Commit Graph

15517 Commits

Author SHA1 Message Date
Roger Dingledine
97dbff51e6 Update the minimum bandwidth for a public relay
The current cutoff is 30KB, but in reality a useful cutoff is probably
more like 50KB or 100KB.
2012-09-05 16:40:57 -04:00
Nick Mathewson
9d9ca264ec Avoid segfault if EntryGuardPathBias precedes EntryGuard
Fix for bug 6774; bugfix on 0.2.3.17-beta.
2012-09-05 13:27:54 -04:00
Nick Mathewson
acfd487e7d Merge remote-tracking branch 'arma/bug6743' into maint-0.2.3 2012-09-04 18:33:56 -04:00
Roger Dingledine
4bd90e20b9 fix whitespace and trivial typo 2012-09-03 02:09:39 -04:00
Roger Dingledine
eb3d079667 Make begindir_cutoff the same as general_cutoff
Allow one-hop directory fetching circuits the full "circuit build timeout"
period, rather than just half of it, before failing them and marking
the relay down. This fix should help reduce cases where clients declare
relays (or worse, bridges) unreachable because the TLS handshake takes
a few seconds to complete.

Fixes bug 6743 (one piece of bug 3443); bugfix on 0.2.2.2-alpha, where
we changed the timeout from a static 30 seconds.
2012-09-01 01:25:17 -04:00
Nick Mathewson
b17bb543da Merge branch 'bug6732' into maint-0.2.3 2012-08-31 18:39:11 -04:00
Nick Mathewson
774979ca45 Document consensus and microdesc files
Bugfix for #6732.
2012-08-31 11:35:47 -04:00
Nick Mathewson
a7a4bbff47 Quiet "Set buildtimeout to low val" warnings: make them info
Fix for #6251
2012-08-27 16:37:09 -04:00
Nick Mathewson
d98f2996b0 Merge branch 'disable_pathbias_warnings_v2' into maint-0.2.3 2012-08-27 16:19:52 -04:00
Nick Mathewson
b252ffa7cb Downgrade path-bias warning messages to INFO for now.
We've had over two months to fix them, and didn't.  Now we need
0.2.3.x stable.  Yes, it would be cool to get this working in
0.2.3.x, but not at the expense of delaying every other feature that
_does_ work in 0.2.3.x.  We can do a real fix in 0.2.4.
2012-08-27 16:18:35 -04:00
Nick Mathewson
bffe0d3ccc Merge branch 'bug6710_023' into maint-0.2.3 2012-08-27 16:15:01 -04:00
Nick Mathewson
443e4ae1ee Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/policies.c
2012-08-27 16:07:04 -04:00
Nick Mathewson
1c30e6abc9 Merge branch 'bug6690_022' into maint-0.2.2 2012-08-27 16:03:48 -04:00
Nick Mathewson
45b520b6a4 Fix changes file for 6710: before 0.0.8pre1, you couldn't extend to
a router that another router wasn't already connected to.
2012-08-27 12:29:04 -04:00
Nick Mathewson
62d96284f7 Do not assert when comparing a null address/port against a policy
This can create a remote crash opportunity for/against directory
authorities.
2012-08-27 12:04:55 -04:00
Nick Mathewson
b7c172c9ec Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
2012-08-27 11:19:29 -04:00
Nick Mathewson
ce4add498f Merge remote-tracking branch 'public/bug6472' into maint-0.2.3 2012-08-24 12:51:02 -04:00
Nick Mathewson
991a8acba2 Merge remote-tracking branch 'public/bug6404' into maint-0.2.3 2012-08-21 10:35:40 -04:00
Nick Mathewson
88859b2ff1 whitespace fix 2012-08-17 17:10:03 -04:00
Nick Mathewson
223e7cfabe When iterating over connections pending DNS, skip marked ones
Failure to do this would lead to double-free cases and similar,
especially when the exit's DNS was broken. See bug 6472 for full
details; this is a fix for 6472.

Anonymous patch from "cypherpunks" on trac.
2012-08-17 16:46:11 -04:00
Linus Nordberg
9ed87b37d0 Consider IPv6 OR ports when deciding whether a routerinfo change is cosmetic.
Closes #6423.
2012-08-17 15:59:13 -04:00
Nick Mathewson
97602c9de4 Merge branch 'bug6379' into maint-0.2.3 2012-08-17 13:57:07 -04:00
Nick Mathewson
4c8fcba86c Fix more warnings from openbsd_malloc
Apparently, (void)writev is not enough to suppress the "you are
ignoring the return value!" warnings on Linux.  Instead, remove the
whole warning/error logic when compiling openbsd_malloc for Tor: we
can't use it.
2012-08-17 13:49:52 -04:00
Nick Mathewson
e9172e51fb Merge remote-tracking branch 'public/bug6244_part_c' into maint-0.2.3 2012-08-17 12:37:49 -04:00
Nick Mathewson
676f71054f Merge remote-tracking branch 'public/bug6507' into maint-0.2.3 2012-08-17 12:33:17 -04:00
Nick Mathewson
a74d4182f1 Whitespace and build fixes on 6475 patch 2012-08-17 12:10:31 -04:00
Nick Mathewson
3621f30ad4 Merge remote-tracking branch 'mikeperry/bug6475' into maint-0.2.3 2012-08-17 12:08:42 -04:00
Nick Mathewson
f25e8d034b Merge remote-tracking branch 'public/bug6514' into maint-0.2.3 2012-08-17 11:53:06 -04:00
Mike Perry
4e42a8a2f2 Address Nick's comments from code review.
Also promote log messages to notice and rate-limit them.
2012-08-16 16:29:19 -07:00
Mike Perry
ec6a7effb8 Bug 6475: Explicitly track our path bias state.
This is done to avoid spurious warns. Additional log lines are also
added to try to track down the codepaths where we are somehow overcounting
success counts.
2012-08-15 19:59:55 -07:00
Nick Mathewson
6a33c33a12 Fix warnings and 64-bit problems in openbsd-malloc code
The warning fixes are:
  - Only define issetugid if it's missing.
  - Explicitly ignore the return value of writev.
  - Explicitly cast the retval of readlink() to int.

The 64-bit problems are related to just storing a size_t in an int. Not cool!  Use a size_t instead.

Fix for bug 6379. Bugfix on 0.2.0.20-rc, which introduced openbsd-malloc.
2012-08-15 19:26:53 -04:00
Nick Mathewson
2ba52f4095 Fix wildcarded address mappings from the control port
Apparently, we weren't actually detecting wildcardedness when parsing
them: whoops!

bug 6244.  Bugfix on 0.2.3.9-alpha
2012-08-15 17:59:30 -04:00
Nick Mathewson
959f850056 Raise the part of torrc mapaddress handling that knows wildcards
This patch extracts the inner part of config_register_addressmaps --
the part that knows about detecting wildcard addresses addresses --
and makes it into a new function.  The new function is deliberately
not moved or reindented, so that the diff is smaller.

I need this to fix bug 6244.
2012-08-15 17:52:40 -04:00
Nick Mathewson
a4fbfa81b3 Update description of what we did to upper limit on md size
Spotted by asn
2012-08-14 03:10:14 -04:00
Nick Mathewson
a9eed33111 Fix memory leak in dirvote_create_microdescriptor
Found by George, who gets a cookie.
2012-08-14 03:07:17 -04:00
Nick Mathewson
d993b04485 Reject attempts to say FooPort and FooPort 0 in the same cfg domain 2012-08-09 16:13:03 -04:00
Nick Mathewson
e1fb3b8d65 Fix spaces from last patch 2012-08-09 16:02:57 -04:00
Nick Mathewson
dfe03d36c8 Don't infer we have a FooPort from the presence of a FooPort line
Thanks to the changes we started making with SocksPort and friends
in 0.2.3.3-alpha, any of our code that did "if (options->Sockport)"
became wrong, since "SocksPort 0" would make that test true whereas
using the default SocksPort value would make it false.  (We didn't
actually do "if (options->SockPort)" but we did have tests for
TransPort.  When we moved DirPort, ORPort, and ControlPort over to
the same system in 0.2.3.9-alpha, the problem got worse, since our
code is littered with checks for DirPort and ORPort as booleans.

This code renames the current linelist-based FooPort options to
FooPort_lines, and adds new FooPort_set options which get set at
parse-and-validate time on the or_options_t.  FooPort_set is true
iff we will actually try to open a listener of the given type. (I
renamed the FooPort options rather than leave them alone so that
every previous user of a FooPort would need to get inspected, and so
that any new code that forgetfully uses FooPort will need fail to
compile.)

Fix for bug 6507.
2012-08-09 15:48:43 -04:00
Nick Mathewson
91b52a259a Merge remote-tracking branch 'public/bug6252_again' into maint-0.2.3 2012-08-09 10:50:11 -04:00
Nick Mathewson
93be3a8822 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/routerlist.c
2012-08-03 12:04:11 -04:00
Nick Mathewson
d48cebc5e4 Try to clarify impact of bug 6537
I don't personally agree that this is likely to be easy to exploit,
and some initial experimention I've done suggests that cache-miss
times are just plain too fast to get useful info out of when they're
mixed up with the rest of Tor's timing noise.  Nevertheless, I'm
leaving Robert's initial changelog entry in the git history so that he
can be the voice of reason if I'm wrong. :)
2012-08-03 11:54:11 -04:00
Robert Ransom
308f6dad20 Mitigate a side-channel leak of which relays Tor chooses for a circuit
Tor's and OpenSSL's current design guarantee that there are other leaks,
but this one is likely to be more easily exploitable, and is easy to fix.
2012-08-03 11:49:51 -04:00
Robert Ransom
82c5e385cb Remove bogus comment claiming that an assertion is triggerable by consensus 2012-08-03 11:45:33 -04:00
Nick Mathewson
1040afb242 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-08-03 11:18:40 -04:00
Nick Mathewson
55f635745a Clarify security impact of bug 6530 2012-08-03 11:16:13 -04:00
Nick Mathewson
57e35ad3d9 Avoid possible segfault when handling networkstatus vote with bad flavor
Fix for 6530; fix on 0.2.2.6-alpha.
2012-08-03 10:53:00 -04:00
Nick Mathewson
2d6d5db2fe Defensive programming: clear rs_out between iterations.
I can't currently find a bug here, but there are a couple of
near-misses.  Addresses ticket 6514; reported pseudonymously on
IRC.
2012-08-01 17:25:34 -04:00
Nick Mathewson
122c8efb09 Merge branch 'bug6480_squashed' into maint-0.2.3 2012-07-31 17:19:47 -04:00
Nick Mathewson
62637fa224 Avoid hard (impossible?)-to-trigger double-free in dns_resolve()
Fixes 6480; fix on 0.2.0.1-alpha; based on pseudonymous patch.
2012-07-31 17:19:17 -04:00
Nick Mathewson
d3e1e458e1 Remove the upper limit on the size of MD we can generate. 2012-07-31 13:12:07 -04:00