Commit Graph

1825 Commits

Author SHA1 Message Date
Roger Dingledine
10d385bd71 typos 2011-01-12 18:38:52 -05:00
Nick Mathewson
9a6a8ea466 Merge remote branch 'origin/maint-0.2.2' 2011-01-12 14:38:24 -05:00
Nick Mathewson
2c04c506a4 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-12 14:38:11 -05:00
Nick Mathewson
9fcc14224b Make our replacement INT32_MAX always signed
The C standard says that INT32_MAX is supposed to be a signed
integer.  On platforms that have it, we get the correct
platform-defined value.  Our own replacement, however, was
unsigned.  That's going to cause a bug somewhere eventually.
2011-01-12 14:29:38 -05:00
Nick Mathewson
71d786b2d3 Merge branch 'bug2320' 2011-01-12 12:52:31 -05:00
Nick Mathewson
3dbfc6a734 Merge remote branch 'origin/maint-0.2.2' 2011-01-12 12:43:30 -05:00
Nick Mathewson
729f404efe Add logic in routerparse to not read overlong private keys
I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
2011-01-10 12:07:34 -05:00
Nick Mathewson
d4165ef8b4 Use autoconf's FLEXIBLE_ARRAY_MEMBER for unspecified-length arrays
C99 allows a syntax for structures whose last element is of
unspecified length:
   struct s {
     int elt1;
     ...
     char last_element[];
   };

Recent (last-5-years) autoconf versions provide an
AC_C_FLEXIBLE_ARRAY_MEMBER test that defines FLEXIBLE_ARRAY_MEMBER
to either no tokens (if you have c99 flexible array support) or to 1
(if you don't).  At that point you just use offsetof
[STRUCT_OFFSET() for us] to see where last_element begins, and
allocate your structures like:

   struct s {
     int elt1;
     ...
     char last_element[FLEXIBLE_ARRAY_MEMBER];
   };

   tor_malloc(STRUCT_OFFSET(struct s, last_element) +
                                   n_elements*sizeof(char));

The advantages are:

   1) It's easier to see which structures and elements are of
      unspecified length.
   2) The compiler and related checking tools can also see which
      structures and elements are of unspecified length, in case they
      wants to try weird bounds-checking tricks or something.
   3) The compiler can warn us if we do something dumb, like try
      to stack-allocate a flexible-length structure.
2011-01-06 15:59:05 -05:00
Nick Mathewson
240fa42aac Fix size_t vs unsigned comparison too 2011-01-05 12:49:02 -05:00
Nick Mathewson
d14b0d54d2 Fix a SIZE_T_CEILING check in torgzip.c; noticed by cypherpunks 2011-01-05 12:42:34 -05:00
Nick Mathewson
0222228d64 Fix up size and sign issues in base32 code
Fixes bug 2331.
2011-01-03 16:16:53 -05:00
Nick Mathewson
a87a55a9b6 Merge remote branch 'origin/maint-0.2.2' 2011-01-03 15:55:41 -05:00
Nick Mathewson
64798dab4f Detect and disallow compression bombs 2011-01-03 15:54:23 -05:00
Nick Mathewson
f089804332 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:31:19 -05:00
Nick Mathewson
e365aee971 Avoid assertion on read_file_to_str() with size==SIZE_T_CEILING-1
Spotted by doors, fixes bug 2326.
2011-01-03 15:30:11 -05:00
Nick Mathewson
a96b46570f Merge remote branch 'origin/maint-0.2.2' 2011-01-03 15:16:36 -05:00
Nick Mathewson
cee433d751 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:15:54 -05:00
Nick Mathewson
e09ab69703 Check size against SIZE_T_CEILING in realloc too.
Fixes bug 2324.
2011-01-03 15:15:27 -05:00
Nick Mathewson
0489f7e004 Merge remote branch 'origin/maint-0.2.2' 2011-01-03 13:19:10 -05:00
Nick Mathewson
27cefef3a2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 13:18:33 -05:00
Nick Mathewson
394a6bf4cd Merge remote branch 'origin/maint-0.2.2' 2011-01-03 12:47:58 -05:00
Nick Mathewson
bb5f99d4df Merge remote branch 'sebastian/bug2314' into maint-0.2.2 2011-01-03 12:47:14 -05:00
Nick Mathewson
5c09431cc7 Never include pthread.h when building for Windows.
On Windows, we never use pthreads, since it doesn't usually exist,
and when it does it tends to be a little weirdly-behaved.  But some
mingw installations have a pthreads installed, so autoconf detects
pthread.h and tells us about it.  This would make us include
pthread.h, which could make for trouble when the iffy pthread.h
tried to include config.h.

This patch changes compat.h so that we never include pthread.h on
Windows.  Fixes bug 2313; bugfix on 0.1.0.1-rc.
2011-01-03 12:45:13 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
30b3475e6d Bump copyright statements to 2011 (0.2.2) 2011-01-03 11:52:09 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Sebastian Hahn
9ecf133686 Fix compile wanrings revealed by gcc 4.5 on mingw 2010-12-27 09:47:41 +01:00
Nick Mathewson
0a3b7f1471 Merge remote branch 'origin/maint-0.2.2' 2010-12-21 15:50:09 -05:00
Nick Mathewson
cdbd6d0fe8 Merge remote branch 'rransom/bug2190_the_hard_way' into maint-0.2.2 2010-12-21 15:48:14 -05:00
Nick Mathewson
69771bb5fc Merge remote branch 'public/bug2190_021' into maint-0.2.1 2010-12-21 15:44:50 -05:00
Roger Dingledine
c79427a992 Merge branch 'maint-0.2.2' 2010-12-19 22:08:42 -05:00
Nick Mathewson
dd2ae32bc1 Turn on epoll changelists with libevent 2.0.9-rc and later
Libevent 2.0 has a "changelist" feature that avoids making redundant
syscalls if we wind up doing a lot of event_add/event_del operations
on the same fd in a row.  Unfortunately, due to a weird design
choice in Linux, it doesn't work right with epoll when multiple fds
refer to the same socket (e.g., one is a dup() of the other).  We
don't dup() anything we give to Libevent, though, so it is safe for
us to explicitly turn this feature on.
2010-12-16 13:37:43 -05:00
Nick Mathewson
b5e293afe6 Merge remote branch fix_security_bug_021 into fix_security_bug_022
Conflicts:
	src/common/memarea.c
	src/or/or.h
	src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
b8a7bad799 Make payloads into uint8_t.
This will avoid some signed/unsigned assignment-related bugs.
2010-12-15 22:31:11 -05:00
Nick Mathewson
785086cfba Have all of our allocation functions and a few others check for underflow
It's all too easy in C to convert an unsigned value to a signed one,
which will (on all modern computers) give you a huge signed value.  If
you have a size_t value of size greater than SSIZE_T_MAX, that is way
likelier to be an underflow than it is to be an actual request for
more than 2gb of memory in one go.  (There's nothing in Tor that
should be trying to allocate >2gb chunks.)
2010-12-13 18:40:21 -05:00
Nick Mathewson
649ee99846 Base SIZE_T_CEILING on SSIZE_T_MAX. 2010-12-13 18:40:15 -05:00
Robert Ransom
cc051f9aca Only add each log message to pending_cb_messages once. 2010-12-11 05:26:36 -08:00
Robert Ransom
4a9d60734c Don't call flush_pending_log_callbacks while logging LD_NOCB messages.
Found by boboper.
2010-12-11 04:41:35 -08:00
Steven Murdoch
d5127ebdd8 Fix connecting the stdin of tor-fw-helper to /dev/null
This wasn't working due to the parameters of dup2 being in the wrong order.
As a result, tor-fw-helper was inheriting the stdin of Tor.
2010-12-01 12:22:21 -05:00
Nick Mathewson
9908404f01 Merge remote branch 'sjmurdoch/cloexec' 2010-12-01 11:42:34 -05:00
Steven Murdoch
a961521a86 Check that FD_CLOEXEC is set before using it
I don't know if any platforms we care about don't have FD_CLOEXEC,
but this is what we do elsewhere
2010-12-01 15:43:17 +00:00
Steven Murdoch
786abbd54c Open log files with CLOEXEC flag set 2010-12-01 15:38:18 +00:00
Nick Mathewson
3ed7505dc5 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/relay.c
2010-11-30 19:23:40 -05:00
Nick Mathewson
89e97bdf94 Add wrappers function for libc random()
On windows, it's called something different.
2010-11-29 16:00:47 -05:00
mingw-san
78df6404eb Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-11-23 12:47:38 -05:00
Nick Mathewson
cbd3745924 Merge remote branch 'origin/maint-0.2.2' 2010-11-21 14:34:22 -05:00
Nick Mathewson
2bd64f9e8f Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-21 14:33:11 -05:00
Steven Murdoch
15f2b7859b Don't both open the socket with SOCK_CLOEXEC and set FD_CLOEXEC 2010-11-21 15:40:17 +00:00
Nick Mathewson
92a99736fd Do not set the hostname TLS extension server-side; only client-side
This may fix bug 2204, and resolve the incompatibility with openssl
0.9.8p/1.0.0b.
2010-11-20 22:21:50 -05:00
Steven Murdoch
9d63dfcf49 Fix compile error on MacOS X (and other platforms without O_CLOEXEC) 2010-11-20 13:50:55 +00:00
Nick Mathewson
b4f56dd4c6 Obviate need for doing a CLOEXEC on pipes: just close them before exec 2010-11-20 01:24:30 -05:00
Nick Mathewson
e669d25e43 Do cloexec on socketpairs and stdio files 2010-11-20 01:16:29 -05:00
Nick Mathewson
5a66de7015 Initial work to set CLOEXEC on all possible fds
Still to go: some pipes, all stdio files.
2010-11-20 00:58:40 -05:00
Nick Mathewson
d166d18643 Better fix for 2190: defer libevent->controller messages instead of dropping 2010-11-19 22:52:32 -05:00
Nick Mathewson
668f7a2639 Do not send Libevent log messages to a controller (0.2.1 backport)
Doing so could make Libevent call Libevent from inside a Libevent
logging call, which is a recipe for reentrant confusion and
hard-to-debug crashes.  This would especially hurt if Libevent
debug-level logging is enabled AND the user has a controller
watching for low-severity log messages.

Fix bug 2190; fix on 0.1.0.2-rc.
2010-11-19 22:27:40 -05:00
Nick Mathewson
6199ac5fbe Do not send Libevent log messages to a controller.
Doing so could make Libevent call Libevent from inside a Libevent
logging call, which is a recipe for reentrant confusion and
hard-to-debug crashes.  This would especially hurt if Libevent
debug-level logging is enabled AND the user has a controller
watching for low-severity log messages.

Fix bug 2190; fix on 0.1.0.2-rc.
2010-11-19 22:22:43 -05:00
Nick Mathewson
223fc208f6 Split long lines in configure.in and Makefile.am files
Having very long single lines with lots and lots of things in them
tends to make files hard to diff and hard to merge.  Since our tools
are one-line-at-a-time, we should try to construct lists that way too,
within reason.

This incidentally turned up a few headers in configure.in that we were
for some reason searching for twice.
2010-11-11 14:22:48 -05:00
Nick Mathewson
d238d8386f Add a testing-only option to use bufferevent_openssl as a filter
We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows.  This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.

It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
2010-11-09 15:36:27 -05:00
Nick Mathewson
1fb342dfab Merge branch 'loggranularity' 2010-11-08 12:40:33 -05:00
Nick Mathewson
ccec0a1bd3 Merge remote branch 'origin/maint-0.2.2' 2010-10-26 13:59:09 -04:00
Sebastian Hahn
213139f887 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2010-10-26 18:22:04 +02:00
Nick Mathewson
17fdde3d92 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c
2010-10-21 16:23:01 -04:00
Nick Mathewson
4dbd8ba008 clarify fmt_addr32 documentation to note that the address is in host-order 2010-10-15 18:04:07 -04:00
Nick Mathewson
441d90a8f9 Fix one-time memory leak when initializing libevent. Spotted by Sebastian 2010-10-15 17:14:04 -04:00
Nick Mathewson
a7cf788740 Merge branch 'bug1992_part1' 2010-10-15 17:08:18 -04:00
Nick Mathewson
96ab83d3b6 Improve accuracy of comment about aes_crypt performance
The old comment was from before I tried a huge pile of crazy stuff to
make the inner loop faster.  Short answer: GCC already knows how to
unroll loops pretty well.  Other short answer: we should have made the
relay payload size an even multiple of 4, 8, or ideally 16.
2010-10-15 13:44:25 -04:00
Nick Mathewson
05274ba9b5 Kill comments saying to remove asserts once bug930 is solved.
It's okay to leave the asserts in: the code doesn't appear in profiles.
2010-10-15 13:44:25 -04:00
Nick Mathewson
04231a2ebe Fix an apostrophe in a comment 2010-10-15 12:39:23 -04:00
Nick Mathewson
94a99ad205 Add a portable tor_timercmp
We can't use the platform timercmp, because
  1) some platforms don't have them
  2) some that do have them only support certain relational operators
2010-10-15 12:35:05 -04:00
Nick Mathewson
59cba1767c Make the return value of tor_addr_sockaddr always be signed 2010-10-15 11:36:16 -04:00
Nick Mathewson
a5289fa794 Remove the unused old fuzzy-time code 2010-10-15 11:16:42 -04:00
Nick Mathewson
adc4f678f1 Fix an xxx wrt picking libevent methods known-to-work
The short version is, "where we want to do it, we have nothing real to
chose from and we can't do it easily. Where it's easy to do, we have
no reason to do it yet."
2010-10-15 10:58:16 -04:00
Sebastian Hahn
9bed40eb10 Make check-spaces happy 2010-10-14 17:54:45 +02:00
Nick Mathewson
8c837db38f Merge branch 'nodes' 2010-10-13 16:04:25 -04:00
Nick Mathewson
fbacbf9fd9 Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents
This seems to fix another case of bug2001.
2010-10-12 14:52:33 -04:00
Nick Mathewson
a9172c87be Actually call connection_tls_finish_handshake() with bufferevents
First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
2010-10-12 14:52:33 -04:00
Nick Mathewson
8ecb5abbe1 Add header for tor_tls_log_one_error 2010-10-11 13:26:57 -04:00
Nick Mathewson
4cfa6fbaca Log OpenSSL errors coming from bufferevent_openssl 2010-10-11 13:25:41 -04:00
Nick Mathewson
544a8afe5a Merge remote branch 'sjmurdoch/bug1903' 2010-10-11 11:01:15 -04:00
Nick Mathewson
8f76f31761 Make tor_sscanf handle %x 2010-10-11 10:50:47 -04:00
Steven Murdoch
8a12ce2cf9 Add a unit test for tor_spawn_background
- Test sucessfully starting a process
- Test failing to find the executable
2010-10-10 19:08:44 +01:00
Steven Murdoch
68e576e9f9 Update documentation for tor_spawn_background
- Include description of stdout_read, stderr_read, and argv
2010-10-10 19:08:44 +01:00
Steven Murdoch
23e9f362a2 Fix issues in nickm's review of log_from_pipe for bug #1903
- Replace sscanf with tor_sscanf
- Replace use of strstr with equivalent call to strcmpstart
2010-10-10 19:08:44 +01:00
Steven Murdoch
4d694c7890 Fix nickm's comments on logging for bug #1903
- Use log_warn rather than log_err for bad but survivable events
2010-10-10 19:08:44 +01:00
Steven Murdoch
708ba8899f Note icky constructs mentioned in bug #1903
- To be dealt with as part of bug #2029
2010-10-10 19:07:40 +01:00
Sebastian Hahn
34546e2573 Fix a compile warning on OSX 10.6 2010-10-07 06:31:08 +02:00
Robert Ransom
17efbe031d Maintain separate server and client TLS contexts.
Fixes bug #988.
2010-10-04 21:51:47 -07:00
Robert Ransom
d3879dbd16 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Nick Mathewson
4c71be65d8 Merge remote branch 'origin/maint-0.2.2' 2010-10-04 13:56:17 -04:00
Robert Ransom
1b8c8059c7 Correct a bogus comment.
Whether or not OpenSSL reference-counts SSL_CTX objects is irrelevant;
what matters is that Tor reference-counts its wrapper objects for
SSL_CTXs.
2010-10-04 13:53:54 -04:00
Robert Ransom
c70d9d77ab Correct a couple of log messages in tortls.c 2010-10-04 13:53:48 -04:00
Robert Ransom
068185eca2 Fix several comments in tortls.c 2010-10-04 13:47:57 -04:00
Steven Murdoch
5a77c64834 Fix issues in nickm's review of format_helper_exit_status for bug #1903
- Responsibility of clearing hex_errno is no longer with caller
- More conservative bounds checking
- Length requirement of hex_errno documented
- Output format documented
2010-10-04 14:31:27 +01:00
Karsten Loesing
8c5ba9388b Make logging resolution configurable.
Implements enhancement 1668.
2010-10-04 08:15:18 +02:00
Roger Dingledine
22f723e4a3 refactor all these tor_inet_ntoa idioms
but don't refactor the ones that look messy
2010-10-01 21:31:09 -04:00
Nick Mathewson
b5341314c1 Implement a few more node-based functions
Some of these functions only work for routerinfo-based nodes, and as
such are only usable for advisory purposes.  Fortunately, our uses
of them are compatible with this limitation.
2010-10-01 18:14:27 -04:00
Nick Mathewson
fe309e7ad6 Implement a basic node and nodelist type
The node_t type is meant to serve two key functions:

  1) Abstracting difference between routerinfo_t and microdesc_t
     so that clients can use microdesc_t instead of routerinfo_t.

  2) Being a central place to hold mutable state about nodes
     formerly held in routerstatus_t and routerinfo_t.

This patch implements a nodelist type that holds a node for every
router that we would consider using.
2010-10-01 18:14:26 -04:00
Nick Mathewson
80b515b85f Initialize fd values in tor_port_check_forwarding to -1 2010-10-01 18:14:17 -04:00
Nick Mathewson
495e630a49 Merge branch 'tor-fw-squashed2'
Conflicts:
	src/common/util.c
2010-09-30 16:22:39 -04:00
Nick Mathewson
0e9d969bb2 Fix space and formatting issues 2010-09-30 15:55:42 -04:00
Nick Mathewson
d39e46c26d Merge remote branch 'origin/maint-0.2.2' 2010-09-30 15:30:14 -04:00
Nick Mathewson
2835dcf69f #if-out the fw-helper code in util.c when building on windows 2010-09-30 12:58:48 -04:00
Steven Murdoch
a6dc00fa75 Start tor-fw-helper in the background, and log whatever it outputs 2010-09-30 11:40:37 -04:00
Sebastian Hahn
45c51e3238 Fix check-spaces 2010-09-30 06:17:32 +02:00
Roger Dingledine
50720a9a4f make c612ddee compile with old libevents 2010-09-29 02:50:46 -04:00
Nick Mathewson
73d93c033d Autodetect the number of CPUs when possible if NumCPUs==0
This is needed for IOCP, since telling the IOCP backend about all
your CPUs is a good idea.  It'll also come in handy with asn's
multithreaded crypto stuff, and for people who run servers without
reading the manual.
2010-09-28 14:42:21 -04:00
Nick Mathewson
c612ddee17 Add a new option to enable/disable IOCP support 2010-09-28 14:01:45 -04:00
Nick Mathewson
5c83c06c98 Merge branch 'bufferevent5' 2010-09-27 16:48:25 -04:00
Nick Mathewson
6950749c0a Make the bufferevent code use the renegotiation-reenabling hack 2010-09-27 16:07:14 -04:00
Nick Mathewson
e385961542 Merge remote branch 'public/bug1954' into maint-0.2.2 2010-09-27 15:39:40 -04:00
Nick Mathewson
b7ae108e18 Always defer bufferevent_openssl callbacks to avoid reentrant invocations 2010-09-27 14:29:42 -04:00
Nick Mathewson
b49cf6a77a Fix whitespace in bufferevents branch 2010-09-27 14:22:18 -04:00
Nick Mathewson
a16ed90ec8 Document and/or fix stuff found by Sebastian in code review
Thanks to Sebastian for his code-review of the bufferevents patch series.x
2010-09-27 14:22:18 -04:00
Sebastian Hahn
865bea3b89 Some bufferevents related fixes and pointers for nickm 2010-09-27 14:22:18 -04:00
Nick Mathewson
ffd5070b04 Convert bufferevents to use rate-limiting.
This requires the latest Git version of Libevent as of 24 March 2010.
In the future, we'll just say it requires Libevent 2.0.5-alpha or
later.

Since Libevent doesn't yet support hierarchical rate limit groups,
there isn't yet support for tracking relayed-bytes separately when
using the bufferevent system.  If a future version does add support
for hierarchical buckets, we can add that back in.
2010-09-27 14:22:18 -04:00
Nick Mathewson
c74a4ab515 Documentation for a few bufferevent functions. 2010-09-27 12:31:14 -04:00
Nick Mathewson
bd3612cd2b Get SSL connections and linked connections working with bufferevents.
Clients are now verified to work and build circuits correctly.  There
are still a few warnings given here and there that I need to look into.
2010-09-27 12:31:14 -04:00
Nick Mathewson
57e7b54b7b Teach read_event/write_event manipulators about bufferevents.
Add an --enable-bufferevents config switch.
2010-09-27 12:28:43 -04:00
Nick Mathewson
d073d7d4eb Consistency issues in load_windows_system_library patch. Thanks Sebastian 2010-09-24 14:16:55 -04:00
Nick Mathewson
c8e1538a0b Merge remote branch 'sebastian/continuation' 2010-09-24 13:43:55 -04:00
Sebastian Hahn
851255170a Note that the torrc format doesn't need nl at end 2010-09-24 13:32:27 +02:00
Nick Mathewson
0a0cc4599f Tweak continuation-and-comment logic
I think there was a read-off-the-end-of-the-buffer bug that I fixed.
At least I added some good comments, I hope.
2010-09-23 22:58:04 -04:00
Nick Mathewson
418e6caeeb New function to load windows system libraries
This function uses GetSystemDirectory() to make sure we load the version
of the library from c:\windows\system32 (or local equivalent) rather than
whatever version lives in the cwd.
2010-09-21 14:39:23 -04:00
Nick Mathewson
6d8fc4eb38 Add a simple integer-ceiling-division macro before we get it wrong 2010-09-14 22:32:36 -04:00
Sebastian Hahn
a05ef55b66 Allow comments for multi-line torrc options 2010-09-11 01:41:23 +02:00
Nick Mathewson
07049b3d25 Support mutli-line torrc options via the usual backslash syntax 2010-09-10 09:19:10 -04:00
Nick Mathewson
edc9256e95 Merge remote branch 'public/win_unicode_fixes' 2010-09-06 10:06:07 -04:00
Nick Mathewson
285addbd94 Fix some issues in rate-limiting noticed by Sebastian 2010-08-31 12:52:11 -04:00
Nick Mathewson
c0c7868250 Make the windows build succeed with or without -DUNICODE enabled.
This should keep WinCE working (unicode always-on) and get Win98
working again (unicode never-on).

There are two places where we explicitly use ASCII-only APIs, still:
in ntmain.c and in the unit tests.

This patch also fixes a bug in windoes tor_listdir that would cause
the first file to be listed an arbitrary number of times that was
also introduced with WinCE support.

Should fix bug 1797.
2010-08-20 13:40:01 -04:00
Nick Mathewson
ba9c1275c4 Add a generic rate-limited log mechanism, and use it in a few places
Incidentally fixes bug 1042.
2010-08-18 15:55:49 -04:00
Nick Mathewson
51377ae1bb Merge commit 'sebastian/mlockall' 2010-08-03 10:50:18 -04:00
Sebastian Hahn
90d3260b4a whitespace fix 2010-07-27 07:56:25 +02:00
mingw-san
856a36c434 Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-07-26 15:05:11 -04:00
Sebastian Hahn
6cee3d466d Make sure we don't warn for libevent versions like 1.4.14b-stable 2010-07-26 20:39:12 +02:00
Nick Mathewson
14bc4dcc22 Rename log.h to torlog.h
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.

The actual change was done with one "git mv", by editing
Makefile.am, and running
   find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
Nick Mathewson
485cab869d Merge remote branch 'public/rand_double2' 2010-06-29 18:57:59 -04:00
Nick Mathewson
b111a7cd9c Make cbt_generate_sample use crypto_rand_double()
Possible workaround for bug 1139, if anybody cares.
2010-06-25 21:33:22 -04:00
Nick Mathewson
faad8bd0e8 Merge branch 'bug1526-v2' 2010-06-25 18:56:15 -04:00
Nick Mathewson
0d5ff48b92 Fix a compile error when building with Libevent before 1.4.5-stable
Older versions of Libevent forgot to declare enough function arguments
constant.
2010-06-25 16:14:21 -04:00
Nick Mathewson
ad2d8ac073 Use Libevent 2.0's periodic timers where available.
These timers behave better with non-monotonic clocks than our old
ones, and also try harder to make once-per-second events get called
one second apart, rather than one-plus-epsilon seconds apart.

This fixes bug 943 for everybody using Libevent 2.0 or later.
2010-06-25 15:31:46 -04:00
Nick Mathewson
1a52e39c22 Fix zlib macro brokenness on osx with zlib 1.2.4 and higher.
From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.
2010-06-22 23:25:08 -04:00
Nick Mathewson
8e1bf98f4a Log an error if openssl fails to copy a key for us
This should never happen unless openssl is buggy or some of our
assumptions are deeply wrong, but one of those might have been the
cause of the not-yet-reproducible bug 1209.  If it ever happens again,
let's get some info we can use.
2010-06-22 22:20:52 -04:00
Nick Mathewson
006e2e8620 Add a function to return a double in range [0,1). 2010-06-22 21:30:26 -04:00
Florian Zumbiehl
426116113f Save a couple characters' allocation in esc_for_log 2010-06-14 14:05:18 -04:00
Nick Mathewson
03ea5f930e Reinstate warning when HOME isn't set.
Having ~/.tor expand into /.tor is, after all, almost certainly not
what the user wanted, and it deserves a warning message.

Also, convert a guess-and-malloc-and-sprintf triple into an asprintf.
2010-06-07 11:20:39 -04:00
Sebastian Hahn
0882e1e839 Treat unset $HOME like empty $HOME
This means Tor no longer dies when it doesn't have a $HOME.
2010-06-07 02:18:01 +02:00
Nick Mathewson
312f4ee410 Make pointer types correct in WinCE patch 2010-05-24 12:30:19 -04:00
valerino
076063ca90 moved wince related includes and defs to compat.h where possible, removed unused/redundant wince includes 2010-05-24 11:46:54 -04:00
valerino
8d31141ccb Port Tor to work on Windows CE
Most of the changes here are switches to use APIs available on Windows
CE.  The most pervasive change is that Windows CE only provides the
wide-character ("FooW") variants of most of the windows function, and
doesn't support the older ASCII verions at all.

This patch will require use of the wcecompat library to get working
versions of the posix-style fd-based file IO functions.

[commit message by nickm]
2010-05-24 11:46:45 -04:00
Sebastian Hahn
0b82ce3eb6 Demote a warning about missing client ciphers 2010-04-20 03:57:33 -04:00
Roger Dingledine
77babb832a minor cleanups 2010-04-20 02:48:35 -04:00
Nick Mathewson
6ff471d814 Fix a compilation warning on compat_libevent.c on some versions of windows libevent 2010-04-19 16:41:25 -04:00
Nick Mathewson
af9dd4af02 Fix two compile-blockers in tor_vasprintf().
1) mingw doesn't have _vscprintf(); mingw instead has a working snprintf.

2) windows compilers that _do_ have a working _vscprintf spell it so; they do
   not spell it _vcsprintf().
2010-04-19 16:37:26 -04:00
Nick Mathewson
c38fa93ad1 Merge commit 'origin/maint-0.2.1' 2010-04-15 10:35:09 -04:00
Nick Mathewson
6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
Nick Mathewson
927425150b Merge branch 'asprintf' 2010-04-02 12:30:46 -04:00
Roger Dingledine
625963d92a commit my annotations while i was hunting down the host order bug 2010-03-05 16:04:01 -05:00
Nick Mathewson
897b0ebbac better handle the case where *strp is in asprintf args 2010-02-28 21:46:46 -05:00
Sebastian Hahn
4aa56cbd2d Remove the request for current memlock limits
The getrlimit call didn't have any effect. Also make some logging
less verbose on default log level, and refactor a bit.
2010-02-28 14:48:47 +01:00
Nick Mathewson
da220157a9 Update copyright dates for files not in maint-0.2.1 2010-02-27 17:19:00 -05:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Sebastian Hahn
a9802d3322 Zero a cipher completely before freeing it
We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
2010-02-26 05:47:25 +01:00
Nick Mathewson
f0b5f87eab Add the MIN and MAX macros for platforms that lack them 2010-02-25 16:48:39 -05:00
Nick Mathewson
eb10d441b6 Fix 64-bit printf issues in consensus-bw-weights5-merge.
For my 64-bit Linux system running with GCC 4.4.3-fc12-whatever, you
can't do 'printf("%lld", (int64_t)x);' Instead you need to tell the
compiler 'printf("%lld", (long long int)x);' or else it doesn't
believe the types match.  This is why we added U64_PRINTF_ARG; it
looks like we needed an I64_PRINTF_ARG too.
2010-02-25 16:22:40 -05:00
Nick Mathewson
6fa8dacb97 Add a tor_asprintf() function, and use it in a couple of places.
asprintf() is a GNU extension that some BSDs have picked up: it does a printf
into a newly allocated chunk of RAM.

Our tor_asprintf() differs from standard asprintf() in that:
  - Like our other malloc functions, it asserts on OOM.
  - It works on windows.
  - It always sets its return-field.
2010-02-25 16:09:10 -05:00
Mike Perry
f4d6315afa Remove misc unnecessary newlines found by new check. 2010-02-22 16:52:11 -08:00
Mike Perry
95aad71678 Add %lld compat defines. 2010-02-22 16:52:10 -08:00
Nick Mathewson
c084ae145e Merge remote branch 'sebastian/bug1254' 2010-02-22 12:45:01 -05:00
Nick Mathewson
d35b8dc582 Make expand_filename into a tor_strdup() alias on windows.
On Windows, we don't have a notion of ~ meaning "our homedir", so we
were deliberately using an #ifdef to avoid calling expand_filename()
in multiple places.  This is silly: The right place to turn a function
into a no-op on a single platform is in the function itself, not in
every single call-site.
2010-02-22 12:42:31 -05:00
Sebastian Hahn
f5112fa487 Zero a cipher completely before freeing it
We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
2010-02-22 11:41:39 +01:00
Roger Dingledine
603432090d fix typo and garbage grammar 2010-02-21 17:18:42 -05:00
Nick Mathewson
391f75d792 Merge remote branch 'sebastian/bug1143' 2010-02-19 16:58:24 -05:00
Sebastian Hahn
408a828b1f Make the DNSPort option work with libevent 2.x
We need to use evdns_add_server_port_with_base() when configuring
our DNS listener, because libevent segfaults otherwise. Add a macro
in compat_libevent.h to pick the correct implementation depending
on the libevent version.

Fixes bug 1143, found by SwissTorExit
2010-02-19 22:36:53 +01:00
Nick Mathewson
715f104eeb Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-02-18 12:01:56 -05:00
Sebastian Hahn
c2c3a5a3f5 Fix compile 2010-02-18 13:08:57 +01:00
Nick Mathewson
e861b3be88 Even more conservative option-setting for SSL renegotiation.
This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every
version before OpenSSL 0.9.8l.  I can confirm that the option value (0x0010)
wasn't reused until OpenSSL 1.0.0beta3.
2010-02-17 23:55:03 -05:00
Nick Mathewson
79bdfb63e9 Remove the --enable-iphone option as needless.
On or-talk, Marco Bonetti reports that recent iPhone SDKs build
Tor fine without it.
2010-02-12 23:06:05 -05:00
Sebastian Hahn
fe18275563 Add Windows version detection for Vista and 7
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.

Also fix a coding style violation.
2010-02-10 08:40:44 +01:00
Nick Mathewson
c0d682686a Make tor_addr_copy() conform to memcpy requirements
The src and dest of a memcpy() call aren't supposed to overlap,
but we were sometimes calling tor_addr_copy() as a no-op.

Also, tor_addr_assign was a redundant copy of tor_addr_copy(); this patch
removes it.
2010-02-09 12:32:10 -05:00
Nick Mathewson
5314438799 Merge remote branch 'origin/maint-0.2.1' 2010-01-31 22:53:19 -05:00
Nick Mathewson
abd447f876 Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c
2010-01-31 22:48:29 -05:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Nick Mathewson
4905eaa38c Detect the correct versions of openssl for tls negotiation fix
Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
2010-01-29 17:11:20 -05:00
Nick Mathewson
8d68e5c748 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.
2010-01-29 17:02:17 -05:00
Nick Mathewson
ab87b61a9d Don't unlock a new log until done logging the tor version.
This might please coverity scan.
2010-01-25 14:09:18 -05:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
4ad5094c90 Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc.  This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.

Spotted by rieo on IRC.
2010-01-22 16:32:15 -05:00
Sebastian Hahn
4728bd904f Fix build on Solaris by disabling support for DisableAllSwap
Fixes bug 1198. Solaris doesn't have RLIMIT_MEMLOCK for get/setrlimit,
so disable support because we don't know if all memory can be locked.
2010-01-19 05:04:50 +01:00
Roger Dingledine
356c927476 don't list windows capabilities in windows uname
we never used them, and maybe it's a bad idea to publish them
2010-01-15 15:56:53 -05:00
Nick Mathewson
05a2473b7f Merge branch 'ewma' 2009-12-18 22:33:02 -05:00
Karsten Loesing
f80672d747 Remove duplicate words and a duplicate newline. 2009-12-18 12:55:05 +01:00
Nick Mathewson
235f1e1a96 Refactor out the 'find string at start of any line' logic.
We do this in too many places throughout the code; it's time to start
clamping down.

Also, refactor Karsten's patch to use strchr-then-strndup, rather than
malloc-then-strlcpy-then-strchr-then-clear.
2009-12-17 18:29:37 -05:00
Nick Mathewson
616cbb31c7 Merge commit 'origin/maint-0.2.1' 2009-12-15 17:11:40 -05:00
Nick Mathewson
1c87a27574 Fix bug 1173: remove an assert(unsigned >= 0). 2009-12-15 15:51:59 -05:00
Nick Mathewson
e56747f9cf Refactor a bit so that it is safe to include math.h, and mostly not needed. 2009-12-15 14:40:49 -05:00
Nick Mathewson
2c672f73bf Fix comment typos in container.c 2009-12-15 13:20:02 -05:00
Nick Mathewson
c210db0d41 Enhance pqueue so we can remove items from the middle.
This changes the pqueue API by requiring an additional int in every
structure that we store in a pqueue to hold the index of that structure
within the heap.
2009-12-12 19:06:38 -05:00
Nick Mathewson
d086c9a7f7 Merge commit 'sebastian/fixes' 2009-12-12 02:10:57 -05:00