Commit Graph

4959 Commits

Author SHA1 Message Date
Nick Mathewson
d978216dea Fix parsing bug with unecognized token at EOS
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.

This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.

Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Nick Mathewson
ae89d9745d Revert ticket 20982 changes.
They broke stem, and breaking application compatibility is usually a
bad idea.

This reverts commit 6e10130e18,
commit 78a13df158, and
commit 62f52a888a.

We might re-apply this later, if all the downstream tools can handle
it, and it turns out to be useful for some reason.
2016-12-18 10:04:36 -05:00
Nick Mathewson
2a00110e5b Revert "Stop checking whether environ is declared."
This reverts commit 954eeda619.

Apparently, OpenBSD is what expects you to declare environ
yourself.  So 19142 is a wontfix.
2016-12-16 12:16:52 -05:00
Nick Mathewson
990a863d7c Merge branch 'ticket20831_v2' 2016-12-16 11:40:19 -05:00
Nick Mathewson
a752ccd24f fixup! Remove UseDirectoryGuards 2016-12-16 11:34:30 -05:00
Nick Mathewson
3902a18a69 Remove UseDirectoryGuards
It is obsoleted in an always-on direction by prop271.
2016-12-16 11:32:51 -05:00
cypherpunks
812a6581af Add a changes file for ticket 5500 2016-12-16 10:52:15 -05:00
cypherpunks
6e10130e18 Add a changes file for ticket 20982 2016-12-16 10:41:36 -05:00
Nick Mathewson
df6c475e59 Merge remote-tracking branch 'public/ticket19142' 2016-12-16 10:27:27 -05:00
Nick Mathewson
c838d34921 Merge branch 'dgoulet_ticket19043_030_03_squashed' 2016-12-14 15:28:28 -05:00
George Kadianakis
7a204ae8f9 prop224: Add a changes file for v3 ESTABLISH_INTRO. 2016-12-14 15:18:40 -05:00
Nick Mathewson
55d02c004c Remove AuthDirMaxServersPerAuthAddr
Back when Roger had do do most of our testing on the moria host, we
needed a higher limit for the number of relays running on a single
IP address when that limit was shared with an authority. Nowadays,
the idea is pretty obsolete.

Also remove the router_addr_is_trusted_dir() function, which served
no other purpose.

Closes ticket 20960.
2016-12-13 13:09:27 -05:00
Nick Mathewson
0dd48bfe5a Change the default of AuthDirPinKeys to 1.
Closes ticket 18319.
2016-12-13 08:54:38 -05:00
Nick Mathewson
954eeda619 Stop checking whether environ is declared.
There seems to be pretty good evidence that it's always declared,
and that checking for it is pointless.

Closes ticket 19142.
2016-12-12 10:55:10 -05:00
Nick Mathewson
b659ffe9ac Merge remote-tracking branch 'jryans/log-severity' 2016-12-12 09:46:07 -05:00
Nick Mathewson
1ad96ed9cd Merge remote-tracking branch 'rubiate/ticket20511' 2016-12-12 09:20:56 -05:00
Nick Mathewson
9025991a8d Fix a few warnings from lintChanges 2016-12-12 08:31:05 -05:00
Nick Mathewson
936ce997bb Remove changes files from master that are already in 0297-rc 2016-12-11 22:24:37 -05:00
Nick Mathewson
cbdb3c92f5 Merge branch 'maint-0.2.9' 2016-12-11 22:23:31 -05:00
Nick Mathewson
ef53526b10 Spell MAC_OS_X_VERSION_10_12 correctly.
Fixes 20935.
2016-12-11 22:17:14 -05:00
Nick Mathewson
a40d212383 Downgrade a harmless bug warning to info.
Makes 19926 less annoying in 0.2.9.  In 0.3.0, we should actually
fix this.
2016-12-09 08:43:09 -05:00
Nick Mathewson
f2445fc608 Merge branch 'maint-0.2.9' 2016-12-09 08:34:30 -05:00
Nick Mathewson
adaf6a422a Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-09 08:34:24 -05:00
Nick Mathewson
56a2b8dc6e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-12-09 08:34:18 -05:00
Nick Mathewson
b49369badd Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-09 08:34:12 -05:00
Nick Mathewson
3d9f8ff6a5 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-12-09 08:34:06 -05:00
Nick Mathewson
3d2d3f2b62 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-12-09 08:33:57 -05:00
Nick Mathewson
a3b8286b0e Merge branch 'maint-0.2.9' 2016-12-09 08:30:55 -05:00
David Goulet
9bb3bcbc41 router: Fix memory leak in signed_descriptor_move()
The signed_descriptor_move() was not releasing memory inside the destination
object before overwriting it with the source object. This commit adds a reset
function that free that memory inside a signed descriptor object and zero it.

Closes #20715.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-09 08:30:46 -05:00
Karsten Loesing
9db47e7921 Update geoip and geoip6 to the December 7 2016 database. 2016-12-09 10:23:36 +01:00
Nick Mathewson
e93234af70 Merge branch 'feature15056_v1_squashed' 2016-12-08 16:49:24 -05:00
Nick Mathewson
a7cae7f8f7 Changes file for feature 15056 (prop220, extend cell side) 2016-12-08 16:48:00 -05:00
Nick Mathewson
b658893590 Merge branch 'bug19960_2' 2016-12-07 15:23:14 -05:00
Nick Mathewson
53d4e89626 Netbsd doesn't have ipfw, only the regular pf transport stuff.
Attempted fix for 19960.

Also, fixes a typo.
2016-12-07 15:22:44 -05:00
Nick Mathewson
2499ea359a Merge branch 'maint-0.2.9' 2016-12-07 11:14:56 -05:00
Nick Mathewson
0815f96416 Fix a BUG() warning from next_random_exponential_delay().
Fixes 20875; this code is as suggested by teor on the ticket.  Thanks!
2016-12-07 11:13:11 -05:00
Nick Mathewson
b0a842913a Merge branch 'maint-0.2.9' 2016-12-07 11:09:27 -05:00
Nick Mathewson
fce425e3ff Increase tolerances in util/monotonic_time tests
This is an attempt to fix #19974.
2016-12-07 11:08:54 -05:00
Nick Mathewson
129cee1c75 Merge branch 'maint-0.2.9' 2016-12-07 10:52:28 -05:00
Nick Mathewson
d6ca36defa Merge branch 'bug20710_025' into maint-0.2.9 2016-12-07 10:52:12 -05:00
Nick Mathewson
045a50e45a Forgot to add changes file for 20710. 2016-12-07 10:51:39 -05:00
J. Ryan Stinnett
9b2b799d82 Accept non-space whitespace characters in log severity syntax.
Adds a test_config_parse_log_severity unit test to verify behavior.

Fixes #19965.
2016-12-06 11:11:43 -10:00
Nick Mathewson
f92630941a Merge remote-tracking branch 'chelseakomlo/20717_hashing_api_bug' 2016-12-05 10:27:16 -05:00
Nick Mathewson
cc34ba1cec Merge branch 'getentropy_028' into maint-0.2.8 2016-12-05 10:06:16 -05:00
Nick Mathewson
714aeedc52 20865: Don't use getentropy() on OSX Sierra.
Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054 and
16fcbd21c9 , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
2016-12-05 10:02:33 -05:00
Nick Mathewson
5923418eff Merge remote-tracking branch 'jryans/service_is_ephemeral' 2016-12-05 08:57:00 -05:00
Nick Mathewson
f96f4c0e42 Merge remote-tracking branch 'chelseakomlo/circuituse' 2016-12-05 08:25:22 -05:00
Nick Mathewson
0ded72322c Merge branch 'maint-0.2.9' 2016-12-05 08:21:46 -05:00
J. Ryan Stinnett
cf2f36b8b4 Test for .git as readable instead of a dir to support worktrees
Fixes #20492.
2016-12-05 08:21:17 -05:00
Nick Mathewson
8230cf7ea6 Merge remote-tracking branch 'jryans/local-hostname' 2016-12-05 08:17:01 -05:00
Nick Mathewson
f7e8bd640a Merge branch 'maint-0.2.9' 2016-12-05 08:13:14 -05:00
Nick Mathewson
42ec60ecfb Fix changes file for 20864: 20638 _did_ get into 0.2.9 2016-12-05 08:12:10 -05:00
Nick Mathewson
2a365413eb Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-12-05 07:54:22 -05:00
J. Ryan Stinnett
63d3ba96f9 Use rend_service_is_ephemeral for all service checks in rendservice.c
Fixes #20853.
2016-12-04 14:35:09 -06:00
J. Ryan Stinnett
810f7c545b Clean up formatting of tor.1 man page and HTML doc
Fixes #20885.
2016-12-04 10:00:07 -06:00
J. Ryan Stinnett
7ffa95abd9 Clarify that ClientRejectInternalAddresses also rejects mDNS *.local hosts
Fixes #17070.
2016-12-03 21:10:40 -06:00
teor
8a0ea3ee43
Use a temporary service list when validating and adding hidden services
This resolves two issues:
* the checks in rend_add_services were only being performed when adding
  the service, and not when the service was validated,
  (this meant that duplicate checks were not being performed, and some SETCONF
  commands appeared to succeed when they actually failed), and
* if one service failed while services were being added, then the service
  list would be left in an inconsistent state (tor dies when this happens,
  but the code is cleaner now).

Fixes #20860.
2016-12-03 09:10:46 +11:00
teor
ebf243bc5b
Changes file for 20864 2016-12-03 06:35:45 +11:00
Nick Mathewson
ca4a0ae0b1 Merge branch 'maint-0.2.9' 2016-12-02 12:10:39 -05:00
David Goulet
907cd8a0cf protover: Fix old tor hardcoded version check
When computing old Tor protocol line version in protover, we were looking at
0.2.7.5 twice instead of the specific case for 0.2.9.1-alpha.

Fixes #20810

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-02 12:09:08 -05:00
Nick Mathewson
ed4213fa08 Merge remote-tracking branch 'teor/bug20667' 2016-12-02 12:07:10 -05:00
Nick Mathewson
d7ec1708b1 Merge branch 'maint-0.2.9' 2016-12-02 12:00:53 -05:00
Nick Mathewson
8b93cbc16d Merge branch 'bug20716_026' into maint-0.2.9 2016-12-02 12:00:46 -05:00
Nick Mathewson
0ef5b8de74 Remove changes files got merged in 0.2.9.6-rc and earlier
These won't appear in the 0.3.0.1-alpha changelog, so we don't want
to keep them around here.

List generated with ./scripts/maint/findMergedChanges.pl
2016-12-02 11:26:41 -05:00
Nick Mathewson
e317a9cb7c Merge branch 'bug20599_030_v4' 2016-12-02 07:47:32 -05:00
overcaffeinated
3b6da3f90c Fix memory leak in bug 20716
newconn->address is strdup'ed twice when new_type == CONN_TYPE_AP
and conn->socket_family == AF_UNIX. Whilst here, juggle code to
make sure newconn->port is assigned from an initialised value in
the above case.
2016-12-01 10:14:42 -05:00
Nick Mathewson
fc47cc3ed9 Merge branch 'maint-0.2.9' 2016-12-01 10:06:17 -05:00
Nick Mathewson
52cb1edda6 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-01 10:05:44 -05:00
teor
b917b3875e Stop ignoring misconfigured hidden services
Instead, refuse to start tor until the misconfigurations have been corrected.

Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier.
2016-12-01 09:51:33 -05:00
Nick Mathewson
5efbd41daa Merge branch 'maint-0.2.9' 2016-12-01 09:50:17 -05:00
Nick Mathewson
f8a7972b29 Merge branch 'bug20638_029_v2_squashed' into maint-0.2.9 2016-12-01 09:45:14 -05:00
teor
f80a43d16f Stop ignoring hidden service key anonymity when first starting tor
Instead, refuse to start tor if any hidden service key has been used in
a different hidden service anonymity mode.

Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.

The original single onion service poisoning code checked poisoning state
in options_validate, and poisoned in options_act. This was problematic,
because the global array of hidden services had not been populated in
options_validate (and there were ordrering issues with hidden service
directory creation).

This patch fixes this issue in rend_service_check_dir_and_add, which:
* creates the directory, or checks permissions on an existing directory, then
* checks the poisoning state of the directory, then
* poisons the directory.

When validating, only the permissions checks and the poisoning state checks
are perfomed (the directory is not modified).
2016-12-01 09:44:53 -05:00
teor
04f7944891
Stop discarding downloaded full descriptors when using microdescs for circuits
This affects clients with FetchUselessDescriptors 1.

It might also cause subtle bugs on directory mirrors and authorities,
causing them to consider all full descriptors as failed or old.
2016-11-30 12:20:28 +11:00
teor
24e293c3c6
Man page update and changes file for 20667 2016-11-30 11:18:38 +11:00
Chelsea H. Komlo
1ca777474b
adds changes file 2016-11-24 12:15:00 -05:00
Chelsea H. Komlo
118bba7622
Refactor to remove unnecessary check in circuit_is_available_for_use 2016-11-24 08:12:33 -05:00
Chelsea H. Komlo
cfb8363da9
extract magic numbers in circuituse.c 2016-11-24 08:12:32 -05:00
Chelsea H. Komlo
afb6ae7b0f
Refactor circuit_predict_and_launch_new 2016-11-24 08:12:30 -05:00
Chelsea H. Komlo
b95998ef0c
moving useful test helper to test_helpers.h 2016-11-24 08:12:27 -05:00
Nick Mathewson
16fcbd21c9 Try to work around breakage in the OSX 10.12 SDK.
Apple is supposed to decorate their function declarations with
macros to indicate which OSX version introduced them, so that you
can tell the compiler that you want to build against certain
versions of OSX.  But they forgot to do that for clock_gettime() and
getentropy(), both of which they introduced in 10.12.

This patch adds a kludge to the configure.ac script where, if we
detect that we are targeting OSX 10.11 or earlier, we don't even probe
to see if the two offending functions are present.

Closes ticket 20235.
2016-11-22 19:24:13 -05:00
Nick Mathewson
4614f8e681 Merge remote-tracking branch 'teor/fix-mingw-pagesize' 2016-11-22 18:29:50 -05:00
Nick Mathewson
c35d481f56 Merge branch 'maint-0.2.9' 2016-11-21 12:44:21 -05:00
Nick Mathewson
e2c881487c Merge remote-tracking branch 'arma/bug20423' into maint-0.2.9 2016-11-21 12:40:08 -05:00
Nick Mathewson
427dcb29b5 Merge branch 'maint-0.2.9' 2016-11-17 20:08:15 -05:00
Nick Mathewson
8a767ba7fb Merge remote-tracking branch 'teor/bug20634_029' into maint-0.2.9 2016-11-17 20:02:59 -05:00
Roger Dingledine
f12aad7f09 don't attempt a resolve when the cached answer will do
For relays that don't know their own address, avoid attempting
a local hostname resolve for each descriptor we download. Also cut
down on the number of "Success: chose address 'x.x.x.x'" log lines.

Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
2016-11-16 16:22:11 -05:00
David Goulet
6b13612eef doc: Add change file for bug #20646
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-16 11:28:24 -05:00
teor
44f3563d87
Changes file for bug 20634 2016-11-16 13:14:03 +11:00
Nick Mathewson
b6164e1604 Merge remote-tracking branch 'public/feature20552' 2016-11-10 09:25:11 -05:00
Nick Mathewson
f82f0c3eb1 Merge remote-tracking branch 'dgoulet/bug20574_030_01' 2016-11-10 09:22:34 -05:00
Matt Nordhoff
7dee70c3e1 Add "TByte" and "TBytes" units; also add "TBits" to man page 2016-11-10 09:13:27 -05:00
Nick Mathewson
0f4f63b7b8 Merge branch 'maint-0.2.9' 2016-11-10 09:11:35 -05:00
Nick Mathewson
e8e7a8f3db Merge remote-tracking branch 'teor/bug20613' into maint-0.2.9 2016-11-10 09:10:55 -05:00
rubiate
d46c1b49a4 Do not serve a consensus if it is too old
Closes ticket 20511.
2016-11-10 10:16:18 +13:00
Nick Mathewson
d564187dee Merge branch 'maint-0.2.9' 2016-11-08 19:25:44 -05:00
teor
0ec94588ab
Stop logging single onion and Tor2web long-term one-hop circuits
Single onion services and Tor2web deliberately create long-term one-hop
circuits to their intro and rend points, respectively.

These log messages are intended to diagnose issue 8387, which relates to
circuits hanging around forever for no reason.

Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
2016-11-09 11:23:51 +11:00
Nick Mathewson
e4ef9f7491 In torrc.sample.in, note that bandwidth must be >=75 KB.
Queue a corresponding change for torrc.minimal.in.

Closes ticket 20085.
2016-11-08 19:23:49 -05:00
Nick Mathewson
c58592e658 Merge branch 'maint-0.2.9' 2016-11-08 18:51:19 -05:00
Nick Mathewson
89ec191b68 Merge remote-tracking branch 'public/bug20306_029' into maint-0.2.9 2016-11-08 18:51:07 -05:00
Nick Mathewson
31f41fe096 Merge branch 'maint-0.2.9' 2016-11-08 18:45:10 -05:00
Nick Mathewson
286fa94064 Use va_copy() in pure-windows version of tor_asprintf().
It's not okay to use the same varargs list twice, and apparently
some windows build environments produce code here that would leave
tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha
when tor_asprintf() was introduced.
2016-11-08 18:44:06 -05:00
Nick Mathewson
d1a0f2e7e4 Merge branch 'maint-0.2.9' 2016-11-08 07:12:16 -05:00
teor
38e3f91c63
When using exponential backoff in test networks, use a lower exponent
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.

Bugfix on 20499.
2016-11-08 16:42:26 +11:00
Nick Mathewson
e0311f6a36 Remove from master more changes files already merged in release-0.2.9 2016-11-07 16:32:30 -05:00
Nick Mathewson
3e3040a5d9 Merge branch 'maint-0.2.9'
Conflicts:
	src/or/rendservice.c
2016-11-07 16:31:40 -05:00
Nick Mathewson
9994404238 Make new changes files pass lintchanges 2016-11-07 16:19:05 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
David Goulet
b0ea8b535f hs: Add changes file for HSDir v3 protocol feature
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 13:49:27 -05:00
Nick Mathewson
89edef6afb Treat bacoff/schedule mismatch as a bug. 2016-11-07 11:05:57 -05:00
Nick Mathewson
1934bf75ef Merge branch 'maint-0.2.9' 2016-11-07 11:02:15 -05:00
Nick Mathewson
864c42f4d6 Count HTTP 503 as a download failure.
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."

Fixes bug 20593.
2016-11-07 11:01:21 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
Nick Mathewson
800dff1308 Merge branch 'maint-0.2.9' 2016-11-07 09:32:21 -05:00
Nick Mathewson
e4b793fe41 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-07 09:32:00 -05:00
Nick Mathewson
2639fd08e7 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-11-07 09:31:36 -05:00
Nick Mathewson
f5fdf188b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-11-07 09:30:42 -05:00
Nick Mathewson
6c2174d44d Merge branch 'maint-0.2.5' into maint-0.2.6 2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-11-07 09:29:54 -05:00
Nick Mathewson
d82ffb77f3 Merge branch '20499_part1_029_squashed', remote-tracking branches 'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9 2016-11-07 09:20:13 -05:00
Nick Mathewson
858867a31a Allow infinitely long delays in exponential-backoff downloads
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.

Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07 09:19:35 -05:00
Nick Mathewson
a415fee58a Merge branch 'maint-0.2.9' 2016-11-07 09:09:06 -05:00
Karsten Loesing
ea597832e2 Update geoip and geoip6 to the November 3 2016 database. 2016-11-07 15:05:19 +01:00
teor
e819d420c5
When downloading certificates, check for related failures
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.

If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.

Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-08 00:01:20 +11:00
teor
1bb28cecd9
Ensure relays don't make multiple connections during bootstrap
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.

Bugfix on 0.2.8.1-alpha.
2016-11-07 23:05:55 +11:00
Nick Mathewson
0bd55ed96a Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-11-06 21:01:25 -05:00
Nick Mathewson
61612f980d Merge branch 'maint-0.2.9' 2016-11-06 20:24:29 -05:00
Nick Mathewson
def41e93bd In test_tortls_classify_client_ciphers(), s/ECDH/ECDHE/
(We weren't actually using these ciphers; we were just requing that
ciphers of that name existed.)

Patch from rubiate.  Fixes 20460
2016-11-06 20:23:40 -05:00
Nick Mathewson
5385a023e1 Do not apply 'max_failures' to random-exponential schedules.
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06 20:08:11 -05:00
Nick Mathewson
1b22eae120 Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.
Fixes bug 20587; bugfix on 35bbf2e4a4 in 0.2.8.1-alpha.
2016-11-06 19:50:08 -05:00
Nick Mathewson
b28d818423 Remove changes files that will appear in 0.2.9.5-alpha. 2016-11-06 16:57:38 -05:00
Nick Mathewson
c69bc895ca Fix lintchanges warnings in master. 2016-11-06 16:48:52 -05:00
Nick Mathewson
c8ec42de2f Merge branch 'maint-0.2.9' 2016-11-06 16:41:32 -05:00
Nick Mathewson
add164aa41 Fix warnings from lintChanges.py 2016-11-06 16:39:46 -05:00
Nick Mathewson
91053a072c changes file for 20526 2016-11-03 19:10:02 -04:00
Nick Mathewson
b96bb82a2a changes file for 19563 2016-11-03 18:41:40 -04:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
Nick Mathewson
957bdc4a42 Merge branch 'bug20553_028' 2016-11-03 10:52:21 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
1eef543f9d Merge branch 'bug20551_028' 2016-11-03 09:37:44 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
53656381df Changes file for 15055 branch. 2016-11-03 08:40:10 -04:00
Nick Mathewson
e64bac6eb4 Increase TLS RSA link key length to 2048 bits
Oddly, nothing broke.

Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
teor
8f465808a0
Check for getpagesize before using it to mmap files
This fixes compilation in some MinGW environments.

Fixes bug 20530; bugfix on commit bf72878 in tor-0.1.2.1-alpha.
Reported by "ice".
2016-11-03 08:44:57 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
db67867a81 Merge remote-tracking branch 'pastly/ticket20486' 2016-11-01 12:55:14 -04:00
Nick Mathewson
e6d84ac04f Merge branch 'maint-0.2.9' 2016-11-01 12:49:13 -04:00
Nick Mathewson
9248466f0a Merge branch 'bug20487_029' into maint-0.2.9 2016-11-01 12:44:20 -04:00
Matt Traudt
d8d6d8c206 Update man page that HS directory does not need to exist 2016-11-01 12:32:50 -04:00
Nick Mathewson
68a27dad43 Merge branch 'maint-0.2.9' 2016-10-31 16:33:12 -04:00
Nick Mathewson
e712b5d784 Merge branch 'bug19968_029' into maint-0.2.9 2016-10-31 16:33:03 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
b858452f94 Add a sentence to the manpage about nonanonymous=>Socksport 0.
Closes 20487.
2016-10-31 15:13:27 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
overcaffeinated
b8b8b6b70e Add implementation of smartlist_add_strdup
Add smartlist_add_strdup(sl, string) - replaces the use of
smartlist_add(sl, tor_strdup(string)). Fixes bug 20048.
2016-10-27 10:12:28 +01:00
Matt Traudt
6629c5c3fe Add historic bwweight tests, comments, line len fixes 2016-10-26 16:37:16 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00
David Goulet
59247314d5 man: Fix default value of AuthDirGuardBWGuarantee to 2MB
Closes #20435

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-23 10:59:55 -04:00
Nick Mathewson
7010e85939 changes file for 20389 2016-10-19 18:07:02 -04:00
Nick Mathewson
df387b94e8 Merge remote-tracking branch 'chelseakomlo/master' 2016-10-19 17:17:12 -04:00
Nick Mathewson
12cf73c451 Merge remote-tracking branch 'andrea/ticket19858_v2'
Conflict in entrynodes.c: any_bridge_supports_microdescriptors was
removed in master, and modified in 19858_v2
2016-10-19 17:11:47 -04:00
Nick Mathewson
ec4142abdf Unify code in channel_write_*cell()
Patch from pingl; patch for 13827.
2016-10-19 17:07:23 -04:00
Nick Mathewson
87e4b9259a Merge remote-tracking branch 'arma/bug6769' 2016-10-19 17:04:44 -04:00
Chelsea H. Komlo
471b0c5175
Refactor purpose_needs_anonymity to use switch statement 2016-10-19 12:25:50 -05:00
Chelsea H. Komlo
195ccce94e
Refactor to use purpose_needs_anonymity and remove is_sensitive_dir_purpose 2016-10-18 18:40:50 -05:00
Nick Mathewson
9a3adb07c4 changes file for module docs 2016-10-18 19:35:10 -04:00
Nick Mathewson
52b2b2c82f Fold 20384 into changelog 2016-10-17 14:55:05 -04:00
Nick Mathewson
1a74881063 Merge branch 'maint-0.2.8' 2016-10-17 14:51:45 -04:00
Nick Mathewson
1df114330e Merge branch 'buf_sentinel_026_v2' into maint-0.2.8 2016-10-17 14:51:06 -04:00
Nick Mathewson
3cea86eb2f Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-10-17 14:49:54 -04:00
Nick Mathewson
20e9220d3d Start on an 0.2.9.4-alpha changelog 2016-10-17 10:57:50 -04:00
Nick Mathewson
efe6fc8b03 changes file for module docs 2016-10-17 10:18:45 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
d2ab58c48d Merge branch 'bug18357_v2' 2016-10-14 09:10:34 -04:00
Nick Mathewson
d25fed5174 Merge remote-tracking branch 'yawning-schwanenlied/bug20261' 2016-10-11 11:08:20 -04:00
paolo.ingls@gmail.com
ab78a4df93 torrc parsing b0rks on carriage-return
(Specifically, carriage return after a quoted value in a config
line. Fixes bug 19167; bugfix on 0.2.0.16-alpha when we introduced
support for quoted values. Unit tests, changes file, and this
parenthetical by nickm.)
2016-10-11 09:25:22 -04:00
Nick Mathewson
3328658728 Merge remote-tracking branch 'asn/bug19223' 2016-10-11 08:48:39 -04:00
George Kadianakis
e59f0d4cb9 Fix non-triggerable heap corruption at do_getpass(). 2016-10-10 12:03:39 -04:00
Nick Mathewson
850ec1e282 Stop implying that we support openssl 1.0.0; we don't.
Closes ticket 20303.

The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
is really libressl, it will have an openssl version number we can't
really believe.
2016-10-06 12:58:49 -04:00
Nick Mathewson
7410adb330 Merge branch 'maint-0.2.8' 2016-10-06 09:59:49 -04:00
Nick Mathewson
ab98c4387e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-10-06 09:59:42 -04:00
Nick Mathewson
ec718aa839 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-10-06 09:59:18 -04:00
Nick Mathewson
12a7298376 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-10-06 09:59:03 -04:00
Nick Mathewson
304d8f3bbb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-10-06 09:58:54 -04:00
Nick Mathewson
6055bba8cc Only use -levent when checking functions if we will use it to link.
Fixes 19904; bugfix on b62abf9f21499ab; patch from Rubiate.
2016-10-06 09:16:21 -04:00
Nick Mathewson
785176e975 Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false.  But that doesn't make sense; we
don't count that as "exit"ing.  I've corrected the logic and tried
to make it a lottle more clear.

Fixes bug 18357; this code has been wrong since 9016d9e829 in
0.2.4.7-alpha.
2016-10-05 12:44:53 -04:00
Karsten Loesing
1b4984f196 Update geoip and geoip6 to the October 6 2016 database. 2016-10-05 16:35:14 +02:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Matt Traudt
5503eec3aa Change some dirvote.c comments to reflect reality 2016-10-03 20:43:50 -04:00
Nick Mathewson
a49fb1e2e5 Teach 'make tags' about MOCK_IMPL.
Patch from nherring; closes ticket 16869
2016-10-03 13:58:09 -04:00
cypherpunks
3b2f012e28 Avoid reordering IPv6 interface addresses
When deleting unsuitable addresses in get_interface_address6_list(), to
avoid reordering IPv6 interface addresses and keep the order returned by
the OS, use SMARTLIST_DEL_CURRENT_KEEPORDER() instead of
SMARTLIST_DEL_CURRENT().

This issue was reported by René Mayrhofer.

[Closes ticket 20163; changes file written by teor. This paragraph
added by nickm]
2016-10-03 13:50:27 -04:00
Paolo Inglese
ae4077916c Fix parse_virtual_addr_network minimum network size 2016-10-03 12:18:51 +01:00
Roger Dingledine
782b6ec288 Bridges and relays now use microdescriptors
(like clients do) rather than old-style router descriptors. Now bridges
will blend in with clients in terms of the circuits they build.

Fixes bug 6769; bugfix on 0.2.3.2-alpha.
2016-10-02 01:12:27 -04:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
78c07eeee1 Changes file for prop264 / ticket 19958. 2016-09-26 10:56:52 -07:00
Andrea Shepard
8b4d961f08 Changes file for ticket 19858 2016-09-25 02:13:02 +00:00
Nick Mathewson
a633baf632 Merge branch 'osx_sierra_028' 2016-09-24 13:33:09 -07:00
Nick Mathewson
39f51dfae3 changes file for osx sierra fixes 2016-09-24 13:29:20 -07:00
Nick Mathewson
eaf5950682 Remove changes files that we have folded in 2016-09-23 11:16:20 -04:00
Nick Mathewson
6a01164538 Merge branch 'maint-0.2.8' 2016-09-23 09:30:56 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
Nick Mathewson
94989fdebb remove changes files that are also in 0.2.8.8 2016-09-22 18:14:29 -04:00
Nick Mathewson
077f6a4888 Merge branch 'maint-0.2.8' 2016-09-22 15:20:31 -04:00
Nick Mathewson
d78711c0ae LintChanges fix 2016-09-22 15:19:59 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
6deeedb5e0 Merge branch 'maint-0.2.8' 2016-09-22 09:00:37 -04:00
Nick Mathewson
1edea87c2a Fix lintchanges warnings in 028 2016-09-22 09:00:16 -04:00
Nick Mathewson
20ce9f23dc Fix warnings from lintChanges.py 2016-09-22 08:48:05 -04:00
teor
df7b0011e3
Changes file for #20190: remove broken fallbacks 2016-09-22 08:08:59 +10:00
Nick Mathewson
62ee4f185f Merge branch 'maint-0.2.8' 2016-09-20 19:30:45 -04:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
Nick Mathewson
144bd86570 Merge remote-tracking branch 'teor/bug20117' 2016-09-19 14:21:12 -04:00
Nick Mathewson
b88f918227 Remove an extraneous parenthesis in IF_BUG_OHNCE__
Fixes bug 20141; bugfix on 0.2.9.1-alpha.

Patch from Gisle Vanem.
2016-09-14 10:53:49 -04:00
Nick Mathewson
8b7922b282 Merge remote-tracking branch 'teor/feature20072' 2016-09-14 10:18:41 -04:00
Nick Mathewson
4f4e995d42 Merge branch 'bug20081' 2016-09-14 10:17:04 -04:00
teor
16085a8421
Add some chutney single onion networks to make test-network-all
This requires a recent version of chutney, with the single onion
network flavours (git c72a652 or later).

Closes ticket #20072.
2016-09-14 12:17:10 +10:00
Nick Mathewson
b488bd54ba Merge remote-tracking branch 'public/bug20063' 2016-09-13 11:25:59 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
0285f4f34d Use CircuitBuildTimeout whenever circuit_build_times_disabled is true
Previously, we checked LearnCircuitBuildTimeout directly.

Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
2016-09-13 10:13:56 -04:00
teor
e5ad00330c Make Tor2web work with ReachableAddresses and CRN_DIRECT_CONN
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.

This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
20c4b01694 Make preferred_chunk_size avoid overflow, handle big inputs better
Also, add tests for the function.

Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
2016-09-13 09:07:12 -04:00
Nick Mathewson
4b182dfc23 Merge remote-tracking branch 'public/ticket19998' 2016-09-13 08:54:43 -04:00
Nick Mathewson
9d84a6d998 changes file for 19767 2016-09-11 16:53:37 -04:00
teor
42a74f707c
Document the default PathsNeededToBuildCircuits value
... when the directory authorities don't set min_paths_for_circs_pct.

Fixes bug 20117; bugfix on 02c320916e in tor-0.2.4.10-alpha.
Reported by Jesse V.
2016-09-09 11:20:20 +10:00
Nick Mathewson
3269307daf Treat all nonfatal assertion failures as unit test failures.
Part of 19999.
2016-09-08 13:27:30 -04:00
Nick Mathewson
fe9cfeba6e Fix libevent linking on openbsd.
Closes ticket 19902; bugfix on 0.2.9.1-alpha; patch from rubiate
2016-09-08 10:09:34 -04:00
Nick Mathewson
f3cda3272a Disable -Wthread-safety.
See changes file; closes ticket 20110.
2016-09-08 09:37:40 -04:00
Nick Mathewson
08d1ac4f2a Patch from rubiate: disable openbsd memory protections in test-memwipe
Test-memwipe is *supposed* to invoke undefined behavior, alas.

Closes 20066.
2016-09-08 09:00:24 -04:00
Nick Mathewson
f028434a5f Merge branch 'maint-0.2.8' 2016-09-07 13:54:21 -04:00
Nick Mathewson
6494f3346b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-09-07 13:54:12 -04:00
Nick Mathewson
11edbf4808 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-09-07 13:54:03 -04:00
Nick Mathewson
52a99cb6c1 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-09-07 13:53:53 -04:00
Nick Mathewson
e4d82da05b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-09-07 13:53:43 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00
Nick Mathewson
2a3b651790 Merge remote-tracking branch 'sebastian/bug20064' 2016-09-07 11:38:43 -04:00
Karsten Loesing
56f95ba94d Update geoip and geoip6 to the September 6 2016 database. 2016-09-07 11:08:04 +02:00
Nick Mathewson
2b39c927c7 Add !(...) to BUG() log messages
They use the same code as reporting assertion failures, so we should
invert the sense of what we're "asserting".

Fixes bug 20093.
2016-09-06 21:00:51 -04:00
Nick Mathewson
af58a89b86 Merge remote-tracking branch 'teor/bug20012' 2016-09-06 19:14:02 -04:00
Nick Mathewson
43092e21c1 Merge remote-tracking branch 'teor/feature20069' 2016-09-06 19:06:32 -04:00
Nick Mathewson
128f7ffbc0 Merge remote-tracking branch 'public/ticket20002' 2016-09-06 14:27:13 -04:00
Nick Mathewson
4e3f9c1f3a Merge remote-tracking branch 'pastly/ticket19122' 2016-09-06 11:56:46 -04:00
Matt Traudt
e90bd48c2f Change UID to Username in man page 2016-09-06 11:37:59 -04:00
teor
26b47f80dd
Add hs-ipv6 to the chutney IPv6 tests
Requires a recent version of chutney.

Also remove bridges+hs, as it's somewhat redundant.
2016-09-06 13:45:09 +10:00
Sebastian Hahn
74d710e7dc Give useful error if authority_signing_key doesn't exist 2016-09-06 00:14:20 +02:00
Sebastian Hahn
0d485fcfef Vote Exit correctly with DirAllowPrivateAddresses set
When allowing private addresses, mark Exits that only exit to private
locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-09-05 23:39:47 +02:00
Nick Mathewson
b9a43c8f43 For me, asan/ubsan require more syscalls.
Permit sched_yield() and sigaltstack() in the sandbox.

Closes ticket 20063
2016-09-05 14:25:58 -04:00
Nick Mathewson
c2d1356739 Change servers to never pick 3DES.
Closes ticket 19998.
2016-09-05 14:09:14 -04:00
Nick Mathewson
05c2db3f0b Changes file for log test improvements 2016-08-31 13:35:46 -04:00
Nick Mathewson
debe846cb8 Merge remote-tracking branch 'teor/bug19905' 2016-08-31 10:58:41 -04:00
Nick Mathewson
bbac9e1d0c Don't warn on unlink(bw_accounting) when errno == ENOENT
Patch from pastly; fixes bug 19964.
2016-08-31 10:57:09 -04:00
teor
b822c5891a
Fix the test network IPv6 check so it works on Linux 2016-08-31 15:22:34 +10:00
teor
0a3009bb85
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default.

Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-31 15:10:58 +10:00
teor (Tim Wilson-Brown)
16386a8cd1
Count unix sockets when counting client listeners
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.

When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.

Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)

Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
2016-08-31 13:41:31 +10:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
David Goulet
f46ce6e3d8 test: Fix shared random unit test for big endian
Copying the integer 42 in a char buffer has a different representation
depending on the endianess of the system thus that unit test was failing on
big endian system.

This commit introduces a python script, like the one we have for SRV, that
computes a COMMIT/REVEAL from scratch so we can use it as a test vector for
our encoding unit tests.

With this, we use a random value of bytes instead of a number fixing the
endianess issue and making the whole test case more solid with an external
tool that builds the COMMIT and REVEAL according to the spec.

Fixes #19977

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-26 14:46:29 -04:00
Nick Mathewson
9b9fb63276 prop272: When voting, include no non-Valid relays in consensus
Implements ticket 20002, and part of proposal 272.
2016-08-26 14:14:34 -04:00
Nick Mathewson
90bcfa2274 changes file and docs for 18640. 2016-08-25 14:32:10 -04:00
teor (Tim Wilson-Brown)
41cc1f612b Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnly
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.

Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.

Add changes file for all of #18693.

Parsing only: the flags do not change client behaviour (yet!)
2016-08-24 14:40:53 -04:00
Nick Mathewson
93731d6e37 Add last two entries (I hope) to 0292-alpha changelog 2016-08-24 10:57:47 -04:00
Nick Mathewson
5132905419 Merge branch 'maint-0.2.8' 2016-08-24 10:45:11 -04:00
Nick Mathewson
5280a700aa Changes file for bug19973 2016-08-24 10:34:00 -04:00
Nick Mathewson
297635f806 Merge branch 'maint-0.2.8' 2016-08-24 10:03:19 -04:00
Nick Mathewson
d3a975ea05 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-24 10:02:52 -04:00
Nick Mathewson
f60da19211 Changes file for bifroest 2016-08-24 10:02:42 -04:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
Nick Mathewson
8feb301413 Merge the rest of the changes into the 0.2.9.2-alpha changelog 2016-08-23 10:16:34 -04:00
Nick Mathewson
8fb49e4df2 fix 8625 description a little 2016-08-23 10:14:45 -04:00
Nick Mathewson
f009e1b32c Start 0.2.9.2-alpha changelog, fix some lintchanges issues 2016-08-23 10:13:13 -04:00
Nick Mathewson
6ca87e393b changes file for bug 17758 2016-08-23 10:00:54 -04:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
Nick Mathewson
62b239dd9c Merge branch 'maint-0.2.8' 2016-08-22 10:19:15 -04:00