Commit Graph

2566 Commits

Author SHA1 Message Date
Cristian Toader
15d420b564 fix: accept4 for 64 bit 2013-08-26 20:06:46 +03:00
Cristian Toader
b10472f92b small open syscall modification (just in case) 2013-08-21 19:01:01 +03:00
Cristian Toader
bc19ea100c make check-spaces fixes 2013-08-21 17:57:15 +03:00
Cristian Toader
ed4968315e fix: sandbox_intern_string log clean up 2013-08-21 13:43:44 +03:00
Cristian Toader
8aa5517ff6 fix: flock filter update 2013-08-21 13:38:00 +03:00
Cristian Toader
71612f00ae fixed openssl open syscall, fixed sandbox_getaddrinfo 2013-08-20 13:10:07 +03:00
Cristian Toader
36aeca0ecf fix for getaddrinfo open syscall 2013-08-19 13:56:50 +03:00
Cristian Toader
a9910d89f1 finalised fix on libevent open string issue 2013-08-19 11:41:46 +03:00
Cristian Toader
c09b11b6d8 updated filters 2013-08-16 01:43:09 +03:00
Nick Mathewson
74262f1571 Merge branch 'bug5040_4773_rebase_3' 2013-08-15 12:04:56 -04:00
George Kadianakis
c5269a59b0 Test ExtORPort cookie initialization when file writing is broken. 2013-08-15 12:03:38 -04:00
Nick Mathewson
fd6749203e More unit tests for handle_client_auth_nonce
Incidentally, this business here where I make crypto_rand mockable:
this is exactly the kind of thing that would make me never want to
include test-support stuff in production builds.
2013-08-15 12:03:37 -04:00
Cristian Toader
863dd4d4b3 received feedback and fixed (partly) the socket filters 2013-08-15 00:23:51 +03:00
Cristian Toader
372e0f91fd added comments for sandbox.h 2013-08-15 00:09:07 +03:00
Cristian Toader
e2a7b484f4 partial libevent open fix 2013-08-14 23:03:38 +03:00
Cristian Toader
8a85a48b9d attempt to add stat64 filename filters; failed due to getaddrinfo.. 2013-08-12 21:14:43 +03:00
Cristian Toader
44a4464cf6 fixed memory leak, added array filter support 2013-08-10 18:04:48 +03:00
Cristian Toader
89b39db003 updated filters to work with orport 2013-08-09 19:07:20 +03:00
Cristian Toader
b3a8c08a92 orport progress (not functional), nickm suggested fixes 2013-08-07 13:13:12 +03:00
Nick Mathewson
031e695aa5 Use SOCKET_OK/TOR_INVALID_SOCKET in socketpair replacement code 2013-08-06 16:41:53 -04:00
Cristian Toader
a960e56c68 multi-configuration support using sandbox_t struct 2013-08-05 16:01:31 +03:00
Cristian Toader
356b646976 added execve and multi-configuration support 2013-08-05 15:40:23 +03:00
Cristian Toader
d897690fc7 fixes suggested by nickm 2013-08-05 14:17:46 +03:00
Andrea Shepard
468e44a0ef Fix tor_get_lines_from_handle() for make check-spaces 2013-08-02 18:49:57 -07:00
Nick Mathewson
48a4ef3f6a Fixed "unused parameter cloexec" warnings on windows 2013-08-02 10:52:57 -04:00
Nick Mathewson
d6adf05582 Split the socketpair replacement code into its own function for testing 2013-08-02 10:36:01 -04:00
Nick Mathewson
e25eb35f11 Actually use the cloexec argument in the !defined(SOCK_CLOEXEC) case 2013-08-02 10:04:21 -04:00
Peter Retzlaff
ebd4ab1506 Prepare patch for ticket 5129 for merging.
- Preserve old eventdns code.
- Add function to close sockets cross-platform, without accounting.
- Add changes/ file.
2013-08-02 09:35:24 -04:00
Nick Mathewson
5405688223 Fix compilation on Windows
(Bugfix on tests for #9288 fix; bug not in any released Tor)
2013-07-31 14:19:29 -04:00
Nick Mathewson
904a58d10f Merge branch 'bug9288_rebased'
Conflicts:
	src/test/test_pt.c
2013-07-31 13:51:15 -04:00
George Kadianakis
2e7c531fdc Prepare some mock functions to test #9288. 2013-07-31 13:34:16 -04:00
Cristian Toader
dde3ed385b removed access, set_robust_list, set_thread_area, set_tid_address, uname; added sb_poll 2013-07-31 12:05:10 +03:00
Cristian Toader
313cbe6e24 sigprocmask, epoll_ctl, prctl, mprotect, flock, futex, mremap 2013-07-31 11:35:25 +03:00
Cristian Toader
f0840ed4c9 epoll_ctl 2013-07-31 00:27:14 +03:00
Cristian Toader
5fc0e13db8 fcntl64 2013-07-30 23:52:54 +03:00
Cristian Toader
686cf4c0ff clean stable version 2013-07-30 23:43:42 +03:00
Cristian Toader
c1f5f1842e fully switched to function pointers; problems with socketcall parameters 2013-07-30 23:20:08 +03:00
Cristian Toader
442f256f25 switched to a design using filters as function pointer arrays 2013-07-30 21:23:30 +03:00
Cristian Toader
5baea85189 removed open flags (postponed), added mmap2 flags 2013-07-30 19:37:28 +03:00
Cristian Toader
871e5b35a8 small filter changes; openat as separate function 2013-07-30 19:25:56 +03:00
Cristian Toader
8022def6f0 added openat parameter filter 2013-07-29 16:30:39 +03:00
Cristian Toader
6d5b0367f6 Changes as suggested by nickm
- char* to const char* and name refactoring
- workaround for accept4 syscall
2013-07-29 14:46:47 +03:00
Cristian Toader
8f9d3da194 Investigated access4 syscall problem, small changes to filter. 2013-07-26 19:53:05 +03:00
Cristian Toader
626a2b23de integrated context for dynamic filters 2013-07-25 14:08:02 +03:00
Cristian Toader
3dfe1c0639 initia stages of runtime dynamic filters 2013-07-25 13:25:20 +03:00
Cristian Toader
abe082e7d0 dynamic parameter filter bug fixes 2013-07-24 17:15:57 +03:00
Cristian Toader
962d814e52 dynamic parameter filter (prototype, not tested) 2013-07-24 17:06:06 +03:00
Cristian Toader
e1410f20d7 added support for multiple parameters 2013-07-23 14:22:31 +03:00
Cristian Toader
c15d09293b added experimental support for open syscall path param 2013-07-23 14:01:53 +03:00
Cristian Toader
8b12170f23 added support for numeric parameters, tested with rt_sigaction 2013-07-23 10:49:56 +03:00
Cristian Toader
7cf1dbfd51 changed paramfilter type to intptr_t 2013-07-23 10:14:25 +03:00
Cristian Toader
8dfa5772e7 (undo) git test.. 2013-07-18 18:28:55 +03:00
Cristian Toader
b0725c964b git test.. 2013-07-18 18:28:10 +03:00
Cristian Toader
e7e2efb717 Added getter for protected parameter 2013-07-18 18:21:37 +03:00
Cristian Toader
673349c42e Repair of some of the lost parameter filters history 2013-07-18 18:03:10 +03:00
Nick Mathewson
b551988ef4 Merge branch 'bug8929_rebase_2' 2013-07-18 08:45:13 -04:00
Nick Mathewson
713ff2f5ef Document what "escape" means in tor_escape_str_for_pt_args 2013-07-18 08:45:03 -04:00
George Kadianakis
1a0cf08841 Rename tor_escape_str_for_socks_arg() to something more generic.
Since we are going to be using that function to also escape parameters
passed to transport proxies using environment variables.
2013-07-18 08:45:03 -04:00
George Kadianakis
ea72958f25 Pass characters to be escaped to tor_escape_str_for_socks_arg().
This is in preparation for using tor_escape_str_for_socks_arg() to
escape server-side pluggable transport parameters.
2013-07-18 08:45:02 -04:00
Nick Mathewson
85178e2e93 Use format_hex_number_sigsafe to format syscalls in sandbox.c
This way, we don't have to use snprintf, which is not guaranteed to
be signal-safe.

(Technically speaking, strlen() and strlcpy() are not guaranteed to
be signal-safe by the POSIX standard. But I claim that they are on
every platform that supports libseccomp2, which is what matters
here.)
2013-07-15 13:07:09 -04:00
Nick Mathewson
9fda7e8cd1 Lightly refactor and test format_hex_number_sigsafe
Better tests for upper bounds, and for failing cases.

Also, change the function's interface to take a buffer length rather
than a maximum length, and then NUL-terminate: functions that don't
NUL-terminate are trouble waiting to happen.
2013-07-15 12:52:29 -04:00
Nick Mathewson
22977b7c1d Expose format_hex_number_..., and rename it to ..._sigsafe().
There are some other places in the code that will want a signal-safe
way to format numbers, so it shouldn't be static to util.c.
2013-07-15 12:26:55 -04:00
Nick Mathewson
449b2b7c58 Don't build format_helper_exit_status on win32
The only thing that used format_helper_exit_status on win32 was the
unit tests. This caused an error when we tried to leave a static
format_helper_exit_status lying around in a production object file.

The easiest solution is to admit that this way of dealing with process
exit status is Unix-only.
2013-07-15 12:17:23 -04:00
Nick Mathewson
c0391bae75 Merge remote-tracking branch 'public/fancy_test_tricks'
Conflicts:
	src/common/include.am

Conflict was from adding testsupport.h near where sandbox.h had
already been added.
2013-07-15 12:02:18 -04:00
Peter Palfrader
2cb59be999 Fix two pre-coffee typos 2013-07-15 09:43:37 -04:00
Peter Palfrader
5cc52b242e Document get_parent_directory more 2013-07-15 09:04:17 -04:00
Roger Dingledine
6848e29307 cosmetic cleanups 2013-07-14 02:49:34 -04:00
Roger Dingledine
de7cdc0d94 put sandbox.h in the tarball, so the tarball builds 2013-07-13 20:31:18 -04:00
Nick Mathewson
aac732322a Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed' 2013-07-12 17:12:43 -04:00
Cristian Toader
f9c1ba6493 Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00
Nick Mathewson
b6e8c74667 Add rudimentary test mocking support.
This is not the most beautiful possible implementation (it requires
decorating mockable functions with ugly macros), but it actually
works, and is portable across multiple compilers and architectures.
2013-07-10 15:22:16 -04:00
Nick Mathewson
17e9fc09c3 Coverage support: build with --enable-coverage to have tests run with gcov
If you pass the --enable-coverage flag on the command line, we build
our testing binaries with appropriate options eo enable coverage
testing.  We also build a "tor-cov" binary that has coverage enabled,
for integration tests.

On recent OSX versions, test coverage only works with clang, not gcc.
So we warn about that.

Also add a contrib/coverage script to actually run gcov with the
appropriate options to generate useful .gcov files.  (Thanks to
automake, the .o files will not have the names that gcov expects to
find.)

Also, remove generated gcda and gcno files on clean.
2013-07-10 15:22:16 -04:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Nick Mathewson
f7d654b81e Start work on fancy compiler tricks to expose extra stuff to our tests
This is mainly a matter of automake trickery: we build each static
library in two versions now: one with the TOR_UNIT_TESTS macro
defined, and one without.  When TOR_UNIT_TESTS is defined, we can
enable mocking and expose more functions. When it's not defined, we
can lock the binary down more.

The alternatives would be to have alternate build modes: a "testing
configuration" for building the libraries with test support, and a
"production configuration" for building them without.  I don't favor
that approach, since I think it would mean more people runnning
binaries build for testing, or more people not running unit tests.
2013-07-10 15:20:09 -04:00
Nick Mathewson
b5d1fded3d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 10:25:30 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
dana koch
7f67becf30 Instead of testing for __GNUC__, use CHECK_SCANF, like CHECK_PRINTF.
This lets us have the possibility of fine-tuning the check in the tor_sscanf test cases at a later date.
2013-06-14 10:52:00 -04:00
Nick Mathewson
483385d2bd Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-13 21:59:27 -04:00
Nick Mathewson
2338681efb Define SEEK_SET for platforms that lack it. 2013-06-13 21:56:35 -04:00
Nick Mathewson
caa0d15c49 If we write the annotation but not the microdescriptor, rewind.
This fixes bug 9047 (and some parts of 9031, 8922, 8883 that weren't
fixed in 8822).  Bugfix on 0.2.2.6-alpha.
2013-06-13 12:29:01 -04:00
Marek Majkowski
16d1dd134a Fix #9043 - simplyfy the code and use EVP_PKEY_cmp instead of pkey_eq / tor_tls_evp_pkey_eq 2013-06-12 13:02:06 -04:00
Nick Mathewson
616fd790ec Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-12 13:01:14 -04:00
Nick Mathewson
fff9386af8 Revert "Use the FILE_SHARE_DELETE flag for CreateFile on a mapping"
This reverts commit 884a0e269c.

I'm reverting this because it doesn't actually make the problem go
away.  It appears that instead we need to do unmap-then-replace.
2013-06-12 10:45:48 -04:00
Nick Mathewson
a64d062c95 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-12 10:01:10 -04:00
Nick Mathewson
3bdc4e5fee Merge remote-tracking branch 'public/bug2077_share_delete' into maint-0.2.4 2013-06-12 10:00:33 -04:00
Nick Mathewson
884a0e269c Use the FILE_SHARE_DELETE flag for CreateFile on a mapping
A comment by rransom on #8795 taken together with a comment by doorss
recorded on #2077 suggest that *every* attempt to replace the md cache
will fail on Vista/Win7 if we don't have the FILE_SHARE_DELETE flag
passed to CreateFile, and if we try to replace the file ourselves
before unmapping it.  I'm adding the FILE_SHARE_DELETE, since that's
this simplest fix.  Broken indexers (the favored #2077 hypothesis)
could still cause trouble here, but at least this patch should make us
stop stepping on our own feet.

Likely fix for #2077 and its numerous duplicates. Bugfix on
0.2.2.6-alpha, which first had a microdescriptor cache that would get
replaced before remapping it.
2013-06-12 09:53:46 -04:00
Nick Mathewson
7f9066ceee Make OPENSSL_free(dh_string_repr) conditional. 2013-06-10 13:49:13 -04:00
Marek Majkowski
d769cd82b5 Bug #5170 - make pkey_eq testable, introduce test_tortls.c 2013-06-10 16:21:39 +01:00
Marek Majkowski
68be3469c5 Bug 5170 - simplify i2d_PublicKey in pkey_eq 2013-06-06 13:32:46 +01:00
Marek Majkowski
a022930fda Bug #5170 - simplify i2d_X509 2013-06-06 12:45:25 +01:00
Marek Majkowski
6f1c67195c Bug #5170 - also simplify i2d_DHparams 2013-06-06 12:13:24 +01:00
Marek Majkowski
2132d036e3 Bug #5170 - i2d_RSAPublicKey supports allocating its own output buffer 2013-06-06 11:45:35 +01:00
Nick Mathewson
d3125a3e40 Merge remote-tracking branch 'karsten/task-6752-3' 2013-05-28 10:59:35 -04:00
Karsten Loesing
b0d4ca4990 Tweak #6752 patch based on comments by nickm. 2013-05-24 10:28:31 +02:00
Arlo Breault
0ab38b9366 Remove PK_PKCS1_PADDING
See #8792
2013-05-17 10:11:33 -04:00
Karsten Loesing
1293835440 Lower dir fetch retry schedules in testing networks.
Also lower maximum interval without directory requests, and raise
maximum download tries.

Implements #6752.
2013-05-16 12:08:48 +02:00
Nick Mathewson
da30adcf0f Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-04-18 11:16:05 -04:00
Nick Mathewson
9fec0c1a95 Remove a double-newline 2013-04-18 11:14:05 -04:00
Nick Mathewson
8362f8854a Merge branch 'less_charbuf_rebased' into maint-0.2.4
Conflicts:
	src/or/dirserv.c
	src/or/dirserv.h
	src/test/test_dir.c
2013-04-18 11:13:36 -04:00