Commit Graph

12646 Commits

Author SHA1 Message Date
Nick Mathewson
64798dab4f Detect and disallow compression bombs 2011-01-03 15:54:23 -05:00
Nick Mathewson
f089804332 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:31:19 -05:00
Nick Mathewson
e365aee971 Avoid assertion on read_file_to_str() with size==SIZE_T_CEILING-1
Spotted by doors, fixes bug 2326.
2011-01-03 15:30:11 -05:00
Nick Mathewson
cee433d751 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:15:54 -05:00
Nick Mathewson
e09ab69703 Check size against SIZE_T_CEILING in realloc too.
Fixes bug 2324.
2011-01-03 15:15:27 -05:00
Nick Mathewson
27cefef3a2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 13:18:33 -05:00
Nick Mathewson
bb5f99d4df Merge remote branch 'sebastian/bug2314' into maint-0.2.2 2011-01-03 12:47:14 -05:00
Nick Mathewson
5c09431cc7 Never include pthread.h when building for Windows.
On Windows, we never use pthreads, since it doesn't usually exist,
and when it does it tends to be a little weirdly-behaved.  But some
mingw installations have a pthreads installed, so autoconf detects
pthread.h and tells us about it.  This would make us include
pthread.h, which could make for trouble when the iffy pthread.h
tried to include config.h.

This patch changes compat.h so that we never include pthread.h on
Windows.  Fixes bug 2313; bugfix on 0.1.0.1-rc.
2011-01-03 12:45:13 -05:00
Nick Mathewson
40ef9087cf Fix a function formatting warning in rephist.c 2011-01-03 11:59:47 -05:00
Nick Mathewson
66039d9843 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
2011-01-03 11:58:59 -05:00
Nick Mathewson
989db9aed1 fix whitespace issues 2011-01-03 11:57:42 -05:00
Nick Mathewson
30b3475e6d Bump copyright statements to 2011 (0.2.2) 2011-01-03 11:52:09 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Sebastian Hahn
59a3d536d8 Fix compile without warnings on OS X 10.6 2010-12-27 11:37:16 +01:00
Sebastian Hahn
9ecf133686 Fix compile wanrings revealed by gcc 4.5 on mingw 2010-12-27 09:47:41 +01:00
Nick Mathewson
e895919b17 Merge remote branch 'public/bug2060' into maint-0.2.2 2010-12-21 15:53:03 -05:00
Nick Mathewson
cdbd6d0fe8 Merge remote branch 'rransom/bug2190_the_hard_way' into maint-0.2.2 2010-12-21 15:48:14 -05:00
Nick Mathewson
029ca804b2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-12-21 15:48:06 -05:00
Nick Mathewson
69771bb5fc Merge remote branch 'public/bug2190_021' into maint-0.2.1 2010-12-21 15:44:50 -05:00
Roger Dingledine
a62038f01d Merge branch 'maint-0.2.1' into maint-0.2.2 2010-12-16 19:23:21 -05:00
Roger Dingledine
ef5b3680c6 put 0.2.1.28 release notes in place too 2010-12-16 19:20:18 -05:00
Roger Dingledine
53c14507eb Merge branch 'maint-0.2.1' into maint-0.2.2 2010-12-16 17:24:21 -05:00
Roger Dingledine
c63c937465 Merge commit 'nickm/fix_security_bug_022' into maint-0.2.2 2010-12-16 17:24:11 -05:00
Roger Dingledine
975ffe4398 Merge commit 'nickm/fix_security_bug_021' into maint-0.2.1 2010-12-16 16:59:12 -05:00
Nick Mathewson
591f65dde6 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-12-16 10:05:07 -05:00
Karsten Loesing
3c3b1d14fd Change gabelmoo's IP address and ports. 2010-12-16 13:28:30 +01:00
Nick Mathewson
b5e293afe6 Merge remote branch fix_security_bug_021 into fix_security_bug_022
Conflicts:
	src/common/memarea.c
	src/or/or.h
	src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
b0def605a5 Add a changelog entry 2010-12-15 22:35:07 -05:00
Nick Mathewson
b8a7bad799 Make payloads into uint8_t.
This will avoid some signed/unsigned assignment-related bugs.
2010-12-15 22:31:11 -05:00
Nick Mathewson
ddfb398494 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/config/geoip
2010-12-14 14:13:24 -05:00
Nick Mathewson
785086cfba Have all of our allocation functions and a few others check for underflow
It's all too easy in C to convert an unsigned value to a signed one,
which will (on all modern computers) give you a huge signed value.  If
you have a size_t value of size greater than SSIZE_T_MAX, that is way
likelier to be an underflow than it is to be an actual request for
more than 2gb of memory in one go.  (There's nothing in Tor that
should be trying to allocate >2gb chunks.)
2010-12-13 18:40:21 -05:00
Nick Mathewson
649ee99846 Base SIZE_T_CEILING on SSIZE_T_MAX. 2010-12-13 18:40:15 -05:00
Robert Ransom
cc051f9aca Only add each log message to pending_cb_messages once. 2010-12-11 05:26:36 -08:00
Robert Ransom
4a9d60734c Don't call flush_pending_log_callbacks while logging LD_NOCB messages.
Found by boboper.
2010-12-11 04:41:35 -08:00
Karsten Loesing
35148ba532 Update to the December 1 2010 Maxmind GeoLite Country database. 2010-12-08 17:59:40 +01:00
Nick Mathewson
f924fbf19f Merge branch 'bug2081_followup_022' into maint-0.2.2 2010-12-07 11:35:49 -05:00
Nick Mathewson
5efe6f04c6 Reject relay versions older than 0.2.0.26-rc
This was the first version to cache the correct directory information.

Fixes bug 2156.
2010-12-07 11:35:32 -05:00
Nick Mathewson
8f31a9da43 revise bug2081_followup changelog 2010-12-07 11:27:51 -05:00
Nick Mathewson
dc2f10bd81 Fix a bug in calculating wakeup time on 64-bit machines.
If you had TIME_MAX > INT_MAX, and your "time_to_exhaust_bw =
accountingmax/expected_bandwidth_usage * 60" calculation managed to
overflow INT_MAX, then your time_to_consider value could underflow and
wind up being rediculously low or high.  "Low" was no problem;
negative values got caught by the (time_to_consider <= 0) check.
"High", however, would get you a wakeup time somewhere in the distant
future.

The fix is to check for time_to_exhaust_bw overflowing INT_MAX, not
TIME_MAX: We don't allow any accounting interval longer than a month,
so if time_to_exhaust_bw is significantly larger than 31*24*60*60, we
can just clip it.

This is a bugfix on 0.0.9pre6, when accounting was first introduced.
It fixes bug 2146, unless there are other causes there too.  The fix
is from boboper.  (I tweaked it slightly by removing an assignment
that boboper marked as dead, and lowering a variable that no longer
needed to be function-scoped.)
2010-12-06 12:01:32 -05:00
Nick Mathewson
feffbce814 Add a missing ! to directory_fetches_from_authorities
The old logic would have us fetch from authorities if we were refusing
unknown exits and our exit policy was reject*.  Instead, we want to
fetch from authorities if we're refusing unknown exits and our exit
policy is _NOT_ reject*.

Fixed by boboper.  Fixes more of 2097.  Bugfix on 0.2.2.16-alpha.
2010-12-06 11:36:01 -05:00
Nick Mathewson
c0f1517d87 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2010-12-03 13:37:13 -05:00
Nick Mathewson
ee8f451bf1 Fix a harmless off-by-one error in counting controller argument lengths
Bugfix on 0.1.1.1-alpha; found by boboper.
2010-12-02 13:19:21 -05:00
Poet (Tim Sally)
31b69027d3 Specified grammars for orconn-status and entry-guards for Tor versions 0.1.2.2-alpha through 0.2.2.1-alpha with feature VERBOSE_NAMES turned off. 2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
45c302efe0 Correct information about support for guards being called helper nodes.
The spec stated that support for the helper-nodes command would be removed
in 0.1.3.x, however support for this command is still in Tor. Updated the spec
to reflect this and added a node that the command is deprecated.
2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
87158368dc Correct grammars to reflect that VERBOSE_NAMES is part of the protocol.
Several updates to grammars for events and GETINFO results.  All relate
to the fact that LongName has replaced ServerID since 0.2.2.1-alpha. See
documentation of VERBOSE_NAMES for more information. The following
grammars were changed:
  * orconn-status GETINFO result
  * entry-guards GETINFO result
  * Path general token
  * OR Connection status changed event
  * New descriptors available event
In all cases a note was added about when the old grammar applies.
2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
608bad6e32 Several changes to the way tokens describing servers are documented.
(1) Made the wording of the comments consistant with token names.
Digest/Fingerprint and Name/Nickname were being used interchangeably.
Better to just use Fingerprint and Nickname becuase they are the names
of the tokens.

(2) Places the tokens currently in use before the tokens used in older
versions.  ServerSpec should be documented before ServerID.

(3) Added a note to the comments about ServerID that cross reference
the VERBOSE_FEATURE, allowing users to see when and why ServerID was
replaced with LongName.
2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
cff180f8b0 Clarify description of FEATURES in control-spec.
(1) On by default is a bad way to describe features. Rather, they
are always on and should be viewed as a part of the control
protocol. Updated the wording in USEFEATURE to reflect this.

(2) Made descriptions of Tor versions consistant across all
features. There is the version in which a feature was introduced and
the version in which it became part of the protocol.

(3) Reworded the description of the VERBOSE_NAMES feature. The
previous wording describes the way things used to be first. Better to
lead with the current state of things and then describe how it differs
from old versions.
2010-12-01 12:44:48 -05:00
Roger Dingledine
b259c08318 Merge branch 'maint-0.2.1' into maint-0.2.2
Conflicts:

	doc/Makefile.am
2010-12-01 00:11:27 -05:00
Roger Dingledine
b071217d1f add 0.2.1.27 blurb and changelog to release notes 2010-12-01 00:07:03 -05:00