nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 13:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,404 Commits 53 Branches 630 Tags 125 MiB
3eca667ae4
Commit Graph

35404 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Mathewson
55cb6c3fcd Merge branch 'bug33545_043_squashed' into maint-0.4.3 2020-04-13 14:13:44 -04:00
George Kadianakis
f2f718bca5 hs-v3: Change all-zeroes hard-assert to a BUG-and-err. 
And also disallow all-zeroes keys from the filesystem; add a test for it too.
 2020-04-13 14:13:33 -04:00
George Kadianakis
37bcc9f3d2 hs-v3: Don't allow registration of an all-zeroes client auth key. 
The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().

We fixed that by making sure that an all-zeroes client auth key will not be
used.

There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.
 2020-04-13 14:13:33 -04:00
Neel Chauhan
a638514783 Fix typo in router_build_fresh_unsigned_routerinfo() comment 2020-04-12 12:43:21 -07:00
Nick Mathewson
80031db32a Merge remote-tracking branch 'tor-github/pr/1801/head' 2020-04-09 11:50:20 -04:00
Nick Mathewson
11fbd1f064 Merge branch 'maint-0.4.3' 
"ours" to avoid version bump
 2020-04-09 08:38:59 -04:00
Nick Mathewson
bfea7a7326 bump to 0.4.3.4-rc 2020-04-09 08:38:41 -04:00
Nick Mathewson
25729910af Merge branch 'maint-0.4.3' 2020-04-09 08:33:36 -04:00
Nick Mathewson
c4da0a5094 Add fsync to list of syscalls permitted by sandbox 
(Our fix for 33087 requires this, I believe.)
 2020-04-09 08:33:19 -04:00
Nick Mathewson
c2aea6134a Merge remote-tracking branch 'tor-github/pr/1723/head' into maint-0.4.3 2020-04-09 08:30:14 -04:00
Nick Mathewson
29693b83bc Make sure that we free 'addr' at the end of a pair of addr tests 
Fixes a couple of Coverity warnings about possible memory leaks.
Bug not in any released Tor.
 2020-04-09 07:54:23 -04:00
David Goulet
cca9e1c803 hs-v3: Several fixes after #32542 review 
asn: Accidentally left this commit out when merging #32542, so cherry-picking
it now.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2020-04-09 13:59:18 +03:00
teor
f431b78465
Merge branch 'maint-0.4.3' 
"ours" merge, because we only want to remove check-best-practices
from check-local in 0.4.2 and 0.4.3.
 2020-04-09 19:42:36 +10:00
teor
1ae0839ef2
Merge branch 'maint-0.4.2' into maint-0.4.3 
Remove check-best-practices from check-local in maint-0.4.3.
(The check-local jobs are all on separate lines in 0.4.3.)
 2020-04-09 19:41:19 +10:00
Nick Mathewson
2d34d4d1af
remove practracker from check-local (0.4.2 and 0.4.3 only) 
practracker shouldn't be running in release or maint branches.
 2020-04-09 19:39:28 +10:00
teor
4e3a17facd
Merge branch 'maint-0.4.3' 
"ours" merge, to avoid taking PR 1854, which reverts
"Prefer IPv6 by default"  for 0.4.3 only.
 2020-04-09 11:06:51 +10:00
teor
f6efb3a184
Merge branch 'pr1854_squashed' into maint-0.4.3 
Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6).
 2020-04-09 11:05:59 +10:00
David Goulet
cd2121a126
client: Revert setting PreferIPv6 on by default 
This change broke torsocks that by default is expecting an IPv4 for hostname
resolution because it can't ask tor for a specific IP version with the SOCKS5
extension.

PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that
was expecting an IPv4.

Torsocks is probably a very unique case because the runtime flow is that it
hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back
for the connect() to happen.

The libc has DNS resolution functions that allows the caller to request a
specific INET family but torsocks can't tell tor to resolve the hostname only
to an IPv4 or IPv6 and thus by default fallsback to IPv4.

Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x
series in the hope that we add this SOCKS5 extension to tor for DNS resolution
and then change torsocks to use that.

Fixes #33804

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2020-04-09 11:05:32 +10:00
teor
59819b2916
Merge branch 'maint-0.4.3' 2020-04-09 11:03:40 +10:00
teor
2d6f00e45b
Merge branch 'maint-0.4.2' into maint-0.4.3 2020-04-09 11:03:34 +10:00
teor
2d7e08d57e
Merge branch 'maint-0.4.1' into maint-0.4.2 2020-04-09 11:03:27 +10:00
teor
987f2fa50a
Merge branch 'maint-0.3.5' into maint-0.4.1 2020-04-09 11:03:20 +10:00
teor
d380acaeca
Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 2020-04-09 11:02:49 +10:00
teor
75aba30abf relay: Run practracker --regen 
Lock in some file and function size improvements.

Accept some small file size and dependency increases.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
cb262930f5 relay: Run "make autostyle" 
But only take the changes from the relay module.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
00a45a900e test/circuitbuild: Add a test for onionskin_answer() 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
aa560a5ade changes: file for 33633 2020-04-09 11:00:04 +10:00
teor
d79e5d52bc relay/circuitbuild: Refactor circuit_extend() 
Make the "else" case explicit at the end of the function.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
6d75f3244f test/circuitbuild: Add tests for circuit_extend() 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
2b66429fcf core/or: Make some functions mockable 
Preparation for testing circuit_extend().

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
8f3cbe755b channel: Rewrite the channel_get_for_extend() comments 
Explain what the function does now.
Fix some typos.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
7bc3413322 test/circuitbuild: Add tests for open_connection_for_extend 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
42fdbbb50b circuitbuild: Make some functions mockable 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
46980d767d test/circuitbuild: Add tests for extend_lspec_valid 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
327688b968 test/circuitbuild: Make some tests fork 
Since we're testing IF_BUG_ONCE(), we need to fork.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
cbfb826513 test/circuitbuild: Tests for adding ed25519 keys 
Add tests for circuit_extend_add_ed25519_helper().

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
f8fef609f6 nodelist: Make some functions mockable 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
eb11c9d07c test/circuitbuild: Add a test for extend_state_valid 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
7261078566 test/circuitbuid: Fix new_route_len_unhandled_exit 
Make test_new_route_len_unhandled_exit more robust, by always tearing
down logs. (Rather than just tearing them down on success.)
 2020-04-09 11:00:04 +10:00
teor
3334f63516 test/circuitbuild: Refactor test case array 
Avoid repeating test names.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
ec632b01db relay: End circuitbuild logs with "." 
Consistent logs make testing easier.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
4f9f56be47 relay: Check for NULL arguments in circuitbuild 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
b10b287589 relay: Make circuitbuild functions STATIC 
Allow the circuitbuild_relay functions to be accessed by the unit tests.

Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
44f634d0be relay: Remove a redundant function return value 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
ca9565b9f7 relay: Split out opening a connection for an extend 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
2640030b10 relay: Refactor some long lines from circuit_extend() 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
5cb2bbea7d relay: Split link specifier checks from circuit_extend() 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
2563d74a5c relay: Split state checks out of circuit_extend() 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
beee9ca608 relay: Improve the comments on onionskin_answer() 
Part of 33633.
 2020-04-09 11:00:04 +10:00
teor
c9b674d511 relay: Protocol warn when a client gets an extend 
circuit_extend() may be called when a client receives an extend cell,
even if the relay module is disabled.

Log a protocol warning when the relay module is disabled.

Part of 33633.
 2020-04-09 10:59:51 +10:00