Commit Graph

11039 Commits

Author SHA1 Message Date
Sebastian Hahn
dfee173289 lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
2010-02-07 06:37:35 +01:00
Nick Mathewson
f6ff14a82e Link libssl and libcrypto in the right order.
For most linking setups, this doesn't matter.  But for some setups, when
statically linking openssl, it does matter, since you need to link things
with dependencies before you link things they depend on.

Fix for bug 1237.
2010-02-02 16:12:45 -05:00
Nick Mathewson
abd447f876 Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c
2010-01-31 22:48:29 -05:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Nick Mathewson
b6038f4ac6 Add --enable-static-(openssl|libevent) options
These options only work when using --with-(openssl|libevent)-dir to
explicitly pick a libevent or openssl location.
2010-01-24 14:34:47 -05:00
Peter Palfrader
ca60a6ce3f New configure option: --enable-gcc-warnings-advisory
the new configure option --enable-gcc-warnings-advisory enables
all the gcc flags that --enable-gcc-warnings does with the
exception of -Werror.
2010-01-24 13:51:40 -05:00
Nick Mathewson
aec4aea190 Fix two rare leaks spotted by rieo. 2010-01-23 20:46:38 -05:00
Nick Mathewson
4ad5094c90 Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc.  This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.

Spotted by rieo on IRC.
2010-01-22 16:32:15 -05:00
Roger Dingledine
1fc94bfd0e spread guard rotation out throughout the month 2010-01-19 17:52:52 -05:00
Roger Dingledine
0642ab2428 weight guard choice by bandwidth; discard old guards 2010-01-19 17:30:52 -05:00
Roger Dingledine
f43f87db5b bump to 0.2.1.22, and give it a changelog 2010-01-19 14:43:05 -05:00
Roger Dingledine
708f47ecc9 downgrade a warning
this case can now legitimately happen, if you have a cached v2 status
from moria1, and you run with the new list of dirservers that's missing
the old moria1. it's nothing to worry about; the file will die off in
a month or two.
2010-01-19 14:25:15 -05:00
Roger Dingledine
adae600715 rotate keys for moria1 and gabelmoo 2010-01-19 14:12:39 -05:00
Roger Dingledine
79eaeef1cd stop bridge authorities from leaking their bridge list 2010-01-17 19:41:22 -05:00
Roger Dingledine
5201e05fc5 bump to 0.2.1.21 so we can release 2009-12-21 03:22:49 -05:00
Nick Mathewson
1c87a27574 Fix bug 1173: remove an assert(unsigned >= 0). 2009-12-15 15:51:59 -05:00
Martin Peck
3a2d677fa7 Improved workaround for disabled OpenSSL renegotiation.
It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p   Fixes bug 1158.

(patch by coderman; commit message by nickm)
2009-12-04 14:25:08 -05:00
Roger Dingledine
a89f51c936 fix race condition that can cause crashes at client or exit relay
Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
2009-11-23 10:13:50 -05:00
Roger Dingledine
0656c12b07 add the 0.2.1.20 changelog blurb, plus update the releasenotes 2009-11-17 15:35:14 -05:00
Nick Mathewson
0f212193a0 Merge commit 'debian-tor-0.2.1.20-1' into maint-0.2.1 2009-11-13 15:47:18 -05:00
Peter Palfrader
4db6e63c26 Merge branch 'debian-merge' into debian-0.2.1
* debian-merge: (37 commits)
  New upstream version
  bump to 0.2.1.20
  Move moria1 and Tonga to alternate IP addresses.
  read the "circwindow" parameter from the consensus
  Code to parse and access network parameters.
  Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
  Work around a memory leak in openssl 0.9.8g (and maybe others)
  Teach connection_ap_can_use_exit about Exclude*Nodes
  make some bug 1090 warnings go away
  Fix a memory leak when parsing a ns
  Fix obscure 64-bit big-endian hidserv bug
  turns out the packaging changes aren't in 0.2.1.20
  update changelog with bundle details
  Use an _actual_ fix for the byte-reverse warning.
  Use a simpler fix for the byte-reversing warning
  Fix compile warnings on Snow Leopard
  Add getinfo accepted-server-descriptor. Clean spec.
  Reduce log level for bug case that we now know really exists.
  Only send reachability status events on overall success/failure
  update the README instructions and OS X makefiles
  ...
2009-11-13 19:58:59 +01:00
Peter Palfrader
751e9b2bb6 New upstream version 2009-11-13 19:57:10 +01:00
Peter Palfrader
0e74939671 Merge commit 'tor-0.2.1.20' into debian-merge
* commit 'tor-0.2.1.20': (36 commits)
  bump to 0.2.1.20
  Move moria1 and Tonga to alternate IP addresses.
  read the "circwindow" parameter from the consensus
  Code to parse and access network parameters.
  Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
  Work around a memory leak in openssl 0.9.8g (and maybe others)
  Teach connection_ap_can_use_exit about Exclude*Nodes
  make some bug 1090 warnings go away
  Fix a memory leak when parsing a ns
  Fix obscure 64-bit big-endian hidserv bug
  turns out the packaging changes aren't in 0.2.1.20
  update changelog with bundle details
  Use an _actual_ fix for the byte-reverse warning.
  Use a simpler fix for the byte-reversing warning
  Fix compile warnings on Snow Leopard
  Add getinfo accepted-server-descriptor. Clean spec.
  Reduce log level for bug case that we now know really exists.
  Only send reachability status events on overall success/failure
  update the README instructions and OS X makefiles
  Avoid segfault when accessing hidden service.
  ...
2009-11-13 19:01:22 +01:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
54973a45a6 Fix an apparently bogus check; fortunately, it seems to be untriggered. 2009-10-26 23:14:53 -04:00
Nick Mathewson
e50e739556 Add changelog to describe coverity fixes for 0.2.1.21 2009-10-26 22:39:42 -04:00
Nick Mathewson
5c73da7faa Fix two memory leaks found by Coverity (CIDs 417-418)
The first happens on an error case when a controller wants an
impossible directory object.  The second happens when we can't write
our fingerprint file.
2009-10-26 22:12:40 -04:00
Nick Mathewson
8bada1ef67 Add missing break statements for Coverity CIDs #406,407.
The code for these was super-wrong, but will only break things when we
reset an option on a platform where sizeof(time_t) is different from
sizeof(int).
2009-10-26 21:35:26 -04:00
Nick Mathewson
56048637a5 Only send the if_modified_since header for a v3 consensus.
Spotted by xmux; bugfix on 0.2.0.10-alpha.
(Bug introduced by 20b10859)
2009-10-26 20:14:11 -04:00
Roger Dingledine
16dc543851 bump to 0.2.1.20 2009-10-15 12:14:18 -04:00
Roger Dingledine
2bee297d57 Move moria1 and Tonga to alternate IP addresses. 2009-10-15 12:14:18 -04:00
Nick Mathewson
a1ab3bb410 Merge commit 'phobos/polipo-updates-maint-0.2.1' into maint-0.2.1 2009-10-14 21:30:53 -04:00
Roger Dingledine
2394336426 read the "circwindow" parameter from the consensus
backport of c43859c5c1
backport of 0d13e0ed14
2009-10-14 17:07:32 -04:00
Nick Mathewson
83c3f118db Code to parse and access network parameters.
Partial backport of 381766ce4b.
Partial backport of 56c6d78520.
2009-10-14 16:15:41 -04:00
Roger Dingledine
95008db08d Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
This reverts commit dc3229313b.

We're going to do this more thoroughly in 0.2.2.x, and not in
maint-0.2.1.
2009-09-20 23:50:48 -04:00
Nick Mathewson
9c38941195 Work around a memory leak in openssl 0.9.8g (and maybe others) 2009-09-17 00:01:20 -04:00
Nick Mathewson
b3991ea7d1 Merge commit 'karsten/fix-1073' into maint-0.2.1 2009-09-16 23:36:01 -04:00
Sebastian Hahn
dc3229313b Teach connection_ap_can_use_exit about Exclude*Nodes
To further attempt to fix bug 1090, make sure connection_ap_can_use_exit
always returns 0 when the chosen exit router is excluded. This should fix
bug1090.
2009-09-16 02:29:57 +02:00
Nick Mathewson
24c740e5fd Merge commit 'sebastian/memleak' into maint-0.2.1 2009-09-15 19:35:16 -04:00
Sebastian Hahn
113ba0e727 make some bug 1090 warnings go away
When we excluded some Exits, we were sometimes warning the user that we
were going to use the node regardless. Many of those warnings were in
fact bogus, because the relay in question was not used to connect to
the outside world.

Based on patch by Rotor, thanks!
2009-09-16 01:17:51 +02:00
Sebastian Hahn
b792afa919 Fix a memory leak when parsing a ns
Adding the same vote to a networkstatus consensus leads to a memory leak
on the client side. Fix that by only using the first vote from any given
voter, and ignoring the others.

Problem found by Rotor, who also helped writing the patch. Thanks!
2009-09-14 22:25:08 +02:00
Roger Dingledine
fcacf22491 Fix obscure 64-bit big-endian hidserv bug
Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
2009-09-02 20:36:11 -04:00
Roger Dingledine
3db36d86c4 turns out the packaging changes aren't in 0.2.1.20 2009-09-01 22:46:41 -04:00
Andrew Lewman
5657e803f8 update changelog with bundle details 2009-09-01 22:04:10 +02:00
Nick Mathewson
bddda9bbdb Use an _actual_ fix for the byte-reverse warning.
(Given that we're pretty much assuming that int is 32 bits, and given that
hex values are always unsigned, taking out the "ul" from 0xff000000 should
be fine.)
2009-09-01 15:51:09 -04:00
Nick Mathewson
2f0184ece1 Use a simpler fix for the byte-reversing warning 2009-09-01 15:41:38 -04:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Roger Dingledine
075c004095 Add getinfo accepted-server-descriptor. Clean spec.
Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
2009-08-31 18:37:25 -04:00
Karsten Loesing
da219ee924 Reduce log level for bug case that we now know really exists. 2009-09-01 00:16:33 +02:00
Roger Dingledine
4c297f74f7 Only send reachability status events on overall success/failure
We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
2009-08-31 16:14:41 -04:00