Commit Graph

521 Commits

Author SHA1 Message Date
Nick Mathewson
ed14888e7e Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/policies.c
2011-03-06 13:20:21 -05:00
Nick Mathewson
fb421c0005 Changes file for ipv6 parsing issue 2011-03-06 13:15:32 -05:00
Sebastian Hahn
f83debb51d Fix setting target port in get_interface_address6
We want to use the discard port correctly, so a htons() was missing.
Also we need to set it correctly depending on address family.

Review provided by danieldg
2011-03-05 16:58:20 +01:00
Sebastian Hahn
865ea5d263 Fix connect() failures in get_interface_address6()
The third argument for connect should be dependent on the address
family. Issue spotted by piebeer who also wrote the patch.
2011-03-05 16:57:05 +01:00
Sebastian Hahn
5c7c5e593f Tweak the bug2250 fix slightly
Rename the _UsingTestingTorNetwork hidden option to
_UsingTestNetworkDefaults (thanks Nick for the suggestion) and added a
changes file.
2011-03-01 10:05:18 +01:00
Nick Mathewson
aa178aae03 Merge branch 'bug1863_bwhist' into maint-0.2.2 2011-02-25 11:22:12 -05:00
Nick Mathewson
16b8b9b00f Merge remote branch 'arma/bug2403' into maint-0.2.2 2011-02-22 18:38:03 -05:00
Roger Dingledine
a2727f6249 prevent same entry and exit for insane edge case 2011-02-22 17:54:25 -05:00
Nick Mathewson
491abbc65e Merge remote branch 'public/bug1859_021' into maint-0.2.1 2011-02-22 17:19:41 -05:00
Roger Dingledine
e606f19fa3 changes file for removing torspec from the tarball 2011-02-22 15:58:19 -05:00
Nick Mathewson
7605985b3f Merge remote branch 'public/bug2402_nothing' into maint-0.2.1 2011-02-22 15:54:13 -05:00
Roger Dingledine
372773d681 changes file for removing torspec from the tarball 2011-02-22 14:50:00 -05:00
Nick Mathewson
cdc59c198a Don't let bad DNS make exit policy and declared exit policy get out of sync
Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha.
2011-02-22 14:06:28 -05:00
Nick Mathewson
9d5873cdae Merge branch 'log_domains' into maint-0.2.2 2011-02-22 13:01:02 -05:00
Nick Mathewson
613073e449 Merge remote branch 'sebastian/bug2504' into maint-0.2.2 2011-02-22 12:47:21 -05:00
Robert Ransom
444a955e4a Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-02-16 04:12:37 -08:00
Sebastian Hahn
5dbaf9dbd5 Windows has EACCES, not EACCESS
Once again spotted by mobmix

Also add a changes file for the fix
2011-02-11 17:02:26 +01:00
Roger Dingledine
9b745cdbf9 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-02-11 01:20:47 -05:00
Roger Dingledine
28de4d83fd fix the other half of bug 1074 2011-02-10 17:11:06 -05:00
Nick Mathewson
50c259d763 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.

(Backport from 0.2.2's 5ed73e3807)
2011-02-10 15:55:06 -05:00
Robert Ransom
449d895f06 Merge branch 'bug2408-v2-021-common' into bug2408-v2-022 2011-02-09 03:05:21 -08:00
Robert Ransom
7bf06d4a4f Ignore and warn about "PublishServerDescriptor hidserv"
Fixes #2408.
2011-02-09 02:33:24 -08:00
Nick Mathewson
d43470ad8a Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-02-08 14:37:02 -05:00
Roger Dingledine
7d2a91f5e5 support multihomed bridges (bug 2510) 2011-02-08 09:10:14 -05:00
Roger Dingledine
9a1a96ba09 don't use old non-configured bridges (bug 2511) 2011-02-08 08:08:47 -05:00
Roger Dingledine
20b75989ac dtrt when only relaybandwidthburst is set
fixes bug 2470
2011-02-07 23:21:33 -05:00
Roger Dingledine
54ccc80a4a Merge branch 'maint-0.2.1' into maint-0.2.2 2011-02-07 22:20:35 -05:00
Karsten Loesing
9c2cb6fc89 Update to the February 1 2011 Maxmind GeoLite Country database. 2011-02-07 22:19:37 -05:00
Sebastian Hahn
9b64227ffd Routers count as down when they change ORPort, too
rransom noticed that a change of ORPort is just as bad as a change of IP
address from a client's perspective, because both mean that the relay is
not available to them while the new information hasn't propagated.
Change the bug1035 fix accordingly.

Also make sure we don't log a bridge's IP address (which might happen
when we are the bridge authority).
2011-02-08 00:38:48 +01:00
Nick Mathewson
98cef0ac1e Merge branch 'bug2279' into maint-0.2.2 2011-02-07 12:43:54 -05:00
Nick Mathewson
e9803aa710 Merge branch 'bug2203_rebased' into maint-0.2.2 2011-02-04 12:22:18 -05:00
Nick Mathewson
f9e251ccf8 changes file for ASLR/DEP build on windows 2011-02-03 14:20:08 -05:00
Nick Mathewson
e94ee583d6 Merge remote branch 'sebastian/bug2450' into maint-0.2.2 2011-02-03 13:59:58 -05:00
Nick Mathewson
2fa9ddb958 Merge remote branch 'public/bug2378' into maint-0.2.2 2011-02-03 13:54:28 -05:00
Sebastian Hahn
f2bb7b17d7 Remove country codes from EntryNodes manpage entry 2011-01-28 14:19:28 +01:00
Nick Mathewson
e6da9a98e9 Merge branch 'bug2181' into maint-0.2.2 2011-01-26 11:46:13 -05:00
Nick Mathewson
d92a415bed Add an option to disable the block-private-addresses feature
Suggested by rransom.  Probably necessary for testing network mode.
2011-01-26 11:35:24 -05:00
Nick Mathewson
ba3b03def0 Merge branch 'bug2409' into maint-0.2.2 2011-01-26 11:06:59 -05:00
Nick Mathewson
411ec3c0f8 Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).

This can also help detect forwarding loop requests.

Found as part of bug2279.
2011-01-25 20:39:44 -05:00
Nick Mathewson
85da676108 Fix double-mark bug when failing to init transparent connection
Fixes part of bug 2279.  Bugfix on 0.1.2.1-alpha.
2011-01-25 19:07:03 -05:00
Nick Mathewson
5ce8182bdb Log more about soft-hibernation 2011-01-25 18:45:13 -05:00
Nick Mathewson
e80bdfb4a0 Correctly detect BIO_new failures
This bug was noticed by cypherpunks; fixes bug 2378.

Bugfix on svn commit r110.
2011-01-25 18:26:49 -05:00
Nick Mathewson
bfde636aad Always treat failure to allocate an RSA key as an unrecoverable allocation error 2011-01-25 18:19:09 -05:00
Mike Perry
3ede94159e Add changelog entry for bug2203. 2011-01-25 17:49:02 -05:00
Nick Mathewson
3d1057c712 Add changes file for bug2004 2011-01-25 17:37:37 -05:00
Nick Mathewson
71862ed763 Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
2011-01-25 17:15:22 -05:00
Sebastian Hahn
7a446e6754 Tell which geoip file we're parsing 2011-01-25 15:54:51 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
e261a1a3e6 Simplify syntax for negated log domains
Previously if you wanted to say "All messages except network
messages", you needed to say "[*,~net]" and if you said "[~net]" by
mistake, you would get no messages at all.  Now, if you say "[~net]",
you get everything except networking messages.
2011-01-25 15:03:36 -05:00
Nick Mathewson
23f8bedddb Add manpage entry for logging domains
Fixes issue 2215.
2011-01-25 15:02:36 -05:00
Sebastian Hahn
68f8ca357f Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.
2011-01-25 14:13:06 -05:00
Nick Mathewson
a1073ee956 Simplest fix to bug2402: do not include SVN versions
When we stopped using svn, 0.2.1.x lost the ability to notice its svn
revision and report it in the version number.  However, it kept
looking at the micro-revision.i file... so if you switched to master,
built tor, then switched to 0.2.1.x, you'd get a micro-revision.i file
from master reported as an SVN tag.  This patch takes out the "include
the svn tag" logic entirely.

Bugfix on 0.2.1.15-rc; fixes bug 2402.
2011-01-25 14:08:13 -05:00
Nick Mathewson
5ed73e3807 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
2011-01-24 16:50:11 -05:00
Nick Mathewson
13e9a2b19d Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-20 15:00:24 -05:00
Nick Mathewson
1471e57743 Merge remote branch 'rransom/policy_summarize-assert' into maint-0.2.1 2011-01-20 14:59:23 -05:00
Robert Ransom
43414eb988 Fix bounds-checking in policy_summarize
Found by piebeer.
2011-01-20 11:17:57 -08:00
Nick Mathewson
a793f1f6f2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-19 13:25:38 -05:00
Nick Mathewson
971e83ef9c Fix two more SIZE_T_CEILING issues
This patch imposes (very long) limits on the length of a line in a
directory document, and on the length of a certificate.  I don't
think it should actually be possible to overrun these remotely,
since we already impose a maximum size on any directory object we're
downloading, but a little defensive programming never hurt anybody.

Roger emailed me that doorss reported these on IRC, but nobody seems
to have put them on the bugtracker.
2011-01-19 13:22:50 -05:00
Roger Dingledine
7699014e1e Merge commit 'sebastian/bug2317' into maint-0.2.2 2011-01-15 21:54:49 -05:00
Nick Mathewson
a7790d48af Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 14:15:19 -05:00
Nick Mathewson
ef6fa07e48 Fix a couple of non-cleared key issues in hidden services
we need to do more hunting, but this fixes the ones mentioned in 2385.
2011-01-15 14:10:54 -05:00
Nick Mathewson
9b09627edd Zero out some more key data before freeing it
Found by cypherpunks; fixes bug 2384.
2011-01-15 14:10:52 -05:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Nick Mathewson
1393985768 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
	src/or/test.c
2011-01-15 13:25:13 -05:00
Nick Mathewson
b97b0efec8 Merge branch 'bug2352_obsize' into maint-0.2.1 2011-01-15 13:15:06 -05:00
Nick Mathewson
cff4cfef4f Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 12:13:50 -05:00
Nick Mathewson
8f11642ceb Merge branch 'bug2324_uncompress' into maint-0.2.1 2011-01-15 12:12:34 -05:00
Nick Mathewson
ed87738ede Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/config.c
	src/or/networkstatus.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/or/test.c
2011-01-15 12:02:55 -05:00
Nick Mathewson
50b06a2b76 make the description of tolen_asserts more dire
We have a CVE # for this bug.
2011-01-15 11:49:26 -05:00
Nick Mathewson
115782bdbe Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a
large enough buffer.  In one case, they weren't.

(Incorporates fixes from sebastian)
2011-01-15 11:49:25 -05:00
Nick Mathewson
a16902b9d4 Always nul-terminate the result passed to evdns_server_add_ptr_reply
In dnsserv_resolved(), we carefully made a nul-terminated copy of the
answer in a PTR RESOLVED cell... then never used that nul-terminated
copy.  Ouch.

Surprisingly this one isn't as huge a security problem as it could be.
The only place where the input to dnsserv_resolved wasn't necessarily
nul-terminated was when it was called indirectly from relay.c with the
contents of a relay cell's payload.  If the end of the payload was
filled with junk, eventdns.c would take the strdup() of the name [This
part is bad; we might crash there if the cell is in a bad part of the
stack or the heap] and get a name of at least length
495[*]. eventdns.c then rejects any name of length over 255, so the
bogus data would be neither transmitted nor altered.

  [*] If the name was less than 495 bytes long, the client wouldn't
     actually be reading off the end of the cell.

Nonetheless this is a reasonably annoying bug.  Better fix it.

Found while looking at bug 2332, reported by doorss.  Bugfix on
0.2.0.1-alpha.
2011-01-15 11:49:25 -05:00
Nick Mathewson
43e12a7988 Merge remote branch 'public/bug2363' into maint-0.2.2 2011-01-12 14:00:20 -05:00
Nick Mathewson
a2c41aa3e8 Merge remote branch 'sebastian/bug2337' into maint-0.2.2 2011-01-12 12:55:09 -05:00
Nick Mathewson
1e37d8678a Merge branch 'bug2331' into maint-0.2.2 2011-01-12 12:42:40 -05:00
Nick Mathewson
f4756051fe add a missing "not" in bug2331 changelog 2011-01-12 12:42:21 -05:00
Nick Mathewson
597433bcec Merge branch 'bug2346' into maint-0.2.2 2011-01-12 12:37:51 -05:00
Nick Mathewson
5044cb9752 Explain bug2346 fix better based on suggestions from arma 2011-01-12 12:37:42 -05:00
Nick Mathewson
aa45e82593 Pull up more data when parsing socks messages
Previously, we only looked at up to 128 bytes.  This is a bad idea
since socks messages can be at least 256+x bytes long.  Now we look at
up to 512 bytes; this should be enough for 0.2.2.x to handle all valid
SOCKS messages.  For 0.2.3.x, we can think about handling trickier
cases.

Fixes 2330.  Bugfix on 0.2.0.16-alpha.
2011-01-10 17:24:16 -05:00
Nick Mathewson
95968a625e Wait 60 minutes before retrying failed state save; bug2346 2011-01-10 16:51:11 -05:00
Nick Mathewson
105b94b75b Add Maxima lists to bandwidth state.
Right now, Tor routers don't save the maxima values from the
bw_history_t between sessions.  That's no good, since we use those
values to determine bandwidth.  This code adds a new BWHist.*Maximum
set of values to the state file.  If they're not present, we estimate
them by taking the observed total bandwidth and dividing it by the
period length, which provides a lower bound.

This should fix bug 1863.  I'm calling it a feature.
2011-01-10 14:47:39 -05:00
Nick Mathewson
5ae391762c Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-10 14:12:33 -05:00
Nick Mathewson
28844c8403 On bwhist state load failure, clear dir_read/write hist too 2011-01-10 13:15:51 -05:00
Nick Mathewson
7e1502c0d1 Fix bug when parsing bwhist with unexpected Interval
Previously, our state parsing code would fail to parse a bwhist
correctly if the Interval was anything other than the default
hardcoded 15 minutes.  This change makes the parsing less incorrect,
though the resulting history array might get strange values in it if
the intervals don't match the one we're using.  (That is, if stuff was
generated in 15 minute intervals, and we read it into an array that
expects 30 minute intervals, we're fine, since values can be combined
pairwise.  But if we generate data at 30 minute intervals and read it
into 15 minute intervals, alternating buckets will be empty.)

Bugfix on 0.1.1.11-alpha.
2011-01-10 13:06:50 -05:00
Nick Mathewson
373a1bc40e Impose maximum sizes on parsed objects
An object, you'll recall, is something between -----BEGIN----- and
-----END----- tags in a directory document.  Some of our code, as
doorss has noted in bug 2352, could assert if one of these ever
overflowed SIZE_T_CEILING but not INT_MAX.  As a solution, I'm setting
a maximum size on a single object such that neither of these limits
will ever be hit.  I'm also fixing the INT_MAX checks, just to be sure.
2011-01-10 12:12:11 -05:00
Karsten Loesing
d43cba6c69 Update to the January 1 2011 Maxmind GeoLite Country database. 2011-01-10 10:37:54 +01:00
Nick Mathewson
68d5b6bc52 Fix check for failed evdns request creation
When using libevent 2, we use evdns_base_resolve_*().  When not, we
fake evdns_base_resolve_*() using evdns_resolve_*().

Our old check was looking for negative values (like libevent 2
returns), but our eventdns.c code returns 1.  This code makes the
check just test for nonzero.

Note that this broken check was not for _resolve_ failures or even for
failures to _launch_ a resolve: it was for failures to _create_ or
_encode_ a resolve request.

Bug introduced in 81eee0ecfff3dac1e9438719d2f7dc0ba7e84a71; found by
lodger; uploaded to trac by rransom.  Bug 2363.  Fix on 0.2.2.6-alpha.
2011-01-09 19:02:57 -05:00
Nick Mathewson
732275bb81 Describe tor-resolve defaults. Bug 2364. 2011-01-09 15:40:40 -05:00
Nick Mathewson
54135b72f8 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-07 22:04:40 -05:00
Nick Mathewson
0a35ac6a22 Correctly detect and exclude addresses outside of our virtual address range
Found by cypherpunks; fixes more of 2328.  Bug was introduced in 3623a122;
first appeared in 0.2.0.5-alpha.
2011-01-07 12:24:36 -05:00
Nick Mathewson
d6329eda96 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-06 13:37:39 -05:00
Nick Mathewson
d6b49c55c5 Merge branch 'bug2328_021' into maint-0.2.1 2011-01-06 13:36:29 -05:00
Nick Mathewson
eabddd8ca0 Handle a NULL return from addressmap_get_virtual_address
Fix for bug 2328; bugfix on 0.1.2.1-alpha; bug found by doorss.
2011-01-05 16:36:48 -05:00
Nick Mathewson
31d6659d97 Fix a double-counting bug in addrmap_get_virtual_address
We were decrementing "available" twice for each in-use address we ran
across.  This would make us declare that we ran out of virtual
addresses when the address space was only half full.
2011-01-05 16:02:43 -05:00
Nick Mathewson
0e9d7f105d Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 17:24:32 -05:00
Nick Mathewson
e4320689cc Note that Tor requires Automake 1.7. Fixes bug 2305 2011-01-03 17:24:16 -05:00
Nick Mathewson
81d69f4c2d Detect signed size_t and report an error at configure time. 2011-01-03 16:54:57 -05:00
Nick Mathewson
0222228d64 Fix up size and sign issues in base32 code
Fixes bug 2331.
2011-01-03 16:16:53 -05:00
Nick Mathewson
64798dab4f Detect and disallow compression bombs 2011-01-03 15:54:23 -05:00
Nick Mathewson
f089804332 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:31:19 -05:00
Nick Mathewson
e365aee971 Avoid assertion on read_file_to_str() with size==SIZE_T_CEILING-1
Spotted by doors, fixes bug 2326.
2011-01-03 15:30:11 -05:00
Nick Mathewson
cee433d751 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:15:54 -05:00
Nick Mathewson
e09ab69703 Check size against SIZE_T_CEILING in realloc too.
Fixes bug 2324.
2011-01-03 15:15:27 -05:00
Nick Mathewson
27cefef3a2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 13:18:33 -05:00
Nick Mathewson
5c09431cc7 Never include pthread.h when building for Windows.
On Windows, we never use pthreads, since it doesn't usually exist,
and when it does it tends to be a little weirdly-behaved.  But some
mingw installations have a pthreads installed, so autoconf detects
pthread.h and tells us about it.  This would make us include
pthread.h, which could make for trouble when the iffy pthread.h
tried to include config.h.

This patch changes compat.h so that we never include pthread.h on
Windows.  Fixes bug 2313; bugfix on 0.1.0.1-rc.
2011-01-03 12:45:13 -05:00
Sebastian Hahn
9ecf133686 Fix compile wanrings revealed by gcc 4.5 on mingw 2010-12-27 09:47:41 +01:00
Nick Mathewson
e895919b17 Merge remote branch 'public/bug2060' into maint-0.2.2 2010-12-21 15:53:03 -05:00
Nick Mathewson
cdbd6d0fe8 Merge remote branch 'rransom/bug2190_the_hard_way' into maint-0.2.2 2010-12-21 15:48:14 -05:00
Nick Mathewson
69771bb5fc Merge remote branch 'public/bug2190_021' into maint-0.2.1 2010-12-21 15:44:50 -05:00
Roger Dingledine
c63c937465 Merge commit 'nickm/fix_security_bug_022' into maint-0.2.2 2010-12-16 17:24:11 -05:00
Roger Dingledine
975ffe4398 Merge commit 'nickm/fix_security_bug_021' into maint-0.2.1 2010-12-16 16:59:12 -05:00
Nick Mathewson
591f65dde6 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-12-16 10:05:07 -05:00
Karsten Loesing
3c3b1d14fd Change gabelmoo's IP address and ports. 2010-12-16 13:28:30 +01:00
Nick Mathewson
b5e293afe6 Merge remote branch fix_security_bug_021 into fix_security_bug_022
Conflicts:
	src/common/memarea.c
	src/or/or.h
	src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
b0def605a5 Add a changelog entry 2010-12-15 22:35:07 -05:00
Nick Mathewson
ddfb398494 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/config/geoip
2010-12-14 14:13:24 -05:00
Karsten Loesing
35148ba532 Update to the December 1 2010 Maxmind GeoLite Country database. 2010-12-08 17:59:40 +01:00
Nick Mathewson
f924fbf19f Merge branch 'bug2081_followup_022' into maint-0.2.2 2010-12-07 11:35:49 -05:00
Nick Mathewson
5efe6f04c6 Reject relay versions older than 0.2.0.26-rc
This was the first version to cache the correct directory information.

Fixes bug 2156.
2010-12-07 11:35:32 -05:00
Nick Mathewson
8f31a9da43 revise bug2081_followup changelog 2010-12-07 11:27:51 -05:00
Nick Mathewson
dc2f10bd81 Fix a bug in calculating wakeup time on 64-bit machines.
If you had TIME_MAX > INT_MAX, and your "time_to_exhaust_bw =
accountingmax/expected_bandwidth_usage * 60" calculation managed to
overflow INT_MAX, then your time_to_consider value could underflow and
wind up being rediculously low or high.  "Low" was no problem;
negative values got caught by the (time_to_consider <= 0) check.
"High", however, would get you a wakeup time somewhere in the distant
future.

The fix is to check for time_to_exhaust_bw overflowing INT_MAX, not
TIME_MAX: We don't allow any accounting interval longer than a month,
so if time_to_exhaust_bw is significantly larger than 31*24*60*60, we
can just clip it.

This is a bugfix on 0.0.9pre6, when accounting was first introduced.
It fixes bug 2146, unless there are other causes there too.  The fix
is from boboper.  (I tweaked it slightly by removing an assignment
that boboper marked as dead, and lowering a variable that no longer
needed to be function-scoped.)
2010-12-06 12:01:32 -05:00
Nick Mathewson
feffbce814 Add a missing ! to directory_fetches_from_authorities
The old logic would have us fetch from authorities if we were refusing
unknown exits and our exit policy was reject*.  Instead, we want to
fetch from authorities if we're refusing unknown exits and our exit
policy is _NOT_ reject*.

Fixed by boboper.  Fixes more of 2097.  Bugfix on 0.2.2.16-alpha.
2010-12-06 11:36:01 -05:00
Nick Mathewson
c0f1517d87 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2010-12-03 13:37:13 -05:00
Nick Mathewson
ee8f451bf1 Fix a harmless off-by-one error in counting controller argument lengths
Bugfix on 0.1.1.1-alpha; found by boboper.
2010-12-02 13:19:21 -05:00
Roger Dingledine
b259c08318 Merge branch 'maint-0.2.1' into maint-0.2.2
Conflicts:

	doc/Makefile.am
2010-12-01 00:11:27 -05:00
Nick Mathewson
ad87d6172b fix changes file for 2210 2010-11-30 19:19:36 -05:00
Nick Mathewson
25b0fd8868 Revise comment on 2210 a little; clean up n_streams/num_streams confusion
Also add a changes file
2010-11-29 16:07:27 -05:00
Nick Mathewson
a5174b092e Merge branch 'exitstats' into maint-0.2.2 2010-11-29 15:28:22 -05:00
Robert Ransom
de75afc556 Avoid dereferencing NULL if a bridge fails to build an ei descriptor.
Reported by an anonymous commenter on Trac.
2010-11-24 13:18:11 -08:00
Karsten Loesing
4fed43ab2e Report only the top 10 ports in exit-port stats. 2010-11-24 08:45:05 +01:00
mingw-san
78df6404eb Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-11-23 12:47:38 -05:00
Roger Dingledine
2d6ee53fb9 stop shipping doc/img and doc/website in the tarball 2010-11-23 00:03:50 -05:00
Nick Mathewson
12f3186719 Disable DirPort when BridgeRelay is set 2010-11-22 13:12:48 -05:00
Nick Mathewson
5a9903b9e0 Handle negative run lengths in wfu/mtbf calculations 2010-11-22 12:39:22 -05:00
Nick Mathewson
bea0a31c1c Treat routers whose IPs have changed as having been down for MTBF/routerinfo
calculation purposes.
2010-11-22 12:32:29 -05:00
Nick Mathewson
2af14b671d Have authorities reject routers running verions susceptible to bug 1038. 2010-11-22 11:16:36 -05:00
Roger Dingledine
f54e75a2c6 prepare for our emergency openssl fix release 2010-11-21 16:59:42 -05:00
Nick Mathewson
2bd64f9e8f Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-21 14:33:11 -05:00
Nick Mathewson
a9d2148f53 Merge branch 'fix2204' into maint-0.2.1 2010-11-21 14:28:38 -05:00
Nick Mathewson
92a99736fd Do not set the hostname TLS extension server-side; only client-side
This may fix bug 2204, and resolve the incompatibility with openssl
0.9.8p/1.0.0b.
2010-11-20 22:21:50 -05:00
Nick Mathewson
d166d18643 Better fix for 2190: defer libevent->controller messages instead of dropping 2010-11-19 22:52:32 -05:00
Nick Mathewson
668f7a2639 Do not send Libevent log messages to a controller (0.2.1 backport)
Doing so could make Libevent call Libevent from inside a Libevent
logging call, which is a recipe for reentrant confusion and
hard-to-debug crashes.  This would especially hurt if Libevent
debug-level logging is enabled AND the user has a controller
watching for low-severity log messages.

Fix bug 2190; fix on 0.1.0.2-rc.
2010-11-19 22:27:40 -05:00
Nick Mathewson
6199ac5fbe Do not send Libevent log messages to a controller.
Doing so could make Libevent call Libevent from inside a Libevent
logging call, which is a recipe for reentrant confusion and
hard-to-debug crashes.  This would especially hurt if Libevent
debug-level logging is enabled AND the user has a controller
watching for low-severity log messages.

Fix bug 2190; fix on 0.1.0.2-rc.
2010-11-19 22:22:43 -05:00
Nick Mathewson
54551f3148 Merge branch 'fix2183', remote branch 'rransom/fix2195-v2' into maint-0.2.2 2010-11-19 16:48:13 -05:00
Robert Ransom
b3470ce957 Add changes file for bug2195. 2010-11-19 13:46:09 -08:00
Roger Dingledine
e0b922b7e6 merge in more changelog entries 2010-11-15 23:54:20 -05:00
Roger Dingledine
a641646a98 Merge commit 'nickm/1776_redux_v1' into maint-0.2.2 2010-11-15 23:29:09 -05:00
Nick Mathewson
522c204ac9 Merge branch 'bug2000_nm_022' into maint-0.2.2 2010-11-15 15:31:40 -05:00
Nick Mathewson
29c468146d changes entry for nopublish removal in 5040c855d 2010-11-15 14:29:53 -05:00
Nick Mathewson
433a98131a Merge remote branch 'sebastian/manpagefixups' into maint-0.2.2 2010-11-15 14:07:00 -05:00
Sebastian Hahn
da3a6e724f Rate-limit unsafe socks warning
Pick 5 seconds as the limit. 5 seconds is a compromise here between
making sure the user notices that the bad behaviour is (still) happening
and not spamming their log too much needlessly (the log message is
pretty long). We also keep warning every time if safesocks is
specified, because then the user presumably wants to hear about every
blocked instance.

(This is based on the original patch by Sebastian, then backported to
0.2.2 and with warnings split into their own function.)
2010-11-15 13:57:37 -05:00
Karsten Loesing
cec21652a7 Try harder not to exceed the 50 KB extra-info descriptor limit.
Our checks that we don't exceed the 50 KB size limit of extra-info
descriptors apparently failed. This patch fixes these checks and reserves
another 250 bytes for appending the signature. Fixes bug 2183.
2010-11-15 12:51:51 +01:00
Robert Hogan
5cd7953a21 Issues with router_get_by_nickname() (3)
Add changes file
2010-11-12 19:51:06 -05:00
Nick Mathewson
3a7614c670 Add changes file for bug1125 2010-11-12 13:03:18 -05:00
Nick Mathewson
566a115be1 Add changes file for bug1125 2010-11-12 12:59:42 -05:00
Nick Mathewson
5beb8ee4e1 Merge remote branch 'sebastian/remove-osx-expert-package' into maint-0.2.2 2010-11-11 13:53:53 -05:00
Roger Dingledine
362bb5c625 Merge branch 'maint-0.2.1' into maint-0.2.2 2010-11-11 12:12:17 -05:00
Roger Dingledine
0a38358210 let unpublished bridges learn their ip address too 2010-11-11 11:26:42 -05:00
Nick Mathewson
a4bf5b51e9 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-10 16:06:43 -05:00
Nick Mathewson
2a50dd9359 Enforce multiplicity rules when parsing annotations.
We would never actually enforce multiplicity rules when parsing
annotations, since the counts array never got entries added to it for
annotations in the token list that got added by earlier calls to
tokenize_string.

Found by piebeer.
2010-11-10 16:02:02 -05:00
Nick Mathewson
089137f011 Fix a bug where seting allow_annotations==0 only ignores annotations, but does not block them 2010-11-10 16:02:02 -05:00
Sebastian Hahn
6bde512edc Document hs dht min uptime change in privnets
In f87c6f100d we made it so that MinUptimeHidServDirectoryV2
defaults to 0 if TestingTorNetwork is set. Add a manpage entry and a
changes file.
2010-11-10 15:48:26 +01:00
Sebastian Hahn
b9cac605ab Synx manpage and source wrt option capitalization
We had a spelling discrepancy between the manpage and the source code
for some option. Resolve these in favor of the manpage, because it
makes more sense (for example, HTTP should be capitalized).
2010-11-10 15:48:26 +01:00
Sebastian Hahn
40fd0c1ca1 Remove the torrc.complete file.
We haven't been keeping it up to date, and the manpage exists as a
replacement for users who want an overview of all available options.
2010-11-10 15:48:25 +01:00
Sebastian Hahn
fcdf1470c0 Remove everything related to os x expert package
We decided to no longer ship expert packages for OS X because they're a
lot of trouble to keep maintained and confuse users. For those who want
a tor on OS X without Vidalia, macports is a fine option. Alternatively,
building from source is easy, too.

The polipo stuff that is still required for the Vidalia bundle build can
now be found in the torbrowser repository,
git://git.torproject.org/torbrowser.git.
2010-11-10 04:04:29 +01:00
Roger Dingledine
6b4db953c9 fold the changes files into a changelog 2010-11-09 21:50:30 -05:00
Roger Dingledine
70411a50b1 move to the november 1 maxmind geoip db 2010-11-06 17:41:36 -04:00
Nick Mathewson
114a371c0e Fix the assert in bug 1776
In the case where old_router == NULL but sdmap has an entry for the
router, we can currently safely infer that the old_router was not a
bridge.  Add an assert to ensure that this remains true, and fix the
logic not to die with the tor_assert(old_router) call.
2010-11-02 11:20:09 -04:00
Nick Mathewson
0e8d1c2217 Merge remote branch 'hoganrobert/bug1859' into maint-0.2.2 2010-10-21 11:01:12 -04:00
Nick Mathewson
ea7f4be6d2 Merge remote branch 'sebastian/relay_early_rend' into maint-0.2.2 2010-10-21 10:49:44 -04:00
Nick Mathewson
2849a95691 Add a ! to directory_caches_dir_info() to fix a logic error
We want to fetch directory info more aggressively if we need it to
refuseunknownexits.  Thus, we'll want it if our exit policy is _NOT_
reject *.
2010-10-20 13:49:38 -04:00
Nick Mathewson
c2323f1340 Merge branch 'bug2097' into maint-0.2.2 2010-10-20 13:45:53 -04:00
Nick Mathewson
98aee8472f Fix a read of a freed pointer while in set_current_consensus
Found by rransom while working on issue #988.  Bugfix on
0.2.2.17-alpha.  Fixes bug 2097.
2010-10-20 13:10:20 -04:00
Sebastian Hahn
cee4dc6101 Use ssp-buffer-size param when hardening
We used to enable ssp-buffer-size=1 only when building with
--enable-gcc-warnings. That would result in warnings (and no
protection for small arrays) when building with
--enable-gcc-hardening without enabling warnings, too. Fixes bug
2031.

Also remove an XXX: We now allow to build with -fstack-protector
by using --enable-gcc-hardening.
2010-10-20 13:13:44 +02:00
Sebastian Hahn
d3b67cba3c Send relay_early cells in rend circs
There are no relay left that run version 0.2.1.3 through 0.2.1.18, so
changing this behaviour should be safe now.
2010-10-18 07:46:51 +02:00
Robert Hogan
69a496ba98 Issues with router_get_by_nickname() (3)
Add changes file
2010-10-17 15:12:25 +01:00
Sebastian Hahn
f3d000f496 Fix MIPSpro and time_t signedness detection
3d6e283087 silenced the autogen.sh warnings as it was supposed to, but
introduced two bugs. Fix them.
2010-10-11 19:24:25 +02:00
Robert Ransom
c70d9d77ab Correct a couple of log messages in tortls.c 2010-10-04 13:53:48 -04:00
Nick Mathewson
69b4138c00 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-10-04 12:32:35 -04:00
Karsten Loesing
bad609ae6b Update to the October 1 2010 Maxmind GeoLite Country database. 2010-10-04 11:45:53 +02:00
Roger Dingledine
6cb5383e56 log when we guess our ip address, not just when we fail 2010-10-01 13:32:38 -04:00
Roger Dingledine
d62a2d6ee5 write up a changelog file 2010-09-30 17:32:17 -04:00
Sebastian Hahn
5a19df1d94 Add a changes file for the bug1912 fix 2010-09-30 06:24:01 +02:00
Roger Dingledine
3cbe463e96 Merge branch 'bug1772' into maint-0.2.2 2010-09-29 23:52:18 -04:00
Roger Dingledine
48cd096276 Merge commit 'mikeperry/bug1739' into maint-0.2.2 2010-09-29 17:17:59 -04:00
Roger Dingledine
474e4d2722 Merge commit 'mikeperry/bug1740' into maint-0.2.2 2010-09-29 17:05:38 -04:00
Mike Perry
f1b0e4e4b4 Add changes file. 2010-09-29 11:49:43 -07:00
Mike Perry
4caf39f1c8 Add changes file. 2010-09-29 11:46:36 -07:00
Mike Perry
caba3bc57e Add changes file. 2010-09-29 11:41:35 -07:00
Roger Dingledine
7e644b3f69 a changelog entry for the entrynodes retry mess 2010-09-28 22:49:36 -04:00
Roger Dingledine
09a715bb72 Merge branch 'maint-0.2.1' into maint-0.2.2 2010-09-28 18:37:55 -04:00
Roger Dingledine
339993b409 actually retry bridges when your network goes away 2010-09-28 18:36:15 -04:00
Roger Dingledine
8df3a90946 the actual changelog entry this time 2010-09-27 17:44:51 -04:00
Sebastian Hahn
c951830002 Fix a bridge segfault
When we enabled support to change statistic options without restarting
Tor we forgot to initialize geoip_countries. Fix that.
2010-09-27 23:19:25 +02:00
Nick Mathewson
e385961542 Merge remote branch 'public/bug1954' into maint-0.2.2 2010-09-27 15:39:40 -04:00
Nick Mathewson
24a45f54d2 Merge branch 'bug1805' into maint-0.2.2 2010-09-27 12:25:32 -04:00
Nick Mathewson
1cbdbff961 Merge remote branch 'mikeperry/bug1952-merge' into maint-0.2.2 2010-09-27 12:17:41 -04:00
Mike Perry
dfe8c2146c Add changelog for bug 1952. 2010-09-27 09:12:00 -07:00
Nick Mathewson
c8e1538a0b Merge remote branch 'sebastian/continuation' 2010-09-24 13:43:55 -04:00
Nick Mathewson
9b49a89430 Merge branch 'bug1511' 2010-09-23 23:16:25 -04:00
Nick Mathewson
0a0cc4599f Tweak continuation-and-comment logic
I think there was a read-off-the-end-of-the-buffer bug that I fixed.
At least I added some good comments, I hope.
2010-09-23 22:58:04 -04:00