Commit Graph

25250 Commits

Author SHA1 Message Date
David Goulet
044bb019b6 Merge branch 'maint-0.4.1' 2019-07-25 10:27:41 -04:00
George Kadianakis
af26cd6101 Always check the retval of circpad_machine_current_state(). 2019-07-25 10:24:23 -04:00
George Kadianakis
bd1ac408d8 Remove dead code from circpad_machine_remove_token(). 2019-07-25 10:24:19 -04:00
David Goulet
cfb15d513d Merge branch 'maint-0.4.1' 2019-07-25 09:03:01 -04:00
David Goulet
2a4b156978 Merge branch 'tor-github/pr/1171' into maint-0.4.1 2019-07-25 09:02:53 -04:00
Nick Mathewson
b2a6b52825 Bump version to 0.4.1.4-rc 2019-07-25 09:00:53 -04:00
Nick Mathewson
57e87cc86c Use config_new() to construct configuration objects.
We'll need to do it this way once the objects become more complex.
2019-07-24 15:21:56 -04:00
Nick Mathewson
c32d485942 Remove src/core/ and src/feature dependencies from confparse.c
This C file will eventually belong in lib/confmgt, so it needs to
have only low-level dependencies.  Now that it no longers needs
routerset.c, we can adjust its includes accordingly.

I'm not moving the file yet, since it would make fixup commits on
earlier branches here really hard to do.
2019-07-24 15:21:56 -04:00
Nick Mathewson
a1b2817abe Sort variables in config_mgr_t.all_vars alphabetically 2019-07-24 15:21:56 -04:00
Nick Mathewson
f8b193a74a Make config_var and config_fmt const.
Now that we have a reasonable implementation for overriding the
default options for TestingTorNetwork, we don't need to modify
config_var_t structs any more.  And therefore, we can have constant
format options, like reasonable people.
2019-07-24 15:21:56 -04:00
Nick Mathewson
dde091ebc7 Add a "freeze" function for config_mgr_t objects.
It's important to make sure that we don't change a config_mgr_t
after we start using it to make objects, or we could get into
inconsistent states.  This feature is the start of a safety
mechanism to prevent this problem.
2019-07-24 15:21:56 -04:00
Nick Mathewson
f306d12b58 Refactor handling of TestingTorNetwork
Previously, when TestingTorNetwork was set, we would manually adjust
the initvalue members of a bunch of other config_var_t, and then
re-run the early parts or parsing the options.

Now we treat the initvalue fields as immutable, but instead assign
to them in options_init(), as early as possible.  Rather than
re-running the early parts of options, we just re-call the
options_init_from_string() function.

This patch de-kludges some of our code pretty handily.  I think it
could later handle authorities and fallbacks, but for now I think we
should leave those alone.
2019-07-24 15:21:56 -04:00
Nick Mathewson
7abd43ac5f Change CONFIG_CHECK() macro to not need a config_format_t
We'll want it to check all the subsidiary structures of the
options object.
2019-07-24 15:21:56 -04:00
Nick Mathewson
627ab9dba3 Fix every place in config.c that knew about option_vars_.
Iterating over this array was once a good idea, but now that we are
going to have a separate structure for each submodule's
configuration variables, we should indirect through the config_mgr_t
object.
2019-07-24 15:21:56 -04:00
Nick Mathewson
89a3051365 Lower responsibility for listing changed options into confparse.c 2019-07-24 15:21:56 -04:00
Nick Mathewson
7e91d4f572 Replace config_find_option with a variant that exposes less 2019-07-24 15:21:56 -04:00
Nick Mathewson
769fe81717 Start teaching config_mgr_t to handle sub-objects and sub-formats
The eventual design here will be that multiple config_format_t
objects get registered with a single config_mgr_t.  That
config_mgr_t manages a "top-level" object, which has a pointer to
the other objects.

I had earlier thought of a different design, where there would be no
top-level object, and config_mgr_t would deal with a container
instead.  But this would require a bunch of invasive refactoring
that I don't think we should do just yet.
2019-07-24 15:21:56 -04:00
Nick Mathewson
e8dc513bd0 Add a config_mgr_t type to wrap config_format_t
Remember that our goal in the present refactoring is to allow each
subsystem to declare its own configuration structure and
variables.  To do this, each module will get its own
config_format_t, and so we'll want a different structure that wraps
several config_format_t objects.  This is a "config_mgr_t".
2019-07-24 15:21:56 -04:00
Nick Mathewson
167d873bde Fix clang-detected errors related to log_domain_mask_t 2019-07-24 09:08:48 -04:00
George Kadianakis
2944b091fc Merge branch 'maint-0.4.1' 2019-07-24 12:32:06 +03:00
George Kadianakis
bb33a2f290 Merge branch 'tor-github/pr/1181' into maint-0.4.1 2019-07-24 12:31:56 +03:00
Nick Mathewson
ab1f82ea2a Merge branch 'ticket24963_042_02' 2019-07-23 14:03:30 -04:00
Nick Mathewson
df12ff3dea Add a test for disallowing single-hop introductions.
Code from dgoulet.
2019-07-23 12:42:33 -04:00
Nick Mathewson
f14ce4bce6 Allow NULL circ->p_chan in circuit_is_suitable_for_introduce1()
This shouldn't be possible while Tor is running, but the tests can
hit this code.  Rather than force the tests to add a dummy channel
object, let's just tolerate their incompletely built circuits.
2019-07-23 12:36:40 -04:00
Nick Mathewson
ab1f39322c Merge remote-tracking branch 'tor-github/pr/1185' 2019-07-23 12:32:14 -04:00
Nick Mathewson
f6db290e5a Merge remote-tracking branch 'tor-github/pr/1186' 2019-07-23 12:30:19 -04:00
David Goulet
ef2dd1ba96 Merge branch 'tor-github/pr/1116' 2019-07-23 09:46:29 -04:00
David Goulet
2fce1274de Merge branch 'tor-github/pr/1153' 2019-07-23 09:43:36 -04:00
pulls
c2f6064325 Improve circpad documentation.
Patch by Tobias Pulls.
2019-07-23 12:44:43 +03:00
George Kadianakis
5aa526c2d8 circpad: some more logging changes.
- Add an info log when receiving a STOP command.
- Keep warning if we receive padding from a wrong hop.
2019-07-23 12:22:26 +03:00
Mike Perry
a3089662c0 More LOG_PROTOCOL_WARN.
Make origin-side messages about padding negotiation failure into
LOG_PROTOCOL_WARN.

I'm not sure I like this either.. But the negotiation refusal case might
happen naturally due to consensus drift, and is functionally no different than
a corrupted cell.
2019-07-23 12:22:25 +03:00
Mike Perry
86f298441b Make some warns into protocol warns
I'm not sure I agree with this option.
2019-07-23 12:22:24 +03:00
Mike Perry
065f25c2ce Bug 30649: Check that machine is absent before warn 2019-07-23 12:22:15 +03:00
pulls
fd1f285189 transition when we send our first padding packet, not on received 2019-07-23 11:52:25 +03:00
pulls
5f95b37f6c remove specified target_hopnum from relay-side machines (only for origin-side machines) 2019-07-23 11:52:25 +03:00
Neel Chauhan
232aa8570d Space out first connection_edge_process_relay_cell() line in circuit_receive_relay_cell() 2019-07-19 20:50:25 -04:00
Nick Mathewson
5fb070a14d Extract the log_domain_t type to a lower-level header
This way, both err and log may depend on it.
2019-07-19 10:17:22 -04:00
Nick Mathewson
f682de609b Adjust tor_log.rs for 64-bit log domains. 2019-07-19 10:07:32 -04:00
Nick Mathewson
a9379d6750 Set 'routerlist' global to NULL before freeing it.
There is other code that uses this value, and some of it is
apparently reachable from inside router_dir_info_changed(), which
routerlist_free() apparently calls.  (ouch!)  This is a minimal fix
to try to resolve the issue without causing other problems.

Fixes bug 31003. I'm calling this a bugfix on 0.1.2.2-alpha, where
the call to router_dir_info_changed() was added to routerlist_free().
2019-07-19 09:49:52 -04:00
Tobias Stoeckmann
17458a87d7 Prevent UB on signed overflow.
Overflowing a signed integer in C is an undefined behaviour.
It is possible to trigger this undefined behaviour in tor_asprintf on
Windows or systems lacking vasprintf.

On these systems, eiter _vscprintf or vsnprintf is called to retrieve
the required amount of bytes to hold the string. These functions can
return INT_MAX. The easiest way to recreate this is the use of a
specially crafted configuration file, e.g. containing the line:

FirewallPorts AAAAA<in total 2147483610 As>

This line triggers the needed tor_asprintf call which eventually
leads to an INT_MAX return value from _vscprintf or vsnprintf.

The needed byte for \0 is added to the result, triggering the
overflow and therefore the undefined behaviour.

Casting the value to size_t before addition fixes the behaviour.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-07-19 09:21:32 -04:00
Tobias Stoeckmann
0d4a689d3a Prevent UB on signed overflow.
Overflowing a signed integer in C is an undefined behaviour.
It is possible to trigger this undefined behaviour in tor_asprintf on
Windows or systems lacking vasprintf.

On these systems, eiter _vscprintf or vsnprintf is called to retrieve
the required amount of bytes to hold the string. These functions can
return INT_MAX. The easiest way to recreate this is the use of a
specially crafted configuration file, e.g. containing the line:

FirewallPorts AAAAA<in total 2147483610 As>

This line triggers the needed tor_asprintf call which eventually
leads to an INT_MAX return value from _vscprintf or vsnprintf.

The needed byte for \0 is added to the result, triggering the
overflow and therefore the undefined behaviour.

Casting the value to size_t before addition fixes the behaviour.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-07-19 09:17:25 -04:00
rl1987
ffce19a9ec Make tor-print-ed-signing-cert output RFC1123 and unix timestamps as well 2019-07-10 11:36:26 +03:00
Nick Mathewson
2e55fa9587 Adjust log callback type to use log_domain_mask_t 2019-07-08 14:11:02 -04:00
Nick Mathewson
4512578e49 Add a compile-time assertion to prevent a recurrence of 31080. 2019-07-08 13:41:35 -04:00
Nick Mathewson
09c692e72b Use a 64-bit mask for log domains, and fix a conflict
When we added LD_MESG, we created a conflict with the LD_NO_MOCK
flag.  We now need 64 bits for log domains in order to fix this
issue.

Fixes bug 31080; bugfix on 0.4.1.1-alpha.
2019-07-08 13:32:45 -04:00
Nick Mathewson
d972f29d8d Move declaration of LD_NO_MESG to make conflict more apparent. 2019-07-08 13:00:31 -04:00
pulls
c2521873a6 fix for circpad_add_matching_machines to be able to negotiate one machine per index, not only one machine in total 2019-07-08 16:15:41 +02:00
George Kadianakis
5303dbe624 Merge branch 'tor-github/pr/1152' 2019-07-04 17:14:06 +03:00
Nick Mathewson
3e34840a77 Make config_lines_eq() take const arguments. 2019-07-03 10:27:38 -04:00
Nick Mathewson
daed2e39ad Revert "Add a function to append an existing line to a config line list."
This reverts commit 5a2ab886ba.
2019-07-03 10:21:49 -04:00
Nick Mathewson
e3ccf37e25 Fix @file directive in var_type_def_st.h 2019-07-03 10:19:57 -04:00
David Goulet
ef2123c7c7 hs-v3: Disallow single hop client to post/get a descriptor
Closes #24964

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-07-03 08:21:16 -04:00
Nick Mathewson
fdbd139495 Merge remote-tracking branch 'tor-github/pr/1136' 2019-07-02 13:33:50 -04:00
Nick Mathewson
cf92c096ad Merge remote-tracking branch 'tor-github/pr/1120' 2019-07-02 13:33:37 -04:00
Nick Mathewson
c0ea6f9c64 Merge branch 'maint-0.4.1' 2019-07-01 14:25:13 -04:00
Nick Mathewson
1dd9527897 Merge branch 'maint-0.2.9' into maint-0.3.5 2019-07-01 14:25:12 -04:00
Nick Mathewson
2a42d6be27 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-07-01 14:25:12 -04:00
Nick Mathewson
5e16601000 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-07-01 14:25:12 -04:00
Roger Dingledine
a5911c4551 get rid of accidental second space 2019-06-29 22:26:00 -04:00
Nick Mathewson
ea154a6108 Coverity: fix memory leak on error in test function.
The function make_intro_from_plaintext() in test_introduce.c would
leak memory if we ever hit a failure from our underlying crypto
functions.  This kind of failure should be impossible, but it's best
to be safe here.

Bugfix on 0.2.4.1-alpha.
2019-06-28 12:36:53 -04:00
Nick Mathewson
5fa2b32200 Coverity: fix test issues with always-present 'service' var.
Coverity is worried that we check "service" at the end of these test
functions, since it doesn't see any way to reach the cleanup code
without having first dereferenced the variable.

Removing the check would be unwise in this case: instead we add a
tt_assert check before using "service" so that coverity thinks that
the check is doing something useful.

Bugfix on 0.3.2.1-alpha.
2019-06-28 12:36:44 -04:00
Nick Mathewson
68792f77e5 Fix a few coverity unitinitialzed-value warnings in the unit tests.
Coverity can't see that it is not in fact going to read
uninitialized memory here, so we initialize these values
unconditionally.

Bugfix on 0.4.0.1-alpha.
2019-06-28 12:33:27 -04:00
Nick Mathewson
f55598f870 Coverity: different implementation for csiphash
Coverity has had trouble figuring out our csiphash implementation,
and has given spurious warnings about its behavior.

This patch changes the csiphash implementation when coverity is in
use, so that coverity can figure out that we are not about to read
beyond the provided input.

Closes ticket 31025.
2019-06-28 12:07:38 -04:00
Nick Mathewson
0fa3dc3228 begin_cell_parse(): Add an assertion to please coverity.
Coverity doesn't understand that if begin_cell_parse() returns 0 and
sets is_begindir to 0, its address field will always be set.

Fixes bug 30126; bugfix on 0.2.4.7-alpha; Fixes CID 1447296.
2019-06-28 11:29:51 -04:00
teor
f3b2a81ce7
fallback: apply the second fallback list from 2019
Update the fallback directory mirrors by merging the current list with:
fallback_dirs_2019-06-28-08-58-39_AU_f0437a39ddbc8459.inc

Part of 28795, see that ticket for logs.
2019-06-28 21:16:50 +10:00
teor
37c2808ab0
fallback: apply the first fallback list from 2019
Update the fallback directory mirrors by replacing the old list with:
fallback_dirs_2019-06-25-11-49-10_AU_a37adb956fbb5cd2.inc

Part of 28795, see that ticket for logs.
2019-06-28 21:05:00 +10:00
Nick Mathewson
da11304136 Merge branch 'maint-0.4.1' 2019-06-26 10:06:02 -04:00
Nick Mathewson
3ccf91027b Merge remote-tracking branch 'tor-github/pr/1101' into maint-0.4.1 2019-06-26 10:05:51 -04:00
Nick Mathewson
089ef46063 Merge branch 'bug30721_squashed' 2019-06-26 09:57:20 -04:00
teor
6ef555bda0 test/addr: test that tor_addr_port_lookup() handles IP addresses and ports
And that it does something sensible with host and host:port.

Also reorder the tests into valid, invalid, and ambiguous.
And add some missing cases.

Note: tor_addr_port_lookup() handles ip, ip:port, host, and host:port.

Tests for 30721.
2019-06-26 09:55:37 -04:00
teor
6079dfd103 test/addr: test that tor_addr_lookup() handles IP addresses
And that it fails on IP:port and host:port, and does something sensible with
host.

Tests for 30721.
2019-06-26 09:55:37 -04:00
teor
1c92d7f388 test/addr: test that tor_lookup_hostname() handles IPv4 addresses
And that it fails on IPv6 and host:port, and does something sensible with
host.

Tests for 30721.
2019-06-26 09:55:37 -04:00
teor
60ce431c54 test/addr: Add some ambiguous IPv6 cases to test_addr_parse()
Test some strings which could be parsed as IPv6 addresses,
or as IPv6:port strings.

Additional tests for 30721.
2019-06-26 09:55:37 -04:00
teor
2dbde3617f test/addr: Increase coverage in test_addr_parse()
Do as many tests as possible for each input string.
Then remove some redundant test cases.

Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
5a3770dc6c test/addr: Stop repeating so much code in test_addr_parse()
Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
1d3d6bf6b1 test/addr: Add unit tests for the fixes in 30721 2019-06-26 09:55:37 -04:00
teor
adb8538e7b address/resolve: Require square brackets on IPv6 address:ports
When parsing addreses via Tor's internal address:port parsing and
DNS lookup APIs, require IPv6 addresses with ports to have square
brackets.

But allow IPv6 addresses without ports, whether or not they have
square brackets.

Fixes bug 30721; bugfix on 0.2.1.5-alpha.
2019-06-26 09:55:37 -04:00
teor
308d300213 address/resolve: try harder to avoid returning uninitialised data
Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
fb93646c1c resolve: split sub-functions out of tor_addr_lookup()
And remove the practracker exception for tor_addr_lookup().

Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
29cf64c838 resolve: refactor address family logic in tor_addr_lookup()
Cleanup after 30721.
2019-06-26 09:55:37 -04:00
teor
cd1de99468 resolve: consistently parse IP addresses in square brackets
When parsing addreses via Tor's internal DNS lookup API:
* reject IPv4 addresses in square brackets (with or without a port),
* accept IPv6 addresses in square brackets (with or without a port), and
* accept IPv6 addresses without square brackets, as long as they have no port.

This change completes the work started in 23082, making address parsing
consistent between tor's internal DNS lookup and address parsing APIs.

Fixes bug 30721; bugfix on 0.2.1.5-alpha.
2019-06-26 09:55:36 -04:00
Nick Mathewson
0fe9657c8c Merge remote-tracking branch 'tor-github/pr/1119' 2019-06-26 09:50:00 -04:00
Nick Mathewson
648d5df628 Merge remote-tracking branch 'tor-github/pr/1118' into maint-0.4.1 2019-06-26 09:49:40 -04:00
George Kadianakis
72ef4f43d5 Merge branch 'tor-github/pr/1142' 2019-06-26 10:57:24 +03:00
George Kadianakis
fede64822d Merge branch 'tor-github/pr/1128' 2019-06-26 10:53:34 +03:00
George Kadianakis
00acccac64 Merge branch 'tor-github/pr/1114' into maint-0.4.1 2019-06-26 10:51:12 +03:00
Nick Mathewson
f3330d2be3 Make "invisibility" and "undumpability" properties of variables.
Previously, these were magical things that we detected by checking
whether a variable's name was prefixed with two or three underscores.
2019-06-25 12:51:25 -04:00
Nick Mathewson
c390efe84f A few more test cases and unreachable lines 2019-06-25 12:51:25 -04:00
Nick Mathewson
a7835202cf Turn several properties of types or variables into flags.
"unsettable" is a property of types.  LINELIST_V and OBSOLETE are
unsettable, meaning that they cannot be set by name.

"contained" is a property of types.  I'm hoping to find a better
name here.  LINELIST_S is "contained" because it always appears
within a LINELIST_V, and as such doesn't need to be dumped ore
copied independently.

"cumulative" is a property of types. Cumulative types can appear
more than once in a torrc without causing a warning, because they
add to each other rather than replacing each other.

"obsolete" is a property of variables.

"marking fragile" is now a command that struct members can accept.

With these changes, confparse and config no longer ever need to
mention CONFIG_TYPE_XYZ values by name.
2019-06-25 12:51:25 -04:00
Nick Mathewson
a114df9a04 Add a function to make sure all values in a config object are ok 2019-06-25 12:51:25 -04:00
Nick Mathewson
b6457d4c08 Extend macros to allow flag arguments. 2019-06-25 12:51:25 -04:00
Nick Mathewson
a91ed23403 Use structvar to find the types for config vars. 2019-06-25 12:51:25 -04:00
Nick Mathewson
5b252d31ed Add a "flags" member to config_var_t
Additionally, adjust the macros so that we can add new members like
this more easily.
2019-06-25 12:51:25 -04:00
Nick Mathewson
53e969c137 Use struct_var_{copy,eq} in confparse.c. 2019-06-25 12:51:25 -04:00
Nick Mathewson
c553750e32 Move responsibility for config var macros
The testing-only parts now live in a conftesting.h; the shared parts
of the macros live in confmacros.h
2019-06-25 12:51:25 -04:00
Nick Mathewson
59317c8a23 Use struct_magic_decl to verify magic numbers in config objects 2019-06-25 12:51:25 -04:00
Nick Mathewson
4d101b39d7 Move config_var_t info conftypes.h 2019-06-25 12:51:25 -04:00
Nick Mathewson
3a4d67cf45 Port confparse to use struct_var in place of typed_var.
This requires changes to config_var_t, causing corresponding changes
throughout its users.
2019-06-25 12:51:25 -04:00
Nick Mathewson
2da188667d Add new "struct_var_" functions to manipulate struct fields.
These functions exist one level higher than typed_var_t.  They
describe a type, a name, and an offset within a structure.
2019-06-25 12:51:25 -04:00
Taylor Yu
5faf54970d Fix some onion helpers
Fix add_onion_helper_clientauth() and add_onion_helper_keyarg() to
explicitly call the appropriate control reply abstractions instead of
allocating a string to pass to their callers.

Part of ticket 30889.
2019-06-25 11:42:34 -05:00
Taylor Yu
e5e6953be7 Make control_write_reply() mockable
Part of ticket 30889.
2019-06-25 11:40:44 -05:00
Taylor Yu
0dd59fdb56 Clean up some uses of low-level control replies
Part of ticket 30889.
2019-06-25 11:39:59 -05:00
Nick Mathewson
e4f66bf7ff bump to 0.4.1.3-alpha-dev 2019-06-25 11:55:53 -04:00
teor
c131b0763e
stats: add comments about the required chunk structure in extra info files
These comments should prevent future instances of 30958.

And allow a larger file in practracker.

Follow up after 30958.
2019-06-25 12:30:59 +10:00
teor
2663bca392
Merge branch 'bug30958_041' into bug30958_master 2019-06-25 12:29:28 +10:00
Nick Mathewson
e16b90b88a Partially port routerset to being a full-fledged config type again. 2019-06-24 17:52:00 -04:00
Nick Mathewson
705bda859e Add unit tests for the unitparse.c module. 2019-06-24 17:50:43 -04:00
Nick Mathewson
f007437292 Further clarify our clarification about the type of POSINT 2019-06-24 17:50:43 -04:00
Nick Mathewson
c60a85d22a Add a "typed_var" abstraction to implement lvalue access in C.
Right now, this has been done at a high level by confparse.c, but it
makes more sense to lower it.

This API is radically un-typesafe as it stands; we'll be wrapping it
in a safer API as we do #30914 and lower the struct manipulation
code as well.

Closes ticket 30864.
2019-06-24 17:50:43 -04:00
Nick Mathewson
5a2ab886ba Add a function to append an existing line to a config line list.
We had an existing function to do this, but it took a pair of
strings rather than a line.
2019-06-24 15:11:57 -04:00
Nick Mathewson
458da8a80d Move unit-parsing code to src/lib/confmgt
lib/confmgt is at a higher level than lib/conf, since it needs to
call down to logging and similar modules.
2019-06-24 15:11:57 -04:00
Nick Mathewson
246599abb4 Start moving types that will be used for config vars to lib/conf
This will be a lower-level module than anything that actually
sets or handles configuration variables.

Part of 30864.
2019-06-24 15:11:57 -04:00
Nick Mathewson
8803930de8 Merge remote-tracking branch 'tor-github/pr/1130' into maint-0.4.1 2019-06-24 13:36:10 -04:00
Nick Mathewson
aab5f42ae0 bump to 0.4.1.3-alpha 2019-06-24 09:32:46 -04:00
teor
d9f49e9bc1
Merge branch 'bug30958_040' into bug30958_041 2019-06-24 21:31:27 +10:00
teor
e350dfc085
Merge branch 'bug30958_035' into bug30958_040 2019-06-24 21:31:10 +10:00
teor
b7dda83cfa
Merge branch 'bug30958_029' into bug30958_035 2019-06-24 21:30:47 +10:00
teor
5beb32d3d9
stats: Stop removing the ed25519 signature if the extra info file is too big
If the signature data was removed, but the keyword was kept, this could
result in an unparseable extra info file.

Fixes bug 30958; bugfix on 0.2.7.2-alpha.
2019-06-24 21:30:03 +10:00
teor
45be44ed9c stats: Split extrainfo_dump_to_string() into smaller functions.
Closes ticket 30956.
2019-06-24 20:47:44 +10:00
teor
872b85e689
Merge branch 'bug30956_041' into bug30956_master 2019-06-24 19:47:34 +10:00
teor
8356cc5b51 stats: Always publish pluggable transports in extra info documents
Always publish bridge pluggable transport information in the extra info
descriptor, even if ExtraInfoStatistics is 0. This information is
needed by BridgeDB.

Fixes bug 30956; bugfix on 0.4.1.1-alpha.
2019-06-24 19:44:24 +10:00
rl1987
a52e00b5b3 Fix shellcheck warning SC2034 in test_rebind.sh.
Bugfix on be0a4be276 (not in any Tor release).
2019-06-23 14:00:43 +03:00
David Goulet
f2b1eb1f05 hs: Disallow single hop client circuit when introducing
This will effectively also deny any bridge to be used as a single hop to the
introduction point since bridge do not authenticate like clients.

Fixes #24963

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 11:17:58 -04:00
David Goulet
8751176687 hs-v3: Close intro circuits when cleaning client cache
Fixes #30921

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 09:22:07 -04:00
David Goulet
e6579d801f Merge branch 'tor-github/pr/1113' 2019-06-19 07:47:03 -04:00
David Goulet
16a0b7ed67 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:42:30 -04:00
David Goulet
6a0763cd66 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:41:45 -04:00
David Goulet
e3f3478032 guard: Ignore marked for close circuit when changing state to open
When we consider all circuits in "waiting for guard" state to be promoted to
an "open" state, we were considering all circuits, even the one marked for
close.

This ultiamtely triggers a "circuit_has_opened()" called on the circuit that
is marked for close which then leads to possible undesirable behaviors within
a subsystem.

For instance, the HS subsystem would be unable to find the authentication key
of the introduction point circuit leading to a BUG() warning and a duplicate
mark for close on the circuit.

This commit also adds a unit test to make sure we never select marked for
close circuits when upgrading its guard state from waiting for guard to open.

Fixes #30871

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19 07:40:05 -04:00
Nick Mathewson
52d386c9b0 Merge remote-tracking branch 'tor-github/pr/1100' 2019-06-17 08:54:12 -04:00
Nick Mathewson
7c6cc470f1 Merge branch 'bug30894_035' into ticket30893 2019-06-15 16:50:02 -04:00
Nick Mathewson
26436fb1b6 Add more unit tests for confparse.c, so we can refactor.
This set of tests gets the line coverage to 100%.
2019-06-15 16:49:18 -04:00
Nick Mathewson
4ab1d1c0c4 Fix memleak when failing to parse a CSV_INTERVAL.
Fixes bug 30894; bugfix on 0.3.4.1-alpha
2019-06-15 16:47:16 -04:00
Nick Mathewson
fe9d15cf4b Remove the PORT configuration type: nothing uses it.
All of our port configurations now use an extended format.
2019-06-15 11:30:24 -04:00
Nick Mathewson
ac5e44d9ce Renaming: CONFIG_TYPE_UINT -> CONFIG_TYPE_POSINT
This name has been a historical source of confusion, since "uint"
usually suggests "unsigned int" to people, when the real type is
"nonnegative int".
2019-06-15 11:28:19 -04:00
George Kadianakis
319ce22581 Merge branch 'bug30806' 2019-06-14 13:28:32 +03:00
Nick Mathewson
990b434c4f Make evloop into a subsystem.
Note that the event base object is _not_ created from the initialize
function, since it is configuration-dependent.  This will wait until
configuration is integrated into subsystems.

Closes ticket 30806.
2019-06-14 13:28:10 +03:00
George Kadianakis
96fade0a7d Merge branch 'tor-github/pr/1088' 2019-06-12 13:01:53 +03:00
David Goulet
f7e8b3b68c Merge branch 'tor-github/pr/1040' 2019-06-11 11:59:39 -04:00
Taylor Yu
0bce0c339d Rework origin circuit tracking to use pubsub
Part of ticket 29976.
2019-06-11 11:59:30 -04:00
Taylor Yu
a8c0f4ddfe Rework orconn tracking to use pubsub
Part of ticket 29976.
2019-06-11 11:59:30 -04:00
David Goulet
8e112cecd8 Merge branch 'tor-github/pr/1031' 2019-06-11 11:46:38 -04:00
David Goulet
e9d99d2e15 Merge branch 'tor-github/pr/1083' 2019-06-11 11:43:15 -04:00
David Goulet
35dd2d733b Merge branch 'maint-0.4.1' 2019-06-11 11:30:05 -04:00
David Goulet
ea14fb136c Merge branch 'tor-github/pr/1050' into maint-0.4.1 2019-06-11 11:29:46 -04:00
Nick Mathewson
cad0de35bd Give a compile warning when we don't have any flags for minherit().
Part of ticket 30686.
2019-06-11 11:29:23 -04:00
Nick Mathewson
93ddc51cbd Give a more useful failure messgae when we fail to minherit().
Part of ticket 30686.
2019-06-11 11:29:23 -04:00
Nick Mathewson
afa2c39baa Merge branch 'maint-0.3.5' into maint-0.4.0 2019-06-11 10:17:18 -04:00
Nick Mathewson
3405a311da Merge branch 'maint-0.4.1' 2019-06-11 10:17:18 -04:00
Nick Mathewson
ce89fe36c8 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-06-11 10:17:18 -04:00
Nick Mathewson
b0fa1f4fb0 Merge branch 'maint-0.2.9' into maint-0.3.5 2019-06-11 10:17:17 -04:00
Karsten Loesing
0ec4ebd00d Update geoip and geoip6 to the June 10 2019 database. 2019-06-11 16:12:50 +02:00
Nick Mathewson
eb02c323eb Merge branch 'maint-0.4.1' 2019-06-11 08:41:55 -04:00
Nick Mathewson
29842f68e7 Merge remote-tracking branch 'tor-github/pr/1082' into maint-0.4.1 2019-06-11 08:41:48 -04:00
George Kadianakis
a15ec8bf84 circpad: some more logging changes.
- Add an info log when receiving a STOP command.
- Keep warning if we receive padding from a wrong hop.
2019-06-11 14:28:38 +03:00
George Kadianakis
e5ad6fb092 Merge branch 'ticket30769_041_01' 2019-06-11 14:11:24 +03:00
David Goulet
c1359b32a4 trunnel: Rename sendme.trunnel to sendme_cell.trunnel
This is to avoid having two sendme.{c|h} in the repository since the subsystem
is implemented in src/core/or/sendme.{c|h}.

Fixes #30769

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-11 14:11:10 +03:00
George Kadianakis
646f7a9a94 Merge branch 'ticket30687_042_01' 2019-06-11 14:02:33 +03:00
David Goulet
7cf9d54e6d token-bucket: Implement a single counter object
Closes #30687.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-11 14:02:22 +03:00
George Kadianakis
b83dba7cb0 Merge branch 'maint-0.4.1' 2019-06-11 13:48:16 +03:00
George Kadianakis
eab9dc06af Merge branch 'tor-github/pr/1065' into maint-0.4.1 2019-06-11 13:48:10 +03:00
Xiaoyin Liu
024d65e14e
Free a string buffer in nt_service_install()
The string buffer "command" is not freed if the specified account
name doesn't exist. This patch fixes this bug.
2019-06-11 15:12:20 +10:00
teor
a742a80eea
Merge remote-tracking branch 'tor-github/pr/1091' into maint-0.3.5 2019-06-11 14:51:37 +10:00
teor
cb20054ccd
Merge remote-tracking branch 'tor-github/pr/924' into maint-0.3.5 2019-06-11 14:46:24 +10:00
Nick Mathewson
d6b411a351 Merge branch 'maint-0.4.1' 2019-06-10 18:33:26 -04:00
Nick Mathewson
6a72cc2598 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-06-10 18:33:26 -04:00
Nick Mathewson
c8e09dd0d2 Merge branch 'maint-0.4.1' 2019-06-10 18:31:36 -04:00
Nick Mathewson
adc7b50eae Bump master to 0.4.2.0-alpha-dev 2019-06-10 08:47:33 -04:00
teor
b9041e8a63
test: fix a typo in test_rebind.sh
Closes 30821.
2019-06-10 20:56:40 +10:00
teor
430dd2da6e
Merge branch 'bug30713_035' into bug30713_040 2019-06-10 20:50:53 +10:00
teor
be0a4be276
Travis: Skip test_rebind on macOS builds
Skip test_rebind when the TOR_SKIP_TEST_REBIND environmental variable
is set.

Skip test_rebind on macOS in Travis builds, because it is unreliable
on macOS on Travis.

Fixes bug 30713; bugfix on 0.3.5.1-alpha.
2019-06-10 20:49:59 +10:00
Nick Mathewson
c46e99c43c Tolerate net-unreachable failures in util/socketpair_ersatz
This can happen when we have no network stack configured. Fixes bug
30804; bugfix on 0.2.5.1-alpha.
2019-06-07 13:52:03 -04:00
Nick Mathewson
ecc5feff38 bump to 0.4.1.2-alpha-dev 2019-06-06 08:28:34 -04:00
teor
19bf5806ad dirauth: Return a distinct status when formatting annotations fails
Adds ROUTER_AUTHDIR_BUG_ANNOTATIONS to was_router_added_t.

The out-of-order numbering is deliberate: it will be fixed by later commits
for 16564.

Fixes bug 30780; bugfix on 0.2.0.8-alpha.
2019-06-06 17:26:23 +10:00
teor
a4ea335a69 dirauth: Fix some comments in the router status processing code.
Fixes comments in dirserv_router_get_status() and was_router_added_t.

Preparation for 30780 and 16564.
2019-06-06 17:26:23 +10:00
teor
c7fc53c2e7
Merge branch 'bug30781_040' into bug30781_master 2019-06-06 09:57:31 +10:00
teor
fb3f461406
Merge branch 'bug30781_035' into bug30781_040 2019-06-06 09:56:50 +10:00
teor
c8c2e2b8fc
Merge branch 'bug30781_034' into bug30781_035
Moved fix from src/or/routerparse.c to src/feature/dirparse/routerparse.c.
2019-06-06 09:55:44 +10:00
teor
dc8e3cd5ce
Merge branch 'bug30781_029' into bug30781_034 2019-06-06 09:53:02 +10:00
teor
ba83c1e5cf
dirparse: Stop crashing when parsing unknown descriptor purpose annotations
We think this bug can only be triggered by modifying a local file.

Fixes bug 30781; bugfix on 0.2.0.8-alpha.
2019-06-06 09:51:24 +10:00
Nick Mathewson
6a6f7eb671 Merge remote-tracking branch 'tor-github/pr/988' into maint-0.4.0 2019-06-05 16:22:52 -04:00
Nick Mathewson
e51b57ee04 Merge remote-tracking branch 'tor-github/pr/952' into maint-0.4.0 2019-06-05 16:16:34 -04:00
Nick Mathewson
04cb2d4010 Merge remote-tracking branch 'tor-github/pr/741' into maint-0.4.0 2019-06-05 16:14:51 -04:00
Nick Mathewson
2300a619a5 Merge remote-tracking branch 'tor-github/pr/1039' into maint-0.4.0 2019-06-05 16:13:53 -04:00
Nick Mathewson
a56d7e37aa Merge remote-tracking branch 'tor-github/pr/1020' into maint-0.4.0 2019-06-05 16:10:51 -04:00
Mike Perry
a6399da598 Bug 29034: Cleanup hs circuitmap when purpose changes.
Leave the other rend and hs_ident data around until circuit free, since code
may still try to inspect it after marking the circuit for close. The
circuitmap is the important thing to clean up, since repurposed
intropoints must be removed from this map to ensure validity.
2019-06-05 12:56:49 -07:00
Nick Mathewson
54eb3c043c Merge remote-tracking branch 'tor-github/pr/1076' 2019-06-05 15:35:43 -04:00
Mike Perry
e54ce03b4f More LOG_PROTOCOL_WARN.
Make origin-side messages about padding negotiation failure into
LOG_PROTOCOL_WARN.

I'm not sure I like this either.. But the negotiation refusal case might
happen naturally due to consensus drift, and is functionally no different than
a corrupted cell.
2019-06-05 12:33:39 -07:00
Mike Perry
c525135dac Bug 29034: Cleanup hs circuitmap when purpose changes.
Leave the other rend and hs_ident data around until circuit free, since code
may still try to inspect it after marking the circuit for close. The
circuitmap is the important thing to clean up, since repurposed
intropoints must be removed from this map to ensure validity.
2019-06-05 11:50:44 -07:00
Mike Perry
31c34f6524 Revert "hs: Implement a helper to repurpose a circuit"
This reverts commit 3789f22bcb.
2019-06-05 11:38:01 -07:00
Mike Perry
a42131bf48 Revert "test: Add test_hs_circ.c for HS circuit testing"
This reverts commit 41b94722e5.
2019-06-05 11:37:32 -07:00
Neel Chauhan
27e067df4f Add missing newline after decode_intro_points() closing bracket 2019-06-05 12:50:01 -04:00
George Kadianakis
917e4e9eae Don't access rend data after a circuit has been marked for close.
This can cause issues if the circuit was repurposed into a padding circuit
instead of closing, since in that case we will wipe off the rend_data.
2019-06-05 18:19:44 +03:00
Nick Mathewson
892a313b6a Replace a missing end-of-comment string
This happened when I went to fix long lines after running "make
autostyle".
2019-06-05 09:35:45 -04:00
Nick Mathewson
60213a3621 Run "make autostyle." 2019-06-05 09:33:35 -04:00
Nick Mathewson
d1b02456c1 Bump to 0.4.1.2-alpha 2019-06-05 09:25:21 -04:00
Nick Mathewson
b39a8d315d Merge remote-tracking branch 'tor-github/pr/1053' 2019-06-05 09:04:09 -04:00
George Kadianakis
99bf3d8e14 Merge branch 'tor-github/pr/1072' 2019-06-05 14:40:38 +03:00
David Goulet
a63c5f844b Merge branch 'tor-github/pr/1067' 2019-06-04 09:57:03 -04:00
Nick Mathewson
4022b6d6b7 Merge branch 'bug29670_035' into bug29670_041 2019-06-04 08:29:05 -04:00
David Goulet
33382184b6 sendme: Do not decrement window in a log_debug()
If "Log debug ..." is not set, the decrement never happens. This lead to the
package/deliver window to be out of sync at the stream level and thus breaking
the connection after 50+ cells.

Fixes #30628

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-03 14:31:51 -04:00
Nick Mathewson
fd8beab4dd Merge branch 'bug29875_035' into bug29875_master 2019-05-31 12:40:43 -04:00
Nick Mathewson
8015979eeb num_bridges_usable(): only count configured bridges.
When this function was implemented, it counted all the entry guards
in the bridge set.  But this included previously configured bridges,
as well as currently configured ones!  Instead, only count the
_filtered_ bridges (ones that are configured and possibly reachable)
as maybe usable.

Fixes bug 29875; bugfix on 0.3.0.1-alpha.
2019-05-31 12:28:42 -04:00
Nick Mathewson
5b3c886584 Consider dir info to have changed when the bridges change
Otherwise, we won't realize that we haven't got enough bridge
information to build circuits.  Part of a fix for ticket 29875.
2019-05-31 12:27:42 -04:00
David Goulet
41b94722e5 test: Add test_hs_circ.c for HS circuit testing
For now, only tests HS circuit repurpose function.

Part of #29034

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-31 10:43:01 -04:00
Nick Mathewson
3c3158f182 Fix some tests for CL_PORT_NO_STREAM_OPTIONS
The comment in the tests was correct: this option _was_ inverted wrt
SessionGroup=.
2019-05-31 09:03:20 -04:00
Nick Mathewson
70b85358af Fix a logic error in deciding whether to accept SessionGroup=
Fixes bug 22619; bugfix on 0.2.7.2-alpha
2019-05-31 08:26:10 -04:00
Mike Perry
6263755728 Make some warns into protocol warns
I'm not sure I agree with this option.
2019-05-30 16:25:29 -07:00
Mike Perry
de3eb8c5e4 Bug 30649: Check that machine is absent before warn 2019-05-30 15:28:17 -07:00
George Kadianakis
dd62cb788e Merge branch 'tor-github/pr/1059' 2019-05-30 21:01:59 +03:00
David Goulet
8dfc8d7063 Merge branch 'tor-github/pr/1057' 2019-05-30 12:58:35 -04:00
David Goulet
a462ca7cce Merge branch 'tor-github/pr/1055' 2019-05-30 12:53:52 -04:00
David Goulet
ef9170db4c Merge branch 'tor-github/pr/1054' 2019-05-30 09:59:21 -04:00
David Goulet
61bd8f428b Merge branch 'tor-github/pr/1049' 2019-05-30 09:56:18 -04:00
George Kadianakis
d8bd98b2fd Merge branch 'tor-github/pr/1032' 2019-05-29 21:28:04 +03:00
George Kadianakis
650bdca97f Merge branch 'maint-0.4.0' 2019-05-29 21:20:02 +03:00
George Kadianakis
00108b75d4 Merge branch 'tor-github/pr/924' into maint-0.4.0 2019-05-29 21:19:56 +03:00
Nick Mathewson
ba9b0319b0 Shutdown libevent _after_ the subsystems.
This is necessary since shutting down libevent frees some pointer
that the subsystems want to free themselves. A longer term solution
will be to turn the evloop module into a subsystem itself, but for
now it is best to do the minimal fix.

Fixes bug 30629; bugfix on 0.4.1.1-alpha.
2019-05-29 11:25:47 -04:00
Nick Mathewson
5cbd71b977 Make get_proxy_type() connection-specific
Previously, we were looking at our global settings to see what kind
of proxy we had.  But doing this would sometimes give us the wrong
results when we had ClientTransportPlugin configured but we weren't
using it for a particular connection.  In several places in the
code, we had added checks to see if we were _really_ using a PT or
whether we were using a socks proxy, but we had forgotten to do so
in at least once case.  Instead, since every time we call this
function we are asking about a single connection, it is probably
best just to make this function connection-specific.

Fixes bug 29670; bugfix on 0.2.6.2-alpha.
2019-05-29 11:00:09 -04:00
Nick Mathewson
2d66250d8a Remove want_cmddata from HSFETCH, which does not in fact want data
This looks a copy-and-paste error to me.  Fixes bug 30646; bugfix on
0.4.1.1-alpha.
2019-05-29 10:10:57 -04:00
Nick Mathewson
8f0b29961e Merge branch 'ticket30561_029' into ticket30561_035 2019-05-29 09:43:20 -04:00
David Goulet
3789f22bcb hs: Implement a helper to repurpose a circuit
When we repurpose a hidden service circuit, we need to clean up from the HS
circuit map and any HS related data structured contained in the circuit.

This commit adds an helper function that does it when repurposing a hidden
service circuit.

Fixes #29034

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-29 09:40:13 -04:00
Nick Mathewson
0e0cf4abd8 Tweak comments in tor_vasprintf(), and add a changes file for 30651 2019-05-29 09:38:57 -04:00
Tobias Stoeckmann
0d5a0b4f0c Fixed tor_vasprintf on systems without vasprintf.
If tor is compiled on a system with neither vasprintf nor _vscprintf,
the fallback implementation exposes a logic flaw which prevents
proper usage of strings longer than 127 characters:

* tor_vsnprintf returns -1 if supplied buffer is not large enough,
  but tor_vasprintf uses this function to retrieve required length
* the result of tor_vsnprintf is not properly checked for negative
  return values

Both aspects together could in theory lead to exposure of uninitialized
stack memory in the resulting string. This requires an invalid format
string or data that exceeds integer limitations.

Fortunately tor is not even able to run with this implementation because
it runs into asserts early on during startup. Also the unit tests fail
during a "make check" run.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

  [backported to 0.2.9 by nickm]
2019-05-29 09:33:24 -04:00
Taylor R Campbell
7971b3a5a6 Use MAP_INHERIT_ZERO or MAP_INHERIT_NONE if available.
Fixes assertion failure in tests on NetBSD:

slow/prob_distr/stochastic_log_logistic: [forking] May 25 03:56:58.091 [err] tor_assertion_failed_(): Bug: src/lib/crypt_ops/crypto_rand_fast.c:184: crypto_fast_rng_new_from_seed: Assertion inherit != INHERIT_RES_KEEP failed; aborting. (on Tor 0.4.1.1-alpha-dev 29955f13e5)
May 25 03:56:58.091 [err] Bug: Assertion inherit != INHERIT_RES_KEEP failed in crypto_fast_rng_new_from_seed at src/lib/crypt_ops/crypto_rand_fast.c:184: . (Stack trace not available) (on Tor 0.4.1.1-alpha-dev 29955f13e5)
[Lost connection!]
2019-05-29 08:56:01 -04:00
Nick Mathewson
24a2352d56 Trivial fix for a trivial warning with gcc 9.1.1
Fix on 4e3d144fb0940d8ee5a89427d471ea3656e8e122; bug not in any
released Tor.
2019-05-28 19:45:50 -04:00
David Goulet
ff9aa32143 Merge branch 'tor-github/pr/1047' 2019-05-28 14:59:07 -04:00
George Kadianakis
0a86f14add Merge branch 'tor-github/pr/1042' 2019-05-27 14:22:01 +03:00
George Kadianakis
130eb227ac Merge branch 'tor-github/pr/1043' 2019-05-27 14:20:51 +03:00
Nick Mathewson
fcd51fd49f Tests for deciding how full our relay cells should be 2019-05-27 14:20:36 +03:00
Nick Mathewson
0bc1241494 Make sure that we send at least some random data in RELAY_DATA cells
Proposal 289 prevents SENDME-flooding by requiring the other side to
authenticate the data it has received.  But this data won't actually
be random if they are downloading a known resource.  "No problem",
we said, "let's fell the empty parts of our cells with some
randomness!" and we did that in #26871.

Unfortunately, if the relay data payloads are all completely full,
there won't be any empty parts for us to randomize.

Therefore, we now pick random "randomness windows" between
CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have
sent a cell containing at least 16 bytes of randomness in that window.  If we
haven't, then when the window is exhausted, we send one.  (This window approach
is designed to lower the number of rng checks we have to do.  The number 16 is
pulled out of a hat to change the attacker's guessing difficulty to
"impossible".)

Implements 28646.
2019-05-27 14:20:07 +03:00
Roger Dingledine
94914e2a4d trivial whitespace fixes 2019-05-26 17:32:42 -04:00
Nick Mathewson
07ccffa989 Coverage: do not include test-rebind in coverage builds.
Because it invokes the Tor mainloop, it does unpredictable things to
test coverage of a lot of code that it doesn't actually test at
all.  (It is more an integration test than anything else.)
2019-05-23 12:48:51 -04:00
Nick Mathewson
b882810245 In coverage builds, use branch-free timeradd() and timersub()
The ordinary definitions of timeradd() and timersub() contain a
branch. However, in coverage builds, this means that we get spurious
complaints about partially covered basic blocks, in a way that makes
our coverage determinism harder to check.
2019-05-23 12:48:51 -04:00
Nick Mathewson
2bb5d8148b In coverage builds, avoid basic-block complexity in log_debug
Ordinarily we skip calling log_fn(LOG_DEBUG,...) if debug logging is
completely disabled.  However, in coverage builds, this means that
we get spurious complaints about partially covered basic blocks, in
a way that makes our coverage determinism harder to check.
2019-05-23 12:48:51 -04:00
David Goulet
29955f13e5 Merge branch 'tor-github/pr/1022' 2019-05-23 09:50:28 -04:00
David Goulet
e13e2012b9 Merge branch 'tor-github/pr/1034' 2019-05-23 09:40:07 -04:00
David Goulet
327bb0e2ca Merge branch 'tor-github/pr/988' 2019-05-23 09:30:36 -04:00
Nick Mathewson
530d1179ff Extract length-deciding function from package_raw_inbuf. 2019-05-23 08:28:46 -04:00
Roger Dingledine
e4d1187584 refactor logic to decide how much to package from inbuf
no actual changes in behavior
2019-05-23 08:28:46 -04:00
Nick Mathewson
57ee0e3af9 Only reject POSTDESCRIPTOR purpose= when the purpose is unrecognized
Fixes bug 30580; bugfix on 0.4.1.1-alpha.
2019-05-23 08:24:29 -04:00
Nick Mathewson
ebe39dcb92 Now this repository is full of 0.4.1.1-alpha-dev 2019-05-22 18:07:29 -04:00
Taylor Yu
a8a0144d11 Multiple subscribers or publishers per subsystem
Allow a subsystem to register to publish or subscribe a given message
from multiple places.

Part of ticket 29976.
2019-05-22 16:33:19 -05:00
Nick Mathewson
fa410162a3 circuitpadding tests: Use tt_i64_op() to compare int64_t values
Bug not in any released Tor.
2019-05-22 15:19:24 -04:00
Nick Mathewson
3a7ed8bc5f Bump to 0.4.1.1-alpha 2019-05-22 11:56:02 -04:00
Nick Mathewson
24c2502070 Merge remote-tracking branch 'dgoulet/ticket30454_035_01' 2019-05-22 11:50:46 -04:00
Nick Mathewson
e6b862e6a8 Merge branch 'ticket30428_041_02_squashed' 2019-05-22 11:48:43 -04:00
David Goulet
0cad83bea4 sendme: Add non fatal asserts for extra safety
Two non fatal asserts are added in this commit. First one is to see if the
SENDME digest list kept on the circuit for validation ever grows bigger than
the maximum number of expected SENDME on a circuit (currently 10).

The second one is to know if we ever send more than one SENDME at a time on a
circuit. In theory, we shouldn't but if we ever do, the v1 implementation
wouldn't work because we only keep one single cell digest (the previous cell
to the SENDME) on the circuit/cpath. Thus, sending two SENDME consecutively
will lead to a mismatch on the other side because the same cell digest would
be use and thus the circuit would collapse.

Finally, add an extra debug log in case we emit a v0 which also includes the
consensus emit version in that case.

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
5479ffabf8 sendme: Always pop last SENDME digest from circuit
We must not accumulate digests on the circuit if the other end point is using
another SENDME version that is not using those digests like v0.

This commit makes it that we always pop the digest regardless of the version.

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
482c4972b9 sendme: Clarify how sendme_circuit_cell_is_next() works
Commit 4ef8470fa5480d3b was actually reverted before because in the end we
needed to do this minus 1 check on the window.

This commit clarifies that in the code, takes the useful comment changes from
4ef8470fa5480d3b and makes sendme_circuit_cell_is_next() private since it
behaves in a very specific way that one external caller might expect.

Part of #30428.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
3835a3acf5 sendme: Properly record SENDMEs on both edges
Turns out that we were only recording the "b_digest" but to have
bidirectionnal authenticated SENDMEs, we need to use the "f_digest" in the
forward cell situation.

Because of the cpath refactoring, this commit plays with the crypt_path_ and
relay_crypto_t API a little bit in order to respect the abstractions.

Previously, we would record the cell digest as the SENDME digest in the
decrypt cell function but to avoid code duplication (both directions needs to
record), we now do that right after iff the cell is recognized (at the edge).
It is now done in circuit_receive_relay_cell() instead.

We now also record the cell digest as the SENDME digest in both relay cell
encryption functions since they are split depending on the direction.
relay_encrypt_cell_outbound() and relay_encrypt_cell_inbound() need to
consider recording the cell digest depending on their direction (f vs b
digest).

Fixes #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
44265dd671 sendme: Never fallback to v0 if unknown version
There was a missing cell version check against our max supported version. In
other words, we do not fallback to v0 anymore in case we do know the SENDME
version.

We can either handle it or not, never fallback to the unauthenticated version
in order to avoid gaming the authenticated logic.

Add a unit tests making sure we properly test that and also test that we can
always handle the default emit and accepted versions.

Fixes #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
69e0d5bfc7 sendme: Validate v1 SENDMEs on both client and exit side
The validation of the SENDME cell is now done as the very first thing when
receiving it for both client and exit. On failure to validate, the circuit is
closed as detailed in the specification.

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
59b9eecc19 sendme: Record cell digest on both client and exit
It turns out that only the exit side is validating the authenticated SENDME v1
logic and never the client side. Which means that if a client ever uploaded
data towards an exit, the authenticated SENDME logic wouldn't apply.

For this to work, we have to record the cell digest client side as well which
introduced a new function that supports both type of edges.

This also removes a test that is not valid anymore which was that we didn't
allow cell recording on an origin circuit (client).

Part of #30428

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-22 11:47:20 -04:00
David Goulet
245dccb77d Merge remote-tracking branch 'nickm/ticket30454_034_01_squashed' into ticket30454_035_01 2019-05-22 11:43:55 -04:00
rl1987
2845607f97 In microdesc_cache_reload(), set journal length to length of string we read
Hopefully this will fix CID 1444769.
2019-05-20 09:08:10 -04:00
David Goulet
56908c6f1c hs: Remove hs_cell_onion_key_type_t enum
Unify this with the trunnel ABI so we don't duplicate.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
7d3e904a27 trunnel: Remove INTRODUCE1 status code IN statement
We want to support parsing a cell with unknown status code so we are forward
compatible.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
79cfe2ddd7 hs: Remove hs_intro_auth_key_type_t enum
Like the previous commit about the INTRODUCE_ACK status code, change all auth
key type to use the one defined in the trunnel file.

Standardize the use of these auth type to a common ABI.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
dcc1d8d15b hs: Get rid of duplicate hs_cell_introd_ack_status_t
This enum was the exact same as hs_intro_ack_status_t that was removed at the
previous commit. It was used client side when parsing the INTRODUCE_ACK cell.

Now, the entire code dealing with the INTRODUCE_ACK cell (both sending and
receiving) have been modified to all use the same ABI defined in the trunnel
introduce1 file.

Finally, the client will default to the normal behavior when receiving an
unknown NACK status code which is to note down that we've failed and re-extend
to the next intro point. This way, unknown status code won't trigger a
different behavior client side.

Part of #30454.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
David Goulet
590d97bc10 hs: Define INTRODUCE_ACK status code in trunnel
Remove the hs_intro_ack_status_t enum and move the value into trunnel. Only
use these values from now on in the intro point code.

Interestingly enough, the client side also re-define these values in hs_cell.h
with the hs_cell_introd_ack_status_t enum. Next commit will fix that and force
to use the trunnel ABI.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-20 08:56:34 -04:00
rl1987
49acbfad23 Don't forget to use the mutex in testing_enable_prefilled_rng() 2019-05-17 19:30:09 +03:00
Nick Mathewson
37aae23945 OOM-purge the DNS cache one part at a time
Previously we purged it in 1-hour increments -- but one-hour is the
maximum TTL for the cache!  Now we do it in 25%-TTL increments.

Fixes bug 29617; bugfix on 0.3.5.1-alpha.
2019-05-17 10:03:41 -04:00
Nick Mathewson
b2b779228d Merge remote-tracking branch 'tor-github/pr/1033' 2019-05-17 08:18:20 -04:00
Nick Mathewson
9cec7a7b5c Merge branch 'maint-0.4.0' 2019-05-17 08:10:17 -04:00
Nick Mathewson
e5deb2bbc7 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-05-17 08:10:16 -04:00
Nick Mathewson
c7f9f7e542 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-05-17 08:10:16 -04:00
Nick Mathewson
a521c42788 Merge branch 'maint-0.2.9' into maint-0.3.4 2019-05-17 08:10:15 -04:00
Karsten Loesing
4e262196a8 Update geoip and geoip6 to the May 13 2019 database. 2019-05-17 08:52:13 +02:00
Mike Perry
857c54ca03 Refactor rend machines, stage 2/2: Move histogram code.
Comment clarifications now that the code is seperated. It's the same code, but
its doing this for different reasons on each side.
2019-05-16 20:17:14 +00:00
Mike Perry
0cba53c6ed Refactor rend machines, stage 1/2: Move state transition code. 2019-05-16 20:17:11 +00:00
Nick Mathewson
d5db40a014 test_channel_listener: free 'chan' explicitly
This should fix CID 1437442, where coverity can't tell that
channel_free_all() frees the fake channel we allocated.
2019-05-16 15:35:21 -04:00
Mike Perry
bbb974234c Refactor intro machines, stage 2/2: Move histogram code.
The client side had garbage histograms and deadcode here, too. That code has
been removed.

The tests have also been updated to properly test the intro circ by sending
padding from the relay side to the client, and verifying that both shut down
when padding was up. (The tests previously erroneously tested only the client
side of intro circs, which actually were supposed to be doing nothing).
2019-05-16 19:21:19 +00:00
Nick Mathewson
0a9685b3a7 hs tests: explicitly free 'service' variable.
This should fix about 15 CID issues, where coverity can't tell that
hs_free_all() frees the service we allocated.
2019-05-16 15:21:18 -04:00
Mike Perry
f237fed746 Refactor intro machines, stage 1/2: Move state transition code.
This just moves the state transition directives into the proper client/relay
side functions. It also allows us to remove some dead-code from the client
side (since the client doesn't send padding).
2019-05-16 19:21:14 +00:00
Nick Mathewson
1bf451cffb rng_test_helpers: add a needless lock/unlock pair to please coverity
Fix for CID 1444908
2019-05-16 15:04:40 -04:00
Iain R. Learmonth
58cb98af32 Prop 301: No longer vote on RecommendedPackages
This is the first half of implementing proposal 301. The
RecommendedPackages torrc option is marked as obsolete and
the test cases for the option removed. Additionally, the code relating
to generating and formatting package lines in votes is removed.

These lines may still appear in votes from other directory authorities
running earlier versions of the code and so consensuses may still
contain package lines. A new consensus method will be needed to stop
including package lines in consensuses.

Fixes: #28465
2019-05-16 13:31:54 +01:00
George Kadianakis
42ea3a416e Improve logging around the circpad module..
- Add some more useful logs for future debugging.

- Stop usage of circpad_state_to_string(). It's innacurate.

- Reduce severity and fix up log domain of some logging messages.
2019-05-16 14:23:32 +03:00
George Kadianakis
953dc601d9 Add unittests for the new machines. 2019-05-16 14:23:22 +03:00
George Kadianakis
ac895fa405 Add client-side onion service circuit hiding machines. 2019-05-16 14:23:17 +03:00
George Kadianakis
9b582edddb Correctly handle machines out of tokens that have not closed yet.
Perhaps the machine on the other side is still not done.
2019-05-16 14:07:32 +03:00
George Kadianakis
69a277f635 Introduce circpad free_all() function. 2019-05-16 14:07:25 +03:00
George Kadianakis
5791bc9d76 Generate non-padding circpad events for PADDING_NEGOTIATE(D).
As part of our machines, we need to know when a PADDING_NEGOATIATE(D) cell gets
sent out, so we add an event for this.
2019-05-16 14:06:27 +03:00
George Kadianakis
39c52d14a6 Make register_padding_machine part of the public API.
We are gonna use this function to register our new machine.
2019-05-16 14:05:58 +03:00
George Kadianakis
a014e01b68 Behave correctly when state->max_length is zero. 2019-05-16 14:05:27 +03:00
Roger Dingledine
d86896b29c fix typos, whitespace, comments 2019-05-15 23:20:03 -04:00
George Kadianakis
338cfb3179 Merge branch 'tor-github/pr/1002' 2019-05-15 23:23:18 +03:00
David Goulet
39a14421b1 Merge branch 'tor-github/pr/1021'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-15 15:35:22 -04:00
George Kadianakis
d71fa707dd Merge branch 'bug28780-squashed3-rebased' into bug28780_rebase 2019-05-15 16:46:51 +03:00
Mike Perry
56738ff8c6 Add control port circuit ID to all pathbias bug messages.
To ease debugging of miscount issues, attach vanguards with --loglevel DEBUG
and obtain control port logs (or use any other control port CIRC and
CIRC_MINOR event logging mechanism).
2019-05-15 16:44:59 +03:00
Mike Perry
b98bcd789e Pathbias should continue to ignore previously ignored circs.
If circuit padding wants to keep a circuit open and pathbias used to ignore
it, pathbias should continue to ignore it.

This may catch other purpose-change related miscounts (such as timeout
measurement, cannibalization, onion service circuit transitions, and
vanguards).
2019-05-15 16:44:59 +03:00
Mike Perry
e253a117c0 Bug 28780: Add tests
Also test circpad expiry safeguard.
2019-05-15 16:44:59 +03:00
Mike Perry
662825474c Bug 28780: Make use of purpose to keep padding circuits open.
When a circuit is marked for close, check to see if any of our padding
machines want to take ownership of it and continue padding until the machine
hits the END state.

For safety, we also ensure that machines that do not terminate are still
closed as follows: Because padding machine timers are UINT32_MAX in size, if
some sort of network event doesn't happen on a padding-only circuit within
that time, we can conclude it is deadlocked and allow
circuit_expire_old_circuits_clientside() to close it.

If too much network activity happens, then per-machine padding limits can be
used to cease padding, which will cause network cell events to cease, on the
circuit, which will cause circpad to abandon the circuit as per the above time
limit.
2019-05-15 16:44:59 +03:00
Mike Perry
d44e3e57b0 Bug 28780: Add purpose for keeping padding circuits open 2019-05-15 16:44:59 +03:00
George Kadianakis
a7779df84c Merge branch 'bug29085_rebase' 2019-05-15 15:13:08 +03:00
Mike Perry
5638d65f79 Check the token supply when we received a padding event, too.
We need to check here because otherwise we can try to schedule padding with no
tokens left upon the receipt of a padding event when our bins just became
empty.
2019-05-15 15:10:48 +03:00
Mike Perry
148c2d5bab Fix two typo bugs found by new state length test. 2019-05-15 15:10:48 +03:00
Mike Perry
e8a1f24178 Add test to explicitly check state lengths and token counts.
Our other tests tested state lengths against padding packets, and token counts
against non-padding packets. This test checks state lengths against
non-padding packets (and also padding packets too), and checks token counts
against padding packets (and also non-padding packets too).

The next three commits are needed to make this test pass (it found 3 bugs).
Yay?
2019-05-15 15:10:48 +03:00
Mike Perry
aef9be6ace Eliminate unneeded casts to circuit_t in circpad tests. 2019-05-15 15:10:48 +03:00
Mike Perry
14ec8b89f8 Bug 29085: Avoid monotime usage for rtt estimates if it is not in use. 2019-05-15 15:10:31 +03:00
Mike Perry
5c2d2b5d11 Make the relationship between mutable histograms and token removal explicit. 2019-05-15 15:09:49 +03:00
Nick Mathewson
536ba09ad1 Use reproducible RNG logic in circuitpadding tests. 2019-05-15 07:50:56 -04:00
Nick Mathewson
72e9c427b8 Testing: allow the user to pass a seed in for reproducible-RNG tests
The environment variable TOR_TEST_RNG_SEED, if provided, is a hex
value for the RNG seed.
2019-05-15 07:50:56 -04:00
Nick Mathewson
2d467544fe Use new RNG and tinytest code to simplify prob_distr tests
Since the reproducible RNG dumps its own seed, we don't need to do
it for it. Since tinytest can tell us if the test failed, we don't
need our own test_failed booleans.
2019-05-15 07:50:56 -04:00
Nick Mathewson
261d43cdd5 Make testing_disable_reproducible_rng() log seed on test failure
This should let us simplify test_prob_distr.c and other stuff in the
future.
2019-05-15 07:50:56 -04:00
Nick Mathewson
e4feb4ad01 Give tinytest a function to say whether the current test has failed 2019-05-15 07:50:56 -04:00
George Kadianakis
1de11dc47a Merge branch 'maint-0.4.0' 2019-05-15 13:46:20 +03:00
George Kadianakis
cd264e145b Merge branch 'tor-github/pr/1013' into maint-0.4.0 2019-05-15 13:45:39 +03:00
Mike Perry
57e5e940d3 Bug 29085: Minor unit test updates for refactoring.
Deliver nonpadding events instead of calling token removal functions.
2019-05-15 04:57:11 +00:00
Mike Perry
1c46790e0d Bug 29085: Refactor padding sent accounting out of callback.
This commit moves code that updates the state length and padding limit counts
out from the callback to its own function, for clarity.

It does not change functionality.
2019-05-15 04:57:11 +00:00
Mike Perry
010779176b Bug 29085: Refactor non-padding accounting out of token removal.
This commit moves the padding state limit checks and the padding rate limit
checks out of the token removal codepath, and causes all three functions to
get called from a single circpad_machine_count_nonpadding_sent() function.

It does not change functionality.
2019-05-15 04:57:11 +00:00
Nick Mathewson
370ea8d23b Merge branch 'ticket30452_035_v3' into ticket30452_041_v3 2019-05-14 19:55:51 -04:00
Nick Mathewson
0c451b31d2 Make --list-modules imply --hush 2019-05-14 19:55:35 -04:00
Nick Mathewson
1c95bdb83b Merge branch 'ticket30452_035_v3' into ticket30452_041_v3 2019-05-14 19:20:53 -04:00
Nick Mathewson
1b16fcb70c Add a --list-modules command
Closes ticket 30452.
2019-05-14 19:19:53 -04:00
Nick Mathewson
43d4119454 Merge remote-tracking branch 'tor-github/pr/1004' 2019-05-14 11:43:10 -04:00
George Kadianakis
0f4f4fdcf5 Merge branch 'tor-github/pr/1006' 2019-05-14 15:15:09 +03:00
Nick Mathewson
5d950f3edd Fix a compilation warning: function does not have to be STATIC. 2019-05-13 14:34:16 -04:00
Nick Mathewson
9ad2eb8f73 Merge branch 'bug28683_30173_29203_squashed' 2019-05-13 14:33:31 -04:00
Mike Perry
42eb02a327 Tests for bugs 28683, 30173, and 29203. 2019-05-13 14:30:35 -04:00
Mike Perry
621ea2315b Bug 29203: Provide ReducedCircuitPadding torrc and consensus params 2019-05-13 14:30:35 -04:00
Mike Perry
f4064d6ce2 Bug 28693: Provide Torrc option to disable circuit padding. 2019-05-13 14:30:35 -04:00
Nick Mathewson
c6523a6398 Merge remote-tracking branch 'tor-github/pr/998' 2019-05-13 14:25:54 -04:00
David Goulet
def96ce838 sendme: Fix coverity CID 1444999
The code flow in theory can end up with a layer_hint to be NULL but in
practice it should never happen because with an origin circuit, we must have
the layer_hint.

Just in case, BUG() on it if we ever end up in this situation and recover by
closing the circuit.

Fixes #30467.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-13 10:00:39 -04:00
David Goulet
2f44786e30 Merge branch 'tor-github/pr/976' 2019-05-13 07:34:00 -04:00
Nick Mathewson
ff55840343 Don't pass a NULL into a %s when logging client auth file load failure
Fortunately, in 0.3.5.1-alpha we improved logging for various
failure cases involved with onion service client auth.

Unfortunately, for this one, we freed the file right before logging
its name.

Fortunately, tor_free() sets its pointer to NULL, so we didn't have
a use-after-free bug.

Unfortunately, passing NULL to %s is not defined.

Fortunately, GCC 9.1.1 caught the issue!

Unfortunately, nobody has actually tried building Tor with GCC 9.1.1
before. Or if they had, they didn't report the warning.

Fixes bug 30475; bugfix on 0.3.5.1-alpha.
2019-05-10 17:47:43 -04:00
George Kadianakis
501d1ae0bd Merge branch 'tor-github/pr/973' 2019-05-10 12:49:01 +03:00
David Goulet
cbcc570ff4 hs: Remove usage of HS_INTRO_ACK_STATUS_CANT_RELAY
The INTRODUCE1 trunnel definition file doesn't support that value so it can
not be used else it leads to an assert on the intro point side if ever tried.

Fortunately, it was impossible to reach that code path.

Part of #30454

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-09 13:28:37 -04:00
David Goulet
3885e7b44b Merge branch 'tor-github/pr/1000'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-08 08:02:28 -04:00
Neel Chauhan
3cafdeb8c0 Only call tor_addr_parse() in circuit_is_acceptable() when needed 2019-05-07 11:52:56 -04:00
David Goulet
b72f5da03d Merge branch 'tor-github/pr/994'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-07 08:02:39 -04:00
Nick Mathewson
3c2648bbda Move "relay" and "router" periodic callbacks out of mainloop.c
(Some of these callbacks are specific to the OR module, so now it's
time to have an or_sys and or_periodic.)
2019-05-06 16:35:39 -04:00
Nick Mathewson
b394b5b2af Create a relay subsystem and move the shutdown functions there 2019-05-06 16:25:09 -04:00
David Goulet
07e4b09b5f sendme: Add FlowCtrl protover value
See proposal 289 section 4.3 for more details.

It describes the flow control protocol at the circuit and stream level. If
there is no FlowCtrl protocol version, tor supports the unauthenticated flow
control features from its supported Relay protocols.

At this commit, relay will start advertising FlowCtrl=1 meaning they support
authenticated SENDMEs v1.

Closes #30363

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-03 13:56:36 -04:00
David Goulet
2aa441b88e Merge branch 'tor-github/pr/954' 2019-05-03 13:11:03 -04:00
George Kadianakis
7f2cd6545c Hiding crypt_path_t: Hide 'crypto' usage in sendme.c 2019-05-03 18:29:51 +03:00
George Kadianakis
ea5f355fc9 Hiding crypt_path_t: Change code to use the privatization macro. 2019-05-03 18:15:26 +03:00
George Kadianakis
55d35c0caa Hiding crypt_path_t: Hiding 'crypto' using a macro. 2019-05-03 18:15:26 +03:00
George Kadianakis
2ef0324639 Revert "Hiding crypt_path_t: Ensure that ->private is initialized."
This reverts commit 7497c9193a0f2c891a0802bf5fbe73cf7ec1ca99.
2019-05-03 18:15:26 +03:00
George Kadianakis
4060b7623d Revert "Hiding crypt_path_t: Create a constructor for crypt_path_t."
This reverts commit ab8b80944967ee5a6a0c45dbf61839cf257bfe44.
2019-05-03 18:15:26 +03:00
George Kadianakis
2e9e3e7d41 Hiding crypt_path_t: Some TODO notes for future directions. 2019-05-03 18:15:26 +03:00
George Kadianakis
0ed5c6edf9 Hiding crypt_path_t: Move some more crypt_path-specific functions.
- Move test-only cpath_get_n_hops() to crypt_path.c.
- Move onion_next_hop_in_cpath() and rename to cpath_get_next_non_open_hop().

The latter function was directly accessing cpath->state, and it's a first step
at hiding ->state.
2019-05-03 18:15:26 +03:00
George Kadianakis
58fbbc1409 Hiding crypt_path_t: Rename some functions to fit the crypt_path API.
Some of these functions are now public and cpath-specific so their name should
signify the fact they are part of the cpath module:

assert_cpath_layer_ok -> cpath_assert_layer_ok
assert_cpath_ok -> cpath_assert_ok
onion_append_hop -> cpath_append_hop
circuit_init_cpath_crypto -> cpath_init_circuit_crypto
circuit_free_cpath_node -> cpath_free
onion_append_to_cpath -> cpath_extend_linked_list
2019-05-03 18:15:26 +03:00
George Kadianakis
593b7726e9 Hiding crypt_path_t: Trivial changes to satisfy check-local. 2019-05-03 18:15:26 +03:00
George Kadianakis
cd38e41620 Hiding crypt_path_t: Ensure that ->private is initialized.
Now that we are using a constructor we should be more careful that we are
always using the constructor to initialize crypt_path_t, so make sure that
->private is initialized.
2019-05-03 18:15:11 +03:00
George Kadianakis
f5635989b0 Hiding crypt_path_t: Create a constructor for crypt_path_t.
We are using an opaque pointer so the structure needs to be allocated on the
heap. This means we now need a constructor for crypt_path_t.

Also modify all places initializing a crypt_path_t to use the constructor.
2019-05-03 18:15:11 +03:00
George Kadianakis
18d61c0e6e Hiding crypt_path_t: Fixup broken unittests. 2019-05-03 18:15:11 +03:00
George Kadianakis
4bd0c4852a Hiding crypt_path_t: Move the free func in crypt_path.c.
Again everything is moved, apart from a free line using ->private.
2019-05-03 18:15:11 +03:00
George Kadianakis
5f96b7abcc Hiding crypt_path_t: Move some more init funcs in crypt_path.c.
Everything is moved, but the argument of the function is edited to access
->private->crypto.
2019-05-03 18:15:11 +03:00
George Kadianakis
0c5176d00c Hiding crypt_path_t: Start with crypt_path.crypto .
Create some functions to eventually be able to hide crypt_path_t.crypto.
2019-05-03 18:15:11 +03:00
George Kadianakis
f74a80dc3b Hiding crypt_path_t: Move init functions to crypt_path.c.
This commit only moves code.
2019-05-03 18:15:00 +03:00
George Kadianakis
9584798e57 Hiding crypt_path_t: Move assert functions in crypt_path.c.
This commit only moves code, and makes one function public.
2019-05-03 18:15:00 +03:00
George Kadianakis
c3a5e6b436 Hiding crypt_path_t: Introduce opaque crypt_path_private_t .
This will be our base for incrementally hiding crypt_path_t.
2019-05-03 18:15:00 +03:00
David Goulet
b3492d53c3 Merge branch 'tor-github/pr/984'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-03 10:56:12 -04:00
Nick Mathewson
2b54733dc0 Bump to 0.4.0.5-dev 2019-05-02 14:32:55 -04:00
George Kadianakis
b2c2cb9287 Merge branch 'tor-github/pr/986' 2019-05-02 18:12:52 +03:00
George Kadianakis
4d461e20f7 Merge branch 'tor-github/pr/999' 2019-05-02 17:48:09 +03:00
Nick Mathewson
721e65a1d5 Add comments to include.am files to note where new sources go
This mechanism isn't perfect, and sometimes it will guess wrong,
but it will help our automation.
2019-05-02 09:37:18 -04:00
Nick Mathewson
9c3aa22740 Remove some now-needless dirauth includes 2019-05-02 09:22:13 -04:00
Nick Mathewson
a45413e7d5 Make keypin.c dirauth-only 2019-05-02 09:22:13 -04:00
Nick Mathewson
31fb4a7845 Make the bwauth.c module dirauth-only. 2019-05-02 09:22:13 -04:00
Nick Mathewson
6f42efaa59 Move voteflags.[ch] to become dirauth only.
For various reasons, this was a nontrivial movement.  There are
several places in the code where we do something like "update the
flags on this routerstatus or node if we're an authority", and at
least one where we pretended to be an authority when we weren't.
2019-05-02 09:22:13 -04:00
David Goulet
77bd219808 sendme: Improve logging messages
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-02 08:58:58 -04:00
Mike Perry
d0fb74c902 Bug 29231: Report correct padding write totals and enabled totals. 2019-05-01 21:00:26 +00:00
Nick Mathewson
4973ceb46b Merge remote-tracking branch 'tor-github/pr/950' 2019-05-01 09:11:20 -04:00
Nick Mathewson
cafb999810 bump to 0.4.0.5 2019-04-30 15:53:53 -04:00
Nick Mathewson
996f7c75ba Make the reachability.c module dirauth-only. 2019-04-30 15:00:08 -04:00
Nick Mathewson
339ac4dc67 Make the guardfraction.c module dirauth-only. 2019-04-30 15:00:08 -04:00
Nick Mathewson
857bfc7033 Make the process_descs.c module dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
aab0245924 Make the dsigs_parse.c module dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
853942b71e Make the recommend_pkg file dirauth-only. 2019-04-30 15:00:07 -04:00
Nick Mathewson
295feeb093 Replace all remaining tor_mem_is_zero() with fast_mem_is_zero() 2019-04-30 14:49:05 -04:00
Nick Mathewson
0034f10956 Use safe_mem_is_zero in a few more places.
I don't believe any of these represent a real timing vulnerability
(remote timing against memcmp() on a modern CPU is not easy), but
these are the ones where I believe we should be more careful.
2019-04-30 14:45:58 -04:00
Nick Mathewson
309467c64e Rename tor_mem_is_zero to fast_mem_is_zero()
For memeq and friends, "tor_" indicates constant-time and "fast_"
indicates optimized.  I'm fine with leaving the constant-time
"safe_mem_is_zero" with its current name, but the "tor_" prefix on
the current optimized version is misleading.

Also, make the tor_digest*_is_zero() uniformly constant-time, and
add a fast_digest*_is_zero() version to use as needed.

A later commit in this branch will fix all the users of
tor_mem_is_zero().

Closes ticket 30309.
2019-04-30 14:45:51 -04:00
Taylor Yu
68caca58a8 Clean up formatting after Coccinelle
Clean up some minor formatting quirks after the Coccinelle run.
2019-04-30 13:18:46 -05:00
Taylor Yu
983452e221 Run Coccinelle for control.c refactor 2019-04-30 13:18:46 -05:00
Taylor Yu
769eb07a7a Manually fix some control replies
Manually fix up some reply-generating code that the Coccinelle scripts
won't match.  Some more complicated ones remain -- these are mostly
ones that accumulate data to send, and then call connection_buf_add()
or connection_write_str_to_buf() directly.
2019-04-30 13:18:46 -05:00
Taylor Yu
61976a4b1c Factor out control reply output
Create a set of abstractions for controller commands and events to
output replies to the control channel.  The control protocol has a
relatively consistent SMTP-like structure, so it's helpful when code
that implements control commands and events doesn't explicitly format
everything on its own.
2019-04-30 13:18:46 -05:00
Taylor Yu
482437754a Add clarifying comments to control_proto.c
Refer to control-spec.txt grammar productions in comments in
control_proto.c for clarity.
2019-04-30 13:18:46 -05:00
Taylor Yu
8e7316bae4 Split reply formatting out of control_fmt.c
Split the core reply formatting code out of control_fmt.c into
control_proto.c.  The remaining code in control_format.c deals with
specific subsystems and will eventually move to join those subsystems.
2019-04-30 13:18:46 -05:00
Taylor Yu
965c2064da Correct file name in doxygen comment 2019-04-30 13:18:46 -05:00
George Kadianakis
847fc3280d Merge branch 'maint-0.4.0' 2019-04-30 19:26:30 +03:00
George Kadianakis
e1d4e2badb Merge branch 'tor-github/pr/978' into maint-0.4.0 2019-04-30 19:26:14 +03:00
George Kadianakis
d885ed867f Merge branch 'tor-github/pr/937' 2019-04-30 19:21:46 +03:00
George Kadianakis
9084a90b00 Merge branch 'tor-github/pr/936' 2019-04-30 19:21:15 +03:00
George Kadianakis
a44aca5453 Merge branch 'tor-github/pr/993' 2019-04-30 19:13:57 +03:00
George Kadianakis
86f8dfe419 Merge branch 'tor-github/pr/983' 2019-04-30 19:13:30 +03:00
David Goulet
43c119fedb Merge branch 'tor-github/pr/980'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-30 11:50:36 -04:00
David Goulet
e543c4e20c Merge branch 'tor-github/pr/909'
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-30 11:17:45 -04:00
Nick Mathewson
b7cc631d23 Rename and clarify some functions for periodic events
When we tell the periodic event manager about an event, we are
"registering" that event.  The event sits around without being
usable, however, until we "connect" the event to libevent.  In the
end, we "disconnect" the event and remove its libevent parts.

Previously, we called these operations "add", "setup", and
"destroy", which led to confusion.
2019-04-30 11:14:59 -04:00
Nick Mathewson
9a62a820fb Remove now-extraneous calls to initialize_periodic_events().
This is now the responsibility of the mainloop's subsystem initializer.
2019-04-30 11:14:59 -04:00
Nick Mathewson
b5a62b1ef5 Move dirauth periodic events into dirauth module.
Closes ticket 30294.
2019-04-30 11:14:59 -04:00
Nick Mathewson
6eb1b8da0a Turn 'mainloop' into a subsystem.
We need a little refactoring for this to work, since the
initialization code for the periodic events assumes that libevent is
already initialized, which it can't be until it's configured.

This change, combined with the previous ones, lets other subsystems
declare their own periodic events, without mainloop.c having to know
about them.  Implements ticket 30293.
2019-04-30 11:14:59 -04:00
Nick Mathewson
730dddc380 Make sure that the rng is not replaced if it is already replaced. 2019-04-30 11:11:39 -04:00
Nick Mathewson
604e849d36 Make the deterministic and reproducible rng test code handle fast_rng 2019-04-30 11:11:39 -04:00
Nick Mathewson
587a525cc5 Add improved debugging support to crypto_rand_fast code. 2019-04-30 11:11:39 -04:00
Nick Mathewson
e66b5153bd Extract add-entropy code from crypto_fast_rng to a new function 2019-04-30 11:11:39 -04:00
Nick Mathewson
c6a93beed8 Use preloaded-rng code in test_hs_descriptor.c 2019-04-30 11:11:39 -04:00
Nick Mathewson
7086a9f90e Make rng mock code also cover strongest_rand. 2019-04-30 11:11:39 -04:00
Nick Mathewson
0a9fb6938d Use prefilled PRNG replacement in test_extorport
This is the last remaining place where our tests had mocked
crypto_rand.
2019-04-30 11:11:39 -04:00
Nick Mathewson
7bd34698af Use prefilled_rng in test_addr.c in place of existing code. 2019-04-30 11:11:39 -04:00
Nick Mathewson
fe173ce0bc Add a testing PRNG replacement that returns canned data. 2019-04-30 11:11:39 -04:00
Nick Mathewson
64d5ed0415 Update circuit_timeout test to use deterministic prng 2019-04-30 11:11:39 -04:00
Nick Mathewson
d3526d3f2c Update test_prob_distr to use new reproducible RNG override code 2019-04-30 11:11:39 -04:00
Nick Mathewson
11eaed66bb Add support for deterministic override of crypto_rand() in tests
We had this previously, but we did it differently in different
places. This implementation is pulled from test_prob_distr.c
2019-04-30 11:11:39 -04:00
Nick Mathewson
821dd54586 Merge branch 'bug30316_035' into bug30316_040
Fixes conflicts and also moves bandwidth-file-digest.
2019-04-29 14:34:03 -04:00
Nick Mathewson
0ab4dc7ef7 Move bandwidth-file-headers line to appear in the correct vote section
Fixes bug 30316; bugfix on 0.3.5.1-alpha.
2019-04-29 14:31:09 -04:00
David Goulet
0f2ff267c5 sendme: Do not poke at crypto.sendme_digest directly
As per review from nickm, keep as much as we can the relay_crypto_t object
opaque.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
0d8b9b56c5 sendme: Better function names
From nickm's review, improve the names of some functions.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
67c2254183 sendme: Move note_cell_digest() to relay_crypto module
Because this function is poking within the relay_crypto_t object, move the
function to the module so we can keep it opaque as much as possible.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
d084f9115d sendme: Better handle the random padding
We add random padding to every cell if there is room. This commit not only
fixes how we compute that random padding length/offset but also improves its
safety with helper functions and a unit test.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
c7385b5b14 sendme: Keep cell digest only if a SENDME is next
This way, we reduce the load by only hashing when we absolutely must.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
805c81efed sendme: Add helper to note the cell digest
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
7c8e519b34 sendme: Helper to know if next cell is a SENDME
We'll use it this in order to know when to hash the cell for the SENDME
instead of doing it at every cell.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
aef7095c3e prop289: Add documentation for the circuit FIFO list
Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
44750b0de6 prop289: Skip the first 4 unused bytes in a cell
When adding random to a cell, skip the first 4 bytes and leave them zeroed. It
has been very useful in the past for us to keep bytes like this.

Some code trickery was added to make sure we have enough room for this 4 bytes
offset when adding random.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
77d560af64 prop289: Keep the digest bytes, not the object
The digest object is as large as the entire internal digest object's state,
which is often much larger than the actual set of bytes you're transmitting.

This commit makes it that we keep the digest itself which is 20 bytes.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
4efe9d653a prop289: Move digest matching in its own function
No behavior change but code had to be refactored a bit. Also, the tor_memcmp()
was changed to tor_memneq().

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
217b553193 prop289: Rename packaged functions with better name
The circuit and stream level functions that update the package window have
been renamed to have a "_note_" in them to make their purpose more clear.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
2ec25e847e prop289: Move SENDME cell processing in a separate function
No behavior change. Only moving code and fixing part of it in order to use the
parameters passed as pointers.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
504e05b029 prop289: Use a 20 bytes digest instead of 4
To achieve such, this commit also changes the trunnel declaration to use a
union instead of a seperate object for the v1 data.

A constant is added for the digest length so we can use it within the SENDME
code giving us a single reference.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
cede93b2d8 tests: Implement unit tests for SENDME v1
Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
a6e012508e prop289: Add random bytes to the unused portion of the cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
402f0a4f5d prop289: Remember the last cell digest for v1 SENDMEs
In order to do so, depending on where the cell is going, we'll keep the last
cell digest that is either received inbound or sent outbound.

Then it can be used for validation.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
bb473a807a prop289: Match the SENDME digest
Now that we keep the last seen cell digests on the Exit side on the circuit
object, use that to match the SENDME v1 transforming this whole process into a
real authenticated SENDME mechanism.

Part of #26841

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
93f9fbbd34 prop289: Keep track of the last seen cell digests
This makes tor remember the last seen digest of a cell if that cell is the
last one before a SENDME on the Exit side.

Closes #26839

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
81706d8427 prop289: Support SENDME v1 cell parsing
This commit makes tor able to parse and handle a SENDME version 1. It will
look at the consensus parameter "sendme_accept_min_version" to know what is
the minimum version it should look at.

IMPORTANT: At this commit, the validation of the cell is not fully
implemented. For this, we need #26839 to be completed that is to match the
SENDME digest with the last cell digest.

Closes #26841

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
023a70da84 prop289: Support sending SENDME version 1
This code will obey the consensus parameter "sendme_emit_min_version" to know
which SENDME version it should send. For now, the default is 0 and the
parameter is not yet used in the consensus.

This commit adds the support to send version 1 SENDMEs but aren't sent on the
wire at this commit.

Closes #26840

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
eef78ac0b0 prop289: Add SENDME trunnel declaration
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
c38d46bf4a prop289: Add two consensus parameters
In order to be able to deploy the authenticated SENDMEs, these two consensus
parameters are needed to control the minimum version that we can emit and
accept.

See section 4 in prop289 for more details.

Note that at this commit, the functions that return the values aren't used so
compilation fails if warnings are set to errors.

Closes #26842

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
0e6e800c89 sendme: Always close stream if deliver window is negative
Previously, we would only close the stream when our deliver window was
negative at the circuit-level but _not_ at the stream-level when receiving a
DATA cell.

This commit adds an helper function connection_edge_end_close() which
sends an END and then mark the stream for close for a given reason.

That function is now used both in case the deliver window goes below zero for
both circuit and stream level.

Part of #26840

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
8e38791baf sendme: Add helper functions for DATA cell packaging
When we are about to send a DATA cell, we have to decrement the package window
for both the circuit and stream level.

This commit adds helper functions to handle the package window decrement.

Part of #26288

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
2d3c600915 sendme: Add helper functions for DATA cell delivery
When we get a relay DATA cell delivered, we have to decrement the deliver
window on both the circuit and stream level.

This commit adds helper functions to handle the deliver window decrement.

Part of #26840

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
9c42cc1eb2 sendme: Refactor SENDME cell processing
This is a bit of a complicated commit. It moves code but also refactors part
of it. No behavior change, the idea is to split things up so we can better
handle and understand how SENDME cells are processed where ultimately it will
be easier to handle authenticated SENDMEs (prop289) using the intermediate
functions added in this commit.

The entry point for the cell arriving at the edge (Client or Exit), is
connection_edge_process_relay_cell() for which we look if it is a circuit or
stream level SENDME. This commit refactors that part where two new functions
are introduced to process each of the SENDME types.

The sendme_process_circuit_level() has basically two code paths. If we are a
Client (the circuit is origin) or we are an Exit. Depending on which, the
package window is updated accordingly. Then finally, we resume the reading on
every edge streams on the circuit.

The sendme_process_stream_level() applies on the edge connection which will
update the package window if needed and then will try to empty the inbuf if
need be because we can now deliver more cells.

Again, no behavior change but in order to split that code properly into their
own functions and outside the relay.c file, code modification was needed.

Part of #26840.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
ed8593b9e0 sendme: Modernize and cleanup old moved code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:57 -04:00
David Goulet
e5806dcea8 sendme: Move code to the new files sendme.{c|h}
Take apart the SENDME cell specific code and put it in sendme.{c|h}. This is
part of prop289 that implements authenticated SENDMEs.

Creating those new files allow for the already huge relay.c to not grow in LOC
and makes it easier to handle and test the SENDME cells in an isolated way.

This commit only moves code. No behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-04-29 12:17:33 -04:00
Nick Mathewson
806539b40a Use fast check for missing id in node_is_a_configured_bridge()
Fixes bug 30308; bugfix on 0.3.5.1-alpha.
2019-04-26 11:19:46 -04:00
Nick Mathewson
650b94ebc1 Use a linear algorithm to subtract two nodelists.
The nodelist_idx for each node_t serves as a unique identifier for
the node, so we can use a bitarray to hold all the excluded
nodes, and then remove them from the smartlist.

Previously use used smartlist_subtract(sl, excluded), which is
O(len(sl)*len(excluded)).

We can use this function in other places too, but this is the one
that showed up on the profiles of 30291.

Closes ticket 30307.
2019-04-26 11:04:44 -04:00
Nick Mathewson
1d44ac9acd Make nodelist_get_list() return a const pointer. 2019-04-26 10:36:49 -04:00
Nick Mathewson
efeb101b96 Merge remote-tracking branch 'tor-github/pr/889' 2019-04-25 20:25:34 -04:00
Nick Mathewson
36b4fc7437 Merge remote-tracking branch 'tor-github/pr/922' 2019-04-25 20:08:39 -04:00
Nick Mathewson
a5cced2b7a Extract keyword argument checking from argument parsing. 2019-04-25 14:13:03 -04:00
Nick Mathewson
a0299cd240 In control command api, rename "object" to "cmddata"
This makes it match control-spec.txt.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ff9ba7d6c4 expand CMD_FL_WIPE to wipe the parsed arguments too 2019-04-25 14:13:03 -04:00
Nick Mathewson
88d22b898e Simplify handler logic in control_cmd.c
Now that the legacy handlers are gone, we can simplify the
structures and macros here.
2019-04-25 14:13:03 -04:00
Nick Mathewson
ddd33d39c7 Port the authenticate and authchallenge commands to the new parser
These two presented their own challenge, because of their use of
QString, and their distinguished handling of quoted versus
non-quoted values.
2019-04-25 14:13:03 -04:00
Nick Mathewson
8799b4e805 Add rudimentary qstring support to kvline.c 2019-04-25 14:13:03 -04:00
Nick Mathewson
ba05324242 Move and rename decode_escaped_string()
This function decodes something different from the usual c-escaped
format.

It is only used in controller authorization.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0c0b869ba4 Use the new controller command parser for EXTENDCIRCUIT.
This command does not fit perfectly with the others, since its
second argument is optional and may contain equal signs.  Still,
it's probably better to squeeze it into the new metaformat, since
doing so allows us to remove several pieces of the old
command-parsing machinery.
2019-04-25 14:13:03 -04:00
Nick Mathewson
95afdb005c Use new parser logic for SETCONF/RESETCONF code.
Here we get to throw away a LOT of unused code, since most of the
old parsing was redundant with kvline.
2019-04-25 14:13:03 -04:00
Nick Mathewson
d8b3ec865d Update more controller commands, now that we have kvline support 2019-04-25 14:13:03 -04:00
Nick Mathewson
dab35386ca Add a case-insensitive variant to config_line_find() 2019-04-25 14:13:03 -04:00
Nick Mathewson
9471391694 Add kvline support to controller command parser.
This should let us handle all (or nearly all) of the remaining
commands.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0841a69357 Allow kvlines in control commands. 2019-04-25 14:13:03 -04:00
Nick Mathewson
bb37ad6957 Add fuzzing support for several more groups of kvlines flags 2019-04-25 14:13:03 -04:00
Nick Mathewson
73df91bbb5 kvline: handle empty alues as well as empty keys
The two options are mutually exclusive, since otherwise an entry
like "Foo" would be ambiguous.  We want to have the ability to treat
entries like this as keys, though, since some controller commands
interpret them as flags.
2019-04-25 14:13:03 -04:00
Nick Mathewson
01b07c548b Use parsing code for the simpler controller commands.
(This should be all of the command that work nicely with positional
arguments only.)

Some of these commands should probably treat extra arguments as
incorrect, but for now I'm trying to be careful not to break
any existing users.
2019-04-25 14:13:03 -04:00
Nick Mathewson
cbd1a7e053 Unit tests for current control-command parser logic 2019-04-25 14:13:03 -04:00
Nick Mathewson
dbfe1a14e4 When parsing a multiline controller command, be careful with linebreaks
The first line break in particular was mishandled: it was discarded
if no arguments came before it, which made it impossible to
distinguish arguments from the first line of the body.

To solve this, we need to allocate a copy of the command rather than
using NUL to separate it, since we might have "COMMAND\n" as our input.

Fixes ticket 29984.
2019-04-25 14:13:03 -04:00
Nick Mathewson
f18b7dc473 Extract the argument-splitting part of control.c's parser
This is preliminary work for fixing 29984; no behavior has changed.
2019-04-25 14:13:03 -04:00
Nick Mathewson
de70eebc65 Start on a command-parsing tool for controller commands.
There _is_ an underlying logic to these commands, but it isn't
wholly uniform, given years of tweaks and changes.  Fortunately I
think there is a superset that will work.

This commit adds a parser for some of the most basic cases -- the
ones currently handled by getargs_helper() and some of the
object-taking ones.  Soon will come initial tests; then I'll start using
the parser.

After that, I'll expand the parser to handle the other cases that come
up in the controller protocol.
2019-04-25 14:13:03 -04:00
Nick Mathewson
0d650e7958 Move responsibility for checking if events are setup into periodic.c
We have checks in various places in mainlook.c to make sure that
events are initialized before we invoke any periodic_foo() functions
on them.  But now that each subsystem will own its own periodic
events, it will be cleaner if we don't assume that they are all
setup or not.
2019-04-25 13:23:18 -04:00
Nick Mathewson
233835e14f Move the responsibility for listing periodic events to periodic.c
The end goal here is to move the periodic callback to their
respective modules, so that mainloop.c doesn't have to include so
many other things.

This patch doesn't actually move any of the callbacks out of
mainloop.c yet.
2019-04-25 10:09:36 -04:00
George Kadianakis
974c2674eb Merge branch 'maint-0.4.0' 2019-04-25 15:47:07 +03:00
George Kadianakis
a39789a02c Merge branch 'tor-github/pr/960' into maint-0.4.0 2019-04-25 15:46:45 +03:00
George Kadianakis
811a93f803 Merge branch 'tor-github/pr/953' 2019-04-25 15:43:47 +03:00
Alexander Færøy
0429072495 Lower log level of unlink() errors in networkstatus_set_current_consensus().
In this patch we lower the log level of the failures for the three calls
to unlink() in networkstatus_set_current_consensus(). These errors might
trigger on Windows because the memory mapped consensus file keeps the
file in open state even after we have close()'d it. Windows will then
error on the unlink() call with a "Permission denied" error.

The consequences of ignoring these errors is that we leave an unused
file around on the file-system, which is an easier way to fix this
problem right now than refactoring networkstatus_set_current_consensus().

See: https://bugs.torproject.org/29930
2019-04-25 01:59:37 +02:00
Nick Mathewson
6320b2988c Merge remote-tracking branch 'tor-github/pr/942' 2019-04-24 17:06:56 -04:00
David Goulet
f39dd0a700 Merge branch 'tor-github/pr/951' 2019-04-24 09:53:15 -04:00
David Goulet
608cf2ba8d Merge branch 'tor-github/pr/943' 2019-04-24 09:51:14 -04:00
David Goulet
5bcf87c224 Merge branch 'tor-github/pr/955' 2019-04-24 09:45:32 -04:00
David Goulet
4b599aaae4 Merge branch 'tor-github/pr/939' 2019-04-24 09:43:28 -04:00
teor
f35bd36814
test-network-all: Test IPv6-only v3 single onion services
In "make test-network-all", test IPv6-only v3 single onion services,
using the chutney network single-onion-v23-ipv6-md. This test will
not pass until 23588 has been merged.

Closes ticket 27251.
2019-04-24 17:42:59 +10:00
teor
3d89f0374a
hs_config: Allow Tor to be configured as an IPv6-only v3 single onion service
Part of #23588.
2019-04-24 17:29:18 +10:00
teor
f05e3f3c9a
test/hs: Correctly convert an IPv6 intro point to an extend_info
Part of #23588.
2019-04-24 17:29:14 +10:00
teor
abe086dd97
test/hs: Re-enable the IPv6 intro point in the HS tests
Tests 23588, partially reverts 23576.

Implements 29237.
2019-04-24 17:29:10 +10:00
Neel Chauhan
b65f8c419a
Add firewall_choose_address_ls() and hs_get_extend_info_from_lspecs() tests 2019-04-24 17:28:38 +10:00
Neel Chauhan
2618347657
Use fascist_firewall_choose_address_ls() in hs_get_extend_info_from_lspecs() 2019-04-24 17:28:34 +10:00
Neel Chauhan
da268e3b50
Add function fascist_firewall_choose_address_ls() 2019-04-24 17:28:30 +10:00
Nick Mathewson
15d4238383 Merge remote-tracking branch 'tor-github/pr/944' 2019-04-23 15:39:23 -04:00
Nick Mathewson
8bea0c2fa3 Rename outvar to follow _out convention. 2019-04-23 14:14:17 -04:00
Nick Mathewson
475ac11bc1 Merge remote-tracking branch 'tor-github/pr/935' 2019-04-23 14:11:04 -04:00
Nick Mathewson
a7599c5be2 Merge remote-tracking branch 'tor-github/pr/962' 2019-04-23 12:48:37 -04:00
Neel Chauhan
2ab19a48c2 Initialize rate_limited in hs_pick_hsdir() to false 2019-04-19 09:50:54 -04:00
Neel Chauhan
efde686aa5 Only set rate_limited in hs_pick_hsdir() if rate_limited_count or responsible_dirs_count is greater than 0 2019-04-19 09:21:20 -04:00
Neel Chauhan
144bc5026e Initialize rate_limited to false in directory_get_from_hs_dir() 2019-04-19 09:17:29 -04:00
Neel Chauhan
943559b180 Make rate_limited and is_rate_limited a bool 2019-04-19 08:33:00 -04:00
teor
231036a110
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-04-19 12:00:41 +10:00
teor
742b5b32d5
Merge remote-tracking branch 'tor-github/pr/710' into maint-0.3.5 2019-04-19 11:52:48 +10:00
teor
cb084de5e5
Merge remote-tracking branch 'tor-github/pr/726' into maint-0.3.5 2019-04-19 11:51:05 +10:00
teor
2ae67fee42
Merge remote-tracking branch 'tor-github/pr/745' into maint-0.3.5 2019-04-19 11:48:41 +10:00
teor
116970dda7
Merge remote-tracking branch 'tor-github/pr/946' into maint-0.3.4 2019-04-19 11:47:10 +10:00
teor
b1762f8d12
Merge remote-tracking branch 'tor-github/pr/638' into maint-0.3.4 2019-04-19 11:44:38 +10:00
teor
8154b33f9c
Merge remote-tracking branch 'tor-github/pr/791' into maint-0.3.4 2019-04-19 11:43:46 +10:00
teor
2460b4461f
Merge remote-tracking branch 'tor-github/pr/792' into maint-0.2.9 2019-04-19 11:42:09 +10:00
teor
ec213ae8a0
Merge remote-tracking branch 'tor-github/pr/772' into maint-0.2.9 2019-04-19 11:38:52 +10:00
George Kadianakis
78223ab0fc Merge branch 'tor-github/pr/938' 2019-04-18 13:23:32 +03:00
George Kadianakis
d867b7ae1d Merge branch 'maint-0.4.0' 2019-04-18 13:22:23 +03:00
George Kadianakis
6a179b1072 Merge branch 'tor-github/pr/891' into maint-0.4.0 2019-04-18 13:21:59 +03:00
teor
c483ccf1c9
connection_edge: remove an extra ; 2019-04-17 18:43:20 +10:00
teor
728d20ed08
connection_edge: Return a web page when HTTPTunnelPort is misconfigured
Return an informative web page when the HTTPTunnelPort is used as an
HTTP proxy.

Closes ticket 27821, patch by "eighthave".
2019-04-17 17:58:40 +10:00
Mike Perry
17a164a827 Bug 30173: Rate limit padding rate limit log message.
Gotta limit to the limit when the limit is reached.
2019-04-17 02:51:48 +00:00
Mike Perry
21a4438c58 Bug 30173: Add consensus param to disable padding.
Disable padding via limit check and machine condition. Limits cause us to stop
sending padding. Machine conditions cause the machines to be shut down, and
not restarted.
2019-04-17 02:44:42 +00:00
teor
031ed59dba
test/relay: add a missing typedef
In 0.3.4 and later, these functions are declared in rephist.h:
STATIC uint64_t find_largest_max(bw_array_t *b);
STATIC void commit_max(bw_array_t *b);
STATIC void advance_obs(bw_array_t *b);

But in 0.2.9, they are declared in rephist.c and test_relay.c.

So compilers fail with a "must use 'struct' tag" error.

We add the missing struct typedef in test_relay.c, to match the
declarations in rephist.c.

(Merge commit 813019cc57 moves these functions into rephist.h instead.)

Fixes bug 30184; not in any released version of Tor.
2019-04-17 11:14:05 +10:00
Bernhard M. Wiedemann
8c4e68438d Do not warn about compatible OpenSSL upgrades
When releasing OpenSSL patch-level maintenance updates,
we do not want to rebuild binaries using it.
And since they guarantee ABI stability, we do not have to.

Without this patch, warning messages were produced
that confused users:
https://bugzilla.opensuse.org/show_bug.cgi?id=1129411

Fixes bug 30190; bugfix on 0.2.4.2-alpha commit 7607ad2bec

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
2019-04-17 01:55:04 +02:00
Neel Chauhan
ada6732914 Clarify comment about IPv6Exit in policies_parse_exit_policy_from_options() 2019-04-16 08:22:17 -04:00
Neel Chauhan
06c76e79aa Clarify torrc comment for IPv6Exit 2019-04-16 08:20:48 -04:00
Neel Chauhan
e7c22e6e48 Add policy_using_default_exit_options() to determine if we're using the default exit options 2019-04-16 08:19:44 -04:00
Nick Mathewson
7b2357a37a Merge remote-tracking branch 'tor-github/pr/884' 2019-04-16 08:08:06 -04:00
teor
05d25d06b6
rephist: fix an undeclared type compilation error
In 0.3.4 and later, we declare write_array as:
extern struct bw_array_t *write_array;
...
typedef struct bw_array_t bw_array_t;

But in 0.2.9, we declare write_array as:
typedef struct bw_array_t bw_array_t;
extern bw_array_t *write_array;

And then again in rephist.c:
typedef struct bw_array_t bw_array_t;

So some compilers fail with a duplicate declaration error.

We backport 684b396ce5, which removes the duplicate declaration.
And this commit deals with the undeclared type error.

Backports a single line from merge commit 813019cc57.

Fixes bug 30184; not in any released version of Tor.
2019-04-16 15:39:45 +10:00
Nick Mathewson
684b396ce5
Remove another needless typedef 2019-04-16 15:33:14 +10:00
Nick Mathewson
950d890f77 In warn_if_nul_found, log surrounding context.
We need to encode here instead of doing escaped(), since fwict
escaped() does not currently handle NUL bytes.

Also, use warn_if_nul_found in more cases to avoid duplication.
2019-04-15 15:33:09 -04:00
Nick Mathewson
0c42ddf28c fixup! Even more diagnostic messages for bug 28223.
Use TOR_PRIuSZ in place of %zu.
2019-04-15 15:21:18 -04:00
Nick Mathewson
82a3161c41 Document check for 30176, since it's a bit subtle. 2019-04-15 14:52:08 -04:00
Tobias Stoeckmann
670d0f9f5b Clear memory in smartlist_remove_keeporder.
The smartlist functions take great care to reset unused pointers inside
the smartlist memory to NULL.

The function smartlist_remove_keeporder does not clear memory in such
way when elements have been removed. Therefore call memset after the
for-loop that removes elements. If no element is removed, it is
effectively a no-op.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-15 14:51:36 -04:00
Tobias Stoeckmann
5a0c857996 Add test to verify that unused pointers are NULL.
The smartlist code takes great care to set all unused pointers inside
the smartlist memory to NULL. Check if this is also the case after
modifying the smartlist multiple times.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-15 14:46:26 -04:00
Nick Mathewson
3105081c2f Fix assertf() issues when ALL_BUGS_ARE_FATAL is defined.
Fix from Gisle Vanem; fixes bug 30179.  Bug not in any released
version of Tor.
2019-04-15 14:37:46 -04:00
Nick Mathewson
358df18064 Merge branch 'bug30189_035' into bug30189_041 2019-04-15 14:27:32 -04:00
Nick Mathewson
802ac8ad61 Use a tor_abort_() wrapper in our util_bug.h macros
Previously, our use of abort() would break anywhere that we didn't
include stdlib.h.  This was especially troublesome in case where
tor_assert_nonfatal() was used with ALL_BUGS_ARE_FATAL, since that
one seldom gets tested.

As an alternative, we could have just made this header include
stdlib.h.  But that seems bloaty.

Fixes bug 30189; bugfix on 0.3.4.1-alpha.
2019-04-15 14:16:23 -04:00
George Kadianakis
3f9efc5e88 Merge branch 'maint-0.4.0' 2019-04-15 13:56:48 +03:00
George Kadianakis
15591e1bbd Merge branch 'tor-github/pr/948' into maint-0.4.0 2019-04-15 13:56:37 +03:00
rl1987
55b4f02ba6 Fix shellcheck warnings in fixup_filenames.sh 2019-04-15 12:13:35 +03:00
teor
1177818c32
Merge branch 'rust-panic1-035' into rust-panic1-040 2019-04-15 10:18:59 +10:00
teor
a6d0420f7c
Merge branch 'rust-panic1-034' into rust-panic1-035
Trivial merge: a blank line was removed between 0.3.4 and 0.3.5.
2019-04-15 10:18:01 +10:00
teor
5ab5c8ec15
Merge branch 'rust-panic1' into rust-panic1-034 2019-04-15 10:15:02 +10:00
Neel Chauhan
cc87acf29b Remove unused get_options() 2019-04-14 14:51:42 -04:00
Neel Chauhan
03464a9165 Update torrc.sample.in to IPv6Exit 1 being an exit by default 2019-04-14 12:48:07 -04:00
Neel Chauhan
5cad9fb477 Become an exit relay if IPv6Exit is 1 2019-04-14 12:48:07 -04:00
Nick Mathewson
88dc7bc171 Add an assertion to test_hs_cache.c to appease coverity.
Coverity doesn't like to see a path where we test a pointer for
NULL if we have already ready dereferenced the pointer on that
path.  While in this case, the check is not needed, it's best not to
remove checks from the unit tests IMO.  Instead, I'm adding an
earlier check, so that coverity, when analyzing this function, will
think that we have always checked the pointer before dereferencing
it.

Closes ticket 30180; CID 1444641.
2019-04-14 11:31:50 -04:00
rl1987
4fa4fe0945 Fix remaining shellcheck warnings in fuzz_multi.sh 2019-04-12 22:41:39 +03:00
rl1987
1ee991ed4b Add shebang line to fuzz_multi.sh (fixes SC2148) 2019-04-12 22:38:06 +03:00
Nick Mathewson
e9ca904dbf Define two more commands as wipe-after-parse. 2019-04-12 08:33:27 -04:00
Nick Mathewson
f3bd0240a6 Add assertions for correct input to handle_control_command. 2019-04-12 08:33:27 -04:00
Nick Mathewson
d1f5957c4e Improve handling of controller commands
Use a table-based lookup to find the right command handler.  This
will serve as the basement for several future improvements, as we
improve the API for parsing commands.
2019-04-12 08:33:27 -04:00
George Kadianakis
7b386f2356 Merge branch 'tor-github/pr/908' 2019-04-12 13:47:08 +03:00
George Kadianakis
86aa141572 Merge branch 'tor-github/pr/754' 2019-04-12 13:45:53 +03:00
teor
ebbc2c3d8f
crypt_ops: Stop using a separate buffer in ed25519_signature_from_base64()
Part of 29960.
2019-04-12 13:00:02 +10:00
Neel Chauhan
398c736230 Remove unused variable in fmt_serverstatus.c 2019-04-11 22:11:27 -04:00
Neel Chauhan
994b8ba424 Update networkstatus_getinfo_by_purpose() comment 2019-04-11 21:36:38 -04:00
Neel Chauhan
14d7008045 Stop setting routers as running in list_server_status_v1() 2019-04-11 21:30:48 -04:00
Neel Chauhan
c07d854772 Remove callback for setting bridges as running 2019-04-11 21:28:35 -04:00
Neel Chauhan
4172dcaa62 Move code for setting bridges as running to voteflags.c 2019-04-11 20:44:30 -04:00
Neel Chauhan
30279a7c57 Use authdir_mode_bridge() in set_bridge_running_callback() 2019-04-11 20:28:11 -04:00
Neel Chauhan
aa9940ed21 Make SET_BRIDGES_RUNNING_INTERVAL 5 minutes 2019-04-11 20:24:08 -04:00
Nick Mathewson
cdafcc49bc Fix a memory leak in tor-resolve.c
Closes bug 30151/coverity CID 1441830. Bugfix on 0.4.0.1-alpha when
we started doing trunnel parsing in tor-resolve.c.
2019-04-11 19:10:05 -04:00
Nick Mathewson
48a574604b Remove an extraneous _ from __COVERITY__
We had a typo in this check, so that coverity wasn't taking the
right path.

Bug not in any released Tor.
2019-04-11 18:56:02 -04:00
Nick Mathewson
66b07e7ec1 Add an assertion to num_ntors_per_tap().
This should please coverity, and fix CID 1415721.  It didn't
understand that networkstatus_get_param() always returns a value
between its minimum and maximum values.
2019-04-11 18:44:10 -04:00
Nick Mathewson
96e310911f Add an assertion to compute_weighted_bandwidths()
This should please coverity, and fix CID 1415722.  It didn't
understand that networkstatus_get_param() always returns a value
between its minimum and maximum values.
2019-04-11 18:41:38 -04:00
Nick Mathewson
55690d05bd Add an assertion to pathbias_get_scale_ratio()
This should please coverity, and fix CID 1415723.  It didn't understand
that networkstatus_get_param() always returns a value between its
minimum and maximum values.
2019-04-11 18:38:59 -04:00
Nick Mathewson
85ff6f9114 Fix a memory leak on failure to create keys directory.
Fixes bug 30148, which is also CID 1437429 and CID 1437454. Bugfix
on 0.3.3.1-alpha, when separate key directories became a thing.
2019-04-11 18:18:14 -04:00
Nick Mathewson
781d69f3a7 Make it clear to coverity we aren't leaking in protover_all_supported()
The logic here should be "use versions or free it".  The "free it"
part was previously in a kind of obfuscated place, so coverity
wasn't sure it was invoked as appropriate.  CID 1437436.
2019-04-11 17:51:11 -04:00
Nick Mathewson
4e3d144fb0 Don't leak on logic error in string_is_valid_nonrfc_hostname()
This is CID 1437438.  No backport needed: this is unreachable, and
guarded with a BUG() check.
2019-04-11 17:40:05 -04:00
Nick Mathewson
7c98105d56 On failure to create extend info for an introduction point, don't leak.
This is CID 1438152.  No backport needed: this path is already
inside a BUG() guard.
2019-04-11 17:35:19 -04:00
Nick Mathewson
40471d73e5 bump to 0.4.0.4-rc-dev 2019-04-11 17:05:38 -04:00
Neel Chauhan
011307dd5f Make repeated/rate limited HSFETCH queries fail with QUERY_RATE_LIMITED 2019-04-11 15:21:17 -04:00
Nick Mathewson
9fabf104ed Merge remote-tracking branch 'tor-github/pr/913' 2019-04-11 14:30:05 -04:00
Nick Mathewson
d549440124 Merge remote-tracking branch 'tor-github/pr/887' 2019-04-11 14:29:16 -04:00
Nick Mathewson
f8dc935fb7 Merge remote-tracking branch 'tor-github/pr/741' 2019-04-11 14:27:06 -04:00
Nick Mathewson
b2fc57426c Bump version to 0.4.0.4-rc 2019-04-10 11:51:49 -04:00
Nick Mathewson
3be1e26b8d Merge branch 'maint-0.4.0' 2019-04-10 11:31:44 -04:00
Nick Mathewson
412bcc5b2a Merge remote-tracking branch 'tor-github/pr/926' into maint-0.4.0 2019-04-10 11:31:33 -04:00
Tobias Stoeckmann
9ce0bdd226 Prevent double free on huge files with 32 bit.
The function compat_getdelim_ is used for tor_getline if tor is compiled
on a system that lacks getline and getdelim. These systems should be
very rare, considering that getdelim is POSIX.

If this system is further a 32 bit architecture, it is possible to
trigger a double free with huge files.

If bufsiz has been already increased to 2 GB, the next chunk would
be 4 GB in size, which wraps around to 0 due to 32 bit limitations.

A realloc(*buf, 0) could be imagined as "free(*buf); return malloc(0);"
which therefore could return NULL. The code in question considers
that an error, but will keep the value of *buf pointing to already
freed memory.

The caller of tor_getline() would free the pointer again, therefore
leading to a double free.

This code can only be triggered in dirserv_read_measured_bandwidths
with a huge measured bandwith list file on a system that actually
allows to reach 2 GB of space through realloc.

It is not possible to trigger this on Linux with glibc or other major
*BSD systems even on unit tests, because these systems cannot reach
so much memory due to memory fragmentation.

This patch is effectively based on the penetration test report of
cure53 for curl available at https://cure53.de/pentest-report_curl.pdf
and explained under section "CRL-01-007 Double-free in aprintf() via
unsafe size_t multiplication (Medium)".
2019-04-10 12:46:27 +03:00
teor
12b9bfc05f
test: Also avoid reading the system default torrc in integration tests
Part of 29702.
2019-04-10 19:03:43 +10:00
rl1987
93dcfc6593
Use empty torrc file when launching tor in test_rebind.py 2019-04-10 18:45:21 +10:00
teor
a1d9f44971
Merge branch 'maint-0.4.0' 2019-04-10 18:27:11 +10:00
teor
454bdb22ee
Merge remote-tracking branch 'tor-github/pr/920' into maint-0.4.0 2019-04-10 18:26:49 +10:00
teor
ce9b101574
bwauth: update measured bandwidth file comments
We forgot to update function header comments and code comments when we
made changes in 0.3.5.1-alpha and later.

Closes 30112.
2019-04-10 15:57:54 +10:00
Nick Mathewson
c28cdcc9bf Merge branch 'maint-0.4.0' 2019-04-09 13:51:44 -04:00
Nick Mathewson
ffdca3dd14 Merge branch 'bug29922_035' into maint-0.4.0 2019-04-09 13:49:58 -04:00
Nick Mathewson
9f3f99938e Actually I believe this should be an EINVAL. 2019-04-09 13:49:10 -04:00
Tobias Stoeckmann
a628e36024 Check return value of buf_move_to_buf for error.
If the concatenation of connection buffer and the buffer of linked
connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
error value.

This value is currently casted to size_t (variable n_read) and will
erroneously lead to an increasement of variable "max_to_read".

This in turn can be used to call connection_buf_read_from_socket to
store more data inside the buffer than expected and clogging the
connection buffer.

If the linked connection buffer was able to overflow INT_MAX, the call
of buf_move_to_buf would have previously internally triggered an integer
overflow, corrupting the state of the connection buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:05:22 -04:00
Tobias Stoeckmann
5a6ab3e7db Protect buffers against INT_MAX datalen overflows.
Many buffer functions have a hard limit of INT_MAX for datalen, but
this limitation is not enforced in all functions:

- buf_move_all may exceed that limit with too many chunks
- buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
- buf_new_with_data may exceed that limit (unit tests only)

This patch adds some annotations in some buf_pos_t functions to
guarantee that no out of boundary access could occur even if another
function lacks safe guards against datalen overflows.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:05:14 -04:00
Tobias Stoeckmann
0fa95308fe Check return value of buf_move_to_buf for error.
If the concatenation of connection buffer and the buffer of linked
connection exceeds INT_MAX bytes, then buf_move_to_buf returns -1 as an
error value.

This value is currently casted to size_t (variable n_read) and will
erroneously lead to an increasement of variable "max_to_read".

This in turn can be used to call connection_buf_read_from_socket to
store more data inside the buffer than expected and clogging the
connection buffer.

If the linked connection buffer was able to overflow INT_MAX, the call
of buf_move_to_buf would have previously internally triggered an integer
overflow, corrupting the state of the connection buffer.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-09 12:00:14 -04:00
Tobias Stoeckmann
74b2bc43fb Protect buffers against INT_MAX datalen overflows.
Many buffer functions have a hard limit of INT_MAX for datalen, but
this limitation is not enforced in all functions:

- buf_move_all may exceed that limit with too many chunks
- buf_move_to_buf exceeds that limit with invalid buf_flushlen argument
- buf_new_with_data may exceed that limit (unit tests only)

This patch adds some annotations in some buf_pos_t functions to
guarantee that no out of boundary access could occur even if another
function lacks safe guards against datalen overflows.

  [This is a backport of the submitted patch to 0.2.9, where the
  buf_move_to_buf and buf_new_with_data functions did not exist.]
2019-04-09 11:59:20 -04:00
George Kadianakis
16041d7918 Merge branch 'maint-0.4.0' 2019-04-09 12:25:18 +03:00
George Kadianakis
c7cf49dc3c Merge branch 'tor-github/pr/915' into maint-0.4.0 2019-04-09 12:24:52 +03:00
teor
3d45079c27
Merge branch 'maint-0.4.0' 2019-04-09 11:36:59 +10:00
teor
e4692fad96
Merge remote-tracking branch 'tor-github/pr/866' 2019-04-09 11:36:38 +10:00
teor
92e8bdf296
Merge remote-tracking branch 'tor-github/pr/892' into maint-0.4.0 2019-04-09 11:35:41 +10:00
Nick Mathewson
a63bd87760 Detect and suppress an additional gmtime() warning in test_util.c
Fixes bug 29922; bugfix on 0.2.9.3-alpha when we tried to capture
all these warnings.  No need to backport any farther than 0.3.5,
though -- these warnings don't cause test failures before then.

This one was tricky to find because apparently it only happened on
_some_ windows builds.
2019-04-08 17:02:14 -04:00
rl1987
0e0a0b9802 Fix SC2006 in minimize.sh 2019-04-08 11:16:45 +03:00
teor
4cffc7fe9c
Merge branch 'maint-0.4.0' 2019-04-06 12:23:25 +10:00
teor
b100c9e980
Merge remote-tracking branch 'tor-github/pr/911' into maint-0.4.0 2019-04-06 12:15:41 +10:00
Nick Mathewson
5cb94cbf9d
NSS: disable TLS1.2 SHA-384 ciphersuites.
In current NSS versions, these ciphersuites don't work with
SSL_ExportKeyingMaterial(), which was causing relays to fail when
they tried to negotiate the v3 link protocol authentication.

Fixes bug 29241; bugfix on 0.4.0.1-alpha.
2019-04-06 11:06:34 +10:00
Nick Mathewson
680fd3f8fb
NSS: Log an error message when SSL_ExportKeyingMaterial() fails
Diagnostic for 29241.
2019-04-06 11:06:22 +10:00
teor
48e990359b
Merge branch 'maint-0.2.9' into maint-0.3.4 2019-04-06 09:33:11 +10:00
George Kadianakis
df4e2c42a8 Merge branch 'tor-github/pr/907' 2019-04-05 16:45:55 +03:00
George Kadianakis
071a000d67 Merge branch 'tor-github/pr/906' into maint-0.4.0 2019-04-05 16:44:59 +03:00
George Kadianakis
3393c8d510 Merge branch 'maint-0.4.0' 2019-04-05 14:53:39 +03:00
George Kadianakis
217db9efe1 Merge branch 'tor-github/pr/902' into maint-0.4.0 2019-04-05 14:53:33 +03:00
George Kadianakis
b371ea5b0e Merge branch 'tor-github/pr/761' 2019-04-05 14:52:36 +03:00
George Kadianakis
574c207670 Merge branch 'maint-0.4.0' 2019-04-05 14:51:33 +03:00
George Kadianakis
747b74c182 Merge branch 'tor-github/pr/800' into maint-0.4.0 2019-04-05 14:51:21 +03:00
teor
c616f45776 binascii: Fix the base64_encode_nopad() buffer length requirement
Comment-only change.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
5e2cba8eb4 crypto_format: Stop adding padding in ed25519_signature_from_base64()
base64_decode() does not require padding.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
ce5e38642d crypto_format: Remove the return value from ed25519_signature_to_base64()
Also remove all checks for the return value, which were redundant anyway,
because the function never failed.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
e3124fef54 crypto_format: Remove the return value from curve25519_public_to_base64()
And fix the documentation on the function: it does produce trailing
"="s as padding.

Also remove all checks for the return value, which were redundant anyway,
because the function never failed.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
7d513a5d55 crypto_format: Remove the return values from digest256_to_base64()
... and ed25519_public_to_base64(). Also remove all checks for the return
values, which were redundant anyway, because the functions never failed.

Part of 29960.
2019-04-05 15:17:19 +10:00
teor
abaed046a6 crypto_format: Remove unused return value from digest_to_base64()
Part of 29660.
2019-04-05 15:17:19 +10:00
teor
0d136a12bb crypto_format: Remove outdated comments
(These functions look pretty unified to me.)

Part of 29660.
2019-04-05 15:17:08 +10:00
teor
e992c5e4bc
Merge branch 'bug29500_040_monoinit_revert' into bug29500_master_monoinit
Apply data structure changes between 0.4.0 and 0.4.1.
2019-04-05 12:24:20 +10:00
teor
593b33608d
Revert "test/circuitpadding: Delete circuitpadding_circuitsetup_machine()"
This reverts commit 387d9448de.
2019-04-05 12:22:18 +10:00
teor
da678213e0
circuitpadding: comment fixes 2019-04-05 12:17:21 +10:00
teor
387d9448de
test/circuitpadding: Delete circuitpadding_circuitsetup_machine()
This test was disabled in 0.4.0 and later, but the fix in #29298 was only
merged to 0.4.1. So this test will never be re-enabled in 0.4.0.

Part of 29500.
2019-04-05 12:17:10 +10:00
Mike Perry
b733044f7a
Bug #29500: Fix monotime mocking in circpad unittests.
Our monotime mocking forces us to call monotime_init() *before* we set the
mocked time value. monotime_init() thus stores the first ratchet value at
whatever the platform is at, and then we set fake mocked time to some later
value.

If monotime_init() gets a value from the host that is greater than what we
choose to mock time at for our unittests, all subsequent monotime_abosolute()
calls return zero, which breaks all unittests that depend on time moving
forward by updating mocked monotime values.

So, we need to adjust our mocked time to take the weird monotime_init() time
into account, when we set fake time.
2019-04-05 12:15:55 +10:00
Mike Perry
b027b06dbb
Bug 29500: Start monotime at 1000 nsec.
Hopefully this will stop monotime_absolute_usec() from returning 0 on some
platforms in the tests.
2019-04-05 12:14:11 +10:00
Mike Perry
1f48c6cd83
Bug 29500: Attempt to fix the tokens test.
Cancel the padding timer by changing order of sent vs recv (sent cancels).
2019-04-05 12:13:19 +10:00
Nick Mathewson
1779878f9e Merge remote-tracking branch 'tor-github/pr/752' 2019-04-04 20:39:36 -04:00
Nick Mathewson
0e7b34354a Merge branch 'maint-0.4.0' 2019-04-04 20:27:04 -04:00
Nick Mathewson
d016bbaa7d Merge branch 'bug29959_040_squashed' into maint-0.4.0 2019-04-04 20:26:47 -04:00
teor
8e961b2174 bwauth: Actually include the bandwidth-file-digest in authority votes
Fixes bug 29959; bugfix on 0.4.0.2-alpha.
2019-04-04 20:26:09 -04:00
Nick Mathewson
76912bf140 Use an enum for inherit_result_out. 2019-04-04 12:56:52 -04:00
Nick Mathewson
8c06f02c94 Syntax fix in test. 2019-04-04 12:56:52 -04:00
Nick Mathewson
027c536598 rename inherit values to avoid conflict with system defines 2019-04-04 12:56:52 -04:00
Nick Mathewson
785c3f84de fast_rng: if noinherit has failed, then check getpid() for bad forks
getpid() can be really expensive sometimes, and it can fail to
detect some kind of fork+prng mistakes, so we need to avoid it if
it's safe to do so.

This patch might slow down fast_prng a lot on any old operating
system that lacks a way to prevent ram from being inherited, AND
requires a syscall for any getpid() calls.  But it should make sure
that we either crash or continue safely on incorrect fork+prng usage
elsewhere in the future.
2019-04-04 12:56:52 -04:00
Nick Mathewson
361e955cf3 map_anon: define a macro if it is possible for noinherit to fail. 2019-04-04 12:56:52 -04:00
Nick Mathewson
12205c3cbe Make map_anon expose the result of a noinherit attempt
Previously we did this for tests only, but it's valuable for getting
proper fork behavior in rand_fast.
2019-04-04 12:56:52 -04:00
Nick Mathewson
ab6ad3c040 Drop thread-local fast_rng on fork.
This will cause the child process to construct a new one in a nice
safe way.

Closes ticket 29668; bug not in any released Tor.
2019-04-04 12:56:52 -04:00
Nick Mathewson
d194f6bedf Implement an DormantCanceledByStartup option
Closes ticket 29357, and comes with appropriate notions of caution.
2019-04-04 11:48:36 -04:00
Nick Mathewson
db1c1dba34 Merge branch 'bug30021_029' into bug30021_035 2019-04-04 11:26:33 -04:00
Nick Mathewson
1710f4bbd6 Do not cache bogus results from classifying client ciphers
When classifying a client's selection of TLS ciphers, if the client
ciphers are not yet available, do not cache the result. Previously,
we had cached the unavailability of the cipher list and never looked
again, which in turn led us to assume that the client only supported
the ancient V1 link protocol.  This, in turn, was causing Stem
integration tests to stall in some cases.  Fixes bug 30021; bugfix
on 0.2.4.8-alpha.
2019-04-04 11:24:55 -04:00
Neel Chauhan
d4d77b277e Stop setting bridges running in networkstatus_getinfo_by_purpose() 2019-04-03 15:27:33 -04:00
Nick Mathewson
5613968d57 Improve logging for 28614.
When we fixed 28614, our answer was "if we failed to load the
consensus on windows and it had a CRLF, retry it."  But we logged
the failure at "warn", and we only logged the retry at "info".

Now we log the retry at "notice", with more useful information.

Fixes bug 30004.
2019-04-03 14:30:56 -04:00
Nick Mathewson
821d29e420 fdio.c: add more includes.
This is just in case there is some rogue platform that uses a
nonstandard value for SEEK_*, and does not define that macro in
unistd.h.  I think that's unlikely, but it's conceivable.
2019-04-03 13:53:36 -04:00
Nick Mathewson
99b87d7ca4 Even more diagnostic messages for bug 28223.
Try to figure out _where exactly_ we are first encountering NULs in
microdescriptors, and what we are doing when that happens.
2019-04-03 13:53:06 -04:00
rl1987
4172b638b8 Fix SC2015 warning 2019-04-03 18:03:34 +03:00
George Kadianakis
0b6769a99e Merge branch 'maint-0.4.0' 2019-04-03 17:59:46 +03:00
George Kadianakis
42aae0e693 Merge branch 'tor-github/pr/867' into maint-0.4.0 2019-04-03 17:59:02 +03:00
rl1987
9e04a87220 Fix SC2064 warning 2019-04-03 17:58:05 +03:00
rl1987
700310df61 Fix SC2006 warnings 2019-04-03 17:56:52 +03:00
rl1987
9e0f0a5656 Fix SC2086 warnings in test_key_expiration.sh 2019-04-03 17:52:31 +03:00
Nick Mathewson
367dd9cf02 30001: Fix a race condition in test_dir_handle_get.c
Previously we used time(NULL) to set the Expires: header in our HTTP
responses.  This made the actual contents of that header untestable,
since the unit tests have no good way to override time(), or to see
what time() was at the exact moment of the call to time() in
dircache.c.

This gave us a race in dir_handle_get/status_vote_next_bandwidth,
where the time() call in dircache.c got one value, and the call in
the tests got another value.

I'm applying our regular solution here: using approx_time() so that
the value stays the same between the code and the test.  Since
approx_time() is updated on every event callback, we shouldn't be
losing any accuracy here.

Fixes bug 30001. Bug introduced in fb4a40c32c4a7e5; not in any
released Tor.
2019-04-03 10:16:18 -04:00
Nick Mathewson
4efbb5d2c1 Merge branch 'maint-0.4.0' 2019-04-03 09:27:44 -04:00
Nick Mathewson
de76862fd6 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-04-03 09:27:44 -04:00
Nick Mathewson
4aa02d3c7a Merge branch 'maint-0.3.4' into maint-0.3.5 2019-04-03 09:27:43 -04:00
Nick Mathewson
3cfcfbac46 Merge branch 'maint-0.2.9' into maint-0.3.4 2019-04-03 09:27:42 -04:00
Nick Mathewson
ee6f54ff3f Merge remote-tracking branch 'tor-github/pr/860' 2019-04-03 08:33:40 -04:00
Karsten Loesing
54e249e269 Update geoip and geoip6 to the April 2 2019 database. 2019-04-03 09:26:28 +02:00
teor
fdee4dd501
Merge remote-tracking branch 'tor-github/pr/863' 2019-04-03 13:12:17 +10:00
rl1987
a549e4f7a3 Remove no-longer needed logging statements 2019-04-02 12:59:37 +03:00
rl1987
eaf071d7da Stop requiring bash in test-network.sh. Make it POSIX compliant 2019-04-02 12:31:57 +03:00
teor
965f0d8912
Merge remote-tracking branch 'tor-github/pr/875' 2019-04-02 11:47:05 +10:00
teor
583ed7c6ec
Merge remote-tracking branch 'tor-github/pr/864' 2019-04-02 11:46:42 +10:00
Nick Mathewson
809a3a748d bug_occurred: a place where we assumed that "buf" was still a buffer
In 9c132a5f9e we replaced "buf" with a pointer and replaced
one instance of snprintf with asprintf -- but there was still one
snprintf left over, being crashy.

Fixes bug 29967; bug not in any released Tor. This is CID 1444262.
2019-03-30 21:07:15 -04:00
Nick Mathewson
9ed02ec282 Merge branch 'ticket29662_squashed' into ticket29662_squashed_merged 2019-03-29 14:28:48 -04:00
rl1987
537ad0bca3 Check for NULL in tor_assertf_nonfatal() 2019-03-29 14:26:13 -04:00
rl1987
9c132a5f9e Refrain from using static buffer for assert failure message; call tor_asprintf() instead 2019-03-29 14:26:03 -04:00
rl1987
a959d7cb98 Use tor_assertf{_nonfatal} in code 2019-03-29 14:25:59 -04:00
rl1987
f66a17444e Silence compiler warnings 2019-03-29 14:25:59 -04:00
teor
194b25f0c7
dircache: Refactor handle_get_next_bandwidth() to use connection_dir_buf_add()
Implements ticket 29897.
2019-03-29 17:26:30 +10:00
rl1987
6ab1929f00
Add connection_dir_buf_add() helper function 2019-03-29 17:25:43 +10:00
Nick Mathewson
c66df27c90 Fix checkIncludes warning about "unusual pattern in src/ext/timeouts/"
Closes ticket 28806.
2019-03-28 16:35:24 -04:00
Nick Mathewson
a7bc47532b test_routerkeys.c: Always check mkdir() return value
After this fix, we have no more unchecked mkdir() calls.

Bug 29939; CID 144254. Bugfix on 0.2.7.2-alpha.
2019-03-28 09:31:13 -04:00
Nick Mathewson
f58587a68d Don't unconditionally deref pub and sub in lint_message_consistency
This can't actually result in a null pointer dereference, since
pub_excl and sub_excl are only set when the corresponding smartlists
are nonempty.  But coverity isn't smart enough to figure that out,
and we shouldn't really be depending on it.

Bug 29938; CID 1444257.  Bug not in any released Tor.
2019-03-28 09:19:23 -04:00
George Kadianakis
00ca3d04cf Merge branch 'tor-github/pr/859' 2019-03-27 14:30:53 +02:00
teor
8991280f89
Merge branch 'maint-0.4.0' 2019-03-27 12:31:37 +10:00
teor
6d188fb4cc
Merge remote-tracking branch 'tor-github/pr/835' into maint-0.4.0 2019-03-27 12:31:07 +10:00
teor
a10d4adc25
Stop assuming that /usr/bin/python3 exists
For scripts that work with python2, use /usr/bin/python.
Otherwise, use /usr/bin/env python3.

Fixes bug 29913; bugfix on 0.2.5.3-alpha.
2019-03-27 11:07:55 +10:00
Nick Mathewson
a47b61f329 Merge branch 'messaging_v3' into messaging_v3_merged 2019-03-26 20:13:49 -04:00
teor
6d057c56f1
Merge remote-tracking branch 'tor-github/pr/820' into maint-0.3.4 2019-03-27 10:01:45 +10:00
Nick Mathewson
203e9138d1 Remove message/subsystem numbers from log messages
Having the numbers in those messages makes some of the unit test
unstable, by causing them to depend on the initialization order of
the naming objects.
2019-03-26 19:56:39 -04:00
teor
c72526f168
Merge branch 'maint-0.4.0' 2019-03-27 09:36:55 +10:00
teor
9ae8d663ea
Merge remote-tracking branch 'tor-github/pr/836' into maint-0.4.0 2019-03-27 09:36:26 +10:00
George Kadianakis
989b6325d6 Merge branch 'tor-github/pr/842' 2019-03-26 16:41:07 +02:00
Nick Mathewson
f32d890531 Merge branch 'bug29805_rebased_squashed' 2019-03-26 09:39:46 -04:00
George Kadianakis
27f24484d4 prob-distr: Some more comments about the initializers.
Based on patches and review comments by Riastradh and Catalyst.

Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Taylor Yu <catalyst@torproject.org>
2019-03-26 09:39:40 -04:00
George Kadianakis
08176c2396 prob-distr: Silence some coverity warnings. 2019-03-26 09:39:37 -04:00
George Kadianakis
d11976b8bd Merge branch 'tor-github/pr/709' 2019-03-26 15:34:54 +02:00
George Kadianakis
2790ee3685 Merge branch 'maint-0.4.0' 2019-03-26 15:16:37 +02:00
George Kadianakis
06951cb3fc Merge branch 'tor-github/pr/847' into maint-0.4.0 2019-03-26 15:16:21 +02:00
teor
613c5ff357
Merge remote-tracking branch 'tor-github/pr/724' 2019-03-26 19:31:17 +10:00
teor
0642650865
Merge branch 'maint-0.4.0' 2019-03-26 19:16:06 +10:00
teor
4258728d56
Merge remote-tracking branch 'tor-github/pr/852' into maint-0.4.0 2019-03-26 19:15:46 +10:00
rl1987
4e6ba575a6 Add header guards to ptr_helpers.h 2019-03-26 09:49:32 +02:00
juga0
da7a8d7624
dircache: fix identation and remove unneded goto 2019-03-26 17:41:17 +10:00
juga0
892b918b66
bwauth: remove declaring args, they are now in use 2019-03-26 17:41:13 +10:00
juga0
a4bf3be8bc
test: check that .../bandwidth.z is compressed 2019-03-26 17:41:09 +10:00
juga0
fb4a40c32c
test: Check bw file cache lifetime 2019-03-26 17:41:06 +10:00
juga0
7627134743
bwauth: increment bw file cache lifetime
Increment bw file cache lifetime when serving it by HTTP.
And add a constant to define that lifetime.
2019-03-26 17:41:02 +10:00
juga0
4d3502e45b
bwauth: check and use compression serving bw file 2019-03-26 17:40:58 +10:00
juga0
b75e2539f9
bwauth: check if a bw file could be read
Before serving it by HTTP.
2019-03-26 17:40:54 +10:00
juga0
ee09e5d7ea
bwauth: use flag to do not warn when file is missing
Use flag to do not warn when the bandwidth file is missing trying
to serve it by http.
Also remove double space in the assignement.
2019-03-26 17:40:50 +10:00
juga0
3eacae42b2
Serve bandwidth file used in the next vote
When a directory authority is using a bandwidth file to obtain the
bandwidth values that will be included in the next vote, serve this
bandwidth file at /tor/status-vote/next/bandwidth.z.
2019-03-26 17:40:45 +10:00
teor
3d38d0ca24
Merge branch 'maint-0.4.0' 2019-03-26 16:57:04 +10:00
teor
828033001b
Merge remote-tracking branch 'tor-github/pr/848' into maint-0.4.0 2019-03-26 16:56:45 +10:00
teor
d482913e69
Merge remote-tracking branch 'tor-github/pr/834' 2019-03-26 12:55:48 +10:00
rl1987
669ec64325
Fix CID 1444119
Let's use the same function exit point for BUG() codepath that we're using
for every other exit condition. That way, we're not forgetting to clean up
the memarea.
2019-03-26 12:24:45 +10:00
teor
3af9a51118
test/dir: add a 4th argument to dirserv_read_measured_bandwidths()
Part of 29806.
2019-03-26 11:49:33 +10:00
teor
b76ae3898d
Merge branch 'ticket29806_035_squashed_merged' into ticket29806_040_squashed_merged 2019-03-26 11:48:52 +10:00
Nick Mathewson
ddb31dd583 Rename one case of c_type to c_ptr_type. 2019-03-25 16:35:34 -04:00
Nick Mathewson
3f0bfe1d29 Rename DISPATCH_DEFINE_TYPE() to DISPATCH_REGISTER_TYPE()
Also fix a grammar error in a comment.
2019-03-25 16:35:34 -04:00
Nick Mathewson
28fd4996ac Various documentation notes and tweaks for pubsub 2019-03-25 16:35:34 -04:00
Nick Mathewson
a8ca464cee Log warning messages _before_ exiting because of earlier dcfg failure
This helps diagnostics.
2019-03-25 16:35:34 -04:00
Nick Mathewson
47de9c7b0a Use actual pointers in dispatch_cfg.c.
Previously, I had used integers encoded as pointers.  This
introduced a flaw: NULL represented both the integer zero, and the
absence of a setting.  This in turn made the checks in
cfg_msg_set_{type,chan}() not actually check for an altered value if
the previous value had been set to zero.

Also, I had previously kept a pointer to a dispatch_fypefns_t rather
than making a copy of it.  This meant that if the dispatch_typefns_t
were changed between defining the typefns and creating the
dispatcher, we'd get the modified version.

Found while investigating coverage in pubsub_add_{pub,sub}_()
2019-03-25 16:35:34 -04:00
Nick Mathewson
8d70f21717 Add a test for pubsub_items_clear_bindings() 2019-03-25 16:35:34 -04:00
Nick Mathewson
b11b4b7bb7 Add test for dispatch_send() fast path. 2019-03-25 16:35:34 -04:00
Nick Mathewson
ab6ddc7a33 practracker: split shutdown code out of main.c
This is necessary to get the number of includes in main.c back under
control.  (In the future, we could just use the subsystem manager for
this kind of stuff.)
2019-03-25 16:35:34 -04:00
Nick Mathewson
4bdff5e3e9 practracker compliance: split lint_message into more logical parts 2019-03-25 16:35:34 -04:00
Nick Mathewson
d976cda49f pubsub: add test for items_out in builder_finalize() 2019-03-25 16:35:34 -04:00
Nick Mathewson
3552cd69bd coverage: Exclude lines in pubsub_pub that can only be reached on bug 2019-03-25 16:35:34 -04:00
Nick Mathewson
2e7f80d5f4 pubsub_check.c: Stop accepting NULL prefix, which we never send.
(Our code to handle it was broken, too)
2019-03-25 16:35:34 -04:00
Nick Mathewson
c40bcab85d dispatch: Test behavior of formatting type with no set fmt function. 2019-03-25 16:35:34 -04:00
Nick Mathewson
f74301f8fd Unit test for namemap_fmt_name() 2019-03-25 16:35:34 -04:00
Nick Mathewson
9fb511526a pubsub test: add a test to make sure typefns can't be changed. 2019-03-25 16:35:34 -04:00
Nick Mathewson
beedadbeac Try a different approach to making publish function seem used.
We want the DISPATCH_ADD_PUB() macro to count as making a
DECLARE_PUBLISH() invocation "used", so let's try a new approach
that preserves that idea.  The old one apparently did not work for
some versions of osx clang.
2019-03-25 16:35:34 -04:00
Nick Mathewson
94feec59cf move pubsub_connector_t typedef to pubsub_connect.h 2019-03-25 16:35:34 -04:00
Nick Mathewson
22ad8658cd Correct doxygen @file directives 2019-03-25 16:35:34 -04:00
Nick Mathewson
3d6bf7b36e Document several issues found by Taylor 2019-03-25 16:35:34 -04:00
Nick Mathewson
b4f28b9df8 pubsub: install libevent events separately from the_dispatcher.
Also, add documentation, and fix a free-on-error bug.
2019-03-25 16:35:34 -04:00
Nick Mathewson
6d1abd37e2 Connect the mainloop pubsub dispatcher on startup; free it on shutdown. 2019-03-25 16:35:33 -04:00
Nick Mathewson
02e0a39d39 Add msgtypes.h include to pubsub_build.h
(The header won't compile without it.)
2019-03-25 16:35:33 -04:00
Nick Mathewson
bdeaf7d4b2 Code to manage publish/subscribe setup via subsystem interface.
This commit has the necessary logic to run the publish/subscribe
system from the mainloop, and to initialize it on startup and tear
it down later.
2019-03-25 16:35:33 -04:00
Nick Mathewson
24df14eb09 Pubsub: macros for ease-of-use and typesafety. 2019-03-25 16:35:33 -04:00
Nick Mathewson
a7681525ab Add function to clear publish bindings.
When we clean up, we'd like to clear all the bindings that refer to
a dispatch_t, so that they don't have dangling pointers to it.
2019-03-25 16:35:33 -04:00
Nick Mathewson
271a671822 pubsub: relationship checking functionality
This code tries to prevent a large number of possible errors by
enforcing different restrictions on the messages that different
modules publish and subscribe to.

Some of these rules are probably too strict, and some too lax: we
should feel free to change them as needed as we move forward and
learn more.
2019-03-25 16:35:33 -04:00
Nick Mathewson
9e60482b80 Pubsub: an OO layer on top of lib/dispatch
This "publish/subscribe" layer sits on top of lib/dispatch, and
tries to provide more type-safety and cross-checking for the
lower-level layer.

Even with this commit, we're still not done: more checking will come
in the next commit, and a set of usability/typesafety macros will
come after.
2019-03-25 16:35:33 -04:00
Nick Mathewson
24b945f713 Debug logs to record all messages sent and delivered. 2019-03-25 16:35:33 -04:00
Nick Mathewson
f5683d90be Add a naming system for IDs in dispatch. 2019-03-25 16:35:33 -04:00
Nick Mathewson
e4d3098d4d Low-level dispatch module for publish-subscribe mechanism
This module implements a way to send messages from one module to
another, with associated data types.  It does not yet do anything to
ensure that messages are correct, that types match, or that other
forms of consistency are preserved.
2019-03-25 16:35:33 -04:00
Nick Mathewson
a62ac17198 Add a new inline function to check whether debug logging is on
We already do this in our log_debug() macro, but there are times
when we'd like to avoid allocating or precomputing something that we
are only going to log if debugging is on.
2019-03-25 16:35:33 -04:00
Nick Mathewson
253fea84cf Add a smartlist_grow() function to expand a smartlist
Tests included.
2019-03-25 16:35:33 -04:00
Nick Mathewson
56bda7464f Add a macro for the fairly common "eat next semicolon" syntax trick
You use this when you're defining a macro to be used at file scope,
and you want to require a semicolon afterwards.
2019-03-25 16:35:33 -04:00
Nick Mathewson
0944500a8e Add MESG as a new log domain. 2019-03-25 16:35:33 -04:00
Nick Mathewson
dfd7a7f5b6 Add a type to map names to short identifiers
We'll be using this for four kinds of identifier in dispatch.c
2019-03-25 16:35:33 -04:00
Nick Mathewson
61cebb2035 Minimize the includes in control.c 2019-03-25 14:14:56 -04:00
Nick Mathewson
2917ecaa97 Split command-handling and authentication from control.c 2019-03-25 14:06:56 -04:00
Nick Mathewson
4754e9058b Split getinfo handling into a new control_getinfo.c 2019-03-25 12:49:24 -04:00
Nick Mathewson
a49f506e05 Split all controller events code into a new control_events.c
Also, split the formatting code shared by control.c and
control_events.c into controller_fmt.c.
2019-03-25 12:11:59 -04:00
rl1987
68260e85b5 Move sizeof check to torint.h 2019-03-25 10:17:30 +02:00
Taylor Yu
5d2f5e482e
Correctly report PT vs proxy during bootstrap
Previously, or_connection_t did not record whether or not the
connection uses a pluggable transport. Instead, it stored the
underlying proxy protocol of the pluggable transport in
proxy_type. This made bootstrap reporting treat pluggable transport
connections as plain proxy connections.

Store a separate bit indicating whether a pluggable transport is in
use, and decode this during bootstrap reporting.

Fixes bug 28925; bugfix on 0.4.0.1-alpha.
2019-03-25 14:13:45 +10:00
teor
d4d541c53c
Merge remote-tracking branch 'tor-github/pr/785' 2019-03-25 14:01:20 +10:00
Alexander Færøy
4be522b2e6 Pass NULL to lpApplicationName in CreateProcessA().
When NULL is given to lpApplicationName we enable Windows' "magical"
path interpretation logic, which makes Tor 0.4.x behave in the same way
as previous Tor versions did when it comes to executing binaries in
different system paths.

For more information about this have a look at the CreateProcessA()
documentation on MSDN -- especially the string interpretation example is
useful to understand this issue.

This bug was introduced in commit bfb94dd2ca.

See: https://bugs.torproject.org/29874
2019-03-25 03:10:37 +01:00
rl1987
f09205ef53 Refactor test_utils_general() to fix Coverity warnings 2019-03-24 10:10:52 +02:00
Nick Mathewson
8bc3ac6a84 Bump to 0.4.0.3-alpha-dev 2019-03-23 08:44:36 -04:00
Nick Mathewson
22e72eeaa7 Merge branch 'maint-0.4.0' 2019-03-22 11:17:10 -04:00
Nick Mathewson
4b79b43e3e Merge branch 'bug29693_040_radical_squashed' into maint-0.4.0 2019-03-22 11:17:01 -04:00
George Kadianakis
a5df9402b6 prob-distr: Decrease false positive rate of stochastic tests. 2019-03-22 11:16:30 -04:00
rl1987
7b30f8dc8c Write missing function comments 2019-03-22 13:04:06 +02:00
rl1987
13b28063f9 Compile time check for being able to fit {unsigned} int inside void pointer 2019-03-22 12:57:58 +02:00
teor
f7688cb179
test: Backport the 0.3.4 src/test/test-network.sh to 0.2.9
We need a recent test-network.sh to use new chutney features in CI.

Fixes bug 29703; bugfix on 0.2.9.1-alpha.
2019-03-22 13:20:23 +10:00
teor
15900ab70f
Merge remote-tracking branch 'tor-github/pr/819' 2019-03-22 13:10:47 +10:00
George Kadianakis
5729160253
circpad: Rename circpad_machine_state_t to circpad_machine_runtime_t.
The name of circpad_machine_state_t was very confusing since it was conflicting
with circpad_state_t and circpad_circuit_state_t.

Right now here is the current meaning of these structs:

      circpad_state_t -> A state of the state machine.
      circpad_machine_runtime_t -> The current mutable runtime info of the state machine.
      circpad_circuit_state_t -> Circuit conditions based on which we should apply a machine to the circuit
2019-03-22 09:23:05 +10:00
George Kadianakis
846d379b50
circpad/prob_distr: Use crypto_fast_rng() instead of the old RNG. 2019-03-22 09:22:54 +10:00
Nick Mathewson
ebc7556dd0 Bump version to 0.4.0.3-alpha 2019-03-21 09:36:19 -04:00
teor
091f8688b8
test/dir: add an extra argument to dirserv_read_measured_bandwidths()
Part of 29806.
2019-03-21 12:56:28 +10:00
teor
3adb689fbc
Merge branch 'ticket29806_034_squashed' into ticket29806_035_squashed_merged
Copy and paste the vote=0 code from the old src/or/dirserv.c
to the new src/feature/dirauth/bwauth.c.
2019-03-21 12:04:30 +10:00
juga0
4ab2e9a599
bwauth: Ignore bandwidth file lines with "vote=0"
so that the relays that would be "excluded" from the bandwidth
file because of something failed can be included to diagnose what
failed, without still including these relays in the bandwidth
authorities vote.

Closes #29806.
2019-03-21 12:00:45 +10:00
George Kadianakis
bc64fb4e33
circpad: Don't pad if Tor is in dormant mode.
This is something we should think about harder, but we probably want dormant
mode to be more powerful than padding in case a client has been inactive for a
day or so. After all, there are probably no circuits open at this point and
dormant mode will not allow the client to open more circuits.

Furthermore, padding should not block dormant mode from being activated, since
dormant mode relies on SocksPort activity, and circuit padding does not mess
with that.
2019-03-21 10:29:04 +10:00
rl1987
72e0dc0822 Check roundtrip for each bit of {unsigned} int values 2019-03-20 19:06:40 +02:00
rl1987
280109473f Check more values of int 2019-03-20 19:00:03 +02:00
rl1987
0bc9ed9d38 Move casts to separate C file to prevent compiler from optimising them away 2019-03-20 18:54:11 +02:00
teor
41cd05562f
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-03-20 09:48:03 +10:00
teor
6bf9078ceb
Merge remote-tracking branch 'tor-github/pr/798' into maint-0.3.5 2019-03-20 09:47:31 +10:00
teor
db2ac3b9fe
Merge remote-tracking branch 'tor-github/pr/774' into maint-0.2.9 2019-03-20 09:46:10 +10:00
Nick Mathewson
a80131765a Merge branch 'maint-0.4.0' 2019-03-19 09:32:24 -04:00
teor
17e3eea685
Merge remote-tracking branch 'tor-github/pr/727' into maint-0.3.5 2019-03-19 15:43:05 +10:00
teor
af21d126e6
Merge branch 'bug29706_035_minimal_merge' into bug29706_040_minimal_merge
Comment merge.
2019-03-18 11:30:37 +10:00
teor
55865a2c9c
Merge branch 'bug29706_034_minimal_merge' into bug29706_035_minimal_merge 2019-03-18 11:29:20 +10:00
teor
aec6ee201b
test/sr: update sr_state_free() to sr_state_free_all() in a comment 2019-03-18 11:28:34 +10:00
teor
1d0146e2a2
Merge branch 'bug29706_029_minimal' into bug29706_034_minimal_merge 2019-03-18 11:27:59 +10:00
teor
c44ad396f8
test/sr: Clear SRVs after init, and before setup
Already merged to 0.4.0 and later in tor-github/pr/776.
Backported to 0.2.9 and later with minor comment changes.

Part of 29706.
2019-03-18 11:12:25 +10:00
Nick Mathewson
677384e276 Merge branch 'maint-0.4.0' 2019-03-15 08:59:30 -04:00
Nick Mathewson
1547fd99a6 Merge branch 'bug28656_035_squashed' into maint-0.4.0 2019-03-15 08:59:19 -04:00
teor
532f4c9103 Stop logging a BUG() warning when tor is waiting for exit descriptors
Fixes bug 28656; bugfix on 0.3.5.1-alpha.
2019-03-15 08:57:28 -04:00
Nick Mathewson
1cffacdaf5 Merge branch 'maint-0.4.0' 2019-03-15 08:54:39 -04:00
Nick Mathewson
560ba98dd7 Merge remote-tracking branch 'tor-github/pr/776' into maint-0.4.0 2019-03-15 08:54:30 -04:00
Nick Mathewson
af56dece09 Merge branch 'maint-0.4.0' 2019-03-15 08:53:03 -04:00
Nick Mathewson
94523bffdc Merge remote-tracking branch 'tor-github/pr/791' into maint-0.4.0 2019-03-15 08:52:50 -04:00
David Goulet
aee65084b4 circ: Remove n_mux and p_mux members
They are simply not used apart from assigning a pointer and asserting on the
pointer depending on the cell direction.

Closes #29196.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-03-14 23:54:05 -04:00
Roger Dingledine
a3bc950e42 relays shouldn't close idle rend circuits
Allow connections to single onion services to remain idle without being
disconnected.

Relays acting as rendezvous points for single onion services were
mistakenly closing idle established rendezvous circuits after 60 seconds,
thinking that they are unused directory-fetching circuits that had served
their purpose.

Fixes bug 29665; bugfix on 0.2.1.26.
2019-03-14 12:54:16 +02:00
Roger Dingledine
add0f89c14 relays shouldn't close idle rend circuits
Allow connections to single onion services to remain idle without being
disconnected.

Relays acting as rendezvous points for single onion services were
mistakenly closing idle established rendezvous circuits after 60 seconds,
thinking that they are unused directory-fetching circuits that had served
their purpose.

Fixes bug 29665; bugfix on 0.2.1.26.
2019-03-14 12:53:33 +02:00
teor
f3b17a6b26
Merge remote-tracking branch 'tor-github/pr/795' into maint-0.3.4 2019-03-14 06:56:09 +10:00
teor
c03b1b3f08
Merge remote-tracking branch 'tor-github/pr/794' into maint-0.3.4 2019-03-14 06:55:57 +10:00
teor
66f944f79b
Merge branch 'bug28096-029-squashed' into bug28096-034-squashed
Merge the new code, and preserve the #else macro comment from 0.3.4.
2019-03-14 06:53:17 +10:00
teor
2840580cf2
Merge remote-tracking branch 'nickm/bug27073_029' into bug27073_034
Replace == with OP_EQ in test macros.
2019-03-14 06:47:32 +10:00
teor
5606cfae47
Merge remote-tracking branch 'tor-github/pr/771' into maint-0.3.4 2019-03-14 06:41:14 +10:00
teor
8bd9b2a6a0
Merge remote-tracking branch 'tor-github/pr/770' into maint-0.2.9 2019-03-14 06:37:50 +10:00
teor
90301247fd
Merge remote-tracking branch 'tor-github/pr/765' into maint-0.2.9 2019-03-14 06:37:17 +10:00
teor
530304dd77
Merge remote-tracking branch 'tor-github/pr/746' into maint-0.2.9 2019-03-14 06:36:47 +10:00
teor
eaa84234c9
Merge remote-tracking branch 'tor-github/pr/510' into maint-0.2.9 2019-03-14 06:36:11 +10:00
teor
9daae1b302
Merge remote-tracking branch 'tor-github/pr/331' into maint-0.2.9 2019-03-14 06:35:05 +10:00
George Kadianakis
fe78ba855a prob_distr: Better document our public API. 2019-03-13 17:51:19 +02:00
George Kadianakis
8d9f81bc9c prob_distr: Implement type-safe downcasting functions. 2019-03-13 17:51:19 +02:00
Nick Mathewson
cab93930de Merge branch 'pr_722_squashed' 2019-03-13 10:37:37 -04:00
George Kadianakis
a71999462b Fix test prob distr parameters that caused warnings.
They were causing the following warnings in circuitpadding/circuitpadding_sample_distribution:

     src/lib/math/prob_distr.c:1311:17: runtime error: division by zero
     SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/lib/math/prob_distr.c:1311:17 in
     src/lib/math/prob_distr.c:1219:49: runtime error: division by zero
     SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/lib/math/prob_distr.c:1219:49 in

because the distributions were called with erroneous parameters (e.g. geometric
distribution with p=0).

We now defined these test probability distributions with more realistic
parameters.

As far as the circuitpadding_sample_distribution() test is concerned, it
doesn't matter if the distributions return values outside of [0,10] since we
already restrict the values into that interval using min=0 and max=10 (and RTT
estimate is disabled).
2019-03-13 10:36:26 -04:00
Nick Mathewson
58fd864a85 Merge remote-tracking branch 'tor-github/pr/705' 2019-03-13 09:36:47 -04:00
George Kadianakis
cdaff26f91 circpad: Machines MUST have strictly increasing histogram edges.
Add a basic validation function for the histograms. It can be a building block
for the future
2019-03-13 13:35:52 +02:00
George Kadianakis
32c821c47b circpad: Documentation improvements after Nick's review. 2019-03-13 13:22:17 +02:00
teor
a9c3101e21 test/sr: Clear SRVs after init, and before setup
Part of 29706.
2019-03-13 15:29:46 +10:00
Nick Mathewson
065b74fa36 Fix all nonconformant headers' guard macros. 2019-03-12 15:20:22 -04:00
George Kadianakis
18a4f535d3 Merge branch 'maint-0.4.0' 2019-03-12 18:11:53 +02:00
George Kadianakis
0ce32affc2 Merge branch 'tor-github/pr/763' into maint-0.4.0 2019-03-12 18:11:35 +02:00
Nick Mathewson
61adcb22c5 Merge branch 'bug23576-041-rebased-squashed' 2019-03-12 11:10:01 -04:00
teor
680b2afd84 hs: abolish hs_desc_link_specifier_dup()
The previous commits introduced link_specifier_dup(), which is
implemented using trunnel's opaque interfaces. So we can now
remove hs_desc_link_specifier_dup().

Cleanup after bug 22781.
2019-03-12 11:09:53 -04:00
teor
257cea8876 test/hs: minor hs test fixes
Cleanup some bugs discovered during 23576:

* stop copying the first 20 characters of a 40-character hex string
  to a binary fingerprint
* stop putting IPv6 addresses in a variable called "ipv4"
* explain why we do a duplicate tt_int_op() to deliberately fail and
  print a value

Fixes bug 29243; bugfix on 0.3.2.1-alpha.
2019-03-12 11:09:53 -04:00
teor
bb98bc8562 hs: abolish hs_desc_link_specifier_t
The previous commits for 23576 confused hs_desc_link_specifier_t
and link_specifier_t. Removing hs_desc_link_specifier_t fixes this
confusion.

Fixes bug 22781; bugfix on 0.3.2.1-alpha.
2019-03-12 11:09:53 -04:00
Nick Mathewson
c01c6123fa Merge remote-tracking branch 'tor-github/pr/779' 2019-03-12 11:05:27 -04:00
Nick Mathewson
1c9b629284 Merge branch 'maint-0.4.0' 2019-03-12 11:03:47 -04:00
Nick Mathewson
9c9214f2c9 Merge remote-tracking branch 'tor-github/pr/776' into maint-0.4.0 2019-03-12 11:03:37 -04:00
rl1987
e52653e01a USe uintptr_t for unsigned ints 2019-03-12 12:14:22 +02:00
rl1987
052ec08a08 Refrain from doing exhaustive iteration over all values of integers 2019-03-12 12:01:26 +02:00
teor
dfc3e552a3
test/sr: update sr_state_free() to sr_state_free_all()
The function name changed between 0.2.9 and 0.3.4.
2019-03-12 11:34:52 +10:00
teor
c7854933e9
Merge branch bug29706_029_refactor into bug29706_034_refactor 2019-03-12 11:31:52 +10:00
teor
9eeff921ae sr: BUG() on NULL sr_state before doing a state_query_*()
Part of #29706.
2019-03-12 11:14:30 +10:00
teor
0cca554110 sr: Check for replacing a SRV pointer with the same pointer
Check if the new pointer is the same as the old one: if it is, it's
probably a bug:
* the caller may have confused current and previous, or
* they may have forgotten to sr_srv_dup().

Putting NULL multiple times is allowed.

Part of 29706.
2019-03-12 11:14:30 +10:00
Nick Mathewson
733afb52a8 Merge branch 'maint-0.4.0' 2019-03-11 09:45:48 -04:00
Nick Mathewson
a9c84bfd35 Merge remote-tracking branch 'tor-github/pr/756' into maint-0.4.0 2019-03-11 09:45:31 -04:00
rl1987
4773fa6474 Revert "Walk back from requiring bash"
This reverts commit c346eff223.
2019-03-10 18:16:58 +02:00
teor
593fde930f sr: rename srv_dup() to sr_srv_dup() 2019-03-09 12:03:12 +10:00
teor
26e6f56023 sr: Free SRVs before replacing them in state_query_put_()
Refactor the shared random state's memory management so that it actually
takes ownership of the shared random value pointers.

Fixes bug 29706; bugfix on 0.2.9.1-alpha.
2019-03-09 12:03:00 +10:00
teor
9400da9b5e test/sr: Free SRVs before replacing them in test_sr_setup_srv()
Stop leaking parts of the shared random state in the shared-random unit
tests. The previous fix in 29599 was incomplete.

Fixes bug 29706; bugfix on 0.2.9.1-alpha.
2019-03-09 11:59:52 +10:00
Nick Mathewson
c40d53ab39 Merge branch 'pr_719_squashed_040' into maint-0.4.0 2019-03-08 10:25:43 -05:00
Mike Perry
ff410edec0 Bug 29204: Inspect circuit queues before sending padding.
Mitigates OOM conditions at relays.
2019-03-08 10:25:28 -05:00
Nick Mathewson
e47e60c12e Merge branch 'pr_719_squashed' 2019-03-08 10:24:00 -05:00
Mike Perry
cd67911033 Bug 29204: Inspect circuit queues before sending padding.
Mitigates OOM conditions at relays.
2019-03-08 10:23:47 -05:00
David Goulet
b4e44a371f hs-v2: Copy needed information between service on prunning
Turns out that when reloading a tor configured with hidden service(s), we
weren't copying all the needed information between the old service object to
the new one.

For instance, the desc_is_dirty timestamp wasn't which could lead to the
service uploading its descriptor much later than it would need to.

The replaycache wasn't also moved over and some intro point information as
well.

Fixes #23790

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-03-08 09:59:04 -05:00
teor
e91b999cf2
Merge branch 'bug23512-v4-029-fixes-keep-typedef' into bug23512-v4-034-fixes 2019-03-08 19:37:18 +10:00
teor
08ddf1f62b
Merge remote-tracking branch 'bug28525_029' into maint-0.3.5 2019-03-08 12:33:00 +10:00
Neel Chauhan
63b4049114
Make tor_addr_is_internal_() RFC6598 (Carrier Grade NAT) aware
Fixes 28525.
2019-03-08 12:19:12 +10:00
Nick Mathewson
d3fc9aef93 Merge branch 'maint-0.4.0' 2019-03-07 08:57:02 -05:00
Nick Mathewson
3af943dcd1 Merge remote-tracking branch 'tor-github/pr/745' into maint-0.4.0 2019-03-07 08:56:35 -05:00
Nick Mathewson
918bda25ad Merge branch 'maint-0.4.0' 2019-03-06 14:29:48 -05:00
Nick Mathewson
9b4ecbaa7d Merge branch 'maint-0.3.5' into maint-0.4.0 2019-03-06 14:29:43 -05:00
Nick Mathewson
d6f77b99da Merge branch 'maint-0.3.4' into maint-0.3.5 2019-03-06 14:29:38 -05:00
Nick Mathewson
155b0f5521 Merge branch 'maint-0.3.3' into maint-0.3.4 2019-03-06 14:29:33 -05:00
Nick Mathewson
0c9cd7c487 Merge branch 'maint-0.2.9' into maint-0.3.3 2019-03-06 14:29:29 -05:00
Karsten Loesing
2e74edb53e Update geoip and geoip6 to the March 4 2019 database. 2019-03-06 11:45:27 +01:00
Nick Mathewson
f1890707cc Merge branch 'maint-0.4.0' 2019-03-05 13:00:07 -05:00
David Goulet
a999cb43df protover: Add missing Padding to translate_to_rust
This commit also explicitly set the value of the PRT enum so we can match/pin
the C enum values to the Rust one in protover/ffi.rs.

Fixes #29631

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-03-05 12:33:43 -05:00
Nick Mathewson
d24acc008d Merge remote-tracking branch 'tor-github/pr/759' 2019-03-05 12:01:28 -05:00
Nick Mathewson
72751f0c30 Merge remote-tracking branch 'tor-github/pr/680' 2019-03-05 11:53:31 -05:00
rl1987
b6813845cf Also add tor_assertf_nonfatal() 2019-03-05 16:46:40 +02:00
rl1987
f236c9e7f9 Introduce tor_assertf() to allow logging extra error message on assert failure
With format string support!
2019-03-05 16:46:40 +02:00
David Fifield
4578c3eb21 Set TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports too.
Closes #25614.
2019-03-05 15:24:31 +01:00
George Kadianakis
c5da1f1cd5 Merge branch 'tor-github/pr/723' 2019-03-04 18:55:28 +02:00
George Kadianakis
fe2552ad65 Merge branch 'tor-github/pr/739' 2019-03-04 18:52:19 +02:00
teor
f186f21a4e
doc: Fix an incorrect comment about calling FreeLibrary() on Windows
There's an incorrect comment in compat_time.c that suggests we call
FreeLibrary() before we're done using the library's functions.
See 29642 for background.

Closes ticket 29643.
2019-03-04 11:29:15 +10:00
teor
e52d725977
doc: Improve the monotonic time module and function documentation
Explain what "monotonic" actually means, and document some results that
have surprised people.

Fixes bug 29640; bugfix on 0.2.9.1-alpha.
2019-03-04 11:25:14 +10:00
rl1987
5d53862139 Split crypto_digest.c
* Move out code that depends on NSS to crypto_digest_nss.c
* Move out code that depends on OpenSSL to crypto_digest_openssl.c
* Keep the general code that is not specific to any of the above in
  crypto_digest.c
2019-03-02 20:07:05 +02:00
David Goulet
13e93bdfd5 Merge branch 'tor-github/pr/718' 2019-03-01 09:36:23 -05:00
Nick Mathewson
cb0d403049 Merge remote-tracking branch 'tor-github/pr/677' 2019-03-01 08:22:43 -05:00
Nick Mathewson
64f594499a Document crypto_fast_rng_one_in_n. 2019-03-01 08:20:54 -05:00
teor
7786198eef
Merge remote-tracking branch 'tor-github/pr/749' into maint-0.2.9 2019-03-01 14:15:00 +10:00
teor
c1ab538479
Merge remote-tracking branch 'tor-github/pr/748' into maint-0.2.9 2019-03-01 14:14:51 +10:00
teor
ecbc2e80a0
Merge remote-tracking branch 'tor-github/pr/747' into maint-0.2.9 2019-03-01 14:14:26 +10:00
Mike Perry
e8d84b18aa
Bug 25733: Avoid assert failure if all circuits time out.
Prior to #23100, we were not counting HS circuit build times in our
calculation of the timeout. This could lead to a condition where our timeout
was set too low, based on non HS circuit build times, and then we would
abandon all HS circuits, storing no valid timeouts in the histogram.

This commit avoids the assert.
2019-03-01 13:48:01 +10:00
Kris Katterjohn
389ee834b6
Log the correct "auto" port number for listening sockets
When "auto" was used for the port number for a listening socket, the
message logged after opening the socket would incorrectly say port 0
instead of the actual port used.

Fixes bug 29144; bugfix on 0.3.5.1-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-03-01 12:34:21 +10:00
Nick Mathewson
d5f6137547 Merge branch 'maint-0.4.0' 2019-02-28 11:22:06 -05:00
Nick Mathewson
dc19d65c3b Merge remote-tracking branch 'tor-github/pr/728' into maint-0.4.0 2019-02-28 11:20:26 -05:00
teor
9b7cdd23de
doc: update the man page and sample torrc for ExitRelay
We changed the default of ExitRelay in #21530 in 0.3.5.1-alpha, but
forgot to update the documentation.

Closes 29612.
2019-02-28 11:22:20 +10:00
teor
de0969ef78
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-28 10:49:33 +10:00
teor
6a61a020ee
Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-28 10:49:19 +10:00
teor
be29dfedd9
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-28 10:45:59 +10:00
teor
524731503e
Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-28 10:45:44 +10:00
teor
3313444ef0
Merge branch 'maint-0.2.9' into maint-0.3.3 2019-02-28 10:45:30 +10:00
Neel Chauhan
c142e3d1e6 Set CIRCLAUNCH_NEED_UPTIME in rend_service_relaunch_rendezvous() on a hs_service_requires_uptime_circ() 2019-02-27 17:37:10 -05:00
Nick Mathewson
761eb4cf79 Merge branch 'maint-0.4.0' 2019-02-27 09:59:42 -05:00
Nick Mathewson
56f01e58b4 Merge remote-tracking branch 'tor-github/pr/731' into maint-0.4.0 2019-02-27 09:59:33 -05:00
teor
d4b7975ce7 test/shared-random: use sr_state_free_all() rather than sr_state_free()
sr_state_free() was renamed to sr_state_free_all() between 0.2.9 and 0.3.3.

Part of 29599.
2019-02-27 15:06:53 +10:00
teor
64e082e892 Merge branch 'bug29599_029' into bug29599_033 2019-02-27 15:06:39 +10:00
teor
4d9eb4dd0e test/shared-random: Stop leaking shared random state in the unit tests
Stop leaking parts of the shared random state in the shared-random unit
tests.

Fixes bug 29599; bugfix on 0.2.9.1-alpha.
2019-02-27 15:04:40 +10:00
teor
15dc33849e
Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-27 09:38:04 +10:00
teor
1a194beb2c
Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-27 09:37:50 +10:00
teor
6c966b894c
Merge branch 'maint-0.2.9' into maint-0.3.3 2019-02-27 09:37:36 +10:00
David Goulet
b402a0887f Merge branch 'tor-github/pr/655' 2019-02-26 11:30:44 -05:00
David Goulet
2a44ee9b8c Merge branch 'maint-0.4.0' 2019-02-26 11:25:16 -05:00
David Goulet
a5dd41b9af Merge branch 'tor-github/pr/638' into maint-0.4.0 2019-02-26 11:24:43 -05:00
Alexander Færøy
aa360b255b Fix crash bug in PT subsystem.
This patch fixes a crash bug (assertion failure) in the PT subsystem
that could get triggered if the user cancels bootstrap via the UI in
TorBrowser. This would cause Tor to call `managed_proxy_destroy()` which
called `process_free()` after it had called `process_terminate()`. This
leads to a crash when the various process callbacks returns with data
after the `process_t` have been freed using `process_free()`.

We solve this issue by ensuring that everywhere we call
`process_terminate()` we make sure to detach the `managed_proxy_t` from
the `process_t` (by calling `process_set_data(process, NULL)`) and avoid
calling `process_free()` at all in the transports code. Instead we just
call `process_terminate()` and let the process exit callback in
`managed_proxy_exit_callback()` handle the `process_free()` call by
returning true to the process subsystem.

See: https://bugs.torproject.org/29562
2019-02-26 15:43:09 +01:00
Nick Mathewson
732855c2e5 Merge branch 'maint-0.4.0' 2019-02-26 07:27:50 -05:00
Nick Mathewson
35257a1c69 Merge remote-tracking branch 'tor-github/pr/726' into maint-0.4.0 2019-02-26 07:27:42 -05:00
George Kadianakis
57d33b5786 Merge branch 'tor-github/pr/698' 2019-02-26 12:35:14 +02:00
George Kadianakis
7fbfdf2af7 Merge branch 'tor-github/pr/611' 2019-02-26 12:33:23 +02:00
Nick Mathewson
e138bb8ffc
Downgrade some LOG_ERR messages in the address/* tests to warnings
Fixes bug 29530, where the LOG_ERR messages were occurring when
we had no configured network, and so we were failing the unit tests
because of the recently-merged #28668.

Commit message edited by teor:

We backported 28668 and released it in 0.3.5.8.
This commit backports 29530 to 0.3.5.

Fixes bug 29530 in Tor 0.3.5.8.
2019-02-26 09:53:59 +10:00
Kris Katterjohn
1b9e77349f Fix some error-checking logic and a misleading error message
When IPv4Only (IPv6Only) was used but the address could not be
interpreted as a IPv4 (IPv6) address, the error message referred
to the wrong IP version.

This also fixes up the error-checking logic so it's more precise
about what's being checked.

Fixes bug 13221; bugfix on 0.2.3.9-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-02-25 16:03:42 -06:00
Nick Mathewson
626e6d2c39 Merge remote-tracking branch 'tor-github/pr/684' 2019-02-25 13:33:39 -05:00
rl1987
d731ab4583 Check that all valid values of int and unsigned int can be put into void pointer 2019-02-25 20:04:02 +02:00
Nick Mathewson
065e7da8e6 Re-enable and fix unit test for nofork mappings
This test was previously written to use the contents of the system
headers to decide whether INHERIT_NONE or INHERIT_ZERO was going to
work.  But that won't work across different environments, such as
(for example) when the kernel doesn't match the headers.  Instead,
we add a testing-only feature to the code to track which of these
options actually worked, and verify that it behaved as we expected.

Closes ticket 29541; bugfix not on any released version of Tor.
2019-02-25 08:55:25 -05:00
George Kadianakis
18de065cbb Switch an int32_t bin to a circpad_hist_index_t. 2019-02-25 14:01:55 +02:00
George Kadianakis
71c11d7306 document picking infinity bin 2019-02-25 13:59:18 +02:00
George Kadianakis
331a067ae3 Fix dist_min_usec documentation and naming. 2019-02-25 13:46:58 +02:00
George Kadianakis
341cd6ea66 histogram_edges is histogram_len long 2019-02-25 13:28:35 +02:00
Nick Mathewson
69238ca2da Merge remote-tracking branch 'tor-github/pr/646' 2019-02-24 17:17:16 -05:00
Nick Mathewson
34601105a3 Merge branch 'ticket29065_squashed' 2019-02-24 17:02:35 -05:00
rl1987
b7dced893a Fix shellcheck SC2006 warnings in test_switch_id.sh 2019-02-24 17:02:06 -05:00
Neel Chauhan
df8ad64735 When a DirAuth checks reachability on itself and has IPv6, mark it as reachable 2019-02-22 13:36:02 -05:00
George Kadianakis
f229a33685 Merge remote-tracking branch 'nickm/thread_rng' 2019-02-22 16:07:57 +02:00
rl1987
c346eff223 Walk back from requiring bash
Refrain from using bash array to remember $@.
2019-02-21 21:09:40 +02:00
Nick Mathewson
1bff5646e6 Bump to 0.4.0.2-alpha-dev 2019-02-21 13:25:33 -05:00
Nick Mathewson
955ca72f95 Bump to 0.3.5.8-dev 2019-02-21 13:24:42 -05:00
Nick Mathewson
a56b9501f1 Bump to 0.3.4.11-dev 2019-02-21 13:23:46 -05:00
Nick Mathewson
fb309f6eba Bump to 0.3.3.12-dev 2019-02-21 13:22:56 -05:00
Nick Mathewson
00a93b19cf Merge branch 'maint-0.3.5' into maint-0.4.0 2019-02-21 10:08:14 -05:00
Nick Mathewson
4a8a1f76ea Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-21 10:08:14 -05:00
Nick Mathewson
5062647918 Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-21 10:08:14 -05:00
Nick Mathewson
54e42fe364 Merge branch 'maint-0.4.0' 2019-02-21 10:08:14 -05:00
David Goulet
be84ed1a64 kist: Don't write above the highwater outbuf mark
KIST works by computing how much should be allowed to write to the kernel for
a given socket, and then it writes that amount to the outbuf.

The problem is that it could be possible that the outbuf already has lots of
data in it from a previous scheduling round (because the kernel is full/busy
and Tor was not able to flush the outbuf yet). KIST ignores that the outbuf
has been filling (is above its "highwater") and writes more anyway. The end
result is that the outbuf length would exceed INT_MAX, hence causing an
assertion error and a corresponding "Bug()" message to get printed to the
logs.

This commit makes it for KIST to take into account the outbuf length when
computing the available space.

Bug found and patch by Rob Jansen.

Closes #29168. TROVE-2019-001.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-02-21 10:07:34 -05:00
Nick Mathewson
df3484b2b0 Bump version to 0.4.0.2-alpha 2019-02-21 09:52:27 -05:00
Nick Mathewson
c663716b67 Bump to 0.3.5.8 2019-02-21 09:51:29 -05:00
Nick Mathewson
508002a4c2 Bump to 0.3.4.11 2019-02-21 09:50:22 -05:00
Nick Mathewson
41c2bf590b Update to 0.3.3.12 2019-02-21 09:49:48 -05:00
Nick Mathewson
aa79196ee0 Merge branch 'maint-0.4.0' 2019-02-21 09:10:34 -05:00
Nick Mathewson
34183f0d71 Fix a goofy change from abcde10fce that broke test-slow linking
boklm tracked this down, and it doesn't make sense.  It caused

This change goes back to the previous LDFLAGS line.
2019-02-21 09:10:15 -05:00
Nick Mathewson
b3416476b4 Remove all uses of weak_rng.
I'm not removing the weak_rng code itself yet, since it is possible
that we will want to revert one of these.
2019-02-20 12:24:34 -05:00
Nick Mathewson
97b9dfe305 Add a convenience macro to get a fast one-in-n calculation 2019-02-20 12:21:05 -05:00
David Goulet
da179088ee Merge branch 'tor-github/pr/687' 2019-02-20 12:09:02 -05:00
David Goulet
7037fe1163 Merge branch 'tor-github/pr/700' 2019-02-20 12:06:39 -05:00
rl1987
b7ad8bcaad Use setrlimit instead of ulimit -c in backtrace tests 2019-02-20 12:06:26 -05:00
David Goulet
8f5a3c0460 Merge branch 'tor-github/pr/675' 2019-02-20 11:45:58 -05:00
David Goulet
a30f17f72f Merge branch 'tor-github/pr/696' 2019-02-20 11:29:55 -05:00
Roger Dingledine
c22446e305 Merge branch 'maint-0.4.0' 2019-02-20 10:40:20 -05:00
Roger Dingledine
5ec65be8bf Merge remote-tracking branch 'nickm/ticket29530_040' into maint-0.4.0 2019-02-20 10:39:28 -05:00
Roger Dingledine
4d4eda89a1 Merge branch 'maint-0.4.0' 2019-02-20 10:36:54 -05:00
Roger Dingledine
ccab4347e5 Merge remote-tracking branch 'nickm/ticket29534_040' into maint-0.4.0 2019-02-20 10:35:56 -05:00
Roger Dingledine
249319ec5d fix typos from #28614 2019-02-20 10:32:47 -05:00
Nick Mathewson
208f04e9b8 Add a quick test for get_thread_fast_rng() 2019-02-19 15:36:11 -05:00
Nick Mathewson
b25cd5cfe1 Implement code to manage a per-thread instance of crypto_fast_rng()
The subsystems API makes this really simple, fortunately.

Closes ticket 29536
2019-02-19 15:36:08 -05:00
Nick Mathewson
d32e407976 Downgrade some LOG_ERR messages in the address/* tests to warnings
Fixes bug 29530, where the LOG_ERR messages were occurring when
we had no configured network, and so we were failing the unit tests
because of the recently-merged #28668.

Bug not in any released Tor.
2019-02-19 14:02:32 -05:00
Nick Mathewson
c9ff6a7f83 Mark map_anon_nofork test as skipped in 0.4.0
This test fails in some environments; since the code isn't used in
0.4.0, let's disable it for now.

Band-aid solution for #29534; bug not in any released Tor.
2019-02-19 13:14:26 -05:00
Nick Mathewson
6927e9a60c Merge remote-tracking branch 'tor-github/pr/665' 2019-02-19 11:56:48 -05:00
Nick Mathewson
c3fca4e4b3 Merge branch 'maint-0.4.0' 2019-02-19 11:51:24 -05:00
Nick Mathewson
4df31adef7 Merge remote-tracking branch 'tor-github/pr/704' into maint-0.4.0 2019-02-19 11:51:19 -05:00
Nick Mathewson
f70929347f Merge branch 'maint-0.4.0' 2019-02-19 11:49:24 -05:00
Nick Mathewson
4bc55ed5ee Merge branch 'bug29145_029' into maint-0.4.0 2019-02-19 11:49:20 -05:00
Kris Katterjohn
4417ac880a Fix a compiler warning on OpenBSD
malloc_options needs to be declared extern (and declaring it extern
means we need to initialize it separately)

Fixes bug 29145; bugfix on 0.2.9.3-alpha

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-02-19 11:38:32 -05:00
Nick Mathewson
17e29bda5d Merge branch 'maint-0.4.0' 2019-02-19 11:34:25 -05:00
Nick Mathewson
b5f3a3d6a7 Merge remote-tracking branch 'tor-github/pr/707' into maint-0.4.0 2019-02-19 11:34:21 -05:00
Nick Mathewson
1239e411a7 Merge remote-tracking branch 'tor-github/pr/694' 2019-02-19 11:31:22 -05:00
Nick Mathewson
0db0b4769c Merge remote-tracking branch 'tor-github/pr/678' 2019-02-19 11:30:27 -05:00
Nick Mathewson
8a5c66cbb0 Merge branch 'maint-0.4.0' 2019-02-19 11:27:21 -05:00
Nick Mathewson
26873bc4ed Merge branch 'bug28698_035' into maint-0.4.0 2019-02-19 11:27:18 -05:00
José M. Guisado
78220aae1e Add circuit time check before logging about relaxing circuit time
Signed-off-by: José M. Guisado <guigom@riseup.net>
2019-02-19 11:24:51 -05:00
Nick Mathewson
485803dffe Merge branch 'maint-0.4.0' 2019-02-19 11:21:54 -05:00
Nick Mathewson
5c87add923 Merge remote-tracking branch 'tor-github/pr/701' into maint-0.4.0 2019-02-19 11:21:51 -05:00
teor
6c652eae0a fixup! test_dir: Refactor common code out of the dir_format unit tests 2019-02-20 00:40:18 +10:00
Nick Mathewson
9a158a45b1 Bump to 0.4.1.0-alpha-dev 2019-02-19 09:29:43 -05:00
teor
51f59f213e router: Add some missing #endif comments 2019-02-19 21:54:30 +10:00
teor
0c0f215822 routerkeys: Log failures at info-level in make_tap_onion_key_crosscert() 2019-02-19 21:54:13 +10:00
teor
39ab6c9f73 test_dir: Test descriptor variants
Including:
* relays and bridges,
* no stats, basic stats, and all stats

Part of 29017 and 29018.
2019-02-19 21:54:13 +10:00
teor
38fc52a50e test_dir: Refactor common code out of the dir_format unit tests
Also:
* delete some obsolete code that was #if 0
* improve cleanup on failure
* make the dir_format tests more consistent with each other
* construct the descriptors using smartlist chunks

This refactor is incomplete, because removing the remaining duplicate
code would be time-consuming.

Part of 29017 and 29018.
2019-02-19 21:54:13 +10:00
teor
8e5df40018 test_dir: Test rsa + ed25519 extrainfo creation and parsing
Also fix a missing mock in rsa-only parsing.
2019-02-19 21:44:41 +10:00
teor
7a2c8daded test_dir: Split test_dir_formats into separate rsa and rsa_ed25519 tests 2019-02-19 21:44:40 +10:00
teor
53b49d1a35 test_dir: Unit tests for RSA-only router and extrainfo descriptor creation
Tests 29017 and 29018.
2019-02-19 21:44:40 +10:00
teor
7c9450fb07 test_router: Add comment to explain mocking
Add comment in
test_router_dump_router_to_string_no_bridge_distribution_method to explain
the effect of a mocked function.
2019-02-19 21:43:12 +10:00
teor
a9f852a0f6 router: Document the additional config and state used to dump descriptors
Also, explicitly state when routerinfos and extra-infos are signed.
And tidy up some other comments.

Preparation for testing 29017 and 20918.
2019-02-19 21:43:07 +10:00
teor
a1f8558628 router: Move extrainfo signing into its own function
This refactoring improves the structure of router_build_fresh_descriptor().

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
9cab988696 router: eliminate router_update_info_send_unencrypted()
Remove router_update_info_send_unencrypted(), and move its code into the
relevant functions.

Then, re-use an options pointer.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
af0a43be2c router: eliminate tiny router_build_fresh_descriptor() static functions
Remove some tiny static functions called by router_build_fresh_descriptor(),
and move their code into more relevant functions.

Then, give router_update_{router,extra}info_descriptor_body identical layouts.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
a65c101973 router: check for NULL in router_build_fresh_descriptor() static functions
Make sure that these static functions aren't passed NULL.
If they are, log a BUG() warning, and return an error.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:43 +10:00
teor
f19b64dce9 router: refactor router_build_fresh_descriptor() static function interfaces
Tidy the arguments and return values of these functions, and clean up their
memory management.

Preparation for testing 29017 and 20918.
2019-02-19 21:41:36 +10:00
teor
6c5a506cdb router: split router_build_fresh_descriptor() into static functions
Split the body of router_build_fresh_descriptor() into static functions,
by inserting function prologues and epilogues between existing sections.

Write a new body for router_build_fresh_descriptor() that calls the new
static functions.

Initial refactor with no changes to the body of the old
router_build_fresh_descriptor(), except for the split.

Preparation for testing 29017 and 20918.
2019-02-19 19:05:43 +10:00
teor
a798bd40fb stats: Stop reporting statistics when ExtraInfoStatistics is 0
When ExtraInfoStatistics is 0, stop including bandwidth usage statistics,
GeoIPFile hashes, ServerTransportPlugin lines, and bridge statistics
by country in extra-info documents.

Fixes bug 29018; bugfix on 0.2.4.1-alpha (and earlier versions).
2019-02-19 19:01:44 +10:00
teor
361738c964 Merge branch 'bug29017-033' into bug29017-master-merge 2019-02-19 18:59:16 +10:00
Roger Dingledine
94f7e53d04 fix a bootstrapping string typo
introduced in 85542ee5

next step is to fix it in torspec too
2019-02-17 16:56:13 -05:00
Neel Chauhan
384c5c6188 Make test-slow compile with libevent 2019-02-16 16:03:17 -05:00
George Kadianakis
3093d8afbe Fix tests to use the new design.
- All histogram tests were using start_usec/range_usec. We now manually specify
  the edges.
- Also add a test for histogram_get_bin_upper_bound().
2019-02-15 17:43:41 +02:00
George Kadianakis
80abe4170d Update all the histogram functions to use the new design. 2019-02-15 17:43:23 +02:00
George Kadianakis
98af25e013 Remove start_usec/range_usec and make equivalent fields for distributions. 2019-02-15 17:43:01 +02:00
George Kadianakis
f07c6ae57c Add histogram fields in header file that allow specifying edges. 2019-02-15 17:42:17 +02:00
Matt Traudt
b054a6c6b9 kist: When readding chans, check correct chan's sched_heap_idx
Closes #29508

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-02-14 16:19:31 -05:00
David Goulet
6c173d00f5 Merge branch 'tor-github/pr/702' 2019-02-14 11:43:10 -05:00
George Kadianakis
00b073b1bc Merge branch 'maint-0.3.5' 2019-02-14 18:01:07 +02:00
George Kadianakis
d83c299eba Merge branch 'tor-github/pr/689' into maint-0.3.5 2019-02-14 18:00:05 +02:00
George Kadianakis
9bfe4ed6dd Merge branch 'tor-github/pr/536' into maint-0.3.5 2019-02-14 17:39:34 +02:00
Nick Mathewson
6a29aa7b8c Add whitebox test for the long-output optimization of fast_rng 2019-02-14 09:26:40 -05:00
Nick Mathewson
3f28b98220 Add test for crypto_fast_rng_get_double(). 2019-02-14 09:26:40 -05:00
Nick Mathewson
acbde10fce Add a test-rng program so we can pipe to dieharder. 2019-02-14 09:26:40 -05:00
Nick Mathewson
490e187056 Add a benchmark for our several PRNGs. 2019-02-14 09:26:40 -05:00
Nick Mathewson
f3cbd6426c Implement a fast aes-ctr prng
This module is currently implemented to use the same technique as
libottery (later used by the bsds' arc4random replacement), using
AES-CTR-256 as its underlying stream cipher.  It's backtracking-
resistant immediately after each call, and prediction-resistant
after a while.

Here's how it works:

We generate psuedorandom bytes using AES-CTR-256.  We generate BUFLEN bytes
at a time.  When we do this, we keep the first SEED_LEN bytes as the key
and the IV for our next invocation of AES_CTR, and yield the remaining
BUFLEN - SEED_LEN bytes to the user as they invoke the PRNG.  As we yield
bytes to the user, we clear them from the buffer.

Every RESEED_AFTER times we refill the buffer, we mix in an additional
SEED_LEN bytes from our strong PRNG into the seed.

If the user ever asks for a huge number of bytes at once, we pull SEED_LEN
bytes from the PRNG and use them with our stream cipher to fill the user's
request.
2019-02-14 09:26:40 -05:00
Nick Mathewson
3d3578ab41 Extract RNG tests into a new test module
test_crypto.c is pretty big; it wouldn't hurt to split it up some
more before I start adding stuff to the PRNG tests.
2019-02-14 09:26:40 -05:00
Nick Mathewson
622a9a8a36 Extract the common body of our random-int functions into a macro
This is the second part of refactoring the random-int-in-range code.
2019-02-14 09:26:40 -05:00
George Kadianakis
f5a6d4c6ea Disable unstable circuit padding unittest.
until #29298 is implemented.
2019-02-14 12:09:41 +02:00
Nick Mathewson
5f42bc0f48 Merge remote-tracking branch 'tor-github/pr/699' 2019-02-13 15:19:59 -05:00
David Goulet
d5de1a0a55 Merge branch 'tor-github/pr/651' 2019-02-13 11:02:02 -05:00
David Goulet
6efc2a0e1f Merge branch 'tor-github/pr/650' into maint-0.3.5 2019-02-13 10:56:24 -05:00
rl1987
ad48aab056 Let's not double-quote EXTRA_CARGO_OPTIONS after all 2019-02-13 15:04:12 +02:00
rl1987
4f9061868b Use env to find bash 2019-02-13 14:51:42 +02:00
juga0
ec7da50ab4 dirvote: Add the bandwidth file digest in the vote 2019-02-13 12:26:00 +00:00
juga0
28490fa23e test: Add test to get the digest of a bw file 2019-02-13 12:26:00 +00:00
juga0
fc3e90a7b6 bwauth: Add function to get the digest of a bw file 2019-02-13 12:26:00 +00:00
David Goulet
c320c52e89 Merge branch 'tor-github/pr/690' 2019-02-12 13:04:25 -05:00
David Goulet
95e5f8fe03 Merge branch 'tor-github/pr/671' 2019-02-12 13:02:30 -05:00
Nick Mathewson
72b978c3a5 On windows, if we fail to load a consensus and it has a CRLF, retry.
Fixes bug 28614; bugfix on 0.4.0.1-alpha when we started mmapping
the consensus.
2019-02-12 12:57:33 -05:00
Nick Mathewson
a797a69679 Merge branch 'maint-0.3.5' 2019-02-12 09:56:50 -05:00
Nick Mathewson
db209d4dba Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-12 09:56:49 -05:00
Nick Mathewson
7ead2af622 Merge branch 'maint-0.2.9' into maint-0.3.3 2019-02-12 09:56:49 -05:00
Nick Mathewson
2e770216c4 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-12 09:56:49 -05:00
David Goulet
46b6df7122 test: Fix a warning underflow in rend_cache/clean
Because the test is adding entries to the "rend_cache" directly, the
rend_cache_increment_allocation() was never called which made the
rend_cache_clean() call trigger that underflow warning:

rend_cache/clean: [forking] Nov 29 09:55:04.024 [warn] rend_cache_decrement_allocation(): Bug: Underflow in rend_cache_decrement_allocation (on Tor 0.4.0.0-alpha-dev 2240fe63feb9a8cf)

The test is still good and valid.

Fixes #28660

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-02-12 09:15:41 -05:00
Karsten Loesing
a3f9ddcf03 Update geoip and geoip6 to the February 5 2019 database. 2019-02-12 14:40:42 +01:00
rl1987
4c10221332 Use compress_dir_buf_add() function in a few places 2019-02-09 16:46:31 +02:00
rl1987
09a3c949f8 Add connection_dir_buf_add() helper function 2019-02-09 16:06:32 +02:00
rl1987
b53fee4622 Fix SC2086 warning in test_workqueue_*.sh shell scripts 2019-02-08 16:51:49 +02:00
Nick Mathewson
49ec29044d Add more openssl includes to fix no-deprecated compilation
Closes ticket 29026; patch from Mangix.
2019-02-08 08:51:23 -05:00
Nick Mathewson
b9abdcd6bc Fix compilation when openssl is compiled without engine support.
Patch from Mangix. Closes part of ticket 29026.
2019-02-08 08:50:43 -05:00
Nick Mathewson
7f59b9fb1f Merge branch 'maint-0.3.5' 2019-02-08 08:37:46 -05:00
Nick Mathewson
ab65347819 Merge branch 'ticket29040_1_changes' into maint-0.3.5 2019-02-08 08:37:43 -05:00
Nick Mathewson
b1ae2fd65b Merge branch 'maint-0.3.5' 2019-02-08 08:19:34 -05:00
Nick Mathewson
4b36f9676d Merge remote-tracking branch 'tor-github/pr/670' into maint-0.3.5 2019-02-08 08:19:31 -05:00
rl1987
8df6a65e6b Fix shellcheck warning in zero_length_keys.sh 2019-02-07 17:23:23 +02:00
Nick Mathewson
a49149fc13 Extract numeric CSPRNG functions into a new module.
Some of the code for getting a random value within a range wants to
be shared between crypto_rand() and the new crypto_fast_rng() code.
2019-02-06 22:06:05 -05:00
Nick Mathewson
21d184a184 Remove extraneous #if/#endif wrapper in crypto_rand.c
I don't know how this got here, but this kind of a wrapper only
belongs in a header file.
2019-02-06 22:05:39 -05:00
Nick Mathewson
8ca808f81d Code for anonymous mappings via mmap() or CreateFileMapping().
Using an anonymous mmap() is a good way to get pages that we can set
kernel-level flags on, like minherit() or madvise() or mlock().
We're going to use that so that we can make uninheritable locked
pages to store PRNG data.
2019-02-06 22:03:30 -05:00
rl1987
daff9e1ba1 Fix shellcheck warning in fuzz_static_testcases.sh 2019-02-06 11:01:22 +02:00
Roger Dingledine
bfd1d70243 Merge branch 'maint-0.3.5' 2019-02-05 08:10:43 -05:00
Roger Dingledine
bca25eebfb Merge branch 'maint-0.3.4' into maint-0.3.5 2019-02-05 08:10:14 -05:00
Roger Dingledine
8ea98c0f4c Merge branch 'maint-0.3.3' into maint-0.3.4 2019-02-05 08:09:47 -05:00
rl1987
d7e5086694 Fix one last SC2086 2019-02-02 16:49:19 +02:00
rl1987
f888b3e2ee Update test-network.sh to bash script to use array
This lets us to save original script argument to array (POSIX shell does not
support that). Fixes shellcheck warnings SC2124 and SC2086.
2019-02-02 16:46:30 +02:00
rl1987
7341d9acdc Fix all instances of SC2166 in test-network.sh 2019-02-02 16:32:46 +02:00
rl1987
3f5459cb95 Fix all instances of SC2015 in test_keygen.sh 2019-02-01 21:41:14 +02:00
rl1987
3ca1d58561 Fix SC2064 2019-02-01 21:26:29 +02:00
rl1987
82813315ed Fix instances of SC2086 in test_keygen.sh 2019-02-01 21:24:06 +02:00
rl1987
a84dc1973b Fix instances of SC2006 in test_keygen.sh 2019-02-01 21:15:10 +02:00
rl1987
10455aeff2 Fix shellcheck warnings in test_rust.sh 2019-02-01 20:53:40 +02:00
Nick Mathewson
4d7a0a1310 Update Cargo.lock with new comment; suppress 29244. 2019-02-01 16:38:23 +01:00
José M. Guisado
cb1072790f Warn about missing ContactInfo when MyFamily set
Operators should be warned when setting MyFamily in
addition to missing ContactInfo

Signed-off-by: José M. Guisado <guigom@riseup.net>
2019-01-31 13:27:42 +01:00
teor
6170d3fcf1 hs: Onion services put IPv6 addresses in service descriptors
Rewrite service_intro_point_new() to take a node_t. Since
node_get_link_specifier_smartlist() supports IPv6 link specifiers,
this refactor adds IPv6 addresses to onion service descriptors.

Part of 23576, implements 26992.
2019-01-31 07:53:22 +01:00
teor
cdda3dc484 hs: Move get_lspecs_from_node to nodelist.c
Also:
* rename to node_get_link_specifier_smartlist
* rewrite to return a smartlist
* add link_specifier_smartlist_free

Part of 23576.
2019-01-30 15:15:41 +01:00
Nick Mathewson
bbd893d6bd Write consensus files in binary mode
This will help us out on windows now that we mmap files.  Fixes part
of ticket 28614.
2019-01-29 16:18:41 +01:00
rl1987
790150e57a Allow empty username/password in SOCKS5 username/password auth message 2019-01-26 11:06:33 +02:00
Nick Mathewson
d9010c5b67 One more 32-bit clang warning 2019-01-24 15:23:06 -05:00
Nick Mathewson
e19222a0da Use tt_u64_op() in test_circuitpadding.c to fix compilation warnings
Fixes bug 29169.
2019-01-24 13:20:21 -05:00
Neel Chauhan
c985940de9 Add version 3 onion service support to HSFETCH 2019-01-24 10:22:41 -05:00
Nick Mathewson
bbe417ae8f Merge branch 'ticket28668_035' into ticket28668_040 2019-01-23 17:08:36 -05:00
Nick Mathewson
d71ca39682 Another case of possible gmtime angst. 2019-01-23 17:08:23 -05:00
Suphanat Chunhapanya
238a9080c6 hs-v3: add an option param to safe log functions
We add an option param to safe_str and safe_str_client because in
some case we need to use those functions before global_options is set.
2019-01-24 04:31:18 +07:00
Suphanat Chunhapanya
8de735f068 hs-v3: fix use after free in client auth config
We accidentally use `auth` after freeing it in
client_service_authorization_free. The way to solve it is to
free after using it.
2019-01-24 04:31:07 +07:00
Nick Mathewson
d23704bf26 Merge branch 'ticket28668_035' into ticket28668_040 2019-01-23 14:50:22 -05:00
David Goulet
2d74da3d0e test: Fix a warning underflow in rend_cache/clean
Because the test is adding entries to the "rend_cache" directly, the
rend_cache_increment_allocation() was never called which made the
rend_cache_clean() call trigger that underflow warning:

rend_cache/clean: [forking] Nov 29 09:55:04.024 [warn] rend_cache_decrement_allocation(): Bug: Underflow in rend_cache_decrement_allocation (on Tor 0.4.0.0-alpha-dev 2240fe63feb9a8cf)

The test is still good and valid.

Fixes #28660

Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-01-23 13:11:49 -05:00
Nick Mathewson
6144cf99ad Capture more BUG warnings in util/time test
These are ones that happen on windows only.

Fixes bug 29161.
2019-01-23 12:37:12 -05:00
Nick Mathewson
54c9c8b04f If address/get_if_addrs6 can't findipv6, log WARN, not ERR
Fixes 29160, and allows 28668 (treating ERR logs as test failures)
to procede.
2019-01-23 12:04:57 -05:00
Nick Mathewson
adeeb8841e Merge branch 'maint-0.3.5' 2019-01-23 11:18:14 -05:00
rl1987
712a622fce Log an HSDesc we failed to parse at Debug loglevel 2019-01-23 10:37:10 -05:00
Peter Gerber
db3ee1d862
Allow getsockopt(…, SOL_SOCKET, SO_ACCEPTCONN, …) in sandbox
SO_ACCEPTCONN checks whether socket listening is enabled and is
used ever since 9369152aae has been merged.

Closes ticket #29150
2019-01-22 21:51:25 +00:00
Nick Mathewson
8e1e71cc0d Merge branch 'bug29122' 2019-01-22 14:31:01 -05:00
George Kadianakis
6243133a71 Fix intermittent failures of test_circuitpadding_wronghop().
We fix it by disabling the scheduling of actual padding.
Fixes #29122.
2019-01-22 14:30:43 -05:00
Nick Mathewson
21dd3ece62 Merge branch 'maint-0.3.5' 2019-01-22 11:55:56 -05:00
Nick Mathewson
4159d103d6 Merge branch 'bug29042_035' into maint-0.3.5 2019-01-22 11:55:53 -05:00
rl1987
00fff96e48 Fix shellcheck warning in test_rebind.sh 2019-01-22 15:14:16 +02:00
Nick Mathewson
d1af4d65df Merge branch 'maint-0.3.5' 2019-01-18 12:25:08 -05:00
Nick Mathewson
761f1bf71e Merge branch 'maint-0.3.3' into maint-0.3.4 2019-01-18 12:25:08 -05:00
Nick Mathewson
4cca7fb99b Merge branch 'maint-0.2.9' into maint-0.3.3 2019-01-18 12:25:08 -05:00
Nick Mathewson
a8580a6836 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-01-18 12:25:08 -05:00
Nick Mathewson
67f275f8da Bump to 0.4.0.1-alpha-dev 2019-01-18 10:08:57 -05:00
Nick Mathewson
81f1b89efc Better failure message on stochastic test failure 2019-01-17 17:27:13 -05:00
Nick Mathewson
c08fc2e19e Speed up the deterministic prng in test_prob_distr, by a lot.
Using a single xof object and squeezing it repeatedly should make
everything MUCH faster here.
2019-01-17 16:10:02 -05:00
Nick Mathewson
f632335feb Fix users of base32_decode to check for expected length in return.
Also, when we log about a failure from base32_decode(), we now
say that the length is wrong or that the characters were invalid:
previously we would just say that there were invalid characters.

Follow-up on 28913 work.
2019-01-17 13:32:19 -05:00
Nick Mathewson
b770adbd03 Use crypto_xof() in hs_ntor.c. 2019-01-17 12:43:20 -05:00
Nick Mathewson
9b0dd1ae04 Add a function to compute an XOF in one shot.
Motivation:
  1. It's convenient.
  2. It's all that openssl supports.

Part of 28837.
2019-01-17 12:43:20 -05:00
Nick Mathewson
c393171403 Use openssl's version of sha3 when available.
Part of 28837.
2019-01-17 12:43:20 -05:00
Nick Mathewson
77712a5fa2 Merge remote-tracking branch 'tor-github/pr/645' 2019-01-17 12:04:50 -05:00
Nick Mathewson
3da3aca08f Fix a LOG_ERR message from test_pt.c
Fixes an instance of ticket28668.
2019-01-16 15:54:35 -05:00