Nick Mathewson
d3f0f10efd
Fix memleak in test_getinfo_helper_onion.
...
Fix on fc58c37e33
. Not in any released tor
2017-02-17 10:08:31 -05:00
Nick Mathewson
31be66ea5a
Merge remote-tracking branch 'meejah/ticket-21329-onions-current'
2017-02-16 09:40:56 -05:00
David Goulet
3336f26e60
hs: Avoid a strlen(NULL) if descriptor is not found in cache
...
Instead of returning 404 error code, this led to a NULL pointer being used and
thus a crash of tor.
Fixes #21471
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-15 10:27:41 -05:00
Nick Mathewson
39af9fc2b7
Merge branch 'bug21447'
2017-02-15 08:08:25 -05:00
Nick Mathewson
76d79d597a
Merge branch 'maint-0.2.9'
2017-02-15 07:48:42 -05:00
Nick Mathewson
7e469c1002
Merge branch 'bug20894_029_v3'
2017-02-14 19:10:20 -05:00
Nick Mathewson
491348cb8c
Rename make fuzz to make test-fuzz-corpora
2017-02-14 18:04:10 -05:00
Nick Mathewson
c4f2faf301
Don't atoi off the end of a buffer chunk.
...
Fixes bug 20894; bugfix on 0.2.0.16-alpha.
We already applied a workaround for this as 20834, so no need to
freak out (unless you didn't apply 20384 yet).
2017-02-14 16:38:47 -05:00
Nick Mathewson
1afc2ed956
Fix policies.c instance of the "if (r=(a-b)) return r" pattern
...
I think this one probably can't underflow, since the input ranges
are small. But let's not tempt fate.
This patch also replaces the "cmp" functions here with just "eq"
functions, since nothing actually checked for anything besides 0 and
nonzero.
Related to 21278.
2017-02-14 16:31:11 -05:00
David Goulet
e129393e40
test: Add missing socket errno in test_util.c
...
According to 21116, it seems to be needed for Wheezy Raspbian build. Also,
manpage of socket(2) does confirm that this errno value should be catched as
well in case of no support from the OS of IPv4 or/and IPv6.
Fixes #21116
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-08 09:00:48 -05:00
Nick Mathewson
9379984128
Merge branch 'teor_bug21357-v2_029' into maint-0.2.9
2017-02-07 09:24:08 -05:00
Nick Mathewson
39606aece5
Fix "make distcheck".
...
I had forgotten to include the fuzz_static_testcases.sh script in
EXTRA_DIST.
2017-02-03 12:04:08 -05:00
cypherpunks
27df23abb6
Use the standard OpenBSD preprocessor definition
2017-02-03 09:37:39 -05:00
David Goulet
5f6d53cefa
test: Fix test after log message changed in #21294
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 09:03:14 -05:00
Nick Mathewson
fc3e742b5b
Merge remote-tracking branch 'ahf/ahf/bugs/21266'
2017-02-02 08:40:05 -05:00
Alexander Færøy
7eb7af08d9
Add checks for expected log messages in test_hs_intropoint.
...
This patch adds checks for expected log messages for failure cases of
different ill-formed ESTABLISH_INTRO cell's.
See: https://bugs.torproject.org/21266
2017-02-01 19:01:07 +00:00
Nick Mathewson
77788fa537
Fix a memory-leak in fuzz_vrs.c
2017-02-01 10:57:01 -05:00
Nick Mathewson
24551d64ad
Merge branch 'maint-0.2.9'
2017-02-01 10:39:59 -05:00
rubiate
e9ec818c28
Support LibreSSL with opaque structures
...
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
2017-02-01 10:30:49 -05:00
Nick Mathewson
f1530d0e5a
Merge branch 'teor_bug21357-v2_029'
2017-02-01 09:39:25 -05:00
teor
408c53b7a7
Scale IPv6 address counts in policy_summary_reject to avoid overflow
...
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.
Adjust existing unit tests, and add more to cover exceptional cases.
No IPv4 behaviour changes.
Fixes bug 21357
2017-02-01 09:39:06 -05:00
teor
7e7b3d3df3
Add unit tests for IPv6 address summaries and IPv4 netblock rejection
...
These tests currently fail due to bug 21357
2017-02-01 09:39:06 -05:00
Nick Mathewson
ed4a3dfef2
Remove XXXXprop271 comments from test_entrynodes.c
...
These commments were complaints about how I didn't like some aspects
of prop271. They have been superseded by ticket 20832.
2017-01-30 10:43:53 -05:00
Nick Mathewson
088cc3604b
Don't use %zu in fuzz-http: windows doesn't like it.
2017-01-30 09:09:42 -05:00
Nick Mathewson
558c04f5b1
Merge branch 'combined-fuzzing-v4'
2017-01-30 08:40:46 -05:00
Nick Mathewson
d71fc47438
Update documentation and testing integration for fuzzing
2017-01-30 08:37:27 -05:00
Nick Mathewson
2202ad7ab0
Fix a pair of compilation errors.
2017-01-30 08:37:27 -05:00
Nick Mathewson
1d8e9e8c69
Fix memory leak on zero-length input on fuzz_http.c
2017-01-30 08:37:27 -05:00
Nick Mathewson
34fd636870
memory leak in fuzz_vrs
2017-01-30 08:37:26 -05:00
Nick Mathewson
09d01466b2
actually build .as for fuzzing
2017-01-30 08:37:26 -05:00
Nick Mathewson
1c7862bfb4
missing backslash
2017-01-30 08:37:26 -05:00
Nick Mathewson
f547352637
differently build oss fuzzers
2017-01-30 08:37:26 -05:00
Nick Mathewson
cf71f8ad32
More oss-fuzz fixes
2017-01-30 08:37:25 -05:00
Nick Mathewson
92679d90d5
Try to refactor OSS fuzzers into static libraries.
2017-01-30 08:37:25 -05:00
Nick Mathewson
1b244a64e4
libfuzzer tweaks per recommendations
2017-01-30 08:37:25 -05:00
Nick Mathewson
024fa9d4d7
routerstatus fuzzing
2017-01-30 08:37:25 -05:00
Nick Mathewson
eb414a08a9
Add libfuzzer support.
2017-01-30 08:37:25 -05:00
Nick Mathewson
b1567cf500
Three more fuzzers: consensus, hsdesc, intro points
2017-01-30 08:37:24 -05:00
Nick Mathewson
83e9918107
Tools for working with directories of fuzzed stuff.
2017-01-30 08:37:24 -05:00
Nick Mathewson
301eff0e90
fuzzing: Add copyright notices and whitespace fixes
2017-01-30 08:37:24 -05:00
Nick Mathewson
4afb155db2
Add microdesc format fuzzer.
2017-01-30 08:37:24 -05:00
Nick Mathewson
3c74855934
Addition to test cases: make sure fuzzer binaries allow known cases
...
This isn't fuzzing per se, so much as replaying the highlights of
past fuzzer runs.
2017-01-30 08:37:24 -05:00
Nick Mathewson
81e44c2257
Add extrainfo fuzzer
2017-01-30 08:37:24 -05:00
Nick Mathewson
44fa14c0e2
Try to tweak fuzzing.md to correspond to my changes
2017-01-30 08:37:24 -05:00
teor
0fb1156e9f
Add a script for running multiple fuzzing sessions on multiple cores
2017-01-30 08:37:23 -05:00
teor
416e2f6b28
Guide fuzzing by adding standard tor GET and POST testcases
2017-01-30 08:37:23 -05:00
Nick Mathewson
56b61d1831
Add more tweaks from teor's http fuzzing code.
...
Move option-manipulation code to fuzzing_common.
2017-01-30 08:37:23 -05:00
Nick Mathewson
949e9827d6
Add a descriptor fuzzing dictionary.
2017-01-30 08:37:23 -05:00
Nick Mathewson
ca657074b9
Fuzzing: initialize siphash key, don't init_logging twice.
2017-01-30 08:37:23 -05:00
Nick Mathewson
0666928c5c
Replace signature-checking and digest-checking while fuzzing
2017-01-30 08:37:22 -05:00
meejah
fc58c37e33
Ticket #21329 : GETINFO onions/current returns empty list
...
If there are no ephemeral or detached onion services, then
"GETINFO onions/current" or "GETINFO onions/detached" should
return an empty list instead of an error
2017-01-28 13:59:29 -07:00
Daniel Kahn Gillmor
e1337b4252
client: set IPv6Traffic to on by default
...
See:
https://trac.torproject.org/projects/tor/ticket/21269
https://bugs.debian.org/851798
Closes #21269
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-27 09:12:32 -05:00
Nick Mathewson
81c78ec755
Outbindbindaddress variants for Exit and OR.
...
Allow separation of exit and relay traffic to different source IP
addresses (Ticket #17975 ). Written by Michael Sonntag.
2017-01-27 08:05:29 -05:00
Nick Mathewson
12efa1f1cc
Add a unit test for dropguards
2017-01-24 09:18:56 -05:00
Nick Mathewson
fae4d3d925
Merge remote-tracking branch 'asn/remove_legacy_guards'
2017-01-24 09:01:25 -05:00
Nick Mathewson
9023d7361d
Fix return type in test_hs_intropoint.c
...
In trunnel, {struct}_encoded_len() can return negative values.
Coverity caught this as 1398957.
2017-01-19 08:26:55 -05:00
Nick Mathewson
85a17ee2e7
whitespace fixes
2017-01-18 17:14:42 -05:00
Nick Mathewson
88e4ffab9e
Merge remote-tracking branch 'dgoulet/ticket20029_030_06-resquash'
2017-01-18 17:13:36 -05:00
David Goulet
50cfc98340
prop224: Add unit tests for INTRODUCE1 support
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:54 -05:00
David Goulet
e1497744c8
prop224: Add INTRODUCE1 cell relay support
...
Closes #20029
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:33 -05:00
Nick Mathewson
6d03e36fd0
Remove GS_TYPE_LEGACY
2017-01-18 15:37:01 -05:00
Nick Mathewson
a31a5581ee
Remove UseDeprecatedGuardAlgorithm.
2017-01-18 15:33:26 -05:00
Nick Mathewson
472b277207
Remove the (no longer compiled) code for legacy guard selection.
...
Part of 20830.
2017-01-18 15:27:10 -05:00
Nick Mathewson
9d47f4d298
Fix a memory leak in bench.c
2017-01-18 14:29:52 -05:00
Nick Mathewson
e69afb853d
Merge branch 'bug19769_19025_029'
2017-01-18 09:02:48 -05:00
Nick Mathewson
a969ae8e21
test_cfmt_connected_cells: use TTL value that's above the new min.
...
Related to 19769.
2017-01-18 08:56:34 -05:00
Nick Mathewson
609065f165
DefecTor countermeasure: change server- and client-side DNS TTL clipping
...
The server-side clipping now clamps to one of two values, both
for what to report, and how long to cache.
Additionally, we move some defines to dns.h, and give them better
names.
2017-01-18 08:55:57 -05:00
Neel Chauhan
9e5512b48d
Disallow setting UseBridges to 1 and UseEntryGuards to 0
2017-01-14 14:55:23 -05:00
Nick Mathewson
94e8f60901
Merge branch 'ipv6-only-client_squashed'
2017-01-13 16:49:48 -05:00
teor
5227ff4aad
Remove redundant options checks for IPv6 preference conflicts
...
It is no longer possible for the IPv6 preference options to differ from the
IPv6 usage: preferring IPv6 implies possibly using IPv6.
Also remove the corresponding unit test warning message checks.
(But keep the unit tests themselves - they now run without warnings.)
2017-01-13 16:49:27 -05:00
Nick Mathewson
3e45b12f38
Merge remote-tracking branch 'dgoulet/bug21054_030_01'
2017-01-13 16:45:55 -05:00
Nick Mathewson
ac75c33991
fix wide lines
2017-01-13 16:35:35 -05:00
David Goulet
c0a0c19725
test: Add ESTABLISH_INTRO unit tests
...
This commit adds 3 unit tests which validates a wrong signature length, a
wrong authentication key length and a wrong MAC in the cell.
Closes #20992
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-10 09:24:21 -05:00
Nick Mathewson
f4ebbf7567
fixup! Fix unit test failures in response to DNS hijacking.
2017-01-04 09:03:41 -05:00
Nick Mathewson
c4a6b56cc1
Fix unit test failures in response to DNS hijacking.
...
Some DNS NXDOMAIN hijackers hijack truly ridiculous domains, like
"invalid-stuff!!" or "1.2.3.4.5". This would provoke unit test
failures where we used addresses like that to force
tor_addr_lookup() to fail. The fix, for testing, is to mock
tor_addr_lookup() with a variant that always fails when it gets
a name with a !.
Fixes bugs 20862 and 20863.
2017-01-03 10:17:00 -05:00
Nick Mathewson
1a45398ffa
Fix double-free on test failure
...
Found by coverity scan; CID 1398167.
2016-12-27 10:20:13 -05:00
cypherpunks
04f21f0322
Remove abort handler from the backtrace generator
...
The abort handler masks the exit status of the backtrace generator by
capturing the abort signal from the backtrace handler and exiting with
zero. Because the output of the backtrace generator is meant to be piped
to `bt_test.py`, its exit status is unimportant and is currently
ignored.
The abort handler calls `exit(3)` which is not asynchronous-signal-safe
and calling it in this context is undefined behavior [0].
Closes ticket 21026.
[0] https://www.securecoding.cert.org/confluence/x/34At
2016-12-23 10:54:17 -05:00
Nick Mathewson
0087fe36c1
Merge remote-tracking branch 'dgoulet/bug20572_030_01'
2016-12-23 10:03:35 -05:00
Hans Jerry Illikainen
a23fd15786
Fix unreachable heap corruption in base64_decode()
...
Give size_mul_check() external linkage and use it in base64_decode() to
avoid a potential integer wrap.
Closes #19222
2016-12-23 09:47:09 -05:00
David Goulet
2d1fa58fb4
test: Add unit test for prune_services_on_reload()
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21 15:00:19 -05:00
Nick Mathewson
60769e710f
Port fuzz_http to use fuzzing_common.
...
Move common logic from fuzz_http to fuzzing_common.
2016-12-19 15:34:56 -05:00
teor
a967d568dc
Add a fuzzer for the http used in our directory protocol
...
(Teor wrote the code, nick extracted it. It won't compile yet.)
2016-12-19 15:34:56 -05:00
Nick Mathewson
b96c70d668
Fuzzing: Add an initial fuzzing tool, for descriptors.
...
This will need some refactoring and mocking.
2016-12-19 15:34:55 -05:00
Nick Mathewson
ff08be56ac
Fix another pointless stack-protector warning.
...
This is the same as we fixed in 39f4554687
.
2016-12-16 14:06:25 -05:00
J. Ryan Stinnett
19cf074f4d
hs: Remove private keys from hs_desc_plaintext_data_t.
...
Since both the client and service will use that data structure to store the
descriptor decoded data, only the public keys are common to both.
Fixes #20572 .
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:48:33 -05:00
Nick Mathewson
698ed75e1a
Resolve some coverity complaints in test_entrynodes.c
2016-12-16 12:23:46 -05:00
Nick Mathewson
79a24750ba
Fix broken entrynodes/retry_unreachable test
...
I broke this with 20292ec497
when I
changed the primary guard retry schedule.
2016-12-16 11:49:07 -05:00
Nick Mathewson
990a863d7c
Merge branch 'ticket20831_v2'
2016-12-16 11:40:19 -05:00
Nick Mathewson
506bd6d47c
Make NumDirectoryGuards work with the new guard algorithm.
...
Now that we support NumEntryGuards, NumDirectoryGuards is pretty
easy to put back in.
2016-12-16 11:34:31 -05:00
Nick Mathewson
3902a18a69
Remove UseDirectoryGuards
...
It is obsoleted in an always-on direction by prop271.
2016-12-16 11:32:51 -05:00
Nick Mathewson
2cee38f76a
Merge branch 'prop271_030_v1_squashed'
2016-12-16 11:20:59 -05:00
Nick Mathewson
6867950432
Wrap all of the legacy guard code, and its users, in #ifdefs
...
This will make it easier to see what we remove down the line.
2016-12-16 11:06:22 -05:00
Nick Mathewson
72dc2ae319
Tests for choosing which guard_selection to use
2016-12-16 11:06:21 -05:00
Nick Mathewson
d9f010db84
Update node-selection tests to consider restrictions
2016-12-16 11:06:21 -05:00
Nick Mathewson
7361e1b499
Tests for restricted-circuit cases of upgrade_waiting_circuits()
2016-12-16 11:06:21 -05:00
Nick Mathewson
79d3e94f8b
prop271: Tests for the highlevel or_state_t encode/decode functions
2016-12-16 11:06:20 -05:00
Nick Mathewson
171981f8a0
Add a test for entry_guard_state_should_expire()
2016-12-16 11:06:20 -05:00
Nick Mathewson
13315812e8
Repair unit test for tiny-network case.
...
The test assumed that the old rules about handling small max_sample
were in effect, and didn't actually handle that case very well
anyway.
2016-12-16 11:06:20 -05:00
Nick Mathewson
87f9b42179
Implement support for per-circuit guard restrictions.
...
This is an important thing I hadn't considered when writing prop271:
sometimes you have to restrict what guard you use for a particular
circuit. Most frequently, that would be because you plan to use a
certain node as your exit, and so you can't choose that for your
guard.
This change means that the upgrade-waiting-circuits algorithm needs
a slight tweak too: circuit A cannot block circuit B from upgrading
if circuit B needs to follow a restriction that circuit A does not
follow.
2016-12-16 11:06:20 -05:00
Nick Mathewson
6c3f555a8c
Re-enable some disabled tests about switching guard_selections
2016-12-16 11:06:19 -05:00