Commit Graph

22867 Commits

Author SHA1 Message Date
Nick Mathewson
e9ff3e7d4a Merge branch 'bug28202_033' into bug28202_035 2018-10-25 09:16:08 -04:00
Nick Mathewson
8013e3e8b6 Merge branch 'bug28202_029' into bug28202_033 2018-10-25 09:14:06 -04:00
Nick Mathewson
0878bb961f Fix two other cases of (buf + N > end) pattern
Related to fix for 28202.
2018-10-25 09:08:02 -04:00
Nick Mathewson
368413a321 Fix possible UB in an end-of-string check in get_next_token().
Remember, you can't check to see if there are N bytes left in a
buffer by doing (buf + N < end), since the buf + N computation might
take you off the end of the buffer and result in undefined behavior.

Fixes 28202; bugfix on 0.2.0.3-alpha.
2018-10-25 09:06:13 -04:00
Nick Mathewson
76da5f8b80 Merge branch 'ticket28177' 2018-10-24 12:59:51 -04:00
Nick Mathewson
594140574e Fix remaining cases of using consensus without a len parameter.
(Thanks to cyberpunks for noting two of them!)
2018-10-24 11:06:34 -04:00
David Goulet
b063ca0604 node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-24 10:30:26 -04:00
Nick Mathewson
b77889fc5f Merge branch 'maint-0.3.5' 2018-10-24 10:20:53 -04:00
Nick Mathewson
6851a08090 Merge branch 'ticket28115_035' into maint-0.3.5 2018-10-24 10:20:41 -04:00
Nick Mathewson
c0bd800d26 Re-alphabetize the list of tests in tests.[ch] 2018-10-24 09:09:40 -04:00
Nick Mathewson
c6d3bebb1e Merge remote-tracking branch 'tor-github/pr/409' 2018-10-24 09:06:29 -04:00
Nick Mathewson
c3e14a3236 Merge branch 'maint-0.3.5' 2018-10-24 09:02:06 -04:00
cypherpunks
bfab7b9d35 rust/tor_log: fix C_RUST_COUPLED documentation
This file was moved in 97b15a1d7c
and moved again in e7f5f48d68.
2018-10-24 09:02:04 -04:00
Nick Mathewson
fd6078b33a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-23 19:50:53 -04:00
Nick Mathewson
b2c52f5d6d Remove a now-unused rust "use". 2018-10-23 19:50:45 -04:00
Nick Mathewson
05d65cb067 Merge branch 'maint-0.3.5' 2018-10-23 19:22:05 -04:00
Nick Mathewson
289a7dbac3 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-10-23 19:21:44 -04:00
Nick Mathewson
7edc594ee7 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-23 19:18:23 -04:00
Nick Mathewson
169bc670dd Merge remote-tracking branch 'onionk/rust-allsupportednull1' into maint-0.3.3 2018-10-23 19:17:48 -04:00
George Kadianakis
a614731144 Documentation: Move the hs_service_descriptor_t elements around.
Move the elements around to concentrate mutable and immutable elements
together. This commit changes no code, check with --color-moved.
2018-10-23 16:43:54 +03:00
George Kadianakis
df78fb2451 Documentation: Document which descriptor elements are (im)mutable. 2018-10-23 16:43:54 +03:00
George Kadianakis
29c194e022 Func rename: Make it clear that update_all_descriptors() does intro points.
With the new refresh_service_descriptor() function we had both
refresh_service_descriptor() and update_service_descriptor() which is basically
the same thing.

This commit renames update_service_descriptor() to
update_service_descriptor_intro_points() to make it clear it's not a generic
refresh and it's only about intro points.

Commit changes no code.
2018-10-23 16:43:54 +03:00
teor
939657771c
Treat backtrace test failures as expected on most BSD-derived systems
Treat backtrace test failures as expected on NetBSD, OpenBSD, and
macOS/Darwin, until we solve bug 17808.

(FreeBSD failures have been treated as expected since 18204 in 0.2.8.)

Fixes bug 27948; bugfix on 0.2.5.2-alpha.
2018-10-23 11:21:10 +10:00
cypherpunks
f874ab2640 dircache: make dirauths reject non UTF-8 descriptors and extrainfo
Ticket #27367.
2018-10-23 00:33:51 +00:00
cypherpunks
3704c4a012 string: add BOM helper 2018-10-23 00:33:48 +00:00
David Goulet
81c466c34a hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-22 16:34:41 -04:00
Nick Mathewson
afc22ec539 Merge remote-tracking branch 'tor-github/pr/421' 2018-10-22 08:49:55 -04:00
Roger Dingledine
7aa9fc1637 clean up a tor2web comment 2018-10-21 23:46:09 -04:00
rl1987
98cef6807e Exclude test and a supporting function when evdns_base_get_nameserver_addr() is not available 2018-10-20 20:34:08 +03:00
rl1987
d827902cb1 Unit test for DNS fallback in configure_nameservers 2018-10-20 20:34:08 +03:00
rl1987
91fa12aedc Fallback to local DNS when no other nameservers are known 2018-10-20 20:34:08 +03:00
Nick Mathewson
275e831cea Merge remote-tracking branch 'tor-github/pr/396' 2018-10-19 14:29:01 -04:00
Nick Mathewson
1ae9116601 Merge remote-tracking branch 'onionk/rust-protocommas1' into maint-0.3.5 2018-10-19 14:20:57 -04:00
Nick Mathewson
a05a113062 Merge remote-tracking branch 'onionk/rust-protocommas1' 2018-10-19 14:20:43 -04:00
Nick Mathewson
d1d66866b2 Rename a function; it is used to convert a value _From_ le.
We can't use htons()/ntohs() -- those are no-ops on exactly the
wrong platforms.
2018-10-19 08:42:28 -04:00
Nick Mathewson
f8a1dc64f9 Fix a misspelled macro test that was breaking big-endian OPE
Fixes bug 28115; bugfix on 0.3.5.1-alpha.
2018-10-19 08:41:25 -04:00
Nick Mathewson
62401812c7 Merge remote-tracking branch 'dgoulet/ticket27471_035_02' 2018-10-18 13:01:41 -04:00
David Goulet
8b2e72106a test: Add test for closing intro circuits when storing a new descriptor
This is client side and related to 27471 for previous commit that fixes this
issue.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
9ba16c4d03 hs-v3: Close client intro circuits if the descriptor is replaced
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.

Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).

The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.

Closes #27471.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
56f713b8a4 hs-v3: Always generate the descriptor cookie
It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 11:46:07 -04:00
Nick Mathewson
0a41d17c15 Merge branch 'ticket27549_035_01_squashed' 2018-10-18 10:16:30 -04:00
David Goulet
3a8f32067d hs-v3: Consolidate descriptor cookie computation code
Both client and service had their own code for this. Consolidate into one
place so we avoid duplication.

Closes #27549

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 10:16:07 -04:00
Nick Mathewson
d1eac7830f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-18 09:12:58 -04:00
Nick Mathewson
e979a56bb6 Merge branch 'maint-0.3.5' 2018-10-18 09:12:58 -04:00
Taylor Yu
7f6c0fce46 Merge branch 'bug27800-034' into bug27800-035 2018-10-17 16:00:11 -05:00
Taylor Yu
4e7f65ee5d Merge branch 'bug27800-033' into tor-034 2018-10-17 15:42:58 -05:00
Taylor Yu
93fd924bdb Log more info for duplicate ed25519 IDs
Occasionally, key pinning doesn't catch a relay that shares an ed25519
ID with another relay.  Log the identity fingerprints and the shared
ed25519 ID when this happens, instead of making a BUG() warning.

Fixes bug 27800; bugfix on 0.3.2.1-alpha.
2018-10-17 15:39:55 -05:00
cypherpunks
a56451af42 evloop: fix docs for threadpool_register_reply_event
Commit 6a5f62f68f ultimately didn't
include the base argument, and the callback is named cb.
2018-10-17 20:27:19 +00:00
cypherpunks
f07ab5b95c evloop: fix docs
alert_sockets_t was moved in 544ab27a94.
2018-10-17 20:27:19 +00:00
Nick Mathewson
fd2e0ac1c3 Bump to 0.3.6.0-alpha-dev. 2018-10-17 14:46:38 -04:00
Nick Mathewson
389bae0e8b Bump to 0.3.5.3-alpha-dev 2018-10-17 14:46:00 -04:00
Roger Dingledine
df78a2730c merge in some fixes i found in a sandbox 2018-10-17 13:56:41 -04:00
Nick Mathewson
b1891068f1 Merge branch 'maint-0.3.4' 2018-10-17 13:02:23 -04:00
David Goulet
2000d04cb6 conn: Stop writing when our write bandwidth limist is exhausted
Commit 488e2b00bf introduced an issue, most
likely introduced by a bad copy paste, that made us stop reading on the
connection if our write bandwidth limit was reached.

The problem is that because "read_blocked_on_bw" was never set, the connection
was never reenabled for reading.

This is most likely the cause of #27813 where bytes were accumulating in the
kernel TCP bufers because tor was not doing reads. Only relays with
RelayBandwidthRate would suffer from this but affecting all relays connecting
to them. And using that tor option is recommended and best practice so many
many relays have it enabled.

Fixes #28089.
2018-10-17 12:25:12 -04:00
Nick Mathewson
d70ca3554e Bump to 0.3.5.3-alpha 2018-10-17 09:26:32 -04:00
Nick Mathewson
34cd1fc523 Merge remote-tracking branch 'tor-github/pr/406' 2018-10-16 21:33:38 -04:00
cypherpunks
2f0744b3e6 rust/tor_util: drop unsafe block in cstr!
This is unnecessary just to get an empty string, there's Default::default().

Fix on 8fff331bb0.
2018-10-17 00:16:21 +00:00
Nick Mathewson
63c5e09a40 Merge remote-tracking branch 'tor-github/pr/408' 2018-10-16 19:10:05 -04:00
Nick Mathewson
e97adaf8dc Argh. The unset value for OwningControllerFD is NOT -1. 2018-10-16 17:57:04 -04:00
Nick Mathewson
56a3cef4d7 Merge branch 'bug27849_redux' 2018-10-16 17:33:58 -04:00
Nick Mathewson
698629f5a9 Merge remote-tracking branch 'tor-github/pr/404' 2018-10-16 17:29:50 -04:00
Nick Mathewson
8a0b741487 Add a tor_free() in tor_gencert to fix a coverity warning 2018-10-16 17:18:46 -04:00
rl1987
7fd82a4570 One testcase for annotation handling in tokenize_string() 2018-10-16 18:04:54 +03:00
rl1987
f10d664fd1 Test AT_END checking in tokenize_string() 2018-10-16 18:04:54 +03:00
rl1987
1a4edceee9 Add testcase for too many elements in tokenize_string() input 2018-10-16 18:04:54 +03:00
rl1987
7c8bf2f7c7 Add testcase for too few elements in tokenize_string() input 2018-10-16 18:04:54 +03:00
rl1987
78c446af7e Unit-test multiple line parsing with tokenize_string() 2018-10-16 18:04:54 +03:00
rl1987
81731a290d Unit-test some error conditions in get_next_token() 2018-10-16 18:04:54 +03:00
rl1987
6c5ba2662a Test object parsing in get_next_token() 2018-10-16 18:04:54 +03:00
rl1987
38a7033d33 Fix memory management in test_parsecommon_get_next_token_parse_keys 2018-10-16 18:04:54 +03:00
rl1987
7764d6dfc9 Test RSA private key parsing with get_next_token() 2018-10-16 18:04:54 +03:00
rl1987
569d8d8cd7 Test-case for public key parsing using get_next_token() 2018-10-16 18:04:52 +03:00
rl1987
5c891dba77 Test argument concatenation in get_next_token() 2018-10-16 18:04:20 +03:00
rl1987
7829e3a868 First testcase for get_next_token() 2018-10-16 18:04:20 +03:00
rl1987
55412c4f3d Add new source file to test target 2018-10-16 18:04:17 +03:00
Neel Chauhan
f93ee8e4c4 Fix typo in comment for hs_cell_parse_introduce2() 2018-10-16 10:59:42 -04:00
David Goulet
b5731cdf2e mainloop: Set client role if ControlPort is set
It turns out that if _only_ the ControlPort is set and nothing else, tor would
simply not bootstrap and thus not start properly. Commit 67a41b6306
removed that requirement for tor to be considered a "client".

Unfortunately, this made the mainloop enable basically nothing if only the
ControlPort is set in the torrc.

This commit now makes it that we also consider the ControlPort when deciding
if we are a Client or not. It does not revert 67a41b6306 meaning
options_any_client_port_set() stays the same, not looking at the control port.

Fixes #27849.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:11:49 -04:00
Nick Mathewson
b7fbd1f329 Merge branch 'maint-0.3.4' 2018-10-16 08:04:34 -04:00
David Goulet
38599de2dd test: Update approx_time before the test starts
This way we have the same time source when the IP is created and tested later.

Fixes #27810

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:03:55 -04:00
Nick Mathewson
8b3ec74e5f Merge remote-tracking branch 'public/bug27990' 2018-10-16 08:02:01 -04:00
Nick Mathewson
11161395af Merge branch 'maint-0.3.4' 2018-10-15 12:52:54 -04:00
Nick Mathewson
633e99575f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:52:54 -04:00
Nick Mathewson
6b2ef2c559 Fix another tor_assert(0) case 2018-10-15 12:52:48 -04:00
Nick Mathewson
feed41bed3 Merge branch 'maint-0.3.4' 2018-10-15 12:47:46 -04:00
Nick Mathewson
d1ec7bb06e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:47:46 -04:00
Nick Mathewson
86e0be421f Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 12:47:46 -04:00
Nick Mathewson
5b28190c67 Fix make check-spaces. 2018-10-15 12:47:19 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
3462f8ed64 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:48:35 -04:00
Nick Mathewson
796e36e535 Adjust tor_assert_unreached()
This version of the macro makes it obvious to the compiler that
"tor_assert_unreached()" will always abort().
2018-10-15 10:46:26 -04:00
Nick Mathewson
4983322cc7 Merge branch 'maint-0.3.4' 2018-10-15 10:37:53 -04:00
Nick Mathewson
fd528a0884 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:37:52 -04:00
Nick Mathewson
dff7d3d00a Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 10:37:49 -04:00
Nick Mathewson
b113399658 Merge branch 'bug27709_029' into maint-0.2.9 2018-10-15 10:34:39 -04:00
Nick Mathewson
5e582c7ffa Explain a bit more about branch prediction in the unit-test case 2018-10-15 10:16:34 -04:00
rl1987
89c4a3a0b6 Write a comment to explain may_need_rebind condition 2018-10-15 16:18:31 +03:00
rl1987
9bb00a74bc Refrain from listener rebinding when address families differ 2018-10-15 16:18:31 +03:00
Nick Mathewson
df2b46d18c Remove a double-newline and improve a comment 2018-10-14 15:33:39 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
6925b61cfd Fix various GCC LTO warnings in the unit tests. 2018-10-14 15:25:16 -04:00
Nick Mathewson
7c8f20ba44 In tor_tls_get_my_certs(), set cert ptrs even on failure
Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.

Fixes part of 27772.
2018-10-14 15:25:16 -04:00
Nick Mathewson
dddecee291 Initialize some locals in socks5 parsing code.
These confused GCC LTO, which thought they might be used
uninitialized.  I'm pretty sure that as long as 'res' indicates
success, they will always be set to something, but let's unconfuse
the compiler in any case.
2018-10-14 15:25:16 -04:00
Nick Mathewson
370d9922a4 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-10-14 15:25:16 -04:00
Nick Mathewson
965549aa07 Use assertions so GCC LTO doesn't worry about TLS channel conversion
Part of #27772
2018-10-14 15:25:16 -04:00
Nick Mathewson
67351f6724 Merge remote-tracking branch 'tor-github/pr/380' 2018-10-12 11:39:37 -04:00
Jay Bitron
b0c41e3ec2
Fix the missing unpack function in mmdb-convert.py 2018-10-10 14:12:53 -07:00
Nick Mathewson
267b8d16b1 Add timeval.h include to compat_pthreads.c for timeradd()
OpenSolaris apparently doesn't have timeradd(), so we added a
replacement, but we weren't including it here after the big
refactoring in 0.3.5.1-alpha.

Fixes bug 27963; bugfix on 0.3.5.1-alpha.
2018-10-10 12:19:56 -04:00
Nick Mathewson
a23c36ebcd Merge branch 'maint-0.3.4' 2018-10-10 11:34:49 -04:00
Nick Mathewson
e5fe8b0e3a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-10 11:34:49 -04:00
Nick Mathewson
b057623bed Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-10 11:34:48 -04:00
Karsten Loesing
119df9c1c0 Update geoip and geoip6 to the October 9 2018 database. 2018-10-10 17:26:41 +02:00
Nick Mathewson
d3d6c59557 Add sys/time.h include back to procmon.c 2018-10-10 11:26:38 -04:00
Nick Mathewson
da86a70bd8 Merge remote-tracking branch 'tor-github/pr/384' 2018-10-10 09:24:48 -04:00
Nick Mathewson
7409aa58d1 Merge remote-tracking branch 'tor-github/pr/385' 2018-10-09 12:46:46 -04:00
Nick Mathewson
361eaa9931 Merge remote-tracking branch 'public/ticket27856' 2018-10-09 09:04:53 -04:00
Neel Chauhan
3cc089ce59 Add newline between hs_client_get_random_intro_from_edge() and hs_client_receive_introduce_ack() 2018-10-05 19:54:26 -04:00
rl1987
9d886185c1 Make sure we're removing conn from old_conns *once* 2018-10-03 15:51:59 +03:00
rl1987
2b146bdb9a Refrain from using SMARTLIST_DEL_CURRENT in retry_all_listeners 2018-10-03 15:31:49 +03:00
Alex Crichton
38d644c94b Remove rlib+staticlib configuration for Rust crates
Only the final crate needs to be a `staticlib`, no need for all the
intermediate steps to produce staticlibs!
2018-10-01 22:58:44 -07:00
Alex Crichton
757a2360a4 Remove [features] from workspace Cargo.toml
Unfortunately Cargo doesn't actually parse these! Cargo should probably
print a warning saying they're not used...
2018-10-01 22:57:38 -07:00
Alex Crichton
74c1e44746 Fix segfaults related to sanitizers+jemalloc
It looks to be the case that Rust's standard allocator, jemalloc, is
incompatible with sanitizers. The incompatibility, for whatever reason,
seems to cause segfaults at runtime when jemalloc is linked with
sanitizers.

Without actually trying to figure out what's going on here this commit
instead takes the hammer of "let's remove jemalloc when testing". The
`tor_allocate` crate now by default switches to the system allocator
(eventually this will want to be the tor allocator). Most crates then
link to `tor_allocate` ot pick this up, but the `smartlist` crate had to
manually switch to the system allocator in testing and the `external`
crate had to be sure to link to `tor_allocate`.

The final gotcha here is that this patch also switches to
unconditionally passing `--target` to Cargo. For weird and arcane
reasons passing `--target` with the host target of the compiler (which
Cargo otherwise uses as the default) is different than not passing
`--target` at all. This ensure that our custom `RUSTFLAGS` with
sanitizer options doesn't make its way into build scripts, just the
final testing artifacts.
2018-10-01 22:55:59 -07:00
Alex Crichton
6ebb2c46d5 Remove the link_rust.sh.in script
This is no longer necessary with upstream rust-lang/rust changes as well
as some local tweaks. Namely:

* The `-fsanitize=address`-style options are now passed via `-C
  link-args` through `RUSTFLAGS`. This obviates the need for the shell
  script.
* The `-C default-linker-libraries`, disabling `-nodefaultlibs`, is
  passed through `RUSTFLAGS`, which is necessary to ensure that
  `-fsanitize=address` links correctly.
* The `-C linker` option is passed to ensure we're using the same C
  compiler as normal C code, although it has a bit of hackery to only
  get the `gcc` out of `gcc -std=c99`
2018-10-01 22:50:08 -07:00
Nick Mathewson
43211c3a0c Merge remote-tracking branch 'public/bug27893' 2018-10-01 12:12:33 -05:00
Nick Mathewson
58299b2927 Merge remote-tracking branch 'public/bug27728' 2018-10-01 12:06:39 -05:00
Nick Mathewson
c4e29001c4 Fix a bug where we would crash on --version.
Bug not in any released Tor.

test-stem would have caught this.
2018-10-01 12:01:51 -05:00
Nick Mathewson
886dc8b0a5 Remove routerparse include from files that dont use it 2018-10-01 11:35:11 -05:00
Nick Mathewson
d199348664 Remove versions.h include from routerparse.h 2018-10-01 11:22:47 -05:00
Nick Mathewson
5f9839ee42 Remove unused headers from routerparse.c 2018-10-01 11:17:33 -05:00
Nick Mathewson
35db3f8162 Extract addr-policy parsing code. 2018-10-01 11:17:19 -05:00
Nick Mathewson
95e2eb9083 Move summarize_protover_flags to versions.c 2018-10-01 10:48:55 -05:00
Nick Mathewson
4201203845 extract networkstatus parsing to its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
cd23903427 Pull detached-signatures code into dirauth. 2018-10-01 10:46:00 -05:00
Nick Mathewson
2be35f4d61 Split microdescriptor parser into its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
aff5bf5464 Remove addr_policy_assert_ok() as unused 2018-10-01 00:09:00 -05:00
Nick Mathewson
3100831762 Remove dump_distinct_digest_count()
It was disabled-by-default for ages, and it no longer compiles. I
think it's safe to call it obsolete.
2018-10-01 00:09:00 -05:00
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
9e65e7a36f Merge branch 'split_stats' 2018-09-27 16:26:06 -04:00
Nick Mathewson
9e1a3be064 Prevent duplicate initialization of NSS DH module
Allowing this didn't do any actual harm, since there aren't any
shared structures or leakable objects here.  Still, it's bad style
and might cause trouble in the future.

Closes ticket 27856.
2018-09-27 13:26:47 -04:00
Nick Mathewson
d0b2b5a202 Always initialize the periodic events list.
Various places in our code try to activate these events or check
their status, so we should make sure they're initialized as early as
possible.  Fixes bug 27861; bugfix on 0.3.5.1-alpha.
2018-09-27 13:24:36 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
34402ece8c geoip: fix windows compilation 2018-09-27 11:02:58 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
cypherpunks
5e74db95c2 rust: run rustfmt 2018-09-24 18:00:56 +00:00
Nick Mathewson
9767cf8cc0 Merge branch 'bug26913_033' 2018-09-24 11:17:09 -04:00
Nick Mathewson
6c739c3fb2 Fix arm compilation with openssl <1.1
Bug 27781; bugfix on 0.3.5.1-alpha.
2018-09-24 11:11:29 -04:00
Nick Mathewson
f57d8722e0 Fix the 0.3.4 part of bug 27781 (arm compilation)
Because with arm on OpenSSL <1.1 we don't define USE_EVP_AES_CTR, we
need to include crypto_util.h here.
2018-09-24 11:08:27 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
cypherpunks
b91bc1babc rust/protover: remove redundant ExceedsMax checks
This is already checked elsewhere.
2018-09-24 14:30:43 +00:00
Nick Mathewson
ae0cb94b69 Initialize mainloop events earlier, since other stuff may run them.
Fixes a stem test failure; bugfix on c7ce6b9821. Bug
not in any released Tor.
2018-09-22 17:40:04 -04:00
Nick Mathewson
7d9bea6a77 But, actually move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:49:20 -04:00
Nick Mathewson
7eea45c5c4 Move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:46:17 -04:00
Nick Mathewson
08d934b3fe Missing include in ntmain.c 2018-09-21 16:32:14 -04:00
Nick Mathewson
169f238c23 Merge remote-tracking branch 'onionk/protover-rust1' 2018-09-21 16:28:32 -04:00
cypherpunks
5c0dd1aa90 move protover_rust.c to core/or/
Missed in 667a6e8fe9.
2018-09-21 20:14:53 +00:00
Nick Mathewson
63e08f56b8 Merge remote-tracking branch 'tor-github/pr/365' 2018-09-21 16:13:59 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
9b0a17a74f Merge branch 'maint-0.3.4' 2018-09-21 09:36:31 -04:00
Nick Mathewson
e818a71905 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-21 09:35:54 -04:00
Nick Mathewson
2cadd93cea Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-21 09:35:51 -04:00
Nick Mathewson
5b04392c15 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-21 09:35:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
Nick Mathewson
55122bfe04 Bump to 0.3.5.2-alpha-dev 2018-09-21 09:11:33 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
rl1987
d40b0e73c2 Check Python version in test_rebind.py 2018-09-21 10:57:41 +03:00
rl1987
81199eaf0e Remove misleading first line in test_rebind.py
test_rebind.py actually does not require Python 3.

Bugfix on 5a11670fcaad0a58de48425ba80510effbe35628; bug not in any
Tor release.
2018-09-21 10:57:41 +03:00
cypherpunks
42558df7c8 rust/protover: return C-allocated string in protover_all_supported()
The result of CString::into_raw() is not safe to free
with free() except under finicky and fragile circumstances
that we definitely don't meet right now.

This was missed in be583a34a3.
2018-09-21 05:16:22 +00:00
cypherpunks
db89b4b152 rust/protover: fix null deref in protover_all_supported()
Fortunately with the current callers it couldn't happen in practice.

Fix on d1820c1516.
2018-09-21 04:57:26 +00:00
Nick Mathewson
1a85ac8c2d Bump to 0.3.5.2-alpha 2018-09-20 16:36:07 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
1da9741bca Remove another needless typedef 2018-09-20 14:34:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
72e30f26ec Fix a pair of errors in bug23512 2018-09-20 14:18:09 -04:00
Nick Mathewson
4e2028152d Fix an NSS socket leak-on-error found by dgoulet 2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a Use the correct macro to detect an invalid socket in tortls_nss.c
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26 Release ownership of the dummy socket that tortls_nss.c will close
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
f25323fe3f Fix socket accounting with ORConn sockets.
When we close a socket via tor_tls_free(), we previously had no way
for our socket accounting logic to learn about it.  This meant that
the socket accounting code would think we had run out of sockets,
and freak out.

Fixes bug 27795; bugfix on 0.3.5.1-alpha.
2018-09-20 12:52:29 -04:00
Nick Mathewson
1c1e84281d Add a tor_release_socket_ownership() function. 2018-09-20 12:46:47 -04:00
Nick Mathewson
bd6007d898 Merge branch 'split_routerlist_dirserv_v2' 2018-09-20 11:07:50 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
fa6d5dd268 hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 11:01:23 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
163230e240 Merge remote-tracking branch 'github/bug27139_034' into maint-0.3.4 2018-09-20 10:43:05 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
119159677b Comment fix. 2018-09-18 16:44:24 -04:00
Nick Mathewson
88a93ccc7b Merge branch 'ticket27686_035' 2018-09-18 16:40:30 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
teor
7bf9c93ab3 Merge remote-tracking branch 'nickm/bug27741_033' into bug27741_035
Resolve conflicts due to rustfmt, and run rustfmt on the merged code.
2018-09-18 23:32:57 +10:00
Nick Mathewson
50367d06f2 Merge remote-tracking branch 'tor-github/pr/352' 2018-09-18 08:44:58 -04:00
Nick Mathewson
52191064ac Merge branch 'maint-0.3.4' 2018-09-18 08:33:13 -04:00
Nick Mathewson
2ddbaf9cdc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-18 08:31:14 -04:00
Nick Mathewson
75b95e1c8e Merge remote-tracking branch 'onionk/rust-allsupported1' into maint-0.3.3 2018-09-18 08:31:08 -04:00
Nick Mathewson
4199c8b2d0 Merge remote-tracking branch 'github/bug27073_029' 2018-09-18 08:16:42 -04:00
Nick Mathewson
9252814646 Merge remote-tracking branch 'tor-github/pr/344' 2018-09-18 08:15:02 -04:00
Nick Mathewson
50001d1c5b Merge remote-tracking branch 'asn-github/bug27764' 2018-09-18 08:10:25 -04:00
Nick Mathewson
7ca0f66b82 Bump to 0.3.5.1-alpha-dev 2018-09-18 07:52:27 -04:00
George Kadianakis
43324b0e4d Fix minor memleak in edge-case of crypto_rsa.c function. 2018-09-18 14:01:15 +03:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Mike Perry
ad10cafd9f Bug 23512: Test fix: cmux is now allocated by new_fake_channel() 2018-09-17 23:31:48 +00:00
Mike Perry
72cef61028 Merge branch 'bug23512-v4-032' into bug23512-v4-033 2018-09-17 23:31:34 +00:00
Mike Perry
dd15998d28 Remove duplicate TLS define from kist code.
Duplicate comes from introducing this define into 0.2.9, which did not yet
have KIST.
2018-09-17 23:21:58 +00:00
Mike Perry
dfd3823047 Bug 23512: Mock assert_circuit_ok in tests.
This mocking was not available in 0.2.9.
2018-09-17 23:12:53 +00:00
Mike Perry
36e81e1f59 Merge branch 'bug23512-v4-029' into bug23512-v4-032 2018-09-17 23:12:45 +00:00
Mike Perry
6af352172d Bug 23512: Test recording bytes in circ queues. 2018-09-17 22:24:25 +00:00
Mike Perry
bbaa398d26 Bug 23512: Report queued cells on or circs as written.
This avoids asymmetry in our public relay stats, which can be exploited for
guard discovery and other attacks.
2018-09-17 22:19:42 +00:00
Mike Perry
7dc435e6bc Promote rep_hist bw functions to uint64_t.
The rest of rephist uses uint64_t internally. Let's make these take it too,
so we don't have to worry about overflowing size_t on 32 bit systems.
2018-09-17 22:19:05 +00:00
Nick Mathewson
80ad15921c Remove extraneous argument from Rust protover_compute_vote()
This argument was added to match an older idea for the C api, but we
decided not to do it that way in C.

Fixes bug 27741; bugfix on 0.3.3.6 / TROVE-2018-005 fix.
2018-09-17 11:57:56 -04:00
Nick Mathewson
4fd761a418 Make CacheDirectoryGroupReadable an autobool.
Since the default cache directory is the same as the default data
directory, we don't want the default CacheDirectoryGroupReadable
value (0) to override an explicitly set "DataDirectoryGroupReadable
1".

To fix this, I'm making CacheDirectoryGroupReadable into an
autobool, and having the default (auto) value mean "Use the value of
DataDirectoryGroupReadable if the directories are the same, and 0
otherwise."

Fixes bug 26913; bugfix on 0.3.3.1-alpha when the CacheDirectory
option was introduced.
2018-09-17 11:44:59 -04:00
Nick Mathewson
f606b3cfd1 Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
2018-09-17 11:08:56 -04:00
Nick Mathewson
307275a5e4 Bump to 0.3.5.1-alpha 2018-09-17 09:12:42 -04:00
Nick Mathewson
b729bc202c Add tortls.h includes to expose critical macro. Fix #27734. 2018-09-16 22:08:02 -04:00