
David Goulet
eea763400f hs: Remove intro point expiring node if no circuit
Once a second, we go over all services and consider the validity of the intro
points. Now, also try to remove expiring nodes that have no more circuit
associated to them. This is possible if we moved an intro point object
previously to that list and the circuit actually timed out or was closed by
the introduction point itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:07 -05:00
David Goulet
8573d99470 hs: Fix an underflow in rend_service_intro_has_opened()
In rend_service_intro_has_opened(), this is subject to a possible underflow
because of how the if() casts the results. In the case where the expiring
nodes list length is bigger than the number of IP circuits, we end up in the
following situation where the result will be cast to an unsigned int. For
instance, "5 - 6" is actually a BIG number.

Ultimately leading to closing IP circuits in a non stop loop.

Partially fixes #21302.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:06 -05:00
Nick Mathewson
1ec429d07d Merge remote-tracking branch 'dgoulet/bug20980_030_01' 2017-02-03 09:44:31 -05:00
cypherpunks
27df23abb6 Use the standard OpenBSD preprocessor definition 2017-02-03 09:37:39 -05:00
Nick Mathewson
c103ce995b Fix all warnings from lintchanges 2017-02-03 09:34:10 -05:00
Nick Mathewson
0f79fb51e5 dirauth: Fix for calling routers unreachable for wrong ed25519
Previously the dirserv_orconn_tls_done() function would skip routers
when they advertised an ed25519 key but didn't present it during the
link handshake.  But that covers all versions between 0.2.7.2-alpha
and 0.2.9.x inclusive!

Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02 10:37:25 -05:00
Nick Mathewson
d732409402 In dirserv_single_reachability_test, node can be const. 2017-02-02 09:36:36 -05:00
Nick Mathewson
96dce88d80 Merge remote-tracking branch 'dgoulet/bug21294_030_02' 2017-02-02 09:07:20 -05:00
David Goulet
5f6d53cefa test: Fix test after log message changed in #21294
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 09:03:14 -05:00
Nick Mathewson
6777cd0a84 Merge remote-tracking branch 'public/bug21356_029' 2017-02-02 09:03:13 -05:00
Nick Mathewson
b11f00c153 Merge branch 'bug21294_030_01_squashed' 2017-02-02 08:48:20 -05:00
David Goulet
83df359214 config: Stop recommending Tor2web if in non anonymous mode
Because we don't allow client functionalities in non anonymous mode,
recommending Tor2web is a bad idea.

If a user wants to use Tor2web as a client (losing all anonymity), it should
run a second tor, not use it with a single onion service tor.

Fixes #21294.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 08:47:59 -05:00
Nick Mathewson
fc3e742b5b Merge remote-tracking branch 'ahf/ahf/bugs/21266' 2017-02-02 08:40:05 -05:00
Nick Mathewson
2d2ab29ce8 Merge remote-tracking branch 'asn/bug21052' 2017-02-01 15:53:16 -05:00
Alexander Færøy
7eb7af08d9 Add checks for expected log messages in test_hs_intropoint.
This patch adds checks for expected log messages for failure cases of
different ill-formed ESTABLISH_INTRO cell's.

See: https://bugs.torproject.org/21266
2017-02-01 19:01:07 +00:00
David Goulet
cc0342a2ae hs: Fix possible integer underflow with IP nodes
In rend_consider_services_intro_points(), we had a possible interger underflow
which could lead to creating a very large number of intro points. We had a
safe guard against that *except* if the expiring_nodes list was not empty
which is realistic thing.

This commit removes the check on the expiring nodes length being zero. It's
not because we have an empty list of expiring nodes that we don't want to open
new IPs. Prior to this check, we remove invalid IP nodes from the main list of
a service so it should be the only thing to look at when deciding if we need
to create new IP(s) or not.

Partially fixes #21302.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 11:07:09 -05:00
Nick Mathewson
77788fa537 Fix a memory-leak in fuzz_vrs.c 2017-02-01 10:57:01 -05:00
Nick Mathewson
ec1b8020d5 Merge remote-tracking branch 'dgoulet/bug21290_030_01' 2017-02-01 10:44:45 -05:00
Nick Mathewson
24551d64ad Merge branch 'maint-0.2.9' 2017-02-01 10:39:59 -05:00
Nick Mathewson
b928095afc Rework 21359 changes file slightly. 2017-02-01 10:39:48 -05:00
rubiate
e9ec818c28 Support LibreSSL with opaque structures
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
2017-02-01 10:30:49 -05:00
David Goulet
5335a8e6f8 Rename --enable-expensive-hardening configure option
It is renamed to --enable-fragile-hardening.

TROVE-2017-001 was triggerable only through the expensive hardening which is
making the tor daemon abort when the issue is detected. Thus, it makes tor
more at risk of remote crashes but safer against RCE or heartbleed bug
category.

Fixes #21290.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 10:27:10 -05:00
Nick Mathewson
f1530d0e5a Merge branch 'teor_bug21357-v2_029' 2017-02-01 09:39:25 -05:00
teor
bed94a9ed9 Changes file for 21357: Stop rejecting all IPv6 traffic on some Exits
This issue was triggered by 17027 in 0.2.8.1-alpha, which rejects a relay's
own IPv6 address.

Bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
2017-02-01 09:39:06 -05:00
teor
408c53b7a7 Scale IPv6 address counts in policy_summary_reject to avoid overflow
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.

Adjust existing unit tests, and add more to cover exceptional cases.

No IPv4 behaviour changes.

Fixes bug 21357
2017-02-01 09:39:06 -05:00
teor
4667a40ca9 Fix IPv6 support in policy_summary_reject and policy_summary_accept
This interim fix results in too many IPv6 rejections.

No behaviour change for IPv4 counts, except for overflow fixes that
would require 4 billion redundant 0.0.0.0/0 policy entries to trigger.

Part of 21357
2017-02-01 09:39:06 -05:00