Commit Graph

13923 Commits

Author SHA1 Message Date
Andrea Shepard
37baef0687 Add channel lifecycle test 2014-09-30 23:08:16 -07:00
Andrea Shepard
fd57840a77 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 22:54:10 -07:00
Andrea Shepard
e00fde1797 Implement two-channel queue estimate test 2014-09-30 22:54:09 -07:00
Andrea Shepard
6e427c30af Implement channel queue size estimate unit test 2014-09-30 22:54:09 -07:00
Andrea Shepard
6d886787e3 Unit tests for channel_get_cell_queue_entry_size() and channel_write_*() functions 2014-09-30 22:54:02 -07:00
Andrea Shepard
85ee070852 Make scheduler_release_channel() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
8907554cf3 Make channel_note_destroy_not_pending() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
dabf4c33e2 Refactor channel_get_cell_queue_entry_size() to avoid an unreachable line for test coverage, and fix a nasty lurking memory bug in channel_flush_some_cells_from_outgoing_queue() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ac1b627e85 Implement scheduler_touch_channel() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ed1927d6bf Use a non-stupid data structure in the scheduler 2014-09-30 22:49:56 -07:00
Andrea Shepard
3530825c53 Eliminate some unnecessary smartlists in scheduler.c 2014-09-30 22:49:36 -07:00
Andrea Shepard
283646fd90 Fix scheduler assertion in circuitmux/destroy_cell_queue unit test 2014-09-30 22:49:36 -07:00
Andrea Shepard
63bb9a795e Fix compiler warning 2014-09-30 22:49:36 -07:00
Andrea Shepard
55907da28d Sort the scheduler's channel list by cmux comparisons 2014-09-30 22:49:36 -07:00
Andrea Shepard
700d6e7525 Add inter-cmux comparison support to circuitmux_ewma.c 2014-09-30 22:49:35 -07:00
Andrea Shepard
9db596d2ef Add cmux support for inter-cmux comparisons 2014-09-30 22:49:35 -07:00
Andrea Shepard
1275002a46 Schedule according to a queue size heuristic 2014-09-30 22:49:35 -07:00
Andrea Shepard
4f567c8cc8 Let the new scheduler handle writes 2014-09-30 22:49:03 -07:00
Andrea Shepard
f314d9509c Fix return values from channel_flush_some_cells() to correctly count cells directly written by channel_flush_from_first_active_circuit() 2014-09-30 22:49:03 -07:00
Andrea Shepard
2fc3da3ff5 Implement global queue size query in channel.c 2014-09-30 22:49:03 -07:00
Andrea Shepard
8852a1794c Track total queue size per channel, with overhead estimates, and global queue total 2014-09-30 22:49:03 -07:00
Andrea Shepard
5e0a6d54d0 Add global cell/byte counters and per channel byte counters to channel.c 2014-09-30 22:49:02 -07:00
Andrea Shepard
f0533d8d22 Remove no-longer-used channel_tls_t functions 2014-09-30 22:49:02 -07:00
Andrea Shepard
b09f41424c Actually call channel_flush_some_cells() from the scheduler 2014-09-30 22:49:01 -07:00
Andrea Shepard
2efbab2aaf Provide generic mechanism for scheduler to query writeable cells on a channel 2014-09-30 22:48:26 -07:00
Nick Mathewson
472b62bfe4 Uglify scheduler init logic to avoid crash on startup.
Otherwise, when we authority try to do a self-test because of
init-keys, if that self-test can't be launched for whatever reason and
so we close the channel immediately, we crash.

Yes, this a silly way for initialization to work.
2014-09-30 22:48:26 -07:00
Nick Mathewson
85ee5b3095 Use event_active, not 0-length timeouts. It's idempotent, too. 2014-09-30 22:48:26 -07:00
Nick Mathewson
fc13184e44 Fix unused-arguments warnings 2014-09-30 22:48:26 -07:00
Nick Mathewson
08bea13c35 Temporarily disable scheduler_trigger as unused 2014-09-30 22:48:26 -07:00
Andrea Shepard
d438cf1ec9 Implement scheduler mechanism to track lists of channels wanting cells or writes; doesn't actually drive the cell flow from it yet 2014-09-30 22:48:24 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
a0be2f1350 Automake syntax error :/ 2014-09-29 10:10:37 -04:00
Nick Mathewson
9455f45ae3 Add missing ed25519_ref10 headers to NOINST_HEADERS. 2014-09-29 10:10:08 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
15b0bf0aad Whitespace fixes on 13291 fix 2014-09-29 09:39:21 -04:00
Nick Mathewson
0a985af072 Parenthesize macro arguments for 13291 fix 2014-09-29 09:38:50 -04:00
teor
b827a08284 Stop spawn test failures due to a race condition with SIGCHLD on process exit
When a spawned process forks, fails, then exits very quickly, (this
typically occurs when exec fails), there is a race condition between the
SIGCHLD handler updating the process_handle's fields, and checking the
process status in those fields. The update can occur before or after the
spawn tests check the process status.

We check whether the process is running or not running (rather than just
checking if it is running) to avoid this issue.
2014-09-29 09:37:53 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
Nick Mathewson
fcebc8da95 Rename socks5 error code setting function again
I'd prefer not to use the name "send" for any function that doesn't
really send things.
2014-09-29 09:17:29 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
4903ab1caa Avoid frequent strcmp() calls for AccountingRule
Generally, we don't like to parse the same thing over and over; it's
best IMO to do it once at the start of the code.
2014-09-29 09:05:11 -04:00
Nick Mathewson
8527a29966 Add an "AccountingRule" feature to permit limiting bw usage by read+write
Patch from "chobe".  Closes ticket 961.
2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
b45bfba2ce Whitespace fixes 2014-09-29 08:48:22 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
Nick Mathewson
47fab50cba Merge branch 'bug13280' 2014-09-28 21:01:14 -04:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
teor
b7eab94a90 Stop ed25519 8-bit signed left shift overflowing
Standardise usage in ge_scalarmult_base.c for 1 new fix.
2014-09-28 20:44:00 -04:00
Nick Mathewson
6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values
This helps us avoid undefined behavior. It's based on a patch from teor,
except that I wrote a perl script to regenerate the patch:

  #!/usr/bin/perl -p -w -i

  BEGIN { %vartypes = (); }

  if (/^[{}]/) {
      %vartypes = ();
  }

  if (/^ *crypto_int(\d+) +([a-zA-Z_][_a-zA-Z0-9]*)/) {
      $vartypes{$2} = $1;
  } elsif (/^ *(?:signed +)char +([a-zA-Z_][_a-zA-Z0-9]*)/) {
      $vartypes{$1} = '8';
  }

  # This fixes at most one shift per line. But that's all the code does.
  if (/([a-zA-Z_][a-zA-Z_0-9]*) *<< *(\d+)/) {
      $v = $1;
      if (exists $vartypes{$v}) {
  	s/$v *<< *(\d+)/SHL$vartypes{$v}($v,$1)/;
      }
  }

  # remove extra parenthesis
  s/\(SHL64\((.*)\)\)/SHL64\($1\)/;
  s/\(SHL32\((.*)\)\)/SHL32\($1\)/;
  s/\(SHL8\((.*)\)\)/SHL8\($1\)/;
2014-09-28 20:41:05 -04:00
teor
6b155dc1a6 Stop signed left shifts overflowing in ed25519: Macros
The macros let us use unsigned types for potentially overflowing left
shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
2014-09-28 20:38:12 -04:00
Nick Mathewson
5190ec0bc4 Merge remote-tracking branch 'public/require_some_c99' 2014-09-26 11:06:41 -04:00
Nick Mathewson
6e7cbfc465 Avoid a "constant variable guards dead code" warning from coverity
Fixes CID 752028
2014-09-26 09:40:30 -04:00
Nick Mathewson
9fd6fbec28 Regenerate pwbox.c with the latest trunnel
This one should no longer generate dead-code warnings with coverity.
Fingers crossed?  This was CID 1241498
2014-09-26 09:33:24 -04:00
Nick Mathewson
27bd1ef100 Comment-out dead code in ed25519/ref10
There are some loops of the form

       for (i=1;i<1;++i) ...

And of course, if the loop index is initialized to 1, it will never
be less than 1, and the loop body will never be executed.  This
upsets coverity.

Patch fixes CID 1221543 and 1221542
2014-09-26 09:07:44 -04:00
Nick Mathewson
7c52a0555a Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.

Found by coverity; this is CID 1241500
2014-09-26 09:06:36 -04:00
Nick Mathewson
801f4d4384 Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.

[Yes, I used this commit message before, in 58e813d0fc.
Turns out, that fix wasn't right, since I didn't look up a
screen. :P ]
2014-09-26 08:58:15 -04:00
Nick Mathewson
4e87b97872 Fix on that last fix. 2014-09-25 17:59:10 -04:00
Nick Mathewson
9190468246 Fix warnings on 32-bit builds.
When size_t is the most memory you can have, make sure that things
referring to real parts of memory are size_t, not uint64_t or off_t.

But not on any released Tor.
2014-09-25 17:50:13 -04:00
Nick Mathewson
1c5d680b3d Merge branch 'ed25519_ref10_squashed'
Conflicts:
	src/common/include.am
	src/ext/README
2014-09-25 15:11:34 -04:00
Nick Mathewson
46cda485bc Comments and tweaks based on review by asn
Add some documentation

Rename "derive" -> "blind"

Check for failure on randombytes().
2014-09-25 15:08:32 -04:00
Nick Mathewson
6dbd451b9f Add benchmarks for ed25519 functions 2014-09-25 15:08:32 -04:00
Nick Mathewson
9b43a4a122 Add comments to ed25519_vectors.inc 2014-09-25 15:08:32 -04:00
Nick Mathewson
6981341764 Cut the time to run the python ed25519 tests by a factor of ~6
I know it's pointless to optimize them, but I just can't let them
spend all that time in expmod() when native python pow() does the same
thing.
2014-09-25 15:08:32 -04:00
Nick Mathewson
7ca470e13c Add a reference implementation of our ed25519 modifications
Also, use it to generate test vectors, and add those test vectors
to test_crypto.c

This is based on ed25519.py from the ed25519 webpage; the kludgy hacks
are my own.
2014-09-25 15:08:32 -04:00
Nick Mathewson
d10e1bdec4 Add the pure-python ed25519 implementation, for testing. 2014-09-25 15:08:31 -04:00
Nick Mathewson
f0eb7ae79f More documentation for ed25519 stuff. 2014-09-25 15:08:31 -04:00
Nick Mathewson
1d3b33e1ed Fix linux compilation of ed25519_ref10
Our integer-definition headers apparently suck in a definition for
select(2), which interferes with the select() in ge_scalarmult_base.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56 Support for writing ed25519 public/private components to disk.
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899 Restore the operation of extra_strong in ed25519_secret_key_generate 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c Fix API for ed25519_ref10_open()
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.

The unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839 Tweak ed25519 ref10 signing interface to use less space.
Unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e5a1cf9937 Tweak ref10 keygen APIs to be more sane. 2014-09-25 15:08:30 -04:00
Nick Mathewson
87ba033cd5 Add Ed25519 support, wrappers, and tests.
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna.  Tweaked so that it applies to ref10 instead.
2014-09-25 15:08:20 -04:00
Nick Mathewson
50d15e06b3 Use --require-version to prevent running trunnel pre-1.2
(Also, regenerate trunnel stuff with trunnel 1.2.  This just adds a
few comments to our output.)
2014-09-25 14:49:00 -04:00
Nick Mathewson
1b13139709 Add a script to run trunnel on the trunnel files.
Also, re-run the latest trunnel.

Closes ticket 13242
2014-09-25 12:32:08 -04:00
Nick Mathewson
36700ee99e Mention trunnel in LICENSE and src/ext/README 2014-09-25 12:03:46 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
c433736734 Add tests for failing cases of crypto_pwbox 2014-09-25 11:58:14 -04:00
Nick Mathewson
3b7d0ed08e Use trunnel for crypto_pwbox encoding/decoding.
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.

This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401 Adjust pwbox format: use a random IV each time
Suggested by yawning
2014-09-25 11:58:14 -04:00
Nick Mathewson
d0f5d2b662 Test a full array of s2k flags with pwbox test.
Suggested by yawning.
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f Use preferred key-expansion means for pbkdf2, scrypt.
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8d84f3af7b Test vectors for PBKDF2 from RFC6070 2014-09-25 11:58:13 -04:00
Nick Mathewson
b59d0dae14 Test vectors for scrypt from draft-josefsson-scrypt-kdf-00 2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141 Tweak and expose secret_to_key_compute_key for testing
Doing this lets me pass in a salt of an unusual length.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47 Rudimentary-but-sufficient passphrase-encrypted box code.
See crypto_pwbox.c for a description of the file format.

There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
b0767e85b8 Tell autoconf to make the compiler act as c99
Apparently some compilers want extra switches.
2014-09-25 11:36:28 -04:00
Nick Mathewson
0ca8387246 Tweak address.c to use a little c99 syntax
Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.
2014-09-25 11:22:02 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Roger Dingledine
ecab261641 two more typos 2014-09-23 18:30:02 -04:00
Roger Dingledine
1987157d0c + is not how we say concatenate 2014-09-22 20:09:03 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
80622c0664 Writing comments for newly added functions. 2014-09-22 14:18:01 -04:00
rl1987
2e951f8dda Whitespace fixes 2014-09-22 14:18:00 -04:00
rl1987
0eaf82947d Using the new API in unit-test. 2014-09-22 14:18:00 -04:00
rl1987
c735b60e4c New API for policies_parse_exit_policy(). 2014-09-22 14:18:00 -04:00
Adrien BAK
8858194952 Remove config options that have been obsolete since 0.2.3 2014-09-22 10:55:01 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
1a1e695800 Merge remote-tracking branch 'public/bug7733a' 2014-09-22 10:38:05 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
530fac10aa Use optimistic data even if we don't know exitnode->rs
I think we should know the routerstatus for our exit relay, since
we built a circuit to it. So I think this is just a code simplication.
2014-09-21 19:12:20 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
4c8b809b96 get rid of trivial redundant comment 2014-09-21 18:56:48 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
58e813d0fc Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.
2014-09-18 11:13:57 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
bb175dac96 Activate INSTRUMENT_DOWNLOADS under clang analyzer as well as coverity
Patch from teor; ticket 13177.
2014-09-18 10:23:33 -04:00
Nick Mathewson
3f9fac7ee4 Fix a windows unused-arg warning 2014-09-17 11:00:27 -04:00
Nick Mathewson
35156ffcc3 Merge remote-tracking branch 'public/ticket_13119_v3' 2014-09-17 10:27:40 -04:00
Peter Palfrader
64f65f2359 torrc.sample: Fix units 2014-09-16 12:03:47 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
ef9a0d2048 Add script to detect and remove unCish malloc-then-cast pattern
Also, apply it.
2014-09-16 10:57:00 -04:00
Nick Mathewson
ea72b4f60a clean up eol whitespace from coccinelle-generated patches 2014-09-16 09:40:38 -04:00
Nick Mathewson
a6627fdb80 Remove the legacy_test_helper and legacy_setup wrappers
These wrappers went into place when the default type for our unit
test functions changed from "void fn(void)" to "void fn(void *arg)".

To generate this patch, I did the same hokey-pokey as before with
replacing all operators used as macro arguments, then I ran a
coccinelle script, then I ran perl script to fix up everything that
used legacy_test_helper, then I manually removed the
legacy_test_helper functions, then I ran a final perl script to put
the operators back how they were.

==============================
 #!/usr/bin/perl -w -i -p

s/==,/_X_EQ_,/g;
s/!=,/_X_NE_,/g;
s/<,/_X_LT_,/g;
s/>,/_X_GT_,/g;
s/>=,/_X_GEQ_,/g;
s/<=,/_X_LEQ_,/g;

--------------------

@@
identifier func =~ "test_.*$";
statement S, S2;
@@
 static void func (
-void
+void *arg
 )
 {
 ... when != S2
+(void) arg;
 S
 ...
 }

--------------------
 #!/usr/bin/perl -w -i -p

s/, *legacy_test_helper, *([^,]+), *\&legacy_setup, *([^\}]+) *}/, $2, $1, NULL, NULL }/g;

--------------------
 #!/usr/bin/perl -w -i -p

s/_X_NEQ_/!=/g;
s/_X_NE_/!=/g;
s/_X_EQ_/==/g;
s/_X_GT_/>/g;
s/_X_LT_/</g;
s/_X_GEQ_/>=/g;
s/_X_LEQ_/<=/g;

--------------------
2014-09-16 09:30:22 -04:00
Nick Mathewson
d684657548 Replace all uses of test_{str,}eq 2014-09-15 21:36:23 -04:00
Nick Mathewson
34bf9b3690 Replace the remaining test_assert instances 2014-09-15 21:29:48 -04:00
Nick Mathewson
0e0cef1d60 remove two unused test_* macros 2014-09-15 21:28:26 -04:00
Nick Mathewson
0d654d2355 Replace remaining uses of deprecated test_mem* functions 2014-09-15 21:27:23 -04:00
Nick Mathewson
1146a6a1c5 Replace the remaining test_n?eq_ptr calls 2014-09-15 21:25:27 -04:00
Nick Mathewson
5253ba3184 Make not even macros use test_fail_msg. 2014-09-15 21:22:36 -04:00
Nick Mathewson
0243895792 Use coccinelle scripts to clean up our unit tests
This should get rid of most of the users of the old test_*
functions.  Some are in macros and will need manual cleanup, though.

This patch is for 13119, and was automatically generated with these
scripts.  The perl scripts are there because coccinelle hates
operators as macro arguments.

------------------------------

s/==,/_X_EQ_,/g;
s/!=,/_X_NE_,/g;
s/<,/_X_LT_,/g;
s/>,/_X_GT_,/g;
s/>=,/_X_GEQ_,/g;
s/<=,/_X_LEQ_,/g;

------------------------------
@@
expression a;
identifier func;
@@
 func (...) {
<...
-test_fail_msg
+TT_DIE
 (
+(
 a
+)
 )
 ...>
 }

@@
identifier func;
@@
 func (...) {
<...
-test_fail()
+TT_DIE(("Assertion failed."))
 ...>
 }

@@
expression a;
identifier func;
@@
 func (...) {
<...
-test_assert
+tt_assert
	(a)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_eq
+tt_int_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_neq
+tt_int_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_streq
+tt_str_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_strneq
+tt_str_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_eq_ptr
+tt_ptr_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func() {
<...
-test_neq_ptr
+tt_ptr_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b, len;
identifier func;
@@
 func (...) {
<...
-test_memeq
+tt_mem_op
 (a,
+_X_EQ_,
  b, len)
 ...>
 }

@@
expression a, b, len;
identifier func;
@@
 func (...) {
<...
-test_memneq
+tt_mem_op
 (a,
+_X_NEQ_,
  b, len)
 ...>
 }

------------------------------
@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

------------------------------

s/_X_NEQ_/!=/g;
s/_X_NE_/!=/g;
s/_X_EQ_/==/g;
s/_X_GT_/>/g;
s/_X_LT_/</g;
s/_X_GEQ_/>=/g;
s/_X_LEQ_/<=/g;

s/test_mem_op\(/tt_mem_op\(/g;
2014-09-15 21:18:21 -04:00
Nick Mathewson
0bd220adcb Don't pass invalid memory regions to digestmap_set/get in test_routerlist
Fixes bug in c887e20e6a5a2c17c65; bug in no released Tor version.
2014-09-15 14:04:19 -04:00
Nick Mathewson
1dc0d26b50 Clean up a clangalyzer warning in directory_remove_invalid
"At this point in the code, msg has been set to a string
constant. But the tor code checks that msg is not NULL, and the
redundant NULL check confuses the analyser[...] To avoid this
spurious warning, the patch initialises msg to NULL."

Patch from teor. another part of 13157.
2014-09-15 13:52:56 -04:00
Nick Mathewson
53a94c4b4b Clear up another clangalyzer issue
"The NULL pointer warnings on the return value of
tor_addr_to_in6_addr32() are incorrect. But clang can't work this
out itself due to limited analysis depth. To teach the analyser that
the return value is safe to dereference, I applied tor_assert to the
return value."

Patch from teor.  Part of 13157.
2014-09-15 13:52:13 -04:00
Roger Dingledine
d6b2a1709d fix typo in comment 2014-09-13 17:10:04 -04:00
Nick Mathewson
550c03336c Bump maint-0.2.5 to 0.2.5.7-rc-dev 2014-09-11 21:38:32 -04:00
Nick Mathewson
89e32c7c08 One more whitespace fix 2014-09-11 14:40:24 -04:00
Nick Mathewson
32f75c870e Whitespace cleanups in test_util 2014-09-11 14:37:12 -04:00
Nick Mathewson
6d66e9068b Whitespace cleanups in transports/test_pt 2014-09-11 14:36:51 -04:00
Nick Mathewson
43a47ae726 Use tor_malloc_zero() in pt tests
Fixes for PT tests merged with 8402; patch from Yawning.
2014-09-11 09:17:13 -04:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Nick Mathewson
121f4a9ca4 Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 08:30:41 -04:00
Nick Mathewson
d02937a203 Fix "comparison is always false" warnings in new test_util_di_ops
Having a constant zero means that unsigned < 0 is always false.
2014-09-11 08:28:46 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
2491eadf00 C90 compliance for #13104 fixes 2014-09-11 00:10:53 -04:00
Nick Mathewson
284cc9a224 Avoid an overflow on negation in format_helper_exit_status
Part of 13104; patch from teor.
2014-09-11 00:00:13 -04:00
Nick Mathewson
59f9a5c786 Avoid divide by zero and NaNs in scale_array_elements_to_u64
Patch from teor; part of 13104
2014-09-10 23:59:21 -04:00
Nick Mathewson
5126bc2ebd Extra tests for tor_memeq and memcmp
(Patch from teor; part of 13104)
2014-09-10 23:58:02 -04:00
Nick Mathewson
d2463c0cfe Avoid overflows and underflows in sscanf and friends
(Patch from teor on 13104)
2014-09-10 23:57:31 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
5474d8ae05 Merge remote-tracking branch 'public/torrc_minimal' 2014-09-10 23:36:27 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
6e2ef4bc5e Refactor the 'deliver a log message' logic to its own function. 2014-09-10 22:58:36 -04:00
Nick Mathewson
de114587f0 Turn log loop into a for loop, and "Does this lf want this" into a fn 2014-09-10 22:39:55 -04:00
Nick Mathewson
15a318b49a Refactor pending_cb_message_t into a type with proper functions
Also, rename it.
2014-09-10 22:35:16 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Nick Mathewson
40b7dfaed2 Remove now-pointless SIZE_MAX stanza from OpenBSD_malloc_linux 2014-09-09 12:09:18 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
David Stainton
b59fd2efb6 Fix permissions logic 2014-09-04 22:21:30 +00:00
Sebastian Hahn
8356721662 Fix add_fingerprint_to_dir() doc and signature
This function never returns non-null, but its usage doesn't reflect
that. Let's make it explicit. This will be mostly overridden by later
commits, so no changes file here.
2014-09-04 22:22:56 +02:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
David Stainton
59e052b896 Remove HiddenServiceDirGroupReadable from or_options_t
...and also fix whitespace.
2014-09-03 17:22:15 +00:00
Nick Mathewson
ed8f020e20 Fix a couple of small memory leaks on failure cases.
[CID 1234702, 1234703]
2014-09-03 10:59:39 -04:00
Nick Mathewson
c4d0d30bf3 Fix some 'dereference-before-null-check' warnings in test_circuitlist.c
Found by Coverity Scan.

[CID 1234704, 1234705, 1234706]
2014-09-03 10:59:10 -04:00
Nick Mathewson
0e66edb254 Fix the leaks that valgrind found in the new routerset tests.
(We have a tests-shouldn't-leak policy so that we won't accidentally
ignore true-positives.)
2014-09-03 09:51:14 -04:00
David Stainton
7203040835 Fix regression nickm pointed out 2014-09-03 03:53:32 +00:00
Nick Mathewson
9ab35b0a2e Use 'Bytes', not 'B', in torrc.sample.
Also put this change into torrc.minimal.in-staging

Closes ticket 10343
2014-09-02 19:18:21 -04:00
Magnus Nord
d0113a0c2a Fix: typo in torrc.sample.in 2014-09-02 19:16:16 -04:00
Nick Mathewson
8a79b56ac6 Divide torrc.sample into torrc.sample and torrc.minimal
torrc.minimal is now the one that should change as infrequently as
possible.  To schedule an change to go into it eventually, make your
change to torrc.minimal.in-sample.

torrc.sample is now the volatile one: we can change it to our hearts'
content.

Closes ticket #11144
2014-09-02 19:14:30 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
Nick Mathewson
bce32e0a35 Fix more (void*)11 warnings in the tests 2014-09-02 15:40:47 -04:00
Nick Mathewson
a14c6cb70f Make iter for DECLARE_TYPED_DIGESTMAP_FNS be a pointer.
This fixes a clangalyzer warning, and makes our C slightly better C.
2014-09-02 15:40:04 -04:00
David Stainton
6e4efb559d Fix white space 2014-09-02 18:08:57 +00:00
Nick Mathewson
44f0dfa53b Use real pointers in unit tests, not (void*)101 etc
The clangalyzer hates (void*)101 etc
2014-09-02 13:56:54 -04:00
Nick Mathewson
32b88d2565 Don't include a backtrace test for dereferencing 0 under analyzers
They hate this.
2014-09-02 13:56:31 -04:00
Nick Mathewson
9b850f9200 Add more assertions to esc_for_log to please the clangalyzer. 2014-09-02 13:29:45 -04:00
Nick Mathewson
07a16b3372 Add an assertion to read_file_to_str_until_eof
The clangalyzer doesn't believe our math here.  I'm pretty sure our
math is right.  Also, add some unit tests.
2014-09-02 13:29:11 -04:00
Nick Mathewson
1a2f2c163f Explicitly initialize addresses in tor_ersatz_socketpair
This should stop a false positive from the clangalyzer.
2014-09-02 12:58:32 -04:00
Nick Mathewson
57c48bf734 Apply the MALLOC_ZERO_WORKS fixup to tor_realloc as well.
Also, make MALLOC_ZERO_WORKS never get applied when clang analyzer is
running.  This should make the clangalyzer a little happier.
2014-09-02 12:55:20 -04:00
Nick Mathewson
00ffccd9a6 Another clang analyzer complaint wrt HT_GENERATE
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
87f9c51f64 Avoid unsigned/sign compare warning from last patch. 2014-09-01 15:42:17 -04:00
Philip Van Hoof
60a3897ed9 Bounds check while looping over a fixed size table or array
(Edited to use existing ARRAY_LENGTH macro --nickm)
2014-09-01 15:40:47 -04:00
meejah
7caf7e9f2a Make HiddenServiceDirGroupReadable per-hidden-service 2014-08-30 15:23:05 -06:00
meejah
ae18c0812e fix two typos 2014-08-30 15:23:05 -06:00
David Stainton
6b9016fe3c Correct check_private_dir's dir mode
This commit attempts to satisfy nickm's comment on check_private_dir() permissions:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12
"""check_private_dir() ensures that the directory has bits 0700 if CPD_CHECK_MODE_ONLY is not set. Shouldn't it also ensure that the directory has bits 0050 if CPD_CHECK_MODE_ONLY is not set, and CPD_GROUP_READ is set?"""
2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Nick Mathewson
573d62748a Fix some coverity warnings in new routerset tests 2014-08-29 15:09:27 -04:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
dana koch
c887e20e6a Introduce full coverage tests for module routerset.c.
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
e72a5b3c07 Move secret-to-key functionality into a separate module
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b Initialize crash handler in unit tests
This way, we don't get locking failures when we hit an assertion in
the unit tests.  Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
Nick Mathewson
b2acd3580c ed25519_ref10: use uint64_t and int64_t, not long long 2014-08-26 10:58:26 -04:00
Nick Mathewson
8b36bb9299 Add headers as needed to make ed25519_ref10 compile. 2014-08-26 10:56:22 -04:00
Nick Mathewson
8594e97c03 Add some explicit casts as needed to make ed25519_ref10 compile
Apparently, ref10 likes implicit conversions from int64 to int32 more
than our warnings do.
2014-08-26 10:14:18 -04:00
Nick Mathewson
4847136d2c Integrate ed25519_ref10 into our build system. 2014-08-26 10:11:56 -04:00
Nick Mathewson
b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622
We might use libsodium or ed25519-donna later on, but for now, let's
see whether this is fast enough.  We should use it in all cases when
performance doesn't matter.
2014-08-26 10:08:44 -04:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Isis Lovecruft
374b531dba
Add published line to @type bridge-network-status documents.
This modifies the format of the bridge networkstatus documents produced
by the BridgeAuth. The new format adds a `published` line to the header
of the file, before the `flag-thresholds` line. This is done once per
networkstatus file that is written. The timestamp in the `published`
line is the standard ISO 8601 format (with a space as the separator)
used throughout the rest of tor.

 * FIXES #12951 https://bugs.torproject.org/12951
2014-08-25 23:46:17 +00:00
Nick Mathewson
051dd9c409 Remove the assigned-but-unused chosen_named_idx local variable
It had been used in consensus method 1.  But now that 13 is the
minimum (see #10163), we don't need it around.

Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
72ba1739e2 Fix another memory leak case in sandbox.c:prot_strings()
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c Use the ARRAY_LENGTH macro more consistently. 2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d Remove the non-implemented versions of the sandbox _array() functions 2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
d6033843a4 When looking for conns to close, count the age of linked queued data
Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.
2014-08-24 13:04:45 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00