Commit Graph

36946 Commits

Author SHA1 Message Date
Nick Mathewson
c4fe66e342 Socks5: handle truncated client requests correctly
Previously, our code would send back an error if the socks5 request
parser said anything but DONE.  But there are other non-error cases,
like TRUNCATED: we shouldn't send back errors for them.

This patch lowers the responsibility for setting the error message
into the parsing code, since the actual type of the error message
will depend on what problem was encountered.

Fixes bug 40190; bugfix on 0.3.5.1-alpha.
2020-12-14 10:14:03 -05:00
David Goulet
15b0d30a55 configure: Revert back the static libevent path
From c618c4f279, we changed the static
libevent.a path to be able to use the git repository or tarball directly but
that broke the "make install" setup that Tor Browser is using with Android.

In other words, the git repository and tarball put the "libevent.a" in
".libs/" where "make install" puts it in "lib/".

Using the --with-libevent-dir=..., which is mandatory for static libevent,
autoconf will take the path and use it for the includes (-I) and library (-L)
for which if it finds a "include/" and a "lib/" in the root, it will use
those.

However, with the git repo or tarball, the "lib/" doesn't exists thus autoconf
sets the library search path to be at the root and thus fails to find the
libevent.a in ".libs/".

This is a whole lot more work to make both cases work in our configure.ac thus
I'm reverting the change here to the Tor Browser case works again and the work
around for others is to either symlink the libevent.a at the root or use a
temporary make install directory.

One long term fix here would likely be to ask libevent to symblink the .a into
the root along the .la files and likely do the same for .so. Or, use the
"lib/" structure to contain the .a + .so files. Would be better than doing
ninji-tsu in our configure.ac

Fixes #40225

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-11 09:52:23 -05:00
Nick Mathewson
34baa1bdc3 Tweak the documentation for approved-routers
Document !badexit, and improve the documentation for !invalid.

Closes #40188.
2020-12-09 14:08:55 -05:00
Daniel Pinto
bd0046c9ec Avoid sandbox bug warning when unglobbing patterns #40094
Adds a more user-friendly error message when the configuration is
reloaded and a new %include is added that makes its unglobbing
access files/folders not allowed by the seccomp sandbox.
2020-12-08 15:00:43 -05:00
Nick Mathewson
baef0843a4 Fix a couple of documentation comments related to #40094 2020-12-08 14:59:28 -05:00
David Goulet
e74f168bb4 relay: Avoid log reachability test for bandwidth test circuit
Fixes #40205

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-08 14:51:31 -05:00
David Goulet
c618c4f279 configure: Fix the --enable-static-tor switch
The "-static" compile flag was set globally which means that all autoconf test
were attempting to be built statically and lead to failures of detecting
OpenSSL libraries and others.

This commit adds this flag only to the "tor" binary build.

There is also a fix on where to find libevent.a since it is using libtool, it
is in .libs/.

At this commit, there are still warnings being emitted that informs the user
that the built binary must still be linked dynamically with glibc.

Fixes #40111

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-08 09:14:49 -05:00
Nick Mathewson
2f87b2ab75 bump to 0.4.5.2-alpha-dev 2020-11-23 14:03:53 -05:00
Nick Mathewson
73fb44dcba Bump to 0.4.5.2-alpha. 2020-11-21 15:09:08 -05:00
Alexander Færøy
b274e46309 Merge branch 'maint-0.4.4' into maint-0.4.5 2020-11-19 17:44:00 +00:00
Alexander Færøy
77bb4b0838 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-11-19 17:43:59 +00:00
Alexander Færøy
2e7cbd7a9c Merge remote-tracking branch 'tor-gitlab/mr/196' into maint-0.4.3 2020-11-19 17:43:44 +00:00
David Goulet
ea52705e4b config: Bridge line with a transport must have a ClientTransportPlugin
Fixes #25528

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-18 11:31:37 -05:00
David Goulet
fcf5bbb59f Merge branch 'tor-gitlab/mr/144' into maint-0.4.5 2020-11-18 11:29:02 -05:00
David Goulet
16351d655d sendme: Turn log warning into debug
When sending the stream level SENDME, it is possible the cirucit was marked
for close or any other failures that can occur. These events can occur
naturally.

Fixes #40142

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 13:23:34 -05:00
David Goulet
07006785fd Merge branch 'tor-gitlab/mr/203' into maint-0.4.5 2020-11-17 12:25:48 -05:00
David Goulet
d04a27bed2 config: Really ignore non ORPorts when removing duplicates
The function in charge of removing duplicate ORPorts from our configured ports
was skipping all non ORPorts port but only for the outer loop thus resulting
in comparing an ORPort with a non-ORPort which lead to problems.

For example, tor configured with the following would fail:

  ORPort auto
  DirPort auto

Both end up being the same configuration except that one is a OR listener and
one is a Dir listener. Thus because of the missing check in the inner loop,
they looked exactly the same and thus one is removed.

Fixes #40195

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 09:40:16 -05:00
Nick Mathewson
b13f32ee97 Merge branch 'ticket40071_045_01_squashed' into master 2020-11-17 07:58:37 -05:00
David Goulet
9aaac94cc3 changes: Add file for #40071
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
David Goulet
bc5f26ff70 relay: Launch dummy circuit only when descriptor build fails
First, this commit moves the launch_dummy_circuit_as_needed() function into
relay_find_addr.c and renames it to relay_addr_learn_from_dirauth(). This is
an attempt to centralize anything relate with address discovery in the right
module.

Second, when building a descriptor and we fail to discover our address,
immediately launch a dummy circuit to an authority in an attempt to learn our
descriptor.

It is still only done every 20 minutes even though the descriptor build is
done every minute. We ought to avoid load on the authority and if we can't
learn in the first place our address from them, chances are more things are
wrong.

Related to #40071

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
David Goulet
a5538a3603 relay: Look at our cache when looking for an IP change
Regularly, tor looks if its IP has changed. It does the entire auto discovery
process again. However, it is possible that it does not find anything.

Instead of thinking the IP changed to an unknown address, look at our cache
and see if that value has changed.

The reason for this is because if tor gets its address as a suggestion from a
directory authority, it is because the auto discovery failed and thus that
address should be consider for the IP change check.

Related to #40071

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
David Goulet
4b98140733 relay: Use testing circuit instead of dummy descriptor fetch
Tor now can learn its address from a NETINFO cell coming from an authority.
Thus, instead from launching a dummy descriptor fetch to learn the address
from the directory response (unauthenticated), we simply now launch a one-hop
testing circuit.

Related to #40071

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-17 07:58:26 -05:00
Nick Mathewson
41bea71adc Merge remote-tracking branch 'tor-gitlab/mr/197' into master 2020-11-16 22:43:09 -05:00
Nick Mathewson
c79957581e Merge branch 'maint-0.4.4' into master 2020-11-16 22:42:23 -05:00
Nick Mathewson
9001732394 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-11-16 22:42:22 -05:00
Nick Mathewson
7c0778ef7e Merge branch 'maint-0.3.5' into maint-0.4.3 2020-11-16 22:42:22 -05:00
Nick Mathewson
fcae26adf7 Merge remote-tracking branch 'tor-gitlab/mr/195' into maint-0.3.5 2020-11-16 22:42:15 -05:00
David Goulet
d425dbf04a port: Don't ignore ports of a different family
Commit c3a0f75796 added this feature for ORPort
that we ignore any port that is not the family of our default address when
parsing the port. So if port_parse_config() was called with an IPv4 default
address, all IPv6 address would be ignored.

That makes sense for ORPort since we call twice port_parse_config() for
0.0.0.0 and [::] but for the rest of the ports, it is not good since a
perfectly valid configuration can be:

  SocksPort 9050
  SocksPort [::1]:9050

Any non-ORPort only binds by default to an IPv4 except the ORPort that binds
to both IPv4 and IPv6 by default.

The fix here is to always parse all ports within port_parse_config() and then,
specifically for ORPort, remove the duplicates or superseding ones. The
warning is only emitted when a port supersedes another.

A unit tests is added to make sure SocksPort of different family always exists
together.

Fixes #40183

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-11-13 08:38:22 -05:00
Neel Chauhan
46ccde66a9 Use connection_or_change_state() in v3 handshaking state change 2020-11-12 12:06:34 -05:00
Nick Mathewson
dbc8d2a4e4 When handling includes, detect missing interned strings earlier.
There were three separate places where we were hitting a sandbox Bug
warning before we actually exited.

Fixes #40094; bugfix on 0.3.1.1-alpha when %includes were introduced.
2020-11-12 11:55:55 -05:00
Samanta Navarro
4a0cd79588 Fix typos.
Typos found with codespell.

Please keep in mind that this should have impact on actual code
and must be carefully evaluated:

src/core/or/lttng_circuit.inc
-    ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+    ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)
2020-11-12 11:44:09 -05:00
Nick Mathewson
ffa7b15950 Deliberately close OR connections if proxies leave extra data
We already did this, but we did it by accident, which is pretty
risky: if we hadn't, then our code would have treated extra data in
the inbuf as having been transmitted as TLS-authenticated data.

Closes ticket 40017; Found by opara.
2020-11-12 11:07:33 -05:00
Nick Mathewson
e2d3c9c5f8 Merge branch 'ticket40187' into master 2020-11-12 09:43:09 -05:00
Nick Mathewson
b79694ca18 Correct EOL date for 0.4.3.x 2020-11-12 09:42:54 -05:00
Nick Mathewson
f2168d28f7 Fake the current time when we're loading TEST_DESCRIPTORS.
Fixes bug 40187; bugfix on 0.4.5.1-alpha.
2020-11-12 09:28:27 -05:00
Nick Mathewson
7d8290f0ac Merge remote-tracking branch 'tor-gitlab/mr/183' into master 2020-11-12 08:47:05 -05:00
Nick Mathewson
dde6b8906f Merge branch 'maint-0.4.4' into master
"ours" to avoid version bump.
2020-11-12 08:13:26 -05:00
Nick Mathewson
3f1544bbd9 Bump to 0.4.4.6-dev 2020-11-12 08:13:07 -05:00
Nick Mathewson
09b4c73fe4 Merge branch 'maint-0.4.3' into maint-0.4.4
"ours" to avoid version bump.
2020-11-12 08:12:20 -05:00
Nick Mathewson
fd22fa183b Bump to 0.4.3.7-dev 2020-11-12 08:12:11 -05:00
Nick Mathewson
1fa90a2077 Merge branch 'maint-0.3.5' into maint-0.4.3
"ours" to avoid version bump.
2020-11-12 08:11:20 -05:00
Nick Mathewson
862c44e4ec Bump to 0.3.5.12-dev 2020-11-12 08:11:01 -05:00
Nick Mathewson
4806aa5da8 Copy ChangeLog and ReleaseNotes from today's releases to master branch 2020-11-12 07:37:25 -05:00
Nick Mathewson
9306ac5aa8 changes file for bug 40172. 2020-11-10 17:29:37 -05:00
Matthew Finkel
d8f9a5da5d Export RANLIB so it's available in combine_libs script
Fixes 40172; bugfix on 0.4.5.1-alpha
2020-11-10 22:07:34 +00:00
Nick Mathewson
bc6c37b202 Merge branch 'maint-0.4.4' into master
"-s ours" to avoid version bump.
2020-11-09 17:14:01 -05:00
Nick Mathewson
494ced690d Merge branch 'maint-0.4.3' into maint-0.4.4
"-s ours" to avoid version bump.
2020-11-09 17:13:41 -05:00
Nick Mathewson
3d3dc08ed8 Merge branch 'maint-0.3.5' into maint-0.4.3
"-s ours" to avoid version bump.
2020-11-09 17:13:25 -05:00
Nick Mathewson
210a94b231 Bump to 0.4.4.6 2020-11-09 17:13:02 -05:00
Nick Mathewson
6338c35e9d Bump to 0.4.3.7 2020-11-09 17:12:41 -05:00