Commit Graph

4988 Commits

Author SHA1 Message Date
Karsten Loesing
4488c319dd Update geoip and geoip6 to the March 7 2017 database. 2017-03-08 09:41:35 +01:00
Nick Mathewson
552bc39c32 Merge branch 'bug21594_030_squashed' into maint-0.3.0 2017-03-07 08:05:16 -05:00
teor
93ede051c2 Remove delay in hidden service introduction point checks
Make hidden services with 8 to 10 introduction points check for failed
circuits immediately after startup. Previously, they would wait for 5
minutes before performing their first checks.

Fixes bug 21594; bugfix on commit 190aac0eab in Tor 0.2.3.9-alpha.
Reported by alecmuffett.
2017-03-07 08:04:57 -05:00
Nick Mathewson
85cf6dcba3 Stop declining to download microdescs with future published times.
This change is the only one necessary to allow future versions of
the microdescriptor consensus to replace every 'published' date with
e.g. 2038-01-01 00:00:00; this will save 50-75% in compressed
microdescriptor diff size, which is quite significant.

This commit is a minimal change for 0.2.9; future series will
reduce the use of the 'published' date even more.

Implements part of ticket 21642; implements part of proposal 275.
2017-03-06 15:37:01 -05:00
Nick Mathewson
333d5d0f2a Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.3.0 2017-03-04 20:23:38 -05:00
teor
e0486c9371
Make hidden services always check for failed intro point connections
Previously, they would stop checking when they exceeded their intro point
creation limit.

Fixes bug 21596; bugfix on commit d67bf8b2f2 in Tor 0.2.7.2-alpha.
Reported by alecmuffett.
2017-03-02 15:34:45 +11:00
teor
4b5cdb2c30
Fix a crash when a connection tries to open just after it has been unlinked
Fixes bug 21576; bugfix on Tor 0.2.9.3-alpha.
Reported by alecmuffett.
2017-03-02 11:10:30 +11:00
George Kadianakis
18a98206ed Improve descriptor checks in the new guard algorithm.
- Make sure we check at least two guards for descriptor before making
  circuits. We typically use the first primary guard for circuits, but
  it can also happen that we use the second primary guard (e.g. if we
  pick our first primary guard as an exit), so we should make sure we
  have descriptors for both of them.

- Remove BUG() from the guard_has_descriptor() check since we now know
  that this can happen in rare but legitimate situations as well, and we
  should just move to the next guard in that case.
2017-03-01 08:46:53 -05:00
teor
004ec8dc58
Restore support for test-network.sh on BSD and other systems without bash
(But use bash if it's available.)
This is a workaround until we remove bash-specific code in 19699.

Fixes bug 21581; bugfix on 21562, not in any released version of tor.
2017-03-01 11:40:54 +11:00
Nick Mathewson
3a60214f32 Merge remote-tracking branch 'public/bug21007_case2_030' into maint-0.3.0 2017-02-28 08:28:46 -05:00
Nick Mathewson
16f337e763 Merge branch 'bug21027_v2_squashed' into maint-0.3.0 2017-02-28 08:16:43 -05:00
Nick Mathewson
1582adabbb Change approach to preventing duplicate guards.
Previously I'd made a bad assumption in the implementation of
prop271 in 0.3.0.1-alpha: I'd assumed that there couldn't be two
guards with the same identity.  That's true for non-bridges, but in
the bridge case, we allow two bridges to have the same ID if they
have different addr:port combinations -- in order to have the same
bridge ID running multiple PTs.

Fortunately, this assumption wasn't deeply ingrained: we stop
enforcing the "one guard per ID" rule in the bridge case, and
instead enforce "one guard per <id,addr,port>".

We also needed to tweak our implementation of
get_bridge_info_for_guard, since it made the same incorrect
assumption.

Fixes bug 21027; bugfix on 0.3.0.1-alpha.
2017-02-28 08:16:33 -05:00
Nick Mathewson
eef8bd4d3c Merge remote-tracking branch 'teor/feature21570-030' into maint-0.3.0 2017-02-27 11:36:39 -05:00
Nick Mathewson
c51919b0da Merge branch 'bug21369_check_029_squashed' into maint-0.3.0 2017-02-27 11:25:34 -05:00
Nick Mathewson
6747c62386 Merge branch 'bug21420_029_squashed' into maint-0.3.0 2017-02-27 11:20:39 -05:00
Nick Mathewson
f6e5a658df Revise the logic for picking the start time for link certs
Since 0.2.4.11-alpha (in 0196647970) we've tried to randomize
the start time to up to some time in the past.  But unfortunately we
allowed the start time to be in the future as well, which isn't
really legit.

The new behavior lets the start time be be up to
MAX(cert_lifetime-2days, 0) in the past, but never in the future.

Fixes bug 21420; bugfix on 0.2.4.11-alpha.
2017-02-27 11:19:54 -05:00
Nick Mathewson
2b3518b81f Merge remote-tracking branch 'teor/bug20711' into maint-0.3.0 2017-02-27 11:00:02 -05:00
teor
73879aa5b6
Use bash in src/test/test-network.sh
This ensures we reliably call chutney's newer tools/test-network.sh when
available.

Fixes bug 21562; bugfix on tor-0.2.9.1-alpha.
2017-02-28 02:13:56 +11:00
teor
fb32c52232
Log tor warnings during 'make test-network-all'
Requires the chutney changes from 21572.
(Otherwise, asks users to upgrade their chutney.)

Implements 21570.
2017-02-28 02:01:37 +11:00
Nick Mathewson
ee5471f9aa Try to check for (and prevent) buffer size INT_MAX overflow better.
Possible fix or diagnostic for 21369.
2017-02-27 10:01:27 -05:00
Nick Mathewson
b6efd77ec4 Merge remote-tracking branch 'public/bug21472_030' into maint-0.3.0 2017-02-27 08:38:14 -05:00
David Goulet
4ed10e5053 hs: Fix bad use of sizeof() when encoding ESTABLISH_INTRO legacy cell
When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() on a
pointer instead of using the real size of the destination buffer leading to an
overflow passing an enormous value to the signing digest function.
Fortunately, that value was only used to make sure the destination buffer
length was big enough for the key size and in this case it always was because
of the overflow.

Fixes #21553

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-24 11:36:36 -05:00
Nick Mathewson
5e08fc8557 Also allow C_MEASURE_TIMEOUT circuits to lack guard state.
Fixes a case of 21007; bugfix on 0.3.0.1-alpha when prop271 was
implemented. Found by toralf.
2017-02-24 11:12:21 -05:00
Nick Mathewson
4d3310932a Small fixes to fuzzing documentation. 2017-02-24 10:57:58 -05:00
Nick Mathewson
aec45bc0b1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-02-17 17:10:47 -05:00
Nick Mathewson
823fb68a14 Remove a redundant check in ..transition_affects_guards()
scan-build found that we we checking UseEntryGuards twice.

Fixes bug 21492.
2017-02-17 11:47:25 -05:00
David Goulet
3336f26e60 hs: Avoid a strlen(NULL) if descriptor is not found in cache
Instead of returning 404 error code, this led to a NULL pointer being used and
thus a crash of tor.

Fixes #21471

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-15 10:27:41 -05:00
Nick Mathewson
39af9fc2b7 Merge branch 'bug21447' 2017-02-15 08:08:25 -05:00
Nick Mathewson
62f98ad485 Merge branch 'maint-0.2.9' 2017-02-15 07:58:15 -05:00
Nick Mathewson
cb6b3b7cad Limit version numbers to 0...INT32_MAX.
Closes 21450; patch from teor.
2017-02-15 07:57:34 -05:00
Nick Mathewson
71cd68b66b Merge branch 'maint-0.2.8' of git-rw.torproject.org:/tor into maint-0.2.8 2017-02-15 07:51:57 -05:00
Nick Mathewson
76d79d597a Merge branch 'maint-0.2.9' 2017-02-15 07:48:42 -05:00
Nick Mathewson
5d88267bf4 Merge branch 'bug21278_extra_029' into maint-0.2.9 2017-02-15 07:48:30 -05:00
Nick Mathewson
ec6b5a098d Merge branch 'bug21278_redux_029_squashed' into maint-0.2.9 2017-02-15 07:48:18 -05:00
Nick Mathewson
eeb743588a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-15 07:48:10 -05:00
Nick Mathewson
1ebdae6171 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-15 07:47:28 -05:00
Nick Mathewson
ed806843dc Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-15 07:47:21 -05:00
Nick Mathewson
3781f24b80 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-15 07:47:12 -05:00
Nick Mathewson
a452b71395 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-15 07:47:04 -05:00
Nick Mathewson
02e05bd74d When examining descriptors as a dirserver, reject ones with bad versions
This is an extra fix for bug 21278: it ensures that these
descriptors and platforms will never be listed in a legit consensus.
2017-02-15 07:46:34 -05:00
Nick Mathewson
dec7dc3d82 Merge remote-tracking branch 'dgoulet/ticket20656_030_01' 2017-02-14 19:15:10 -05:00
Nick Mathewson
7e469c1002 Merge branch 'bug20894_029_v3' 2017-02-14 19:10:20 -05:00
Nick Mathewson
491348cb8c Rename make fuzz to make test-fuzz-corpora 2017-02-14 18:04:10 -05:00
Nick Mathewson
ff088ea7d7 fixup! Don't atoi off the end of a buffer chunk.
Credit AFL in the changes file.
2017-02-14 16:44:58 -05:00
Nick Mathewson
c4f2faf301 Don't atoi off the end of a buffer chunk.
Fixes bug 20894; bugfix on 0.2.0.16-alpha.

We already applied a workaround for this as 20834, so no need to
freak out (unless you didn't apply 20384 yet).
2017-02-14 16:38:47 -05:00
Nick Mathewson
9f71fde146 changes file for removing compare-by-subtraction pattern 2017-02-14 16:32:59 -05:00
Nick Mathewson
194e31057f Avoid integer underflow in tor_version_compare.
Fix for TROVE-2017-001 and bug 21278.

(Note: Instead of handling signed ints "correctly", we keep the old
behavior, except for the part where we would crash with -ftrapv.)
2017-02-14 16:10:27 -05:00
David Goulet
3f005c0433 protover: Add new version for prop224 for HSIntro/HSDir
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-14 10:51:18 -05:00
Nick Mathewson
dca8ae5cfa Merge remote-tracking branch 'dgoulet/bug21116_030_01' 2017-02-13 15:56:01 -05:00
Roger Dingledine
635c5a8a92 be sure to remember the changes file for #20384 2017-02-13 15:22:36 -05:00
Nick Mathewson
d9827e4729 Merge branch 'maint-0.2.9' 2017-02-13 14:41:43 -05:00
Nick Mathewson
a86f95df5c Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-13 14:38:03 -05:00
Nick Mathewson
9b90d515a9 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-13 14:37:55 -05:00
Nick Mathewson
75fe218b16 Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-13 14:37:49 -05:00
Nick Mathewson
43c18b1b7a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-13 14:37:42 -05:00
Nick Mathewson
124062e843 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-13 14:37:01 -05:00
Karsten Loesing
f6016058b4 Update geoip and geoip6 to the February 8 2017 database. 2017-02-12 15:56:31 +01:00
David Goulet
e129393e40 test: Add missing socket errno in test_util.c
According to 21116, it seems to be needed for Wheezy Raspbian build. Also,
manpage of socket(2) does confirm that this errno value should be catched as
well in case of no support from the OS of IPv4 or/and IPv6.

Fixes #21116

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-08 09:00:48 -05:00
Nick Mathewson
4bce2072ac Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 10:39:03 -05:00
Nick Mathewson
8a1f0876ed Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-02-07 10:38:05 -05:00
Nick Mathewson
f2a30413a3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 10:37:53 -05:00
Nick Mathewson
2ce4330249 Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5 2017-02-07 10:37:43 -05:00
Nick Mathewson
c056d19323 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 10:37:31 -05:00
Nick Mathewson
3f5a710958 Revert "Revert "Add hidserv-stats filname to our sandbox filter""
This reverts commit 5446cb8d3d.

The underlying revert was done in 0.2.6, since we aren't backporting
seccomp2 loosening fixes to 0.2.6.  But the fix (for 17354) already
went out in 0.2.7.4-rc, so we shouldn't revert it in 0.2.7.
2017-02-07 10:13:20 -05:00
Nick Mathewson
e91bb84a91 Merge branch 'maint-0.2.6' into maint-0.2.7-redux
maint-0.2.7-redux is an attempt to try to re-create a plausible
maint-0.2.7 branch.  I've started from the tor-0.2.7.6, and then I
merged maint-0.2.6 into the branch.

This has produced 2 conflicts: one related to the
rendcommon->rendcache move, and one to the authority refactoring.
2017-02-07 09:59:12 -05:00
Nick Mathewson
457d38a6e9 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2017-02-07 09:48:19 -05:00
Nick Mathewson
5446cb8d3d Revert "Add hidserv-stats filname to our sandbox filter"
Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.

This reverts commit 2ec5e24c58.
2017-02-07 09:28:50 -05:00
Nick Mathewson
ea2f08ac7f (this already went in to 0.3.0.3-alpha) 2017-02-07 09:27:37 -05:00
Nick Mathewson
51dc284088 Merge branch 'maint-0.2.9' 2017-02-07 09:27:22 -05:00
Nick Mathewson
a271ad2a7e changes file for 21280 2017-02-07 09:27:17 -05:00
Nick Mathewson
9379984128 Merge branch 'teor_bug21357-v2_029' into maint-0.2.9 2017-02-07 09:24:08 -05:00
Nick Mathewson
dff390dcc7 Merge branch 'bug21108_029' into maint-0.2.9 2017-02-07 09:22:31 -05:00
Nick Mathewson
c6f2ae514e Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 09:18:54 -05:00
Nick Mathewson
b9ef21cf56 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 09:17:59 -05:00
Nick Mathewson
e4a42242ea Backport the tonga->bifroest move to 0.2.4.
This is a backport of 19728 and 19690
2017-02-07 09:15:21 -05:00
Nick Mathewson
115cefdeee Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 08:55:07 -05:00
Nick Mathewson
e6965f78b8 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:54:54 -05:00
Nick Mathewson
6b37512dc7 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:54:47 -05:00
Nick Mathewson
d6eae78e29 Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4 2017-02-07 08:47:11 -05:00
Nick Mathewson
8936c50d83 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:39:07 -05:00
Nick Mathewson
05ec055c41 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:38:59 -05:00
Nick Mathewson
51675f97d3 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 2017-02-07 08:37:07 -05:00
Nick Mathewson
332543baed Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:34:08 -05:00
teor (Tim Wilson-Brown)
fb7d1f41b4 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2017-02-07 08:33:39 -05:00
John Brooks
053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
a54b269c95 Start on an 0.3.0.3-alpha changelog 2017-02-03 10:50:36 -05:00
Nick Mathewson
bc9121d5c9 Merge branch 'bug21372_squashed' 2017-02-03 10:35:23 -05:00
Nick Mathewson
19e25d5cab Prevention: never die from extend_info_from_node() failure.
Bug 21242 occurred because we asserted that extend_info_from_node()
had succeeded...even though we already had the code to handle such a
failure.  We fixed that in 93b39c5162.

But there were four other cases in our code where we called
extend_info_from_node() and either tor_assert()ed that it returned
non-NULL, or [in one case] silently assumed that it returned
non-NULL. That's not such a great idea.  This patch makes those
cases check for a bug of this kind instead.

Fixes bug 21372; bugfix on 0.2.3.1-alpha when
extend_info_from_node() was introduced.
2017-02-03 10:35:07 -05:00
Nick Mathewson
0740d67e54 further lintchanges fixes 2017-02-03 10:24:40 -05:00
Nick Mathewson
9d5a9feb40 Merge branch 'dgoulet/bug21302_030_01_squashed' 2017-02-03 09:54:24 -05:00
David Goulet
eea763400f hs: Remove intro point expiring node if no circuit
Once a second, we go over all services and consider the validity of the intro
points. Now, also try to remove expiring nodes that have no more circuit
associated to them. This is possible if we moved an intro point object
previously to that list and the circuit actually timed out or was closed by
the introduction point itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:07 -05:00
Nick Mathewson
1ec429d07d Merge remote-tracking branch 'dgoulet/bug20980_030_01' 2017-02-03 09:44:31 -05:00
cypherpunks
27df23abb6 Use the standard OpenBSD preprocessor definition 2017-02-03 09:37:39 -05:00
Nick Mathewson
c103ce995b Fix all warnings from lintchanges 2017-02-03 09:34:10 -05:00
Nick Mathewson
0f79fb51e5 dirauth: Fix for calling routers unreachable for wrong ed25519
Previously the dirserv_orconn_tls_done() function would skip routers
when they advertised an ed25519 key but didn't present it during the
link handshake.  But that covers all versions between 0.2.7.2-alpha
and 0.2.9.x inclusive!

Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02 10:37:25 -05:00
Nick Mathewson
6777cd0a84 Merge remote-tracking branch 'public/bug21356_029' 2017-02-02 09:03:13 -05:00
Nick Mathewson
b11f00c153 Merge branch 'bug21294_030_01_squashed' 2017-02-02 08:48:20 -05:00
David Goulet
83df359214 config: Stop recommending Tor2web if in non anonymous mode
Because we don't allow client functionalities in non anonymous mode,
recommending Tor2web is a bad idea.

If a user wants to use Tor2web as a client (losing all anonymity), it should
run a second tor, not use it with a single onion service tor.

Fixes #21294.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 08:47:59 -05:00
Nick Mathewson
2d2ab29ce8 Merge remote-tracking branch 'asn/bug21052' 2017-02-01 15:53:16 -05:00
Nick Mathewson
ec1b8020d5 Merge remote-tracking branch 'dgoulet/bug21290_030_01' 2017-02-01 10:44:45 -05:00