Commit Graph

9896 Commits

Author SHA1 Message Date
Sebastian Hahn
9082898944 Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Nick Mathewson
b1632c3fb7 Fix memory leak in retry_all_listeners: Coverity CID 485 2011-10-26 13:22:20 -04:00
Nick Mathewson
097ed9998b Fix memory leak in options_act_reversible: fix Coverity CID 486,487 2011-10-26 13:22:13 -04:00
Nick Mathewson
e0a053be01 Do not tread vpadding cell as versions cell. Not in any released version. 2011-10-26 11:50:50 -04:00
George Kadianakis
9d53c00911 Fix a NULL pointer dereference in parse_server_transport_line(). 2011-10-26 11:21:11 -04:00
Nick Mathewson
beb9097bed Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-26 11:08:19 -04:00
Nick Mathewson
4a1a89be0c Merge remote-tracking branch 'public/cov_run224_022' into maint-0.2.2 2011-10-26 11:07:28 -04:00
Sebastian Hahn
34f12437d4 Fix a couple of pluggable transport bugs
Fix coverity complaints 490, 491 and 492. Especially the one in
parse_client_transport_line() could've been a remotely triggerable
segfault, I think.
2011-10-26 16:49:24 +02:00
Nick Mathewson
d0a91386e5 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2011-10-26 14:20:47 +02:00
Sebastian Hahn
3a890b3b70 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2011-10-26 14:17:01 +02:00
Nick Mathewson
dc557e8164 Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2011-10-26 14:16:54 +02:00
Nick Mathewson
2a2301e411 Rename get_client_identity_key to get_tlsclient_identity_key 2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:16:20 +02:00
Nick Mathewson
299a78c5fe Make crypto_free_pk_env tolerate NULL arg in 0.2.1. Error-proofing against bug 988 backport 2011-10-26 14:14:05 +02:00
Robert Ransom
9976df9e56 Maintain separate server and client TLS contexts.
Fixes bug #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:13:55 +02:00
Robert Ransom
8781640111 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:08:36 +02:00
Robert Ransom
07ab559a8e Add public_server_mode function. 2011-10-26 14:03:43 +02:00
George Kadianakis
e2b3527106 Also handle needless renegotiations in SSL_write().
SSL_read(), SSL_write() and SSL_do_handshake() can always progress the
SSL protocol instead of their normal operation, this means that we
must be checking for needless renegotiations after they return.

Introduce tor_tls_got_excess_renegotiations() which makes the
          tls->server_handshake_count > 2
check for us, and use it in tor_tls_read() and tor_tls_write().

Cases that should not be handled:

* SSL_do_handshake() is only called by tor_tls_renegotiate() which is a
  client-only function.

* The SSL_read() in tor_tls_shutdown() does not need to be handled,
  since SSL_shutdown() will be called if SSL_read() returns an error.
2011-10-26 13:36:30 +02:00
Nick Mathewson
c5a3664f27 Fix zlib macro brokenness on osx with zlib 1.2.4 and higher.
From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.
2011-10-26 07:30:11 -04:00
George Kadianakis
340809dd22 Get rid of tor_tls_block_renegotiation().
Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
2011-10-26 13:16:14 +02:00
George Kadianakis
ecd239e3b5 Detect and deny excess renegotiations attempts.
Switch 'server_handshake_count' from a uint8_t to 2 unsigned int bits.
Since we won't ever be doing more than 3 handshakes, we don't need the
extra space.

Toggle tor_tls_t.got_renegotiate based on the server_handshake_count.
Also assert that when we've done two handshakes as a server (the initial
SSL handshake, and the renegotiation handshake) we've just
renegotiated.

Finally, in tor_tls_read() return an error if we see more than 2
handshakes.
2011-10-26 03:12:18 +02:00
George Kadianakis
4fd79f9def Detect renegotiation when it actually happens.
The renegotiation callback was called only when the first Application
Data arrived, instead of when the renegotiation took place.

This happened because SSL_read() returns -1 and sets the error to
SSL_ERROR_WANT_READ when a renegotiation happens instead of reading
data [0].

I also added a commented out aggressive assert that I won't enable yet
because I don't feel I understand SSL_ERROR_WANT_READ enough.

[0]: Look at documentation of SSL_read(), SSL_get_error() and
     SSL_CTX_set_mode() (SSL_MODE_AUTO_RETRY section).
2011-10-26 03:09:22 +02:00
George Kadianakis
69a821ea1c Refactor the SSL_set_info_callback() callbacks.
Introduce tor_tls_state_changed_callback(), which handles every SSL
state change.

The new function tor_tls_got_server_hello() is called every time we
send a ServerHello during a v2 handshake, and plays the role of the
previous tor_tls_server_info_callback() function.
2011-10-26 02:05:45 +02:00
Nick Mathewson
7ab0b5ff71 Avoid likely memory fragmentation from rep_hist_note_descs_served
When you're doing malloc(sizeof(int)), something may well have gone
wrong.

This technique is a bit abusive, but we're already relying on it
working correctly in geoip.c.
2011-10-25 17:53:26 -04:00
Sebastian Hahn
7fbc018433 Add percentiles to the desc stats reporting
To get a better idea what's going on on Tonga, add some code to report
how often the most and least frequently fetched descriptor was fetched,
as well as 25, 50, 75 percentile.

Also ensure we only count bridge descriptors here.
2011-10-25 16:47:27 +02:00
George Kadianakis
6b3c3b968f Rename tor_process_destroy() to tor_process_handle_destroy(). 2011-10-24 16:04:31 +02:00
George Kadianakis
47a5b8009b Improve general code quality.
- Add a tor_process_get_pid() function that returns the PID of a
  process_handle_t.
- Conform to make check-spaces.
- Add some more documentation.
- Improve some log messages.
2011-10-24 16:01:24 +02:00
George Kadianakis
572aa4ec44 Add PT_PROTO_FAILED_LAUNCH managed proxy state.
We used to try to terminate the managed proxy process even if it
failed while launching. We introduce a new managed proxy state, to
represent a *broken* and *not launched* proxy.
2011-10-24 15:59:11 +02:00
George Kadianakis
20be928fae Make set_managed_proxy_environment() work on Windows. 2011-10-24 15:56:28 +02:00
George Kadianakis
f12a40d860 Prepare util.[ch] to use the new process_handle_t API.
Also, create tor_process_destroy() which destroys a process_handle_t.
2011-10-24 15:55:53 +02:00
Sebastian Hahn
f885c60501 Don't initialize desc stats for non-bridgedirauth nodes
Also make sure that calling rep_hist_note_desc_served() while stats
aren't initialized just returns.

Bug spotted by SwissTorHelp. Thanks!
2011-10-24 14:54:22 +02:00
Roger Dingledine
2e295ae46e bump to 0.2.3.5-alpha-dev 2011-10-23 13:38:12 -04:00
Nick Mathewson
9d355bf479 Double-check that we really can get RSA keys from ID/Auth certs
Addresses issue 4287; issue not in any released Tor.
2011-10-23 13:31:09 -04:00
Nick Mathewson
87a93917c3 Fix a reference-leak in tor_tls_received_v3_certificate
We were calling SSL_get_peer_certificate but not X509_free.

This is a major part of bug4252; the bug has been in no released version.
2011-10-23 13:23:53 -04:00
Nick Mathewson
80cf342e47 Fix memory leak in prop176 code
This fixes part of bug4252.  Bug not in any released version.
2011-10-23 13:23:53 -04:00
Nick Mathewson
0c2a3601e8 Merge remote-tracking branch 'rransom-tor/bug3825c' 2011-10-23 12:55:10 -04:00
Sebastian Hahn
42b96a041d Check for jumping clock in *format_*stats functions
None of these were real bugs (yet), because the callers made sure
everything was fine. Make it more explicit. Suggested by Nick
2011-10-21 11:21:42 -04:00
Sebastian Hahn
03c06b629f Add new stats type: descriptor fetch stats
This is used for the bridge authority currently, to get a better
intuition on how many descriptors are actually fetched from it and how
many fetches happen in total.

Implements ticket 4200.
2011-10-21 11:21:42 -04:00
Sebastian Hahn
af02c4a9c3 remove code related to tracking descriptor serving times
This had broken due to bitrot - it doesn't know about microdescriptors
at all, and afaik hasn't generally been used in ages.
2011-10-21 06:02:47 +02:00
Nick Mathewson
29825f0bfd Merge remote-tracking branch 'rransom-tor/bug4091' 2011-10-20 14:26:54 -04:00
Robert Ransom
9df99bbb91 Check whether a client port is a Unix socket before using its IP addr
Bugfix on commit c1ac0695d5, not yet in any
release.  Fixes bug 4091; bug reported by SwissTorHelp.
2011-10-20 03:17:23 -07:00
Nick Mathewson
169c81844d Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-20 00:03:43 -04:00
Nick Mathewson
3cb79a0286 Merge remote-tracking branch 'rransom-tor/bug4251-022' into maint-0.2.2 2011-10-20 00:01:58 -04:00
Nick Mathewson
384e300cb4 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-19 23:16:08 -04:00
Nick Mathewson
5aa45ed6af Fix crash when changing node restrictions with DNS lookup in progress
Fixes bug 4259, bugfix on 0.2.2.25-alpha.  Bugfix by "Tey'".

Original message by submitter:

  Changing nodes restrictions using a controller while Tor is doing
  DNS resolution could makes Tor crashes (on WinXP at least). The
  problem can be repeated by trying to reach a non-existent domain
  using Tor:

    curl --socks4a 127.0.0.1:9050 inexistantdomain.ext

  .. and changing the ExitNodes parameter through the control port
  before Tor returns a DNS resolution error (of course, the following
  command won't work directly if the control port is password
  protected):

    echo SETCONF ExitNodes=TinyTurtle | nc -v 127.0.0.1 9051

  Using a non-existent domain is needed to repeat the issue so that
  Tor takes a few seconds for resolving the domain (which allows us to
  change the configuration). Tor will crash while processing the
  configuration change.

  The bug is located in the addressmap_clear_excluded_trackexithosts
  method which iterates over the entries of the addresses map in order
  to check whether the changes made to the configuration will impact
  those entries. When a DNS resolving is in progress, the new_adress
  field of the associated entry will be set to NULL. The method
  doesn't expect this field to be NULL, hence the crash.
2011-10-19 23:14:05 -04:00
Robert Ransom
739c21e97b Free rend_data and intro_key when extra intro circs become general-purpose 2011-10-18 07:08:02 -07:00
George Kadianakis
45307ff980 Port managed proxy launching code to the new subprocess API. 2011-10-17 22:46:44 +02:00
Roger Dingledine
0a083b0188 Merge branch 'maint-0.2.2' 2011-10-13 10:14:38 -04:00
Roger Dingledine
56180d169a Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-13 10:14:16 -04:00
Karsten Loesing
ee545cd4cb Update to the October 2011 GeoIP database. 2011-10-13 10:13:40 -04:00
Robert Ransom
b095be7f69 Check for intro circ timeouts properly
Previously, we would treat an intro circuit failure as a timeout iff the
circuit failed due to a mismatch in relay identity keys.  (Due to a bug
elsewhere, we only recognize relay identity-key mismatches on the first
hop, so this isn't as bad as it could have been.)

Bugfix on commit eaed37d14c, not yet in any
release.
2011-10-12 06:41:33 -07:00
Nick Mathewson
426f6bfda2 Stop using addr_port_lookup as an address splitting function
It's too risky to have a function where if you leave one parameter
NULL, it splits up address:port strings, but if you set it, it does
hostname resolution.
2011-10-11 12:02:19 -04:00
Nick Mathewson
491e20ae13 Change "reverse_lookup_name" functions to refer to "PTR_name"s
Under the new convention, having a tor_addr.*lookup function that
doesn't do hostname resolution is too close for comfort.

I used this script here, and have made no other changes.

  s/tor_addr_parse_reverse_lookup_name/tor_addr_parse_PTR_name/g;
  s/tor_addr_to_reverse_lookup_name/tor_addr_to_PTR_name/g;
2011-10-11 11:48:21 -04:00
Nick Mathewson
00b2b69add Fix names of functions that convert strings to addrs
Now let's have "lookup" indicate that there can be a hostname
resolution, and "parse" indicate that there wasn't.  Previously, we
had one "lookup" function that did resolution; four "parse" functions,
half of which did resolution; and a "from_str()" function that didn't
do resolution.  That's confusing and error-prone!

The code changes in this commit are exactly the result of this perl
script, run under "perl -p -i.bak" :

  s/tor_addr_port_parse/tor_addr_port_lookup/g;
  s/parse_addr_port(?=[^_])/addr_port_lookup/g;
  s/tor_addr_from_str/tor_addr_parse/g;

This patch leaves aton and pton alone: their naming convention and
behavior is is determined by the sockets API.

More renaming may be needed.
2011-10-11 11:30:12 -04:00
Nick Mathewson
69921837a7 Fix a bunch of whitespace errors 2011-10-11 11:30:01 -04:00
Nick Mathewson
8af0cfc10d Add some points to make it easy to turn off v3 support 2011-10-10 23:14:32 -04:00
Sebastian Hahn
35fe4825fc Quiet two notices, and spelling mistake cleanup 2011-10-10 23:14:31 -04:00
Sebastian Hahn
66200320ff Fix a few 64bit compiler warnings 2011-10-10 23:14:31 -04:00
Nick Mathewson
1bd65680bd Add more log statements for protocol/internal failures 2011-10-10 23:14:31 -04:00
Nick Mathewson
059d3d0613 Remove auth_challenge field from or_handshake_state_t
We didn't need to record this value; it was already recorded
implicitly while computing cell digests for later examination in the
authenticate cells.
2011-10-10 23:14:31 -04:00
Nick Mathewson
d79ff2ce94 spec conformance: allow only one cert of each type 2011-10-10 23:14:31 -04:00
Nick Mathewson
e56d7a3809 Give tor_cert_get_id_digests() fail-fast behavior
Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key.  The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key.  This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".

Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
2011-10-10 23:14:31 -04:00
Nick Mathewson
40f0d111c2 Fix some more issues wrt tor_cert_new found by asn 2011-10-10 23:14:30 -04:00
Nick Mathewson
ce102f7a59 Make more safe_str usage happen for new logs in command.c 2011-10-10 23:14:30 -04:00
Nick Mathewson
23664fb3b8 Set up network parameters on non-authenticated incoming connections
Also add some info log messages for the steps of the v3 handshake.

Now my test network bootstraps!
2011-10-10 23:14:30 -04:00
Nick Mathewson
7aadae606b Make sure we stop putting cells into our hash at the right time. 2011-10-10 23:14:30 -04:00
Nick Mathewson
41b250d7ea Bugfixes for authenticate handling and generation 2011-10-10 23:14:30 -04:00
Nick Mathewson
610cb0ecc4 Fix log message about what cells we are sending 2011-10-10 23:14:30 -04:00
Nick Mathewson
f726c67dd4 more verbose log for recording an odd cell 2011-10-10 23:14:30 -04:00
Nick Mathewson
40f343e176 Actually accept cells in SERVER_RENEGOTIATING 2011-10-10 23:14:29 -04:00
Nick Mathewson
6bfb31ff56 Generate certificates that enable v3 handshake 2011-10-10 23:14:29 -04:00
Nick Mathewson
7935c4bdfa Allow "finished flushing" during v3 handshake 2011-10-10 23:14:29 -04:00
Nick Mathewson
83bb9742b5 Hook up all of the prop176 code; allow v3 negotiations to actually work 2011-10-10 23:14:18 -04:00
Nick Mathewson
445f947890 Remove a no-longer-relevant comment 2011-10-10 23:14:17 -04:00
Nick Mathewson
9a77ebc794 Make tor_tls_cert_is_valid check key lengths 2011-10-10 23:14:17 -04:00
Nick Mathewson
3f22ec179c New functions to record digests of cells during v3 handshake
Also, free all of the new fields in or_handshake_state_t
2011-10-10 23:14:17 -04:00
Nick Mathewson
6c7f28454e Implement cert/auth cell reading 2011-10-10 23:14:17 -04:00
Nick Mathewson
81024f43ec Basic function to write authenticate cells
Also, tweak the cert cell code to send auth certs
2011-10-10 23:14:16 -04:00
Nick Mathewson
e48e47fa03 Function to return peer cert as tor_tls_cert 2011-10-10 23:14:16 -04:00
Nick Mathewson
a6fc5059cd Add AUTH keys as specified in proposal 176
Our keys and x.509 certs are proliferating here.  Previously we had:
   An ID cert (using the main ID key), self-signed
   A link cert (using a shorter-term link key), signed by the ID key

Once proposal 176 and 179 are done, we will also have:
   Optionally, a presentation cert (using the link key),
       signed by whomever.
   An authentication cert (using a shorter-term ID key), signed by
       the ID key.

These new keys are managed as part of the tls context infrastructure,
since you want to rotate them under exactly the same circumstances,
and since they need X509 certificates.
2011-10-10 23:14:16 -04:00
Nick Mathewson
0a4f562772 Functions to get a public RSA key from a cert 2011-10-10 23:14:16 -04:00
Nick Mathewson
92602345e0 Function to detect certificate types that signal v3 certificates 2011-10-10 23:14:10 -04:00
Nick Mathewson
8c9fdecfe9 Function to get digests of the certs and their keys 2011-10-10 23:14:10 -04:00
Nick Mathewson
f4c1fa2a04 More functions to manipulate certs received in cells 2011-10-10 23:14:10 -04:00
Nick Mathewson
c39688de6c Function to extract the TLSSECRETS field for v3 handshakes 2011-10-10 23:14:10 -04:00
Nick Mathewson
df78daa5da Functions to send cert and auth_challenge cells. 2011-10-10 23:14:10 -04:00
Nick Mathewson
1b0645acba Cell types and states for new OR handshake
Also, define all commands > 128 as variable-length when using
v3 or later link protocol.  Running into a var cell with an
unrecognized type is no longer a bug.
2011-10-10 23:14:09 -04:00
Nick Mathewson
fdbb9cdf74 Add a sha256 hmac function, with tests 2011-10-10 23:14:09 -04:00
Nick Mathewson
c0bbcf138f Turn X509 certificates into a first-class type and add some functions 2011-10-10 23:14:02 -04:00
Nick Mathewson
dcf69a9e12 New function to get all digests of a public key 2011-10-10 23:14:02 -04:00
Nick Mathewson
bc2d9357f5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-10 22:50:52 -04:00
Nick Mathewson
b5edc838f2 Merge remote-tracking branch 'sebastian/osxcompile' 2011-10-10 22:03:20 -04:00
Sebastian Hahn
b4bd836f46 Consider hibernation before dropping privs
Without this patch, Tor wasn't sure whether it would be hibernating or
not, so it postponed opening listeners until after the privs had been
dropped. This doesn't work so well for low ports. Bug was introduced in
the fix for bug 2003. Fixes bug 4217, reported by Zax and katmagic.
Thanks!
2011-10-11 02:42:12 +02:00
Sebastian Hahn
cce85c819b Fix a compile warning on OS X 10.6 and up 2011-10-11 02:25:00 +02:00
Nick Mathewson
6a673ad313 Add a missing comma in tor_check_port_forwarding
My fault; fix for bug 4213.
2011-10-10 11:42:05 -04:00
Robert Ransom
9648f034c0 Update documentation comment for rend_client_reextend_intro_circuit
One of its callers assumes a non-zero result indicates a permanent failure
(i.e. the current attempt to connect to this HS either has failed or is
 doomed).  The other caller only requires that this function's result
never equal -2.

Bug reported by Sebastian Hahn.
2011-10-10 05:33:53 -07:00
Robert Ransom
274b25de12 Don't launch a useless circuit in rend_client_reextend_intro_circuit
Fixes bug 4212.  Bug reported by katmagic and found by Sebastian.
2011-10-10 03:05:19 -07:00
Nick Mathewson
ca597efb22 Merge remote-tracking branch 'karsten/feature3951' into maint-0.2.2 2011-10-07 16:46:50 -04:00
Nick Mathewson
1ec22eac4b Merge remote-tracking branch 'public/bug2003_nm' 2011-10-07 16:43:45 -04:00
Nick Mathewson
8b0ee60fe7 reinstate a notice for the non-loopback socksport case
Thanks to prop171, it's no longer a crazy thing to do, but you should
make sure that you really meant it!
2011-10-07 16:34:21 -04:00
Nick Mathewson
b49fcc6cf2 Merge remote-tracking branch 'rransom-tor/bug4018' 2011-10-07 16:32:04 -04:00
Nick Mathewson
ed39621a9d Merge remote-tracking branch 'asn2/bug3656'
Conflicts:
	src/common/util.c
	src/common/util.h
	src/or/config.h
	src/or/main.c
	src/test/test_util.c
2011-10-07 16:05:13 -04:00
Nick Mathewson
98e5c63eb2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-07 12:20:08 -04:00
warms0x
6d027a3823 Avoid running DNS self-tests if we're operating as a bridge 2011-10-07 12:18:26 -04:00
George Kadianakis
1174bb95ce Revive our beautiful unit tests.
They broke when the PT_PROTO_INFANT proxy state was added.
2011-10-07 15:44:58 +02:00
George Kadianakis
3be9d76fa2 Make it compile on Windows™. 2011-10-07 15:44:44 +02:00
George Kadianakis
105cc42e96 Support multiple transports in a single transport line.
Support multiple comma-separated transpotrs in a single
{Client,Server}TransportPlugin line.
2011-10-07 14:13:41 +02:00
Nick Mathewson
246afc1b1b Make internal error check for unrecognized digest algorithm more robust
Fixes Coverity CID 479.
2011-10-06 14:13:09 -04:00
Nick Mathewson
2412e0e402 Check return of init_keys() ip_address_changed: fix Coverity CID 484 2011-10-06 14:13:09 -04:00
Karsten Loesing
9dfb884522 Turn on directory request statistics by default.
Change the default values for collecting directory request statistics and
inlcuding them in extra-info descriptors to 1.

Don't break if we are configured to collect directory request or entry
statistics and don't have a GeoIP database. Instead, print out a notice
and skip initializing the affected statistics code.

This is the cherry-picked 499661524b.
2011-10-05 08:03:31 +02:00
Nick Mathewson
2725a88d5e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-03 15:19:00 -04:00
Nick Mathewson
05f672c8c2 Fix compilation of 3335 and 3825 fixes
In master, they ran into problems with the edge_conn/entry_conn split.
2011-10-03 15:13:38 -04:00
Nick Mathewson
4aa4bce474 Merge remote-tracking branch 'rransom-tor/bug3335-v2'
Conflicts:
	src/or/connection_edge.c
	src/or/rendclient.c
2011-10-03 15:06:07 -04:00
Fabian Keil
13f0d22df0 Rephrase the log messages emitted if the TestSocks check is positive
Previously Tor would always claim to have been given a hostname
by the client, while actually only verifying that the client
is using SOCKS4A or SOCKS5 with hostnames. Both protocol versions
allow IP addresses, too, in which case the log messages were wrong.

Fixes #4094.
2011-10-03 12:56:46 -04:00
Robert Ransom
c5226bfe1c Remove an HS's last_hid_serv_requests entries when a conn. attempt ends 2011-10-02 16:19:36 -07:00
Robert Ransom
bcfc383dc9 Record the HS's address in last_hid_serv_request keys 2011-10-02 16:19:35 -07:00
Robert Ransom
e07307214e Fix comment typo 2011-10-02 16:19:23 -07:00
Robert Ransom
fbea8c8ef1 Detect and remove unreachable intro points 2011-10-02 12:49:35 -07:00
Robert Ransom
34a6b8b7e5 Clear the timed_out flag when an HS connection attempt ends 2011-10-02 12:49:35 -07:00
Robert Ransom
eaed37d14c Record intro point timeouts in rend_intro_point_t 2011-10-02 12:49:34 -07:00
Robert Ransom
6803c1c371 Refetch an HS's desc if we don't have a usable one
Previously, we wouldn't refetch an HS's descriptor unless we didn't
have one at all.  That was equivalent to refetching iff we didn't have
a usable one, but the next commit will make us keep some non-usable HS
descriptors around in our cache.

Code bugfix on the release that introduced the v2 HS directory system,
because rend_client_refetch_v2_renddesc's documentation comment should
have described what it actually did, not what its behaviour happened
to be equivalent to; no behaviour change in this commit.
2011-10-02 12:42:19 -07:00
Sebastian Hahn
103c861dfe Looks like Windows version 6.2 will be Windows 8
Thanks to funkstar for the report
2011-10-01 14:50:44 +02:00
Roger Dingledine
1fac96f4c6 bump to 0.2.3.5-alpha 2011-09-28 18:25:16 -04:00
Roger Dingledine
f6db0f128c refill our token buckets 10 times/sec, not 100
refilling often is good, but refilling often has unclear side effects
on a) cpu load, and b) making sure every cell, ever, is sent out one at
a time
2011-09-28 15:38:36 -04:00
Roger Dingledine
36829539d6 Merge branch 'maint-0.2.2' 2011-09-28 15:38:02 -04:00
Roger Dingledine
ff8aba7053 bridges should use create_fast cells for their own circuits
fixes bug 4124, as noticed in bug 4115
2011-09-28 15:35:27 -04:00
Roger Dingledine
4e88a3bc3e Merge branch 'maint-0.2.2' 2011-09-28 15:13:05 -04:00
Roger Dingledine
0b5d2646d5 bug 4115: make bridges use begindir for their dir fetches
removes another avenue for enumerating bridges.
2011-09-28 14:50:43 -04:00
Nick Mathewson
6201b8b361 Make sure the microdesc cache is loaded before setting a v3 md consensus
Otherwise, we can wind up munging our reference counts if we set it in
the middle of loading the nodes.  This happens because
nodelist_set_consensus() and microdesc_reload_cache() are both in the
business of adjusting microdescriptors' references.
2011-09-28 14:19:39 -04:00
Nick Mathewson
4a10845075 Add some debugging code to microdesc.[ch] 2011-09-28 14:13:49 -04:00
Nick Mathewson
a4b7525c3c Fix a crash bug in tor_assert(md->held_by_node)
The fix is to turn held_by_node into a reference count.

Fixes bug 4118; bugfix on 0.2.3.1-alpha.
2011-09-28 13:40:21 -04:00
Roger Dingledine
e98c9a1bf6 if we have enough usable guards, just pick one
we don't need to check whether we don't have enough guards right after
concluding that we do have enough.

slight efficiency fix suggested by an anonymous fellow on irc.
2011-09-27 17:35:31 -04:00
Roger Dingledine
88516f65c9 Merge branch 'maint-0.2.2' 2011-09-24 22:47:53 -04:00
Roger Dingledine
1c2e4d1336 trivial whitespace changes, take two 2011-09-24 22:46:21 -04:00
Nick Mathewson
c42a1886cc Trivial whitespace fixes 2011-09-24 22:15:59 -04:00
Tom Lowenthal
5835acc6f9 Ticket #4063 - change circuit build timeout log entries from NOTICE to INFO 2011-09-24 22:12:40 -04:00
George Kadianakis
e2703e3654 Improve wording in some comments and log messages. 2011-09-23 17:50:56 +02:00
Nick Mathewson
fee094afcd Fix issues in 3630 patch noted by Karsten 2011-09-22 15:07:35 -04:00
Nick Mathewson
41dfc4c19c Make bufferevents work with TokenBucketRefillInterval 2011-09-22 15:07:34 -04:00
Nick Mathewson
052b95e2f1 Refactor connection_bucket_refill(_helper) to avoid roundoff
We were doing "divide bandwidth by 1000, then multiply by msec", but
that would lose accuracy: instead of getting your full bandwidth,
you'd lose up to 999 bytes per sec.  (Not a big deal, but every byte
helps.)

Instead, do the multiply first, then the division.  This can easily
overflow a 32-bit value, so make sure to do it as a 64-bit operation.
2011-09-22 15:07:34 -04:00
Nick Mathewson
0721abbf1b Move around check for TokenBucketRefillInterval; disallow changes to it 2011-09-22 15:07:34 -04:00
Florian Tschorsch
6b1d8321ae New torrc option to allow bucket refill intervals of less than 1 sec
Implements bug3630.
2011-09-22 15:07:23 -04:00
Nick Mathewson
40288e1e66 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-09-20 10:25:56 -04:00
Mansour Moufid
1ba90ab655 Fix a potentially useless integer overflow check.
GCC 4.2 and maybe other compilers optimize away unsigned integer
overflow checks of the form (foo + bar < foo), for all bar.

Fix one such check in `src/common/OpenBSD_malloc_Linux.c'.
2011-09-20 09:52:44 -04:00
Karsten Loesing
679f617345 Update to the September 2011 GeoIP database. 2011-09-15 16:33:36 -04:00
Nick Mathewson
2394c74017 Log errno on listener socket creation failure.
This may help diagnose bug 4027.
2011-09-15 09:51:48 -04:00
Robert Ransom
c1ac0695d5 Fix a bogus warning 2011-09-14 00:05:03 -07:00
Roger Dingledine
6a799c10ee bump to 0.2.3.4-alpha-dev 2011-09-13 22:04:47 -04:00
Roger Dingledine
0b0f7d792c bump to 0.2.3.4-alpha 2011-09-13 19:59:06 -04:00
Roger Dingledine
1fcaeb6092 Merge branch 'maint-0.2.2' 2011-09-13 18:32:00 -04:00
Roger Dingledine
4a351b4b9e Merge branch 'maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/main.c
	src/or/router.c
2011-09-13 18:27:13 -04:00
Roger Dingledine
62ec584a30 Generate our ssl session certs with a plausible lifetime
Nobody but Tor uses certs on the wire with 2 hour lifetimes,
and it makes us stand out. Resolves ticket 4014.
2011-09-13 18:24:45 -04:00
Roger Dingledine
1e1cc43b57 Merge branch 'maint-0.2.2' 2011-09-12 05:54:55 -04:00
Karsten Loesing
d679ef623f Update to the September 2011 GeoIP database. 2011-09-12 11:43:51 +02:00
George Kadianakis
2e73f9b3ee Put some sense into our logging.
Transform our logging severities to something more sensible.
Remove sneaky printf()s.
2011-09-12 00:10:07 +02:00
George Kadianakis
d0416ce3ec Don't warn of stray Bridges if managed proxies are still unconfigured.
With managed proxies you would always get the error message:

"You have a Bridge line using the X pluggable transport, but there
doesn't seem to be a corresponding ClientTransportPlugin line."

because the check happened directly after parse_client_transport_line()
when managed proxies were not fully configured and their transports
were not registered.

The fix is to move the validation to run_scheduled_events() and make
sure that all managed proxies are configured first.
2011-09-11 23:51:29 +02:00
George Kadianakis
e8715b3041 Constification. 2011-09-11 23:35:00 +02:00
George Kadianakis
de7565f87f Make check-spaces happy. 2011-09-11 23:34:36 +02:00
George Kadianakis
c6811c57cb Enforce transport names being C identifiers.
Introduce string_is_C_identifier() and use it to enforce transport
names according to the 180 spec.
2011-09-11 23:34:11 +02:00
George Kadianakis
3136107421 Trivial fixes around the code.
* C90-fy.
* Remove ASN comments.
* Don't smartlist_clear() before smartlist_free().
* Plug a mem. leak.
2011-09-11 23:33:31 +02:00
Nick Mathewson
386966142e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-09-11 16:25:14 -04:00
George Kadianakis
9a42ec6857 Be more defensive in get_transport_bindaddr().
Make sure that lines in get_transport_bindaddr() begin with the name
of the transport and a space.
2011-09-11 21:33:02 +02:00
George Kadianakis
ebc232bb79 Fix bug in get_transport_in_state_by_name() when using strcmpstart().
We now split the state lines into smartlists and compare the token
properly. Not that efficient but it's surely correct.
2011-09-11 21:22:37 +02:00
George Kadianakis
2703e41d8b Improve how we access or_state_t.
* Use get_or_state()->VirtualOption instead of relying on
  config_find_option(), STRUCT_VAR_P and voodoo.
2011-09-11 20:57:01 +02:00
George Kadianakis
0dcf327248 Remove connection_uses_transport() since it was unused. 2011-09-11 20:33:27 +02:00
George Kadianakis
9bf34eb65b Allow interwined {Client,Server}TransportPlugin lines. 2011-09-11 20:30:08 +02:00
George Kadianakis
a002f0e7c0 Update the transports.c documentation based on the new data. 2011-09-11 20:29:52 +02:00
George Kadianakis
1e92b24889 Update transports.[ch] to support SIGHUPs. 2011-09-11 20:29:12 +02:00
George Kadianakis
fa514fb207 Prepare circuitbuild.[ch] and config.[ch] for SIGHUPs.
* Create mark/sweep functions for transports.
* Create a transport_resolve_conflicts() function that tries to
  resolve conflicts when registering transports.
2011-09-11 20:28:47 +02:00
George Kadianakis
782810a8bf Introduce tor_terminate_process() function. 2011-09-11 20:26:01 +02:00
Roger Dingledine
cca806c56c fix whitespace (two-space indent) 2011-09-11 01:33:04 -04:00
Robert Ransom
8ea6d29fe4 Demote 'INTRODUCE2 cell is too {old,new}' message to info level 2011-09-10 21:56:05 -04:00
Robert Ransom
b10735903b Demote HS 'replay detected' log message for DH public keys to info level 2011-09-10 21:56:05 -04:00
Robert Ransom
07a5cf285a Describe rend_service_descriptor_t more completely 2011-09-10 19:09:01 -04:00
Robert Ransom
aa900b17ca Describe rend_intro_point_t more completely 2011-09-10 19:05:53 -04:00
Fabian Keil
c6f6b567e0 Stop parse_client_port_config() from misinterpreting FooListenAddress and FooPort in legacy syntax
Previously the FooPort was ignored and the default used instead,
causing Tor to bind to the wrong port if FooPort and the default
port don't match or the CONN_TYPE_FOO_LISTENER has no default port.

Fixes #3936.
2011-09-10 17:48:37 -04:00
Fabian Keil
087e0569c3 Fix whitespace in parse_client_port_config() 2011-09-10 17:48:36 -04:00
Nick Mathewson
35f9be7d04 Merge remote-tracking branch 'rransom-tor/typo-fix-ohkah8Ah' 2011-09-10 17:45:27 -04:00
Robert Ransom
c621e52883 Fix log message typo. 2011-09-10 16:15:52 -04:00
George Kadianakis
c852760b80 Replaced some leftover assert()s with tor_assert()s. 2011-09-10 00:45:28 +02:00
Nick Mathewson
a41f1fc612 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	configure.in
	src/or/circuitbuild.c
2011-09-09 12:58:12 -04:00
Nick Mathewson
b0695c11eb Merge remote-tracking branch 'public/gcc-295-fix' into maint-0.2.2 2011-09-09 12:54:27 -04:00
Nick Mathewson
4467799f45 Merge remote-tracking branch 'public/enhance_replay_detection' into maint-0.2.2 2011-09-09 12:53:45 -04:00
Nick Mathewson
cb9226bcdb Check for replays in PK-encrypted part of intro cell, not just in the g^x value 2011-09-09 12:49:47 -04:00
Nick Mathewson
45eadf3955 All NT service configuration commands should make the process exit.
Fixes bug 3963; fix on 0.2.0.7-alpha.
2011-09-08 21:54:12 -04:00
Nick Mathewson
d3ff167e09 Fix whitespace issues in patches merged today so far 2011-09-07 20:26:58 -04:00
Nick Mathewson
9bdde89027 Make the unit tests pass again after the bug2003 fix 2011-09-07 17:48:21 -04:00
Jérémy Bobbio
58a0afe30f chown() sockets when User option is set
Fixes bug 3421
2011-09-07 15:49:01 -04:00
Nick Mathewson
5c53a0f867 fix a const warning 2011-09-07 15:06:01 -04:00
Nick Mathewson
3e3480d704 Report reason for generating descriptor in an HTTP header
Suggested by arma; based on 3327.
2011-09-07 15:03:28 -04:00
Nick Mathewson
ed463404e9 Clean up HTTP request header generation a little
Use a list of headers rather than trying to printf every header that
might exist.
2011-09-07 15:02:02 -04:00
Nick Mathewson
1f4b6944c0 Upload descriptors more often when recent desc is unlisted
Right now we only force a new descriptor upload every 18 hours.
This can make servers become unlisted if they upload a descriptor at
time T which the authorities reject as being "too similar" to one
they uploaded before. Nothing will actually make the server upload a
new descriptor later on, until another 18 hours have passed.

This patch changes the upload behavior so that the 18 hour interval
applies only when we're listed in a live consensus with a descriptor
published within the last 18 hours.  Otherwise--if we're not listed
in the live consensus, or if we're listed with a publication time
over 18 hours in the past--we upload a new descriptor every 90
minutes.

This is an attempted bugfix for #3327.  If we merge it, it should
obsolete #535.
2011-09-07 15:01:52 -04:00
Nick Mathewson
41eef6680e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
	src/or/networkstatus.c

Conflicts were related to routerinfo->node shift.
2011-09-07 14:51:55 -04:00
Nick Mathewson
dfa6cde4d4 Merge remote-tracking branch 'public/bug2649_squashed' into maint-0.2.2 2011-09-07 14:43:06 -04:00
Nick Mathewson
d27874a4f2 Remove a now-needless test. 2011-09-07 14:18:32 -04:00
Nick Mathewson
0cb01f5c97 Merge remote-tracking branch 'public/split_entry_conn'
Conflicts:
	src/or/connection.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/dnsserv.c

Some of these were a little tricky, since they touched code that
changed because of the prop171 fixes.
2011-09-07 14:13:57 -04:00
Robert Ransom
8aad677bb7 Die if tor_vasprintf fails in connection_printf_to_buf
tor_asprintf already asserts if it fails.
2011-09-07 12:14:58 -04:00
Nick Mathewson
947012e153 Merge remote-tracking branch 'public/bug3851' 2011-09-07 11:22:24 -04:00
Nick Mathewson
9ef2cd7776 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c

Conflicted on a router->node transition; fix was easy.
2011-09-06 20:55:31 -04:00
Nick Mathewson
2bf0e7479b Fix assertion in addressmap_clear_excluded_trackexithosts
Fixes bug 3923; bugfix on 0.2.2.25-alpha; bugfix from 'laruldan' on trac.
2011-09-06 20:26:20 -04:00