Commit Graph

20055 Commits

Author SHA1 Message Date
Sebastian Hahn
25c90230be Add bastet's ipv6 address
Implements ticket 24394
2017-11-27 09:09:16 -05:00
Nick Mathewson
a7e777ab8e bump to 0.3.2.5-alpha-dev 2017-11-22 08:34:02 -05:00
Nick Mathewson
5da6120e88 bump version to 0.3.2.5-alpha 2017-11-21 12:54:11 -05:00
Nick Mathewson
ba94dc28e8 Merge branches 'bug24099_031' and 'bug24086_031' into maint-0.3.2 2017-11-21 12:37:46 -05:00
Nick Mathewson
ea13a47791 add an explanatory comment about the error codes 2017-11-21 12:36:32 -05:00
teor
d7833c9d27
Avoid crashing if we call num_usable_bridges() when bridges are not enabled
This applies the changes in 23524 to num_usable_bridges(), because it has
replaced any_bridge_descriptors_known().

The original changes file still applies.
2017-11-22 02:01:51 +11:00
teor
690f646bf8
Stop checking cached bridge descriptors for usable bridges
Stop checking for bridge descriptors when we actually want to know if
any bridges are usable. This avoids potential bootstrapping issues.
Fixes bug 24367; bugfix on 0.2.0.3-alpha.

Stop stalling when bridges are changed at runtime. Stop stalling when
old bridge descriptors are cached, but they are not in use.
Fixes bug 24367; bugfix on 23347 in 0.3.2.1-alpha.
2017-11-22 02:00:34 +11:00
Nick Mathewson
da82e0b579 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-20 14:29:50 -05:00
George Kadianakis
69f93f806c Check number of usable guards when applying md restrictions.
We used to check whether we have enough filtered guards (guard set when
torrc is applied) but that's not good enough, since that might be bad in
some cases where many guards are not reachable (might cause overblocking
and hence reacahbility issues).

We now check if we have enough reachable filtered guards before applying
md restrictions which should prevent overblocking.
2017-11-20 14:28:56 -05:00
Nick Mathewson
846df5b3cd Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2 2017-11-20 13:20:25 -05:00
Nick Mathewson
68c21860e3 Add another assertion to check for 24086 root causes
In cdm_diff_ht_set_status(), we shouldn't have been allowing the
status CDM_DIFF_PRESENT to be set if there wasn't actually a handle.
2017-11-20 11:06:31 -05:00
Nick Mathewson
3bb29dd707 Correctly handle partial success in consensus diff calculation.
Previously, if store_multiple() reported a partial success, we would
store all the handles it gave us as if they had succeeded.  But it's
possible for the diff to be only partially successful -- for
example, if LZMA failed but the other compressors succeeded.

Fixes bug 24086; bugfix on 0.3.1.1-alpha.
2017-11-20 11:04:37 -05:00
Nick Mathewson
c8ee12b2e8 Recover better from empty/invalid storagedir files
If we can't read a file because of an FS issue, we say "we can't
read that" and move on.  But if we can't read it because it's empty,
because it has no labels, or because its labels are misformatted, we
should remove it.

Fixes bug 24099; bugfix on 0.3.1.1-alpha.
2017-11-20 10:14:41 -05:00
Nick Mathewson
cabcb752d7 In storagedir, take more care with errno on empty or mislabeled file
Required for 24099 fix -- we won't be able to act based on errno
unless we can trust it.
2017-11-20 10:10:13 -05:00
Nick Mathewson
e0f7a2dbd4 Merge branch 'bug23681_029_01_squashed' into maint-0.3.2 2017-11-20 08:39:34 -05:00
David Goulet
981bb60575 circuit: Don't timeout opened C_INTRODUCING circuit
A circuit with purpose C_INTRODUCING means that its state is opened but the
INTRODUCE1 cell hasn't been sent yet. We shouldn't consider that circuit when
looking for timing out "building circuit". We have to wait on the rendezvous
circuit to be opened before sending that cell so the intro circuit needs to be
kept alive for at least that period of time.

This patch makes that the purpose C_INTRODUCING is ignored in the
circuit_expire_building() which means that we let the circuit idle timeout
take care of it if we end up never using it.

Fixes #23681

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 08:33:44 -05:00
Nick Mathewson
7358559524 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-18 11:02:42 -05:00
Nick Mathewson
2d849716df Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-18 11:02:08 -05:00
Nick Mathewson
53c3174ee4 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-18 11:01:43 -05:00
Nick Mathewson
d388f9d879 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-18 11:01:33 -05:00
Nick Mathewson
d45bf0c65c Add an extra check in test_entrynodes
This check makes it so we can reach "done" without setting "conn",
and so the "if (conn)" check will not be redundant, and so coverity
won't complain.  Fixes CID 1422205.  Not actually a bug.
2017-11-18 10:26:45 -05:00
Nick Mathewson
a5b8b55c1c Fix memory leak in unit test for bridge distribution config.
Also, check for the actual message, and fix some string confusion,
while we're at it.

Fixes bug 24345; bugfix on 0.3.2.3-alpha.
2017-11-18 10:22:14 -05:00
Nick Mathewson
3a5ca47d8f Fix a clang unitialized-var warning 2017-11-17 09:57:52 -05:00
George Kadianakis
7e52947d57 Intoduce unittest for skipping outdated dirservers. 2017-11-17 09:57:46 -05:00
Nick Mathewson
9fbc835f10 Fix a wide comment 2017-11-17 09:57:15 -05:00
Nick Mathewson
2cee26b164 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-17 09:56:53 -05:00
Nick Mathewson
96b69942a5 Make should_set_md_dirserver_restriction() look at num filtered guards
This seems closer to what the code intended.
2017-11-17 09:52:41 -05:00
George Kadianakis
c400ffc2e8 Skip dirserver restrictions in small networks. 2017-11-17 09:52:41 -05:00
George Kadianakis
f61e3090fb Introduce new guard restriction and use it to skip outdated dirs. 2017-11-17 09:52:40 -05:00
George Kadianakis
7fc64f02a3 Introduce cache for outdated microdesc dirservers.
We gonna use this cache to avoid dirservers without outdated md info.
2017-11-17 09:52:40 -05:00
Matt Traudt
b98614f1af Only log about lost KIST support once 2017-11-17 09:25:47 -05:00
Nick Mathewson
85778dc92d Merge remote-tracking branch 'dgoulet/bug23861_032_01' into maint-0.3.2 2017-11-17 09:23:04 -05:00
Nick Mathewson
3a364309ac Merge branch 'bug24167_025' into maint-0.3.2 2017-11-17 08:35:52 -05:00
Nick Mathewson
0571015819 Merge branch 'ticket24097_032' into maint-0.3.2 2017-11-17 08:35:01 -05:00
Nick Mathewson
2d3904aba6 Check the libc version to decide whether to allow openat. 2017-11-16 14:06:38 -05:00
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
95238eb917 Fix a traceback when closing a blocked connection "immediately".
When we close a connection via connection_close_immediately, we kill
its events immediately. But if it had been blocked on bandwidth
read/write, we could try to re-add its (nonexistent) events later
from connection_bucket_refill -- if we got to that callback before
we swept the marked connections.

Fixes bug 24167.  Fortunately, this hasn't been a crash bug since we
introduced connection_check_event in 0.2.9.10, and backported it.

This is a bugfix on commit 89d422914a, I believe, which
appeared in Tor 0.1.0.1-rc.
2017-11-16 12:05:56 -05:00
David Goulet
380a95116a relay: Avoid extra LOG_NOTICE for every new descriptor batch
Commit 56c5e282a7 suppressed that same log
statement in directory_info_has_arrived() for microdescriptors so do the same
for the descriptors. As the commit says, we already have the bootstrap
progress for this.

Fixes #23861

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-16 10:57:05 -05:00
Nick Mathewson
2a98fcb848 Downgrade evdns warnings about weird replies.
evdns is allowed to give us unrecognized object types; it is allowed
to give us non-IPv4 answer types, and it is (even) allowed to give
us empty answers without an error.

Closes ticket 24097.
2017-11-16 09:30:19 -05:00
Nick Mathewson
ef55a7a69a Tweak the message when we re-enable CBT.
Implements ticket 20963.
2017-11-15 14:42:59 -05:00
Nick Mathewson
ae8683621a Merge remote-tracking branch 'asn/bug23662_032' into maint-0.3.2 2017-11-15 14:25:20 -05:00
Nick Mathewson
6dc784bdb3 Merge remote-tracking branch 'dgoulet/bug24230_032_01' into maint-0.3.2 2017-11-14 14:45:07 -05:00
George Kadianakis
c4a56ed5c2 Silence a warning about failed descriptor uploads.
Due to #23662 this can happen under natural causes and does not disturb
the functionality of the service. This is a simple 0.3.2 fix for now,
and we plan to fix this properly in 0.3.3.
2017-11-14 17:16:33 +02:00
Nick Mathewson
9f2efd02a1 Minimal implementation of bridge-distribution-request
Just advertise the line when we're a bridge, using "any" if we're
published or "none" if we aren't.

This is done in lieu of a full backport of #18329.
2017-11-13 20:44:51 -05:00
Nick Mathewson
1d5e693b63 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 20:36:04 -05:00
Nick Mathewson
50fbede459 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 20:36:04 -05:00
Nick Mathewson
1b9bb2c847 Merge branch 'bug22895_027' into maint-0.2.9 2017-11-13 20:35:59 -05:00
Nick Mathewson
fea5c8a015 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 12:57:58 -05:00
Nick Mathewson
543fd89fb7 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-13 12:57:58 -05:00
Nick Mathewson
800797e7f3 Merge branch 'bug23291_028' into maint-0.2.8 2017-11-13 12:57:55 -05:00
Nick Mathewson
d0b75b5ade Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-13 12:27:36 -05:00
David Goulet
7df28ce299 hs-v3: Fix consensus param "hsdir-interval" name
The dir-spec.txt specifies it to be "hsdir_interval" (underscore).

Fixes #24262

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-13 11:48:56 -05:00
Nick Mathewson
3300a6e93a Merge remote-tracking branch 'arma/ticket23637' into maint-0.3.2 2017-11-13 11:20:20 -05:00
Nick Mathewson
16bdb9e365 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:18:02 -05:00
Nick Mathewson
91188540af Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 11:18:02 -05:00
Nick Mathewson
ab415ae950 Merge remote-tracking branch 'teor/bug23470-029' into maint-0.2.9 2017-11-13 11:17:58 -05:00
Nick Mathewson
9092e9019a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:15:50 -05:00
Nick Mathewson
666653758d Merge branch 'bug8185_025' into maint-0.2.9 2017-11-13 11:15:47 -05:00
Nick Mathewson
0fc2b7f82e Merge branch 'bug8185_031' into maint-0.3.1 2017-11-13 11:15:40 -05:00
Nick Mathewson
ece63105d9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:13:22 -05:00
Nick Mathewson
c928fb988a Merge branch 'ticket21953_029' into maint-0.2.9 2017-11-13 11:13:18 -05:00
Nick Mathewson
a7ca71cf6b Fix mock_crypto_pk_public_checksig__nocheck() to handle short RSA keys
This function -- a mock replacement used only for fuzzing -- would
have a buffer overflow if it got an RSA key whose modulus was under
20 bytes long.

Fortunately, Tor itself does not appear to have a bug here.

Fixes bug 24247; bugfix on 0.3.0.3-alpha when fuzzing was
introduced.  Found by OSS-Fuzz; this is OSS-Fuzz issue 4177.
2017-11-11 14:44:45 -05:00
Nick Mathewson
ef92511577 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-11 12:23:34 -05:00
Nick Mathewson
512dfa15ed Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-11 12:23:34 -05:00
Nick Mathewson
9666c620d5 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-11 12:23:33 -05:00
Nick Mathewson
c9b76a12f5 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-11 12:23:33 -05:00
Nick Mathewson
5348c8996f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-11 12:23:33 -05:00
David Goulet
42ce6f78c8 control: Fix wrong Action on failure to upload an HS descriptor
On failure to upload, the HS_DESC event would report "UPLOAD_FAILED" as the
Action but it should have reported "FAILED" according to the spec.

Fixes #24230

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-10 15:31:31 -05:00
Karsten Loesing
6f8c32b7de Update geoip and geoip6 to the November 6 2017 database. 2017-11-10 10:14:09 +01:00
Nick Mathewson
aa1d90b40c Merge branch 'bug23985_029' into maint-0.3.2 2017-11-09 08:15:46 -05:00
Nick Mathewson
40c64f45f0 Re-remove AllowDotExit deprecation.
This was accidentally reintroduced in 5a46074e55.  It should be
harmless, though: the option is obsolete, so calling it deprecated
is redundant.
2017-11-09 07:58:27 -05:00
Nick Mathewson
c8859582a2 bump to 0.3.2.4-alpha-dev 2017-11-08 16:44:53 -05:00
David Goulet
fa70aabb62 dirauth: Recalculate voting schedule at first vote
Commit e67f4441eb introduced a safeguard against
using an uninitialized voting schedule object. However, the dirvote_act() code
was looking roughly at the same thing to know if it had to compute the timings
before voting with this condition:

  if (!voting_schedule.voting_starts) {
    ...
    dirvote_recalculate_timing(options, now);
  }

The sr_init() function is called very early and goes through the safeguard
thus the voting schedule is always initilized before the first vote.

That first vote is a crucial one because we need to have our voting schedule
aligned to the "now" time we are about to use for voting. Then, the schedule
is updated when we publish our consensus or/and when we set a new consensus.
From that point on, we only want to update the voting schedule through that
code flow.

This "created_on_demand" is indicating that the timings have been recalculated
on demand by another subsystem so if it is flagged, we know that we need to
ignore its values before voting.

Fixes #24186

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 14:46:49 -05:00
Nick Mathewson
0dc55fb247 Don't delay descriptor fetches when missing info needed for circuits
When we have fewer than 15 descriptors to fetch, we will delay the
fetch for a little while.  That's fine, if we can go ahead and build
circuits... but if not, it's a poor choice indeed.

Fixes bug 23985; bugfix on 0.1.1.11-alpha.

In 0.3.0.3-alpha, when we made primary guard descriptors necessary
for circuit building, this situation got worse.
2017-11-08 13:22:16 -05:00
Nick Mathewson
31a907881e downgrade severity for get_voting_schedule() 2017-11-08 11:50:57 -05:00
Nick Mathewson
02f05f2de2 Merge remote-tracking branch 'dgoulet/bug23751_032_01' into maint-0.3.2 2017-11-08 10:56:33 -05:00
Nick Mathewson
c74a817e83 Merge branch 'bug23318-redux_029' into maint-0.3.2 2017-11-08 10:47:22 -05:00
teor
6e4ebd41bb Stop calculating total twice in frac_nodes_with_descriptors()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
4f944cc4cc Check arguments and initialise variables in compute_weighted_bandwidths()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
fcaa4ab824 Actually log the total bandwidth in compute_weighted_bandwidths()
Fixes bug 24170; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
teor
14b0bba06e Use node counts in networks with all zero-bandwidths
When calculating the fraction of nodes that have descriptors, and all
all nodes in the network have zero bandwidths, count the number of nodes
instead.

Fixes bug 23318; bugfix on 0.2.4.10-alpha.
2017-11-08 10:45:18 -05:00
Nick Mathewson
3c03e237ab Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
David Goulet
dcabf801e5 sched: Ignore closed channel after flushing cells
The flush cells process can close a channel if the connection write fails but
still return that it flushed at least one cell. This is due because the error
is not propagated up the call stack so there is no way of knowing if the flush
actually was successful or not.

Because this would require an important refactoring touching multiple
subsystems, this patch is a bandaid to avoid the KIST scheduler to handle
closed channel in its loop.

Bandaid on #23751.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 09:44:39 -05:00
Nick Mathewson
e5a83062ed Merge branch 'bug23816_029_squashed' into maint-0.3.2 2017-11-08 08:11:22 -05:00
Nick Mathewson
cb29687e93 Replace our random-exponential-delay algorithm.
This patch has implementations of the "decorrelated" and "full"
algorithms from https://www.awsarchitectureblog.com/2015/03/backoff.html
2017-11-08 07:56:16 -05:00
Nick Mathewson
3dc61a5d71 Revert "Remove an erroneous 0.5 in compute_weighted_bandwidths()"
This reverts commit 01e984870a.
2017-11-07 20:35:19 -05:00
Nick Mathewson
c58471325a Merge remote-tracking branch 'dgoulet/bug24161_032_01' into maint-0.3.2 2017-11-07 14:00:18 -05:00
Nick Mathewson
c7d1d1ad2e Bump to 0.3.2.4-alpha 2017-11-07 13:22:27 -05:00
David Goulet
e67f4441eb Add a safe guard to avoid using a zeroed voting schedule
dirvote_get_next_valid_after_time() is the only public function that uses the
voting schedule outside of the dirvote subsystem so if it is zeroed,
recalculate its timing if we can that is if a consensus exists.

Part of #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:14:45 -05:00
David Goulet
8171d9f50f Recalculate voting schedule first when getting a new consensus
Because the HS and SR subsystems can use the voting schedule early (with the
changes in #23623 making the SR subsystem using the static voting schedule
object), we need to recalculate the schedule very early when setting the new
consensus.

Fixes #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:08:12 -05:00
Nick Mathewson
9d848ca58a Merge remote-tracking branch 'asn/ticket23623_032_01' into maint-0.3.2 2017-11-07 09:58:42 -05:00
Nick Mathewson
7d767706ef Merge branch 'bug24150_032_squashed' into maint-0.3.2 2017-11-06 12:59:23 -05:00
Nick Mathewson
5240afa713 Fix a memory leak on decryption non-failure of v3 hsdesc
If it decrypts something that turns out to start with a NUL byte,
then decrypt_desc_layer() will return 0 to indicate the length of
its result.  But 0 also indicates an error, which causes the result
not to be freed by decrypt_desc_layer()'s callers.

Since we're trying to stabilize 0.3.2.x, I've opted for the simpler
possible fix here and made it so that an empty decrypted string will
also count as an error.

Fixes bug 24150 and OSS-Fuzz issue 3994.

The original bug was present but unreachable in 0.3.1.1-alpha. I'm
calling this a bugfix on 0.3.2.1-alpha since that's the first version
where you could actually try to decrypt these descriptors.
2017-11-06 12:59:11 -05:00
Nick Mathewson
bebdd91058 Fix a 32-bit formatting warning 2017-11-06 10:16:10 -05:00
Nick Mathewson
c80293706f Merge remote-tracking branch 'public/bug23318_029' into maint-0.3.2 2017-11-06 09:48:51 -05:00
Nick Mathewson
9f3d9c68ab Merge branch 'bug21394_029' into maint-0.3.2 2017-11-05 14:39:37 -05:00
Sebastian Hahn
9827574308 Fix DNS resolution on busy exit relays
Thanks to Dhalgren who analyzed this issue two years ago and found a
solution!
2017-11-05 14:36:32 -05:00
Sebastian Hahn
d3fee8b823 ClientDNSRejectInternalAddresses in non-default networks
Once again allow the flag to be set, unless the default network is used.
Thanks to nickm for a suggestion for the workaround to a test failure.
2017-11-04 18:31:02 +01:00
Sebastian Hahn
e491c05f96 Undo deprecation of ClientDNSRejectInternalAddresses 2017-11-04 18:31:00 +01:00
Sebastian Hahn
5a46074e55 Revert "Make ClientDNSRejectInternalAddresses testing-only."
This reverts commit 27fa4a98d2.
2017-11-04 18:30:59 +01:00
David Goulet
0386280487 nodelist: Downgrade warning to protocol warning
The node_get_ed25519_id() warning can actually be triggered by a relay flagged
with NoEdConsensus so instead of triggering a warning on all relays of the
network, downgrade it to protocol warning.

Fixes #24025

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:33:57 -04:00
Nick Mathewson
cb42c62c9e Merge branch 'dgoulet_ticket23753_032_02_squashed' into maint-0.3.2 2017-11-02 10:30:42 -04:00
David Goulet
6dc591a024 sched: Rate limit scheduler_bug_occurred()
Just in case we end up hitting a SCHED_BUG() multiple times, rate limit the
log warning.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:30:33 -04:00
Matt Traudt
52050bb2c6 sched: Add another SCHED_BUG() callsite 2017-11-02 10:30:33 -04:00
David Goulet
3931a6f264 sched: Use SCHED_BUG() macro in scheduler
When a BUG() occurs, this macro will print extra information about the state
of the scheduler and the given channel if any. This will help us greatly to
fix future bugs in the scheduler especially when they occur rarely.

Fixes #23753

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:30:33 -04:00
teor
27ea6fcd31 Test that IPv6-only clients can use microdescriptors
When running "make test-network-all", test that IPv6-only clients can use
microdescriptors. IPv6-only microdescriptor client support was fixed in
tor 0.3.0.1-alpha.

Requires chutney master 61c28b9 or later.

Closes ticket 24109.
2017-11-02 10:25:49 -04:00
Nick Mathewson
6a9a118f90 Tweak a comment for a minor but important distinction 2017-11-02 10:22:32 -04:00
Nick Mathewson
3aab8307a5 Merge branch 'ticket23820_032_01_squashed' into maint-0.3.2 2017-11-02 10:19:29 -04:00
teor
176bfe1bed Don't run IPv6-only v3 single onion service tests using chutney
Part of #23820.
2017-11-02 10:19:05 -04:00
teor
cc072b6fbf Stop users configuring IPv6-only v3 single onion services
They are not yet implemented: they will upload descriptors, but won't be
able to rendezvous, because IPv6 addresses in link specifiers are ignored.

Part of #23820.
2017-11-02 10:19:05 -04:00
teor
a4f34c1106 Improve v3 onion service logging for intro and rend points
Diagnostics for #23820.
2017-11-02 10:19:05 -04:00
teor
77ed99b1a7 Remove buggy IPv6 and ed25519 handling from get_lspecs_from_extend_info()
The previous version of this function had the following issues:
* it didn't check if the extend_info contained an IPv6 address,
* it didn't check if the ed25519 identity key was valid.
But we can't add IPv6 support in a bugfix release.

Instead, BUG() if the address is an IPv6 address, so we always put IPv4
addresses in link specifiers. And ignore missing ed25519 identifiers,
rather than generating an all-zero link specifier.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-11-02 10:19:05 -04:00
David Goulet
bd631a649b test: Fix voting schedule for hs_service.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:31 -04:00
David Goulet
814f4c6967 test: Fix voting schedule for hs_common.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:19 -04:00
David Goulet
19d32fd0d6 test: Fix voting schedule for shared random
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:48:50 -04:00
Nick Mathewson
0627512368 Merge branch 'bug24082_032' into maint-0.3.2 2017-10-31 14:31:21 -04:00
Nick Mathewson
c3ea1ccf04 double newline 2017-10-31 14:18:48 -04:00
David Goulet
33da5d7672 test: Initialize the voting schedule in test_dir.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:07:41 -04:00
Nick Mathewson
8dffc46748 Merge branch 'hsdescv3_fuzz_more' into maint-0.3.2 2017-10-31 14:04:31 -04:00
Nick Mathewson
3d93ec3ef4 Merge branch 'bug23762_032_02_squashed' into maint-0.3.2 2017-10-31 12:14:21 -04:00
David Goulet
5dbcd48f0e hs-v3: Attempt descriptor refetch when dirinfo changes
When the directory information changes, callback to the HS client subsystem so
it can check if any pending SOCKS connections are waiting for a descriptor. If
yes, attempt a refetch for those.

Fixes #23762

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 12:14:11 -04:00
Nick Mathewson
5a21b27083 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-31 11:43:14 -04:00
Nick Mathewson
f2e23d38ab Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-31 11:43:14 -04:00
Nick Mathewson
7c59c751b0 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-31 11:43:14 -04:00
Nick Mathewson
04d4786cc4 Merge remote-tracking branch 'public/bug23693_029' into maint-0.2.9 2017-10-31 11:43:07 -04:00
David Goulet
ce99ebf25d Make tor recalculate voting schedule even if not a dirauth
Because the HS subsystem needs the voting schedule to compute time period, we
need all tor type to do that.

Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 09:55:24 -04:00
Nick Mathewson
5dce134fbb Initialize the mock options in the fuzzing code
Fixes bug 24082; bugfix on 0.3.0.3-alpha.  Found by Brian Carpenter.
2017-10-30 17:05:26 -04:00
Nick Mathewson
5bee5fbac7 Merge remote-tracking branch 'public/bug23774_032' into maint-0.3.2 2017-10-30 11:07:26 -04:00
Nick Mathewson
26e0909e51 In the hsdescv3 fuzzer, replace the decryption function.
The new decryption function performs no decryption, skips the salt,
and doesn't check the mac.  This allows us to fuzz the
hs_descriptor.c code using unencrypted descriptor test, and exercise
more of the code.

Related to 21509.
2017-10-27 14:28:02 -04:00
Nick Mathewson
d5eea977be bump to 0.3.2.3-alpha-dev. 2017-10-27 12:33:13 -04:00
David Goulet
7ee0a2b9aa sr: Don't use a dynamic voting schedule
The exposed get_voting_schedule() allocates and return a new object everytime
it is called leading to an awful lot of memory allocation when getting the
start time of the current round which is done for each node in the consensus.

Closes #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:37 -04:00
David Goulet
60164f057c dirvote: Move code. No behavior change
Needed for next commit to address #23623.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:18 -04:00
Nick Mathewson
fb88527195 update to 0.3.2.3-alpha 2017-10-27 08:59:07 -04:00
David Goulet
e598c6f6de hs-v3: Check the ed25519 key when picking intro point
If the intro point supports ed25519 link authentication, make sure we don't
have a zeroed key which would lead to a failure to extend to it.

We already check for an empty key if the intro point does not support it so
this makes the check on the key more consistent and symmetric.

Fixes #24002

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 14:54:20 -04:00
David Goulet
c4ef21ff5e fuzzing: Make hsdescv3 use the decoding API correctly
Fixes #21509

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 09:52:15 -04:00
David Goulet
4d2de821ce Revert "Temporarily disable compilation of the v3 hs fuzzing code"
This reverts commit 5ef656e7d1.
2017-10-26 09:41:47 -04:00
George Kadianakis
42a47c0e7d Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-26 13:36:04 +03:00
George Kadianakis
cbc70437a7 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-26 13:36:04 +03:00
teor
b4aa8fc3d9
Remove buggy IPv6 support from pick_intro_point() and service_intro_point_new()
The previous version of these functions had the following issues:
* they can't supply both the IPv4 and IPv6 addresses in link specifiers,
* they try to fall back to a 3-hop path when the address for a direct
  connection is unreachable, but this isn't supported by
  launch_rendezvous_point_circuit(), so it fails.
But we can't fix these things in a bugfix release.

Instead, always put IPv4 addresses in link specifiers.
And if a v3 single onion service can't reach any intro points, fail.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 17:02:46 +11:00
teor
20b0e9e07d
Remove buggy IPv6 support from hs_get_extend_info_from_lspecs()
The previous version of this function has the following issues:
* it doesn't choose between IPv4 and IPv6 addresses correctly, and
* it doesn't fall back to a 3-hop path when the address for a direct
  connection is unreachable.
But we can't fix these things in a bugfix release.

Instead, treat IPv6 addresses like any other unrecognised link specifier
and ignore them. If there is no IPv4 address, return NULL.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 14:38:06 +11:00
David Goulet
9592797cf3 hs-v2: Copy needed information between service on prunning
Turns out that when reloading a tor configured with hidden service(s), we
weren't copying all the needed information between the old service object to
the new one.

For instance, the desc_is_dirty timestamp wasn't which could lead to the
service uploading its desriptor much later than it would need to.

The replaycache wasn't also moved over and some intro point information as
well.

Fixes #23790

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-25 11:21:28 -04:00
Nick Mathewson
f68c1b1406 bump to 0.3.1.8-dev 2017-10-25 09:28:05 -04:00
Nick Mathewson
4edbbee2fd bump to 0.3.0.12-dev 2017-10-25 09:27:50 -04:00
Nick Mathewson
46091a88ca bump to 0.2.9.13-dev 2017-10-25 09:27:23 -04:00
Nick Mathewson
9969b0dfda bump to 0.2.8.16-dev 2017-10-25 09:27:07 -04:00
Nick Mathewson
82f8b27ff5 bump to 0.2.5.15-dev 2017-10-25 09:26:53 -04:00
Nick Mathewson
e7126a1030 Merge remote-tracking branch 'catalyst-oniongit/bug20532_031' into maint-0.3.2 2017-10-24 19:41:26 -04:00
Nick Mathewson
b95ef19a77 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:32 -04:00
Nick Mathewson
594cf92498 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:28 -04:00
Nick Mathewson
f3af74ccf5 Updates to fix check-spaces/check-changes warnings 2017-10-24 19:35:16 -04:00
Nick Mathewson
44e8aaa9aa Adjust test to allow hyphens too. 2017-10-24 19:33:38 -04:00
Isis Lovecruft
02cde0d939 test: Add unittest for descriptors with BridgeDistribution option. 2017-10-24 19:26:24 -04:00
Isis Lovecruft
b0e10f23ba doc: Improve documentation for check_bridge_distribution_setting(). 2017-10-24 19:26:24 -04:00
Nick Mathewson
613b18f0af Always set bridge-distribution-request on bridges' descriptors.
Also, warn the user if the BridgeDistribution option is
unrecognized, and reject the value if it is invalid.
2017-10-24 19:26:24 -04:00
Roger Dingledine
ebab521525 Add new BridgeDistribution config option
Bridge relays can use it to add a "bridge-distribution-request" line
to their bridge descriptor, which tells BridgeDB how they'd like their
bridge address to be given out.

Implements tickets 18329.
2017-10-24 19:26:24 -04:00
Taylor Yu
9b60acd4d4 Rewrite bridge addresses earlier
Call rewrite_node_address_for_bridge() in
launch_direct_bridge_descriptor_fetch() in case there's an existing
node_t for it.
2017-10-24 17:35:17 -05:00
Nick Mathewson
5325e7ccab bump version in the other places :/ 2017-10-24 09:11:17 -04:00
Nick Mathewson
552b620280 bump version in the other places :/ 2017-10-24 09:11:07 -04:00
Nick Mathewson
cbb41ddfef bump to 0.3.1.8 2017-10-24 09:09:50 -04:00
Nick Mathewson
743eee4930 bump to 0.2.5.15 2017-10-24 09:09:00 -04:00
Nick Mathewson
0d4addfc73 Merge branch 'bug23952_032' into maint-0.3.2 2017-10-24 08:24:12 -04:00
Nick Mathewson
f0a6ea0bfd Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 15:55:48 -04:00
Nick Mathewson
b1d6cf2508 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 15:55:48 -04:00
Nick Mathewson
9ae4ffc076 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 15:55:08 -04:00
Nick Mathewson
b1bd1bf19f Merge remote-tracking branch 'teor/bug23874-029' into maint-0.2.9 2017-10-23 15:53:45 -04:00
Nick Mathewson
48ee85e0c6 Have LOG_PROTOCOL_WARN call its own function
Also, make the function that implements LOG_PROTOCOL_WARN use a
cached value of the desired loglevel, rather than calling
get_options().
2017-10-23 12:22:26 -04:00
Nick Mathewson
af33fdd7c1 Remove the length limit from write_http_status_line
Fixes bug 23908; bugfix on 0.3.1.6-rc when we made the keypin
failure message really long.

Backport from 0.3.2's 771fb7e7ba,
where arma said "get rid of the scary 256-byte-buf landmine".
2017-10-23 09:21:22 -04:00
Nick Mathewson
fcd5c3144a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:11:10 -04:00
Nick Mathewson
eac4c374e4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:11:10 -04:00
Nick Mathewson
6a7aa47357 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:11:10 -04:00
Nick Mathewson
85115796bb Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:11:10 -04:00
Nick Mathewson
a5f5bda462 Adjust test, now that there are 9 dirauths again 2017-10-23 09:11:07 -04:00
Nick Mathewson
1db5081ba1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:06:34 -04:00
Nick Mathewson
c93ecb8189 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:06:34 -04:00
Nick Mathewson
009141c6a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:06:34 -04:00
Nick Mathewson
23e3d57e12 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:06:34 -04:00
Nick Mathewson
8cc147aa83 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 09:04:56 -04:00
David Goulet
15a699462d dirauth: Add bastet to the default authorities
Fixes #23910

Based on a patch by dgoulet; backported to 0.2.5
2017-10-23 09:03:36 -04:00
Nick Mathewson
c958fda6e2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:59:11 -04:00
Nick Mathewson
783e458c07 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:59:11 -04:00
Nick Mathewson
b8dedaee74 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 08:59:11 -04:00
Nick Mathewson
df57d1e0c0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:59:11 -04:00
Nick Mathewson
9a1b385462 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 08:58:28 -04:00
Nick Mathewson
132e2f69b1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:53:25 -04:00
Nick Mathewson
74e8fd22c9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:53:25 -04:00
Nick Mathewson
b68de63eb6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:53:25 -04:00
Nick Mathewson
6f87a85897 Merge remote-tracking branch 'public/bug23690_028' into maint-0.2.8 2017-10-23 08:53:14 -04:00
Nick Mathewson
35574d4a9a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:47:58 -04:00
Nick Mathewson
fcaf3335b4 Merge remote-tracking branch 'public/bug23081_025' into maint-0.2.9 2017-10-23 08:47:52 -04:00
Nick Mathewson
d29e4c0597 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:46:29 -04:00
Nick Mathewson
68dea082e7 Merge remote-tracking branch 'public/bug22349_029' into maint-0.2.9 2017-10-23 08:46:26 -04:00
Nick Mathewson
5d219ecf98 Update Longclaw's IP address; fixes 23592. 2017-10-17 14:00:30 -04:00
Nick Mathewson
8652f3e9e8 Fix memory leak when freeing socket_table in KIST. 2017-10-17 13:40:31 -04:00
teor
5bca66be49
Clear the address when node_get_prim_orport() returns early
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
2017-10-15 16:48:36 -04:00
Nick Mathewson
bdf60fc7ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-05 11:03:36 -04:00
Nick Mathewson
0cd7c1af37 Merge branch 'maint-0.3.1' 2017-10-05 11:03:36 -04:00
Nick Mathewson
2984d99165 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-05 11:03:35 -04:00
Nick Mathewson
d6bdec1595 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-05 11:03:35 -04:00
Nick Mathewson
ad7db10770 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-05 11:03:35 -04:00
Karsten Loesing
b9d9b16b76 Update geoip and geoip6 to the October 4 2017 database. 2017-10-05 16:56:14 +02:00
David Goulet
469ee6e6fe hs-v3: Refactor client refetch function
Create a function that tells us if we can fetch or not the descriptor for the
given service key.

No behavior change. Mostly moving code but with a slight change so the
function can properly work by returning a boolean and also a possible fetch
status code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-04 15:50:22 -04:00
Taylor Yu
44e4a96bb5 Don't expect permission failure if running as root
Skip test_config_include_no_permission() when running as root, because
it will get an unexpected success from config_get_lines_include().
This affects some continuous integration setups.  Fixes bug 23758.
2017-10-04 08:42:05 -05:00
David Goulet
2e8de0de3b sched: Implement SCHED_BUG()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 14:43:09 -04:00
cathugger
9d90f9829c hs-v3: Always generate the public key file on disk
Fixes #23748

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 11:19:10 -04:00
Nick Mathewson
1e7e36da4b Merge branch 'bug23672_032_01_squashed' 2017-10-03 10:56:52 -04:00
David Goulet
30d2e0b71e test: Add an HS v3 descriptor fetch unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
David Goulet
c232b6b59c hs-v3: Close pending SOCKS connection on descriptor fetch error
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
Nick Mathewson
783a44b2cd Merge remote-tracking branch 'asn/bug23670' 2017-10-03 09:05:16 -04:00
George Kadianakis
f7306b16ec entrynodes: Better naming for dir info check functions. 2017-10-03 15:55:19 +03:00
Nick Mathewson
a6c62cbd13 Merge branch 'bug23678_032' 2017-10-03 08:18:08 -04:00
Nick Mathewson
f923aeee1b Follow-up on 23678: fix socks/wrong_protocol test 2017-10-03 08:17:41 -04:00
Nick Mathewson
f2e820c45f torcert.c: mark some lines unreachable by tests
These are related to handling of failures on functions which can't
fail.
2017-10-03 08:07:36 -04:00
Nick Mathewson
bb7288b2c3 Make the fp_pair_map tests cover {get,set}_by_digests 2017-10-03 08:07:36 -04:00
George Kadianakis
5352785d0c entrynodes: Error msg for missing guard descs is now more informative. 2017-10-03 14:41:20 +03:00
George Kadianakis
f2231306ba entrynodes: Move guard dirinfo check below path dirinfo check.
We do that because we want to use the path fraction dirinfo data in case
we are missing primary guard dirinfo.
2017-10-03 14:41:18 +03:00
George Kadianakis
c9729853a5 entrynodes: Be specific about how many primary descriptors we miss. 2017-10-03 14:39:34 +03:00
Nick Mathewson
d0cae9fbc5 bump master to 0.3.2.2-alpha-dev 2017-10-02 19:19:51 -04:00
Alexander Færøy
c61508f9aa
Bump version to 0.3.2.2-alpha.
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2017-10-02 19:23:32 +00:00
Nick Mathewson
ad4dcd7d1a Fix our "not an HTTP Proxy" message in light of HTTPTunnelPort
When we added HTTPTunnelPort, the answer that we give when you try
to use your SOCKSPort as an HTTP proxy became wrong.  Now we explain
that Tor sorta _is_ an HTTP proxy, but a SOCKSPort isn't.

I have left the status line the same, in case anything is depending
on it.  I have removed the extra padding for Internet Explorer,
since the message is well over 512 bytes without it.

Fixes bug 23678; bugfix on 0.3.2.1-alpha.
2017-10-02 12:53:13 -04:00
Nick Mathewson
c50c98ba6a Make changes in server_mode() affect workers; fix a crash.
Without this fix, changes from client to bridge don't trigger
transition_affects_workers(), so we would never have actually
initialized the cpuworkers.

Fixes bug 23693.  Bugfix on 3bcdb26267 0.2.6.3-alpha, which
fixed bug 14901 in the general case, but not on the case where
public_server_mode() did not change.
2017-10-02 11:11:30 -04:00
Nick Mathewson
dddae36f5e Merge remote-tracking branch 'dgoulet/ticket23696_032_01' 2017-09-29 17:46:50 -04:00
Nick Mathewson
ca2e7eabc2 Merge branches 'bug8185_031' and 'bug8185_diagnostic_032' 2017-09-29 17:26:40 -04:00
David Goulet
070064de89 sched: Always initialize scheduler_last_run to now
Because our monotonic time interface doesn't play well with value set to 0,
always initialize to now() the scheduler_last_run at init() of the KIST
scheduler.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 14:07:55 -04:00
Matt Traudt
3ef7e6f187 sched: Don't get KIST stuck in an infinite loop
When a channel is scheduled and flush cells returns 0 that is no cells to
flush, we flag it back in waiting for cells so it doesn't get stuck in a
possible infinite loop.

It has been observed on moria1 where a closed channel end up in the scheduler
where the flush process returned 0 cells but it was ultimately kept in the
scheduling loop forever. We suspect that this is due to a more deeper problem
in tor where the channel_more_to_flush() is actually looking at the wrong
queue and was returning 1 for an empty channel thus putting the channel in the
"Case 4" of the scheduler which is to go back in pending state thus
re-considered at the next iteration.

This is a fix that allows the KIST scheduler to recover properly from a not
entirelly diagnosed problem in tor.

Fixes #23676

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 11:06:31 -04:00
Nick Mathewson
fc6c0b46fb Merge branch 'bug23690_additional_032' 2017-09-29 10:29:40 -04:00
Nick Mathewson
b0ddaac074 Make some assertions nonfatal to help prevent bug23690 recurrence. 2017-09-29 10:29:33 -04:00
Nick Mathewson
8ccefa7b7a Merge branch 'bug23690_028' 2017-09-29 10:28:33 -04:00
Nick Mathewson
f7222e6d8c Clear outbuf_flushlen when we clear a connection's outbuf
When we added single_conn_free_bytes(), we cleared the outbuf on a
connection without setting outbuf_flushlen() to 0.  This could cause
an assertion failure later on in flush_buf().

Fixes bug 23690; bugfix on 0.2.6.1-alpha.
2017-09-29 10:00:14 -04:00
Nick Mathewson
1a5746f8e1 Merge branch 'bug8185_025' into bug8185_031 2017-09-29 09:37:01 -04:00
Nick Mathewson
d256d4c0a6 Don't package cells onto marked circuits.
This caused a BUG log when we noticed that the circuit had no
channel.  The likeliest culprit for exposing that behavior is
d769cab3e5, where we made circuit_mark_for_close() NULL out
the n_chan and p_chan fields of the circuit.

Fixes bug 8185; bugfix on 0.2.5.4-alpha, I think.
2017-09-29 09:33:47 -04:00
Nick Mathewson
1b6ccb52ea Log more information when bug8185 is about to trigger.
My current theory is that this is just a marked circuit that hasn't
closed yet, but let's gather more information in case that theory is
wrong.

Diagnostic for 8185.
2017-09-29 09:24:01 -04:00
Nick Mathewson
4e6374c26b Merge remote-tracking branch 'catalyst-oniongit/bug23691' 2017-09-28 19:07:23 -04:00
Taylor Yu
2ae1b7e2db Fix leak in test_util.c
AddressSanitizer found a leak in test_util_decompress_dos_impl().
Fixes bug #23691.
2017-09-28 17:53:38 -05:00
Alexander Færøy
8d6940814a
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 20:17:41 +02:00
Alexander Færøy
c2fac2c6b0
Enable disabled test that was disabled due to bug #23551
See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
44dc4b73ec
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
c3b7f9d762
Fix whitespace issue in compress.c 2017-09-28 18:58:15 +02:00
Alexander Færøy
a196fdb622
Fix typo in buffers.c. 2017-09-28 18:58:09 +02:00
Nick Mathewson
3a073c463d Improve unit test coverage for compression code.
These tests try uncompressing garbage, verify that we won't
make compression bombs, and verify that we won't uncompress
compression bombs.
2017-09-28 12:20:02 -04:00
Nick Mathewson
14614a592e Fix spelling: compressing, not compresing 2017-09-28 12:17:34 -04:00
Nick Mathewson
f71ff0cabc Unit test for case where %included dir exists but is unreadable 2017-09-28 09:49:30 -04:00
Nick Mathewson
5b6f2713cd unit test for config_lines_dup_and_filter 2017-09-28 09:40:17 -04:00
Nick Mathewson
55873107d0 Correct docs for config_lines_dup_and_filter 2017-09-28 09:40:04 -04:00
Nick Mathewson
a64d79ca4c Move around some LCOV_EXCLs in src/common
Apparently, my compiler now generates coverage markers for
label-only lines, so we need to exclude those too if they are meant
to be unreachable.
2017-09-28 09:25:17 -04:00
Nick Mathewson
99e52711bb Add unit test for buf_get_line(). 2017-09-28 08:35:30 -04:00
Nick Mathewson
01d67a9071 Note an unreachable (?) section in buffers.c 2017-09-28 08:35:24 -04:00
Nick Mathewson
f21102c069 Let's get 100% coverage for proto_http while we're at it.
There was some coverage before, but it was mostly accidental.
2017-09-27 21:45:55 -04:00
Nick Mathewson
57f04a482e Test more error cases of our socks code.
Coverage is now respectable. :)
2017-09-27 19:37:36 -04:00
Nick Mathewson
6882e711d0 Add unit tests for SOCKS functions that parse server responses
We use these when we're acting as a SOCKS client, but we'd never
actually written tests for them :/
2017-09-27 18:55:14 -04:00
Nick Mathewson
5418aa84ee socks5 unit tests: add check for ipv6 address type. 2017-09-27 11:23:09 -04:00
Nick Mathewson
04f7873bab Socks tests for bad socks5 username/passwd auth. 2017-09-27 11:16:29 -04:00
Nick Mathewson
14124f82df Mark some tests in parse_socks.c as unreachable (BUG, LCOV)
These tests aren't reachable, given their actual arguments.  I'm
going to mark them as BUG(), and as unreachable with LCOV.
2017-09-27 11:16:20 -04:00
Nick Mathewson
5427365907 testing: test many possible truncated SOCKS commands
Many of the 'truncated command' paths in fetch_from_buf_socks() were
not reached by the tests.  This new unit test tries to check them
exhaustively.
2017-09-27 10:54:56 -04:00
David Goulet
cf75c1af66 hs-v3: Don't fetch descriptor if we have a pending request
If 6 SOCKS requests are opened at once, it would have triggered 6 fetches
which ultimately poke all 6 HSDir. We don't want that, if we have multiple
SOCKS requests for the same service, do one fetch only.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-27 09:24:35 -04:00
George Kadianakis
178a2bbcff prop224: Fix one last instance of get_time_period_num() with now.
When purging last HSDir requests, we used time(NULL) for computing the
service blinded key but in all other places in our codebase we actually
use the consensus times. That can cause wrong behavior if the consensus
is in a different time period than time(NULL).

This commit is required for proper purging of HSDir requests.
2017-09-27 09:24:35 -04:00
George Kadianakis
6051375cca prop224: Update some function docs with the right retval. 2017-09-27 09:24:35 -04:00
Nick Mathewson
a57f495c1a Move ext_or_command tests to test_proto_misc.c
No other code changes.
2017-09-27 09:11:15 -04:00
Nick Mathewson
b8b016940d Add unit tests for var_cell and control0 proto functions. 2017-09-27 09:09:00 -04:00
Taylor Yu
8f8a4c0ced Eat redundant semicolons 2017-09-26 15:12:34 -04:00
David Goulet
40ab25db62 hs-v3: Don't non fatal assert if we can't get the intro extend info
Fixes #23159.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-26 13:55:51 -04:00
Nick Mathewson
6beeb10070 Merge branch 'typecheck4' 2017-09-26 12:26:01 -04:00
Nick Mathewson
49d2346b80 Type bug in shared_random_state -- make sure Version is int.
The confparse field has type UINT, which corresponds to an int
type.  We had uint32_t.

This shouldn't cause trouble in practice, since int happens to
4-bytes wide on every platform where an authority is running.  It's
still wrong, though.
2017-09-26 12:25:34 -04:00
Nick Mathewson
a5b18dfba9 Make the TransProxyType field non-const
The correct type for a STRING confparse value is char *, not const
char *.
2017-09-26 12:25:07 -04:00
Nick Mathewson
4d11a468b2 Correct two state-file variable types.
These should have been int, but we had listed them as unsigned.
That's an easy mistake to make, since "int" corresponds with either
INT or UINT in the configuration file.

This bug cannot have actually caused a problem in practice, since we
check those fields' values on load, and ensure that they are in
range 0..INT32_MAX.
2017-09-26 12:25:01 -04:00
Nick Mathewson
eb54a856a2 Add test to make sure all confparse variables are well-typed
New approach, suggested by Taylor: During testing builds, we
initialize a union member of an appropriate pointer type with the
address of the member field we're trying to test, so we can make
sure that the compiler doesn't warn.

My earlier approach invoked undefined behavior.
2017-09-26 12:24:04 -04:00
Nick Mathewson
1f3db0514e Merge remote-tracking branch 'asn/ticket23645_032_01' 2017-09-26 08:55:59 -04:00
David Goulet
648d5ea67e hs: Improve logging
Also demote a log message that can occur under natural causes
(if the circuit subsystem is missing descriptors/consensus etc.).
The HS subsystem will naturally retry to connect to intro points,
so no need to make that log user-facing.
2017-09-26 13:55:44 +03:00
David Goulet
4190f602bd circuit: Log n_circ_id and global identifier of HS circuits
So we can track them more easily in the logs and match any open/close/free
with those identifiers.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:21:04 -04:00
David Goulet
767b1815e9 circuit: Log circuit identifiers when cannibalizing
This removes the "nickname" of the cannibalized circuit last hop as it is
useless. It now logs the n_circ_id and global identifier so we can match it
with other logging statement.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:08:11 -04:00
David Goulet
fb4a82c485 circuit: Keep a copy of n_circ_id for logging
Prior to the log statement, the circuit n_circ_id value is zeroed so keep a
copy so we can log it at the end.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:04:30 -04:00
David Goulet
de54e14312 circuit: Closing reason are signed values
Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:01:12 -04:00
Nick Mathewson
45530ed729 Merge branch 'bug22109' 2017-09-25 14:32:04 -04:00
Nick Mathewson
81c4793232 Make testing rend1_payload variables static
This fixes a clang warning.
2017-09-25 13:26:43 -04:00
Nick Mathewson
90e8d1f58f Merge branch 'bug23539_032_01_squashed' 2017-09-25 11:12:56 -04:00
Nick Mathewson
581e2c8b2c Whitespace fix. 2017-09-25 11:12:45 -04:00
Matt Traudt
7bbc29b0f2 sched: make interval a plain int; initialize with macro 2017-09-25 11:11:30 -04:00
David Goulet
ef2a449cce sched: Make KISTSchedRunInterval non negative
Fixes #23539.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 11:11:30 -04:00
Nick Mathewson
777e828ef3 Merge remote-tracking branch 'asn/ticket23420_032_01' 2017-09-25 09:24:36 -04:00
George Kadianakis
03b3f5486a prop224: Add test for parsing RENDEZVOUS1 cell.
Just making sure that added padding does not screw up cell parsing.
2017-09-25 15:00:06 +03:00
Roger Dingledine
8dff23eb34 Assign Exit flag only for ports 80 and 443
Make the "Exit" flag assignment only depend on whether the exit
policy allows connections to ports 80 and 443. Previously relays
would get the Exit flag if they allowed connections to one of
these ports and also port 6667.

Resolves ticket 23637.
2017-09-24 19:27:07 -04:00
Roger Dingledine
a1f31c0671 fix typo 2017-09-22 17:26:29 -04:00
Nick Mathewson
01e984870a Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-09-22 15:29:15 -04:00
Nick Mathewson
22e2c3bf7d Fix check-spaces and a weird copyright. 2017-09-22 12:20:26 -04:00
Nick Mathewson
230a336798 Use setup_full_capture_of_logs for 21800
setup_capture_of_logs() doesn't actually suppress warnings :p
2017-09-22 10:22:47 -04:00
Nick Mathewson
ac3fdb74c2 Remove unused chosen_scheduler_type variable. 2017-09-22 09:56:54 -04:00
Nick Mathewson
122eab78d9 Merge remote-tracking branch 'pastly/bug23552_032_03' 2017-09-22 09:54:41 -04:00
David Goulet
dc5c9af6c3 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-22 09:09:13 -04:00
Nick Mathewson
91467e04b1 Merge branch 'bug22805_v2_squashed' 2017-09-22 08:58:17 -04:00
Nick Mathewson
95a7e7e925 Stop using CREATE_FAST as a signifier of clienthood.
Relays send it, and we may as well let them.  Part of our fix for
22805.
2017-09-22 08:57:45 -04:00
Nick Mathewson
ceb49c1c5f Use channel_is_client() accessor in channelpadding.c.
Also, allow channel_is_client() to take a const channel.
2017-09-22 08:55:53 -04:00
Nick Mathewson
d1e0e486e9 Stop clearing the is_client flag on channel directly 2017-09-22 08:55:53 -04:00
Nick Mathewson
66aff2d8f3 Remove or_circuit_t.is_first_hop; use channel_is_client() instead
The is_first_hop field should have been called used_create_fast,
but everywhere that we wanted to check it, we should have been
checking channel_is_client() instead.
2017-09-22 08:55:53 -04:00
Matt Traudt
88b317ef28 sched: move code to respect comments
The diff is confusing, but were two static scheduler functions that
needed moving to static comment block.

No code change. Thanks dgoulet for original commit
2017-09-22 08:52:27 -04:00
Matt Traudt
22699e3f16 sched: only log when scheduler type changes
Closes 23552. Thanks dgoulet for original impl
2017-09-22 08:51:22 -04:00
Nick Mathewson
512c57cff9 test_util: capture the log in the correct place. 2017-09-22 08:51:03 -04:00
Nick Mathewson
00d7b60557 Merge branch 'bug21800' 2017-09-21 17:39:54 -04:00
Nick Mathewson
bb9b8e65bb Merge remote-tracking branch 'pastly/bug23581_032_03' 2017-09-21 17:33:10 -04:00
Nick Mathewson
33d44dc4ac Capture "Result does not fit in tor_timegm()" warnings in util tests
Fixes bug 21800; bugfix on 0.2.9.x
2017-09-21 15:32:16 -04:00
David Goulet
7f3dc8327a hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:38:43 -04:00
David Goulet
1749e07891 hs: Improve comments for when we change timestamps
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:24:36 -04:00
David Goulet
c20d4db7bf sched: Hard exit if we can't select a scheduler
Fixes #23581

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:18:42 -04:00
David Goulet
6045bdd4a0 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 13:13:53 -04:00
Nick Mathewson
4c7a89a226 Merge remote-tracking branch 'catalyst-oniongit/bug23607' 2017-09-21 10:58:06 -04:00
Nick Mathewson
c7b7cf8e18 Merge branch 'maint-0.3.1' 2017-09-21 10:39:10 -04:00
Mike Perry
d70a793cfc Bug 23608: Mock time for all channelpadding tests. 2017-09-21 10:36:57 -04:00
Taylor Yu
ad814cad41 Avoid assertion failure for state file clock skew
The clock_skew_warning() refactoring allowed calls from
or_state_load() to control_event_bootstrap_problem() to occur prior
bootstrap phase 0, causing an assertion failure.  Initialize the
bootstrap status prior to calling clock_skew_warning() from
or_state_load().
2017-09-20 18:54:37 -05:00
Taylor Yu
1c017edac3 Use correct sign for state file clock skew
or_state_load() was using an incorrect sign convention when calling
clock_skew_warning() to warn about state file clock skew.  This caused
the wording of the warning to be incorrect about the direction of the
skew.
2017-09-20 18:50:39 -05:00
Nick Mathewson
ac8e26a415 Use correct name for authtype 3 in a comment. 2017-09-20 15:46:21 -04:00
David Goulet
9b4513c5d1 hs: Log the intro point when we clean it up
When we remove an intro point from the service list, log info about it and
some useful data.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 13:08:16 -04:00
David Goulet
317dabc57f circuit: Log n_circ_id and global identifier
When we can, log the n circuit id and global identifier for origin circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 12:52:53 -04:00
Nick Mathewson
2998350122 Merge branch 'bug23080' 2017-09-20 12:12:02 -04:00
Nick Mathewson
f9155ff416 Unit test to make sure that our platform string is parseable
Closes 22109.
2017-09-20 10:10:02 -04:00
Nick Mathewson
ff0aabc35d Merge branch 'maint-0.3.1' 2017-09-20 09:45:07 -04:00
Andreas Stieger
427c2cc9e8 in zstd compression, fix 32 bit build
format '%lu' expects argument of type 'long unsigned int', but argument ... has type 'size_t'

Closes ticket 23568.
2017-09-20 09:43:08 -04:00
Nick Mathewson
427ae164f3 Fix a comment that misunderstood is_canonical
is_canonical doesn't mean "am I connected to the one true address of
this relay"; it means "does this relay tell me that the address I'm
connected to belong to it."  The point is to prevent TCP-based MITM,
not to prevent the relay from multi-homing.

Related to 22890.
2017-09-20 09:41:01 -04:00
Nick Mathewson
c4e8548c59 Warn on ExtORPort USERADDR that is missing or 0.
Diagnoses violations on #23080.
2017-09-20 08:50:49 -04:00
Nick Mathewson
9e0587f806 Merge remote-tracking branch 'dgoulet/ticket23305_032_01' 2017-09-20 08:36:11 -04:00
Nick Mathewson
2c93be80d9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-20 08:32:55 -04:00
Nick Mathewson
746410fb24 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-20 08:32:55 -04:00
Nick Mathewson
654820ec1c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-20 08:32:55 -04:00
Nick Mathewson
a8f4f5742e Merge branch 'maint-0.3.1' 2017-09-20 08:32:55 -04:00
teor
8e52c46581
Remove longclaw's IPv6 address, as it will soon change
Authority IPv6 addresses were originally added in 0.2.8.1-alpha.

This leaves 3/8 directory authorities with IPv6 addresses, but there
are also 52 fallback directory mirrors with IPv6 addresses.

Resolves 19760.
2017-09-20 14:48:53 +10:00
Matt Traudt
4a3b61a5b3 sched: reorder code to fit comment bodies; comment typos
Closes 23560
2017-09-19 20:13:28 -04:00
Roger Dingledine
1c956ccd5f fix typos/etc found while starting to look at scheduler 2017-09-19 19:55:57 -04:00
Nick Mathewson
6628c95e54 Merge remote-tracking branch 'pastly2/bug23566_032_01' 2017-09-19 19:35:46 -04:00
Matt Traudt
951b9f1fa5 tests: fix transproxy tests on BSD systems 2017-09-19 19:20:55 -04:00
Matt Traudt
a8c54ce581 sched: Allow the new sched to react to new cons 2017-09-19 19:07:48 -04:00
Nick Mathewson
ac73913d40 Merge branch 'bug23583_029' 2017-09-19 14:12:29 -04:00
Nick Mathewson
10ea3343b5 Avoid integer error in TEST_BITOPS tests
If "1" is not 64 bits wide already, then "1 << i" will not actually
work.

This bug only affects the TEST_BITOPS code, and shouldn't matter for
the actual use of the timeout code (except if/when it causes this
test to fail).

Reported by dcb314@hotmail.com.  Fix for bug 23583.  Not adding a
changes file, since this code is never compiled into Tor.
2017-09-19 13:58:35 -04:00
David Goulet
5dea4b565f Add a BASE32_DIGEST_LEN define
Use this value instead of hardcoded values of 32 everywhere. This also
addresses the use of REND_DESC_ID_V2_LEN_BASE32 in
hs_lookup_last_hid_serv_request() for the HSDir encoded identity digest length
which is accurate but semantically wrong.

Fixes #23305.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 12:33:04 -04:00
David Goulet
a3f5a24669 hs: Pad RENDEZVOUS1 v3 cell to match length of v2
RENDEZVOUS1 cell is 84 bytes long in v3 and 168 bytes long in v2 so this
commit pads with random bytes the v3 cells up to 168 bytes so they all look
alike at the rendezvous point.

Closes #23420

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 09:13:28 -04:00
Nick Mathewson
84d587bed8 Merge remote-tracking branch 'teor/minor-comments' 2017-09-19 08:24:49 -04:00
teor
e77ece3b31
Avoid a compilation warning on macOS in scheduler_ev_add()
This warning is caused by a different tv_usec data type on macOS
compared to the system on which the patch was developed.

Fixes 23575 on 0.3.2.1-alpha.
2017-09-19 16:32:47 +10:00
teor
429d88ad6a
Improve comments around connection_or_client_used() 2017-09-19 14:30:27 +10:00
teor
228d782229
Improve comments formatting in connection.c 2017-09-19 14:30:09 +10:00
Nick Mathewson
6afc924d7e Correct what-is-deprecated-when comments 2017-09-18 15:11:33 -04:00
Nick Mathewson
94a88eaa45 Merge remote-tracking branch 'public/ticket19704' 2017-09-18 15:02:16 -04:00
Nick Mathewson
32858610c7 bump to 0.3.2.1.-alpha-dev 2017-09-18 14:40:13 -04:00
Nick Mathewson
0e85b71066 bump to 0.3.1.7-dev 2017-09-18 14:40:04 -04:00
Nick Mathewson
e78347fcc2 bump to 0.3.0.11-dev 2017-09-18 14:39:55 -04:00
Nick Mathewson
a57f1ff7ab bump to 0.2.9.12-dev 2017-09-18 14:39:46 -04:00
Nick Mathewson
0a72d1c8f1 bump to 0.2.8.15-dev 2017-09-18 14:39:40 -04:00
Nick Mathewson
290274dbb5 Add a cast so that 32-bit compilation goes without errors 2017-09-18 12:44:26 -04:00
Nick Mathewson
a23a168f24 Merge remote-tracking branch 'dgoulet/bug23558_032_01' 2017-09-18 11:02:37 -04:00
David Goulet
c7af923567 sched: BUG() on event_add() and log_warn next_run
It is highly unlikely to happen but if so, we need to know and why. The
warning with the next_run values could help.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-18 10:58:38 -04:00
David Goulet
77cc97cf0a sched: Don't cast to int32_t the monotime_diff_msec() result
When the KIST schedule() is called, it computes a diff value between the last
scheduler run and the current monotonic time. If tha value is below the run
interval, the libevent even is updated else the event is run.

It turned out that casting to int32_t the returned int64_t value for the very
first scheduler run (which is set to 0) was creating an overflow on the 32 bit
value leading to adding the event with a gigantic usec value. The scheduler
was simply never running for a while.

First of all, a BUG() is added for a diff value < 0 because if the time is
really monotonic, we should never have a now time that is lower than the last
scheduler run time. And we will try to recover with a diff value to 0.

Second, the diff value is changed to int64_t so we avoid this "bootstrap
overflow" and future casting overflow problems.

Fixes #23558

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-18 10:55:54 -04:00
Nick Mathewson
aaf0fa6d11 Merge branch 'maint-0.3.1' 2017-09-18 10:48:31 -04:00
Nick Mathewson
63ae9ea316 Make hs_ntor_ref.py work with python3 2017-09-18 10:48:28 -04:00
Nick Mathewson
d9dccb00cc Bump to 0.3.2.1-alpha 2017-09-18 10:30:41 -04:00
Nick Mathewson
c7d0096f9d Merge branch 'maint-0.3.1' 2017-09-18 09:42:30 -04:00
Nick Mathewson
23c4592ee9 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-18 09:40:40 -04:00
Nick Mathewson
314652dc16 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-18 09:39:46 -04:00
Nick Mathewson
09ea89764a Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
2017-09-18 09:32:41 -04:00
Nick Mathewson
4a2cbea6ce Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
2017-09-18 09:27:07 -04:00
Nick Mathewson
dd8eeabfd1 Fix memory leak in tor-gencert.c
This was introduced in 4ff170d7b1, and is probably
unreachable, but coverity complained about it (CID 1417761). Bug not
in any released Tor, so no changes file.
2017-09-17 20:42:28 -04:00
Nick Mathewson
4519b7b469 kist_no_kernel_support is unused when we didn't detect it.
So, remove it.
2017-09-15 16:44:05 -04:00
Nick Mathewson
f4af1919ab Replace accumulated C ;;s with ;s
I don't know where these came from.
2017-09-15 16:43:17 -04:00
Nick Mathewson
76c33f7ff4 Merge branch 'scan-build-032' 2017-09-15 16:40:11 -04:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Nick Mathewson
7a597718bb Split some long #if lines to make the #endif annotator happy 2017-09-15 16:24:21 -04:00
Nick Mathewson
639766dbc3 Merge branch 'maint-0.3.1'
Resolve conflict with 23532 code.
2017-09-15 14:40:35 -04:00
Nick Mathewson
a01e4a1a95 kist: Cast, then do operations on int32.
Otherwise integer overflows can happen.  Remember, doing a i32xi32
multiply doesn't actually produce a 64-bit output.  You need to do
i64xi32 or i64xi64.

Coverity found this as CID 1417753
2017-09-15 14:30:19 -04:00
Nick Mathewson
9201e4c74b Merge branch 'bug23487_029' 2017-09-15 14:27:58 -04:00
Nick Mathewson
75659fd548 Use different variable names for pw_uid usages
Catalyst points out that using pw_uid for two different purposes
here is likely to be confusing.
2017-09-15 14:26:59 -04:00
Nick Mathewson
03e102c1bb Make netinet/tcp include conditional too: windows lacks it. 2017-09-15 14:08:51 -04:00
Nick Mathewson
44fa866621 fix some 32-bit warnings about printf arguments 2017-09-15 14:02:08 -04:00
Nick Mathewson
37302e64a4 Merge branch 'remove_allow_dotexit_v2' 2017-09-15 12:10:47 -04:00
Nick Mathewson
f02fd6c3af Remove AllowDotExit.
It's been deprecated since 0.2.9.2-alpha.  Closes ticket 23426.
2017-09-15 12:09:33 -04:00
Nick Mathewson
fea2d84ce3 wrap a wide comment 2017-09-15 12:03:08 -04:00
Nick Mathewson
0f4f40b70f Merge remote-tracking branch 'dgoulet/ticket12541_032_02' 2017-09-15 12:00:50 -04:00
Nick Mathewson
962b0b849b Merge remote-tracking branch 'dgoulet/ticket19254_032_01' 2017-09-15 11:52:10 -04:00
Matt Traudt
ae9e6b547d sched: add comment about how we determine if a socket should write 2017-09-15 11:40:59 -04:00
Matt Traudt
501c58187d sched: add more per-socket limit documentation; int fix 2017-09-15 11:40:59 -04:00
David Goulet
513d642a66 sched: Revert IF_BUG_ONCE() to tor_assert()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
1033e14a69 sched: Define SCHEDULER_KIST_PRIVATE for more encapsulation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
c910610701 sched: Improve logging if KIST is disabled
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
0d0b677b64 test: Fix unit tests with latest scheduler changes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
734dbfa590 sched: Make the scheduler object static
Each type of scheduler implements its own static scheduler_t object and
returns a reference to it.

This commit also makes it a const pointer that is it can only change inside
the scheduler type subsystem but not outside for extra protection.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
bd34a0d30f sched: Compare channel pointer in the socket table
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
e0984b8a51 sched: Make the outbuf table local to run()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
ba08f8a4ed sched: Make check-spaces happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
3d2d8d6841 sched: Extra careful in channel_outbuf_length()
In case we don't have a connection object in the channel, just be careful and
recover.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
14cd8bdd4b sched: Don't expose the global scheduler libevent object
Instead, add wrappers to do the needed action the different scheduler needs
with the libevent object.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
84d18f70f3 sched: Always call on_channel_free() regardless of state
A channel can bounce in the scheduler and bounce out with the IDLE state which
means that if it came in the scheduler once, it has socket information that
needs to be freed from the global hash table.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
7cc9621d11 sched: Add Schedulers torrc option
This option is a list of possible scheduler type tor can use ordered by
priority. Its default value is "KIST,KISTLite,Vanilla" which means that KIST
will be used first and if unavailable will fallback to KISTLite and so on.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
6ff8c86ac6 sched: change most asserts to non-fatal BUGs 2017-09-15 11:40:59 -04:00
Matt Traudt
4bc97c6431 sched: revisist compatibility on non-linux systems
Wrap things in HAVE_KIST_SUPPORT until Tor compiles and tests cleanly on
my OS X machine.
2017-09-15 11:40:59 -04:00
Matt Traudt
8ccb2c106a sched: rename scheduler to the_scheduler 2017-09-15 11:40:59 -04:00
Matt Traudt
7f1d643083 sched: validate KIST sched options 2017-09-15 11:40:59 -04:00
Matt Traudt
61fc9c41ad sched: switch to monotonic time; add/fix comments, style, and logs msgs 2017-09-15 11:40:59 -04:00
David Goulet
6e598bbcd8 sched: Add sandbox support for KIST
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
a06f2a0509 sched: Fallback to naive approach if no runtime KIST support
It is possible that tor was compiled with KIST support but the running kernel
has no support for it. In that case, fallback to a naive approach and flag
that we have no kernel support.

At this commit, if the kernel support is disabled, there are no ways to come
back from it other than restarting tor with a kernel that supporst KIST.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
8424c4f35b sched: Detect KIST support at compile time
Add a detection for the KIST scheduler in our build system and set
HAVE_KIST_SUPPORT if available.

Adapt the should use kist function with this new compile option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
dde358667d sched: Implement the KIST scheduler
Closes #12541

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
2034e0d1d4 sched: Groundwork before KIST implementation
- HT_FOREACH_FN defined in an additional place because nickm did that
  in an old kist prototype
- Make channel_more_to_flush mockable for future sched tests
- Add empty scheduler_{vanilla,kist}.c files and put in include.am

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
b2c56eacdd sched: Remove vanilla sched options that will be going away
- massive change to src/tgest/test_options.c since the sched options
  were added all over the place in it
- removing the sched options caused some tests to pass/fail in new ways
  so I assumed current behavior is correct and made them pass again
   - ex: "ConnLimit must be greater" lines
   - ex: "Authoritative directory servers must" line
- remove test_options_validate__scheduler in prep for new sched tests

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Nick Mathewson
e88fb4f4f8 Merge remote-tracking branch 'catalyst-oniongit/bug23532' 2017-09-15 11:17:18 -04:00
Taylor Yu
e31a7be161 Make NETINFO clock skew detection work on clients
An unnecessary routerlist check in the NETINFO clock skew detection in
channel_tls_process_netinfo_cell() was preventing clients from
reporting NETINFO clock skew to controllers.
2017-09-15 09:49:53 -05:00
Taylor Yu
37fed742d1 Refactor channeltls.c lightly
Refactor some repetitive deep indirections in several functions in
channeltls.c into local variables.
2017-09-15 09:49:53 -05:00