Commit Graph

12999 Commits

Author SHA1 Message Date
Nick Mathewson
58dfebbcb4 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-26 11:18:19 -05:00
Nick Mathewson
46f36f3d62 Merge-forward our exit-notice backport (empty merge) 2011-01-26 11:18:13 -05:00
Andrew Lewman
741ef2a8cd fix the links in the exit-list notice we give out to users. 2011-01-26 11:15:09 -05:00
Nick Mathewson
ebb287c75d Backport current tor-exit-notice to 0.2.1 2011-01-26 11:15:09 -05:00
Nick Mathewson
ba3b03def0 Merge branch 'bug2409' into maint-0.2.2 2011-01-26 11:06:59 -05:00
Nick Mathewson
1478aa99b7 Merge branch 'bug2321' into maint-0.2.2 2011-01-26 11:06:55 -05:00
Nick Mathewson
9a4b2ec764 Avoid sketchy integer cast in cbt code
When calling circuit_build_times_shuffle_and_store_array, we were
passing a uint32_t as an int.  arma is pretty sure that this can't
actually cause a bug, because of checks elsewhere in the code, but
it's best not to pass a uint32_t as an int anyway.

Found by doorss; fix on 0.2.2.4-alpha.
2011-01-26 11:05:21 -05:00
Nick Mathewson
411ec3c0f8 Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).

This can also help detect forwarding loop requests.

Found as part of bug2279.
2011-01-25 20:39:44 -05:00
Nick Mathewson
85da676108 Fix double-mark bug when failing to init transparent connection
Fixes part of bug 2279.  Bugfix on 0.1.2.1-alpha.
2011-01-25 19:07:03 -05:00
Nick Mathewson
5ce8182bdb Log more about soft-hibernation 2011-01-25 18:45:13 -05:00
Nick Mathewson
e80bdfb4a0 Correctly detect BIO_new failures
This bug was noticed by cypherpunks; fixes bug 2378.

Bugfix on svn commit r110.
2011-01-25 18:26:49 -05:00
Nick Mathewson
bfde636aad Always treat failure to allocate an RSA key as an unrecoverable allocation error 2011-01-25 18:19:09 -05:00
Nick Mathewson
76582442a8 Handle failing cases of DH allocation 2011-01-25 18:09:38 -05:00
Nick Mathewson
c939c953ae Remove an unused function in crypto.c 2011-01-25 18:07:02 -05:00
Mike Perry
9e7691b05c Comment remaining CBT functions.
Left circuit_build_times_get_bw_scale() uncommented because it is in the wrong
place due to an improper bug2317 fix. It needs to be moved and renamed, as it
is not a cbt parameter.
2011-01-25 17:52:01 -05:00
Nick Mathewson
ffc3caf8d5 Describe consensus method 11 in dir-spec.txt 2011-01-25 17:49:50 -05:00
Mike Perry
3ede94159e Add changelog entry for bug2203. 2011-01-25 17:49:02 -05:00
Mike Perry
7b24b8e375 Fix authority side of 2203.
Do not add Exit bandwidth to E if BadExit is set.
2011-01-25 17:49:02 -05:00
Mike Perry
ec2ab3800f Fix client side of 2203: Do not count BadExits as Exits. 2011-01-25 17:49:02 -05:00
Nick Mathewson
3d1057c712 Add changes file for bug2004 2011-01-25 17:37:37 -05:00
Mike Perry
8b4a91c2b7 Fix bug #2004 by demoting a log message.
To quote arma: "So instead of stopping your CBT from screaming, you're just
going to throw it in the closet and hope you can't hear it?"

Yep. The log message can happen because at 95% point on the curve, we can be
way beyond the max timeout we've seen, if the curve has few points and is
shallow.

Also applied Nick's rule of thumb for rewriting some other notice log messages
to read like how you would explain them to a raving lunatic on #tor who was
shouting at you demanding what they meant. Hopefully the changes live up to
that standard.
2011-01-25 17:35:39 -05:00
Nick Mathewson
71862ed763 Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
2011-01-25 17:15:22 -05:00
Sebastian Hahn
7a446e6754 Tell which geoip file we're parsing 2011-01-25 15:54:51 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
e261a1a3e6 Simplify syntax for negated log domains
Previously if you wanted to say "All messages except network
messages", you needed to say "[*,~net]" and if you said "[~net]" by
mistake, you would get no messages at all.  Now, if you say "[~net]",
you get everything except networking messages.
2011-01-25 15:03:36 -05:00
Nick Mathewson
23f8bedddb Add manpage entry for logging domains
Fixes issue 2215.
2011-01-25 15:02:36 -05:00
Sebastian Hahn
68f8ca357f Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.
2011-01-25 14:13:06 -05:00
Nick Mathewson
a1073ee956 Simplest fix to bug2402: do not include SVN versions
When we stopped using svn, 0.2.1.x lost the ability to notice its svn
revision and report it in the version number.  However, it kept
looking at the micro-revision.i file... so if you switched to master,
built tor, then switched to 0.2.1.x, you'd get a micro-revision.i file
from master reported as an SVN tag.  This patch takes out the "include
the svn tag" logic entirely.

Bugfix on 0.2.1.15-rc; fixes bug 2402.
2011-01-25 14:08:13 -05:00
Nick Mathewson
5ed73e3807 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
2011-01-24 16:50:11 -05:00
Nick Mathewson
13e9a2b19d Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-20 15:00:24 -05:00
Nick Mathewson
1471e57743 Merge remote branch 'rransom/policy_summarize-assert' into maint-0.2.1 2011-01-20 14:59:23 -05:00
Robert Ransom
43414eb988 Fix bounds-checking in policy_summarize
Found by piebeer.
2011-01-20 11:17:57 -08:00
Nick Mathewson
a793f1f6f2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-19 13:25:38 -05:00
Nick Mathewson
c8f94eed12 Oops; actually add the code to the last patch. :/ 2011-01-19 13:25:17 -05:00
Nick Mathewson
971e83ef9c Fix two more SIZE_T_CEILING issues
This patch imposes (very long) limits on the length of a line in a
directory document, and on the length of a certificate.  I don't
think it should actually be possible to overrun these remotely,
since we already impose a maximum size on any directory object we're
downloading, but a little defensive programming never hurt anybody.

Roger emailed me that doorss reported these on IRC, but nobody seems
to have put them on the bugtracker.
2011-01-19 13:22:50 -05:00
Roger Dingledine
9bb947ea14 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-01-18 19:13:24 -05:00
Roger Dingledine
8875a028a7 be the winner, rewrite history 2011-01-18 19:12:01 -05:00
Roger Dingledine
7699014e1e Merge commit 'sebastian/bug2317' into maint-0.2.2 2011-01-15 21:54:49 -05:00
Roger Dingledine
bebd95e2c9 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-01-15 19:57:01 -05:00
Roger Dingledine
5110490253 0.2.1.29 changelog and blurb 2011-01-15 19:56:10 -05:00
Nick Mathewson
a7790d48af Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 14:15:19 -05:00
Nick Mathewson
ef6fa07e48 Fix a couple of non-cleared key issues in hidden services
we need to do more hunting, but this fixes the ones mentioned in 2385.
2011-01-15 14:10:54 -05:00
Nick Mathewson
9b09627edd Zero out some more key data before freeing it
Found by cypherpunks; fixes bug 2384.
2011-01-15 14:10:52 -05:00
Sebastian Hahn
a1860cc3f1 Update the spec with the new bounds 2011-01-15 19:50:06 +01:00
Sebastian Hahn
0df51a7f39 Tighten accepted circwindow parameters
Based on discussion in bug 2317, these values seem to be sane.
2011-01-15 19:42:17 +01:00
Sebastian Hahn
b06617c948 Provide constant limits for all consensus params
This addresses Nick's concern about doing non-constant bounds checking
inside networkstatus_get_param().
2011-01-15 19:42:17 +01:00
Sebastian Hahn
932e5c3cf0 Fix a typo spotted by Roger 2011-01-15 19:42:17 +01:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Sebastian Hahn
ca6c813612 Make get_net_param_from_list() static
This prepares for making the accessor method for consensus parameters
safer in the next commit.
2011-01-15 19:42:17 +01:00
Nick Mathewson
1393985768 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
	src/or/test.c
2011-01-15 13:25:13 -05:00