Commit Graph

38069 Commits

Author SHA1 Message Date
Nick Mathewson
b8e6eb6236 Merge remote-tracking branch 'tor-gitlab/mr/498' 2021-12-13 10:47:39 -05:00
Nick Mathewson
86819229af Limit the number of elements in a consdiff hash line.
This avoids performing and then freeing a lot of small mallocs() if
the hash line has too many elements.

Fixes one case of bug 40472; resolves OSS-Fuzz 38363.  Bugfix on
0.3.1.1-alpha when the consdiff parsing code was introduced.
2021-12-06 12:35:08 -05:00
Nick Mathewson
b4c55f3a70 changes: Describe when bug 7362 began. 2021-11-23 11:28:30 -05:00
Cecylia Bocovich
0d3894dbbc
Add documentation on {C,S}METHOD parsing behaviour 2021-11-23 11:18:04 -05:00
Cecylia Bocovich
809b636b6e
Don't kill managed proxy on method error
Some PT applications support more than one transport. For example,
obfs4proxy supports obfs4, obfs3, and meek. If one or more transports
specified in the torrc file are supported, we shouldn't kill the managed
proxy on a {C,S}METHOD-ERROR. Instead, we should log a warning.

We were already logging warnings on method errors. This change just
makes sure that the managed proxy isn't killed, and then if no
transports are configured for the managed proxy, bumps the log level up
from a notice to a warning.

Closes #7362
2021-11-19 14:50:36 -05:00
Nick Mathewson
dd085d42f9 Do not count controller-selected paths towards path bias.
As a side effect, this fixes a "Bug" warning.

Closes #40515.  Bugfix on 0.2.4.10-alpha.
2021-11-15 08:55:47 -05:00
Nick Mathewson
96f1e69f24 Implement proposal 275: don't put "published" times in md consensus
When a new consensus method is negotiated, these values will all get
replaced with "2038-01-01 00:00:00".

This change should be safe because:

  * As of 0.2.9.11 / 0.3.0.7 / 0.3.1.1-alpha, Tor takes no action
    about published_on times in the future.

  * The only remaining parties relying on published_on values are (we
    believe) relays running 0.3.5.x, which rely on the values in a NS
    consensus to see whether their descriptors are out of date.  But
    this patch only changes microdesc consensuses.

  * The latest Tor no longer looks at this field in consensuses.

Why make this change?  In experiments, replacing these values with a
fixed value made the size of compressed consensus diffs much much
smaller.  (Like, by over 50%!)

Implements proposal 275; Implements #40130.
2021-11-09 13:43:48 -05:00
Nick Mathewson
1d2c918dfd Move published_on from routerstatus_t to vote_routerstatus_t.
Nothing breaks here, since all non-voting users of
routerstatus_t.published_on have been adjusted or removed in
previous commits.

We have to expand the API of routerstatus_format_entry() a bit,
though, so that it can always get a published time as argument,
since it can't get it from the routerstatus any more.

This should have no effect on voter behavior.
2021-11-09 13:29:36 -05:00
Nick Mathewson
a7fb5563bc Stop checking published_on in routerstatus_has_visibly_changed()
This function is only used for the controller; and any time that the
published_on time has changed, the digest should also change.
2021-11-09 09:08:48 -05:00
Nick Mathewson
73639fc3c1 Change a log not to use published_on.
It used to describe when the old and new routerinfos were published
when we'd decide to download a routerinfo.  Now it describes what
their descriptor digests are.
2021-11-09 09:07:04 -05:00
Nick Mathewson
08d452b38c Stop using published_on in rs to decide whether to download a routerdesc.
The consensus voters shouldn't actually include such old routers in
the consensus anyway, so this logic shouldn't come up...

but if a client _does_ download something it wouldn't use, it won't
retry infinitely: see checks for WRA_NEVER_DOWNLOADABLE.
2021-11-09 09:06:25 -05:00
Nick Mathewson
db7d067ab1 Retain all routerinfos listed in the consensus.
Previously we'd look at the routerstatus published_on field when
deciding what to dump, which really has no point.  If something's in
the consensus with an ancient published date, then we do want to
keep it.
2021-11-09 08:57:03 -05:00
Nick Mathewson
8345b3bd92 Stop using published_on to decide whether to republish.
Thanks to the StaleDesc flag, this is not something we need to look
at any longer.
2021-11-09 08:57:03 -05:00
Alexander Færøy
a78dafbf7c Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-08 14:16:19 +00:00
Alexander Færøy
9d8b0c5bdc Merge branch 'maint-0.4.6' into main 2021-11-08 14:16:19 +00:00
Alexander Færøy
882fd1f0d4 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-08 14:16:18 +00:00
Alexander Færøy
4a24673436 Merge remote-tracking branch 'tor-gitlab/mr/487' into maint-0.3.5 2021-11-08 14:15:59 +00:00
Alexander Færøy
4914e0e1cc Merge remote-tracking branch 'tor-gitlab/mr/486' into maint-0.3.5 2021-11-08 14:15:56 +00:00
Alexander Færøy
d1493f2f27 Merge remote-tracking branch 'tor-gitlab/mr/485' into main 2021-11-08 14:14:03 +00:00
Alexander Færøy
fe52c87652 Merge remote-tracking branch 'tor-gitlab/mr/480' into main 2021-11-08 14:12:22 +00:00
Alexander Færøy
32c45a8f94 Merge remote-tracking branch 'tor-gitlab/mr/479' into main 2021-11-08 14:10:29 +00:00
Roger Dingledine
5ee85c1fac fix an already-existing bug in the unit tests
where the or_conn for testing the failure cache would be initialized
with random stack data, so e.g. its potentially_used_for_bootstrapping
field would start out at some random value.
2021-11-08 05:37:02 -05:00
Roger Dingledine
5ad126a51b don't cache connect failures from our own circuits
The connect failure cache had a bad interaction with retrying connections
to our guards or bridges when we go offline and then come back online --
while offline we would fail to connect and cache this result, and then
when we return we would decline to even attempt to connect, because our
failure cache said it wouldn't work.

Now only cache connect failures for relays when we connected to them
because of somebody else's EXTEND request.

Fixes bug 40499; bugfix on 0.3.3.4-alpha.
2021-11-08 05:37:02 -05:00
Nick Mathewson
cee6e7d9e1 Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need
From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.

Now we give an error message if we try to build with one of those
versions.

Closes #40511.
2021-11-06 11:04:08 -04:00
Nick Mathewson
8beb560bfd Reverse the direction of the test for openssl 3.0.0
Previously the logic was reversed, and always gave the wrong answer.
This has no other effect than to change whether we suppress
deprecated API warnings.

Fixes #40429; bugfix on 0.3.5.13.
2021-11-05 13:23:05 -04:00
Nick Mathewson
c93114ec9e Prefer use of __MINGW_PRINTF/SCANF_FORMAT if available.
Mingw headers sometimes like to define alternative scanf/printf
format attributes depending on whether they're using clang, UCRT,
MINGW_ANSI_STDIO, or the microsoft version of printf/scanf.  This
change attempts to use the right one on the given platform.

This is an attempt to fix part of #40355.
2021-11-05 12:36:34 -04:00
David Goulet
1c77deca4f Merge branch 'maint-0.4.6' 2021-11-05 10:44:10 -04:00
David Goulet
77b265f96e Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-05 10:44:10 -04:00
David Goulet
a7fe37f1fa protover: Fix merge forward from 035
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:42:54 -04:00
David Goulet
47adba879c Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-05 10:35:08 -04:00
Nick Mathewson
439e17180c Light edit to protover warnings. 2021-11-05 10:30:57 -04:00
Simon South
94d82baeec changes: Add file for ticket 40505 2021-11-05 10:30:51 -04:00
Simon South
001d880d10 sandbox: Allow "statx" syscall on i386 for glibc 2.33
glibc versions 2.33 and newer use the modern "statx" system call in their
implementations of stat() and opendir() for Linux on i386.  Prevent failures in
the sandbox unit tests by modifying the sandbox to allow this system call
without restriction on i386 when it is available, and update the test suite to
skip the "sandbox/stat_filename" test in this case as it is certain to fail.
2021-11-05 10:30:51 -04:00
Simon South
d59f63f1c4 test: Skip sandbox/stat_filename where "stat64" syscall defined
On 32-bit architectures where Linux provides the "stat64" system call,
including i386, the sandbox is unable to filter calls to stat() as glibc uses
this system call itself internally and the sandbox must allow it without
restriction.

Update the sandbox unit tests to skip the "sandbox/stat_filename" test on
systems where the "stat64" system call is defined and the test is certain to
fail.  Also reorder the "#if" statement's clauses to correspond with the
comment preceding it, for clarity.
2021-11-05 10:30:51 -04:00
Simon South
f5980e60ed sandbox: Allow "clock_gettime64" syscall where defined
On 32-bit architectures where Linux provides the "clock_gettime64" system call,
including i386, glibc uses it in place of "clock_gettime".  Modify the sandbox
implementation to match, to prevent Tor's monotonic-time functions (in
src/lib/time/compat_time.c) failing when the sandbox is active.
2021-11-05 10:30:51 -04:00
Simon South
55571fc8d7 sandbox: Filter "chown32" syscall on i386
On i386 glibc uses the "chown32" system call instead of "chown".  Prevent
attempts to filter calls to chown() on this architecture from failing by
modifying the sandbox implementation to match.
2021-11-05 10:30:51 -04:00
David Goulet
f93cd5deb8 protover: Add a note on why LinkAuth is not recommended or required
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:16:08 -04:00
David Goulet
3d1a49908c protover: Move all hardcoded lists in one place
This also moves the warnings and add some theatrical effect around the
code so anyone modifying those list should notice the warnings signs and
read the comment accordingly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:13:47 -04:00
Nick Mathewson
7c085490f5 Add scary warnings about changing the protover list.
Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.
2021-11-05 09:20:05 -04:00
Alexander Færøy
c363e2017f Merge branch 'maint-0.4.6' into main 2021-11-05 03:10:29 +00:00
Alexander Færøy
fb6bba1e42 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-05 03:10:29 +00:00
Alexander Færøy
40e2106031 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-05 03:10:28 +00:00
Alexander Færøy
cfd1482f78 Merge remote-tracking branch 'ahf/ahf/ci-i386' into maint-0.3.5 2021-11-05 03:10:12 +00:00
David Goulet
89ba63a619 Merge branch 'maint-0.4.6' 2021-11-03 09:54:14 -04:00
David Goulet
33fb0f1d8f shellcheck: Remove unused variable in ci-driver.sh
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:54:09 -04:00
David Goulet
36e6ad6c7b Merge branch 'maint-0.4.6' 2021-11-03 09:53:35 -04:00
David Goulet
83f8fe05e8 Merge branch 'maint-0.4.5' into maint-0.4.6
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:53:31 -04:00
David Goulet
ea5eebf431 Merge branch 'tor-gitlab/mr/477' into maint-0.4.5 2021-11-03 09:52:03 -04:00
David Goulet
6e8e1a4e6f relay: Don't allow DirPort on non-IPv4
Our code doesn't allow it and so this prevents an assert() crash if the
DirPort is for instance IPv6 only.

Fixes #40494

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:51:46 -04:00
David Goulet
44671995d1 shellcheck: Remove unused variable in ci-driver.sh
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:50:43 -04:00