Commit Graph

4813 Commits

Author SHA1 Message Date
Nick Mathewson
4f1a5da473 Merge remote-tracking branch 'public/ticket21037' 2017-01-11 09:17:21 -05:00
cypherpunks
99cbadf143 Warn on Tor versions with the 'tor-' prefix
Closes ticket 21096.
2017-01-11 09:16:20 -05:00
Nick Mathewson
730cc16b72 Merge remote-tracking branch 'teor/bug21123' 2017-01-11 09:15:04 -05:00
Nick Mathewson
c7936b86c2 Merge branch 'maint-0.2.9' 2017-01-11 09:13:53 -05:00
Nick Mathewson
0809690b48 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-01-11 09:13:34 -05:00
Nick Mathewson
c77ace69bb Merge branch 'maint-0.2.7' into maint-0.2.8 2017-01-11 09:13:15 -05:00
Nick Mathewson
8c91cbb6ca Merge branch 'maint-0.2.6' into maint-0.2.7 2017-01-11 09:12:51 -05:00
Nick Mathewson
54771bcaba Merge branch 'maint-0.2.5' into maint-0.2.6 2017-01-11 09:12:21 -05:00
Nick Mathewson
34fdd510ef Merge branch 'maint-0.2.4' into maint-0.2.5 2017-01-11 09:11:58 -05:00
Karsten Loesing
3833f67dd2 Update geoip and geoip6 to the January 4 2017 database. 2017-01-04 10:19:52 +01:00
Nick Mathewson
c4a6b56cc1 Fix unit test failures in response to DNS hijacking.
Some DNS NXDOMAIN hijackers hijack truly ridiculous domains, like
"invalid-stuff!!" or "1.2.3.4.5".  This would provoke unit test
failures where we used addresses like that to force
tor_addr_lookup() to fail.  The fix, for testing, is to mock
tor_addr_lookup() with a variant that always fails when it gets
a name with a !.

Fixes bugs 20862 and 20863.
2017-01-03 10:17:00 -05:00
teor
c83463ef74
Remove a rendundant check for PidFile changes at runtime
This check is already performed regardless of whether the sandbox is active.

Fixes bug 21123; bugfix on commit 2ae47d3 in 0.2.5.4-alpha.
2017-01-03 15:03:34 +11:00
teor
ceeaf04d16
Document options that can't be changed while tor is running
Closes #21122, bug on multiple tor versions.
2017-01-03 14:54:00 +11:00
Nick Mathewson
ef0559c3e3 Extract global_origin_circuit_list manipulation code into new fns.
Closes ticket 20921.
2017-01-02 13:12:06 -05:00
Nick Mathewson
6aac6c6bee Make ed25519_fmt() log 0-valued keys more nicely.
Because <unset> makes more sense than AAAAAAAAAAAAAAAAAAA...

(I have indeed verified that ed25519_fmt() is only used for
logging. This patch also clarifies the intention that ed25519_fmt()
is only for logging.

Closes ticket 21037.
2017-01-02 12:31:15 -05:00
Nick Mathewson
991aeeccb1 changes file for 20823 2017-01-02 10:50:02 -05:00
Nick Mathewson
9d37449fb0 Move entry-guard-is-up notification later into dirguard path.
Previously we were marking directory guards up in
..._process_inbuf(), but that's wrong: we call that function on
close as well as on success.  Instead, we're marking the dirguard up
only after we parse the HTTP headers. Closes 20974.
2017-01-02 09:56:06 -05:00
Nick Mathewson
ded98be45c Merge remote-tracking branch 'jryans/doc-formatting' 2017-01-02 08:53:17 -05:00
J. Ryan Stinnett
58172be657 Use the correct spelling for "Dependent" in the control protocol.
Fixes #18146.
2016-12-29 22:32:42 -06:00
Nick Mathewson
1fbb66fa77 Merge branch 'maint-0.2.9' 2016-12-23 11:02:04 -05:00
cypherpunks
04f21f0322 Remove abort handler from the backtrace generator
The abort handler masks the exit status of the backtrace generator by
capturing the abort signal from the backtrace handler and exiting with
zero. Because the output of the backtrace generator is meant to be piped
to `bt_test.py`, its exit status is unimportant and is currently
ignored.

The abort handler calls `exit(3)` which is not asynchronous-signal-safe
and calling it in this context is undefined behavior [0].

Closes ticket 21026.

[0] https://www.securecoding.cert.org/confluence/x/34At
2016-12-23 10:54:17 -05:00
Nick Mathewson
70243affe7 changes file for 19222 2016-12-23 09:53:16 -05:00
Nick Mathewson
f3da62dbdf changes file for 19899 2016-12-23 08:29:11 -05:00
Nick Mathewson
2f589e1057 Use event_base_new(), not event_init(), to detect libevent 2.
(event_init() is obsoleted in libevent 2.)

Fixes bug 21051; bugfix on 0.2.9.1-alpha when we dropped libevent 1
support.
2016-12-23 08:18:31 -05:00
Nick Mathewson
d528690e90 Merge branch 'maint-0.2.9' 2016-12-23 08:08:23 -05:00
Nick Mathewson
aaeb50b2f3 changes file for 21035. 2016-12-23 08:08:14 -05:00
David Goulet
955d4b7abd circuit: Change close reasons from uint16_t to int
When marking for close a circuit, the reason value, a integer, was assigned to
a uint16_t converting any negative reasons (internal) to the wrong value. On
the HS side, this was causing the client to flag introduction points to be
unreachable as the internal reason was wrongfully converted to a positive
16bit value leading to flag 2 out of 3 intro points to be unreachable.

Fixes #20307 and partially fixes #21056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-22 12:37:42 -05:00
David Goulet
36b5ca2c8b hs: Move and improve the service pruning code
First, this commit moves the code used to prune the service list when
reloading Tor (HUP signal for instance) to a function from
rend_config_services().

Second, fix bug #21054, improve the code by using the newly added
circuit_get_next_service_intro_circ() function instead of poking at the global
list directly and add _many_ more comments.

Fixes #21054.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21 15:00:19 -05:00
Nick Mathewson
df87812b41 Merge remote-tracking branch 'teor/fallbacks-20161219' 2016-12-20 18:38:45 -05:00
Nick Mathewson
2673b4b7a8 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-20 18:23:19 -05:00
Nick Mathewson
b6227edae1 Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-12-20 18:22:53 -05:00
Nick Mathewson
a9c8a5ff18 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-20 18:14:21 -05:00
Nick Mathewson
b18bde23cf Merge branch 'maint-0.2.5' into maint-0.2.6 2016-12-20 18:11:25 -05:00
Nick Mathewson
db58d4d16f Merge branch 'maint-0.2.4' into maint-0.2.5 2016-12-20 18:11:08 -05:00
Nick Mathewson
ec68ed5afc Start on an 0.3.0.1-alpha changelog 2016-12-19 10:30:24 -05:00
Nick Mathewson
69c8d6add5 Fix a lint-changes warning 2016-12-19 10:19:22 -05:00
Nick Mathewson
2c8a151323 Remove changes files already merged in 0.2.9.8 2016-12-19 10:17:25 -05:00
Nick Mathewson
f9f1e3c94b Merge branch 'maint-0.2.9' 2016-12-19 08:03:17 -05:00
Nick Mathewson
de65647461 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:58:43 -05:00
Nick Mathewson
c11de4c45f Merge branch 'bug21018_024' into maint-0.2.8 2016-12-19 07:58:21 -05:00
Nick Mathewson
2dc5226644 Merge branch 'maint-0.2.9' 2016-12-19 07:31:19 -05:00
Nick Mathewson
169a93fff2 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:30:42 -05:00
Nick Mathewson
e0306320b5 Merge remote-tracking branch 'teor/new-fallbacks-028-20161219' into maint-0.2.8 2016-12-19 07:27:39 -05:00
teor
4181e812c7
Update the fallback directory mirror list in December 2016
Replace the 81 remaining fallbacks of the 100 originally introduced
in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
(123 new, 54 existing, 27 removed) generated in December 2016.

Resolves ticket 20170.
2016-12-19 15:44:20 +11:00
teor
53ec087450
Avoid an error in the fallback script when a fallback doesn't have any uptime
Sometimes, the fallback generation script doesn't add attributes to the
fallbacks in the list. If this happens, log an error, and avoid selecting
that fallback.

This is a rare issue: it should not change selection behaviour.

Fixes issue #20945.
2016-12-19 15:06:04 +11:00
teor
654367f026
Allow fallbacks serving consensuses that expired less than 24 hours ago
This works around #20909, where relays serve stale consensuses for a short
time, and then recover.

Update to the fix for #20539.
2016-12-19 15:06:00 +11:00
teor
2d2bbaf259
Avoid checking fallback candidates' DirPorts if they are down in OnionOO
Exclude relays that have been down for 1 or more days from the fallback
candidate list.

When a relay operator has multiple relays, this prioritises relays that are
up over relays that are down.

Fixes issue #20926.
2016-12-19 15:05:56 +11:00
teor
124c342364
Reduce fallback bandwidth requirement to 1 MByte/s 2016-12-19 15:05:49 +11:00
teor
35da99a712
Allow 3 fallbacks per operator
This is safe now we are choosing 200 fallbacks.

Closes ticket 20912.
2016-12-19 15:05:45 +11:00
teor
ee3e8fc3e9
Require fallbacks to have 90% Running, V2Dir, and Guard flags
This allows 73% of clients to bootstrap in the first 5 seconds without
contacting an authority.

Part of #18828.
2016-12-19 15:05:40 +11:00
teor
396bddaa4c
Require fallback directories to have the same address and port for 7 days
7 days is a tradeoff between the expected time between major Tor releases,
which is 6 months, and the number of relays with enough stability.

Relays whose OnionOO stability timer is reset on restart by bug #18050
should upgrade to Tor 0.2.8.7 or later, which has a fix for this issue.

Closes ticket #20880; maintains short-term fix in e220214 in tor-0.2.8.2-alpha.
2016-12-19 15:05:36 +11:00
teor
9629a25d10
Display the fingerprint when downloading consensuses from fallbacks 2016-12-19 15:05:33 +11:00
teor
c889bc2135
Changes file for #20539 2016-12-19 15:05:25 +11:00
teor
225c3d57db
Changes file for #20877, #20878, #20880, #20881, #20882 2016-12-19 15:05:14 +11:00
Nick Mathewson
d978216dea Fix parsing bug with unecognized token at EOS
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.

This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.

Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Nick Mathewson
ae89d9745d Revert ticket 20982 changes.
They broke stem, and breaking application compatibility is usually a
bad idea.

This reverts commit 6e10130e18,
commit 78a13df158, and
commit 62f52a888a.

We might re-apply this later, if all the downstream tools can handle
it, and it turns out to be useful for some reason.
2016-12-18 10:04:36 -05:00
Nick Mathewson
2a00110e5b Revert "Stop checking whether environ is declared."
This reverts commit 954eeda619.

Apparently, OpenBSD is what expects you to declare environ
yourself.  So 19142 is a wontfix.
2016-12-16 12:16:52 -05:00
Nick Mathewson
990a863d7c Merge branch 'ticket20831_v2' 2016-12-16 11:40:19 -05:00
Nick Mathewson
a752ccd24f fixup! Remove UseDirectoryGuards 2016-12-16 11:34:30 -05:00
Nick Mathewson
3902a18a69 Remove UseDirectoryGuards
It is obsoleted in an always-on direction by prop271.
2016-12-16 11:32:51 -05:00
cypherpunks
812a6581af Add a changes file for ticket 5500 2016-12-16 10:52:15 -05:00
cypherpunks
6e10130e18 Add a changes file for ticket 20982 2016-12-16 10:41:36 -05:00
Nick Mathewson
df6c475e59 Merge remote-tracking branch 'public/ticket19142' 2016-12-16 10:27:27 -05:00
Nick Mathewson
c838d34921 Merge branch 'dgoulet_ticket19043_030_03_squashed' 2016-12-14 15:28:28 -05:00
George Kadianakis
7a204ae8f9 prop224: Add a changes file for v3 ESTABLISH_INTRO. 2016-12-14 15:18:40 -05:00
Nick Mathewson
55d02c004c Remove AuthDirMaxServersPerAuthAddr
Back when Roger had do do most of our testing on the moria host, we
needed a higher limit for the number of relays running on a single
IP address when that limit was shared with an authority. Nowadays,
the idea is pretty obsolete.

Also remove the router_addr_is_trusted_dir() function, which served
no other purpose.

Closes ticket 20960.
2016-12-13 13:09:27 -05:00
Nick Mathewson
0dd48bfe5a Change the default of AuthDirPinKeys to 1.
Closes ticket 18319.
2016-12-13 08:54:38 -05:00
Nick Mathewson
954eeda619 Stop checking whether environ is declared.
There seems to be pretty good evidence that it's always declared,
and that checking for it is pointless.

Closes ticket 19142.
2016-12-12 10:55:10 -05:00
Nick Mathewson
b659ffe9ac Merge remote-tracking branch 'jryans/log-severity' 2016-12-12 09:46:07 -05:00
Nick Mathewson
1ad96ed9cd Merge remote-tracking branch 'rubiate/ticket20511' 2016-12-12 09:20:56 -05:00
Nick Mathewson
9025991a8d Fix a few warnings from lintChanges 2016-12-12 08:31:05 -05:00
Nick Mathewson
936ce997bb Remove changes files from master that are already in 0297-rc 2016-12-11 22:24:37 -05:00
Nick Mathewson
cbdb3c92f5 Merge branch 'maint-0.2.9' 2016-12-11 22:23:31 -05:00
Nick Mathewson
ef53526b10 Spell MAC_OS_X_VERSION_10_12 correctly.
Fixes 20935.
2016-12-11 22:17:14 -05:00
Nick Mathewson
a40d212383 Downgrade a harmless bug warning to info.
Makes 19926 less annoying in 0.2.9.  In 0.3.0, we should actually
fix this.
2016-12-09 08:43:09 -05:00
Nick Mathewson
f2445fc608 Merge branch 'maint-0.2.9' 2016-12-09 08:34:30 -05:00
Nick Mathewson
adaf6a422a Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-09 08:34:24 -05:00
Nick Mathewson
56a2b8dc6e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-12-09 08:34:18 -05:00
Nick Mathewson
b49369badd Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-09 08:34:12 -05:00
Nick Mathewson
3d9f8ff6a5 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-12-09 08:34:06 -05:00
Nick Mathewson
3d2d3f2b62 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-12-09 08:33:57 -05:00
Nick Mathewson
a3b8286b0e Merge branch 'maint-0.2.9' 2016-12-09 08:30:55 -05:00
David Goulet
9bb3bcbc41 router: Fix memory leak in signed_descriptor_move()
The signed_descriptor_move() was not releasing memory inside the destination
object before overwriting it with the source object. This commit adds a reset
function that free that memory inside a signed descriptor object and zero it.

Closes #20715.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-09 08:30:46 -05:00
Karsten Loesing
9db47e7921 Update geoip and geoip6 to the December 7 2016 database. 2016-12-09 10:23:36 +01:00
Nick Mathewson
e93234af70 Merge branch 'feature15056_v1_squashed' 2016-12-08 16:49:24 -05:00
Nick Mathewson
a7cae7f8f7 Changes file for feature 15056 (prop220, extend cell side) 2016-12-08 16:48:00 -05:00
Nick Mathewson
b658893590 Merge branch 'bug19960_2' 2016-12-07 15:23:14 -05:00
Nick Mathewson
53d4e89626 Netbsd doesn't have ipfw, only the regular pf transport stuff.
Attempted fix for 19960.

Also, fixes a typo.
2016-12-07 15:22:44 -05:00
Nick Mathewson
2499ea359a Merge branch 'maint-0.2.9' 2016-12-07 11:14:56 -05:00
Nick Mathewson
0815f96416 Fix a BUG() warning from next_random_exponential_delay().
Fixes 20875; this code is as suggested by teor on the ticket.  Thanks!
2016-12-07 11:13:11 -05:00
Nick Mathewson
b0a842913a Merge branch 'maint-0.2.9' 2016-12-07 11:09:27 -05:00
Nick Mathewson
fce425e3ff Increase tolerances in util/monotonic_time tests
This is an attempt to fix #19974.
2016-12-07 11:08:54 -05:00
Nick Mathewson
129cee1c75 Merge branch 'maint-0.2.9' 2016-12-07 10:52:28 -05:00
Nick Mathewson
d6ca36defa Merge branch 'bug20710_025' into maint-0.2.9 2016-12-07 10:52:12 -05:00
Nick Mathewson
045a50e45a Forgot to add changes file for 20710. 2016-12-07 10:51:39 -05:00
J. Ryan Stinnett
9b2b799d82 Accept non-space whitespace characters in log severity syntax.
Adds a test_config_parse_log_severity unit test to verify behavior.

Fixes #19965.
2016-12-06 11:11:43 -10:00
Nick Mathewson
f92630941a Merge remote-tracking branch 'chelseakomlo/20717_hashing_api_bug' 2016-12-05 10:27:16 -05:00
Nick Mathewson
cc34ba1cec Merge branch 'getentropy_028' into maint-0.2.8 2016-12-05 10:06:16 -05:00
Nick Mathewson
714aeedc52 20865: Don't use getentropy() on OSX Sierra.
Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054 and
16fcbd21c9 , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
2016-12-05 10:02:33 -05:00
Nick Mathewson
5923418eff Merge remote-tracking branch 'jryans/service_is_ephemeral' 2016-12-05 08:57:00 -05:00