Commit Graph

17845 Commits

Author SHA1 Message Date
Nick Mathewson
d9827e4729 Merge branch 'maint-0.2.9' 2017-02-13 14:41:43 -05:00
Nick Mathewson
a86f95df5c Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-13 14:38:03 -05:00
Nick Mathewson
9b90d515a9 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-13 14:37:55 -05:00
Nick Mathewson
75fe218b16 Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-13 14:37:49 -05:00
Nick Mathewson
43c18b1b7a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-13 14:37:42 -05:00
Nick Mathewson
124062e843 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-13 14:37:01 -05:00
Karsten Loesing
f6016058b4 Update geoip and geoip6 to the February 8 2017 database. 2017-02-12 15:56:31 +01:00
Nick Mathewson
2670844b2b whoops, removed a semicolon :( 2017-02-09 10:59:48 -05:00
Nick Mathewson
f594bdb3ad One more prop271 XXX. 2017-02-09 10:52:47 -05:00
Nick Mathewson
14c2a1f403 Update some more XXXXprop271 comments to refer to actual tickets or to be up-to-date 2017-02-09 10:48:28 -05:00
Nick Mathewson
3919f4f529 Remove an XXXprop271 comment: turns out we didn't need a tristate 2017-02-09 10:30:20 -05:00
Nick Mathewson
d15273e9f5 Change "prop271" in XXXXs about guard Ed identity to refer to #20872. 2017-02-09 10:29:02 -05:00
Nick Mathewson
fe76741021 Remove a suggestion in an XXX271 comment; it is now 21424. 2017-02-09 10:25:32 -05:00
Nick Mathewson
41f880c396 Remove an XXXprop271 comment that has been replaced by #21423 2017-02-09 10:13:54 -05:00
Nick Mathewson
875e5ee3f7 Revise an XXXprop271 comment -- it has been superseded by #21422 2017-02-09 10:11:44 -05:00
Nick Mathewson
58208457a6 Remove an XXXprop271 comment -- it has been replaced by #21421 2017-02-09 10:07:56 -05:00
Nick Mathewson
f263cf954a Remove a redundant XXX271 comment 2017-02-09 09:57:39 -05:00
David Goulet
e129393e40 test: Add missing socket errno in test_util.c
According to 21116, it seems to be needed for Wheezy Raspbian build. Also,
manpage of socket(2) does confirm that this errno value should be catched as
well in case of no support from the OS of IPv4 or/and IPv6.

Fixes #21116

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-08 09:00:48 -05:00
Nick Mathewson
4bce2072ac Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 10:39:03 -05:00
Nick Mathewson
8a1f0876ed Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-02-07 10:38:05 -05:00
Nick Mathewson
f2a30413a3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 10:37:53 -05:00
Nick Mathewson
2ce4330249 Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5 2017-02-07 10:37:43 -05:00
Nick Mathewson
c056d19323 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 10:37:31 -05:00
Nick Mathewson
3f5a710958 Revert "Revert "Add hidserv-stats filname to our sandbox filter""
This reverts commit 5446cb8d3d.

The underlying revert was done in 0.2.6, since we aren't backporting
seccomp2 loosening fixes to 0.2.6.  But the fix (for 17354) already
went out in 0.2.7.4-rc, so we shouldn't revert it in 0.2.7.
2017-02-07 10:13:20 -05:00
Nick Mathewson
5b60bd84f2 Bump the version to 0.2.7.6-dev again 2017-02-07 09:59:54 -05:00
Nick Mathewson
e91bb84a91 Merge branch 'maint-0.2.6' into maint-0.2.7-redux
maint-0.2.7-redux is an attempt to try to re-create a plausible
maint-0.2.7 branch.  I've started from the tor-0.2.7.6, and then I
merged maint-0.2.6 into the branch.

This has produced 2 conflicts: one related to the
rendcommon->rendcache move, and one to the authority refactoring.
2017-02-07 09:59:12 -05:00
Nick Mathewson
85a2487f97 Disable a log_backtrace (which 0.2.4 does not have) in 16248 fix 2017-02-07 09:49:23 -05:00
Nick Mathewson
cfeb1db2fb Add comments to connection_check_event(). 2017-02-07 09:48:24 -05:00
Nick Mathewson
457d38a6e9 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2017-02-07 09:48:19 -05:00
Nick Mathewson
650c03127a If we start/stop reading on a dnsserv connection, don't assert.
Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.
2017-02-07 09:48:13 -05:00
Nick Mathewson
5446cb8d3d Revert "Add hidserv-stats filname to our sandbox filter"
Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.

This reverts commit 2ec5e24c58.
2017-02-07 09:28:50 -05:00
junglefowl
c4920a60c6 Do not truncate too long hostnames
If a hostname is supplied to tor-resolve which is too long, it will be
silently truncated, resulting in a different hostname lookup:

$ tor-resolve $(python -c 'print("google.com" + "m" * 256)')

If tor-resolve uses SOCKS5, the length is stored in an unsigned char,
which overflows in this case and leads to the hostname "google.com".
As this one is a valid hostname, it returns an address instead of giving
an error due to the invalid supplied hostname.
2017-02-07 09:27:00 -05:00
Nick Mathewson
9379984128 Merge branch 'teor_bug21357-v2_029' into maint-0.2.9 2017-02-07 09:24:08 -05:00
Nick Mathewson
dff390dcc7 Merge branch 'bug21108_029' into maint-0.2.9 2017-02-07 09:22:31 -05:00
Nick Mathewson
c6f2ae514e Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 09:18:54 -05:00
Nick Mathewson
b9ef21cf56 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 09:17:59 -05:00
Nick Mathewson
e4a42242ea Backport the tonga->bifroest move to 0.2.4.
This is a backport of 19728 and 19690
2017-02-07 09:15:21 -05:00
Nick Mathewson
115cefdeee Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 08:55:07 -05:00
Nick Mathewson
e6965f78b8 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:54:54 -05:00
Nick Mathewson
6b37512dc7 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:54:47 -05:00
Nick Mathewson
d6eae78e29 Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4 2017-02-07 08:47:11 -05:00
Nick Mathewson
8936c50d83 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:39:07 -05:00
Nick Mathewson
05ec055c41 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:38:59 -05:00
Nick Mathewson
51675f97d3 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 2017-02-07 08:37:07 -05:00
Nick Mathewson
332543baed Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:34:08 -05:00
Nick Mathewson
6cb8c0fd4e Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
2017-02-07 08:33:51 -05:00
teor (Tim Wilson-Brown)
fb7d1f41b4 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2017-02-07 08:33:39 -05:00
John Brooks
053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
54ec335434 Bump to 0.3.0.3-alpha-dev 2017-02-03 13:58:50 -05:00
Nick Mathewson
39606aece5 Fix "make distcheck".
I had forgotten to include the fuzz_static_testcases.sh script in
EXTRA_DIST.
2017-02-03 12:04:08 -05:00
Nick Mathewson
80a5beae62 Bump version to 0.3.0.3-alpha 2017-02-03 11:33:11 -05:00
Nick Mathewson
19e25d5cab Prevention: never die from extend_info_from_node() failure.
Bug 21242 occurred because we asserted that extend_info_from_node()
had succeeded...even though we already had the code to handle such a
failure.  We fixed that in 93b39c5162.

But there were four other cases in our code where we called
extend_info_from_node() and either tor_assert()ed that it returned
non-NULL, or [in one case] silently assumed that it returned
non-NULL. That's not such a great idea.  This patch makes those
cases check for a bug of this kind instead.

Fixes bug 21372; bugfix on 0.2.3.1-alpha when
extend_info_from_node() was introduced.
2017-02-03 10:35:07 -05:00
Nick Mathewson
9d5a9feb40 Merge branch 'dgoulet/bug21302_030_01_squashed' 2017-02-03 09:54:24 -05:00
David Goulet
eea763400f hs: Remove intro point expiring node if no circuit
Once a second, we go over all services and consider the validity of the intro
points. Now, also try to remove expiring nodes that have no more circuit
associated to them. This is possible if we moved an intro point object
previously to that list and the circuit actually timed out or was closed by
the introduction point itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:07 -05:00
David Goulet
8573d99470 hs: Fix an underflow in rend_service_intro_has_opened()
In rend_service_intro_has_opened(), this is subject to a possible underflow
because of how the if() casts the results. In the case where the expiring
nodes list length is bigger than the number of IP circuits, we end up in the
following situation where the result will be cast to an unsigned int. For
instance, "5 - 6" is actually a BIG number.

Ultimately leading to closing IP circuits in a non stop loop.

Partially fixes #21302.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:06 -05:00
cypherpunks
27df23abb6 Use the standard OpenBSD preprocessor definition 2017-02-03 09:37:39 -05:00
Nick Mathewson
0f79fb51e5 dirauth: Fix for calling routers unreachable for wrong ed25519
Previously the dirserv_orconn_tls_done() function would skip routers
when they advertised an ed25519 key but didn't present it during the
link handshake.  But that covers all versions between 0.2.7.2-alpha
and 0.2.9.x inclusive!

Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02 10:37:25 -05:00
Nick Mathewson
d732409402 In dirserv_single_reachability_test, node can be const. 2017-02-02 09:36:36 -05:00
Nick Mathewson
96dce88d80 Merge remote-tracking branch 'dgoulet/bug21294_030_02' 2017-02-02 09:07:20 -05:00
David Goulet
5f6d53cefa test: Fix test after log message changed in #21294
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 09:03:14 -05:00
Nick Mathewson
6777cd0a84 Merge remote-tracking branch 'public/bug21356_029' 2017-02-02 09:03:13 -05:00
Nick Mathewson
b11f00c153 Merge branch 'bug21294_030_01_squashed' 2017-02-02 08:48:20 -05:00
David Goulet
83df359214 config: Stop recommending Tor2web if in non anonymous mode
Because we don't allow client functionalities in non anonymous mode,
recommending Tor2web is a bad idea.

If a user wants to use Tor2web as a client (losing all anonymity), it should
run a second tor, not use it with a single onion service tor.

Fixes #21294.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 08:47:59 -05:00
Nick Mathewson
fc3e742b5b Merge remote-tracking branch 'ahf/ahf/bugs/21266' 2017-02-02 08:40:05 -05:00
Nick Mathewson
2d2ab29ce8 Merge remote-tracking branch 'asn/bug21052' 2017-02-01 15:53:16 -05:00
Alexander Færøy
7eb7af08d9 Add checks for expected log messages in test_hs_intropoint.
This patch adds checks for expected log messages for failure cases of
different ill-formed ESTABLISH_INTRO cell's.

See: https://bugs.torproject.org/21266
2017-02-01 19:01:07 +00:00
David Goulet
cc0342a2ae hs: Fix possible integer underflow with IP nodes
In rend_consider_services_intro_points(), we had a possible interger underflow
which could lead to creating a very large number of intro points. We had a
safe guard against that *except* if the expiring_nodes list was not empty
which is realistic thing.

This commit removes the check on the expiring nodes length being zero. It's
not because we have an empty list of expiring nodes that we don't want to open
new IPs. Prior to this check, we remove invalid IP nodes from the main list of
a service so it should be the only thing to look at when deciding if we need
to create new IP(s) or not.

Partially fixes #21302.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 11:07:09 -05:00
Nick Mathewson
77788fa537 Fix a memory-leak in fuzz_vrs.c 2017-02-01 10:57:01 -05:00
Nick Mathewson
24551d64ad Merge branch 'maint-0.2.9' 2017-02-01 10:39:59 -05:00
rubiate
e9ec818c28 Support LibreSSL with opaque structures
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
2017-02-01 10:30:49 -05:00
Nick Mathewson
f1530d0e5a Merge branch 'teor_bug21357-v2_029' 2017-02-01 09:39:25 -05:00
teor
408c53b7a7 Scale IPv6 address counts in policy_summary_reject to avoid overflow
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.

Adjust existing unit tests, and add more to cover exceptional cases.

No IPv4 behaviour changes.

Fixes bug 21357
2017-02-01 09:39:06 -05:00
teor
4667a40ca9 Fix IPv6 support in policy_summary_reject and policy_summary_accept
This interim fix results in too many IPv6 rejections.

No behaviour change for IPv4 counts, except for overflow fixes that
would require 4 billion redundant 0.0.0.0/0 policy entries to trigger.

Part of 21357
2017-02-01 09:39:06 -05:00
teor
82850d0da6 Refactor policy_summary_reject to prepare for IPv6 changes
No behaviour change, apart from non-fatal assertions

Part of 21357
2017-02-01 09:39:06 -05:00
teor
7e7b3d3df3 Add unit tests for IPv6 address summaries and IPv4 netblock rejection
These tests currently fail due to bug 21357
2017-02-01 09:39:06 -05:00
teor
e95b8f7df9 Fix write_short_policy usage comment 2017-02-01 09:39:05 -05:00
Nick Mathewson
c3b6354412 fix a wide line 2017-02-01 09:35:29 -05:00
Nick Mathewson
222f2fe469 Merge branch 'bug21150_030_01_squashed' 2017-02-01 09:30:02 -05:00
David Goulet
51b562c605 Use an internal variable for HiddenServiceStatistics
Stop modifying the value of our torrc option HiddenServiceStatistics just
because we're not a bridge or relay. This bug was causing Tor Browser users to
write "HiddenServiceStatistics 0" in their torrc files as if they had chosen
to change the config.

Fixes #21150

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 09:29:53 -05:00
Nick Mathewson
78011bb7ba Merge branch 'bug21242' 2017-02-01 09:09:58 -05:00
Nick Mathewson
2e93bffa1d Merge remote-tracking branch 'public/bug21129' 2017-02-01 09:01:44 -05:00
Nick Mathewson
f8885b76ef Merge remote-tracking branch 'public/bug21128' 2017-02-01 09:01:28 -05:00
Nick Mathewson
a5aec6ac37 Merge branch 'bug21108_029' 2017-01-31 18:51:26 -05:00
Roger Dingledine
6ff7850f26 be explicit in clear_status_flags_on_sybil that we leave BadExit alone 2017-01-31 18:50:16 -05:00
Nick Mathewson
35d8270942 When marking guard state instances on a channel, don't mark NULL
It's okay for guard_state to be null: we might have a fallback
circuit, or we might not be using guards.

Fixes bug 211228; bugfix on 0.3.0.1-alpha
2017-01-31 14:44:14 -05:00
Nick Mathewson
0f0d4356b2 Don't try to use confirmed_idx in remove_guard_from_...lists()
Since we can call this function more than once before we update all
the confirmed_idx fields, we can't rely on all the relays having an
accurate confirmed_idx.

Fixes bug 21129; bugfix on 0.3.0.1-alpha
2017-01-31 14:34:32 -05:00
Nick Mathewson
a47c133c86 Do not clear is_bad_exit on sybil.
But do clear is_v2_dir.

Fixes bug 21108 -- bugfix on d95e7c7d67 in
0.2.0.13-alpha.
2017-01-31 14:12:14 -05:00
Nick Mathewson
d183ec231b Call monotime_init() earlier.
We need to call it before nt_service_parse_options(), since
nt_service_parse_options() can call back into nt_service_main(),
which calls do_main_loop().

Fixes bug 21356; bugfix on 0.2.9.1-alpha.
2017-01-31 13:02:49 -05:00
Nick Mathewson
746d959100 Don't build circuits till primary guards have descriptors
In addition to not wanting to build circuits until we can see most
of the paths in the network, and in addition to not wanting to build
circuits until we have a consensus ... we shouldn't build circuits
till all of our (in-use) primary guards have descriptors that we can
use for them.

This is another bug 21242 fix.
2017-01-31 12:31:43 -05:00
Nick Mathewson
02da24f8e5 Don't (usually) return any guards that are missing descriptors.
Actually, it's _fine_ to use a descriptorless guard for fetching
directory info -- we just shouldn't use it when building circuits.
Fortunately, we already have a "usage" flag that we can use here.

Partial fix for bug 21242.
2017-01-31 12:30:33 -05:00
Nick Mathewson
26957a127a entry_guard_pick_for_circuit(): TRAFFIC guards must have descriptors
This relates to the 21242 fix -- entry_guard_pick_for_circuit()
should never yield nodes without descriptors when the node is going
to be used for traffic, since we won't be able to extend through
them.
2017-01-31 11:47:09 -05:00
Nick Mathewson
93b39c5162 Downgrade assertion to nonfatal for #21242
This assertion triggered in the (error) case where we got a result
from guards_choose_guard() without a descriptor.  That's not
supposed to be possible, but it's not worth crashing over.
2017-01-31 11:35:57 -05:00
Nick Mathewson
09a00a2f82 Merge remote-tracking branch 'public/bug21300' 2017-01-31 11:09:04 -05:00
Nick Mathewson
cccd3f1dae entrynodes: Remove "split these functions" XXXXs
They now have a ticket: #21349.
2017-01-30 10:49:40 -05:00
Nick Mathewson
ed4a3dfef2 Remove XXXXprop271 comments from test_entrynodes.c
These commments were complaints about how I didn't like some aspects
of prop271.  They have been superseded by ticket 20832.
2017-01-30 10:43:53 -05:00
Nick Mathewson
7d0df8bad8 Remove a couple of stale comments from entrynodes.h 2017-01-30 10:38:24 -05:00
Nick Mathewson
fe04bdcdbb GUARD_WAIT is now specified too 2017-01-30 10:33:17 -05:00
Nick Mathewson
ead934e61e Remove prop271 "spec deviation" comments -- the spec has been updated
In some cases, replace those comments with better ones.
2017-01-30 10:30:09 -05:00
Nick Mathewson
4d83999213 Make "GETCONF SocksPort" work again
I broke "GETCONF *Port" in 20956, when I made SocksPort a
subordinate option of the virtual option SocksPortLines, so that I
could make SocksPort and __SocksPort provide qthe same
functionality.  The problem was that you can't pass a subordinate
option to GETCONF.

So, this patch fixes that by letting you fetch subordinate options.

It won't always be meaningful to consider these options
out-of-context, but that can be the controller-user's
responsibility to check.

Closes ticket 21300.
2017-01-30 10:09:47 -05:00
Nick Mathewson
088cc3604b Don't use %zu in fuzz-http: windows doesn't like it. 2017-01-30 09:09:42 -05:00
Nick Mathewson
558c04f5b1 Merge branch 'combined-fuzzing-v4' 2017-01-30 08:40:46 -05:00
Nick Mathewson
d71fc47438 Update documentation and testing integration for fuzzing 2017-01-30 08:37:27 -05:00
Nick Mathewson
2202ad7ab0 Fix a pair of compilation errors. 2017-01-30 08:37:27 -05:00
Nick Mathewson
1d8e9e8c69 Fix memory leak on zero-length input on fuzz_http.c 2017-01-30 08:37:27 -05:00
Nick Mathewson
143235873b Memory leak on bogus ed key in microdesc 2017-01-30 08:37:26 -05:00
Nick Mathewson
34fd636870 memory leak in fuzz_vrs 2017-01-30 08:37:26 -05:00
Nick Mathewson
a092bcdd4f Fix a memory leak found while fuzzing 2017-01-30 08:37:26 -05:00
Nick Mathewson
09d01466b2 actually build .as for fuzzing 2017-01-30 08:37:26 -05:00
Nick Mathewson
1c7862bfb4 missing backslash 2017-01-30 08:37:26 -05:00
Nick Mathewson
f547352637 differently build oss fuzzers 2017-01-30 08:37:26 -05:00
Nick Mathewson
cf71f8ad32 More oss-fuzz fixes 2017-01-30 08:37:25 -05:00
Nick Mathewson
92679d90d5 Try to refactor OSS fuzzers into static libraries. 2017-01-30 08:37:25 -05:00
Nick Mathewson
1b244a64e4 libfuzzer tweaks per recommendations 2017-01-30 08:37:25 -05:00
Nick Mathewson
024fa9d4d7 routerstatus fuzzing 2017-01-30 08:37:25 -05:00
Nick Mathewson
eb414a08a9 Add libfuzzer support. 2017-01-30 08:37:25 -05:00
Nick Mathewson
b1567cf500 Three more fuzzers: consensus, hsdesc, intro points 2017-01-30 08:37:24 -05:00
Nick Mathewson
83e9918107 Tools for working with directories of fuzzed stuff. 2017-01-30 08:37:24 -05:00
Nick Mathewson
301eff0e90 fuzzing: Add copyright notices and whitespace fixes 2017-01-30 08:37:24 -05:00
Nick Mathewson
4afb155db2 Add microdesc format fuzzer. 2017-01-30 08:37:24 -05:00
Nick Mathewson
3c74855934 Addition to test cases: make sure fuzzer binaries allow known cases
This isn't fuzzing per se, so much as replaying the highlights of
past fuzzer runs.
2017-01-30 08:37:24 -05:00
Nick Mathewson
81e44c2257 Add extrainfo fuzzer 2017-01-30 08:37:24 -05:00
Nick Mathewson
44fa14c0e2 Try to tweak fuzzing.md to correspond to my changes 2017-01-30 08:37:24 -05:00
teor
0fb1156e9f Add a script for running multiple fuzzing sessions on multiple cores 2017-01-30 08:37:23 -05:00
teor
416e2f6b28 Guide fuzzing by adding standard tor GET and POST testcases 2017-01-30 08:37:23 -05:00
Nick Mathewson
56b61d1831 Add more tweaks from teor's http fuzzing code.
Move option-manipulation code to fuzzing_common.
2017-01-30 08:37:23 -05:00
teor
584d723e04 Restrict fuzzing to the directory headers 2017-01-30 08:37:23 -05:00
Nick Mathewson
949e9827d6 Add a descriptor fuzzing dictionary. 2017-01-30 08:37:23 -05:00
Nick Mathewson
ca657074b9 Fuzzing: initialize siphash key, don't init_logging twice. 2017-01-30 08:37:23 -05:00
Nick Mathewson
0666928c5c Replace signature-checking and digest-checking while fuzzing 2017-01-30 08:37:22 -05:00
Nick Mathewson
e2aeaeb76c Make a bunch of signature/digest-checking functions mockable 2017-01-30 08:37:22 -05:00
Nick Mathewson
67eb6470d7 Merge branches 'server_ciphers' and 'ciphers.inc' 2017-01-27 16:45:18 -05:00
Daniel Kahn Gillmor
e1337b4252 client: set IPv6Traffic to on by default
See:
  https://trac.torproject.org/projects/tor/ticket/21269
  https://bugs.debian.org/851798

Closes #21269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-27 09:12:32 -05:00
Nick Mathewson
795582169a Bulletproof conn_get_outbound_address() a little. 2017-01-27 08:12:14 -05:00
Nick Mathewson
782c52658c Remove an impossible comparison. 2017-01-27 08:08:08 -05:00
Nick Mathewson
81c78ec755 Outbindbindaddress variants for Exit and OR.
Allow separation of exit and relay traffic to different source IP
addresses (Ticket #17975). Written by Michael Sonntag.
2017-01-27 08:05:29 -05:00
Nick Mathewson
ad382049ed Fix a signed/unsigned comparison warning 2017-01-25 13:23:08 -05:00
junglefowl
373d9aff7a Fail if file is too large to mmap.
If tor_mmap_file is called with a file which is larger than SIZE_MAX,
only a small part of the file will be memory-mapped due to integer
truncation.

This can only realistically happen on 32 bit architectures with large
file support.
2017-01-25 13:21:44 -05:00
junglefowl
d5a95e1ea1 Do not truncate too long hostnames
If a hostname is supplied to tor-resolve which is too long, it will be
silently truncated, resulting in a different hostname lookup:

$ tor-resolve $(python -c 'print("google.com" + "m" * 256)')

If tor-resolve uses SOCKS5, the length is stored in an unsigned char,
which overflows in this case and leads to the hostname "google.com".
As this one is a valid hostname, it returns an address instead of giving
an error due to the invalid supplied hostname.
2017-01-25 13:13:25 -05:00
Nick Mathewson
363be43df3 Re-run gen_server_ciphers 2017-01-24 15:30:35 -05:00
Nick Mathewson
4f1dc34e36 Regenerate ciphers.inc 2017-01-24 15:05:35 -05:00
Nick Mathewson
12efa1f1cc Add a unit test for dropguards 2017-01-24 09:18:56 -05:00
Nick Mathewson
818b44cc7c Repair the (deprecated, ugly) DROPGUARDS controller function.
This actually is much easier to write now that guard_selection_t is
first-class.
2017-01-24 09:18:56 -05:00
Nick Mathewson
fae4d3d925 Merge remote-tracking branch 'asn/remove_legacy_guards' 2017-01-24 09:01:25 -05:00
George Kadianakis
b047d97b28 Remove some more remnants of legacy guard selection. 2017-01-24 13:35:57 +02:00
Nick Mathewson
d95d988946 Merge branch 'feature_20956_029' 2017-01-23 16:07:15 -05:00
Nick Mathewson
83307fc267 Add __SocksPort etc variants for non-persistent use
Implements feature 20956.
2017-01-23 16:06:51 -05:00
Nick Mathewson
c4cc11a9df Bump to 0.3.0.2-alpha-dev 2017-01-23 14:38:10 -05:00
Nick Mathewson
0d4d9b6d88 Bump version to 0.2.9.9-dev 2017-01-23 14:34:08 -05:00
Nick Mathewson
beaeee25ae version bump (0.3.0.2-alpha) 2017-01-23 08:20:46 -05:00
Nick Mathewson
698df98837 version bump 2017-01-23 08:19:48 -05:00
David Goulet
96c7ddbc7e circuit: Change close reasons from uint16_t to int
When marking for close a circuit, the reason value, a integer, was assigned to
a uint16_t converting any negative reasons (internal) to the wrong value. On
the HS side, this was causing the client to flag introduction points to be
unreachable as the internal reason was wrongfully converted to a positive
16bit value leading to flag 2 out of 3 intro points to be unreachable.

Fixes #20307 and partially fixes #21056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-22 19:02:01 -05:00
Nick Mathewson
e52f49aa80 Merge remote-tracking branch 'public/ticket18319' 2017-01-21 14:44:00 -05:00
Nick Mathewson
9023d7361d Fix return type in test_hs_intropoint.c
In trunnel, {struct}_encoded_len() can return negative values.

Coverity caught this as 1398957.
2017-01-19 08:26:55 -05:00
teor
d35ca518b4 Remove extra newline from proxy_prepare_for_restart definition 2017-01-19 08:12:26 -05:00
Nick Mathewson
85a17ee2e7 whitespace fixes 2017-01-18 17:14:42 -05:00
Nick Mathewson
88e4ffab9e Merge remote-tracking branch 'dgoulet/ticket20029_030_06-resquash' 2017-01-18 17:13:36 -05:00
George Kadianakis
d6c14915cd Improve a few comments.
- Also remove LCOV marks from blocks of code that can be reachable by tests
  if we mock relay_send_command_from_edge().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:59:16 -05:00
David Goulet
50cfc98340 prop224: Add unit tests for INTRODUCE1 support
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:54 -05:00
David Goulet
5208085be1 hs: Rename rend_mid_introduce() with legacy semantic
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:34 -05:00
David Goulet
db77a38da2 hs: Remove useless code in rend_mid_introduce()
With the previous commit, we validate the circuit _before_ calling
rend_mid_introduce() which handles the INTRODUCE1 payload.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:34 -05:00
David Goulet
9d7505a62a prop224: Rename hs_intro_circuit_is_suitable()
Adds a better semantic and it also follows the same interface for the
INTRODUCE1 API which is circuit_is_suitable_for_introduce1().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:34 -05:00
David Goulet
e1497744c8 prop224: Add INTRODUCE1 cell relay support
Closes #20029

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:33 -05:00
Nick Mathewson
d5d7c3e638 Remove argument from guards_choose_dirguard 2017-01-18 15:58:19 -05:00
Nick Mathewson
3efe8bb8ac Remove some now-spurious blocks and indentation. 2017-01-18 15:45:02 -05:00
Nick Mathewson
5b97d7e110 Remove PDS_FOR_GUARD 2017-01-18 15:42:28 -05:00
Nick Mathewson
6d03e36fd0 Remove GS_TYPE_LEGACY 2017-01-18 15:37:01 -05:00
Nick Mathewson
a31a5581ee Remove UseDeprecatedGuardAlgorithm. 2017-01-18 15:33:26 -05:00
Nick Mathewson
472b277207 Remove the (no longer compiled) code for legacy guard selection.
Part of 20830.
2017-01-18 15:27:10 -05:00
Nick Mathewson
e167a0e17d Merge remote-tracking branch 'dgoulet/bug21062_030_01' 2017-01-18 15:11:36 -05:00
Nick Mathewson
31dd7dec9a Merge branch 'bug20684_030_01' 2017-01-18 15:08:42 -05:00
Nick Mathewson
e0e729d4b5 put units in constant names for DIRCACHE_MEN_MEM* 2017-01-18 15:08:10 -05:00
Nick Mathewson
9d47f4d298 Fix a memory leak in bench.c 2017-01-18 14:29:52 -05:00
Neel Chauhan
426ceb41ef Rename DIRCACHE_MIN_BANDWIDTH and DIRCACHE_MIN_MB_BANDWIDTH
Renamed to DIRCACHE_MIN_MEM and DIRCACHE_MIN_MB_MEM.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 13:15:54 -05:00
David Goulet
0069d14753 circuit: Make circuit_build_times_disabled take an or_options_t
That way, when we are parsing the options and LearnCircuitBuildTimeout is set
to 0, we don't assert trying to get the options list with get_options().

Fixes #21062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 12:53:01 -05:00
Nick Mathewson
fa00f2dce5 Merge branch 'ahf_bugs_17847_2_squashed' 2017-01-18 11:04:58 -05:00
Alexander Færøy
46ef32ba22 Refactor duplicated extrainfo checks into a common macro.
This patch refactors duplicated code, to check if a given router
supports fetching the extra-info document, into a common macro called
SKIP_MISSING_TRUSTED_EXTRAINFO.
2017-01-18 11:04:49 -05:00
Alexander Færøy
0ff9ea2afd Generalize router_is_already_dir_fetching_{rs,ds}.
This patch generalizes the two functions
router_is_already_dir_fetching_rs and router_is_already_dir_fetching_ds
into a single function, router_is_already_dir_fetching_, by lifting the
passing of the IPv4 & IPv6 addresses and the directory port number to
the caller.
2017-01-18 11:04:49 -05:00
Nick Mathewson
b6dce6cfec Merge remote-tracking branch 'asn/bug21142' 2017-01-18 10:44:35 -05:00
Nick Mathewson
9469aaaa82 Handle __NonSavedOptions correctly inside LINELIST_V blocks. 2017-01-18 10:25:10 -05:00
Nick Mathewson
3dd738d5f9 Simplify the VPORT() macro in config.c
It's always called with the same arguments, and there wouldn't be
much point to calling it differently.
2017-01-18 10:07:55 -05:00
Nick Mathewson
69cb6f34cb Merge remote-tracking branch 'dgoulet/bug19953_030_01' 2017-01-18 09:10:46 -05:00
Nick Mathewson
4334a4b784 Merge remote-tracking branch 'dgoulet/bug21033_030_01' 2017-01-18 09:08:16 -05:00
Nick Mathewson
e69afb853d Merge branch 'bug19769_19025_029' 2017-01-18 09:02:48 -05:00
Philipp Winter
eae68fa2d2 Initialise DNS TTL for A and AAAA records.
So far, the TTLs for both A and AAAA records were not initialised,
resulting in exit relays sending back the value 60 to Tor clients.  This
also impacts exit relays' DNS cache -- the expiry time for all domains
is set to 60.

This fixes <https://bugs.torproject.org/19025>.
2017-01-18 08:57:09 -05:00
Nick Mathewson
a969ae8e21 test_cfmt_connected_cells: use TTL value that's above the new min.
Related to 19769.
2017-01-18 08:56:34 -05:00
Nick Mathewson
609065f165 DefecTor countermeasure: change server- and client-side DNS TTL clipping
The server-side clipping now clamps to one of two values, both
for what to report, and how long to cache.

Additionally, we move some defines to dns.h, and give them better
names.
2017-01-18 08:55:57 -05:00
David Goulet
1636777dc8 hs: Allow from 0 to MAX introduction points
An operator couldn't set the number of introduction point below the default
value which is 3. With this commit, from 0 to the hardcoded maximum is now
allowed.

Closes #21033

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:58:50 -05:00
David Goulet
e16148a582 relay: Honor DataDirectoryGroupReadable at key init
Our config code is checking correctly at DataDirectoryGroupReadable but then
when we initialize the keys, we ignored that option ending up at setting back
the DataDirectory to 0700 instead of 0750. Patch by "redfish".

Fixes #19953

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:40:01 -05:00
Nick Mathewson
92c3926479 Fix a double-free in rend_config_services()
Found by coverity scan; CID 1398917
2017-01-17 11:35:26 -05:00
George Kadianakis
def7115fe4 prop271: Move new funcs to top, to avoid compiler warnings. 2017-01-17 14:35:38 +02:00
George Kadianakis
2938fd3b85 prop271: When we exhaust all guards, mark all of them for retry.
In the past, when we exhausted all guards in our sampled set, we just
waited there till we mark a guard for retry again (usually takes 10 mins
for a primary guard, 1 hour for a non-primary guard). This patch marks
all guards as maybe-reachable when we exhaust all guards (this can
happen when network is down for some time).
2017-01-17 14:35:38 +02:00
George Kadianakis
1bc440eda4 Correctly maintain circuits in circuits_pending_other_guards(). 2017-01-17 13:26:59 +02:00
Nick Mathewson
111c66b2f0 Merge remote-tracking branch 'public/ticket20921' 2017-01-16 12:59:39 -05:00
Neel Chauhan
9e5512b48d Disallow setting UseBridges to 1 and UseEntryGuards to 0 2017-01-14 14:55:23 -05:00
Nick Mathewson
fc2656004a Merge remote-tracking branch 'dgoulet/bug20307_030_01' 2017-01-13 16:56:56 -05:00
Nick Mathewson
94e8f60901 Merge branch 'ipv6-only-client_squashed' 2017-01-13 16:49:48 -05:00
teor
2debcc869f Remove redundant boolean expression from firewall_is_fascist_impl()
Let A = UseBridges
Let B = ClientUseIPv4

Then firewall_is_fascist_impl expands and simplifies to:
B || (!(A || ...) && A)
B || (!A && ... && A)
B || 0
B
2017-01-13 16:49:33 -05:00
teor
0417dae580 When IPv6 addresses have not been downloaded, use hard-coded address info
The microdesc consensus does not contain any IPv6 addresses.
When a client has a microdesc consensus but no microdescriptor, make it
use the hard-coded IPv6 address for the node (if available).

(Hard-coded addresses can come from authorities, fallback directories,
or configured bridges.)

If there is no hard-coded address, log a BUG message, and fail the
connection attempt. (All existing code checks for a hard-coded address
before choosing a node address.)

Fixes 20996, fix on b167e82 from 19608 in 0.2.8.5-alpha.
2017-01-13 16:49:33 -05:00
teor
5227ff4aad Remove redundant options checks for IPv6 preference conflicts
It is no longer possible for the IPv6 preference options to differ from the
IPv6 usage: preferring IPv6 implies possibly using IPv6.

Also remove the corresponding unit test warning message checks.
(But keep the unit tests themselves - they now run without warnings.)
2017-01-13 16:49:27 -05:00
Nick Mathewson
3e45b12f38 Merge remote-tracking branch 'dgoulet/bug21054_030_01' 2017-01-13 16:45:55 -05:00