Commit Graph

4571 Commits

Author SHA1 Message Date
Nick Mathewson
52cb1edda6 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-01 10:05:44 -05:00
Nick Mathewson
f8a7972b29 Merge branch 'bug20638_029_v2_squashed' into maint-0.2.9 2016-12-01 09:45:14 -05:00
teor
f80a43d16f Stop ignoring hidden service key anonymity when first starting tor
Instead, refuse to start tor if any hidden service key has been used in
a different hidden service anonymity mode.

Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.

The original single onion service poisoning code checked poisoning state
in options_validate, and poisoned in options_act. This was problematic,
because the global array of hidden services had not been populated in
options_validate (and there were ordrering issues with hidden service
directory creation).

This patch fixes this issue in rend_service_check_dir_and_add, which:
* creates the directory, or checks permissions on an existing directory, then
* checks the poisoning state of the directory, then
* poisons the directory.

When validating, only the permissions checks and the poisoning state checks
are perfomed (the directory is not modified).
2016-12-01 09:44:53 -05:00
Nick Mathewson
16fcbd21c9 Try to work around breakage in the OSX 10.12 SDK.
Apple is supposed to decorate their function declarations with
macros to indicate which OSX version introduced them, so that you
can tell the compiler that you want to build against certain
versions of OSX.  But they forgot to do that for clock_gettime() and
getentropy(), both of which they introduced in 10.12.

This patch adds a kludge to the configure.ac script where, if we
detect that we are targeting OSX 10.11 or earlier, we don't even probe
to see if the two offending functions are present.

Closes ticket 20235.
2016-11-22 19:24:13 -05:00
Nick Mathewson
e2c881487c Merge remote-tracking branch 'arma/bug20423' into maint-0.2.9 2016-11-21 12:40:08 -05:00
Nick Mathewson
8a767ba7fb Merge remote-tracking branch 'teor/bug20634_029' into maint-0.2.9 2016-11-17 20:02:59 -05:00
Roger Dingledine
f12aad7f09 don't attempt a resolve when the cached answer will do
For relays that don't know their own address, avoid attempting
a local hostname resolve for each descriptor we download. Also cut
down on the number of "Success: chose address 'x.x.x.x'" log lines.

Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
2016-11-16 16:22:11 -05:00
teor
44f3563d87
Changes file for bug 20634 2016-11-16 13:14:03 +11:00
Nick Mathewson
e8e7a8f3db Merge remote-tracking branch 'teor/bug20613' into maint-0.2.9 2016-11-10 09:10:55 -05:00
teor
0ec94588ab
Stop logging single onion and Tor2web long-term one-hop circuits
Single onion services and Tor2web deliberately create long-term one-hop
circuits to their intro and rend points, respectively.

These log messages are intended to diagnose issue 8387, which relates to
circuits hanging around forever for no reason.

Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
2016-11-09 11:23:51 +11:00
Nick Mathewson
e4ef9f7491 In torrc.sample.in, note that bandwidth must be >=75 KB.
Queue a corresponding change for torrc.minimal.in.

Closes ticket 20085.
2016-11-08 19:23:49 -05:00
Nick Mathewson
89ec191b68 Merge remote-tracking branch 'public/bug20306_029' into maint-0.2.9 2016-11-08 18:51:07 -05:00
Nick Mathewson
286fa94064 Use va_copy() in pure-windows version of tor_asprintf().
It's not okay to use the same varargs list twice, and apparently
some windows build environments produce code here that would leave
tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha
when tor_asprintf() was introduced.
2016-11-08 18:44:06 -05:00
teor
38e3f91c63
When using exponential backoff in test networks, use a lower exponent
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.

Bugfix on 20499.
2016-11-08 16:42:26 +11:00
Nick Mathewson
9994404238 Make new changes files pass lintchanges 2016-11-07 16:19:05 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
Nick Mathewson
864c42f4d6 Count HTTP 503 as a download failure.
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."

Fixes bug 20593.
2016-11-07 11:01:21 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
Nick Mathewson
e4b793fe41 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-07 09:32:00 -05:00
Nick Mathewson
2639fd08e7 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-11-07 09:31:36 -05:00
Nick Mathewson
f5fdf188b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-11-07 09:30:42 -05:00
Nick Mathewson
6c2174d44d Merge branch 'maint-0.2.5' into maint-0.2.6 2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-11-07 09:29:54 -05:00
Nick Mathewson
d82ffb77f3 Merge branch '20499_part1_029_squashed', remote-tracking branches 'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9 2016-11-07 09:20:13 -05:00
Nick Mathewson
858867a31a Allow infinitely long delays in exponential-backoff downloads
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.

Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07 09:19:35 -05:00
Karsten Loesing
ea597832e2 Update geoip and geoip6 to the November 3 2016 database. 2016-11-07 15:05:19 +01:00
teor
e819d420c5
When downloading certificates, check for related failures
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.

If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.

Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-08 00:01:20 +11:00
teor
1bb28cecd9
Ensure relays don't make multiple connections during bootstrap
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.

Bugfix on 0.2.8.1-alpha.
2016-11-07 23:05:55 +11:00
Nick Mathewson
0bd55ed96a Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-11-06 21:01:25 -05:00
Nick Mathewson
def41e93bd In test_tortls_classify_client_ciphers(), s/ECDH/ECDHE/
(We weren't actually using these ciphers; we were just requing that
ciphers of that name existed.)

Patch from rubiate.  Fixes 20460
2016-11-06 20:23:40 -05:00
Nick Mathewson
5385a023e1 Do not apply 'max_failures' to random-exponential schedules.
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06 20:08:11 -05:00
Nick Mathewson
1b22eae120 Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.
Fixes bug 20587; bugfix on 35bbf2e4a4 in 0.2.8.1-alpha.
2016-11-06 19:50:08 -05:00
Nick Mathewson
add164aa41 Fix warnings from lintChanges.py 2016-11-06 16:39:46 -05:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
9248466f0a Merge branch 'bug20487_029' into maint-0.2.9 2016-11-01 12:44:20 -04:00
Nick Mathewson
e712b5d784 Merge branch 'bug19968_029' into maint-0.2.9 2016-10-31 16:33:03 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
b858452f94 Add a sentence to the manpage about nonanonymous=>Socksport 0.
Closes 20487.
2016-10-31 15:13:27 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00