Commit Graph

25317 Commits

Author SHA1 Message Date
David Goulet
52b7ae71b3 hs: ADD_ONION NEW:BEST now defaults to ED25519-V3
From RSA1024 (v2) to v3 now.

Closes #29669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-10-03 15:43:03 -04:00
George Kadianakis
9309eaf8ea Merge branch 'tor-github/pr/1377' 2019-10-03 19:13:57 +03:00
George Kadianakis
3778b97cab Merge branch 'tor-github/pr/1276' 2019-10-03 19:13:02 +03:00
Nick Mathewson
49d6990cae Unit tests for dirserv_reject_tor_version(). 2019-10-03 19:12:52 +03:00
Nick Mathewson
4d4e2abd2f Authorities reject relays running unsupported Tor release series.
Our minimum version is now 0.2.9.5-alpha.  Series 0.3.0, 0.3.1,
0.3.2, 0.3.3, and 0.3.4 are now rejected.

Also, extract this version-checking code into a new function, so we
can test it.

Closes ticket 31549.

Also reject 0.3.5.0 through 0.3.5.6-rc as unstable.
2019-10-03 19:12:46 +03:00
Nick Mathewson
065e467e7c bump to 0.4.2.2-alpha 2019-10-03 12:07:50 -04:00
Nick Mathewson
5fd137c482 Merge remote-tracking branch 'tor-github/pr/1358' 2019-10-03 09:11:49 -04:00
Nick Mathewson
de7fcae72a Merge remote-tracking branch 'tor-github/pr/1382' 2019-10-03 09:08:23 -04:00
Nick Mathewson
ac8f6d51f4 Unify backend implementations for blocking hostname lookup
We have a getaddrinfo() implementation that we prefer, and a
gethostbyname*() implementation that we fall back on.  Give them
both the same interface, and let them be called by the same name.

This is a preparatory step for making them both mockable.
2019-10-03 07:47:25 -04:00
Nick Mathewson
b2802ae3c3 util/map_anon_nofork: Add a cast to avoid passing -48 to memset
This fixes coverity CID 1454593, and bug 31948. Bug not in any
released version of Tor.
2019-10-03 07:21:25 -04:00
teor
3d17fafa04
control/control: Refactor some error handling code
Split some protocol error handling out of
connection_control_process_inbuf().

This refactor reduces the size of a practracker exception.

Closes 31840.
2019-10-03 11:35:42 +10:00
Nick Mathewson
bca30bcb90 Merge remote-tracking branch 'tor-github/pr/1374' 2019-10-02 19:19:11 -04:00
David Goulet
ca1f18c159 Merge branch 'tor-github/pr/1385' 2019-10-02 14:15:31 -04:00
David Goulet
014abf86e5 Merge branch 'tor-github/pr/1344' 2019-10-02 10:37:49 -04:00
Nick Mathewson
a74c180691 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-10-02 08:01:34 -04:00
Nick Mathewson
4dcbbe4166 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-10-02 08:01:34 -04:00
Nick Mathewson
c81e1e4542 Merge branch 'maint-0.4.1' 2019-10-02 08:01:34 -04:00
Nick Mathewson
7b9cb4c47b Merge branch 'maint-0.2.9' into maint-0.3.5 2019-10-02 08:01:33 -04:00
Karsten Loesing
90de776ea9 Update geoip and geoip6 to the October 1 2019 database. 2019-10-02 11:11:27 +02:00
teor
3f94441bfe
log: fix a typo in the function comment for log_fn_()
Closes 31923.
2019-10-02 12:12:26 +10:00
Nick Mathewson
2b825a1a2e Fix a crash bug in max_u16_in_sl()
The documentation for this function says that the smartlist can
contain NULLs, but the code only handled NULLs if they were at the
start of the list.

We didn't notice this for a long time, because when Tor is run
normally, the sequence of msg_id_t is densely packed, and so this
list (mapping msg_id_t to channel_id_t) contains no NULL elements.
We could only run into this bug:
  * when Tor was running in embedded mode, and starting more than once.
  * when Tor ran first with more pubsub messages enabled, and then
    later with fewer.
  * When the second run (the one with fewer enabled pubsub messages)
    had at least some messages enabled, and those messages were not
    the ones with numerically highest msg_id_t values.

Fixes bug 31898; bugfix on 47de9c7b0a
in 0.4.1.1-alpha.
2019-10-01 13:01:20 -04:00
Nick Mathewson
34bbdaf5d4 Add a test for max_u16_in_sl().
This test does not currently pass, because of bug 31898.
2019-10-01 13:01:20 -04:00
Nick Mathewson
f17591b8e5 Rename max_in_sl to max_in_u16_sl, and expose it as STATIC.
Since we want to make this function slightly more visible for testing
purposes, it needs a better name.
2019-10-01 13:01:20 -04:00
Nick Mathewson
39640728c3 Add comments to try to prevent recurrence of #31495.
There is a bad design choice in two of our configuration types,
where the empty string encodes a value that is not the same as the
default value.  This design choice, plus an implementation mistake,
meant that config_dup() did not preserve the value of routerset_t,
and thereby caused bug #31495.

This comment-only patch documents the two types with the problem,
and suggests that implementors try to avoid it in the future.

Closes ticket 31907.
2019-10-01 09:45:12 -04:00
George Kadianakis
e8e42f4af9 Help users who try to use v2 client auth in v3 onions. 2019-10-01 13:41:21 +03:00
teor
56d0655ed8 err: Remove a duplicate header in backtrace.c 2019-09-30 23:17:04 +10:00
teor
c23986246b err: Always lock the backtrace buffer before it is used
Fixes bug 31734; bugfix on 0.2.5.3-alpha.
2019-09-30 23:17:04 +10:00
Nick Mathewson
53116ca0b7 Re-run "make autostyle" with improved annotate_ifdef_directives 2019-09-30 08:57:37 -04:00
teor
db329522ef
log: When initialising log domain masks, only set known log domains
And add a runtime test that checks for unknown domains and flags.

Fixes bug 31854; bugfix on 0.2.1.1-alpha.
2019-09-30 22:05:00 +10:00
teor
25c5322dfe
log: Define count, boundary, and all macros for domains and flags
And do static checks on those macro definitions.

Part of 31854.
2019-09-30 22:04:03 +10:00
teor
4c88ebcf47
log: Remove duplicate code and an outdated comment
Preparation for 31854.
2019-09-30 22:03:59 +10:00
George Kadianakis
9318682109 Merge branch 'tor-github/pr/1346' 2019-09-30 13:56:51 +03:00
George Kadianakis
ae8d36db31 Merge branch 'tor-github/pr/1302' 2019-09-30 13:47:53 +03:00
George Kadianakis
fc760c5088 Merge branch 'tor-github/pr/1356' 2019-09-30 13:47:06 +03:00
George Kadianakis
4673cb8168 Merge branch 'tor-github/pr/1339' 2019-09-30 13:44:59 +03:00
teor
2420c8c936 test: Avoid a map_anon_nofork test failure on SunOS
This test failure happened due to a signed/unsigned integer
comparison.

This bug occurred on SunOS, it may also occur on other systems that
use signed char as the default. (And cast 1-byte integer constants
to an unsigned integer.)

Fixes bug 31897; bugfix on 0.4.1.1-alpha.
2019-09-30 14:54:56 +10:00
Nick Mathewson
194dbea24d Run "make autostyle" with new "annotate_ifdef_directives" 2019-09-26 15:52:45 -04:00
Nick Mathewson
ffd857bbe1 Merge remote-tracking branch 'tor-github/pr/1308' 2019-09-26 14:36:37 -04:00
teor
d1eab05834
lock: Avoid some undefined behaviour when freeing mutexes.
Fixes bug 31736; bugfix on 0.0.7.
2019-09-26 12:37:25 +10:00
teor
749c2e1761
log: explain why it is safe to leave the log mutex initialized
The log mutex is dynamically initialized, guarded by log_mutex_initialized.
We don't want to destroy it, because after it is destroyed, we won't see
any more logs.

If tor is re-initialized, log_mutex_initialized will still be 1. So we
won't trigger any undefined behaviour by trying to re-initialize the
log mutex.

Part of 31736, but committed in this branch to avoid merge conflicts.
2019-09-26 12:22:34 +10:00
teor
2f8a9a2db6
sandbox: Allow backtrace signals to be disabled
Part of 31614.
2019-09-26 12:22:30 +10:00
teor
315f14c709
backtrace: avoid undefined behaviour on re-initialisation
cb_buf_mutex is statically initialised, so we can not destroy it when
we are shutting down the err subsystem. If we destroy it, and then
re-initialise tor, all our backtraces will fail.

Part of 31736, but committed in this branch to avoid merge conflicts.
2019-09-26 12:07:25 +10:00
Nick Mathewson
40a22fb707 Merge remote-tracking branch 'tor-github/pr/1349' 2019-09-25 13:07:19 -04:00
George Kadianakis
01a797be4e Merge branch 'tor-github/pr/1334' 2019-09-25 14:19:02 +03:00
George Kadianakis
0a77e5f1c2 Merge branch 'tor-github/pr/1341' 2019-09-25 14:18:15 +03:00
George Kadianakis
09769779a0 Merge branch 'tor-github/pr/1357' 2019-09-25 14:17:35 +03:00
George Kadianakis
2199629648 Merge branch 'tor-github/pr/1345' 2019-09-25 14:14:30 +03:00
George Kadianakis
99f75373de Merge branch 'tor-github/pr/1309' 2019-09-25 14:12:42 +03:00
teor
d30a042fa8 test: Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes
In the unit tests and fuzzers.

Fixes bug 31334; bugfix on 0.2.5.2-alpha.
2019-09-25 16:40:09 +10:00
teor
1ad1e84b17 log: Move SEVERITY_MASK_IDX() to log.h
Move SEVERITY_MASK_IDX() to log.h private/unit tests section, so that
we can use it in log.c, the unit tests, and the fuzzers.

(The test and fuzzer code changes are in a subsequent commit.)

Preparation for bug 31334.
2019-09-25 16:37:07 +10:00
teor
0cb57a4908
feature/control: add a missing word to the send_control_done() comment 2019-09-24 15:08:37 +10:00
teor
dfea789203
log: Improve the documentation for tor_log_update_sigsafe_err_fds()
Part of 31839.
2019-09-24 15:04:03 +10:00
teor
ab7bfdf404
backtrace: Add a missing check for HAVE_PTHREAD_H before using mutexes
Fixes bug 31614; bugfix on 0.2.5.2-alpha.
2019-09-24 13:35:55 +10:00
teor
6b97a5a843
backtrace: Disable signal handlers in remove_bt_handler()
Fixes bug 31614; bugfix on 0.2.5.2-alpha.
2019-09-24 13:35:48 +10:00
teor
83fa962c1a
test: a file with no config options, at the end of an %include directory
(The file must contain whitespace or comments to trigger the bug.)

Regression test for 31408.
2019-09-24 11:10:50 +10:00
teor
876b3e2775
Merge branch 'bug31408_035' into bug31408_master 2019-09-24 11:07:38 +10:00
Roger Dingledine
e1429d9148 fix typo in comment 2019-09-23 18:32:05 -04:00
AmreshVenugopal
3e45260594 fix: Ticket #31589
- The function `decrypt_desc_layer` has a cleaner interface.
- `is_superencrypted_layer` changed from `int` -> `bool`

[ticket details](https://trac.torproject.org/projects/tor/ticket/31589)

add(changes/*): changes file
fix(src/features/hs): is_superencrypted changed from `int` -> `bool`
fix(changes/ticket31589): header
add(changes/ticket31589): subsystem(onion services) to change
2019-09-23 23:52:01 +05:30
Daniel Pinto
15490816da
Fix bug when %including folder with comment only files. #31408
When processing a %included folder, a bug caused the pointer to
the last element of the options list to be set to NULL when
processing a file with only comments or whitepace. This could
cause options from other files on the same folder to be
discarded depending on the lines after the affected %include.
2019-09-23 10:39:08 +10:00
Nick Mathewson
c309169217 microdesc_parse: convert some ints to bools
Noted by ahf during review of #31675
2019-09-19 14:37:24 -04:00
Nick Mathewson
194884977c microdesc_parse: Rename "next" label to "err". 2019-09-19 14:37:24 -04:00
Nick Mathewson
2094796c24 Reindent microdesc_parse_fields().
I suggest reviewing this with -b: it should be whitespace-only.
2019-09-19 14:37:24 -04:00
Nick Mathewson
ec368409fa Extract field-parsing code for microdesc_parse.c
The code here parses the fields from the microdescriptor, including
possible annotations, and stores them into a microdesc_t object.

This commit is almost pure code movement; I recommend using
--color-moved to review it.
2019-09-19 14:37:24 -04:00
Nick Mathewson
b1552e8814 Reindent microdesc_extract_body().
This commit is whitespace-only; I suggest reviewing with -b.
2019-09-19 14:37:24 -04:00
Nick Mathewson
9cbc166ea0 Extract the body-copying portion of microdesc parsing
This code is logically independent of the rest of the function, and
goes better in its own function.

This is almost purely code movement; I suggest reviewing with
--color-moved.
2019-09-19 14:37:24 -04:00
Nick Mathewson
6f3f93d86c bump to 0.4.1.6-dev 2019-09-19 08:52:15 -04:00
teor
69a1f9c8a7
test: test dirserv_router_has_valid_address() with DirAllowPrivateAddresses
Part of 31793.
2019-09-19 16:19:19 +10:00
teor
c2ceede376
test: refactor dirserv_router_has_valid_address() tests
Cleanup after 31793.
2019-09-19 16:19:16 +10:00
teor
03c2b1be8d
dirauth: reorder the checks in dirserv_router_has_valid_address()
To avoid a bug warning.

Fixes 31793. Bug not in any release, no changes file required.
2019-09-19 16:19:12 +10:00
teor
46fea1dfee
test: dirserv_router_has_valid_address() with zero-family addresses
Sometimes tor doesn't initialise an address, so its family is zero.

Failing test for 31793. Future commits will fix the code.
2019-09-19 16:19:04 +10:00
Nick Mathewson
37c616aeaf Merge branch 'bug31466_035' into bug31466_042 2019-09-18 15:48:25 -04:00
Nick Mathewson
bf4a27c0ea Merge branch 'bug31466_029' into bug31466_035_tmp 2019-09-18 15:42:40 -04:00
Nick Mathewson
f0e4120996 Add a rate-limit to our warning about the disabled .exit notation
This warning would previously be given every time we tried to open a
connection to a foo.exit address, which could potentially be used to
flood the logs.  Now, we don't allow this warning to appear more
than once every 15 minutes.

Fixes bug 31466; bugfix on 0.2.2.1-alpha, when .exit was first
deprecated.
2019-09-18 15:38:33 -04:00
Nick Mathewson
4bbefc2aac Merge branch 'bug30916_035' into bug30916_041 2019-09-18 11:19:41 -04:00
Nick Mathewson
2da4d64a64 Avoid a crash if our "current" and "old" ntor onion keys are equal
Our dimap code asserts if you try to add the same key twice; this
can't happen if everything is running smoothly, but it's possible if
you try to start a relay where secret_onion_key_ntor is the same as
secret_onion_key_ntor.old.

Fixes bug 30916; bugfix on 0.2.4.8-alpha when ntor keys were
introduced.
2019-09-18 11:14:45 -04:00
Nick Mathewson
1e9488f2fd Extract expressions in construct_ntor_key_map()
No behavioral change here: this is just refactoring.
2019-09-18 11:12:43 -04:00
Nick Mathewson
d6d3e829dd Merge branch 'maint-0.4.1' 2019-09-18 08:07:56 -04:00
Nick Mathewson
70bcff6010 Merge branch 'bug31772_041' into maint-0.4.1 2019-09-18 08:07:50 -04:00
Nick Mathewson
5f00c03ed0 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-09-17 21:28:38 -04:00
Nick Mathewson
9e674d0eb4 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-09-17 21:28:37 -04:00
Nick Mathewson
02840169d8 Merge remote-tracking branch 'tor-github/pr/1300' into maint-0.3.5 2019-09-17 21:28:29 -04:00
Nick Mathewson
25af8ada30 Correct the syntax description for the MAPADDRESS command.
In 0.4.1.1-alpha I introduced a bug where we would require and
ignore a single positional argument.

Fixes bug 31772.
2019-09-17 19:26:45 -04:00
Nick Mathewson
a3342b382a Bump version to 0.4.1.6 2019-09-17 19:11:56 -04:00
Nick Mathewson
c6f7943269 Merge branch 'bug31570_041' into maint-0.4.1 2019-09-17 19:04:25 -04:00
Nick Mathewson
50f981719f Merge branch 'maint-0.4.0' into maint-0.4.1 2019-09-17 18:58:44 -04:00
Nick Mathewson
ef35435584 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-09-17 18:58:43 -04:00
Nick Mathewson
dc41e6a80c Merge remote-tracking branch 'tor-github/pr/1307' into maint-0.3.5 2019-09-17 18:58:06 -04:00
Nick Mathewson
cec42be570 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-09-17 18:56:52 -04:00
Nick Mathewson
ab74c3560a Merge branch 'ticket31552_041' into maint-0.4.1 2019-09-17 18:54:05 -04:00
Nick Mathewson
2d744de355 Correct a comment in channel_tls_process_cell. 2019-09-17 11:42:19 -04:00
Nick Mathewson
7f5c6a603c Move PROCESS_CELL macros outside of channel_tls_process_cell().
These macros are used in multiple functions, and as such really
don't belong within a single function.

Also #undef them once we are done with them.

This change makes practracker pass again.
2019-09-17 11:40:14 -04:00
Nick Mathewson
75d3c08219 bump to 0.4.2.1-alpha-dev 2019-09-17 11:36:43 -04:00
Nick Mathewson
4d7ce27105 Merge branch 'bug31107_041' into bug31107_master 2019-09-17 09:16:53 -04:00
Nick Mathewson
6ee19e57c2 Merge branch 'bug31107_040' into bug31107_041 2019-09-17 09:16:52 -04:00
Nick Mathewson
da8ba5010b Merge branch 'bug31107_035' into bug31107_040 2019-09-17 09:16:52 -04:00
Nick Mathewson
7589995111 Merge branch 'maint-0.3.5' into bug31107_035 2019-09-17 09:16:52 -04:00
Nick Mathewson
3c97ab3c24 Treat an unexpected constant-sized VERSIONS cell as a PROTOCOL_WARN.
We previously used tor_fragile_assert() to declare that this case
could not happen: VERSIONS cells are always supposed to be
variable-sized, right?

This is incorrect, though.  On a v1 link protocol connection, all
cells are fixed-sized.  There aren't supposed to be any VERSIONS
cells with this version of the protocol, but apparently, somebody
was messing up.  (The v1 link protocol is obsolete, so probably the
implementer responsible didn't mean to be using it.)

Fixes bug 31107.  Bugfix on 0.2.4.4-alpha, when we introduced a
tor_fragile_assert() for this case.
2019-09-17 09:13:25 -04:00
George Kadianakis
585eaa123f Merge branch 'tor-github/pr/1323' 2019-09-17 14:51:43 +03:00
Nick Mathewson
a28a682a1f bump version to 0.4.2.1-alpha 2019-09-16 16:24:24 -04:00
Nick Mathewson
68a0106bf3 Run "make autostyle" and fix wide lines. 2019-09-16 13:27:42 -04:00
Nick Mathewson
8ad419744f On windows, allow failures in test_parseconf.sh
There seems to be some unreliability issue with this test on
appveyor.

Addresses ticket 31757; This isn't a final fix for this issue, but
it should make CI pass.
2019-09-16 11:01:03 -04:00
Nick Mathewson
a1694b7363 Fix a shellcheck warning in test_parseconf.sh.
I wonder why this didn't show up before.
2019-09-16 09:22:43 -04:00
George Kadianakis
cd72850e08 Merge branch 'tor-github/pr/1316' 2019-09-16 15:22:18 +03:00
George Kadianakis
5ec751b38b Merge branch 'tor-github/pr/1324' 2019-09-16 15:21:28 +03:00
George Kadianakis
a1192b6b4a Merge branch 'tor-github/pr/1273' 2019-09-16 15:20:25 +03:00
George Kadianakis
bdd17da9fd Merge branch 'tor-github/pr/1318' 2019-09-16 15:19:38 +03:00
Nick Mathewson
11cf4d9c3a test_parseconf.sh: On --dump-config failure, --verify-config 2019-09-14 19:00:41 -04:00
Nick Mathewson
7e9ee3a58d Add a test with many non-default options. 2019-09-14 19:00:41 -04:00
Nick Mathewson
617679df42 Add a few error test cases 2019-09-14 19:00:41 -04:00
Nick Mathewson
80e858e3e6 Add an integration test for %include. 2019-09-14 19:00:41 -04:00
Nick Mathewson
28025698a1 test_parseconf: run each test from inside its directory.
We need this to test includes and relative paths.
2019-09-14 19:00:41 -04:00
Nick Mathewson
850a00dc07 Add test for +Option, /Option, and Option
Here we use these directives to replace, extend, or clear values in
torrc.defaults and in torrc.
2019-09-14 19:00:41 -04:00
Nick Mathewson
2f7be9620b Move our first 3 example conf_examples to named directories
I'm not planning to use "example" as the name for all of them, but
these first three _are_ simple examples.
2019-09-14 19:00:41 -04:00
Nick Mathewson
7c7e8402b5 Add a test script to try parsing and encoding Tor configurations
This script takes a set of example torrcs and command-lines from
src/test/conf_examples.  If a success is expected, it runs "tor
--dump-config" and compares the result with the one we expect.  If a
failure is expected, it runs "tor --verify-config" and greps for the
error we expect.
2019-09-14 19:00:41 -04:00
Nick Mathewson
bfc5f09979 Detect overflow or underflow on double config values.
Any floating point value too positive or negative to distinguish
from +/-Inf, or too small to distinguish from +/-0, is an
over/underflow.
2019-09-13 18:26:16 -04:00
David Goulet
286b129b09 Merge branch 'tor-github/pr/1319' 2019-09-12 13:53:59 -04:00
David Goulet
c39c9ce26b Merge branch 'tor-github/pr/1285' 2019-09-12 13:47:09 -04:00
George Kadianakis
028733e8b6 Merge branch 'tor-github/pr/1303' 2019-09-12 18:09:35 +03:00
George Kadianakis
3aaa4d416b Merge branch 'tor-github/pr/1299' 2019-09-12 18:08:00 +03:00
Nick Mathewson
c3b1a25d46 Workaround for GCC "note" about "variable tracking size limit"
GCC complains that we are using too many variables here, probably
because of the sheer number of locals used for our tinytest macros.
Eventually we should fix that (see 30968), but this commit just
makes the "note" go away by splitting the test function into two.
2019-09-12 18:07:47 +03:00
Nick Mathewson
261ec900db Remove variable declarations from macros in test_addr_parse()
Instead, put them in the function itself.

This is an attempt to fix the gcc warning about the "variable
tracking size limit exceeded".
2019-09-12 18:07:47 +03:00
Nick Mathewson
34bab120df Ticket 31687: fix for tor_isinf() as well
tor_isinf() was new in 0.4.0, and also needs to look at the
same rules as clamp_double_to_i64()
2019-09-12 09:53:13 -04:00
Nick Mathewson
0327f9a075 Merge branch 'ticket31687_035' into ticket31687_040 2019-09-12 09:51:04 -04:00
Nick Mathewson
87944cecfc Merge remote-tracking branch 'tor-github/pr/1300' 2019-09-12 08:50:09 -04:00
Nick Mathewson
ded6d9fcb4 Run test_operator_cleanup on our unit tests
Coccinelle doesn't understand it when we use "==" and "!=" and so on as
arguments to macros.  To solve this, we prefer OP_EQ, OP_NE, and so
on.

This commit is automatically generated by running
./scripts/coccinelle/test_operator_cleanup over all of the source
code in src.
2019-09-11 18:47:19 -04:00
Nick Mathewson
ae6e60281c Update include.am files to refer to new location of confparse.[ch]
Tests should now pass again.
2019-09-11 10:22:01 -04:00
Nick Mathewson
a90d1918af Update #includes to point to confparse.h in its new location.
This commit was automatically generated by running
scripts/maint/rectify_include_paths.py .
2019-09-11 10:17:20 -04:00
Nick Mathewson
87ca9e4d2a Move confparse.[ch] into src/lib/confmgt/
This commit only does code movement, and does not clean up after
itself.  As such, it will break compilation.  I'm separating it for
ease of review.
2019-09-11 10:16:10 -04:00
Nick Mathewson
bf8c3164b6 Add new entries to lib/confmgt ".may_include" file
confparse.[ch] will need these; checkIncludes confirms that we have
not introduced a cycle.
2019-09-11 10:13:57 -04:00
David Goulet
41261c3b5c Merge branch 'tor-github/pr/1296' 2019-09-11 09:42:31 -04:00
Nick Mathewson
478141e617 Document inconsistent usage of config_var_is_listable()
See also ticket 31654.
2019-09-11 09:42:19 -04:00
Nick Mathewson
e61bfd0bfd Extract common list of flags to use for obsolete variables. 2019-09-11 09:42:19 -04:00
Nick Mathewson
fe5033d3b0 Clarify documentation on config_var_is_listable()
Here we make it clear we're only looking at listable variable names,
not at whether the variables themselves are gettable.

Also, remove an extraneous h.

(This commit is not a fixup, because of rebase conflicts.)
2019-09-11 09:42:19 -04:00
Nick Mathewson
14f48cb083 Add test_cmdline.sh to distribution. 2019-09-11 09:42:19 -04:00
Nick Mathewson
7a8ea0d3c3 integration test for --list-torrc-options
(This option tests our existing behavior, not necessarily the most
sensible behavior.)
2019-09-11 09:42:19 -04:00
Nick Mathewson
5ffe6ec0e3 Test: Make sure NOLIST options are not listed. 2019-09-11 09:42:19 -04:00
Nick Mathewson
bbd40e690e Revise documentation on CFLG_* flags 2019-09-11 09:42:19 -04:00
Nick Mathewson
0d6d96396c Remove all CVFLAG_* usage. 2019-09-11 09:42:19 -04:00
Nick Mathewson
5ca5d196ac Remove all VTFLAG_* usage. 2019-09-11 09:42:19 -04:00
Nick Mathewson
9b571d4729 confparse, conftypes: Replace flags with their new names.
The old names remain as #defines that cause variables to get one or
more flags.

Now every flag-testing function in confparse.c tests exactly one flag.
2019-09-11 09:42:19 -04:00
Nick Mathewson
1b3b6d9f2d Replace low-level {var_type,struct_var}_is_*() with flag inspection
Since the flags are now stored with compatible numbering, we can
just OR them together and see whether the flag we want is in the
result.

(Net code removal!)
2019-09-11 09:42:19 -04:00
Nick Mathewson
4b92f4c83a Re-number VTFLAG_* values so they don't conflict with CVFLAG_* 2019-09-11 09:42:19 -04:00
Nick Mathewson
c650ab8061 Move VTFLAG_* declarations to conftypes.h 2019-09-11 09:42:19 -04:00
Nick Mathewson
03e4183043 typed_var: Make flags into an unsigned OR of bits.
Using a bitfield here will enable us to unify the var_type_def_t flags
with the config_var_t flags.

(This commit does not yet do that unification, and does not yet
rename or refactor any flags.  It only changes booleans into bits.)
2019-09-11 09:42:19 -04:00
Nick Mathewson
4f6b592691 struct_var: refactor struct_var_is*() functions to delegate
Previously they checked the individual flags inside var_type_def_t;
now they call the appropriate var_type_is_*() functions.

(These functions will be removed entirely by the end of this branch.)
2019-09-11 09:42:19 -04:00
Nick Mathewson
7171ce2a2a config: make config_var_is_dumpable static. 2019-09-11 09:42:19 -04:00
Nick Mathewson
8d685aee7c config: rename "contained" to "derived", and explain it better.
Don't use "derived" directly, but check its implications for listing
and copying.
2019-09-11 09:42:19 -04:00
Nick Mathewson
668e3a7709 config: Introduce the concept of an "ungettable" variable.
We had though to make all obsolete and invisible variables
ungettable, so that GETCONF would reject them.  But it turns out
that this isn't the current behavior of GETCONF with those
variables.  So for now, I'm leaving the current behavior unchanged.
(See ticket 31647 for a proposal to change the behavior.)
2019-09-11 09:42:19 -04:00
Nick Mathewson
3bf38ffff5 Document config_var_is_dumpable and config_var_is_settable. 2019-09-11 09:42:19 -04:00
David Goulet
049705fc1c Merge branch 'tor-github/pr/1311' 2019-09-11 09:36:28 -04:00
George Kadianakis
3b32f2508c Merge branch 'tor-github/pr/1307' 2019-09-11 16:19:21 +03:00
Nick Mathewson
0891a31ad3 madvise: tolerate EINVAL and ENOSYS when minherit fails
These errors can occur if we are built on a system with support for
madvise(MADV_NOFORK) but then we are run on a system whose kernel
does not support that flag.

If the error is something that we don't tolerate at all, we now log
it before crashing.

Fixes bug 31696.  I am calling this a bugfix on 0.4.1.1-alpha, where
we actually started using the map_anon code.

This is similar to, but not the same as, the fix for #31570.
2019-09-11 09:13:50 -04:00
Nick Mathewson
9d60495903 Use strtod, not atof, for parsing doubles in the configuration.
This lets us detect erroneous doubles, which previously we could not
do.

Fixes bug 31475; bugfix on commit 00a9e3732e, a.k.a svn:r136.
2019-09-10 19:01:32 -04:00
Nick Mathewson
97f7efa9e3 pf: when extracting an IPv6 address, make sure we got an IPv6 address
Our code assumes that when we're configured to get IPv6 addresses
out of a TRANS_PF transparent proxy connection, we actually will.
But we didn't check that, and so FreeBSD started warning us about a
potential NULL pointer dereference.

Fixes part of bug 31687; bugfix on 0.2.3.4-alpha when this code was
added.
2019-09-10 11:07:25 -04:00
Nick Mathewson
51475aee57 fp.c: Suppress float-conversion warnings on FreeBSD.
We used to do this on Windows only, but it appears to affect
multiple platforms when building with certain versions of GCC, and a
common pattern for defining the floating-point classifier functions.

Fixes part of 31687. I'm calling this a bugfux on 31687, when we
started suppressing these warnings on Windows.
2019-09-10 10:55:44 -04:00
Nick Mathewson
e7d7e04155 Do not look inside bogus microdesc when listing its digest as invalid
We have code in microdescs_parse_from_string() to record the digests
of microdescriptors that we could not parse.  But right now, that
code looks at the md->digest field, which is a bit inelegant, and
will stand in the way of sensible refactoring.

Instead, use a local variable to hold the digest.
2019-09-10 09:10:49 -04:00
Nick Mathewson
7282213bd3 Extract saved_location_to_string() from microdesc parsing.
We may be able to use this function in other places in the future;
if so, we should move it to somewhere more useful.

Part of 31675.
2019-09-10 09:10:49 -04:00
Nick Mathewson
d8ef6b1548 Add a unit test for ed25519 identity parsing in microdescriptors
This test makes sure that we parse ed25519 identities to get the
correct data from them.  It also tests:

   * That a microdescriptor may not have two ed25519 identities.
   * That a microdescriptor may not have an ed25519 identity that is
     not a valid base64-encoded ed25519 key.
   * That a microdescriptor may have an unrecognized identity type.

It will help test the refactoring of ticket31675.
2019-09-10 09:10:49 -04:00
teor
39c7f46d36
main: add some newlines to the subsystem list, for readability 2019-09-10 09:06:36 +10:00
teor
5fa75a6cd4
main: remove level number comments from the subsystem list (master)
Part of 31615.
2019-09-10 09:04:38 +10:00
teor
987768b077
Merge branch 'bug31615_041' into bug31615_master
Merged modified lines from bug31615_041, and unmodified lines
from master.
2019-09-10 09:03:37 +10:00
teor
f1c57cd1e5
main: remove level number comments from the subsystem list (0.4.1)
Part of 31615.
2019-09-10 08:44:35 +10:00
teor
7e22d99346
Merge branch 'bug31615_040' into bug31615_041
Merged modified lines from bug31615_040, and unmodified lines
from maint-0.4.1.
2019-09-10 08:43:13 +10:00
teor
2e2a35b694 main: remove level number comments from the subsystem list (0.4.0)
These levels get out of date really easily: we'll implement a level
dump command in tor in 31614.

They also cause conflicts and inconsistencies when merging forward
level changes.

Part of 31615.
2019-09-10 08:35:56 +10:00
David Goulet
409df19b5a build: The <sys/sysctl.h> is now deprecated on Linux
Closes #31673
2019-09-09 17:07:08 -04:00
David Goulet
484710f25b build: The <sys/sysctl.h> is now deprecated on Linux
Closes #31673
2019-09-09 17:05:23 -04:00
Nick Mathewson
6846d14868 Merge branch 'ticket30924_042_04_squashed_merged' 2019-09-09 12:35:27 -04:00
Nick Mathewson
a642a4cbd7 Merge branch 'ticket30924_042_04_squashed' into ticket30924_042_04_squashed_merged 2019-09-09 11:10:53 -04:00
David Goulet
622c2c7884 hs-v3: Rename validation function in hs_intropoint.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-09-09 11:07:51 -04:00
David Goulet
385f6bcfcc hs-v3: Move DoS parameter check against 0
Move it outside of the validation function since 0 is a valid value but
disables defenses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-09-09 11:07:36 -04:00
David Goulet
f16fc262e5 Merge branch 'tor-github/pr/1298' 2019-09-09 11:05:51 -04:00
David Goulet
1e7c7870e8 Merge branch 'tor-github/pr/1287' 2019-09-09 10:51:19 -04:00
teor
1609916c79
log: Close log and err file descriptors before aborting
Part of 31594.
2019-09-09 14:56:42 +10:00
teor
a22fbab986
log: Don't close file log fds that are being used by the err module
Instead, dup() file log fds, before passing them to the err module.

Closes 31613, part of 31594.
2019-09-09 14:56:28 +10:00
teor
d02ced4caf
torerr: Close sigsafe fds on shutdown
And clear the list of error fds.

Part of 31594.
2019-09-09 14:56:17 +10:00
teor
612b0a4139 subsys: Make the subsystem init order match the module dependencies
Fix levels for subsystems that depend on log/err
* winprocess (security) doesn't use err:
  * call windows process security APIs as early as possible
  * init err after winprocess
  * move wallclock so it's still after err
* network and time depend on log:
  * make sure that network and time can use logging.
  * init network and time after log

Add comments explaining the module init order.

Fixes bug 31615; bugfix on 0.4.0.1-alpha.
2019-09-06 16:58:53 +10:00
teor
670d402621 entrynodes: Make routine descriptor expiry notice logs less alarming
When tor is missing descriptors for some primary entry guards, make the
log message less alarming. It's normal for descriptors to expire, as long
as tor fetches new ones soon after.

Fixes bug 31657; bugfix on 0.3.3.1-alpha.
2019-09-06 16:43:14 +10:00
Nick Mathewson
a727d4a3a1 Remove unused struct_var_* functions.
These turned out to be unnecessary, so let's not keep them around
and let them start getting complicated.

Closes ticket 31630.
2019-09-05 15:24:54 -04:00
Nick Mathewson
16cf9424c1 config: Invert sense of _is_invisible, and rename to is_listable() 2019-09-05 11:32:32 -04:00
Nick Mathewson
22e7d33735 config: replace config_var_is_cumulative with is_replaced_on_set()
This change replaces the higher-level property check to match our
intended flag factoring.
2019-09-05 11:32:32 -04:00
George Kadianakis
545c21e23d Merge branch 'tor-github/pr/1295' 2019-09-05 17:13:29 +03:00
George Kadianakis
ddd01541b9 Merge branch 'tor-github/pr/1294' 2019-09-05 17:12:19 +03:00
George Kadianakis
fb56b4c2bf Merge branch 'tor-github/pr/1293' 2019-09-05 17:10:07 +03:00
George Kadianakis
c750ec20ab Merge branch 'tor-github/pr/1291' 2019-09-05 17:09:20 +03:00
George Kadianakis
c29f05b159 Merge branch 'tor-github/pr/1292' 2019-09-05 17:06:58 +03:00
George Kadianakis
cdd7e88970 Merge branch 'tor-github/pr/1261' 2019-09-05 17:02:53 +03:00
Neel Chauhan
0127888b06 Add tests for IPv6 exit policies on microdescriptors 2019-09-05 17:02:45 +03:00
Neel Chauhan
be4a60945d Check IPv6 exit policies on microdescriptors in node_exit_policy_rejects_all() 2019-09-05 17:02:45 +03:00
Nick Mathewson
eb909c4e43 config: note that some arguments are required. 2019-09-05 07:57:36 -04:00
teor
1203e137be
Merge commit '763fd0ad66' into maint-0.4.0
tor-github/pr/1174, but with the last commit re-worded to remove
the fixup, because fixups break our push rules.
2019-09-05 11:42:26 +10:00
Nick Mathewson
88839ab2ac Remove _ex suffix from typed_var_*_ex() functions.
Now that the variants of these functions that took config_line_t are
gone, there is no longer any reason for the remaining variants to
have "ex" at the end of their names.

This commit was made by running this perl script over all the files
in src/:

#!/usr/bin/perl -w -i -p

s{typed_var_(assign|free|encode|copy|eq|ok|kvassign|kvencode|mark_fragile)_ex}
 {typed_var_$1}g;
2019-09-04 15:01:49 -04:00
Nick Mathewson
161c392a4f typedvar: remove now-unused functions taking config_type_t.
These functions are no longer used.

Part of 31629.
2019-09-04 14:54:59 -04:00
Nick Mathewson
b3c2867715 Document fields of struct_magic_decl_t. 2019-09-04 14:23:19 -04:00
Nick Mathewson
3db56aeeb8 Document warn_deprecated_option(). 2019-09-04 14:23:19 -04:00
Nick Mathewson
39316da9b6 Document return value of config_mgr_add_format(). 2019-09-04 14:23:19 -04:00
Nick Mathewson
39dd2e2aa8 Document validate_fn_t as it stands.
Also document that it will be changed in a later branch.
2019-09-04 14:23:19 -04:00
Nick Mathewson
aeda598fd5 config_assign: Document CAL_* options.
These were sort of described in config_assign() documentation, but
not so well.
2019-09-04 14:23:19 -04:00
Nick Mathewson
577ea20b3a Document configuration and abbreviation types. 2019-09-04 14:23:19 -04:00
Nick Mathewson
3aba13f779 buffers: use ptrdiff_t to indicate offsets.
Previously we used int in some places and off_t for others.  Neither
is correct: ptrdiff_t is right for differences between pointers.
(off_t is only for offsets and sizes on the filesystem.)
2019-09-04 12:06:27 -04:00
Nick Mathewson
ec724fe8c8 rendclient: use ptrdiff, not off_t, for offset of DH field.
The off_t type is only useful for offsets on the filesystem.  For
in-memory offsets, use ptrdiff_t.
2019-09-04 12:06:27 -04:00
Nick Mathewson
b39ee42904 compat_compiler: fix documentation for STRUCT_VAR_P
Previously we had said that off_t was a reasonable type to hold the
result of offsetof().  That isn't so: ptrdiff_t is correct.
2019-09-04 12:06:27 -04:00
Nick Mathewson
dc199f40fb smartlist_pqueue: use ptrdiff_t instead of int for offsets.
This is technically correct, but should not matter in practice,
since we don't use this on any structs whose size exceeds INT_MAX.
2019-09-04 12:06:27 -04:00
Nick Mathewson
03ce67d378 config: explain CONFIG_TYPE_EXTENDED
Also add an explanation of a possible future refactoring where we
might remove the config_type_t enumeration entierly.

Fixes ticket 31624.

No changes file, since this is a comment-only change.
2019-09-04 11:54:42 -04:00
Nick Mathewson
870874fec8 config: Make CLEAR with a nonempty value into a nonfatal assertion.
When we parse a CLEAR line (e.g., "/OrPort" or /OrPort blah blah"),
we always suppress the value, even if one exists.  That means that
the block of code was meant to handle CLEAR lines didn't actually do
anything, since we previously handled them the same way as with
other empty values.

Closes ticket 31529.
2019-09-04 11:28:21 -04:00
Nick Mathewson
539158f2be config: use ptrdiff_t for all field-offset members.
Previously we used int here, but it is more correct to use
ptrdiff_t.  (This never actually matters for our code in practice,
since the structure we are managing here never exceed INT_MAX in
size.)
2019-09-04 10:50:09 -04:00
David Goulet
34f3fcef40 Merge branch 'tor-github/pr/1290' 2019-09-04 10:33:49 -04:00
Nick Mathewson
46a3820652 Merge remote-tracking branch 'tor-github/pr/1270' 2019-09-04 09:52:35 -04:00
Nick Mathewson
c683896b7c Update routerset reset test to use new mgr API. 2019-09-04 08:42:34 -04:00
Nick Mathewson
17a870a64b Merge branch 'ticket31240v2_merged_2' into ticket31240v2_merged_2_merged 2019-09-04 08:41:42 -04:00
teor
9c798dd5a5
torerr: Fix a comment typo and update the comment for format_number_sigsafe()
Closes 31612.
2019-09-04 14:06:58 +10:00
teor
193c74faf9
Merge branch 'bug31571_041' into bug31571_master 2019-09-04 13:57:39 +10:00
teor
abe1f4f23e
Merge branch 'bug31571_040' into bug31571_041 2019-09-04 13:57:36 +10:00
teor
0cee6f498c
Merge branch 'bug31571_035' into bug31571_040 2019-09-04 13:57:31 +10:00
teor
a836dd2530
Merge branch 'maint-0.3.5' into bug31571_035 2019-09-04 13:57:15 +10:00
teor
f311d0676c backtrace: Check the return values of snprintf() and strncpy()
We can't use strlcat() or strlcpy() in torerr, because they are defined
in string/compat_string.h on some platforms, and string uses torerr.

Part of 31571.
2019-09-04 13:51:22 +10:00
George Kadianakis
7fa624537c Merge branch 'tor-github/pr/1269' 2019-09-03 17:11:25 +03:00
Nick Mathewson
a617001fd4 Merge remote-tracking branch 'tor-github/pr/1279' 2019-09-03 09:47:25 -04:00
Nick Mathewson
52342327c7 madvise: tolerate EINVAL and ENOSYS
These errors can occur if we are built on a system with support for
madvise(MADV_NOFORK) but then we are run on a system whose kernel
does not support that flag.

If the error is something that we don't tolerate at all, we now log
it before crashing.

Fixes bug 31570.  I am calling this a bugfix on 0.4.1.1-alpha, where
we actually started using the map_anon code.
2019-09-02 14:49:53 -04:00
Nick Mathewson
01bda9bed1 Merge branch 'maint-0.4.1' 2019-09-02 14:11:32 -04:00
Nick Mathewson
e3a458e441 Merge branch 'ticket12399_035' into maint-0.4.1 2019-09-02 14:11:18 -04:00
rl1987
05fa1689eb Change loglevel of message 'Hash of session info was not as expected' 2019-09-02 14:09:39 -04:00
Neel Chauhan
d22ed05dc0 Space out the arguments to the cell functions in rend_process_relay_cell() 2019-08-30 18:58:00 -04:00
teor
a52a5e0099
Merge branch 'maint-0.3.5' into maint-0.4.0 2019-08-30 23:33:01 +10:00
teor
1132dc9f75
Merge remote-tracking branch 'tor-github/pr/1181' into maint-0.3.5 2019-08-30 23:24:05 +10:00
teor
b66712d85b
Merge remote-tracking branch 'tor-github/pr/1117' into maint-0.3.5 2019-08-30 23:22:18 +10:00
teor
4662cbec7b
Merge remote-tracking branch 'tor-github/pr/1114' into maint-0.3.5 2019-08-30 23:20:59 +10:00
teor
c55591825f
torerr: Try harder to flush raw assert messages before process termination
Some platforms (macOS, maybe others?) can swallow the last write before an
abort. This issue is probably caused by a race condition between write
buffer cache flushing, and process termination. So we write an extra
newline, to make sure that the message always gets through.

Fixes bug 31571; bugfix on 0.3.5.1-alpha.
2019-08-30 21:51:11 +10:00
teor
65a1d86491
torerr: Log the Tor backtrace version when a raw assertion fails
Part of 31571.
2019-08-30 21:51:07 +10:00
teor
743bc0028b
backtrace: Log the Tor backtrace version whenever we log a backtrace
Previously, we just logged it in the crash handler.

Part of 31571.
2019-08-30 21:51:03 +10:00
teor
e2a7d08aa7
backtrace: Always set a backtrace Tor version
We want to report the tor version, even on platforms that don't have
backtrace support (like Android).

This commit stores the backtrace Tor version, regardless of USE_BACKTRACE.

Preparation for 31571.
2019-08-30 21:50:57 +10:00
Nick Mathewson
fb0e8966f0 Stub more functions in dirvote headers to fix more of 31552. 2019-08-29 11:18:42 -04:00
Nick Mathewson
4256ee0d37 Stub out some more functions in dirvote/*.h, fix compilation.
This fixes LTO compilation for Android and -O0 compilation in
general, when --disable-module-dirauth is provided.

Fixes bug 31552; bugfix on 0.4.1.1-alpha.
2019-08-29 09:50:38 -04:00
Nick Mathewson
c281fa0da2 Describe clear_cfg_fn_t better. 2019-08-29 09:14:51 -04:00
David Goulet
960d989415 Merge branch 'tor-github/pr/1257' 2019-08-29 08:56:04 -04:00
David Goulet
7c99a4ddde Merge branch 'maint-0.4.1' 2019-08-29 08:55:58 -04:00
David Goulet
ff905f8e1e Merge branch 'tor-github/pr/1256' into maint-0.4.1 2019-08-29 08:55:31 -04:00
David Goulet
337b733cfc Merge branch 'tor-github/pr/1255' into maint-0.4.1 2019-08-29 08:55:27 -04:00
teor
063cf9cd23 string: macOS --enable-fragile-hardening uses safe string functions
Comment-only change.
2019-08-29 13:10:34 +10:00
teor
ec6fbf1ca6 nodelist: Use safe string functions in describe.c
Rewrite format_node_description() and router_get_verbose_nickname() to
use strlcpy() and strlcat(). The previous implementation used memcpy()
and pointer arithmetic, which was error-prone.

Closes ticket 31545. This is CID 1452819.
2019-08-29 13:09:08 +10:00
Nick Mathewson
1ef084c5fc test_confparse: verify that clearing a routerset sets it to NULL. 2019-08-28 12:28:17 -04:00
Nick Mathewson
f0c1f96adc Document configuration type definition functions for routerset_t
These functions are all used to implement the ROUTERSET_type_defn
object, which maps strings to and from routerset_t configuration
variables for the configuration module.
2019-08-28 12:23:36 -04:00
Nick Mathewson
2074fed664 Routerset config parsing: represent empty sets as NULL.
routerset_t has two representations of an empty routerset: NULL, and
a set containing no elements.  But some of our config code assumes
that empty routersets are represented as NULL.  So let's give it
what it assumes.

Fixes bug 31495. Bugfix on e16b90b88a76; but not in any released
Tor.
2019-08-28 11:53:28 -04:00
Nick Mathewson
04ab357df8 Remove extraneous "n" from comment in routerset.c 2019-08-28 11:39:31 -04:00
Nick Mathewson
b1d7ddfb02 Merge branch 'ticket31240v2' into ticket31240v2_merged_2 2019-08-28 09:46:59 -04:00
Nick Mathewson
a3e99c5f1e Add a test for clear_fn support in handling non-managed fields 2019-08-28 09:42:17 -04:00
Nick Mathewson
577e628743 Fix typo in a comment on config_mgr_get_obj_mutable() 2019-08-28 09:42:17 -04:00
Nick Mathewson
c967b5c9ba Add a test for dumping a compound configuration 2019-08-28 09:42:17 -04:00
Nick Mathewson
8db3859cc6 Simple tests for nested configuration formats
One test makes sure that the toplevel magic numbers are distinct.

One test makes sure that we can parse a configuration object
with two sub-objects.
2019-08-28 09:42:17 -04:00
Nick Mathewson
d9fe9f5ede Confmgr tests: test deprecations and abbreviations. 2019-08-28 09:42:17 -04:00
Nick Mathewson
e4162cdb38 Start on test cases for the multi-object feature of confmgr.
This test case, at this point, only constructs the confmgr object.
More code to come.
2019-08-28 09:42:17 -04:00
Nick Mathewson
cb5f8ace79 Tests for config_find_option_name()
Fix a bug in config_find_option_name() where it did not consider
the abbreviations table.
2019-08-28 09:42:17 -04:00
Nick Mathewson
aa3f0c4788 Add tests for variable-listing functions.
This discovered a bug related to an extra & in
config_mgr_list_deprecated_vars(): fix that.
2019-08-28 09:42:17 -04:00
Nick Mathewson
380d3ee168 Better explain config_clear_fn_t 2019-08-28 09:42:17 -04:00
Nick Mathewson
06da2c0d28 Document or_state_t.substates_ 2019-08-28 09:42:17 -04:00
Nick Mathewson
3af1cee6d9 Document or_options_t.subconfigs_ 2019-08-28 09:42:17 -04:00
Nick Mathewson
12d980027a document return lifespans for config_mgr_list_vars() 2019-08-28 09:42:17 -04:00
Nick Mathewson
9cfc811c37 Fix typo in comment about FallbackDir handling 2019-08-28 09:42:17 -04:00
Nick Mathewson
3a530ae535 Document types for config_get_changes() 2019-08-28 09:42:17 -04:00
Nick Mathewson
760d0c056f finish a comment explaining all_abbrevs 2019-08-28 09:42:17 -04:00
Nick Mathewson
638e58379a Partial support for multiplicity in configuration objects
A configuration manager, in addition to a top-level format object,
may now also know about a suite of sub-formats.  Top-level
configuration objects, in turn, may now have a suite of
sub-objects.
2019-08-28 09:40:53 -04:00
Nick Mathewson
38b770bbbb Make a config_suite_t type to hold multiple config sub-objects
Right now, it doesn't do anything; this patch is meant to make sure
that we're doing memory management correctly.
2019-08-28 09:40:53 -04:00
Nick Mathewson
47654d3249 Refactor config free logic to use a single path.
The right way to free a config object is now to wrap config_free(),
always.  Instead of creating an alternative free function, objects
should provide an alternative clear callback to free any fields that
the configuration manager doesn't manage.

This lets us simplify our code a little, and lets us extend the
confparse.c code to manage additional fields in config_free.
2019-08-28 09:40:53 -04:00
Nick Mathewson
3d1f9f583a Use special magic to enforce manager/object connection.
Every time we finalize a config manager, we now generate a new magic
number for it, so that we'll get an assertion failure if we ever try
to use an object with a different configuration manager than the one
that generated it.
2019-08-28 09:40:46 -04:00
George Kadianakis
78e084a12e Merge branch 'tor-github/pr/1267' 2019-08-27 11:47:46 +03:00
George Kadianakis
92a8573d22 Merge branch 'tor-github/pr/1258' 2019-08-27 11:45:18 +03:00
George Kadianakis
0d7f76d7ca Merge branch 'tor-github/pr/1234' 2019-08-27 11:44:13 +03:00
George Kadianakis
5782cee71d Merge branch 'tor-github/pr/1237' 2019-08-27 11:43:10 +03:00
Nick Mathewson
8af92b6577 test_address: parenthesize macro arguments.
It's good style to always add parentheses when using macro
arguments, in case somebody someday provides an argument that
contains an operator you don't expect, or causes the expression to
parse differently.
2019-08-26 20:03:16 -04:00
Nick Mathewson
5eca338107 In tests, make sure that "ri" is freed on all paths.
In Tor's tests, the tt_*() macros can call "goto done" on failure.
When that happens, we need to make sure that all of our allocated
memory still gets freed, or else Coverity will complain.
2019-08-26 20:03:11 -04:00
Neel Chauhan
c8e69e63f9 Add test for dirserv_router_has_valid_address() 2019-08-26 20:02:11 -04:00
Neel Chauhan
d9a7d47798 Check for private IPv6 addresses in dirserv_router_has_valid_address() 2019-08-26 18:21:56 -04:00
David Goulet
d819dfbded Merge branch 'tor-github/pr/1239' 2019-08-26 14:35:27 -04:00
David Goulet
cbe5f9571f test: Unit tests HS DoS torrc options
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
461d231289 hs-v3: Refactor DoS cell extension parameters validation
Move everything to its own function in order to better log, document and tests
the introduction point validation process.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
1c4607b132 hs-v3: Clarify comment in hs_dos.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
292e9b0c00 hs-v3: Log info INTRO2 DoS defenses service values
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
a98f5099c4 hs-v3: Missing intro circuit INTRO2 DoS enabled flag
When consensus changes, we also need to update the circuit INTRO2 defenses
enabled flag and not only the token bucket.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:47 +03:00
David Goulet
94a2221708 hs-v3: Privatize access to HS DoS consensus param
Remove the public functions returning the HS DoS consensus param or default
values as it is exclusively used internally now.

Rename the param_* variables to consensus_param_* for better code semantic.

Finally, make some private functions available to unit tests.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
184c76e339 hs-v3: Cleanup usage of consensus param in hs_dos.c
This commit makes it that the hs_dos.c file only uses the consensus parameter
variables set when we initialize and when the consensus changes.

There is no need to call each time networkstatus_get_param(), which is
expensive, when we want access to a consensus value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
82639a8c7b hs-v3: Move to hs_dos.c INTRO2 defenses initialization
A bit cleaner especially that the next commit(s) will make the consensus param
interface private to hs_dos.c so we expose as little as we can outside of the
subsystem.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
1c554334ac test: Adapt HS DoS test to use latest parameter
We added a flag on the circuit to know if the DoS defenses are enabled or not.
Before, it was solely the consensus parameter.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
4c71accc49 test: Handling of ESTABLISH_INTRO DoS extension
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
dde073764c test: Build DoS cell extension
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
aee66c80bd hs-v3: Don't apply DoS defenses if circuit has not been flagged
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
724d9eb84b hs-v3: Parse ESTABLISH_INTRO cell extension
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
d692c5fd03 hs-v3: Encode DoS ESTABLISH_INTRO cell extension
This commit makes tor add the DoS cell extension to the ESTABLISH_INTRO cell
if the defense is enabled on the service side with a torrc option.

Furthermore, the cell extension is only added if the introduction point
supports it. The protover version HSIntro=5 is looked for.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
7faf10495f hs-v3: Rename INTRO2 consensus param getters
Make it clear that these functions return the consensus param only.
Introduction point can not set those values with a torrc option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
6c79172924 hs-v3: Add protover HSIntro=5
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
5419fd5d9f hs-v3: Implement torrc DoS defenses options
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
e4856d1bbf trunnel: Add prop305 ESTABLISH_INTRO DoS cell extension
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
David Goulet
414e90025d trunnel: Remove typo in cell extention field name
There can be multiple fields in a cell extension but individually, it is
singular.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-26 15:53:46 +03:00
Nick Mathewson
cde662e259 clarify usage of __ and ___ prefixes on config options 2019-08-24 17:46:08 -04:00
Nick Mathewson
078ba326a1 Make a function for NODUMP. 2019-08-24 17:40:48 -04:00
Nick Mathewson
eb54fe8f97 Make config_var_is_invisible a function. 2019-08-24 17:32:46 -04:00
Nick Mathewson
65511a45ad Fix comment: ___ options are now that way because of the INVISIBLE flag. 2019-08-24 17:26:02 -04:00
Nick Mathewson
03247c8eaa whitespace fix 2019-08-24 17:11:41 -04:00
Neel Chauhan
14654d5c97 Remove the unused circuit_type field from hs_ident_circuit_t and hs_ident_circuit_new() 2019-08-23 14:04:05 -04:00
teor
55580d063d
hs: Remove an outdated comment 2019-08-23 16:26:44 +10:00
teor
65935f6da7
Merge branch 'bug23818_035' into bug23818_master 2019-08-23 16:26:32 +10:00
teor
e2e1c07fd2
hs: v3 single onion services fall back to 3-hop intro for unreachable nodes
Previously, v3 single onion services failed when all intro nodes were
unreachable via a 1-hop path. Now, we select intros that are only available
via a 3-hop path, and use a 3-hop path to connect to them.

Fixes bug 23507; bugfix on 0.3.2.1-alpha.
2019-08-23 16:22:49 +10:00
teor
229a982405
hs: Always use a 3-hop path when a v3 single onion intro fails
Previously, we always used a 1-hop path, no matter how many times a v3
single onion intro failed.

Fixes bug 23818; bugfix on 0.3.2.1-alpha.
2019-08-23 15:09:55 +10:00
teor
c94904b359
hs: Always use a 3-hop path when a v3 single onion rend fails
Previously, we used a 1-hop path when a single onion rend failed
immediately, and a 3-hop path when it failed after trying to build
a circuit.

Fixes bug 23818; bugfix on 0.3.2.1-alpha.
2019-08-23 15:09:43 +10:00
teor
14b5f40b54
Merge branch 'bug23818_029' into bug23818_035 2019-08-23 15:09:19 +10:00
teor
144084d6fa
rendservice: Always use a 3-hop path when a v2 single onion intro fails
Previously, we always used a 1-hop path, no matter how many times a v2
single onion intro failed.

Fixes bug 23818; bugfix on 0.2.9.3-alpha.
2019-08-23 15:02:20 +10:00
teor
dc08f8ac70
rendservice: Always use a 3-hop path when a v2 single onion rend fails
Previously, we used a 1-hop path when a single onion rend failed
immediately, and a 3-hop path when it failed after trying to build
a circuit.

Fixes bug 23818; bugfix on 0.2.9.3-alpha.
2019-08-23 15:01:48 +10:00
Nick Mathewson
2780cbb9cb Merge branch 'ticket30935' into ticket30935_merged 2019-08-22 17:25:35 -04:00
David Goulet
d475d7c2fb Merge branch 'tor-github/pr/1244' 2019-08-22 17:10:22 -04:00
teor
1ebff4d7f3 test/nodelist: Add unit tests for describe.c
Part of 21003.
2019-08-23 00:02:33 +10:00
teor
e8ba094c3e nodelist: Clear buffers and detect more caller errors in describe.c
Part of 21003.
2019-08-22 23:51:32 +10:00
Nick Mathewson
cc48eff2d3 Merge branch 'ticket31176' into ticket31176_merged 2019-08-21 09:46:20 -04:00
Nick Mathewson
edf5a327c5 Merge branch 'ticket30914' into ticket30914_merged 2019-08-20 13:57:05 -04:00
Nick Mathewson
3b2a732073 bump to 0.4.1.5-dev 2019-08-20 11:15:45 -04:00
Nick Mathewson
0bf980705e Fix a memory-leak warning in test_circuitbuid.c
Coverity wants us to free everything that we are potentially
allocating, even stuff where allocating it would be a bug.  Adding
a smartlist_free() here will fix the warning.

Fixes bug 31452; bugfix on 16a0b7ed67, which is not in
any released Tor.  This is CID 1447292.
2019-08-19 16:21:55 -04:00
Nick Mathewson
87a3c5b110 Fix 64-bit return issue in parse_log_domain()
If unsigned int is 32-bits long, then our old code would give a
wrong result with any log domain whose mask was >= (1<<32).
Fortunately, there are no such log domains right now: the domain
mask is only 64 bits long to accommodate some flags.

Found by coverity as CID 1452041.

Fixes bug 31451; bugfix on 0.4.1.4-rc.
2019-08-19 13:59:57 -04:00
Nick Mathewson
ab92881d9a Update version to 0.4.1.5 2019-08-19 11:35:48 -04:00
Nick Mathewson
e5812c91d6 Merge remote-tracking branch 'tor-github/pr/1231' 2019-08-19 11:34:27 -04:00
Nick Mathewson
29bd43ab03 Merge remote-tracking branch 'tor-github/pr/1224' 2019-08-19 11:26:58 -04:00
Nick Mathewson
6a89b01049 Merge remote-tracking branch 'tor-github/pr/1230' into maint-0.4.1 2019-08-19 11:11:32 -04:00
Nick Mathewson
e7aabfce61 Merge remote-tracking branch 'tor-github/pr/1235' 2019-08-19 11:10:21 -04:00
Nick Mathewson
deccd3aa6a Merge remote-tracking branch 'tor-github/pr/1225' 2019-08-19 11:08:44 -04:00
George Kadianakis
4185ef29fd Merge branch 'tor-github/pr/1122' 2019-08-19 18:06:05 +03:00
George Kadianakis
dfc8c0b536 Merge branch 'tor-github/pr/1214' 2019-08-19 18:04:35 +03:00
George Kadianakis
19e19c1fa8 Merge branch 'tor-github/pr/1154' 2019-08-19 18:03:51 +03:00
George Kadianakis
b257e8e553 Merge remote-tracking branch 'mike/bug31356+logs-rebased2' into bug31356_final 2019-08-19 17:53:00 +03:00
Nick Mathewson
c214402a56 Merge branch 'maint-0.4.1' 2019-08-19 10:37:22 -04:00
Nick Mathewson
90f4ed2335 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-08-19 10:37:21 -04:00
Nick Mathewson
5653b93a1d Merge branch 'maint-0.2.9' into maint-0.3.5 2019-08-19 10:37:21 -04:00
Nick Mathewson
bba64c9882 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-08-19 10:37:21 -04:00
David Goulet
a8e6eab379 Merge branch 'tor-github/pr/1213' 2019-08-19 09:49:33 -04:00
teor
23844bc739 nodelist: Add support for multiple addresses in describe.c
Also prepare for unit tests.

Part of 21003.
2019-08-19 16:41:35 +10:00
teor
03be44e216 nodelist: Remove support for is_named in describe.c
The Named flag is deprecated. Removing support from the formatting code
simplifies the unit tests.

Part of 21003.
2019-08-19 16:40:42 +10:00
teor
81256c079f nodelist: Move router_get_verbose_nickname() declaration
The declaration was in nodelist/routerinfo.h, but the implementation
was in nodelist/describe.h.

Part of 21003.
2019-08-19 16:40:41 +10:00
teor
8a10c0696d test/nodelist: Fix a typo 2019-08-19 16:40:41 +10:00
David Goulet
5a1c3e44f7 dirauth: Change dizum IP address
New IP address from 194.109.206.212 to 45.66.33.45.

Signed request from Alex de Joode, operator of dizum:
https://trac.torproject.org/projects/tor/ticket/31406

Published descriptor by dizum on August 12th, 2019:

--
r dizum fqbq1v2DCDxTj0QDi7+gd1h911U GZmZtCLaPDQNxkhIFj8UcgTRAuA 2019-08-12 15:28:40 45.66.33.45 443 80
s Authority Fast Running Stable V2Dir Valid
v Tor 0.4.0.5
pr Cons=1-2 Desc=1-2 DirCache=1-2 HSDir=1-2 HSIntro=3-4 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Relay=1-2 Padding=1
w Bandwidth=20 Unmeasured=1
p reject 1-65535
--

Finally, confirmed by DNS:

  $ dig +short tor.dizum.com
  45.66.33.45

Closes #31406

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-15 08:20:47 -04:00
Roger Dingledine
9b1aa9a572 fix typo in keypin journal log entry (for dir auths) 2019-08-15 02:32:00 -04:00
Mike Perry
2ea2d6f30a Clarify comment for bug30942 and improve logline. 2019-08-12 14:24:11 -05:00
Mike Perry
b2821b72bc Bug 31356: Propogate protover padding support to circpad 2019-08-12 14:06:08 -05:00
Mike Perry
b14bb12e39 Bug 31356: Bump protover for new padding machines
By binding the protover numbering to specific padding machines, we can make
our padding negotiation simpler. We probably should have done this in the
first place.

This has the side effect that earlier 0.4.1.x-alpha clients won't negotiate
with 0.4.1.x-stable relays, and 0.4.1.x-stable clients won't negotiate with
earlier 0.4.1.x-alpha relays (or 0.4.0.x relays). Since we don't support
alphas after the stable is released, this is fine, so long as it gets in
before the first stable of 0.4.1.x.
2019-08-12 14:02:35 -05:00
Mike Perry
f6bc9d7c7e Bug 30992: Demote logline of wronghop padding to protocol warn.
This can happen, it's not great, but it's not the worst thing in the world
either. Deferring full fix for 0.4.2/later.
2019-08-12 13:46:32 -05:00
Mike Perry
ccd16caeac Additional circpad diagnostic logs
Also add controller circuit id to all relevant circpad loglines. This will
make debugging any future issues like #30992 much easier.
2019-08-12 13:46:32 -05:00
teor
20943d00f1
Merge branch 'maint-0.3.5' into maint-0.4.0 2019-08-12 13:10:05 +10:00
teor
a1d8409ee2
Merge remote-tracking branch 'tor-github/pr/1049' into maint-0.4.0 2019-08-12 09:55:29 +10:00
teor
d253b31cec
Merge remote-tracking branch 'tor-github/pr/1077' into maint-0.3.5 2019-08-12 09:54:35 +10:00
teor
31fb2bceb5
Merge remote-tracking branch 'tor-github/pr/1066' into maint-0.3.5 2019-08-12 09:53:59 +10:00
teor
789fdbed05
Merge remote-tracking branch 'tor-github/pr/1065' into maint-0.3.5 2019-08-12 09:52:56 +10:00
teor
a92b05392e
Merge remote-tracking branch 'tor-github/pr/1056' into maint-0.3.5 2019-08-12 09:51:35 +10:00
teor
224825e7ee
Merge remote-tracking branch 'tor-github/pr/1039' into maint-0.3.5 2019-08-12 09:51:00 +10:00
teor
e5be039494
Merge remote-tracking branch 'tor-github/pr/1034' into maint-0.3.5 2019-08-12 09:50:42 +10:00
teor
f65f4b5c38
Merge remote-tracking branch 'tor-github/pr/1020' into maint-0.3.5 2019-08-12 09:49:53 +10:00
teor
8ea0903222
Merge remote-tracking branch 'tor-github/pr/987' into maint-0.3.5 2019-08-12 09:45:32 +10:00
teor
6ed56ee4ea
Merge remote-tracking branch 'tor-github/pr/952' into maint-0.3.5 2019-08-12 09:44:46 +10:00
teor
2d4772dc47
Merge remote-tracking branch 'tor-github/pr/951' into maint-0.3.5 2019-08-12 09:43:37 +10:00
teor
ef345ab56d
Merge remote-tracking branch 'tor-github/pr/937' into maint-0.3.5 2019-08-12 09:42:15 +10:00
teor
9be65c440b
Merge remote-tracking branch 'tor-github/pr/926' into maint-0.3.5 2019-08-12 09:41:14 +10:00
teor
955cf9620c
Merge remote-tracking branch 'tor-github/pr/911' into maint-0.3.5 2019-08-12 09:40:08 +10:00
teor
3287cae68c
Merge remote-tracking branch 'tor-github/pr/848' into maint-0.3.5 2019-08-12 09:38:46 +10:00
teor
a57e168caa
Merge remote-tracking branch 'tor-github/pr/741' into maint-0.3.5 2019-08-12 09:36:14 +10:00
teor
bad0010808
Merge branch 'maint-0.3.5' into maint-0.4.0 2019-08-10 07:26:21 +10:00
teor
254c1bac45
Merge remote-tracking branch 'tor-github/pr/1078' into maint-0.2.9 2019-08-10 07:21:56 +10:00
teor
e07d08a169
Merge remote-tracking branch 'tor-github/pr/1052' into maint-0.2.9 2019-08-10 07:21:43 +10:00
teor
e0f9a8222b
Merge remote-tracking branch 'tor-github/pr/1229' into maint-0.2.9 2019-08-10 07:21:31 +10:00
Nick Mathewson
37bd7fa50d
Modify "Protect buffers against INT_MAX datalen overflows." for 0.2.9 2019-08-10 07:16:42 +10:00
teor
8a4635a5fe
Merge remote-tracking branch 'tor-github/pr/1081' into maint-0.4.0 2019-08-09 14:05:46 +10:00
teor
654769bcec
Merge remote-tracking branch 'tor-github/pr/1080' into maint-0.3.5 2019-08-09 14:05:26 +10:00
teor
1ba2bd3599
Merge remote-tracking branch 'tor-github/pr/1054' into maint-0.3.5 2019-08-09 14:01:50 +10:00
teor
e3ba9b7a78
Merge remote-tracking branch 'tor-github/pr/920' into maint-0.3.5 2019-08-09 14:00:01 +10:00
teor
1a9555e283
Merge remote-tracking branch 'tor-github/pr/763' into maint-0.3.5 2019-08-09 13:53:52 +10:00
teor
45f30ba5fa
Merge remote-tracking branch 'tor-github/pr/762' into maint-0.2.9 2019-08-09 13:53:34 +10:00
teor
05018d55ca
Merge remote-tracking branch 'tor-github/pr/957' into maint-0.2.9 2019-08-09 13:50:42 +10:00
teor
7502881deb
Merge branch 'bug31343_31374_035' into bug31343_31374_040 2019-08-09 09:51:40 +10:00
teor
65343a966e
Merge remote-tracking branch 'tor-github/pr/1222' into combined31343_31374_035 2019-08-09 09:49:35 +10:00
teor
2bc8989d83
Merge remote-tracking branch 'tor-github/pr/1221' into combined31343_31374_029 2019-08-09 09:48:41 +10:00
Nick Mathewson
0e1fd6d61f Merge branch 'maint-0.4.1' 2019-08-08 15:25:00 -04:00
Nick Mathewson
53d5b67f07 Merge branch 'ticket31374_035' into maint-0.4.1 2019-08-08 15:24:52 -04:00
David Goulet
2e5519da7c hs: Initialize the INTRO2 bucket for legacy intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-08 13:40:10 -04:00
Neel
64d2133a61 Move the connection_edge_process_relay_cell() assignments out of if statements in circuit_receive_relay_cell() 2019-08-08 13:05:46 -04:00
David Goulet
b47adcbcab Merge branch 'tor-github/pr/1183' 2019-08-08 12:30:23 -04:00
David Goulet
0312da75a3 Merge branch 'tor-github/pr/1172' 2019-08-08 12:26:59 -04:00
Nick Mathewson
b560d94ac0 Merge branch 'ticket31374_029' into ticket31374_035 2019-08-08 11:46:24 -04:00
Nick Mathewson
3a280b35ee Fix a warning about casting the results of GetProcAddress.
Fixes bug 31374; bugfix on 0.2.9.1-alpha.
2019-08-08 11:44:19 -04:00
Nick Mathewson
a8f936c817 Merge branch 'maint-0.4.1' 2019-08-08 11:24:08 -04:00
Nick Mathewson
0bc5b7ae95 Merge branch 'ticket31343_040' into maint-0.4.1 2019-08-08 11:23:59 -04:00
Nick Mathewson
7e32db478b Merge branch 'ticket31343_035' into ticket31343_040 2019-08-08 09:40:04 -04:00
Nick Mathewson
a4400a77a5 Merge branch 'ticket31343_029' into ticket31343_035 2019-08-08 09:39:48 -04:00
Nick Mathewson
878f440901 Fix another time_t/long warning for 31343. 2019-08-08 09:38:03 -04:00
Nick Mathewson
cd6cb45372 Restore proper behavior of netinfo skew check
My previous fix removed a comparison, which would have caused us to
warn about every skew instead of skews of over an hour.
2019-08-08 09:15:42 -04:00
Nick Mathewson
35cfe2e776 Merge remote-tracking branch 'tor-github/pr/1208' 2019-08-07 09:49:49 -04:00
Nick Mathewson
f557680aa9 Merge remote-tracking branch 'tor-github/pr/1203' 2019-08-06 13:12:42 -04:00
Nick Mathewson
484b654048 test_token_bucket: negate after casting to signed type.
Previously we tried multiplying by -1 before casting to int32_t,
which would cause us to cast the -1 to an unsigned before we
multiplied.  This gave us compiler warnings on windows.

Fixes bug 31353; bug not in any released Tor.
2019-08-06 11:42:04 -04:00
Nick Mathewson
66437710af test_util: Do not check for ENETUNREACH unless it exists.
Fixes bug 31352; bug not in any released Tor.
2019-08-06 11:35:50 -04:00
Nick Mathewson
79569d86b3 Merge branch 'ticket31343_035' into ticket31343_040 2019-08-06 11:18:40 -04:00
Nick Mathewson
bc9492a938 Merge branch 'ticket31343_029' into ticket31343_035 2019-08-06 11:15:20 -04:00
Nick Mathewson
0849d2a2fd Avoid using labs() on time_t in channeltls.c
On some windows builds, time_t is 64 bits but long is not.  This is
causing appveyor builds to fail.

Also, one of our uses of labs() on time_t was logically incorrect:
it was telling us to accept NETINFO cells up to three minutes
_before_ the message they were responding to, which doesn't make
sense.

This patch adds a time_abs() function that we should eventually move
to intmath.h or something.  For now, though, it will make merges
easier to have it file-local in channeltls.c.

Fixes bug 31343; bugfix on 0.2.4.4-alpha.
2019-08-06 11:11:06 -04:00
David Goulet
c45f0b4ec1 hs-v3: Rename HS DoS default defines
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
90b5422e8e test: Series of fixes for hs_dos.c unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
e537968548 dos: Update HS intro circuits if parameters change
In case the consensus parameters for the rate/burst changes, we need to update
all already established introduction circuits to the newest value.

This commit introduces a "get all intro circ" function from the HS circuitmap
(v2 and v3) so it can be used by the HS DoS module to go over all circuits and
adjust the INTRODUCE2 token bucket parameters.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
be8bd2a46e hs-v3: Add enable/disable HS DoS introduce parameter
Following prop305 values.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
c5b00c5a51 hs-v3: Add consensus parameters for DoS defenses
Part of #15516

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
fec0a7b7cb test: Add hs_dos.c unit tests
Currently test the only available function which is hs_dos_can_send_intro2()
within the HS anti-DoS subsystem.

Closes #15516

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
David Goulet
9f738be893 hs: Limit the amount of relayed INTRODUCE2
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.

At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.

The rate per second is 25 and allowed burst to 200.

Basic defenses on #15516.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06 07:58:14 -04:00
George Kadianakis
d7afdb3b0f Merge branch 'tor-github/pr/1195' 2019-08-06 14:51:47 +03:00
Nick Mathewson
720951f056 Teach include-checker about advisory rules
A .may_includes file can be "advisory", which means that some
violations of the rules are expected.  We will track these
violations with practracker, not as automatic errors.
2019-08-05 17:04:00 -04:00
Ali Raheem
57c34e80da #31320 Add IPv6 examples 2019-08-05 19:24:42 +01:00
George Kadianakis
8248812188 Rename handle_relay_command to handle_relay_cell_command .
As per David's review.
2019-08-05 18:03:23 +03:00
George Kadianakis
1e970d17b8 Test that regular cells get ignored in padding circuits. 2019-08-05 18:03:23 +03:00
George Kadianakis
ce477da8a7 Ignore regular cells in padding circuits.
Padding circuits were regular cells that got closed before their padding
machine could finish. This means that they can still receive regular cells from
their past life, but they have no way or reason to answer them anymore. Hence
let's ignore them before they even get to the proper subsystems.
2019-08-05 18:03:23 +03:00
George Kadianakis
7a032c5e48 Split connection_edge_process_relay_cell() in two functions.
One function does the validation, the other does the handling.
2019-08-05 18:02:33 +03:00
Nick Mathewson
54ad92a240 Merge branch 'maint-0.4.1' 2019-08-05 09:59:40 -04:00
George Kadianakis
74c0595965 Ignore regular cells in padding circuits.
Padding circuits were regular cells that got closed before their padding
machine could finish. This means that they can still receive regular cells from
their past life, but they have no way or reason to answer them anymore. Hence
let's ignore them before they even get to the proper subsystems.
2019-08-05 13:48:58 +03:00
Nick Mathewson
fa60fee8d5 practracker: Add unit tests to test script, and test script to makefile
This makes all of the practracker tests get run by make check, and
hence by our CI.

Closes ticket 31304.
2019-08-01 14:01:43 -04:00
David Goulet
6dba86d7c9 Merge branch 'maint-0.4.1' 2019-07-29 12:02:54 -04:00
David Goulet
1d6054f750 Merge branch 'tor-github/pr/1179' into maint-0.4.1 2019-07-29 12:02:47 -04:00
Nick Mathewson
d8264ab62b bump to 0.4.1.4-rc-dev 2019-07-25 21:51:53 -04:00
Nick Mathewson
2722296b95 Merge branch 'maint-0.4.1' 2019-07-25 20:11:47 -04:00
Nick Mathewson
278e65887b Fix more 32-bit errors with domain and tt_int_op 2019-07-25 20:11:33 -04:00
Nick Mathewson
69921a6a8a Merge branch 'maint-0.4.1' 2019-07-25 16:57:32 -04:00
Nick Mathewson
6095bbf74e test: Use a 64-bit comparison for logging domains. 2019-07-25 16:57:06 -04:00
David Goulet
044bb019b6 Merge branch 'maint-0.4.1' 2019-07-25 10:27:41 -04:00
George Kadianakis
af26cd6101 Always check the retval of circpad_machine_current_state(). 2019-07-25 10:24:23 -04:00
George Kadianakis
bd1ac408d8 Remove dead code from circpad_machine_remove_token(). 2019-07-25 10:24:19 -04:00
David Goulet
cfb15d513d Merge branch 'maint-0.4.1' 2019-07-25 09:03:01 -04:00
David Goulet
2a4b156978 Merge branch 'tor-github/pr/1171' into maint-0.4.1 2019-07-25 09:02:53 -04:00
Nick Mathewson
b2a6b52825 Bump version to 0.4.1.4-rc 2019-07-25 09:00:53 -04:00
Nick Mathewson
57e87cc86c Use config_new() to construct configuration objects.
We'll need to do it this way once the objects become more complex.
2019-07-24 15:21:56 -04:00
Nick Mathewson
c32d485942 Remove src/core/ and src/feature dependencies from confparse.c
This C file will eventually belong in lib/confmgt, so it needs to
have only low-level dependencies.  Now that it no longers needs
routerset.c, we can adjust its includes accordingly.

I'm not moving the file yet, since it would make fixup commits on
earlier branches here really hard to do.
2019-07-24 15:21:56 -04:00
Nick Mathewson
a1b2817abe Sort variables in config_mgr_t.all_vars alphabetically 2019-07-24 15:21:56 -04:00
Nick Mathewson
f8b193a74a Make config_var and config_fmt const.
Now that we have a reasonable implementation for overriding the
default options for TestingTorNetwork, we don't need to modify
config_var_t structs any more.  And therefore, we can have constant
format options, like reasonable people.
2019-07-24 15:21:56 -04:00
Nick Mathewson
dde091ebc7 Add a "freeze" function for config_mgr_t objects.
It's important to make sure that we don't change a config_mgr_t
after we start using it to make objects, or we could get into
inconsistent states.  This feature is the start of a safety
mechanism to prevent this problem.
2019-07-24 15:21:56 -04:00
Nick Mathewson
f306d12b58 Refactor handling of TestingTorNetwork
Previously, when TestingTorNetwork was set, we would manually adjust
the initvalue members of a bunch of other config_var_t, and then
re-run the early parts or parsing the options.

Now we treat the initvalue fields as immutable, but instead assign
to them in options_init(), as early as possible.  Rather than
re-running the early parts of options, we just re-call the
options_init_from_string() function.

This patch de-kludges some of our code pretty handily.  I think it
could later handle authorities and fallbacks, but for now I think we
should leave those alone.
2019-07-24 15:21:56 -04:00
Nick Mathewson
7abd43ac5f Change CONFIG_CHECK() macro to not need a config_format_t
We'll want it to check all the subsidiary structures of the
options object.
2019-07-24 15:21:56 -04:00
Nick Mathewson
627ab9dba3 Fix every place in config.c that knew about option_vars_.
Iterating over this array was once a good idea, but now that we are
going to have a separate structure for each submodule's
configuration variables, we should indirect through the config_mgr_t
object.
2019-07-24 15:21:56 -04:00
Nick Mathewson
89a3051365 Lower responsibility for listing changed options into confparse.c 2019-07-24 15:21:56 -04:00
Nick Mathewson
7e91d4f572 Replace config_find_option with a variant that exposes less 2019-07-24 15:21:56 -04:00
Nick Mathewson
769fe81717 Start teaching config_mgr_t to handle sub-objects and sub-formats
The eventual design here will be that multiple config_format_t
objects get registered with a single config_mgr_t.  That
config_mgr_t manages a "top-level" object, which has a pointer to
the other objects.

I had earlier thought of a different design, where there would be no
top-level object, and config_mgr_t would deal with a container
instead.  But this would require a bunch of invasive refactoring
that I don't think we should do just yet.
2019-07-24 15:21:56 -04:00
Nick Mathewson
e8dc513bd0 Add a config_mgr_t type to wrap config_format_t
Remember that our goal in the present refactoring is to allow each
subsystem to declare its own configuration structure and
variables.  To do this, each module will get its own
config_format_t, and so we'll want a different structure that wraps
several config_format_t objects.  This is a "config_mgr_t".
2019-07-24 15:21:56 -04:00
Nick Mathewson
167d873bde Fix clang-detected errors related to log_domain_mask_t 2019-07-24 09:08:48 -04:00
George Kadianakis
2944b091fc Merge branch 'maint-0.4.1' 2019-07-24 12:32:06 +03:00
George Kadianakis
bb33a2f290 Merge branch 'tor-github/pr/1181' into maint-0.4.1 2019-07-24 12:31:56 +03:00
Nick Mathewson
ab1f82ea2a Merge branch 'ticket24963_042_02' 2019-07-23 14:03:30 -04:00
Nick Mathewson
df12ff3dea Add a test for disallowing single-hop introductions.
Code from dgoulet.
2019-07-23 12:42:33 -04:00
Nick Mathewson
f14ce4bce6 Allow NULL circ->p_chan in circuit_is_suitable_for_introduce1()
This shouldn't be possible while Tor is running, but the tests can
hit this code.  Rather than force the tests to add a dummy channel
object, let's just tolerate their incompletely built circuits.
2019-07-23 12:36:40 -04:00
Nick Mathewson
ab1f39322c Merge remote-tracking branch 'tor-github/pr/1185' 2019-07-23 12:32:14 -04:00
Nick Mathewson
f6db290e5a Merge remote-tracking branch 'tor-github/pr/1186' 2019-07-23 12:30:19 -04:00
David Goulet
ef2dd1ba96 Merge branch 'tor-github/pr/1116' 2019-07-23 09:46:29 -04:00
David Goulet
2fce1274de Merge branch 'tor-github/pr/1153' 2019-07-23 09:43:36 -04:00
pulls
c2f6064325 Improve circpad documentation.
Patch by Tobias Pulls.
2019-07-23 12:44:43 +03:00
George Kadianakis
5aa526c2d8 circpad: some more logging changes.
- Add an info log when receiving a STOP command.
- Keep warning if we receive padding from a wrong hop.
2019-07-23 12:22:26 +03:00
Mike Perry
a3089662c0 More LOG_PROTOCOL_WARN.
Make origin-side messages about padding negotiation failure into
LOG_PROTOCOL_WARN.

I'm not sure I like this either.. But the negotiation refusal case might
happen naturally due to consensus drift, and is functionally no different than
a corrupted cell.
2019-07-23 12:22:25 +03:00
Mike Perry
86f298441b Make some warns into protocol warns
I'm not sure I agree with this option.
2019-07-23 12:22:24 +03:00
Mike Perry
065f25c2ce Bug 30649: Check that machine is absent before warn 2019-07-23 12:22:15 +03:00
pulls
fd1f285189 transition when we send our first padding packet, not on received 2019-07-23 11:52:25 +03:00
pulls
5f95b37f6c remove specified target_hopnum from relay-side machines (only for origin-side machines) 2019-07-23 11:52:25 +03:00
Neel Chauhan
232aa8570d Space out first connection_edge_process_relay_cell() line in circuit_receive_relay_cell() 2019-07-19 20:50:25 -04:00
Nick Mathewson
5fb070a14d Extract the log_domain_t type to a lower-level header
This way, both err and log may depend on it.
2019-07-19 10:17:22 -04:00
Nick Mathewson
f682de609b Adjust tor_log.rs for 64-bit log domains. 2019-07-19 10:07:32 -04:00
Nick Mathewson
a9379d6750 Set 'routerlist' global to NULL before freeing it.
There is other code that uses this value, and some of it is
apparently reachable from inside router_dir_info_changed(), which
routerlist_free() apparently calls.  (ouch!)  This is a minimal fix
to try to resolve the issue without causing other problems.

Fixes bug 31003. I'm calling this a bugfix on 0.1.2.2-alpha, where
the call to router_dir_info_changed() was added to routerlist_free().
2019-07-19 09:49:52 -04:00
Tobias Stoeckmann
17458a87d7 Prevent UB on signed overflow.
Overflowing a signed integer in C is an undefined behaviour.
It is possible to trigger this undefined behaviour in tor_asprintf on
Windows or systems lacking vasprintf.

On these systems, eiter _vscprintf or vsnprintf is called to retrieve
the required amount of bytes to hold the string. These functions can
return INT_MAX. The easiest way to recreate this is the use of a
specially crafted configuration file, e.g. containing the line:

FirewallPorts AAAAA<in total 2147483610 As>

This line triggers the needed tor_asprintf call which eventually
leads to an INT_MAX return value from _vscprintf or vsnprintf.

The needed byte for \0 is added to the result, triggering the
overflow and therefore the undefined behaviour.

Casting the value to size_t before addition fixes the behaviour.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-07-19 09:21:32 -04:00
Tobias Stoeckmann
0d4a689d3a Prevent UB on signed overflow.
Overflowing a signed integer in C is an undefined behaviour.
It is possible to trigger this undefined behaviour in tor_asprintf on
Windows or systems lacking vasprintf.

On these systems, eiter _vscprintf or vsnprintf is called to retrieve
the required amount of bytes to hold the string. These functions can
return INT_MAX. The easiest way to recreate this is the use of a
specially crafted configuration file, e.g. containing the line:

FirewallPorts AAAAA<in total 2147483610 As>

This line triggers the needed tor_asprintf call which eventually
leads to an INT_MAX return value from _vscprintf or vsnprintf.

The needed byte for \0 is added to the result, triggering the
overflow and therefore the undefined behaviour.

Casting the value to size_t before addition fixes the behaviour.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-07-19 09:17:25 -04:00
rl1987
ffce19a9ec Make tor-print-ed-signing-cert output RFC1123 and unix timestamps as well 2019-07-10 11:36:26 +03:00
Nick Mathewson
2e55fa9587 Adjust log callback type to use log_domain_mask_t 2019-07-08 14:11:02 -04:00
Nick Mathewson
4512578e49 Add a compile-time assertion to prevent a recurrence of 31080. 2019-07-08 13:41:35 -04:00
Nick Mathewson
09c692e72b Use a 64-bit mask for log domains, and fix a conflict
When we added LD_MESG, we created a conflict with the LD_NO_MOCK
flag.  We now need 64 bits for log domains in order to fix this
issue.

Fixes bug 31080; bugfix on 0.4.1.1-alpha.
2019-07-08 13:32:45 -04:00
Nick Mathewson
d972f29d8d Move declaration of LD_NO_MESG to make conflict more apparent. 2019-07-08 13:00:31 -04:00
pulls
c2521873a6 fix for circpad_add_matching_machines to be able to negotiate one machine per index, not only one machine in total 2019-07-08 16:15:41 +02:00
George Kadianakis
5303dbe624 Merge branch 'tor-github/pr/1152' 2019-07-04 17:14:06 +03:00
Nick Mathewson
3e34840a77 Make config_lines_eq() take const arguments. 2019-07-03 10:27:38 -04:00
Nick Mathewson
daed2e39ad Revert "Add a function to append an existing line to a config line list."
This reverts commit 5a2ab886ba.
2019-07-03 10:21:49 -04:00
Nick Mathewson
e3ccf37e25 Fix @file directive in var_type_def_st.h 2019-07-03 10:19:57 -04:00
David Goulet
ef2123c7c7 hs-v3: Disallow single hop client to post/get a descriptor
Closes #24964

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-07-03 08:21:16 -04:00
Nick Mathewson
fdbd139495 Merge remote-tracking branch 'tor-github/pr/1136' 2019-07-02 13:33:50 -04:00
Nick Mathewson
cf92c096ad Merge remote-tracking branch 'tor-github/pr/1120' 2019-07-02 13:33:37 -04:00
Nick Mathewson
c0ea6f9c64 Merge branch 'maint-0.4.1' 2019-07-01 14:25:13 -04:00
Nick Mathewson
1dd9527897 Merge branch 'maint-0.2.9' into maint-0.3.5 2019-07-01 14:25:12 -04:00
Nick Mathewson
2a42d6be27 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-07-01 14:25:12 -04:00
Nick Mathewson
5e16601000 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-07-01 14:25:12 -04:00
Roger Dingledine
a5911c4551 get rid of accidental second space 2019-06-29 22:26:00 -04:00
Nick Mathewson
ea154a6108 Coverity: fix memory leak on error in test function.
The function make_intro_from_plaintext() in test_introduce.c would
leak memory if we ever hit a failure from our underlying crypto
functions.  This kind of failure should be impossible, but it's best
to be safe here.

Bugfix on 0.2.4.1-alpha.
2019-06-28 12:36:53 -04:00
Nick Mathewson
5fa2b32200 Coverity: fix test issues with always-present 'service' var.
Coverity is worried that we check "service" at the end of these test
functions, since it doesn't see any way to reach the cleanup code
without having first dereferenced the variable.

Removing the check would be unwise in this case: instead we add a
tt_assert check before using "service" so that coverity thinks that
the check is doing something useful.

Bugfix on 0.3.2.1-alpha.
2019-06-28 12:36:44 -04:00
Nick Mathewson
68792f77e5 Fix a few coverity unitinitialzed-value warnings in the unit tests.
Coverity can't see that it is not in fact going to read
uninitialized memory here, so we initialize these values
unconditionally.

Bugfix on 0.4.0.1-alpha.
2019-06-28 12:33:27 -04:00
Nick Mathewson
f55598f870 Coverity: different implementation for csiphash
Coverity has had trouble figuring out our csiphash implementation,
and has given spurious warnings about its behavior.

This patch changes the csiphash implementation when coverity is in
use, so that coverity can figure out that we are not about to read
beyond the provided input.

Closes ticket 31025.
2019-06-28 12:07:38 -04:00
Nick Mathewson
0fa3dc3228 begin_cell_parse(): Add an assertion to please coverity.
Coverity doesn't understand that if begin_cell_parse() returns 0 and
sets is_begindir to 0, its address field will always be set.

Fixes bug 30126; bugfix on 0.2.4.7-alpha; Fixes CID 1447296.
2019-06-28 11:29:51 -04:00
teor
f3b2a81ce7
fallback: apply the second fallback list from 2019
Update the fallback directory mirrors by merging the current list with:
fallback_dirs_2019-06-28-08-58-39_AU_f0437a39ddbc8459.inc

Part of 28795, see that ticket for logs.
2019-06-28 21:16:50 +10:00
teor
37c2808ab0
fallback: apply the first fallback list from 2019
Update the fallback directory mirrors by replacing the old list with:
fallback_dirs_2019-06-25-11-49-10_AU_a37adb956fbb5cd2.inc

Part of 28795, see that ticket for logs.
2019-06-28 21:05:00 +10:00
Nick Mathewson
da11304136 Merge branch 'maint-0.4.1' 2019-06-26 10:06:02 -04:00
Nick Mathewson
3ccf91027b Merge remote-tracking branch 'tor-github/pr/1101' into maint-0.4.1 2019-06-26 10:05:51 -04:00
Nick Mathewson
089ef46063 Merge branch 'bug30721_squashed' 2019-06-26 09:57:20 -04:00
teor
6ef555bda0 test/addr: test that tor_addr_port_lookup() handles IP addresses and ports
And that it does something sensible with host and host:port.

Also reorder the tests into valid, invalid, and ambiguous.
And add some missing cases.

Note: tor_addr_port_lookup() handles ip, ip:port, host, and host:port.

Tests for 30721.
2019-06-26 09:55:37 -04:00
teor
6079dfd103 test/addr: test that tor_addr_lookup() handles IP addresses
And that it fails on IP:port and host:port, and does something sensible with
host.

Tests for 30721.
2019-06-26 09:55:37 -04:00
teor
1c92d7f388 test/addr: test that tor_lookup_hostname() handles IPv4 addresses
And that it fails on IPv6 and host:port, and does something sensible with
host.

Tests for 30721.
2019-06-26 09:55:37 -04:00
teor
60ce431c54 test/addr: Add some ambiguous IPv6 cases to test_addr_parse()
Test some strings which could be parsed as IPv6 addresses,
or as IPv6:port strings.

Additional tests for 30721.
2019-06-26 09:55:37 -04:00
teor
2dbde3617f test/addr: Increase coverage in test_addr_parse()
Do as many tests as possible for each input string.
Then remove some redundant test cases.

Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
5a3770dc6c test/addr: Stop repeating so much code in test_addr_parse()
Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
1d3d6bf6b1 test/addr: Add unit tests for the fixes in 30721 2019-06-26 09:55:37 -04:00
teor
adb8538e7b address/resolve: Require square brackets on IPv6 address:ports
When parsing addreses via Tor's internal address:port parsing and
DNS lookup APIs, require IPv6 addresses with ports to have square
brackets.

But allow IPv6 addresses without ports, whether or not they have
square brackets.

Fixes bug 30721; bugfix on 0.2.1.5-alpha.
2019-06-26 09:55:37 -04:00
teor
308d300213 address/resolve: try harder to avoid returning uninitialised data
Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
fb93646c1c resolve: split sub-functions out of tor_addr_lookup()
And remove the practracker exception for tor_addr_lookup().

Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
29cf64c838 resolve: refactor address family logic in tor_addr_lookup()
Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
cd1de99468 resolve: consistently parse IP addresses in square brackets
When parsing addreses via Tor's internal DNS lookup API:
* reject IPv4 addresses in square brackets (with or without a port),
* accept IPv6 addresses in square brackets (with or without a port), and
* accept IPv6 addresses without square brackets, as long as they have no port.

This change completes the work started in 23082, making address parsing
consistent between tor's internal DNS lookup and address parsing APIs.

Fixes bug 30721; bugfix on 0.2.1.5-alpha.
2019-06-26 09:55:36 -04:00
Nick Mathewson
0fe9657c8c Merge remote-tracking branch 'tor-github/pr/1119' 2019-06-26 09:50:00 -04:00
Nick Mathewson
648d5df628 Merge remote-tracking branch 'tor-github/pr/1118' into maint-0.4.1 2019-06-26 09:49:40 -04:00
George Kadianakis
72ef4f43d5 Merge branch 'tor-github/pr/1142' 2019-06-26 10:57:24 +03:00
George Kadianakis
fede64822d Merge branch 'tor-github/pr/1128' 2019-06-26 10:53:34 +03:00
George Kadianakis
00acccac64 Merge branch 'tor-github/pr/1114' into maint-0.4.1 2019-06-26 10:51:12 +03:00
Nick Mathewson
f3330d2be3 Make "invisibility" and "undumpability" properties of variables.
Previously, these were magical things that we detected by checking
whether a variable's name was prefixed with two or three underscores.
2019-06-25 12:51:25 -04:00
Nick Mathewson
c390efe84f A few more test cases and unreachable lines 2019-06-25 12:51:25 -04:00
Nick Mathewson
a7835202cf Turn several properties of types or variables into flags.
"unsettable" is a property of types.  LINELIST_V and OBSOLETE are
unsettable, meaning that they cannot be set by name.

"contained" is a property of types.  I'm hoping to find a better
name here.  LINELIST_S is "contained" because it always appears
within a LINELIST_V, and as such doesn't need to be dumped ore
copied independently.

"cumulative" is a property of types. Cumulative types can appear
more than once in a torrc without causing a warning, because they
add to each other rather than replacing each other.

"obsolete" is a property of variables.

"marking fragile" is now a command that struct members can accept.

With these changes, confparse and config no longer ever need to
mention CONFIG_TYPE_XYZ values by name.
2019-06-25 12:51:25 -04:00
Nick Mathewson
a114df9a04 Add a function to make sure all values in a config object are ok 2019-06-25 12:51:25 -04:00
Nick Mathewson
b6457d4c08 Extend macros to allow flag arguments. 2019-06-25 12:51:25 -04:00
Nick Mathewson
a91ed23403 Use structvar to find the types for config vars. 2019-06-25 12:51:25 -04:00
Nick Mathewson
5b252d31ed Add a "flags" member to config_var_t
Additionally, adjust the macros so that we can add new members like
this more easily.
2019-06-25 12:51:25 -04:00
Nick Mathewson
53e969c137 Use struct_var_{copy,eq} in confparse.c. 2019-06-25 12:51:25 -04:00
Nick Mathewson
c553750e32 Move responsibility for config var macros
The testing-only parts now live in a conftesting.h; the shared parts
of the macros live in confmacros.h
2019-06-25 12:51:25 -04:00
Nick Mathewson
59317c8a23 Use struct_magic_decl to verify magic numbers in config objects 2019-06-25 12:51:25 -04:00
Nick Mathewson
4d101b39d7 Move config_var_t info conftypes.h 2019-06-25 12:51:25 -04:00
Nick Mathewson
3a4d67cf45 Port confparse to use struct_var in place of typed_var.
This requires changes to config_var_t, causing corresponding changes
throughout its users.
2019-06-25 12:51:25 -04:00
Nick Mathewson
2da188667d Add new "struct_var_" functions to manipulate struct fields.
These functions exist one level higher than typed_var_t.  They
describe a type, a name, and an offset within a structure.
2019-06-25 12:51:25 -04:00
Taylor Yu
5faf54970d Fix some onion helpers
Fix add_onion_helper_clientauth() and add_onion_helper_keyarg() to
explicitly call the appropriate control reply abstractions instead of
allocating a string to pass to their callers.

Part of ticket 30889.
2019-06-25 11:42:34 -05:00
Taylor Yu
e5e6953be7 Make control_write_reply() mockable
Part of ticket 30889.
2019-06-25 11:40:44 -05:00
Taylor Yu
0dd59fdb56 Clean up some uses of low-level control replies
Part of ticket 30889.
2019-06-25 11:39:59 -05:00
Nick Mathewson
e4f66bf7ff bump to 0.4.1.3-alpha-dev 2019-06-25 11:55:53 -04:00
teor
c131b0763e
stats: add comments about the required chunk structure in extra info files
These comments should prevent future instances of 30958.

And allow a larger file in practracker.

Follow up after 30958.
2019-06-25 12:30:59 +10:00
teor
2663bca392
Merge branch 'bug30958_041' into bug30958_master 2019-06-25 12:29:28 +10:00
Nick Mathewson
e16b90b88a Partially port routerset to being a full-fledged config type again. 2019-06-24 17:52:00 -04:00
Nick Mathewson
705bda859e Add unit tests for the unitparse.c module. 2019-06-24 17:50:43 -04:00
Nick Mathewson
f007437292 Further clarify our clarification about the type of POSINT 2019-06-24 17:50:43 -04:00
Nick Mathewson
c60a85d22a Add a "typed_var" abstraction to implement lvalue access in C.
Right now, this has been done at a high level by confparse.c, but it
makes more sense to lower it.

This API is radically un-typesafe as it stands; we'll be wrapping it
in a safer API as we do #30914 and lower the struct manipulation
code as well.

Closes ticket 30864.
2019-06-24 17:50:43 -04:00
Nick Mathewson
5a2ab886ba Add a function to append an existing line to a config line list.
We had an existing function to do this, but it took a pair of
strings rather than a line.
2019-06-24 15:11:57 -04:00
Nick Mathewson
458da8a80d Move unit-parsing code to src/lib/confmgt
lib/confmgt is at a higher level than lib/conf, since it needs to
call down to logging and similar modules.
2019-06-24 15:11:57 -04:00
Nick Mathewson
246599abb4 Start moving types that will be used for config vars to lib/conf
This will be a lower-level module than anything that actually
sets or handles configuration variables.

Part of 30864.
2019-06-24 15:11:57 -04:00
Nick Mathewson
8803930de8 Merge remote-tracking branch 'tor-github/pr/1130' into maint-0.4.1 2019-06-24 13:36:10 -04:00
Nick Mathewson
aab5f42ae0 bump to 0.4.1.3-alpha 2019-06-24 09:32:46 -04:00
teor
d9f49e9bc1
Merge branch 'bug30958_040' into bug30958_041 2019-06-24 21:31:27 +10:00
teor
e350dfc085
Merge branch 'bug30958_035' into bug30958_040 2019-06-24 21:31:10 +10:00
teor
b7dda83cfa
Merge branch 'bug30958_029' into bug30958_035 2019-06-24 21:30:47 +10:00
teor
5beb32d3d9
stats: Stop removing the ed25519 signature if the extra info file is too big
If the signature data was removed, but the keyword was kept, this could
result in an unparseable extra info file.

Fixes bug 30958; bugfix on 0.2.7.2-alpha.
2019-06-24 21:30:03 +10:00
teor
45be44ed9c stats: Split extrainfo_dump_to_string() into smaller functions.
Closes ticket 30956.
2019-06-24 20:47:44 +10:00
teor
872b85e689
Merge branch 'bug30956_041' into bug30956_master 2019-06-24 19:47:34 +10:00
teor
8356cc5b51 stats: Always publish pluggable transports in extra info documents
Always publish bridge pluggable transport information in the extra info
descriptor, even if ExtraInfoStatistics is 0. This information is
needed by BridgeDB.

Fixes bug 30956; bugfix on 0.4.1.1-alpha.
2019-06-24 19:44:24 +10:00
rl1987
a52e00b5b3 Fix shellcheck warning SC2034 in test_rebind.sh.
Bugfix on be0a4be276 (not in any Tor release).
2019-06-23 14:00:43 +03:00
David Goulet
f2b1eb1f05 hs: Disallow single hop client circuit when introducing
This will effectively also deny any bridge to be used as a single hop to the
introduction point since bridge do not authenticate like clients.

Fixes #24963

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 11:17:58 -04:00
David Goulet
8751176687 hs-v3: Close intro circuits when cleaning client cache
Fixes #30921

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 09:22:07 -04:00
David Goulet
e6579d801f Merge branch 'tor-github/pr/1113' 2019-06-19 07:47:03 -04:00
David Goulet
16a0b7ed67 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:42:30 -04:00
David Goulet
6a0763cd66 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:41:45 -04:00
David Goulet
e3f3478032 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:40:05 -04:00
Nick Mathewson
52d386c9b0 Merge remote-tracking branch 'tor-github/pr/1100' 2019-06-17 08:54:12 -04:00
Nick Mathewson
7c6cc470f1 Merge branch 'bug30894_035' into ticket30893 2019-06-15 16:50:02 -04:00
Nick Mathewson
26436fb1b6 Add more unit tests for confparse.c, so we can refactor.
This set of tests gets the line coverage to 100%.
2019-06-15 16:49:18 -04:00
Nick Mathewson
4ab1d1c0c4 Fix memleak when failing to parse a CSV_INTERVAL.
Fixes bug 30894; bugfix on 0.3.4.1-alpha
2019-06-15 16:47:16 -04:00
Nick Mathewson
fe9d15cf4b Remove the PORT configuration type: nothing uses it.
All of our port configurations now use an extended format.
2019-06-15 11:30:24 -04:00
Nick Mathewson
ac5e44d9ce Renaming: CONFIG_TYPE_UINT -> CONFIG_TYPE_POSINT
This name has been a historical source of confusion, since "uint"
usually suggests "unsigned int" to people, when the real type is
"nonnegative int".
2019-06-15 11:28:19 -04:00
George Kadianakis
319ce22581 Merge branch 'bug30806' 2019-06-14 13:28:32 +03:00
Nick Mathewson
990b434c4f Make evloop into a subsystem.
Note that the event base object is _not_ created from the initialize
function, since it is configuration-dependent.  This will wait until
configuration is integrated into subsystems.

Closes ticket 30806.
2019-06-14 13:28:10 +03:00
George Kadianakis
96fade0a7d Merge branch 'tor-github/pr/1088' 2019-06-12 13:01:53 +03:00
David Goulet
f7e8b3b68c Merge branch 'tor-github/pr/1040' 2019-06-11 11:59:39 -04:00
Taylor Yu
0bce0c339d Rework origin circuit tracking to use pubsub
Part of ticket 29976.
2019-06-11 11:59:30 -04:00
Taylor Yu
a8c0f4ddfe Rework orconn tracking to use pubsub
Part of ticket 29976.
2019-06-11 11:59:30 -04:00
David Goulet
8e112cecd8 Merge branch 'tor-github/pr/1031' 2019-06-11 11:46:38 -04:00
David Goulet
e9d99d2e15 Merge branch 'tor-github/pr/1083' 2019-06-11 11:43:15 -04:00
David Goulet
35dd2d733b Merge branch 'maint-0.4.1' 2019-06-11 11:30:05 -04:00
David Goulet
ea14fb136c Merge branch 'tor-github/pr/1050' into maint-0.4.1 2019-06-11 11:29:46 -04:00
Nick Mathewson
cad0de35bd Give a compile warning when we don't have any flags for minherit().
Part of ticket 30686.
2019-06-11 11:29:23 -04:00
Nick Mathewson
93ddc51cbd Give a more useful failure messgae when we fail to minherit().
Part of ticket 30686.
2019-06-11 11:29:23 -04:00
Nick Mathewson
afa2c39baa Merge branch 'maint-0.3.5' into maint-0.4.0 2019-06-11 10:17:18 -04:00
Nick Mathewson
3405a311da Merge branch 'maint-0.4.1' 2019-06-11 10:17:18 -04:00
Nick Mathewson
ce89fe36c8 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-06-11 10:17:18 -04:00
Nick Mathewson
b0fa1f4fb0 Merge branch 'maint-0.2.9' into maint-0.3.5 2019-06-11 10:17:17 -04:00
Karsten Loesing
0ec4ebd00d Update geoip and geoip6 to the June 10 2019 database. 2019-06-11 16:12:50 +02:00
Nick Mathewson
eb02c323eb Merge branch 'maint-0.4.1' 2019-06-11 08:41:55 -04:00
Nick Mathewson
29842f68e7 Merge remote-tracking branch 'tor-github/pr/1082' into maint-0.4.1 2019-06-11 08:41:48 -04:00
George Kadianakis
a15ec8bf84 circpad: some more logging changes.
- Add an info log when receiving a STOP command.
- Keep warning if we receive padding from a wrong hop.
2019-06-11 14:28:38 +03:00
George Kadianakis
e5ad6fb092 Merge branch 'ticket30769_041_01' 2019-06-11 14:11:24 +03:00
David Goulet
c1359b32a4 trunnel: Rename sendme.trunnel to sendme_cell.trunnel
This is to avoid having two sendme.{c|h} in the repository since the subsystem
is implemented in src/core/or/sendme.{c|h}.

Fixes #30769

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-11 14:11:10 +03:00
George Kadianakis
646f7a9a94 Merge branch 'ticket30687_042_01' 2019-06-11 14:02:33 +03:00
David Goulet
7cf9d54e6d token-bucket: Implement a single counter object
Closes #30687.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-11 14:02:22 +03:00
George Kadianakis
b83dba7cb0 Merge branch 'maint-0.4.1' 2019-06-11 13:48:16 +03:00
George Kadianakis
eab9dc06af Merge branch 'tor-github/pr/1065' into maint-0.4.1 2019-06-11 13:48:10 +03:00
Xiaoyin Liu
024d65e14e
Free a string buffer in nt_service_install()
The string buffer "command" is not freed if the specified account
name doesn't exist. This patch fixes this bug.
2019-06-11 15:12:20 +10:00
teor
a742a80eea
Merge remote-tracking branch 'tor-github/pr/1091' into maint-0.3.5 2019-06-11 14:51:37 +10:00
teor
cb20054ccd
Merge remote-tracking branch 'tor-github/pr/924' into maint-0.3.5 2019-06-11 14:46:24 +10:00
Nick Mathewson
d6b411a351 Merge branch 'maint-0.4.1' 2019-06-10 18:33:26 -04:00
Nick Mathewson
6a72cc2598 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-06-10 18:33:26 -04:00
Nick Mathewson
c8e09dd0d2 Merge branch 'maint-0.4.1' 2019-06-10 18:31:36 -04:00
Nick Mathewson
adc7b50eae Bump master to 0.4.2.0-alpha-dev 2019-06-10 08:47:33 -04:00
teor
b9041e8a63
test: fix a typo in test_rebind.sh
Closes 30821.
2019-06-10 20:56:40 +10:00
teor
430dd2da6e
Merge branch 'bug30713_035' into bug30713_040 2019-06-10 20:50:53 +10:00
teor
be0a4be276
Travis: Skip test_rebind on macOS builds
Skip test_rebind when the TOR_SKIP_TEST_REBIND environmental variable
is set.

Skip test_rebind on macOS in Travis builds, because it is unreliable
on macOS on Travis.

Fixes bug 30713; bugfix on 0.3.5.1-alpha.
2019-06-10 20:49:59 +10:00
Nick Mathewson
c46e99c43c Tolerate net-unreachable failures in util/socketpair_ersatz
This can happen when we have no network stack configured. Fixes bug
30804; bugfix on 0.2.5.1-alpha.
2019-06-07 13:52:03 -04:00
Nick Mathewson
ecc5feff38 bump to 0.4.1.2-alpha-dev 2019-06-06 08:28:34 -04:00
teor
19bf5806ad dirauth: Return a distinct status when formatting annotations fails
Adds ROUTER_AUTHDIR_BUG_ANNOTATIONS to was_router_added_t.

The out-of-order numbering is deliberate: it will be fixed by later commits
for 16564.

Fixes bug 30780; bugfix on 0.2.0.8-alpha.
2019-06-06 17:26:23 +10:00
teor
a4ea335a69 dirauth: Fix some comments in the router status processing code.
Fixes comments in dirserv_router_get_status() and was_router_added_t.

Preparation for 30780 and 16564.
2019-06-06 17:26:23 +10:00
teor
c7fc53c2e7
Merge branch 'bug30781_040' into bug30781_master 2019-06-06 09:57:31 +10:00
teor
fb3f461406
Merge branch 'bug30781_035' into bug30781_040 2019-06-06 09:56:50 +10:00
teor
c8c2e2b8fc
Merge branch 'bug30781_034' into bug30781_035
Moved fix from src/or/routerparse.c to src/feature/dirparse/routerparse.c.
2019-06-06 09:55:44 +10:00
teor
dc8e3cd5ce
Merge branch 'bug30781_029' into bug30781_034 2019-06-06 09:53:02 +10:00
teor
ba83c1e5cf
dirparse: Stop crashing when parsing unknown descriptor purpose annotations
We think this bug can only be triggered by modifying a local file.

Fixes bug 30781; bugfix on 0.2.0.8-alpha.
2019-06-06 09:51:24 +10:00
Nick Mathewson
6a6f7eb671 Merge remote-tracking branch 'tor-github/pr/988' into maint-0.4.0 2019-06-05 16:22:52 -04:00
Nick Mathewson
e51b57ee04 Merge remote-tracking branch 'tor-github/pr/952' into maint-0.4.0 2019-06-05 16:16:34 -04:00
Nick Mathewson
04cb2d4010 Merge remote-tracking branch 'tor-github/pr/741' into maint-0.4.0 2019-06-05 16:14:51 -04:00
Nick Mathewson
2300a619a5 Merge remote-tracking branch 'tor-github/pr/1039' into maint-0.4.0 2019-06-05 16:13:53 -04:00
Nick Mathewson
a56d7e37aa Merge remote-tracking branch 'tor-github/pr/1020' into maint-0.4.0 2019-06-05 16:10:51 -04:00
Mike Perry
a6399da598 Bug 29034: Cleanup hs circuitmap when purpose changes.
Leave the other rend and hs_ident data around until circuit free, since code
may still try to inspect it after marking the circuit for close. The
circuitmap is the important thing to clean up, since repurposed
intropoints must be removed from this map to ensure validity.
2019-06-05 12:56:49 -07:00
Nick Mathewson
54eb3c043c Merge remote-tracking branch 'tor-github/pr/1076' 2019-06-05 15:35:43 -04:00
Mike Perry
e54ce03b4f More LOG_PROTOCOL_WARN.
Make origin-side messages about padding negotiation failure into
LOG_PROTOCOL_WARN.

I'm not sure I like this either.. But the negotiation refusal case might
happen naturally due to consensus drift, and is functionally no different than
a corrupted cell.
2019-06-05 12:33:39 -07:00
Mike Perry
c525135dac Bug 29034: Cleanup hs circuitmap when purpose changes.
Leave the other rend and hs_ident data around until circuit free, since code
may still try to inspect it after marking the circuit for close. The
circuitmap is the important thing to clean up, since repurposed
intropoints must be removed from this map to ensure validity.
2019-06-05 11:50:44 -07:00
Mike Perry
31c34f6524 Revert "hs: Implement a helper to repurpose a circuit"
This reverts commit 3789f22bcb.
2019-06-05 11:38:01 -07:00
Mike Perry
a42131bf48 Revert "test: Add test_hs_circ.c for HS circuit testing"
This reverts commit 41b94722e5.
2019-06-05 11:37:32 -07:00
Neel Chauhan
27e067df4f Add missing newline after decode_intro_points() closing bracket 2019-06-05 12:50:01 -04:00
George Kadianakis
917e4e9eae Don't access rend data after a circuit has been marked for close.
This can cause issues if the circuit was repurposed into a padding circuit
instead of closing, since in that case we will wipe off the rend_data.
2019-06-05 18:19:44 +03:00
Nick Mathewson
892a313b6a Replace a missing end-of-comment string
This happened when I went to fix long lines after running "make
autostyle".
2019-06-05 09:35:45 -04:00
Nick Mathewson
60213a3621 Run "make autostyle." 2019-06-05 09:33:35 -04:00
Nick Mathewson
d1b02456c1 Bump to 0.4.1.2-alpha 2019-06-05 09:25:21 -04:00
Nick Mathewson
b39a8d315d Merge remote-tracking branch 'tor-github/pr/1053' 2019-06-05 09:04:09 -04:00
George Kadianakis
99bf3d8e14 Merge branch 'tor-github/pr/1072' 2019-06-05 14:40:38 +03:00
David Goulet
a63c5f844b Merge branch 'tor-github/pr/1067' 2019-06-04 09:57:03 -04:00
Nick Mathewson
4022b6d6b7 Merge branch 'bug29670_035' into bug29670_041 2019-06-04 08:29:05 -04:00
David Goulet
33382184b6 sendme: Do not decrement window in a log_debug()
If "Log debug ..." is not set, the decrement never happens. This lead to the
package/deliver window to be out of sync at the stream level and thus breaking
the connection after 50+ cells.

Fixes #30628

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-03 14:31:51 -04:00
Nick Mathewson
fd8beab4dd Merge branch 'bug29875_035' into bug29875_master 2019-05-31 12:40:43 -04:00
Nick Mathewson
8015979eeb num_bridges_usable(): only count configured bridges.
When this function was implemented, it counted all the entry guards
in the bridge set.  But this included previously configured bridges,
as well as currently configured ones!  Instead, only count the
_filtered_ bridges (ones that are configured and possibly reachable)
as maybe usable.

Fixes bug 29875; bugfix on 0.3.0.1-alpha.
2019-05-31 12:28:42 -04:00
Nick Mathewson
5b3c886584 Consider dir info to have changed when the bridges change
Otherwise, we won't realize that we haven't got enough bridge
information to build circuits.  Part of a fix for ticket 29875.
2019-05-31 12:27:42 -04:00
David Goulet
41b94722e5 test: Add test_hs_circ.c for HS circuit testing
For now, only tests HS circuit repurpose function.

Part of #29034

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-31 10:43:01 -04:00
Nick Mathewson
3c3158f182 Fix some tests for CL_PORT_NO_STREAM_OPTIONS
The comment in the tests was correct: this option _was_ inverted wrt
SessionGroup=.
2019-05-31 09:03:20 -04:00
Nick Mathewson
70b85358af Fix a logic error in deciding whether to accept SessionGroup=
Fixes bug 22619; bugfix on 0.2.7.2-alpha
2019-05-31 08:26:10 -04:00
Mike Perry
6263755728 Make some warns into protocol warns
I'm not sure I agree with this option.
2019-05-30 16:25:29 -07:00
Mike Perry
de3eb8c5e4 Bug 30649: Check that machine is absent before warn 2019-05-30 15:28:17 -07:00
George Kadianakis
dd62cb788e Merge branch 'tor-github/pr/1059' 2019-05-30 21:01:59 +03:00
David Goulet
8dfc8d7063 Merge branch 'tor-github/pr/1057' 2019-05-30 12:58:35 -04:00
David Goulet
a462ca7cce Merge branch 'tor-github/pr/1055' 2019-05-30 12:53:52 -04:00
David Goulet
ef9170db4c Merge branch 'tor-github/pr/1054' 2019-05-30 09:59:21 -04:00
David Goulet
61bd8f428b Merge branch 'tor-github/pr/1049' 2019-05-30 09:56:18 -04:00
George Kadianakis
d8bd98b2fd Merge branch 'tor-github/pr/1032' 2019-05-29 21:28:04 +03:00
George Kadianakis
650bdca97f Merge branch 'maint-0.4.0' 2019-05-29 21:20:02 +03:00
George Kadianakis
00108b75d4 Merge branch 'tor-github/pr/924' into maint-0.4.0 2019-05-29 21:19:56 +03:00
Nick Mathewson
ba9b0319b0 Shutdown libevent _after_ the subsystems.
This is necessary since shutting down libevent frees some pointer
that the subsystems want to free themselves. A longer term solution
will be to turn the evloop module into a subsystem itself, but for
now it is best to do the minimal fix.

Fixes bug 30629; bugfix on 0.4.1.1-alpha.
2019-05-29 11:25:47 -04:00
Nick Mathewson
5cbd71b977 Make get_proxy_type() connection-specific
Previously, we were looking at our global settings to see what kind
of proxy we had.  But doing this would sometimes give us the wrong
results when we had ClientTransportPlugin configured but we weren't
using it for a particular connection.  In several places in the
code, we had added checks to see if we were _really_ using a PT or
whether we were using a socks proxy, but we had forgotten to do so
in at least once case.  Instead, since every time we call this
function we are asking about a single connection, it is probably
best just to make this function connection-specific.

Fixes bug 29670; bugfix on 0.2.6.2-alpha.
2019-05-29 11:00:09 -04:00
Nick Mathewson
2d66250d8a Remove want_cmddata from HSFETCH, which does not in fact want data
This looks a copy-and-paste error to me.  Fixes bug 30646; bugfix on
0.4.1.1-alpha.
2019-05-29 10:10:57 -04:00
Nick Mathewson
8f0b29961e Merge branch 'ticket30561_029' into ticket30561_035 2019-05-29 09:43:20 -04:00
David Goulet
3789f22bcb hs: Implement a helper to repurpose a circuit
When we repurpose a hidden service circuit, we need to clean up from the HS
circuit map and any HS related data structured contained in the circuit.

This commit adds an helper function that does it when repurposing a hidden
service circuit.

Fixes #29034

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-29 09:40:13 -04:00
Nick Mathewson
0e0cf4abd8 Tweak comments in tor_vasprintf(), and add a changes file for 30651 2019-05-29 09:38:57 -04:00
Tobias Stoeckmann
0d5a0b4f0c Fixed tor_vasprintf on systems without vasprintf.
If tor is compiled on a system with neither vasprintf nor _vscprintf,
the fallback implementation exposes a logic flaw which prevents
proper usage of strings longer than 127 characters:

* tor_vsnprintf returns -1 if supplied buffer is not large enough,
  but tor_vasprintf uses this function to retrieve required length
* the result of tor_vsnprintf is not properly checked for negative
  return values

Both aspects together could in theory lead to exposure of uninitialized
stack memory in the resulting string. This requires an invalid format
string or data that exceeds integer limitations.

Fortunately tor is not even able to run with this implementation because
it runs into asserts early on during startup. Also the unit tests fail
during a "make check" run.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

  [backported to 0.2.9 by nickm]
2019-05-29 09:33:24 -04:00
Taylor R Campbell
7971b3a5a6 Use MAP_INHERIT_ZERO or MAP_INHERIT_NONE if available.
Fixes assertion failure in tests on NetBSD:

slow/prob_distr/stochastic_log_logistic: [forking] May 25 03:56:58.091 [err] tor_assertion_failed_(): Bug: src/lib/crypt_ops/crypto_rand_fast.c:184: crypto_fast_rng_new_from_seed: Assertion inherit != INHERIT_RES_KEEP failed; aborting. (on Tor 0.4.1.1-alpha-dev 29955f13e5)
May 25 03:56:58.091 [err] Bug: Assertion inherit != INHERIT_RES_KEEP failed in crypto_fast_rng_new_from_seed at src/lib/crypt_ops/crypto_rand_fast.c:184: . (Stack trace not available) (on Tor 0.4.1.1-alpha-dev 29955f13e5)
[Lost connection!]
2019-05-29 08:56:01 -04:00
Nick Mathewson
24a2352d56 Trivial fix for a trivial warning with gcc 9.1.1
Fix on 4e3d144fb0940d8ee5a89427d471ea3656e8e122; bug not in any
released Tor.
2019-05-28 19:45:50 -04:00
David Goulet
ff9aa32143 Merge branch 'tor-github/pr/1047' 2019-05-28 14:59:07 -04:00
George Kadianakis
0a86f14add Merge branch 'tor-github/pr/1042' 2019-05-27 14:22:01 +03:00
George Kadianakis
130eb227ac Merge branch 'tor-github/pr/1043' 2019-05-27 14:20:51 +03:00
Nick Mathewson
fcd51fd49f Tests for deciding how full our relay cells should be 2019-05-27 14:20:36 +03:00
Nick Mathewson
0bc1241494 Make sure that we send at least some random data in RELAY_DATA cells
Proposal 289 prevents SENDME-flooding by requiring the other side to
authenticate the data it has received.  But this data won't actually
be random if they are downloading a known resource.  "No problem",
we said, "let's fell the empty parts of our cells with some
randomness!" and we did that in #26871.

Unfortunately, if the relay data payloads are all completely full,
there won't be any empty parts for us to randomize.

Therefore, we now pick random "randomness windows" between
CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have
sent a cell containing at least 16 bytes of randomness in that window.  If we
haven't, then when the window is exhausted, we send one.  (This window approach
is designed to lower the number of rng checks we have to do.  The number 16 is
pulled out of a hat to change the attacker's guessing difficulty to
"impossible".)

Implements 28646.
2019-05-27 14:20:07 +03:00
Roger Dingledine
94914e2a4d trivial whitespace fixes 2019-05-26 17:32:42 -04:00
Nick Mathewson
07ccffa989 Coverage: do not include test-rebind in coverage builds.
Because it invokes the Tor mainloop, it does unpredictable things to
test coverage of a lot of code that it doesn't actually test at
all.  (It is more an integration test than anything else.)
2019-05-23 12:48:51 -04:00
Nick Mathewson
b882810245 In coverage builds, use branch-free timeradd() and timersub()
The ordinary definitions of timeradd() and timersub() contain a
branch. However, in coverage builds, this means that we get spurious
complaints about partially covered basic blocks, in a way that makes
our coverage determinism harder to check.
2019-05-23 12:48:51 -04:00
Nick Mathewson
2bb5d8148b In coverage builds, avoid basic-block complexity in log_debug
Ordinarily we skip calling log_fn(LOG_DEBUG,...) if debug logging is
completely disabled.  However, in coverage builds, this means that
we get spurious complaints about partially covered basic blocks, in
a way that makes our coverage determinism harder to check.
2019-05-23 12:48:51 -04:00
David Goulet
29955f13e5 Merge branch 'tor-github/pr/1022' 2019-05-23 09:50:28 -04:00
David Goulet
e13e2012b9 Merge branch 'tor-github/pr/1034' 2019-05-23 09:40:07 -04:00
David Goulet
327bb0e2ca Merge branch 'tor-github/pr/988' 2019-05-23 09:30:36 -04:00
Nick Mathewson
530d1179ff Extract length-deciding function from package_raw_inbuf. 2019-05-23 08:28:46 -04:00
Roger Dingledine
e4d1187584 refactor logic to decide how much to package from inbuf
no actual changes in behavior
2019-05-23 08:28:46 -04:00
Nick Mathewson
57ee0e3af9 Only reject POSTDESCRIPTOR purpose= when the purpose is unrecognized
Fixes bug 30580; bugfix on 0.4.1.1-alpha.
2019-05-23 08:24:29 -04:00
Nick Mathewson
ebe39dcb92 Now this repository is full of 0.4.1.1-alpha-dev 2019-05-22 18:07:29 -04:00
Taylor Yu
a8a0144d11 Multiple subscribers or publishers per subsystem
Allow a subsystem to register to publish or subscribe a given message
from multiple places.

Part of ticket 29976.
2019-05-22 16:33:19 -05:00
Nick Mathewson
fa410162a3 circuitpadding tests: Use tt_i64_op() to compare int64_t values
Bug not in any released Tor.
2019-05-22 15:19:24 -04:00
Nick Mathewson
3a7ed8bc5f Bump to 0.4.1.1-alpha 2019-05-22 11:56:02 -04:00
Nick Mathewson
24c2502070 Merge remote-tracking branch 'dgoulet/ticket30454_035_01' 2019-05-22 11:50:46 -04:00
Nick Mathewson
e6b862e6a8 Merge branch 'ticket30428_041_02_squashed' 2019-05-22 11:48:43 -04:00
David Goulet
0cad83bea4 sendme: Add non fatal asserts for extra safety
Two non fatal asserts are added in this commit. First one is to see if the
SENDME digest list kept on the circuit for validation ever grows bigger than
the maximum number of expected SENDME on a circuit (currently 10).

The second one is to know if we ever send more than one SENDME at a time on a
circuit. In theory, we shouldn't but if we ever do, the v1 implementation
wouldn't work because we only keep one single cell digest (the previous cell
to the SENDME) on the circuit/cpath. Thus, sending two SENDME consecutively
will lead to a mismatch on the other side because the same cell digest would
be use and thus the circuit would collapse.

Finally, add an extra debug log in case we emit a v0 which also includes the
consensus emit version in that case.

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
5479ffabf8 sendme: Always pop last SENDME digest from circuit
We must not accumulate digests on the circuit if the other end point is using
another SENDME version that is not using those digests like v0.

This commit makes it that we always pop the digest regardless of the version.

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
482c4972b9 sendme: Clarify how sendme_circuit_cell_is_next() works
Commit 4ef8470fa5480d3b was actually reverted before because in the end we
needed to do this minus 1 check on the window.

This commit clarifies that in the code, takes the useful comment changes from
4ef8470fa5480d3b and makes sendme_circuit_cell_is_next() private since it
behaves in a very specific way that one external caller might expect.

Part of #30428.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
3835a3acf5 sendme: Properly record SENDMEs on both edges
Turns out that we were only recording the "b_digest" but to have
bidirectionnal authenticated SENDMEs, we need to use the "f_digest" in the
forward cell situation.

Because of the cpath refactoring, this commit plays with the crypt_path_ and
relay_crypto_t API a little bit in order to respect the abstractions.

Previously, we would record the cell digest as the SENDME digest in the
decrypt cell function but to avoid code duplication (both directions needs to
record), we now do that right after iff the cell is recognized (at the edge).
It is now done in circuit_receive_relay_cell() instead.

We now also record the cell digest as the SENDME digest in both relay cell
encryption functions since they are split depending on the direction.
relay_encrypt_cell_outbound() and relay_encrypt_cell_inbound() need to
consider recording the cell digest depending on their direction (f vs b
digest).

Fixes #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
44265dd671 sendme: Never fallback to v0 if unknown version
There was a missing cell version check against our max supported version. In
other words, we do not fallback to v0 anymore in case we do know the SENDME
version.

We can either handle it or not, never fallback to the unauthenticated version
in order to avoid gaming the authenticated logic.

Add a unit tests making sure we properly test that and also test that we can
always handle the default emit and accepted versions.

Fixes #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
69e0d5bfc7 sendme: Validate v1 SENDMEs on both client and exit side
The validation of the SENDME cell is now done as the very first thing when
receiving it for both client and exit. On failure to validate, the circuit is
closed as detailed in the specification.

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
59b9eecc19 sendme: Record cell digest on both client and exit
It turns out that only the exit side is validating the authenticated SENDME v1
logic and never the client side. Which means that if a client ever uploaded
data towards an exit, the authenticated SENDME logic wouldn't apply.

For this to work, we have to record the cell digest client side as well which
introduced a new function that supports both type of edges.

This also removes a test that is not valid anymore which was that we didn't
allow cell recording on an origin circuit (client).

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
245dccb77d Merge remote-tracking branch 'nickm/ticket30454_034_01_squashed' into ticket30454_035_01 2019-05-22 11:43:55 -04:00
rl1987
2845607f97 In microdesc_cache_reload(), set journal length to length of string we read
Hopefully this will fix CID 1444769.
2019-05-20 09:08:10 -04:00
David Goulet
56908c6f1c hs: Remove hs_cell_onion_key_type_t enum
Unify this with the trunnel ABI so we don't duplicate.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
7d3e904a27 trunnel: Remove INTRODUCE1 status code IN statement
We want to support parsing a cell with unknown status code so we are forward
compatible.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
79cfe2ddd7 hs: Remove hs_intro_auth_key_type_t enum
Like the previous commit about the INTRODUCE_ACK status code, change all auth
key type to use the one defined in the trunnel file.

Standardize the use of these auth type to a common ABI.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
dcc1d8d15b hs: Get rid of duplicate hs_cell_introd_ack_status_t
This enum was the exact same as hs_intro_ack_status_t that was removed at the
previous commit. It was used client side when parsing the INTRODUCE_ACK cell.

Now, the entire code dealing with the INTRODUCE_ACK cell (both sending and
receiving) have been modified to all use the same ABI defined in the trunnel
introduce1 file.

Finally, the client will default to the normal behavior when receiving an
unknown NACK status code which is to note down that we've failed and re-extend
to the next intro point. This way, unknown status code won't trigger a
different behavior client side.

Part of #30454.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
590d97bc10 hs: Define INTRODUCE_ACK status code in trunnel
Remove the hs_intro_ack_status_t enum and move the value into trunnel. Only
use these values from now on in the intro point code.

Interestingly enough, the client side also re-define these values in hs_cell.h
with the hs_cell_introd_ack_status_t enum. Next commit will fix that and force
to use the trunnel ABI.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
rl1987
49acbfad23 Don't forget to use the mutex in testing_enable_prefilled_rng() 2019-05-17 19:30:09 +03:00
Nick Mathewson
37aae23945 OOM-purge the DNS cache one part at a time
Previously we purged it in 1-hour increments -- but one-hour is the
maximum TTL for the cache!  Now we do it in 25%-TTL increments.

Fixes bug 29617; bugfix on 0.3.5.1-alpha.
2019-05-17 10:03:41 -04:00
Nick Mathewson
b2b779228d Merge remote-tracking branch 'tor-github/pr/1033' 2019-05-17 08:18:20 -04:00
Nick Mathewson
9cec7a7b5c Merge branch 'maint-0.4.0' 2019-05-17 08:10:17 -04:00
Nick Mathewson
e5deb2bbc7 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-05-17 08:10:16 -04:00
Nick Mathewson
c7f9f7e542 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-05-17 08:10:16 -04:00
Nick Mathewson
a521c42788 Merge branch 'maint-0.2.9' into maint-0.3.4 2019-05-17 08:10:15 -04:00
Karsten Loesing
4e262196a8 Update geoip and geoip6 to the May 13 2019 database. 2019-05-17 08:52:13 +02:00
Mike Perry
857c54ca03 Refactor rend machines, stage 2/2: Move histogram code.
Comment clarifications now that the code is seperated. It's the same code, but
its doing this for different reasons on each side.
2019-05-16 20:17:14 +00:00
Mike Perry
0cba53c6ed Refactor rend machines, stage 1/2: Move state transition code. 2019-05-16 20:17:11 +00:00
Nick Mathewson
d5db40a014 test_channel_listener: free 'chan' explicitly
This should fix CID 1437442, where coverity can't tell that
channel_free_all() frees the fake channel we allocated.
2019-05-16 15:35:21 -04:00
Mike Perry
bbb974234c Refactor intro machines, stage 2/2: Move histogram code.
The client side had garbage histograms and deadcode here, too. That code has
been removed.

The tests have also been updated to properly test the intro circ by sending
padding from the relay side to the client, and verifying that both shut down
when padding was up. (The tests previously erroneously tested only the client
side of intro circs, which actually were supposed to be doing nothing).
2019-05-16 19:21:19 +00:00
Nick Mathewson
0a9685b3a7 hs tests: explicitly free 'service' variable.
This should fix about 15 CID issues, where coverity can't tell that
hs_free_all() frees the service we allocated.
2019-05-16 15:21:18 -04:00
Mike Perry
f237fed746 Refactor intro machines, stage 1/2: Move state transition code.
This just moves the state transition directives into the proper client/relay
side functions. It also allows us to remove some dead-code from the client
side (since the client doesn't send padding).
2019-05-16 19:21:14 +00:00
Nick Mathewson
1bf451cffb rng_test_helpers: add a needless lock/unlock pair to please coverity
Fix for CID 1444908
2019-05-16 15:04:40 -04:00
Iain R. Learmonth
58cb98af32 Prop 301: No longer vote on RecommendedPackages
This is the first half of implementing proposal 301. The
RecommendedPackages torrc option is marked as obsolete and
the test cases for the option removed. Additionally, the code relating
to generating and formatting package lines in votes is removed.

These lines may still appear in votes from other directory authorities
running earlier versions of the code and so consensuses may still
contain package lines. A new consensus method will be needed to stop
including package lines in consensuses.

Fixes: #28465
2019-05-16 13:31:54 +01:00
George Kadianakis
42ea3a416e Improve logging around the circpad module..
- Add some more useful logs for future debugging.

- Stop usage of circpad_state_to_string(). It's innacurate.

- Reduce severity and fix up log domain of some logging messages.
2019-05-16 14:23:32 +03:00
George Kadianakis
953dc601d9 Add unittests for the new machines. 2019-05-16 14:23:22 +03:00
George Kadianakis
ac895fa405 Add client-side onion service circuit hiding machines. 2019-05-16 14:23:17 +03:00
George Kadianakis
9b582edddb Correctly handle machines out of tokens that have not closed yet.
Perhaps the machine on the other side is still not done.
2019-05-16 14:07:32 +03:00
George Kadianakis
69a277f635 Introduce circpad free_all() function. 2019-05-16 14:07:25 +03:00
George Kadianakis
5791bc9d76 Generate non-padding circpad events for PADDING_NEGOTIATE(D).
As part of our machines, we need to know when a PADDING_NEGOATIATE(D) cell gets
sent out, so we add an event for this.
2019-05-16 14:06:27 +03:00
George Kadianakis
39c52d14a6 Make register_padding_machine part of the public API.
We are gonna use this function to register our new machine.
2019-05-16 14:05:58 +03:00