Commit Graph

4932 Commits

Author SHA1 Message Date
Roger Dingledine
635c5a8a92 be sure to remember the changes file for #20384 2017-02-13 15:22:36 -05:00
Nick Mathewson
d9827e4729 Merge branch 'maint-0.2.9' 2017-02-13 14:41:43 -05:00
Nick Mathewson
a86f95df5c Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-13 14:38:03 -05:00
Nick Mathewson
9b90d515a9 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-13 14:37:55 -05:00
Nick Mathewson
75fe218b16 Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-13 14:37:49 -05:00
Nick Mathewson
43c18b1b7a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-13 14:37:42 -05:00
Nick Mathewson
124062e843 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-13 14:37:01 -05:00
Karsten Loesing
f6016058b4 Update geoip and geoip6 to the February 8 2017 database. 2017-02-12 15:56:31 +01:00
David Goulet
e129393e40 test: Add missing socket errno in test_util.c
According to 21116, it seems to be needed for Wheezy Raspbian build. Also,
manpage of socket(2) does confirm that this errno value should be catched as
well in case of no support from the OS of IPv4 or/and IPv6.

Fixes #21116

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-08 09:00:48 -05:00
Nick Mathewson
4bce2072ac Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 10:39:03 -05:00
Nick Mathewson
f2a30413a3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 10:37:53 -05:00
Nick Mathewson
2ce4330249 Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5 2017-02-07 10:37:43 -05:00
Nick Mathewson
c056d19323 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 10:37:31 -05:00
Nick Mathewson
457d38a6e9 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2017-02-07 09:48:19 -05:00
Nick Mathewson
5446cb8d3d Revert "Add hidserv-stats filname to our sandbox filter"
Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.

This reverts commit 2ec5e24c58.
2017-02-07 09:28:50 -05:00
Nick Mathewson
ea2f08ac7f (this already went in to 0.3.0.3-alpha) 2017-02-07 09:27:37 -05:00
Nick Mathewson
51dc284088 Merge branch 'maint-0.2.9' 2017-02-07 09:27:22 -05:00
Nick Mathewson
a271ad2a7e changes file for 21280 2017-02-07 09:27:17 -05:00
Nick Mathewson
9379984128 Merge branch 'teor_bug21357-v2_029' into maint-0.2.9 2017-02-07 09:24:08 -05:00
Nick Mathewson
dff390dcc7 Merge branch 'bug21108_029' into maint-0.2.9 2017-02-07 09:22:31 -05:00
Nick Mathewson
c6f2ae514e Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 09:18:54 -05:00
Nick Mathewson
b9ef21cf56 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 09:17:59 -05:00
Nick Mathewson
e4a42242ea Backport the tonga->bifroest move to 0.2.4.
This is a backport of 19728 and 19690
2017-02-07 09:15:21 -05:00
Nick Mathewson
115cefdeee Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-07 08:55:07 -05:00
Nick Mathewson
e6965f78b8 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:54:54 -05:00
Nick Mathewson
6b37512dc7 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:54:47 -05:00
Nick Mathewson
d6eae78e29 Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4 2017-02-07 08:47:11 -05:00
Nick Mathewson
8936c50d83 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:39:07 -05:00
Nick Mathewson
05ec055c41 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:38:59 -05:00
Nick Mathewson
51675f97d3 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 2017-02-07 08:37:07 -05:00
Nick Mathewson
332543baed Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:34:08 -05:00
teor (Tim Wilson-Brown)
fb7d1f41b4 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2017-02-07 08:33:39 -05:00
John Brooks
053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
a54b269c95 Start on an 0.3.0.3-alpha changelog 2017-02-03 10:50:36 -05:00
Nick Mathewson
bc9121d5c9 Merge branch 'bug21372_squashed' 2017-02-03 10:35:23 -05:00
Nick Mathewson
19e25d5cab Prevention: never die from extend_info_from_node() failure.
Bug 21242 occurred because we asserted that extend_info_from_node()
had succeeded...even though we already had the code to handle such a
failure.  We fixed that in 93b39c5162.

But there were four other cases in our code where we called
extend_info_from_node() and either tor_assert()ed that it returned
non-NULL, or [in one case] silently assumed that it returned
non-NULL. That's not such a great idea.  This patch makes those
cases check for a bug of this kind instead.

Fixes bug 21372; bugfix on 0.2.3.1-alpha when
extend_info_from_node() was introduced.
2017-02-03 10:35:07 -05:00
Nick Mathewson
0740d67e54 further lintchanges fixes 2017-02-03 10:24:40 -05:00
Nick Mathewson
9d5a9feb40 Merge branch 'dgoulet/bug21302_030_01_squashed' 2017-02-03 09:54:24 -05:00
David Goulet
eea763400f hs: Remove intro point expiring node if no circuit
Once a second, we go over all services and consider the validity of the intro
points. Now, also try to remove expiring nodes that have no more circuit
associated to them. This is possible if we moved an intro point object
previously to that list and the circuit actually timed out or was closed by
the introduction point itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:07 -05:00
Nick Mathewson
1ec429d07d Merge remote-tracking branch 'dgoulet/bug20980_030_01' 2017-02-03 09:44:31 -05:00
cypherpunks
27df23abb6 Use the standard OpenBSD preprocessor definition 2017-02-03 09:37:39 -05:00
Nick Mathewson
c103ce995b Fix all warnings from lintchanges 2017-02-03 09:34:10 -05:00
Nick Mathewson
0f79fb51e5 dirauth: Fix for calling routers unreachable for wrong ed25519
Previously the dirserv_orconn_tls_done() function would skip routers
when they advertised an ed25519 key but didn't present it during the
link handshake.  But that covers all versions between 0.2.7.2-alpha
and 0.2.9.x inclusive!

Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02 10:37:25 -05:00
Nick Mathewson
6777cd0a84 Merge remote-tracking branch 'public/bug21356_029' 2017-02-02 09:03:13 -05:00
Nick Mathewson
b11f00c153 Merge branch 'bug21294_030_01_squashed' 2017-02-02 08:48:20 -05:00
David Goulet
83df359214 config: Stop recommending Tor2web if in non anonymous mode
Because we don't allow client functionalities in non anonymous mode,
recommending Tor2web is a bad idea.

If a user wants to use Tor2web as a client (losing all anonymity), it should
run a second tor, not use it with a single onion service tor.

Fixes #21294.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 08:47:59 -05:00
Nick Mathewson
2d2ab29ce8 Merge remote-tracking branch 'asn/bug21052' 2017-02-01 15:53:16 -05:00
Nick Mathewson
ec1b8020d5 Merge remote-tracking branch 'dgoulet/bug21290_030_01' 2017-02-01 10:44:45 -05:00
Nick Mathewson
24551d64ad Merge branch 'maint-0.2.9' 2017-02-01 10:39:59 -05:00
Nick Mathewson
b928095afc Rework 21359 changes file slightly. 2017-02-01 10:39:48 -05:00
rubiate
e9ec818c28 Support LibreSSL with opaque structures
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
2017-02-01 10:30:49 -05:00
David Goulet
5335a8e6f8 Rename --enable-expensive-hardening configure option
It is renamed to --enable-fragile-hardening.

TROVE-2017-001 was triggerable only through the expensive hardening which is
making the tor daemon abort when the issue is detected. Thus, it makes tor
more at risk of remote crashes but safer against RCE or heartbleed bug
category.

Fixes #21290.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 10:27:10 -05:00
Nick Mathewson
f1530d0e5a Merge branch 'teor_bug21357-v2_029' 2017-02-01 09:39:25 -05:00
teor
bed94a9ed9 Changes file for 21357: Stop rejecting all IPv6 traffic on some Exits
This issue was triggered by 17027 in 0.2.8.1-alpha, which rejects a relay's
own IPv6 address.

Bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
2017-02-01 09:39:06 -05:00
Nick Mathewson
222f2fe469 Merge branch 'bug21150_030_01_squashed' 2017-02-01 09:30:02 -05:00
David Goulet
51b562c605 Use an internal variable for HiddenServiceStatistics
Stop modifying the value of our torrc option HiddenServiceStatistics just
because we're not a bridge or relay. This bug was causing Tor Browser users to
write "HiddenServiceStatistics 0" in their torrc files as if they had chosen
to change the config.

Fixes #21150

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 09:29:53 -05:00
Nick Mathewson
78011bb7ba Merge branch 'bug21242' 2017-02-01 09:09:58 -05:00
Nick Mathewson
2e93bffa1d Merge remote-tracking branch 'public/bug21129' 2017-02-01 09:01:44 -05:00
Nick Mathewson
f8885b76ef Merge remote-tracking branch 'public/bug21128' 2017-02-01 09:01:28 -05:00
Nick Mathewson
a5aec6ac37 Merge branch 'bug21108_029' 2017-01-31 18:51:26 -05:00
Nick Mathewson
35d8270942 When marking guard state instances on a channel, don't mark NULL
It's okay for guard_state to be null: we might have a fallback
circuit, or we might not be using guards.

Fixes bug 211228; bugfix on 0.3.0.1-alpha
2017-01-31 14:44:14 -05:00
Nick Mathewson
0f0d4356b2 Don't try to use confirmed_idx in remove_guard_from_...lists()
Since we can call this function more than once before we update all
the confirmed_idx fields, we can't rely on all the relays having an
accurate confirmed_idx.

Fixes bug 21129; bugfix on 0.3.0.1-alpha
2017-01-31 14:34:32 -05:00
Nick Mathewson
a47c133c86 Do not clear is_bad_exit on sybil.
But do clear is_v2_dir.

Fixes bug 21108 -- bugfix on d95e7c7d67 in
0.2.0.13-alpha.
2017-01-31 14:12:14 -05:00
Nick Mathewson
d183ec231b Call monotime_init() earlier.
We need to call it before nt_service_parse_options(), since
nt_service_parse_options() can call back into nt_service_main(),
which calls do_main_loop().

Fixes bug 21356; bugfix on 0.2.9.1-alpha.
2017-01-31 13:02:49 -05:00
Nick Mathewson
957b9f8b83 changes file for bug21242 2017-01-31 12:35:44 -05:00
Nick Mathewson
4d83999213 Make "GETCONF SocksPort" work again
I broke "GETCONF *Port" in 20956, when I made SocksPort a
subordinate option of the virtual option SocksPortLines, so that I
could make SocksPort and __SocksPort provide qthe same
functionality.  The problem was that you can't pass a subordinate
option to GETCONF.

So, this patch fixes that by letting you fetch subordinate options.

It won't always be meaningful to consider these options
out-of-context, but that can be the controller-user's
responsibility to check.

Closes ticket 21300.
2017-01-30 10:09:47 -05:00
meejah
fc58c37e33 Ticket #21329: GETINFO onions/current returns empty list
If there are no ephemeral or detached onion services, then
"GETINFO onions/current" or "GETINFO onions/detached" should
return an empty list instead of an error
2017-01-28 13:59:29 -07:00
Nick Mathewson
67eb6470d7 Merge branches 'server_ciphers' and 'ciphers.inc' 2017-01-27 16:45:18 -05:00
Daniel Kahn Gillmor
e1337b4252 client: set IPv6Traffic to on by default
See:
  https://trac.torproject.org/projects/tor/ticket/21269
  https://bugs.debian.org/851798

Closes #21269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-27 09:12:32 -05:00
Nick Mathewson
81c78ec755 Outbindbindaddress variants for Exit and OR.
Allow separation of exit and relay traffic to different source IP
addresses (Ticket #17975). Written by Michael Sonntag.
2017-01-27 08:05:29 -05:00
junglefowl
373d9aff7a Fail if file is too large to mmap.
If tor_mmap_file is called with a file which is larger than SIZE_MAX,
only a small part of the file will be memory-mapped due to integer
truncation.

This can only realistically happen on 32 bit architectures with large
file support.
2017-01-25 13:21:44 -05:00
Nick Mathewson
1130fd87ed changes file for 21280 2017-01-25 13:15:37 -05:00
Suphanat Chunhapanya
05c1e2b7d6 Add ChangeLog for check_existing 2017-01-25 13:11:57 -05:00
Nick Mathewson
363be43df3 Re-run gen_server_ciphers 2017-01-24 15:30:35 -05:00
Nick Mathewson
4f1dc34e36 Regenerate ciphers.inc 2017-01-24 15:05:35 -05:00
Nick Mathewson
33dcd0c44b changes file for DROPGUARDS 2017-01-24 09:19:44 -05:00
Nick Mathewson
d95d988946 Merge branch 'feature_20956_029' 2017-01-23 16:07:15 -05:00
Nick Mathewson
83307fc267 Add __SocksPort etc variants for non-persistent use
Implements feature 20956.
2017-01-23 16:06:51 -05:00
Nick Mathewson
e760c1b291 forward-port trove-2017-001 entry and blurb. 2017-01-23 09:16:36 -05:00
Nick Mathewson
4a93ed1ede Merge branch 'maint-0.2.9' 2017-01-23 08:55:40 -05:00
Nick Mathewson
767516680c TROVE-2017-001 : move -ftrapv back into --expensive-hardening. 2017-01-23 08:47:10 -05:00
Nick Mathewson
5baa3ec06e Begin 0.3.0.2-alpha changelog
(Automated sort and format)
2017-01-22 19:05:50 -05:00
Roger Dingledine
bcbb2d111b clean up grammar on bug20307 changes file
pointed out by toralf on irc
2017-01-22 19:03:12 -05:00
David Goulet
96c7ddbc7e circuit: Change close reasons from uint16_t to int
When marking for close a circuit, the reason value, a integer, was assigned to
a uint16_t converting any negative reasons (internal) to the wrong value. On
the HS side, this was causing the client to flag introduction points to be
unreachable as the internal reason was wrongfully converted to a positive
16bit value leading to flag 2 out of 3 intro points to be unreachable.

Fixes #20307 and partially fixes #21056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-22 19:02:01 -05:00
Nick Mathewson
955846fbab Fix warnings from lintchanges script 2017-01-22 18:54:13 -05:00
Nick Mathewson
753f6a9e70 Merge branch 'maint-0.2.9' 2017-01-22 18:48:27 -05:00
Nick Mathewson
46aee42cb9 fix a lintchanges warning 2017-01-22 18:48:22 -05:00
Nick Mathewson
e52f49aa80 Merge remote-tracking branch 'public/ticket18319' 2017-01-21 14:44:00 -05:00
David Goulet
0069d14753 circuit: Make circuit_build_times_disabled take an or_options_t
That way, when we are parsing the options and LearnCircuitBuildTimeout is set
to 0, we don't assert trying to get the options list with get_options().

Fixes #21062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 12:53:01 -05:00
Nick Mathewson
b6dce6cfec Merge remote-tracking branch 'asn/bug21142' 2017-01-18 10:44:35 -05:00
Nick Mathewson
d31209ad6f Merge remote-tracking branch 'dgoulet/bug21058_030_01' 2017-01-18 09:18:01 -05:00
Nick Mathewson
69cb6f34cb Merge remote-tracking branch 'dgoulet/bug19953_030_01' 2017-01-18 09:10:46 -05:00
Nick Mathewson
4334a4b784 Merge remote-tracking branch 'dgoulet/bug21033_030_01' 2017-01-18 09:08:16 -05:00
Nick Mathewson
e69afb853d Merge branch 'bug19769_19025_029' 2017-01-18 09:02:48 -05:00
Nick Mathewson
0151e1d158 Changes file for 19025. 2017-01-18 09:01:26 -05:00
Nick Mathewson
609065f165 DefecTor countermeasure: change server- and client-side DNS TTL clipping
The server-side clipping now clamps to one of two values, both
for what to report, and how long to cache.

Additionally, we move some defines to dns.h, and give them better
names.
2017-01-18 08:55:57 -05:00
David Goulet
5a83bb0e90 man: Clarify options in the tor.1 man page
In addition to the comments in the ticket, couple hidden service options have
been improved to clarify the maximum and minimum values they can be set to.

Closes #21058

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 15:19:42 -05:00
David Goulet
1636777dc8 hs: Allow from 0 to MAX introduction points
An operator couldn't set the number of introduction point below the default
value which is 3. With this commit, from 0 to the hardcoded maximum is now
allowed.

Closes #21033

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:58:50 -05:00
David Goulet
e16148a582 relay: Honor DataDirectoryGroupReadable at key init
Our config code is checking correctly at DataDirectoryGroupReadable but then
when we initialize the keys, we ignored that option ending up at setting back
the DataDirectory to 0700 instead of 0750. Patch by "redfish".

Fixes #19953

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:40:01 -05:00
George Kadianakis
2938fd3b85 prop271: When we exhaust all guards, mark all of them for retry.
In the past, when we exhausted all guards in our sampled set, we just
waited there till we mark a guard for retry again (usually takes 10 mins
for a primary guard, 1 hour for a non-primary guard). This patch marks
all guards as maybe-reachable when we exhaust all guards (this can
happen when network is down for some time).
2017-01-17 14:35:38 +02:00