Commit Graph

13195 Commits

Author SHA1 Message Date
Nick Mathewson
e83eddd113 Add missing -Isrc/ext to tor-fw-helper/include.am
We need this now that tor-fw-helper will pull in siphash.h

Fixes bug 11296; bugfix on 0.2.5.4-alpha where siphash.h was introduced.
2014-03-25 10:21:07 -04:00
Nick Mathewson
852fd1819e Free placeholder circid/chan->circuit map entries on exit
In circuitlist_free_all, we free all the circuits, removing them from
the map as we go, but we weren't actually freeing the placeholder
entries that we use to indicate pending DESTROY cells.

Fix for bug 11278; bugfix on the 7912 code that was merged in
0.2.5.1-alpha
2014-03-25 10:14:26 -04:00
Roger Dingledine
85ef58e5ba quiet the debug message in circuit_build_times_disabled()
something recently made it get called once per second, which will clutter
up your debug log file.
2014-03-24 02:33:17 -04:00
Nick Mathewson
6709a1f58d Merge remote-tracking branch 'arma/bug11276' 2014-03-23 15:57:56 -04:00
Nick Mathewson
3ddbf2880f Merge remote-tracking branch 'public/bug11275_024' 2014-03-23 15:56:23 -04:00
Roger Dingledine
eff16e834b Stop leaking 'sig' at each call of router_append_dirobj_signature()
The refactoring in commit cb75519b (tor 0.2.4.13-alpha) introduced
this leak.
2014-03-23 15:53:51 -04:00
Roger Dingledine
ddaeb4deee Be more lenient in our fix for bug 11149
There are still quite a few 0.2.3.2x relays running for x<5, and while I
agree they should upgrade, I don't think cutting them out of the network
is a net win on either side.
2014-03-23 02:53:08 -04:00
Roger Dingledine
c08b47977e Never run crypto_early_init() more than once
Previously we had set up all the infrastructure to avoid calling it
after the first time, but didn't actually use it.
2014-03-23 00:38:17 -04:00
Nick Mathewson
f560eeadc3 Remove the unused circuit_dump_by_chan().
Also remove its helper function.
2014-03-23 00:28:39 -04:00
Nick Mathewson
2cfc4453c2 Merge remote-tracking branch 'public/bug9683_rebased' 2014-03-23 00:20:05 -04:00
Nick Mathewson
f4e2c72bee Merge remote-tracking branch 'karsten/task-11070' 2014-03-23 00:18:48 -04:00
Nick Mathewson
f2c6c5e69c Merge branch 'ticket11149' 2014-03-23 00:18:11 -04:00
Nick Mathewson
a53e9bfeb4 bump to 0.2.5.3-alpha-dev 2014-03-23 00:15:25 -04:00
Roger Dingledine
d336d407d6 whitespace fix 2014-03-23 00:12:40 -04:00
Nick Mathewson
2bd7280d79 Increment version to 0.2.5.3-alpha 2014-03-22 21:07:50 -04:00
Nick Mathewson
a83abcf5ee Fix unittest compilation with --disable-curve25519
This is a fix for 9700, which we already fixed in 0.2.5.x, but which
got left in 0.2.4.x.

This is a partial backport of a0a855d586
2014-03-20 13:53:32 -04:00
Andrea Shepard
3b31b45ddb Appease make check-spaces 2014-03-18 10:26:44 -07:00
Nick Mathewson
dfdeb6418d Fix a ubsan warning in addr_mask_get_bits
ubsan doesn't like us to do (1u<<32) when 32 is wider than
unsigned.  Fortunately, we already special-case
addr_mask_get_bits(0), so we can just change the loop bounds.
2014-03-18 10:49:39 -04:00
Nick Mathewson
2aea6ca326 Fix a ubsan warning in our ctypes replacements
ubsan doesn't like 1<<31, since that's an undefined integer
overflow.  Instead, we should do 1u<<31.
2014-03-18 10:47:26 -04:00
Nick Mathewson
aaa33f144c csiphash: don't attempt unaligned access
In digestmap_set/get benchmarks, doing unaligned access on x86
doesn't save more than a percent or so in the fast case.  In the
slow case (where we cross a cache line), it could be pretty
expensive.  It also makes ubsan unhappy.
2014-03-18 10:43:46 -04:00
Nick Mathewson
204f7255f4 memarea.c: use flexible array member for mem
This make clang's memory sanitizer happier that we aren't reading
off the end of a char[1].  We hadn't replaced the char[1] with a
char[FLEXIBLE_ARRAY_MEMBER] before because we were doing a union
trick to force alignment.  Now we use __attribute__(aligned) where
available, and we do the union trick elsewhere.

Most of this patch is just replacing accesses to (x)->u.mem with
(x)->U_MEM, where U_MEM is defined as "u.mem" or "mem" depending on
our implementation.
2014-03-18 10:02:27 -04:00
Nick Mathewson
98b1aad201 Fix a use-after-free in test_circuitlist.c
Found by clang-3.4 analyzers.
2014-03-18 09:47:13 -04:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
d769cab3e5 Defensive programming: null [pn]_chan,circ_id in circuit_mark_for_close_
Doing this as part of the patch for #9683 to prevent possible bugs
down the line
2014-03-14 11:58:34 -04:00
Nick Mathewson
1a74360c2d Test code for implementation of faster circuit_unlink_all_from_channel
This contains the obvious implementation using the circuitmux data
structure.  It also runs the old (slow) algorithm and compares
the results of the two to make sure that they're the same.

Needs review and testing.
2014-03-14 11:57:51 -04:00
Nick Mathewson
d01cf18ecb should_disable_dir_fetches() now returns 1 if DisableNetwork==1
This change prevents LD_BUG warnings and bootstrap failure messages
when we try to do directory fetches when starting with
DisableNetwork == 1, a consensus present, but no descriptors (or
insufficient descriptors) yet.

Fixes bug 11200 and bug 10405.  It's a bugfix on 0.2.3.9-alpha.
Thanks to mcs for walking me through the repro instructions!
2014-03-14 10:42:49 -04:00
Nick Mathewson
102bb1c04f Update to latest tinytest
(This pulls in some fixes to tinytest_demo.c, which Tor doesn't build.)
2014-03-14 10:09:04 -04:00
Nick Mathewson
119896cd43 Fix some leaks/missed checks in the unit tests
Coverity spotted these.
2014-03-13 10:07:10 -04:00
Nick Mathewson
df836b45b0 Merge remote-tracking branch 'asn/bug5018_notice' 2014-03-12 11:10:51 -04:00
Nick Mathewson
9077118ee2 Remove the unused router_hex_digest_matches
When I removed some unused functions in 5bfa373eee, this became
unused as well.
2014-03-11 11:17:46 -04:00
Nick Mathewson
cce06b649e Merge remote-tracking branch 'asn/bug11069_take2' 2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018 Throw control port warning if we failed to connect to all our bridges. 2014-03-10 22:52:07 +00:00
George Kadianakis
cc1bb19d56 Tone down the log message for when we don't need a PT proxy. 2014-03-10 22:05:31 +00:00
Nick Mathewson
7aa2192048 Fix our check for the "first" bridge descriptor.
This is meant to be a better bug 9229 fix -- or at least, one more
in tune with the intent of the original code, which calls
router_retry_directory_downloads() only on the first bridge descriptor.
2014-03-10 15:11:21 -04:00
Nick Mathewson
db72479eea Update ns downloads when we receive a bridge descriptor
This prevents long stalls when we're starting with a state file but
with no bridge descriptors.  Fixes bug 9229.  I believe this bug has
been present since 0.2.0.3-alpha.
2014-03-10 15:01:27 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
Nick Mathewson
0c04416c11 Merge branch 'bug11043_take2_squashed' 2014-03-10 14:08:29 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
George Kadianakis
8c8e21e296 Improve the log message for when the Extended ORPort is not enabled. 2014-03-10 12:54:46 -04:00
Nick Mathewson
1365ff5b9a Upgrade to the latest version of tinytest.
This brings us to tinytest commit 709a36ba63ff16d8.

The only big change tor-side is that we don't need our own test_mem_op
operation any longer.
2014-03-06 18:06:08 -05:00
Nick Mathewson
065097b81b tinytest tt_{mem,str}_op now handle NULLs better
Now a NULL argument to either makes it fail, not crash.

Fies bug 9004; bugfix on 0.2.2.4-alpha.
2014-03-06 12:12:13 -05:00
Nick Mathewson
a50690e68f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-03-06 11:52:22 -05:00
Nick Mathewson
4a2a1e572e Merge branch 'bug11108' 2014-03-06 10:22:40 -05:00
Nick Mathewson
cbf9e74236 Correct the URL in the "a relay on win95???" message
This is a fix for 9393; it's not a bugfix on any Tor version per se,
but rather on whatever Tor version was current when we reorganized the
wiki.
2014-03-06 09:57:42 -05:00
Nick Mathewson
a4b447604a Stop accepting 0.2.2 relay uploads for the consensus.
Resolves ticket 11149.
2014-03-06 09:38:35 -05:00
Nick Mathewson
663aba07e5 Fix whitespace errors, all of them mine. 2014-03-05 14:36:32 -05:00
Nick Mathewson
22ccfc6b5f Rename PredictedCircsRelevanceTime->PredictedPortsRelevanceTime
All circuits are predictive; it's the ports that are expiring here.
2014-03-05 14:35:07 -05:00
Nick Mathewson
103cebd924 Merge branch 'ticket9176_squashed'
Conflicts:
	doc/tor.1.txt
2014-03-05 14:32:05 -05:00
Nick Mathewson
25374d307d Fix wide lines. 2014-03-05 14:31:13 -05:00
Nick Mathewson
2c25bb413e Lower the maximum for PrecictedCircsRelevanceTime to one hour 2014-03-05 14:31:13 -05:00
unixninja92
4f03804b08 Fixed spacing. 2014-03-05 14:31:13 -05:00
unixninja92
5c310a4fa2 Added max value to PredictedCircsRelevanceTime. 2014-03-05 14:31:13 -05:00
unixninja92
898154f717 PredictedCircsRelevanceTime: limit how long we predict a port will be used
By default, after you've made a connection to port XYZ, we assume
you might still want to have an exit ready to connect to XYZ for one
hour. This patch lets you lower that interval.

Implements ticket 91
2014-03-05 14:29:54 -05:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
1295490862 Merge remote-tracking branch 'public/bug8788' 2014-03-05 12:17:31 -05:00
Nick Mathewson
496fe685fd Include v3 in documented 'protocols' in rend_service_descriptor_t
Also make it unsigned and document that it's for INTRODUCE cell versions.

Fixes 9099; bugfix on 0.2.1.5-alpha, which introduced the v3 protocol.
2014-03-04 12:03:18 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
bb37544214 Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/common/compat_libevent.h
	src/or/relay.c
2014-03-04 11:00:02 -05:00
Nick Mathewson
46118d7d75 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	src/or/relay.c
2014-03-04 10:54:54 -05:00
Nick Mathewson
0db39eb89f ATTR_NORETURN is needed on lost_owning_controller now
This should fixes some "hey, that function could have
__attribute__((noreturn))" warnings  introduced by f96400d9.

Bug not in any released version of Tor.
2014-03-03 10:54:20 -05:00
Nick Mathewson
4050dfa320 Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them.  This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
also adjusts the manpage to say that ports are ignored.

Fixes ticket 11108.
2014-03-03 10:45:39 -05:00
Nick Mathewson
d98f743b28 Fix compilation warnings in tor_addr_make_null patch
There was one "missing prototype" warning because the test function
wasn't static, and one "unused parameter" warning about the "data"
parameter.

Also, I added a couple of tests to make sure that the "make_null"
addresses really were the addresses we expected, by formatting them
as strings.
2014-03-03 10:05:02 -05:00
Kevin Murray
4deae59e1c add test for tor_addr_make_null
Signed-off-by: Kevin Murray <spam@kdmurray.id.au>
2014-03-03 09:58:01 -05:00
Roger Dingledine
bd49653f8e trivial whitespace fixes 2014-03-03 06:53:08 -05:00
Nick Mathewson
0b7a66fac7 whitespace fix 2014-02-28 08:57:29 -05:00
Nick Mathewson
273f536d72 Merge branch 'bug10884_squashed' 2014-02-28 08:54:50 -05:00
Nick Mathewson
886d4be149 Unit tests for test_routerkeys_write_fingerprint 2014-02-28 08:53:14 -05:00
Nick Mathewson
0be9e6099b Unit tests for pk fingerprint functions 2014-02-28 08:53:14 -05:00
Nick Mathewson
25c0435aa5 Tighten router_write_fingerprint impl 2014-02-28 08:53:14 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
043329eeb6 Merge remote-tracking branch 'karsten/task-5824' 2014-02-28 08:32:13 -05:00
Nick Mathewson
833d027778 Monotonize the OOM-killer data timers
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks.  These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation.  This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.

A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
2014-02-26 09:51:30 -05:00
Nick Mathewson
bf1678603f Merge remote-tracking branch 'public/bug10449' 2014-02-25 16:09:15 -05:00
Nick Mathewson
c3800f631b Merge remote-tracking branch 'public/no_itime_queue' into maint-0.2.4 2014-02-25 15:58:53 -05:00
Nick Mathewson
f8e3c1672d Trivial comment fix. 2014-02-25 10:23:38 -05:00
Nick Mathewson
92da2e27a2 Merge remote-tracking branch 'public/bug11048' 2014-02-25 10:23:09 -05:00
Nick Mathewson
613b0a3bc5 Merge remote-tracking branch 'karsten/geoip2regcountry' 2014-02-25 10:04:37 -05:00
Nick Mathewson
23a5921e9a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-25 10:04:10 -05:00
Nick Mathewson
d7950eda2b Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-02-25 10:02:14 -05:00
Karsten Loesing
2658e70d16 Fix geoip by falling back to registered countries.
See 1d2179bc90 in master for details.

"""
Fall back to registered country if necessary.

When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.

But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there.  Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.

What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.

In short: let's fill all A1 entries with what ARIN et. al think.
"""
2014-02-25 13:28:34 +01:00
Karsten Loesing
1d2179bc90 Fall back to registered country if necessary.
When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.

But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there.  Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.

What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.

In short: let's fill all A1 entries with what ARIN et. al think.
2014-02-25 13:20:04 +01:00
Karsten Loesing
5015279153 Download MaxMind's geoip file over https.
If the cert turns out to be invalid or if wget is otherwise unable to
verify it, it's going to return an error and not download the file for us.

Spotted by nickm.
2014-02-25 11:26:27 +01:00
Nick Mathewson
d21b24b3b6 Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4 2014-02-24 13:05:25 -05:00
Nick Mathewson
a3ab31f5dc Threadproof our log_backtrace implementation
It's possible for two threads to hit assertion failures at the same
time.  If that happens, let's keep them from stomping on the same
cb_buf field.

Fixes bug 11048; bugfix on 0.2.5.2-alpha. Reported by "cypherpunks".
2014-02-24 12:15:32 -05:00
Karsten Loesing
c857276bd7 Include instructions on generating geoip files.
Implements #10924.
2014-02-21 19:13:33 +00:00
Nick Mathewson
1753975ece When not an exit node, don't test for DNS hijacking.
Back in 5e762e6a5c, non-exit servers
stopped launching DNS requests for users.  So there's no need for them
to see if their DNS answers are hijacked.

Patch from Matt Pagan.  I think this is a 965 fix.
2014-02-21 18:04:48 +00:00
Nick Mathewson
6eba3584b1 Merge remote-tracking branch 'public/bug10987_024' 2014-02-21 17:29:48 +00:00
Nick Mathewson
f3e8271652 Style tweaks on code, changes file for 10987 2014-02-21 17:27:35 +00:00
David Goulet
1532cff2ce Fix: send back correct IPv6 SOCKS5 connect reply
For a client using a SocksPort connection and IPv6, the connect reply
from tor daemon did not handle AF_INET6 thus sending back the wrong
payload to the client.

A changes file is provided and this fixes #10987

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-02-21 17:19:11 +00:00
Nick Hopper
b063ebbc60 fixed long -> int implicit cast warning line 3453 2014-02-20 11:54:01 +00:00
dana koch
f49805b681 Restitute a successful stat call to this test case.
Since the first stat call is made for it to deliberately fail, and we
reference st.st_mode without st having valid data, st.st_mode can contain
garbage and cause chmod to fail with EINVAL. We rerun stat and ensure it
succeeded.

Also make use of tt_abort_perror, to properly convey failure reasons to
the user.
2014-02-17 22:55:40 +00:00
dana koch
8999150f71 Appropriately condition the _le64toh macro definition for OpenBSD.
This corrects a linker error on OpenBSD, where the function is called letoh64. See also http://git.kernel.org/cgit/docs/man-pages/man-pages.git/tree/man3/endian.3#n84.
2014-02-17 22:42:19 +00:00
Nick Mathewson
e1deb01e5f mingw fix: Rename a variable in the unit tests
Apparently, MS C is #defining "IN" on us, so we can't name a
variable IN.  Delightful!
2014-02-16 12:51:35 -05:00
Nick Mathewson
3dfed0806c Merge remote-tracking branch 'public/bug10722' 2014-02-16 12:13:12 -05:00
Nick Mathewson
b5d6e47002 Warning message when bug 10722 would trigger
If somebody's excludenodes settings are keeping their hidden service
connections from working, they should probably get notified about it.
2014-02-16 12:11:07 -05:00
Nick Mathewson
35423d397f Merge branch 'bug4900_siphash_v2' 2014-02-15 15:59:10 -05:00
Nick Mathewson
1ad6dd0dbe Remove string hash in ht.h so we can't accidentally use it 2014-02-15 15:45:38 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
67749475f5 Merge remote-tracking branch 'public/bug10841' 2014-02-15 15:06:06 -05:00
Nick Mathewson
9d0af78e3c Merge remote-tracking branch 'karsten/mmdb-convert' 2014-02-15 00:08:36 -05:00
Nick Mathewson
c64b549621 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:07:15 -05:00
Nick Mathewson
bc58bfda70 Merge remote-tracking branch 'karsten/geoip6-feb2014' into maint-0.2.4 2014-02-15 00:06:40 -05:00
Nick Mathewson
260b3b1a19 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-02-15 00:06:25 -05:00
Nick Mathewson
405d055465 Merge remote-tracking branch 'karsten/geoip-feb2014' into maint-0.2.3 2014-02-15 00:06:01 -05:00
Nick Mathewson
339a47e80b Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:03:29 -05:00
Sebastian Hahn
3f567f529f gcc/clang: Mark macro-generated functions as possible unused
clang 3.4 introduced a new by-default warning about unused static
functions, which we triggered heavily for the hashtable and map function
generating macros. We can use __attribute__ ((unused)) (thanks nickm for
the suggestion :-) ) to silence these warnings.
2014-02-14 23:43:15 -05:00
Nick Mathewson
ac5ae794bd tristate->enum in rendcommon functions
When we have more than two return values, we should really be using
an enum rather than "-2 means this, -1 means that, 0 means this, and
1 or more means a number."
2014-02-14 23:23:53 -05:00
Nick Mathewson
1987894626 fix a whitespace snafu 2014-02-14 23:00:04 -05:00
Karsten Loesing
c024ff8671 Remove another unused v0 hidserv function.
Noted by Nick on #10841.
2014-02-14 17:54:16 +01:00
Nick Mathewson
fb595922b1 Tests for rend_token maps
This gets coverage of everything except for the cases which should be
impossible.
2014-02-13 15:24:15 -05:00
Nick Mathewson
949c9ae26b Tweak sign of rend_token params for consistency 2014-02-13 15:24:09 -05:00
Nick Mathewson
ecf61e924d Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025
Conflicts:
	src/or/circuitlist.c
2014-02-13 14:49:15 -05:00
Nick Mathewson
8b9a2cb68b Faster circuit_get_by_rend_token_and_purpose()
On busy servers, this function takes up something like 3-7% in
different profiles, and gets invoked every time we need to participate
as the midpoint in a hidden service.

So maybe walking through a linked list of all the circuits here wasn't
a good idea.
2014-02-13 14:44:43 -05:00
Karsten Loesing
f6f691df73 Update geoip6 to the February 2014 GeoIP database. 2014-02-13 19:04:51 +01:00
Karsten Loesing
436f7106b4 Exclude Teredo IPv6 prefix from geoip6.
The latest GeoLite2 database includes a pointer from 2001::/32 to the root
node of the IPv4 address space in the tree.  We need to exclude this whole
address space from geoip6, similar to how we exclude IPv4-mapped IPv6
addresses and the 6to4 mapping subnet.
2014-02-13 18:58:21 +01:00
Roger Dingledine
745434d29a bump to 0.2.5.2-alpha 2014-02-13 04:06:36 -05:00
Nick Mathewson
c4bb3c8d44 Log only one message for dangerous log settings.
We log only one message, containing a complete list of what's
wrong.  We log the complete list whenever any of the possible things
that could have gotten wrong gets worse.

Fix for #9870. Bugfix on 10480dff01, which we merged in
0.2.5.1-alpha.
2014-02-12 15:32:50 -05:00
Nick Mathewson
24add404ac eventdns.c: survive broken resolv.conf files
If you had a resolv.conf file with a nameserver line containing no
nameserver IP, we would crash.  That's not terrible, but it's not
desirable.

Fixes bug 8788; bugfix on 0.1.1.23.  Libevent already has this fix.
2014-02-12 15:11:31 -05:00
Nick Mathewson
79c234e0e3 On OOM, also log N circuits remaining 2014-02-12 13:09:02 -05:00
Nick Mathewson
c8d41da52d More unit tests for OOM handling.
This gets us up to no interesting untested new or changed lines for
the 10169 code.
2014-02-12 12:50:16 -05:00
Nick Mathewson
48877e24a8 Initial unit tests for OOM handling 2014-02-12 12:49:56 -05:00
Nick Mathewson
9a07ec751f Refactor OOM-handling functions for more testability
This patch splits out some of the functions in OOM handling so that
it's easier to check them without involving the rest of Tor or
requiring that the circuits be "wired up".
2014-02-12 12:48:20 -05:00
Nick Mathewson
52d222aafb Add tests for buffer time tracking. 2014-02-12 12:48:11 -05:00
Nick Mathewson
d379fc6e0f Several tests for buffer allocation 2014-02-12 12:48:00 -05:00
Nick Mathewson
f425cf8338 Start writing tests for 10169.
Now we cover more chunk allocation functions.
2014-02-12 12:47:49 -05:00
Nick Mathewson
eb6f433bdb Debugging code inbuffers.c for debugging chunk allocation.
Currently on; will disable later in this branch.
2014-02-12 12:46:17 -05:00
Nick Mathewson
87fb1e324c Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/or/circuitlist.c
2014-02-12 12:44:58 -05:00
Nick Mathewson
05d8111eed Merge remote-tracking branch 'public/bug10169_023' into bug10169_024 2014-02-12 12:39:15 -05:00
Nick Mathewson
fd28754dd3 Actually release buffer freelists when handling OOM conditions.
Otherwise freeing buffers won't help for a little while.
2014-02-12 12:38:20 -05:00
Nick Mathewson
7951591744 Fix bugs in bug10169 bugfix memory tracking
The chunk_grow() and chunk_copy() functions weren't adjusting the
memory totals properly.

Bugfix not on any released Tor version.
2014-02-12 12:37:41 -05:00
Nick Mathewson
c1e98c8afe Randomize the global siphash key at startup
This completes our conversion to using siphash for our hash functions.
2014-02-12 12:12:58 -05:00
Nick Mathewson
d3fb846d8c Split crypto_global_init() into pre/post config
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us.  (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)

We'll also need this for making sure we initialize the siphash key
before we do any hashes.
2014-02-12 12:04:07 -05:00
Nick Mathewson
0e97c8e23e Siphash-2-4 is now our hash in nearly all cases.
I've made an exception for cases where I'm sure that users can't
influence the inputs.  This is likely to cause a slowdown somewhere,
but it's safer to siphash everything and *then* look for cases to
optimize.

This patch doesn't actually get us any _benefit_ from siphash yet,
since we don't really randomize the key at any point.
2014-02-12 11:32:10 -05:00
Nick Mathewson
f05820531a csiphash: Add functions to take a global key. 2014-02-12 11:27:41 -05:00
Nick Mathewson
f51df9bb93 Tests for siphash, from reference implementation. 2014-02-12 10:58:03 -05:00
Nick Mathewson
1bd86b69b6 csiphash: avoid unaligned access on non-x86 2014-02-12 10:57:46 -05:00
Nick Mathewson
9605978eb6 Get csiphash better integrated with our build system 2014-02-12 10:24:04 -05:00
Nick Mathewson
f4656c0cc9 Raw import of Marek Majkowski's cisphash.c
siphash is a hash function designed for producing hard-to-predict
64-bit outputs from short inputs and a 128-bit key.  It's chosen for
security and speed.

See https://131002.net/siphash/ for more information on siphash.

Source: https://github.com/majek/csiphash/
2014-02-12 10:09:45 -05:00
Nick Mathewson
2c0088b8aa Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-12 09:17:11 -05:00
Nick Mathewson
d6e6eaba60 Fix windows compilation of e0c8031516
There is no WSAEPERM; we were implying that there was.This fixes a
bug in e0c8031516, which hadn't yet
appeared in any released Tor.
2014-02-12 09:16:22 -05:00
Karsten Loesing
74c2bff781 Remove remaining v0 hidden service descriptor code.
Fixes the rest of #10841 after #10881 already removed some hidden service
authority code.
2014-02-12 14:36:08 +01:00
Nick Mathewson
0ee449ca92 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-11 18:58:58 -05:00
Nick Mathewson
91d4bb0b00 Merge branch 'bug10777_netunreach_024' into maint-0.2.4 2014-02-11 18:57:55 -05:00
Nick Mathewson
8836c1ee2f Merge remote-tracking branch 'public/bug10777_nointernal_024' into maint-0.2.4 2014-02-11 18:55:26 -05:00
Nick Mathewson
c3720c05fa Free leakable values in the unit tests.
Thanks, Coverity!  (CID 1171414, 1171415, 1171416)
2014-02-11 18:10:33 -05:00
Nick Mathewson
10d4d3e2d5 Merge remote-tracking branch 'public/no_itime_queue_025' 2014-02-11 11:52:35 -05:00
Nick Mathewson
5e0cdc5ef2 Merge branch 'bug10881' 2014-02-11 11:42:06 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Nick Mathewson
cb065a55bd Merge remote-tracking branch 'karsten/one-dirauth' 2014-02-11 10:15:03 -05:00
Nick Mathewson
cb28fe486f Merge remote-tracking branch 'public/bug10722' 2014-02-11 10:08:58 -05:00
Nick Mathewson
c0483c7f85 Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
2014-02-10 22:41:52 -05:00
Roger Dingledine
dd3f2f6332 fix trivial typo 2014-02-10 16:05:35 -05:00
Nick Mathewson
e0c8031516 make EACCES survivable too. 2014-02-10 15:06:10 -05:00
Nick Mathewson
5b55e0e181 Merge remote-tracking branch 'public/no_itime_queue'
The conflicts here were tricky, and required me to eliminate the
command-queue as well.  That wasn't so hard.

Conflicts:
	src/or/or.h
	src/or/relay.c
2014-02-10 15:04:23 -05:00
Nick Mathewson
3133cde3c1 Excise the insertion_time_elem_t logic
It's now redundant with the inserted_time field in packed_cell_t

Fixes bug 10870.
2014-02-10 13:55:27 -05:00
Nick Mathewson
a73b0da653 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-09 21:41:59 -05:00
Nick Mathewson
7f6aa780e3 Merge remote-tracking branch 'andrea/bug9602' into maint-0.2.4 2014-02-09 21:41:24 -05:00
Nick Mathewson
b15f75b632 Don't treat END_STREAM_REASON_INTERNAL as total circuit failure
It can happen because we sent something that got an ENETUNREACH
response.

Bugfix on 0.2.4.8-alpha; fixes a part of bug 10777.
2014-02-09 21:35:14 -05:00
Nick Mathewson
f5d32c08ba Call ENETUNREACH a case of NOROUTE, not a case of INTERNAL.
Found by cypherpunks; fix for a part of bug 10777; bugfix on 0.1.0.1-rc.
2014-02-09 21:30:23 -05:00
Andrea Shepard
c330d63ff7 Make sure orconn->chan gets nulled out when channels exit from channel_free_all() too 2014-02-08 14:05:51 -08:00
Karsten Loesing
26dd328891 Update to the February 2014 GeoIP database. 2014-02-08 12:09:37 +01:00
Karsten Loesing
749ead79ad Don't zero-pad day of the month. 2014-02-08 12:03:27 +01:00
Karsten Loesing
3bea0fff79 Add script to convert GeoLite2 country databases.
Copied over from https://github.com/nmathewson/mmdb-convert,
commit 52f0d43408ed3a0fe7c3b2fa7099da7f6b7c4502.
2014-02-08 11:56:54 +01:00
Karsten Loesing
becc3d5b4e Remove script to clean up GeoLite country databases. 2014-02-08 11:56:27 +01:00
Karsten Loesing
ebe7e22045 Suppress warning in networks with only 1 dirauth. 2014-02-08 11:02:27 +01:00
Nick Mathewson
a0577aacb4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 17:41:41 -05:00
Nick Mathewson
9bb34aa897 Survive fedora's openssl in our benchmarks
Apparently fedora currently has ECDH but not P224. This isn't a huge
deal, since we no longer use OpenSSL's P224 ever (see #9780 and
72c1e5acfe). But we shouldn't have segfaulting benchmarks really.

Fixes bug 10835; bugfix on 0.2.4.8-alpha.
2014-02-07 17:36:11 -05:00
Nick Mathewson
fdf68479b0 Explain CURVE25519_ENABLED: closes 9774 2014-02-07 16:16:56 -05:00
Nick Mathewson
1ebdaf5788 More hacking around spawn_func issues
This time, we use a pthread_attr to make sure that if pthread_create
succeeds, the thread is successfully detached.

This probably isn't the big thing going on with 4345, since it'd be
a bit weird for pthread_detach to be failing.  But it's worth
getting it right.
2014-02-07 13:13:15 -05:00
Nick Mathewson
aa3c8c1397 Use the right functions; strncpy is usually not the answer 2014-02-07 12:25:49 -05:00
Nick Mathewson
f1682a615f Merge remote-tracking branch 'houqp/hs_control_fix' 2014-02-07 12:22:56 -05:00
Nick Mathewson
040b478692 Remove a needless check in channel_tls_handle_incoming
This patch removes an "if (chan)" that occurred at a place where
chan was definitely non-NULL.  Having it there made some static
analysis tools conclude that we were up to shenanigans.

This resolves #9979.
2014-02-07 12:01:16 -05:00
Nick Mathewson
ef4eb823f3 Merge the circuit_{free,clear}_cpath functions
(Based on a suggestion by arma at #9777)
2014-02-07 10:50:06 -05:00
Nick Mathewson
babbd3ff08 Merge remote-tracking branch 'public/feature9777_024_squashed'
Conflicts:
	src/or/circuitbuild.c
2014-02-07 10:47:34 -05:00
Nick Mathewson
1068e50aec Discard circuit paths on which nobody supports ntor
Right now this accounts for about 1% of circuits over all, but if you
pick a guard that's running 0.2.3, it will be about 6% of the circuits
running through that guard.

Making sure that every circuit has at least one ntor link means that
we're getting plausibly good forward secrecy on every circuit.

This implements ticket 9777,
2014-02-07 10:45:34 -05:00
Nick Mathewson
372adfa09a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 10:38:24 -05:00
Andrea Shepard
707c1e2e26 NULL out conns on tlschans when freeing in case channel_run_cleanup() is late; fixes bug 9602 2014-02-06 14:47:34 -08:00
Nick Mathewson
b4e8d8dc0e Merge remote-tracking branch 'public/bug9716_024' into maint-0.2.4 2014-02-06 16:29:08 -05:00
Nick Mathewson
075482ff80 Merge remote-tracking branch 'public/bug10543_024_v2' 2014-02-06 16:25:26 -05:00
Nick Mathewson
dffac251f1 Make the handling for usable-exit counting handle ExitNodes better
It's possible to set your ExitNodes to contains only exits that don't
have the Exit flag.  If you do that, we'll decide that 0 of your exits
are working.  Instead, in that case we should look at nodes which have
(or which might have) exit policies that don't reject everything.

Fix for bug 10543; bugfix on 0.2.4.10-alpha.
2014-02-06 16:24:08 -05:00
Qingping Hou
57da1a5057 add test case for node_get_verbose_nickname 2014-02-06 16:13:55 -05:00
Qingping Hou
39ff3b00cf add test for node_get_verbose_nickname_by_id 2014-02-06 16:13:55 -05:00
Qingping Hou
0fbe7f3188 remove node_describe_by_id() function
This function is not used anymore
2014-02-06 16:13:55 -05:00
Qingping Hou
bf66ff915a fix longname returned in HS_DESC control events
According to control spec, longname should not contain any spaces and is
consists only of identy_digest + nickname

added two functions:
* node_get_verbose_nickname_by_id()
* node_describe_longname_by_id()
2014-02-06 16:13:55 -05:00
Florent Daigniere
01132c93fd Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-06 16:09:12 -05:00
Nick Mathewson
1b93e3c6d9 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	changes/bug10485
	src/or/rephist.c
	src/or/status.c
2014-02-06 13:27:04 -05:00
Nick Mathewson
655adbf667 Add a missing include 2014-02-06 13:25:36 -05:00
Nick Mathewson
edc6fa2570 Deliver circuit handshake counts as part of the heartbeat
Previously, they went out once an hour, unconditionally.

Fixes 10485; bugfix on 0.2.4.17-rc.
2014-02-06 13:03:01 -05:00
Nick Mathewson
34740a17ea Rename sun to s_un in test_addr.c
Apparently the compiler on solaris 9 didn't like "sun" as an identifier.

Fix for bug 10565; bugfix on 0.2.5.1-alpha.
2014-02-06 12:36:33 -05:00
Nick Mathewson
4268cbf294 Distcheck repair: add new python testing code to "tarballs"
'make distcheck' now passes again.
2014-02-04 11:08:22 -05:00
Nick Mathewson
c61a472076 test_config.c: log which address should have failed 2014-02-03 16:21:32 -05:00
Nick Mathewson
24544a10c0 Clean up test_hs.c: warning fix; tor_free() usage.
My OSX laptop rightly gave a warning because of sticking strlen() into
an int, but once I took a closer look... it appears that the strlen()
was part of a needlessly verbose implementation for tor_strdup().

While I was there, I fixed the usage of tor_free() in test_hs.c: It
checks for NULL, and it zeros its argument.  So instead of
    if (foo) {
      tor_free(foo);
      foo = NULL;
    }
we should just say
    tor_free(foo);
2014-02-03 16:12:30 -05:00
Nick Mathewson
dafed84dab Fixes for bug4645 fix. 2014-02-03 14:31:31 -05:00
rl1987
e82e772f2b Using proper functions to create tor_addr_t. 2014-02-03 14:20:24 -05:00
rl1987
3a4b24c3ab Removing is_internal_IP() function. Resolves ticket 4645. 2014-02-03 14:20:17 -05:00
Nick Mathewson
5991f9a156 TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)
2014-02-03 13:56:19 -05:00
Karsten Loesing
00ec6e6af0 More fixes to rip out all of the v2 directory code.
(This was a squash commit, but I forgot to squash it. Sorry! --Nick)
2014-02-03 13:34:30 -05:00
rl1987
881c7c0f7d 10365: Close connections if the VERSIONS cell has an odd length.
Fixes issue 10365.
2014-02-03 13:14:27 -05:00
Nick Mathewson
8db8fda43f check-spaces fixes for test_router.c 2014-02-03 13:00:15 -05:00
Nick Mathewson
f96400d9df bug10449: a dying owning controller makes Tor exit immediately
If you want a slow shutdown, send SIGNAL SHUTDOWN.

(Why not just have the default be SIGNAL QUIT?  Because this case
should only happen when an owning controller has crashed, and a
crashed controller won't be able to give the user any "tor is
shutting down" feedback, and so the user gets confused for a while.
See bug 10449 for more info)
2014-02-03 12:54:06 -05:00
Nick Mathewson
696b484d4d Defensive programming in control_event_hs_descriptor_*
It looks to me like these functions can never get called with NULL
arguments, but better safe than sorry.
2014-02-03 12:35:35 -05:00
Nick Mathewson
fee7f25ff8 Merge remote-tracking branch 'houqp/hs_control' 2014-02-03 12:28:42 -05:00
Nick Mathewson
27d81c756b slownacl's pure-python curve25519 lets us test ntor everywhere.
Improvement on f308adf838, where we made the ntor
unit tests run everywhere... so long as a python curve25519 module
was installed.  Now the unit tests don't require that module.
2014-02-03 11:34:13 -05:00
Nick Mathewson
c6c87fb6d1 Merge remote-tracking branch 'public/bug10758' 2014-02-03 11:05:29 -05:00
Florent Daigniere
9d6e805d28 Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-03 10:44:19 -05:00
Nick Mathewson
25f0eb4512 Add a sandbox rule to allow IP_TRANSPARENT 2014-02-02 15:47:48 -05:00
Nick Mathewson
fd8947afc2 Move the friendly warning about TPROXY and root to EPERM time
I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.
2014-02-02 15:45:00 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Qingping Hou
ebd99314cf add test case for node_describe_by_id 2014-01-29 22:47:05 -05:00
Qingping Hou
0b0d4b4ebc add test case for hidden service async events 2014-01-29 22:43:11 -05:00
Qingping Hou
29c18f5b71 add hidden service descriptor async control event 2014-01-29 22:23:57 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
bb21d14255 Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.

Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.

Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
2014-01-24 12:56:10 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
85b46d57bc Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it
for ages and ages.

Found by skruffy.  This was a bug in 2dda97e8fd, a.k.a. svn
revision 402. It's been there since we have been using cpuworkers.
2014-01-17 12:04:53 -05:00
Nick Mathewson
8a49fac9e0 Coverate in util.c: test that tor_parse_* rejects negative base. 2014-01-17 11:58:09 -05:00
Nick Mathewson
ab0fdbb618 Add an --accel switch to run unit tests with crypto acceleration 2014-01-17 11:58:09 -05:00
Nick Mathewson
682c2252a5 Fix some seccomp2 issues
Fix for #10563.  This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
2014-01-06 04:27:58 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
9030360277 Add explicit check for 0-length extend2 cells
This is harmless in the Tor of today, but important for correctness.

Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
2014-01-03 10:43:09 -05:00
Nick Mathewson
573ee36eae Merge remote-tracking branch 'public/bug10485' 2013-12-24 11:42:35 -05:00
Nick Mathewson
2b8962bc64 Move onion-type stats message into heartbeat
Fix for 10485. Fix on 0.2.4.17-alpha.
2013-12-24 11:41:48 -05:00
Nick Mathewson
6276cca8ce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-22 17:26:25 -05:00
Nick Mathewson
b9f6e40ecb Fix automapping to ipv6
Bugfix on 0.2.4.7-alpha; fixes bug 10465.
2013-12-22 17:19:22 -05:00
Nick Mathewson
bbc85b18ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-21 21:16:06 -05:00
Nick Mathewson
b5d13d11c9 Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in
62fb209d83, I had a spurious ! in the
circuit_stream_is_being_handled loop.  This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.

Fixes bug 10456; bugfix on 0.2.4.12-alpha.
2013-12-21 10:15:09 -05:00
Nick Mathewson
b98c5884fc Merge remote-tracking branch 'linus/bug10324' 2013-12-20 11:40:21 -05:00
Nick Mathewson
85284c33d1 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-12-18 22:04:21 -05:00
Karsten Loesing
b7d8a1e141 Report complete directory request statistics on bridges.
When we wrote the directory request statistics code in August 2009, we
thought that these statistics were only relevant for bridges, and that
bridges should not report them.  That's why we added a switch to discard
relevant observations made by bridges.  This code was first released in
0.2.2.1-alpha.

In May 2012 we learned that we didn't fully disable directory request
statistics on bridges.  Bridges did report directory request statistics,
but these statistics contained empty dirreq-v3-ips and dirreq-v3-reqs
lines.  But the remaining dirreq-* lines have always been non-empty.  (We
didn't notice for almost three years, because directory-request statistics
were disabled by default until 0.2.3.1-alpha, and all statistics have been
removed from bridge descriptors before publishing them on the metrics
website.)

Proposal 201, created in May 2012, suggests to add a new line called
bridge-v3-reqs that is similar to dirreq-v3-reqs, but that is published
only by bridges.  This proposal is still open as of December 2013.

Since October 2012 we're using dirreq-v3-resp (not -reqs) lines in
combination with bridge-ips lines to estimate bridge user numbers; see
task 8462.  This estimation method has superseded the older approach that
was only based on bridge-ips lines in November 2013.  Using dirreq-v3-resp
and bridge-ips lines is a workaround.  The cleaner approach would be to
use dirreq-v3-reqs instead.

This commit makes bridges report the same directory request statistics as
relays, including dirreq-v3-ips and dirreq-v3-reqs lines.  It makes
proposal 201 obsolete.
2013-12-18 18:02:10 +01:00
Karsten Loesing
90f0358e3e Disable (Cell,Entry,ExitPort)Statistics on bridges
In 0.2.3.8-alpha we attempted to "completely disable stats if we aren't
running as a relay", but instead disabled them only if we aren't running
as a server.

This commit leaves DirReqStatistics enabled on both relays and bridges,
and disables (Cell,Entry,ExitPort)Statistics on bridges.
2013-12-18 18:01:25 +01:00
Nick Mathewson
7b87003957 Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG.  That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.

Thanks to coderman and rl1987 for diagnosing and tracking this down.
2013-12-18 11:53:07 -05:00
Nick Mathewson
f12d3fe9aa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-17 13:54:02 -05:00
Nick Mathewson
561d9880f8 Merge branch 'bug10423' into maint-0.2.4 2013-12-17 13:53:11 -05:00
Nick Mathewson
adfcc1da4a Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/microdesc.c

Conflict because one change was on line adjacent to line where
01206893 got fixed.
2013-12-17 13:18:00 -05:00
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00
Linus Nordberg
129f26e959 Make tor-gencert create 2048 bit signing keys. 2013-12-12 17:39:22 +01:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
9c048d90b6 Merge remote-tracking branch 'public/bug10131_024' 2013-12-09 11:06:20 -05:00
Nick Mathewson
c56bb30044 Remove a check in channeltls.c that could never fail.
We were checking whether a 8-bit length field had overflowed a
503-byte buffer. Unless somebody has found a way to store "504" in a
single byte, it seems unlikely.

Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found
by David Fifield with STACK.
2013-12-09 11:02:34 -05:00
David Fifield
b600495441 Set CREATE_NO_WINDOW in tor_spawn_background.
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.

http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW

The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.

https://trac.torproject.org/projects/tor/ticket/9444#comment:30
2013-12-05 12:30:11 -05:00
Nick Mathewson
8f9c847fbf Restore prop198 behavior from 4677 patch
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.

Bug not in any released Tor.
2013-11-25 10:53:37 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
acd8c4f868 Avoid warning about impossible check for flags & 0
Fixes CID 743381
2013-11-22 12:42:05 -05:00
Nick Mathewson
23dae51976 Only update view of micrdescriptor pos if pos is fetchable.
It's conceivable (but probably impossible given our code) that lseek
could return -1 on an error; when that happens, we don't want off to
become -1.

Fixes CID 1035124.
2013-11-22 12:38:58 -05:00
Nick Mathewson
a7410c9199 Add checks to prevent memcmp(.,.,negative) in tests (CID 1064417) 2013-11-22 12:33:25 -05:00
Nick Mathewson
569dbcc615 Fix another unit test memory leak. CID1087949,CID1087950. 2013-11-22 12:27:41 -05:00
Nick Mathewson
7c76fd5a82 Fix a bunch of coverity-spotted unit test resource leaks
CIDs: 1130994, 1130993, 1130992, 1130991
2013-11-22 12:21:14 -05:00
Nick Mathewson
6f7eb7a0a5 Remove needless fd var from test. CID 1130989. 2013-11-22 12:16:17 -05:00
Nick Mathewson
6cbd17470d Handle unlikely negative time in tor_log_err_sigsafe
Coverity wants this; CID 1130990.
2013-11-22 12:14:11 -05:00
Nick Mathewson
647248729f Drop the MaxMemInQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
2013-11-20 12:13:30 -05:00
Nick Mathewson
e572ec856d Rename MaxMemInCellQueues to MaxMemInQueues 2013-11-20 12:12:23 -05:00
Nick Mathewson
a406f6d0f0 doxygen comments for 10169 code 2013-11-20 12:05:36 -05:00
Nick Mathewson
eabcab2b7c Count freed buffer bytes from buffers when oom-killing circuits.
Also, aggressively clear the buffers to try to make their bytes go
away fast rather than waiting for the close-marked-connection code
to get 'em.
2013-11-20 11:57:45 -05:00
Nick Mathewson
027f4c82eb Whitespace cleanup 2013-11-20 11:05:00 -05:00
Nick Mathewson
03da9be2f1 Merge remote-tracking branch 'sysrqb/bug9859_5' 2013-11-20 11:03:37 -05:00
Nick Mathewson
e7165659e0 Fix crypto/digests test 2013-11-18 13:33:29 -05:00
Nick Mathewson
a7c9d64fd6 Merge branch 'finish_prop157' 2013-11-18 13:27:06 -05:00
Nick Mathewson
ec9d88e5a2 Tweak #10162 documentation a bit 2013-11-18 13:26:58 -05:00
Nick Mathewson
3cdd7966d7 Add a _GNU_SOURCE definition to backtrace.c to fix compilation 2013-11-18 13:05:23 -05:00
Nick Mathewson
9025423471 Whoops -- add missing defined(). 2013-11-18 11:36:23 -05:00
Nick Mathewson
93c99508d2 Make header includes match declarations in pc_from_ucontext.m4
With any luck, this will clean up errors where we detect that
REG_{EIP,RIP} is present in autoconf, but when we go to include it,
it isn't there.
2013-11-18 11:34:15 -05:00
Nick Mathewson
adf2fa9b49 Fix compilation under openssl 0.9.8
It's not nice to talk about NID_aes_{128,256}_{ctr,gcm} when they
don't exist.

Fix on 84458b79a78ea7e26820bf0; bug not in any released Tor.
2013-11-18 11:25:07 -05:00
Nick Mathewson
bd25bda7c0 Remove 'struct timeval now' that was shadowing 'struct timeval now'.
This was a mistake in the merge commit 7a2b30fe16. It
would have made the CellStatistics code give completely bogus
results. Bug not in any released Tor.
2013-11-18 11:20:35 -05:00
Nick Mathewson
4b9ec85e47 Fix whitespace 2013-11-18 11:13:40 -05:00
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup.
Fixes ticket 10043; patch from Joshua Datko.
2013-11-18 11:12:24 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
c2dfae78d3 Refactor format_*_number_sigsafe to have a common implementation 2013-11-18 10:43:16 -05:00
Nick Mathewson
c3ea946839 Reseolve DOCDOC and XXXXs in backtrace.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
56e3f056e9 Tests for backtrace.c
These need to be a separate executable, since the point of backtrace.c
is that it can crash and write stuff.
2013-11-18 10:43:15 -05:00
Nick Mathewson
0cf234317f Unit tests for new functions in log.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
d631ddfb59 Make backtrace handler handle signals correctly.
This meant moving a fair bit of code around, and writing a signal
cleanup function.  Still pretty nice from what I can tell, though.
2013-11-18 10:43:15 -05:00
Nick Mathewson
ce8ae49c94 Improve new assertion message logging
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
91ec6f7269 Have the OOM handler also count the age the data in a stream buffer 2013-11-15 18:38:52 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
f6e07c158f Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha.  All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.

The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
2013-11-14 09:37:41 -05:00
Nick Mathewson
4aa9affec2 Fix test_cmdline_args to work with old openssl
If openssl was old, Tor would add a warning about its version in
between saying "no torrc found, using reasonable defaults" and
"configuration was valid".
2013-11-11 15:22:08 -05:00
Nick Mathewson
fc5a881bd3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-11-10 12:24:12 -05:00
Nick Mathewson
8bfa596c15 Fix two more DirServer mentions in log 2013-11-10 12:23:56 -05:00
Nick Mathewson
56ac75b265 Fix a wide line 2013-11-10 12:22:34 -05:00
Nick Mathewson
532f70a807 Change documentation DirServer->DirAuthority
We renamed the option, but we didn't actually fix it in the log
messages or the docs.  This patch does that.

For #10124.  Patch by sqrt2.
2013-11-10 12:21:23 -05:00
Nick Mathewson
940d286a74 Documentation and tests for 10060 2013-11-07 14:42:58 -05:00
rl1987
86cfc64d45 Implementing --allow-missing-torrc CLI option. 2013-11-07 14:26:05 -05:00
Nick Mathewson
1b8ceb83c9 Improved circuit queue out-of-memory handler
Previously, when we ran low on memory, we'd close whichever circuits
had the most queued cells. Now, we close those that have the
*oldest* queued cells, on the theory that those are most responsible
for us running low on memory, and that those are the least likely to
actually drain on their own if we wait a little longer.

Based on analysis from a forthcoming paper by Jansen, Tschorsch,
Johnson, and Scheuermann. Fixes bug 9093.
2013-11-07 12:15:30 -05:00
Nick Mathewson
12dc55f487 Merge branch 'prop221_squashed_024'
Conflicts:
	src/or/or.h
2013-11-01 10:28:01 -04:00
Nick Mathewson
5de88dda0a circuit_build_failed: distinguish "got DESTROY" case
Roger spotted this on tor-dev in his comments on proposal 221.

We etect DESTROY vs everything else, since arma likes network
timeout indicating failure but not overload indicating failure.
2013-11-01 10:04:48 -04:00
Nick Mathewson
0de71bf8eb Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2013-11-01 10:04:48 -04:00
Nick Mathewson
5cc155e02a Merge remote-tracking branch 'public/bug9645' into maint-0.2.4 2013-10-31 16:09:41 -04:00
Nick Mathewson
275ab61ad4 Appease make check-spaces 2013-10-31 14:45:20 -04:00
Nick Mathewson
9bcd93a364 Merge remote-tracking branch 'public/bug10063' 2013-10-31 14:43:20 -04:00
Nick Mathewson
761ee93c69 Add missing includes for circpathbias.h 2013-10-31 14:33:34 -04:00
Nick Mathewson
8f793c38fb Move other #9731 check to start of its functions
At arma's suggestion.  Looks like I missed this one.
2013-10-31 14:29:18 -04:00
Nick Mathewson
5cba0ddfc4 Make circpathbias and circuitbuild compile.
That was the tricky part
2013-10-31 14:28:49 -04:00
Nick Mathewson
b4ebf8421a Move pathbias functions into a new file.
Does not compile yet.  This is the "no code changed" diff.
2013-10-31 14:17:49 -04:00
Nick Mathewson
96f92f2062 Move #9731 checks to start of their functions
At arma's suggestion.
2013-10-31 14:10:23 -04:00
Nick Mathewson
702c0502cf Merge remote-tracking branch 'public/bug9731' 2013-10-31 14:09:18 -04:00