Commit Graph

15967 Commits

Author SHA1 Message Date
Nick Mathewson
6f331645c7 Remove mempools and buf freelists
They have been off-by-default since 0.2.5 and nobody has complained. :)

Also remove the buf_shrink() function, which hasn't done anything
since we first stopped using contiguous memory to store buffers.

Closes ticket 14848.
2015-02-11 09:03:50 -05:00
Nick Mathewson
0c81dfa848 Merge remote-tracking branch 'public/feature_13555' 2015-02-11 08:42:00 -05:00
Nick Mathewson
5c820def99 Merge remote-tracking branch 'sysrqb/bug14802_025' 2015-02-09 22:39:55 -08:00
Nick Mathewson
f4c0735933 Merge remote-tracking branch 'teor/avoid-NULL-smartlist-foreach' 2015-02-09 22:35:40 -08:00
Sebastian Hahn
9667b2b88a Add some comments to or_circuit_t.workqueue_entry
These were suggested by dgoulet, thanks!
2015-02-09 16:13:08 +01:00
Sebastian Hahn
7337510090 Avoid use-after-free of circ belonging to cancelled job
This fixes a bug where we decide to free the circuit because it isn't on
any workqueue anymore, and then the job finishes and the circuit gets
freed again.

Fixes bug #14815, not in any released version of Tor.
2015-02-09 16:12:47 +01:00
Roger Dingledine
56061976db Recover better when our clock jumps back many hours
like might happen for Tails or Whonix users who start with a very wrong
hardware clock, use Tor to discover a more accurate time, and then
fix their clock.

Resolves part of ticket 8766.

(There are still some timers in various places that aren't addressed yet.)
2015-02-09 01:05:31 -05:00
Damian Johnson
44abbf5ab6 Dropping test_cmdline_args.py
Before a couple weeks ago didn't know Tor had these tests, interesting! Stem
already has tests for spawning tor processes but lacked any with this targeted
focus on its arguments.

I've added our own counterpart for these tests. Many are direct copies but
there were others I improved a little...

  https://trac.torproject.org/projects/tor/ticket/14109
  https://gitweb.torproject.org/stem.git/commit/?id=137d193a026638f066e817e3396cebbbb6ace012

Now that Tor uses Stem to supplement its tests no reason for these to live
separately. Tested by simply building tor and confirming test_cmdline_args.py
is no longer in the generated Makefile.
2015-02-08 21:34:36 -08:00
Roger Dingledine
1cb9064d7d shift all the static times into a struct
no actual behavior changes yet
2015-02-09 00:07:15 -05:00
Sebastian Hahn
37d16c3cc7 Reserve enough space for rend_service_port_config_t
In #14803, Damian noticed that his Tor sometimes segfaults. Roger noted
that his valgrind gave an invalid write of size one here. Whenever we
use FLEXIBLE_ARRAY_MEMBER, we have to make sure to actually malloc a
thing that's large enough.

Fixes bug #14803, not in any released version of Tor.
2015-02-09 04:48:16 +01:00
Matthew Finkel
9ae321db66 Return 0 when detecting the amount of memory fails
Fixes bug 14802;  bugfix on 0.2.5.4-alpha.
2015-02-09 02:06:18 +00:00
teor
d0759da14e Avoid calling SMARTLIST_FOREACH on a NULL smartlist in tests
Check if each smartlist is NULL before calling SMARTLIST_FOREACH on it.

Bug discovered by the clang static analyzer.
Apple clang 600.0.56 (LLVM 3.5svn) on x86_64-apple-darwin14.1.0.
2015-02-08 23:41:37 +11:00
Nick Mathewson
8b82f6261e Search-and-replace to regain coding style in wake of 13822.
(all-caps should be reserved for global or module-global constants and
2015-02-07 08:33:36 -05:00
Nick Mathewson
4beb830953 Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variants
Also raise those minima from 20 to 75 and 50 respectively.

Closes ticket 13822.
2015-02-07 08:33:23 -05:00
David Goulet
b101f4e98c Control: getinfo entry-guards report down-since
If the guard unreachable_since variable was set, the status "up" was
reported which is wrong. This adds the "down" status followed by the
unreachable_since time value.

Fixes #14184

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-06 16:06:20 -05:00
Sebastian Hahn
136b1d8ed0 Remove useless export in zero length key test
Fixes part of bug #14478, patch idea suggested by an anonymous
contributor. Thanks!
2015-02-06 21:56:26 +01:00
Sebastian Hahn
d695f7b423 Don't use invalid exit values in zero length key test
Shell exit values must fall into the range of [0-255], so let's honour
this. In practice, the "exit -1" from the old code set an exit value of
255 on most systems, so let's pick that.

Fixes part of bug #14478, patch idea suggested by an anonymous
contributor. Thanks!
2015-02-06 21:55:59 +01:00
Nick Mathewson
e36faeec1d Merge remote-tracking branch 'sebastian/bug13993' 2015-02-06 15:42:53 -05:00
Sebastian Hahn
e0c3de40ad Fix check-spaces complaints 2015-02-06 21:36:40 +01:00
Sebastian Hahn
6d8b614729 Avoid logging startup messages twice 2015-02-06 21:34:21 +01:00
Sebastian Hahn
b3bc871214 Add unit test for #13290 2015-02-06 21:04:05 +01:00
Yawning Angel
16cf1679e7 Fix scheduler compilation on targets where char is unsigned.
Per discussion with nickm, the `dir` argument should be a int rather
than a signed char.

Fixes bug #14764.
2015-02-06 16:26:28 +00:00
Nick Mathewson
1799c2be09 Merge remote-tracking branch 'public/bug13796' 2015-02-05 22:53:15 -05:00
Nick Mathewson
2274221557 Fix a work-counting bug introduced by the workqueue merge
David Goulet finds that when he runs a busy relay for a while with the
latest version of the git code, the number of onionskins handled
slowly dwindles to zero, with total_pending_tasks wedged at its
maximum value.

I conjecture this is because the total_pending_tasks variable isn't
decremented when we successfully cancel a job.  Fixed that.

Fixes bug 14741; bugfix not on any released version of tor.
2015-02-05 12:17:08 -05:00
Nick Mathewson
3f993dacc1 use ARRAY_LENGTH macro in domain_to_string 2015-02-05 11:01:13 -05:00
Yawning Angel
b330bdec8e Add a string representation for LD_SCHED, and a extra sanity check.
This both fixes the problem, and ensures that forgetting to update
domain_list in the future will trigger the bug codepath instead of
a NULL pointer deref.
2015-02-05 15:46:27 +00:00
Nick Mathewson
daab405168 Bump the minimum relay version to 0.2.4.18-rc
Closes #13555
2015-02-04 13:27:56 -05:00
Nick Mathewson
a8835170d7 Use getsockname, not getsockopt, on TPROXY sockets 2015-02-04 10:09:54 -05:00
Nick Mathewson
ac8f235446 fix a unit tests memory leak (my fault) 2015-02-03 15:58:48 -05:00
Nick Mathewson
5be48c5d4c Work around test_status.c weirdness
Ordinarily, get_options() can never return NULL, but with
test_status.c mocking, it can.  So test for that case.

The best fix here would be to pass the options value to a
bridge_server_mode() function.
2015-02-03 15:50:31 -05:00
Nick Mathewson
cdc49629c7 Merge branch 'bug6852'
Conflicts:
	src/or/status.c
2015-02-03 13:06:58 -05:00
Nick Mathewson
7f52dc4d03 Choose a more deliberate cutoff for clients in heartbeat 2015-02-03 13:02:22 -05:00
Nick Mathewson
d03e1da232 Merge remote-tracking branch 'public/bug9635_warnings_025'
Conflicts:
	src/test/test.c
2015-02-02 16:31:32 -05:00
Nick Mathewson
41ba4f5627 tweak based on comments from dgoulet 2015-02-02 14:42:33 -05:00
rl1987
a9caeb961f Test for 13865. 2015-02-02 14:38:36 -05:00
Nick Mathewson
5c807f30e4 Add more parenthesis to the definition of ARRAY_LENGTH 2015-02-02 14:14:35 -05:00
Nick Mathewson
03563f4723 Fix an unused-variable warning. 2015-02-02 13:35:44 -05:00
Nick Mathewson
79c7625e38 Merge branch 'feature13864_squashed' 2015-02-02 13:32:53 -05:00
rl1987
fe328d192e Allow reading torrc from stdin. 2015-02-02 13:31:56 -05:00
Nick Mathewson
69deab8b2a Merge remote-tracking branch 'public/bug13319' 2015-02-02 10:25:25 -05:00
Nick Mathewson
f4b79bc420 Merge remote-tracking branch 'sysrqb/bug14216_bad_since' 2015-02-02 10:23:52 -05:00
Nick Mathewson
55639bc67f Merge remote-tracking branch 'dgoulet/bug14202_026_v1' 2015-02-02 10:16:48 -05:00
Nick Mathewson
e78b7e2776 Merge remote-tracking branch 'public/14188_part1' 2015-02-02 10:15:26 -05:00
Matthew Finkel
4cb59ceb8e Only retry connecting to configured bridges
After connectivity problems, only try connecting to bridges which
are currently configured; don't mark bridges which we previously
used but are no longer configured.  Fixes 14216.  Reported by
and fix provided by arma.
2015-01-31 09:46:18 +00:00
Nick Mathewson
aba90b2125 Merge remote-tracking branch 'dgoulet/bug14554_026_v1' 2015-01-30 15:29:59 -05:00
David Goulet
2c41f12048 Fix: check r < 0 before checking errno
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 15:18:40 -05:00
David Goulet
51f793e37e Fix possible infinite loop on pipe/sock_drain()
If the returned value of read/recv is 0 (meaning EOF), we'll end up in an
infinite loop (active wait) until something is written on the pipe which is
not really what we want here especially because those functions are called
from the main thread.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 15:05:18 -05:00
Nick Mathewson
097286e476 Fix some unused-argument warnings 2015-01-30 14:47:56 -05:00
Nick Mathewson
bc9ade055e Fix an uninitialized-variable warning. 2015-01-30 14:46:18 -05:00
David Goulet
44e9dafb67 Fix: test -ENOENT after config_parse_unix_port()
Check for -ENOENT instead of ENOENT after the HS port is parsed.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 14:13:27 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
d1e52d9a2a Correctly handle OutboundBindAddress again.
ca5ba2956b broke this; bug not in any
released Tor.

Also fix a typo.

Fixes 14541 and 14527.  Reported by qbi.
2015-01-30 07:29:23 -05:00
Nick Mathewson
a87ea9b1c6 Merge branch 'bug14451_026_v1' 2015-01-29 15:16:15 -05:00
Nick Mathewson
f6afb04abb Use HT_BUCKET_NUM_ in more places
(patch from sysrqb)
2015-01-29 15:10:23 -05:00
Nick Mathewson
5faa017b86 Merge remote-tracking branch 'public/ticket11737' 2015-01-29 15:09:55 -05:00
Nick Mathewson
4c1a779539 Restrict unix: addresses to control and socks for now 2015-01-29 14:51:59 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
Nick Mathewson
b4a8fd8958 When there are no package lines, make consensus/packages say "".
Also, give a better error message when there is no consensus.
2015-01-29 14:14:59 -05:00
Nick Mathewson
bd630a899a Correctly reject packages lines with empty entries 2015-01-29 14:09:57 -05:00
Nick Mathewson
f935ee2dae Define 'digesttype' correctly 2015-01-29 14:04:21 -05:00
David Goulet
80bed1ac96 Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()
Fixes #14202

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-29 12:55:19 -05:00
David Goulet
ebc59092bc Make hidden service use the config unix prefix
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 18:01:53 -05:00
David Goulet
bf3fb55c47 Support unix: prefix in port configuration
It's now possible to use SocksPort or any other kind of port that can use a
Unix socket like so:

  SocksPort unix:/foo/bar/unix.sock

Fixes #14451

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 17:55:38 -05:00
Nick Mathewson
a3de2dfde6 Merge branch 'bug11485_026_v2_squashed' 2015-01-28 14:32:19 -05:00
David Goulet
fb523b543a fixup! Refactor the use of ifdef HAVE_SYS_UN_H
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 14:30:23 -05:00
Andrea Shepard
bce824a9ad Actually make connections to HSes on AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
ca5ba2956b Support connection_exit_connect() to AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
6564291601 Handle config options for AF_UNIX hidden services rendservice.c 2015-01-28 14:30:23 -05:00
Arthur Edelstein
cb714d896c Bug #8405: Report SOCKS username/password in CIRC status events
Introduces two new circuit status name-value parameters: SOCKS_USERNAME
and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
are escaped.

Example:

    650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"
2015-01-28 12:02:15 -05:00
Nick Mathewson
32dad3b83b Add GETINFO consensus/{valid-{after,until},fresh-until} 2015-01-28 11:28:21 -05:00
Nick Mathewson
c240eea0df more typo fixes from mcs and gk 2015-01-28 11:25:37 -05:00
Nick Mathewson
f75ca04520 Tweak tor-resolve docs and logs
Resolves 14325
2015-01-28 10:11:08 -05:00
Nick Mathewson
e9caa8645e Try to work around changes in openssl 1.1.0
Prefer not to use a couple of deprecated functions; include more
headers in tortls.c

This is part of  ticket 14188.
2015-01-28 10:00:58 -05:00
Nick Mathewson
20d0b1a04e Bump a client authorization message from debug to info.
A user wants this for 14015, and it seems fairly reasonable.
2015-01-28 09:42:28 -05:00
Nick Mathewson
9c4328c038 New GETINFO consensus/packages to expose package information from consensus 2015-01-27 16:40:32 -05:00
Nick Mathewson
1e61b45251 Fixes on prop227 comments, based on comments by mcs on #10395 2015-01-27 16:31:48 -05:00
David Goulet
91009dce97 Refactor rend_cache_lookup_entry() and how it's used
Here is why:

1) v0 descriptors are deprecated since 0.2.2.1 and not suppose to be alive
in the network anymore. This function should only serve v2 version for now
as the default.

2) It should return different error code depending on what's the actual
error is. Right now, there is no distinction between a cache entry not found
and an invalid query.

3) This function should NOT test if the intro points are usable or not. This
adds some load on a function that should be "O(1)" and do one job.
Furthermore, multiple callsites actually already test that doing twice the
job...

4) While adding control event, it would be useful to be able to lookup a
cache entry without having it checking the intro points. There are also
places in the code that do want to lookup the cache entry without doing
that.

Fixes #14391

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-27 12:04:40 -05:00
Andrea Shepard
03d6a31716 Groundwork for AF_UNIX hidden services in rendservice.c 2015-01-27 06:22:37 +00:00
Nick Mathewson
a598d0f575 Bail early in cpuworker_onion_handshake_replyfn if the circuit is marked 2015-01-26 10:19:07 -05:00
Nick Mathewson
8f9fb3e8fa Try to fix some more memory leaks in the unit tests 2015-01-23 11:35:05 -05:00
Nick Mathewson
614fbf1812 Fix some memory leaks in new address tests 2015-01-23 11:26:40 -05:00
Nick Mathewson
034e2788f8 whitespace fixes 2015-01-23 11:18:28 -05:00
Nick Mathewson
7322de15dc Split the slow unit tests into their own binary
This can run in parallel with the faster ones and the other tests.
2015-01-23 11:15:53 -05:00
Nick Mathewson
420037dcef Merge branch 'if_addr_refactoring_squashed'
Conflicts:
	src/test/include.am
	src/test/test.c
2015-01-23 10:13:37 -05:00
rl1987
3966145dff Refactor code that looks up addresses from interfaces
Now the code has separate implementation and examination functions,
uses smartlists sanely, and has relatively decent test coverage.
2015-01-23 10:07:17 -05:00
Nick Mathewson
6c443e987d Tweak the 9969 fix a little
If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled.  Instead, wait for the busy ones to be nonbusy.
2015-01-23 09:37:08 -05:00
Nick Mathewson
5d4bb6f61f Merge remote-tracking branch 'public/ticket9969'
Conflicts:
	src/or/directory.c
	src/or/routerlist.c
	src/or/routerlist.h
	src/test/include.am
	src/test/test.c
2015-01-23 09:36:00 -05:00
Nick Mathewson
b677ccd3ab Merge remote-tracking branch 'public/ticket13762' 2015-01-23 08:55:31 -05:00
Nick Mathewson
d8517fe843 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-23 08:53:21 -05:00
Nick Mathewson
7cbdec578b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-01-23 08:52:55 -05:00
Nick Mathewson
df4c484021 Merge remote-tracking branch 'karsten/geoip6-jan2015' into maint-0.2.4 2015-01-23 08:52:35 -05:00
Nick Mathewson
dbd5a9a8f9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-01-23 08:52:20 -05:00
Nick Mathewson
4a6b43bf76 fix some warnings in compat_threads.c 2015-01-22 14:22:39 -05:00
Nick Mathewson
1fb9979eb8 Move a redundant _GNU_SOURCE to where it is not redundant 2015-01-22 14:18:10 -05:00
Karsten Loesing
a9ce0cd659 Update geoip6 to the January 7 2015 database. 2015-01-22 09:58:29 +01:00
Karsten Loesing
c3f8f5ab0e Update geoip to the January 7 2015 database. 2015-01-22 09:56:54 +01:00
Nick Mathewson
38b3f9a619 use the correct free fn. spotted by dgoulet 2015-01-21 14:54:38 -05:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
David Goulet
84f5cb749d Fix: remove whitespace and update a comment in cpuworker.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-21 14:31:02 -05:00
David Goulet
f52ac5be74 Fix: change copyright year in workqueue and thread tests
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-21 14:31:02 -05:00
David Goulet
d684dbb0c7 Support monotonic time for pthread_cond_timedwait
This is to avoid that the pthread_cond_timedwait() is not affected by time
adjustment which could make the waiting period very long or very short which
is not what we want in any cases.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-21 14:29:12 -05:00
Nick Mathewson
f0415c1600 Merge branch 'bug9819' 2015-01-21 13:00:26 -05:00
Nick Mathewson
523e920d53 fix a comment 2015-01-21 13:00:14 -05:00
Nick Mathewson
3c8dabf69a Fix up some workqueue/threading issues spotted by dgoulet. 2015-01-21 12:26:41 -05:00
Nick Mathewson
ac5b70c700 handle EINTR in compat_*threads.c 2015-01-21 12:18:11 -05:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
Nick Mathewson
9ddc1fb10c Merge remote-tracking branch 'dgoulet/bug14224_025_v1' 2015-01-20 14:02:07 -05:00
Nick Mathewson
da423532f7 Merge branch 'ticket14254_squashed' 2015-01-20 13:46:56 -05:00
Nick Mathewson
78c53eff85 Fix SocksSocket 0. That was easy! 2015-01-20 13:46:44 -05:00
Nick Mathewson
061682c829 Some days I just can't C. 2015-01-19 11:58:40 -05:00
Nick Mathewson
2e8b8c8698 Make check-spaces happier. 2015-01-19 11:56:03 -05:00
Nick Mathewson
f92b01b963 Remove a now-needless testing workaround. 2015-01-19 11:55:52 -05:00
Nick Mathewson
a8dd930274 Replace a 4 with a 6; fix a bug that nobody noticed :/
Fixes 14280 bugfix on 1053af0b9c in 0.2.4.7-alpha.
2015-01-19 11:51:08 -05:00
Nick Mathewson
1053af0b9c Merge branch 'bug7555_v2_squashed'
Conflicts:
	src/or/connection_edge.c
2015-01-19 11:43:41 -05:00
Nick Mathewson
758d77130c Add a bunch of new comments to explain connection_ap_rewrite{,_and_attach}
Also, do a little light refactoring to move some variable declarations
around and make a few things const

Also fix an obnoxious bug on checking for the DONE stream end reason.
It's not a flag; it's a possible value or a variable that needs to be
masked.
2015-01-19 11:30:22 -05:00
David Goulet
b5525476f5 Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit. Also, it's reason is changed before closing it so we
don't report again an intro point failure and trigger an extra HS fetch.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 10:23:58 -05:00
David Goulet
b3c1152bae Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 09:44:11 -05:00
Nick Mathewson
63765399eb Merge remote-tracking branch 'public/ticket13037'
Conflicts:
	src/or/config.c
2015-01-18 16:07:08 -05:00
Roger Dingledine
5aa55a1369 Remove the unused rend_cache_entry_t->received field.
(Patch from arma, commit message from nick.)

Closes #14222.
2015-01-18 15:53:06 -05:00
Nick Mathewson
fae72a8d0a Merge remote-tracking branch 'public/bug14219_025' 2015-01-18 15:41:13 -05:00
Roger Dingledine
9407040c59 Do not replace a HS descriptor with a different replica of itself
This fixes a bug where we'd fetch different replicas of the same
descriptor for a down hidden service over and over, until we got lucky
and fetched the same replica twice in a row.

Fixes bug 14219; bugfix on 0.2.0.10-alpha.

(Patch from Roger; commit message and changes file by Nick.)
2015-01-18 15:39:12 -05:00
Nick Mathewson
efdac2a68c Merge remote-tracking branch 'public/bug14261_025'
Conflicts:
	src/or/directory.c
2015-01-18 15:28:35 -05:00
Nick Mathewson
ceb6dee465 Increase limit for status vote download size by a factor of 5.
We've started to hit the limit here.  We introduced the limit in
0.1.2.5-alpha.  This fixes bug 14261, but we should have a smarter way
to not actually do the behavior this permits.  See #14267 for a ticket
about fixing that.
2015-01-18 15:25:29 -05:00
Nick Mathewson
54e4aaf52c Fix memory leak in connection_ap_handshake_rewrite_and_attach()
Spotted by asn.  #14259.  Bugfix on 368eb6a97 in 0.2.0.1-alpha.
2015-01-18 14:19:26 -05:00
Nick Mathewson
79e12da861 Merge remote-tracking branch 'public/bug12485' 2015-01-18 13:49:30 -05:00
Nick Mathewson
ba17cdfb0a fix another mingw64 unit test warnin 2015-01-16 11:49:58 -05:00
Nick Mathewson
31838bd783 changes suggested by weasel 2015-01-16 11:46:20 -05:00
Nick Mathewson
485fdcf826 Unify parse_unix_socket_config and parse_port_config
This incidentally makes unix SocksSocket support all the same options
as SocksPort.

This patch breaks 'SocksSocket 0'; next will restore it.

Resolves 14254.
2015-01-16 11:35:48 -05:00
Nick Mathewson
bbad23bf37 No, client-side DNS cacheing should not be on by default. 2015-01-16 09:32:22 -05:00
Nick Mathewson
4b23b398a3 Merge branch 'bug8546_squashed'
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
49bdfbabb4 Replace field-by-field copy with memcpy for entry_port_cfg 2015-01-16 09:23:03 -05:00
Nick Mathewson
13dac5e463 Move entry_port_cfg_t fields in entry_connection_t
Also rename some options for uniformity, and apply this script:

@@
entry_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:58 -05:00
Nick Mathewson
58d17add5e Combine entry_port_cfg_t fields in listener_connection_t
Also, revise the code using these options with this cocci script:

@@
listener_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:53 -05:00
Nick Mathewson
f444f2b1d3 Split client-specific and server-specific parts of port_cfg_t
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+server_cfg.
\(
 no_advertise
\|
 no_listen
\|
 all_addrs
\|
 bind_ipv4_only
\|
 bind_ipv6_only
\)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:49 -05:00
Nick Mathewson
2329d9fe37 Fix a compilation warning in the unit tests 2015-01-15 12:56:57 -05:00
Nick Mathewson
746bb55851 Ignore warning for redundant decl in openssl/srtp.h
Backports some commits from tor master.
2015-01-15 12:38:08 -05:00
Nick Mathewson
3368b0c9f2 Add string for IP_NOW_REDUNDANT in circuit_end_reason_to_control_string
Closes 14207; bugfix on 0.2.6.2-alpha.
2015-01-15 11:53:20 -05:00
George Kadianakis
bb56fd1f8f unittests: use tt_i64_op() instead of tt_int_op() in laplace tests.
Do this in even more places to try to fix the build.
2015-01-15 11:08:22 -05:00
Nick Mathewson
a52e549124 Update workqueue implementation to use a single queue for the work
Previously I used one queue per worker; now I use one queue for
everyone.  The "broadcast" code is gone, replaced with an idempotent
'update' operation.
2015-01-15 11:05:22 -05:00
Roger Dingledine
660a35d97c fix typo 2015-01-15 11:03:13 -05:00
Nick Mathewson
52d6cb03a7 Merge remote-tracking branch 'andrea/bug12194_alt' 2015-01-15 10:26:35 -05:00
Nick Mathewson
88e36eaf0e Fix the checkdir/perms test when umask==077
Fixes 14215; bugfix on 0.2.6.2-alpha.  Reported by "cypherpunks".
2015-01-15 10:24:27 -05:00
Andrea Shepard
f7bb60e202 Add comments in rendclient.c noting that certain functions involved in handling ended HS connection attempts must be idempotent 2015-01-15 15:19:31 +00:00
George Kadianakis
354ddf8712 unittests: use tt_i64_op() instead of tt_int_op() in laplace tests. 2015-01-15 15:14:33 +00:00
George Kadianakis
25e7821bb1 unittests: Change some tt_assert()s to tt_int_op()s. 2015-01-15 14:43:58 +00:00
George Kadianakis
45bc5a0743 Restrict sample values of the Laplace distribution to int64_t.
This helps avoid undefined behavior from casting big double values to
int64_t. Fixes #14090.
2015-01-15 14:43:58 +00:00
Nick Mathewson
3668a4126e Merge remote-tracking branch 'public/bug13397' 2015-01-14 14:15:29 -05:00
Nick Mathewson
1686f81ac2 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-14 13:30:10 -05:00
Nick Mathewson
051ad788e0 Incorporate some comments based on notes from dgoulet 2015-01-14 11:31:14 -05:00
Nick Mathewson
fb5ebfb507 Avoid chan/circ linear lookups for requests
The solution I took is to not free a circuit with a pending
uncancellable work item, but rather to set its magic number to a
sentinel value.  When we get a work item, we check whether the circuit
has that magic sentinel, and if so, we free it rather than processing
the reply.
2015-01-14 11:31:12 -05:00
Nick Mathewson
6c9c54e7fa Remove if (1) indentation in cpuworker.c
To avoid having diffs turn out too big, I had replaced some unneeded
ifs and fors with if (1), so that the indentation would still work out
right.  Now I might as well clean those up.
2015-01-14 11:28:26 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
Nick Mathewson
cc6529e9bb Fix check-spaces 2015-01-14 11:19:35 -05:00
Nick Mathewson
e5f8c772f4 Test and fix workqueue_entry_cancel(). 2015-01-14 11:17:46 -05:00
Nick Mathewson
ebbc177005 Add shutdown and broadcast support to test_workqueue. 2015-01-14 11:17:46 -05:00
Nick Mathewson
81354b081b Add unit test for thread IDs. 2015-01-14 11:17:43 -05:00
Nick Mathewson
7a63005220 Basic unit test for condition variables. 2015-01-14 11:17:09 -05:00
Nick Mathewson
e47a90a976 "Recursive" locks, not "reentrant" locks. Duh. 2015-01-14 11:12:40 -05:00
Nick Mathewson
d69717f61b Use correct (absolute) time for pthread_cond_timedwait 2015-01-14 11:09:52 -05:00
Nick Mathewson
9fdc0d0594 Fix windows compilation of condition code 2015-01-14 11:09:51 -05:00
Nick Mathewson
d850ec8574 Fix linux compilation (pipe2 needs _GNU_SOURCE) 2015-01-14 11:09:51 -05:00
Nick Mathewson
74b782645a Move thread tests into their own module 2015-01-14 11:09:47 -05:00
Nick Mathewson
c51f7c23e3 Test a little more of compat_threads.c 2015-01-14 11:05:56 -05:00
Nick Mathewson
3868b5d210 Rename mutex_for_cond -> mutex_nonreentrant
We'll want to use these for other stuff too.
2015-01-14 11:05:56 -05:00
Nick Mathewson
93ad89e9d2 Rename bench_workqueue -> test_workqueue and make it a unit test. 2015-01-14 11:05:56 -05:00
Nick Mathewson
b2db3fb462 Documentation for new workqueue and condition and locking stuff 2015-01-14 11:05:54 -05:00
Nick Mathewson
4abbf13f99 Add a way to tell all threads to do something. 2015-01-14 11:01:21 -05:00
Nick Mathewson
51bc0e7f3d Isolate the "socketpair or a pipe" logic for alerting main thread
This way we can use the linux eventfd extension where available.
Using EVFILT_USER on the BSDs will be a teeny bit trickier, and will
require libevent hacking.
2015-01-14 11:01:19 -05:00
Nick Mathewson
c7eebe237d Make pending work cancellable. 2015-01-14 10:56:27 -05:00
Nick Mathewson
a82604b526 Initial workqueue implemention, with a simple test.
It seems to be working, but more tuning is needed.
2015-01-14 10:56:24 -05:00
Nick Mathewson
6c9363310a Specialize handling for mutexes allocated for condition variables
(These must not be reentrant mutexes with pthreads.)
2015-01-14 10:52:56 -05:00
Nick Mathewson
65016304d2 Add tor_cond_init/uninit 2015-01-14 10:49:59 -05:00
Nick Mathewson
e865248156 Add a timeout to tor_cond_wait; add tor_cond impl from libevent
The windows code may need some tweaks for it to compile; I've not
tested it yet.
2015-01-14 10:47:39 -05:00
Nick Mathewson
c2f0d52b7f Split threading-related code out of compat.c
Also, re-enable the #if'd out condition-variable code.

Work queues are going to make us hack on all of this stuff a bit more
closely, so it might not be a terrible idea to make it easier to hack.
2015-01-14 10:41:53 -05:00
Nick Mathewson
518b0b3c5f Do not log a notice on every socks connection 2015-01-14 09:54:40 -05:00
Nick Mathewson
b72acd725a More tests as suggested by rl1987 2015-01-14 09:10:35 -05:00
George Kadianakis
220f419da1 New minimum uptime to become an HSDir is 96 hours. 2015-01-14 12:48:09 +00:00
Nick Mathewson
03f783c045 remove a bogus comment 2015-01-13 13:59:39 -05:00
Nick Mathewson
73d1d153dc remove needless AllowDotExit in test_entryconn_rewrite_mapaddress_automap_onion2 2015-01-13 13:56:59 -05:00
Nick Mathewson
17c568b95c Fix new unused variable warning in connection_listener_new 2015-01-13 13:45:35 -05:00
Nick Mathewson
73ccf0b33f Uncomment a test 2015-01-13 13:42:20 -05:00
Nick Mathewson
2b8cebaac0 whitespace fix 2015-01-13 13:11:39 -05:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Nick Mathewson
9d0fab9872 Allow MapAddress and Automap to work together
The trick here is to apply mapaddress first, and only then apply
automapping.  Otherwise, the automap checks don't get done.

Fix for bug 7555; bugfix on all versions of Tor supporting both
MapAddress and AutoMap.
2015-01-13 12:41:15 -05:00
Nick Mathewson
ab6bd78eca (Disabled, failing) test for the bug in 7555. 2015-01-13 12:26:04 -05:00
Nick Mathewson
f2fb85f970 Remove needless strdup in addressmap_register_virtual_address()
Fixes bug 14195. Bugfix on 0.1.0.1-rc.
2015-01-13 12:24:42 -05:00
Nick Mathewson
6cbe016cb1 Fix memory leaks in entryconn tests. 2015-01-13 12:13:46 -05:00
Nick Mathewson
05a80bb46c More unit tests for rewriting entry connection addresses 2015-01-13 11:08:33 -05:00
Nick Mathewson
2e1ed0815d Actually set *expires_out in addressmap_rewrite.
Fixes 14193; bugfix on 35d08e30d, which went into 0.2.3.17-beta.
2015-01-13 09:42:23 -05:00
Nick Mathewson
732c885b32 Fix a conversion warning on 32-bit clang 2015-01-12 22:33:10 -05:00
Nick Mathewson
a0b4c2f1bd On jessie, we need a =, not a == 2015-01-12 22:30:40 -05:00
Nick Mathewson
7257f2e31d mktemp wants some Xs 2015-01-12 21:45:41 -05:00
Nick Mathewson
038804e13d Tweak zero_length_keys.sh and test/include.am to make out-of-tree builds work 2015-01-12 21:28:01 -05:00
Nick Mathewson
bba995e666 Begin writing unit tests for rewrite code 2015-01-12 21:08:43 -05:00
Andrea Shepard
066acaf6b9 Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified 2015-01-13 00:27:04 +00:00
Andrea Shepard
4316bb601a Remove no-longer-accurate comment from connection.c 2015-01-13 00:21:59 +00:00
Andrea Shepard
cb047f4078 Fix ipv4/ipv6 traffic bits on AF_UNIX socks listeners and remove hacky workarounds for brokenness 2015-01-13 00:18:17 +00:00
Andrea Shepard
f50068b17e Fix default list handling for parse_unix_socket_config(); avoid clearing whole pre-existing list 2015-01-12 22:12:18 +00:00
Nick Mathewson
2edfdc02a2 Merge remote-tracking branch 'teor/bug13111-empty-key-files-fn-empty' 2015-01-12 14:06:14 -05:00
Nick Mathewson
cacea9102a reindent cell_queues_check_size() 2015-01-12 13:59:50 -05:00
Nick Mathewson
c2e200cef8 Merge branch 'bug13806_squashed'
Conflicts:
	src/or/relay.c
2015-01-12 13:59:26 -05:00
Nick Mathewson
3033ba9f5e When OOM, free cached hidden service descriptors too. 2015-01-12 13:47:52 -05:00
Andrea Shepard
62f297fff0 Kill duplicated code in connection_listener_new() 2015-01-12 16:26:34 +00:00
Anthony G. Basile
8df35a0c88 src/common/compat_libevent.h: include testsupport.h
When tor is configured with --enable-bufferevents, the build fails
because compat_libevent.h makes use of the macro MOCK_DECL() which
is defined in testsupport.h, but not included.  We add the include.
2015-01-12 01:03:47 -05:00
Nick Mathewson
2d123efe7c Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-12 00:59:48 -05:00
Nick Mathewson
c9dd2d1a6a Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.5 2015-01-12 00:59:29 -05:00
Nick Mathewson
e009c2da51 Fix unused-parameter warning in systemd_watchdog_callback 2015-01-11 11:19:51 -05:00
Tomasz Torcz
a8999acc3b fix and enable systemd watchdog
There were following problems:
  - configure.ac wrongly checked for defined HAVE_SYSTEMD; this
    wasn't working, so the watchdog code was not compiled in.
    Replace library search with explicit version check
  - sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env;
    this means only first "watchdog ping" was delivered, each
    subsequent one did not have socket to be sent to and systemd
    was killing service
  - after those fixes, enable Watchdog in systemd unit with one
    minute intervals
2015-01-11 11:14:32 -05:00
Tomasz Torcz
2aa2d0a1c5 send more details about daemon status to supervisor
If running under systemd, send back information when reloading
configuration and gracefully shutting down.  This gives administator
more information about current Tor daemon state.
2015-01-11 11:14:14 -05:00
Tomasz Torcz
b17918726d send PID of the main daemon to supervisor
If running under systemd, notify the supervisor about current PID
of Tor daemon.  This makes systemd unit simpler and more robust:
it will do the right thing regardless of RunAsDaemon settings.
2015-01-11 11:14:08 -05:00
Nick Mathewson
180ecd6a2b Merge remote-tracking branch 'teor/nickm-bug13401' 2015-01-11 11:10:23 -05:00
Nick Mathewson
7b51667d63 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-11 11:05:31 -05:00
teor
b08cfc65a7 Don't crash on torrc Vi[rtualAddrNetworkIPv[4|6]] with no option value
Check for a missing option value in parse_virtual_addr_network
before asserting on the NULL in tor_addr_parse_mask_ports.
This avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]]
when no value follows the option.

Bugfix on 0.2.3 (de4cc126cb on 24 November 2012), fixes #14142.
2015-01-11 11:05:00 -05:00
Nick Mathewson
715fdfcb7b document rewrite_result_t and export for testing 2015-01-10 20:16:00 -05:00
Nick Mathewson
cd6a57e3d5 Move stream-closing out of rewrite code 2015-01-10 20:16:00 -05:00
Nick Mathewson
fc2831558c Split the rewrite part of rewrite-and-attach
I'd also like to split out the part that sends early socks responses.
2015-01-10 20:16:00 -05:00
Nick Mathewson
b2663298e9 Fix tortls.c build with GCC<4.6
apparantly, "pragma GCC diagnostic push/pop" don't exist with older versions.

Fixes bug in 740e592790f570c446cbb5e6d4a77f842f75; bug not in any
released Tor.
2015-01-10 17:31:48 -05:00
Nick Mathewson
740e592790 Ignore warning for redundant decl in openssl/srtp.h 2015-01-10 16:06:25 -05:00
Nick Mathewson
53ecfba284 Merge remote-tracking branch 'teor/fix-typos' 2015-01-10 16:00:12 -05:00
Nick Mathewson
ddfdeb5659 More documentation for proposal 227 work 2015-01-10 15:44:32 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
ac2f90ed00 Speed up hidden service bootstrap by reducing the initial post delay
Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
but keep the default at 30 seconds.

Reduces the hidden service bootstrap to 25 seconds from around 45 seconds.
Change the default src/test/test-network.sh delay to 25 seconds.

Closes ticket 13401.
2015-01-10 22:34:29 +11:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Nick Mathewson
e136606fe8 Smaller RendPostPeriod on test networks
This patch makes the minimum 5 seconds, and the default 2 minutes.

Closes 13401.
2015-01-10 22:34:28 +11:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
debd7862bb Test that tor correctly handles zero-length keys
Check that tor generates new keys, and overwrites the empty key files.
Test that tor generates new keys when keys are missing (existing
behaviour).
Test that tor does not overwrite key files that already contain data
(existing behaviour).

Tests fixes to bug 13111.
2015-01-10 17:14:29 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
teor
5ac26cb7c7 Fix a minor misspelling in util.c 2015-01-10 15:52:55 +11:00
Andrea Shepard
0729b2be53 Add support for a default list of paths and passing '0' to disable it to parse_unix_socket_config() 2015-01-09 20:49:54 +00:00
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Nick Mathewson
33df3e37ff Allow two ISO times to appear in EntryGuardDownSince.
When I made time parsing more strict, I broke the
EntryGuardDownSince line, which relied on two concatenated ISO times
being parsed as a single time.

Fixes bug 14136. Bugfix on 7984fc1531. Bug not in any released
version of Tor.
2015-01-09 08:50:56 -05:00
Nick Mathewson
905287415b Avoid attempts to double-remove edge connections from the DNS resolver.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.

Fixes bug 14129.  Bugfix on 0d20fee2fb, which was in 0.0.7rc1.

jowr found the bug.  cypherpunks wrote the fix.  I added the log
message and removed the assert.
2015-01-08 11:00:21 -05:00
Nick Mathewson
6f171003ce fix new mingw64 compilation warnings 2015-01-08 10:44:30 -05:00
Nick Mathewson
71f409606a Unconfuse coverity when it sees the systemd headers 2015-01-07 21:09:41 -05:00
Andrea Shepard
a3bcde3638 Downgrade open/close log message for SocksSocket 2015-01-07 22:57:51 +00:00
Andrea Shepard
2ca1c386b0 Bring sanity to connection_listener_new() 2015-01-07 22:51:24 +00:00
Andrea Shepard
48633c0766 Rename is_tcp in connection_listener_new(), since AF_UNIX means SOCK_STREAM no longer implies TCP 2015-01-07 19:45:59 +00:00
Andrea Shepard
c6451e4c9f Refactor check_location_for_unix_socket()/check_location_for_socks_unix_socket() to eliminate duplicated code 2015-01-07 19:17:04 +00:00
Nick Mathewson
f8baa40c01 GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-01-07 13:19:43 -05:00
Nick Mathewson
90db39448d Downgrade warnings about extrainfo incompatibility when reading cache
Fixes  13762.
2015-01-07 13:11:06 -05:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75 Merge remote-tracking branch 'public/bug12985_025' 2015-01-07 11:55:50 -05:00
Nick Mathewson
7dd852835c Merge remote-tracking branch 'public/bug13988_025' 2015-01-07 11:45:24 -05:00
Nick Mathewson
fb68f50761 Lower the delay before saving guard status to disk
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."

Closes 12485.
2015-01-07 10:39:44 -05:00
Nick Mathewson
da26bb646e Turn entry_guards_changed constants into symbolic constants 2015-01-07 10:37:33 -05:00
Nick Mathewson
b56c7614b6 When closing circs build through a new guard, only close local ones
If we decide not to use a new guard because we want to retry older
guards, only close the locally-originating circuits passing through
that guard. Previously we would close all the circuits.

Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
2015-01-07 10:27:22 -05:00
Nick Mathewson
79aaad952f appease "make check-spaces" 2015-01-07 10:09:09 -05:00
Nick Mathewson
cb54cd6745 Merge branch 'bug9286_v3_squashed' 2015-01-07 10:06:50 -05:00
Nick Mathewson
7984fc1531 Stop accepting milliseconds in various directory contexts
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in.  But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.

Fixes bug 9286.
2015-01-07 10:05:55 -05:00
Nick Mathewson
49dca8b1be Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-07 07:50:14 -05:00
Sebastian Hahn
2b9d48791d Enlarge the buffer for a line in a bw file 2015-01-07 12:44:16 +01:00
Nick Mathewson
7c5a45575f Spelling -- readyness->readiness. 2015-01-06 17:10:27 -05:00
Nick Mathewson
6bb31cba12 New option "--disable-system-torrc" to not read torrc from etc
Implements 13037.
2015-01-06 17:07:40 -05:00
Nick Mathewson
14dedff0ab Drop assumption that get_torrc_fname() can't return NULL. 2015-01-06 17:06:55 -05:00
Nick Mathewson
9396005428 Remove a check for an ancient bad dirserver fingerprint 2015-01-06 16:28:11 -05:00
Nick Mathewson
108808e98e Fix obsolete usage of test_{str_},eq macros 2015-01-06 15:25:20 -05:00
Nick Mathewson
ae9efa863e Merge remote-tracking branch 'public/bug13661_025' 2015-01-06 15:16:28 -05:00
Nick Mathewson
90b9e23bec Merge branch 'exitnode_10067_squashed'
Conflicts:
	src/or/or.h
2015-01-06 15:15:18 -05:00
Nick Mathewson
35efce1f3f Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.

If it's set to 1, we obey ExitPolicy.

If it's set to 0, we force ExitPolicy to 'reject *:*'

And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.

Fixes ticket 10067
2015-01-06 14:31:20 -05:00
Nick Mathewson
3401c34151 Merge remote-tracking branch 'public/bug14116_025' 2015-01-06 14:28:02 -05:00
Nick Mathewson
a034863b45 Merge remote-tracking branch 'public/bug12509_025' 2015-01-06 14:15:08 -05:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
082bfd3b55 Merge remote-tracking branch 'tvdw/from-the-archive' 2015-01-06 13:44:13 -05:00
Tom van der Woerdt
5d322e6ef6 Whitespace fix 2015-01-06 19:41:29 +01:00
Tom van der Woerdt
4385211caf Minor IPv6-related memory leak fixes 2015-01-06 19:40:23 +01:00
Tom van der Woerdt
f5f80790d2 Minor documentation fixes 2015-01-06 19:39:52 +01:00
Nick Mathewson
f4221a809a Make test_cmdline_args.py work on Windows
Patch from Gisle Vanem on tor-dev ml
2015-01-06 13:26:52 -05:00
Nick Mathewson
d74f0cff92 make "make test-stem" run stem tests on tor
Closes ticket 14107.
2015-01-06 09:03:44 -05:00
Nick Mathewson
6d6643298d Don't crash on malformed EXTENDCIRCUIT.
Fixes 14116; bugfix on ac68704f in 0.2.2.9-alpha.
2015-01-06 08:49:57 -05:00
Nick Mathewson
276700131a Tolerate starting up with missing hidden service directory
Fixes bug 14106; bugfix on 0.2.6.2-alpha

Found by stem tests.
2015-01-05 11:39:38 -05:00
Nick Mathewson
b06b783fa0 Tolerate relative paths for torrc files with RunAsDaemon
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them.  That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.

Fixes bug 13397; bugfix on 0.2.3.11-alpha.
2015-01-04 19:34:38 -05:00
Nick Mathewson
8ef6cdc39f Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything."  But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.

Instead, let "." remain ".", and treat it specially when we're
checking for a match.

Fixes bug 12509; bugfix on 0.2.0.1-alpha.
2015-01-04 17:28:54 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
563bb1ad81 Bump version to 0.2.6.2-alpha-dev 2014-12-31 13:24:12 -05:00
Nick Mathewson
a4193252e9 bump the version to 0.2.6.2-alpha 2014-12-31 08:58:26 -05:00
Nick Mathewson
6e689aed75 Fix a memory leak in tor-resolve
Resolves bug 14050
2014-12-30 12:35:01 -05:00
Nick Mathewson
b3b840443d Remove a logically dead check to please coverity 2014-12-30 12:10:30 -05:00
Nick Mathewson
ac632a784c Coalesce v0 and v1 fields of rend_intro_cell_t
This saves a tiny bit of code, and makes a longstanding coverity
false positive go away.
2014-12-30 12:07:39 -05:00
Nick Mathewson
f2e4423bd2 Merge remote-tracking branch 'yawning/bug13315_fixup' 2014-12-30 11:46:56 -05:00
Yawning Angel
d87d4183ee Allow IPv4 and IPv6 addresses in SOCKS5 FQDN requests.
Supposedly there are a decent number of applications that "support"
IPv6 and SOCKS5 using the FQDN address type.  While said applications
should be using the IPv6 address type, allow the connection if
SafeSocks is not set.

Bug not in any released version.
2014-12-30 16:36:16 +00:00
Nick Mathewson
9765ae4447 Missing semicolon; my bad 2014-12-30 10:00:11 -05:00
Nick Mathewson
5b770ac7b7 Merge branch 'no-exit-bootstrap-squashed' 2014-12-30 09:06:47 -05:00
teor
2b8e1f9133 Fix Reachability self-tests in test networks
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13924.
2014-12-30 09:06:00 -05:00
teor
c3a4201faa Add "internal" to some bootstrap statuses when no exits are available.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.

If a future consensus contains Exits, exit circuits may become available.

Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.

Consequential change from #13718.
2014-12-30 09:06:00 -05:00
teor
cb94f7534d Avoid building exit circuits from a consensus with no exits
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.

The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.

Exit Circuits:
    Predicted Exit Circuits
    User Traffic Circuits
    Most AP Streams
    Circuits Marked Exit
    Build Timeout Circuits (with exits)

Internal Circuits:
    Hidden Service Server Circuits
    Hidden Service Client Circuits
    Hidden Service AP Streams
    Hidden Service Intro Point Streams
    Circuits Marked Internal
    Build Timeout Circuits (with no exits)
    Other Circuits?
2014-12-30 09:06:00 -05:00
teor
55ad54e014 Allow tor to build circuits using a consensus with no exits
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.

When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)

This assists in bootstrapping a testing Tor network.

Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
2014-12-30 09:06:00 -05:00
teor
9b2d106e49 Check if there are exits in the consensus
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.

Used by #13718 and #13814.
2014-12-30 09:06:00 -05:00
teor
d812baf54c Refactor count_usable_descriptors to use named enums for exit_only
count_usable_descriptors now uses named exit_only values:
  USABLE_DESCRIPTOR_ALL
  USABLE_DESCRIPTOR_EXIT_ONLY

Add debug logging code for descriptor counts.

This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
2014-12-30 09:06:00 -05:00
teor
22a1e9cac1 Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.

This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *

This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).

Discovered as part of #13718.
2014-12-30 09:06:00 -05:00
Nick Mathewson
e936b9b47d Merge remote-tracking branch 'dgoulet/bug13667_025_v4' 2014-12-30 08:34:48 -05:00
David Goulet
88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
Nick Mathewson
d7ecdd645a Wipe all of the target space in tor_addr_{to,from}_sockaddr()
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it.  Let's make sure that doesn't happen.

Closes ticket 14041
2014-12-29 10:06:12 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
Nick Mathewson
feed26d037 Make the resolvemyaddr unit tests pass when local dns is hijacked
If you are in a coffee shop that returns a helpful redirect page for
"onionrouter", or on an ISP that does the same, the test as written
would fail.
2014-12-29 10:00:22 -05:00
Nick Mathewson
3538dfc91f Fix memory leaks in resolvemyaddr tests 2014-12-29 10:00:22 -05:00
Nick Mathewson
c07747be2e Fix compilation errors in resolvemyaddr tests 2014-12-29 10:00:22 -05:00
rl1987
28217b969e Adding comprehensive test cases for resolve_my_address.
Also, improve comments on resolve_my_address to explain what it
actually does.
2014-12-29 09:59:47 -05:00
rl1987
a56511e594 Fix a few comments 2014-12-29 09:59:14 -05:00
Nick Mathewson
eda5cebd6c Add another cellintptr use; fixes 14031 2014-12-26 19:17:24 -05:00
Nick Mathewson
38af3b983f Improve a notice message in dirvote.c. (Roger asked for this.) 2014-12-26 19:14:56 -05:00
teor
2d199bdffe Fix grammar in comment on running_long_enough_to_decide_unreachable 2014-12-26 00:54:10 +11:00
teor
5710b83d5d Fix a function name in a comment in config.c 2014-12-26 00:54:09 +11:00
teor
0275b68764 Fix log messages in channeltls.c
Add hop number in debug "Contemplating intermediate hop..."
Fix capitalisation on warn "Failed to choose an exit server"
2014-12-26 00:53:58 +11:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
8a8797f1e4 Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13963.
2014-12-24 06:13:32 +11:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
d7776315df Merge remote-tracking branch 'public/bug13811_025' 2014-12-23 13:02:37 -05:00
Francisco Blas Izquierdo Riera (klondike)
c83f180116 Fix Matthews code to actually use tmp
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.

This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 12:55:48 -05:00
Nick Mathewson
6285d9bdcf Fix compilation on platforms without IP6T_SO_ORIGINAL_DST 2014-12-23 11:36:27 -05:00
Nick Mathewson
2f46e5e755 Adjust systemd watchdog support
Document why we divide it by two.

Check for > 0 instead of nonzero for success, since that's what the
manpage says.

Allow watchdog timers greater than 1 second.
2014-12-23 11:27:18 -05:00
Michael Scherer
29ac883606 Add support for systemd watchdog protocol
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
2014-12-23 11:22:42 -05:00
Michael Scherer
aabaed6f49 add support for systemd notification protocol
This permit for now to signal readiness in a cleaner way
to systemd.
2014-12-23 11:06:01 -05:00
Nick Mathewson
d151a069e9 tweak whitespace; log bad socket family if bug occurs 2014-12-23 10:53:40 -05:00
Francisco Blas Izquierdo Riera (klondike)
cca6ed80bf Add the transparent proxy getsockopt to the sandbox
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.

This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.

This patch is released under the same license as the original file as
long as the author is credited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:36 -05:00
Francisco Blas Izquierdo Riera (klondike)
39e71d8fa5 Use the appropriate call to getsockopt for IPv6 sockets
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.

This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:33 -05:00
Nick Mathewson
808e2b856b Tweak channel unit tests so we don't see coverity complaints
channel_write_*_cell() can delete its argument, so coverity doesn't
like us doing pointer comparison against that argument later.
Silly.
2014-12-22 16:06:05 -05:00
Nick Mathewson
0965bbd5ac Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-22 16:02:47 -05:00
Nick Mathewson
6d728ba880 Merge remote-tracking branch 'public/bug14013_024' into maint-0.2.5 2014-12-22 15:58:49 -05:00
Nick Mathewson
47760c7ba5 When decoding a base-{16,32,64} value, clear the target buffer first
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.

Prevents any fallout from bug 14013.
2014-12-22 12:56:35 -05:00
Nick Mathewson
03d2df62f6 Fix a bunch of memory leaks in the unit tests. Found with valgrind 2014-12-22 12:27:26 -05:00
Nick Mathewson
6830667d58 Increase bandwidth usage report interval to 4 hours. 2014-12-22 12:24:13 -05:00
Nick Mathewson
b94cb401d2 Coverity complained that we were not checking this return value 2014-12-22 11:13:11 -05:00
Nick Mathewson
13f26f41e4 Fix some coverity issues in the unit tests 2014-12-22 11:13:01 -05:00
Nick Mathewson
1c05dfd0b6 Merge branch 'ticket7356_squashed' 2014-12-21 14:48:53 -05:00
rl1987
af1469b9a3 Fixing mistake in comment. 2014-12-21 14:48:39 -05:00
rl1987
f6cc4d35b0 Using channel state lookup macros in connection_or.c. 2014-12-21 14:48:39 -05:00
rl1987
fc7d5e598b Using CHANNEL_FINISHED macro in connection.c 2014-12-21 14:48:38 -05:00
rl1987
551221bad6 Using channel state lookup macros in circuitlist.c. 2014-12-21 14:48:38 -05:00
rl1987
7473160765 Using CHANNEL_IS_OPEN macro in circuitbuild.c 2014-12-21 14:48:38 -05:00
rl1987
5a7dd44d6e Using channel state lookup macros in circuitbias.c. 2014-12-21 14:48:38 -05:00
rl1987
668edc5132 Using channel state lookup macros in channeltls.c 2014-12-21 14:48:38 -05:00
rl1987
032d44226e Use channel state lookup macros in channel.c 2014-12-21 14:48:38 -05:00
rl1987
b884ae6d98 Using macros and inline function for quick lookup of channel state. 2014-12-21 14:48:38 -05:00
Nick Mathewson
647a90b9b3 Merge remote-tracking branch 'teor/bug14002-osx-transproxy-ipfw-pf' 2014-12-21 13:37:40 -05:00
teor
e40591827e Make log bufer 10k, not 9.78k. 2014-12-21 13:36:06 -05:00
teor
769fc5af09 Fix a comment in tor_addr_parse 2014-12-21 13:35:42 -05:00
teor
6fad395300 Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

Fixes bug 14001.
2014-12-21 13:35:03 -05:00
teor
d93516c445 Fix transparent proxy checks to allow OS X to use ipfw or pf
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.

Fixes bug 14002.
2014-12-20 22:28:58 +11:00
teor
6a9cae2e1d Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.
2014-12-20 22:20:54 +11:00
Nick Mathewson
3d85df9569 LLONG_MIN => INT64_MIN. 2014-12-19 14:12:35 -05:00
Nick Mathewson
357191a095 Define an int64_min when it is missing 2014-12-19 14:12:22 -05:00
Karsten Loesing
816e6f2eac Fix unit test.
Looks like we forgot to update unit tests when we switched from 32-bit to
64-bit ints while tweaking 7cd53b7.
2014-12-19 18:37:43 +01:00
Nick Mathewson
64787e99fa Merge branch 'asn-karsten-task-13192-5-squashed' 2014-12-19 10:35:47 -05:00
George Kadianakis
14e83e626b Add two hidden-service related statistics.
The two statistics are:
 1. number of RELAY cells observed on successfully established
    rendezvous circuits; and
 2. number of .onion addresses observed as hidden-service
    directory.

Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.

Notably, no statistics will be gathered on clients or services, but
only on relays.
2014-12-19 10:35:25 -05:00
Nick Mathewson
eee248bc59 Merge remote-tracking branch 'dgoulet/bug13936_025_v2' 2014-12-19 09:38:46 -05:00
David Goulet
3d83907ab1 Fix: call circuit_has_opened() for rendezvous circuit
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.

Furthermore, a controller event is triggered where the former did not.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-17 16:06:53 -05:00
Nick Mathewson
f7e8bc2b4b fix a long line 2014-12-12 08:54:07 -05:00
Nick Mathewson
915c9a517e Merge remote-tracking branch 'meejah/ticket-13941-b' 2014-12-12 08:53:14 -05:00
Nick Mathewson
7c5d888977 Tweak 13942 fix 2014-12-12 08:49:52 -05:00
meejah
85bfad1875 Pre-check hidden-service-dir permissions/ownership
See ticket #13942 where Tor dies if you feed it a hidden service
directory with the wrong owner via SETCONF.
2014-12-11 18:46:56 -07:00
meejah
76753efd7b Fix 13941: make calling log_new_relay_greeting() optional.
Specifically, only if we're creating secret_id_key do we log the
greeting (and then only if the key is actually created).
2014-12-11 18:43:51 -07:00
Karsten Loesing
7cd53b75c1 Add better support to obfuscate statistics. 2014-12-10 11:16:26 +01:00
Roger Dingledine
b73a7600af when somebody uploads too much, say who tried it 2014-12-10 01:10:44 -05:00
rl1987
9c239eccc9 Use END_CIRC_REASON_TORPROTOCOL instead of magic number. 2014-12-07 15:47:09 +02:00
Nick Mathewson
3c0e09ef81 Add fakechans.h to noinst_headers 2014-12-04 09:19:44 -05:00
Nick Mathewson
58df153163 Fix more 64/32 warnings in test_channel.c 2014-12-04 09:16:49 -05:00
Nick Mathewson
11c044e46a Initialize libevent in circuitmux/destroy_cell_queue test 2014-12-04 09:11:13 -05:00
George Kadianakis
447ece46f5 Constify crypto_pk_get_digest(). 2014-12-02 12:15:11 +00:00
Nick Mathewson
11b652acb3 Fix some 32-bit build issues in the tests
When comparing 64-bit types, you need to use tt_[ui]64_op().

Found by Jenkins
2014-11-28 10:06:10 -05:00
Nick Mathewson
430f5852ac Fix a signed/unsigned comparison warning in scheduler_run 2014-11-28 09:18:17 -05:00
Nick Mathewson
0bfadbf4b9 Fix a memory leak in rend_services_introduce
This is CID 1256187 ; bug not in any released tor.
2014-11-27 23:24:03 -05:00
Nick Mathewson
49976fabc4 Fix a likely bug found by coverity in test_scheduler.c.
Andrea, do you agree with this?

This is CID 1256186
2014-11-27 23:21:46 -05:00
Nick Mathewson
e2641484a7 One more, appease "make check-spaces" 2014-11-27 22:57:04 -05:00
Nick Mathewson
b1e1b439b8 Fix some issues with the scheduler configuration options
1) Set them to the values that (according to Rob) avoided performance
   regressions.  This means that the scheduler won't get much exercise
   until we implement KIST or something like it.

2) Rename the options to end with a __, since I think they might be
   going away, and nobody should mess with them.

3) Use the correct types for the option variables. MEMUNIT needs to be a
   uint64_t; UINT needs to be (I know, I know!) an int.

4) Validate the values in options_validate(); do the switch in
   options_act(). This way, setting the option to an invalid value on
   a running Tor will get backed out.
2014-11-27 22:51:13 -05:00
Nick Mathewson
0e0dc7d787 Fix a 64-bit clang warning 2014-11-27 22:42:03 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
3a91a08e21 Merge branch 'feature9503_squashed' 2014-11-25 12:49:09 -05:00
rl1987
bf67a60b86 Sending response to SIGNAL HEARTBEAT controller command. 2014-11-25 12:48:41 -05:00
rl1987
8c135062e5 Adding 'SIGNAL HEARTBEAT' message that causes unscheduled heartbeat. 2014-11-25 12:48:41 -05:00
Nick Mathewson
b4ead16d57 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-24 09:19:22 -05:00
Nick Mathewson
5b55778c86 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-24 09:19:06 -05:00
Nick Mathewson
137982f955 Merge remote-tracking branch 'karsten/geoip6-nov2014' into maint-0.2.4 2014-11-24 09:18:36 -05:00
Nick Mathewson
8d5f1e6961 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-11-24 09:18:21 -05:00
Karsten Loesing
5441c733e0 Update geoip6 to the November 15 2014 database. 2014-11-24 14:23:18 +01:00
Karsten Loesing
8611c6bccd Update geoip to the November 15 2014 database. 2014-11-24 14:21:31 +01:00
Nick Mathewson
6218f48950 Use consistent formatting for list of directory authorities
Based on a patch from grpamp on tor-dev.
2014-11-24 01:34:17 -05:00
Nick Mathewson
336c856e52 Make can_complete_circuits a static variable. 2014-11-20 12:03:46 -05:00
Nick Mathewson
f15cd22bb7 Don't build introduction circuits until we know we can build circuits
Patch from akwizgran.  Ticket 13447.
2014-11-20 11:51:36 -05:00
Nick Mathewson
126f220071 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-19 17:27:37 -05:00
Nick Mathewson
0872d8e3cf Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-19 17:26:42 -05:00
Micah Anderson
dca902ceba
Update longclaw dirauth IP to be a more stable location 2014-11-19 17:22:25 -05:00
Nick Mathewson
b3bd7a736c Remove Support022HiddenServices
This has been already disabled in the directory consensus for a while;
it didn't seem to break anything.

Finally closes #7803.
2014-11-17 11:52:10 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
rl1987
620e251dcc Rewriting comment for control_event_hs_descriptor_failed(). 2014-11-16 16:06:00 +02:00
rl1987
0db96d023b Adding REASON field to HS_DESC FAILED controller event. 2014-11-16 15:51:23 +02:00
Nick Mathewson
5c813f6ca1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-12 15:32:15 -05:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Micah Anderson
b6e7b8c88c Remove turtles as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Micah Anderson
ad448c6405 Add longclaw as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Nick Mathewson
9b11dc3617 Merge remote-tracking branch 'public/bug7484'
Conflicts:
	src/test/test_addr.c
2014-11-12 13:44:57 -05:00
Nick Mathewson
4ac5175109 Fix wide lines (from 13172) 2014-11-12 13:42:01 -05:00
Nick Mathewson
a3dafd3f58 Replace operators used as macro arguments with OP_XX macros
Part of fix for 13172
2014-11-12 13:28:07 -05:00
Nick Mathewson
2170171d84 Merge branch 'ticket13172' 2014-11-12 13:25:17 -05:00
Nick Mathewson
d85270e13c Reenhappy make check-spaces 2014-11-12 13:15:10 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
Nick Mathewson
99e2a325f6 Merge remote-tracking branch 'rl1987/bug9812' 2014-11-12 10:27:12 -05:00
Nick Mathewson
a87c697fb1 Merge remote-tracking branch 'public/bug13698_024_v1' 2014-11-12 10:23:55 -05:00
rl1987
a6520ed537 Renaming ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN. 2014-11-11 20:56:40 +02:00
rl1987
f9d73eea9c Comment possible values of was_router_added_t. 2014-11-11 20:37:39 +02:00
David Goulet
34eb007d22 Fix: don't report timeout when closing parallel intro points
When closing parallel introduction points, the given reason (timeout)
was actually changed to "no reason" thus when the circuit purpose was
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, we were reporting an introduction
point failure and flagging it "unreachable". After three times, that
intro point gets removed from the rend cache object.

In the case of CIRCUIT_PURPOSE_C_INTRODUCING, the intro point was
flagged has "timed out" and thus not used until the connection to the HS
is closed where that flag gets reset.

This commit adds an internal circuit reason called
END_CIRC_REASON_IP_NOW_REDUNDANT which tells the closing circuit
mechanism to not report any intro point failure.

This has been observed while opening hundreds of connections to an HS on
different circuit for each connection. This fix makes this use case to
work like a charm.

Fixes #13698.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-11-10 15:02:54 -05:00
rl1987
7025f2dc59 Print a warning when extra info document is found incompatible with router descriptor. 2014-11-09 17:41:18 +02:00
rl1987
4b18d8931b Downgrade RSA signature verification failure error message to info loglevel. 2014-11-09 17:39:23 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
teor
ce7fd6e160 Stop crashing when a NULL filename is passed to file_status()
Stop crashing when a NULL filename is passed to file_status(),
instead, return FN_ERROR.
Also return FN_ERROR when a zero-length filename is passed to file_status().
Fixed as part of bug 13111.
2014-11-08 20:26:53 +11:00
David Goulet
151f5f90b8 Wrong format in log statement
Fixes bug 13701.
2014-11-07 11:44:41 -05:00
Nick Mathewson
5b1971c7f3 test_checkdir.c: Perhaps this is what will make this test pass on windows? 2014-11-07 09:28:49 -05:00
Nick Mathewson
85a76cd4eb test_checkdir.c: try to make it pass on windows
also fix memory-leak on failing tests.
2014-11-07 08:54:44 -05:00
Nick Mathewson
6344345140 Add correctness assertions for hashtable iteration
This is meant to prevent memory corruption bugs from doing
unspeakable infinite-loop-like things to the hashtables.  Addresses
ticket 11737.  We should disable these if they turn out to be
expensive.
2014-11-06 13:57:17 -05:00
Nick Mathewson
00f5909876 Define macros meaning <,>,==,!=,<=,>=
This lets us avoid putting operators directly in macro arguments,
and thus will help us unconfuse coccinelle.

For ticket 13172.
2014-11-06 11:21:13 -05:00
Nick Mathewson
4ae729683d Try to fix test_checkdir windows compilation more 2014-11-05 14:51:17 -05:00
Nick Mathewson
bb54d008c2 Try to fix test_checkdir windows compilation 2014-11-05 14:39:09 -05:00
Nick Mathewson
1dcc492295 chgrp the testing tempdir to ourself to clear the sticky bit
Closes 13678.  Doesn't actually matter for older tors.
2014-11-05 14:28:34 -05:00
Nick Mathewson
8f645befba 11291: Fix warnings, add changes file, rename 'mask'. 2014-11-05 14:12:18 -05:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Nick Mathewson
fc62721b06 Fix version number parsing to allow 2- and 3-part versions.
Fixes bug 13661; bugfix on 0.0.8pre1.
2014-11-05 13:29:28 -05:00
Nick Mathewson
ce147d33f5 Fix a wide line I introduced 2014-11-04 09:56:46 -05:00
Nick Mathewson
07e06b335d Fix unused-argument warnings 2014-11-04 09:54:51 -05:00
Nick Mathewson
9619c395ac Merge remote-tracking branch 'andrea/ticket6456'
Somewhat tricky conflicts:
	src/or/config.c

Also, s/test_assert/tt_assert in test_config.c
2014-11-04 09:52:04 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
Nick Mathewson
74cbd8d559 fix indentation 2014-11-04 00:46:32 -05:00
Nick Mathewson
254ab5a8de Use correct argument types for inet_pton.
(I blame whoever decided that using a void* for a union was a good
idea.)
2014-11-04 00:45:14 -05:00
rl1987
51e2473618 Sending 'Not allowed' error message before closing the connection. 2014-11-04 00:37:24 -05:00
rl1987
0da4ddda4f Checking if FQDN is actually IPv6 address string and handling that case. 2014-11-04 00:37:24 -05:00
rl1987
2f1068e68a Adding helper function that checks if string is a valid IPv6 address. 2014-11-04 00:37:21 -05:00
rl1987
2862b769de Validating SOCKS5 hostname more correctly. 2014-11-04 00:36:42 -05:00
rl1987
e8e45ff13e Introducing helper function to validate IPv4 address strings. 2014-11-04 00:36:37 -05:00
rl1987
1ea9a6fd72 Introducing helper function to validate DNS name strings. 2014-11-04 00:35:43 -05:00
Nick Mathewson
593909ea70 Merge remote-tracking branch 'public/bug13214_025_squashed' 2014-11-04 00:24:56 -05:00
Nick Mathewson
b10e5ac7b8 Check descriptor ID in addition to HS ID when saving a v2 hs descriptor
Fixes bug 13214; reported by 'special'.
2014-11-04 00:24:15 -05:00
David Goulet
71355e1db9 Add comments and rename intro_nodes list in rend_services_introduce()
(No changes file needed: this patch just adds comments and renames
variables. This is ticket 13646. message taken from the ticket. -Nick)
2014-11-04 00:19:31 -05:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
5bcf952261 Check more thoroughly for unlogged OpenSSL errors 2014-11-02 13:04:44 -05:00
Nick Mathewson
a142fc29af Use tor_malloc_zero(x), not tor_calloc(x,sizeof(char))
(Also, fixes a wide line.)
2014-11-02 12:08:51 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
ded33cb2c7 Use the | trick to save a comparison in our calloc check. 2014-11-02 11:54:42 -05:00
Nick Mathewson
0d8abf5365 Switch to a < comparison for our calloc check; explain how it works 2014-11-02 11:54:42 -05:00
Mansour Moufid
81b452d245 Document the calloc function overflow check. 2014-11-02 11:54:42 -05:00
Mansour Moufid
06b1ef7b76 Remove a duplicate comment. 2014-11-02 11:54:42 -05:00
Mansour Moufid
3206dbdce1 Refactor the tor_reallocarray_ overflow check. 2014-11-02 11:54:42 -05:00
Mansour Moufid
aff6fa0b59 Refactor the tor_calloc_ overflow check. 2014-11-02 11:54:41 -05:00
Nick Mathewson
efd5001c3b Use digest256_len in networkstatus_copy_old_consensus_info()
Now, if a router ever changes its microdescriptor, but the new
microdescriptor SHA256 hash has the same 160-bit prefix as the old
one, we treat it as a new microdescriptor when deciding whether to
copy status information.

(This function also is used to compare SHA1 digests of router
descriptors, but don't worry: the descriptor_digest field either holds
a SHA256 hash, or a SHA1 hash padded with 0 bytes.)
2014-10-31 11:36:31 -04:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
Nick Mathewson
542b470164 Refactor {str,digest}map into a common implementation; add digest256map
Needed for #13399.
2014-10-31 10:54:12 -04:00
Nick Mathewson
e20fc286c0 Re-run latest git trunnel to get fix from teor for #13577 2014-10-31 08:56:14 -04:00
Nick Mathewson
6f87aa3371 Merge commit '13298d90a90dc62d21d38f910171c9b57a8f0273' 2014-10-31 08:52:07 -04:00
Nick Mathewson
98ac48785b Bump version to 0.2.6.1-alpha-dev 2014-10-30 10:25:24 -04:00
Nick Mathewson
d8ced3b473 Bump version to 0.2.6.1-alpha 2014-10-30 08:58:58 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
rl1987
14d59fdc10 Updating message that warns about running out of sockets we can use. 2014-10-28 14:13:25 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
2c884fd8cc Merge remote-tracking branch 'rl1987/feature10427' 2014-10-28 14:03:40 -04:00
Nick Mathewson
0793ef862b Merge remote-tracking branch 'sebastian/bug13286' 2014-10-27 12:12:16 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
rl1987
36e771628e Congratulate relay operator when OR is first started
When Tor first generates identity keypair, emit a log message that
thanks for their participation and points to new Tor relay lifecycle
document.
2014-10-26 21:53:48 +02:00
Nick Mathewson
f5fc7e3306 Fix a crash bug introduced in 223d354e3.
Arma found this and commented on #11243.  Bug not in any released
version of Tor.
2014-10-26 14:09:03 -04:00
Nick Mathewson
9e2608b0d3 bump version to 0.2.5.10-dev 2014-10-24 09:22:58 -04:00
Nick Mathewson
ac4dd248e1 Switch new time tests to use SIZEOF_TIME_T, not sizeof(time_t)
Otherwise, we get implicit conversion warning on some platforms.
2014-10-22 12:57:21 -04:00
teor
c9d0967dd9 Fix minor typos, two line lengths, and a repeated include 2014-10-23 02:57:11 +11:00
Nick Mathewson
653221e807 Merge remote-tracking branch 'public/bug11824_v2' 2014-10-22 11:01:50 -04:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
3826a88fc0 Merge remote-tracking branch 'teor/bug13476-improve-time-handling' 2014-10-21 13:14:27 -04:00
meejah
3d0d49be23 Additional test for error-case
This error-case was already fixed by previous changes,
this is to cover it in case there's a regression.
2014-10-21 00:14:57 -06:00
teor
a1c6a40c22 Conditionally compile time testing code based on integer size 2014-10-21 08:44:10 +11:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
3202ac6006 bump maint-0.2.5 to 0.2.5.9-rc-dev 2014-10-20 10:32:09 -04:00
Nick Mathewson
fed78bce8b Whoops, bump the version properly. 2014-10-20 10:29:16 -04:00
Nick Mathewson
affa251c83 Use a macro to indicate "The ecdhe group we use by default".
This might make Coverity happier about the if statement where we
have a default case that's the same as one of the other cases. CID 1248515
2014-10-20 09:08:42 -04:00
Nick Mathewson
2d4c40ee5f Fix a use-after-free error in cleaned-up rouerlist code.
Bug not in any released tor.  This is CID 1248521
2014-10-20 09:04:53 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
teor
879b39e1a8 Further unit test tor_timegm and parse_rfc1123_time
Add unit tests for tor_timegm signed overflow,
tor_timegm and parse_rfc1123_time validity checks,
and correct_tm year clamping.
Unit tests (visible) fixes in bug 13476.
2014-10-20 02:52:21 +11:00
teor
d7b13543e2 Clamp (some) years supplied by the system to 1 CE
Clamp year values returned by system localtime(_r) and
gmtime(_r) to year 1. This ensures tor can read any
values it might write out.

Fixes bug 13476.
2014-10-20 02:47:31 +11:00
teor
238b8eaa60 Improve date validation in HTTP headers
Check all date/time values passed to tor_timegm
and parse_rfc1123_time for validity, taking leap
years into account.
Improves HTTP header validation.

Avoid unlikely signed integer overflow in tor_timegm
on systems with 32-bit time_t.
Fixes bug 13476.
2014-10-20 02:40:27 +11:00
teor
dd556fb1e6 Use correct day of year in correct_tm()
Set the correct day of year value in correct_tm() when the
system's localtime(_r) or gmtime(_r) functions fail to set struct tm.

Fixes bug 13476.
2014-10-20 02:32:05 +11:00
Nick Mathewson
fc5cab4472 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 13:29:14 -04:00
Nick Mathewson
fb91d647ac Downgrade 'invalid result from curve25519 handshake: 4' warning
Also, refactor the way we handle failed handshakes so that this
warning doesn't propagate itself to "onion_skin_client_handshake
failed" and "circuit_finish_handshake failed" and
"connection_edge_process_relay_cell (at origin) failed."

Resolves warning from 9635.
2014-10-16 13:26:42 -04:00
Nick Mathewson
ab4b29625d Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN
Closes 8093.
2014-10-16 13:04:11 -04:00
Nick Mathewson
a5cc5ad08d Merge remote-tracking branch 'yawning/bug13314' 2014-10-16 09:12:13 -04:00
Nick Mathewson
33b399a7b2 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 09:09:20 -04:00
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
c1c83eb376 Merge branch 'no_sslv3_023' into maint-0.2.3 2014-10-16 09:08:09 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
21fe945ebd Define a strnlen replacement on platforms (win32) that lack it
Right now this is only needed for test_util_format_time_interval, so
define it as a static function.  We can move it into compat later if
we need to.
2014-10-13 14:59:17 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
9df61d7028 Add comments to can_dl_again usage 2014-10-13 14:31:11 -04:00
Nick Mathewson
500c406364 Note that parse-list functions may add duplicate 'invalid' entries. 2014-10-13 14:31:11 -04:00
Nick Mathewson
223d354e34 Bugfixes on bug11243 fix for the not-added cases and tests
1. The test that adds things to the cache needs to set the clock back so
    that the descriptors it adds are valid.

 2. We split ROUTER_NOT_NEW into ROUTER_TOO_OLD, so that we can
    distinguish "already had it" from "rejected because of old published
    date".

 3. We make extrainfo_insert() return a was_router_added_t, and we
    make its caller use it correctly.  This is probably redundant with
    the extrainfo_is_bogus flag.
2014-10-13 14:31:11 -04:00
Nick Mathewson
39795e117f Use symbolic constants for statuses in microdescs_add_to_cache.
Suggested by Andrea in her review of 11243.
2014-10-13 14:31:10 -04:00
Nick Mathewson
b8e2be5557 Don't reset the download failure status of any object marked as impossible 2014-10-13 14:30:02 -04:00
Nick Mathewson
3efeb711f1 Unit tests for 11243: loading ri, ei, mds from lists
These tests make sure that entries are actually marked
undownloadable as appropriate.
2014-10-13 14:30:02 -04:00
Nick Mathewson
24dfbfda1d Base tests for 11243: test parsing for md, ei, and ri.
We didn't really have test coverage for these parsing functions, so
I went and made some.  These tests also verify that the parsing
functions set the list of invalid digests correctly.
2014-10-13 14:30:02 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
Nick Mathewson
032e3b733f Merge remote-tracking branch 'isis/bug12951_r1' 2014-10-13 13:22:10 -04:00
Nick Mathewson
f1782d9c4c Clean whitespace in last patch. 2014-10-13 13:20:07 -04:00
teor
f51418aabc Avoid overflow in format_time_interval, create unit tests
Fix an instance of integer overflow in format_time_interval() when
taking the absolute value of the supplied signed interval value.
Fixes bug 13393.

Create unit tests for format_time_interval().
2014-10-12 20:50:10 +11:00
Nick Mathewson
cd678ae790 Remove is_router_version_good_for_possible_guard()
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
2014-10-09 15:12:36 -04:00
Nick Mathewson
90bce702ba Merge remote-tracking branch 'public/bug10816' 2014-10-09 10:57:19 -04:00
Nick Mathewson
e5f9f287ce Merge remote-tracking branch 'teor/bug-13163-AlternateAuthorities-type-handling-fixed' 2014-10-09 10:55:09 -04:00
Nick Mathewson
cc5571e1f1 Merge remote-tracking branches 'teor/issue-13161-test-network' and 'teor/issue-13161-TestingDirAuthVoteExit' 2014-10-08 15:46:29 -04:00
Nick Mathewson
40375fbce5 Merge remote-tracking branch 'teor/test-network-hang-on-make-j2' 2014-10-08 15:42:20 -04:00
teor
31bf8f2690 Bitwise check BRIDGE_DIRINFO
Bitwise check for the BRIDGE_DIRINFO flag, rather than checking for
equality.

Fixes a (potential) bug where directories offering BRIDGE_DIRINFO,
and some other flag (i.e. microdescriptors or extrainfo),
would be ignored when looking for bridge directories.

Final fix in series for bug 13163.
2014-10-08 05:37:15 +11:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
teor
c1dd43d823 Stop using default authorities with both Alternate Dir and Bridge Authority
Stop using the default authorities in networks which provide both
AlternateDirAuthority and AlternateBridgeAuthority.

This bug occurred due to an ambiguity around the use of NO_DIRINFO.
(Does it mean "any" or "none"?)

Partially fixes bug 13163.
2014-10-08 05:36:54 +11:00
Andrea Shepard
12b6c7df4a Make queue thresholds and flush size for global scheduler into config options 2014-10-07 09:53:57 -07:00
teor
c0794d22a2 Exit test-network with status of chutney verify
Preserve previous semantics of src/test/test-network.sh by exiting with
the exit status of chutney verify, even though the latest version ends
with chutney stop.
2014-10-05 09:59:27 +11:00
teor
9a2d4b6647 Stop an apparent test-network hang when used with make -j2
If (GNU) Make 3.81 is running processes in parallel using -j2 (or more),
it waits until all descendent processes have exited before it returns to
the shell.

When a command like "make -j2 test-network" is run, this means that
test-network.sh apparently hangs until it either make is forcibly
terminated, or all the chutney-launched tor processes have exited.

A workaround is to use make without -j, or make -j1 if there is an
existing alias to "make -jn" in the shell.

We resolve this bug in tor by using "chutney stop" after "chutney verify"
in test-network.sh.
2014-10-04 13:18:56 +10:00
Nick Mathewson
bbffd0a018 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-03 19:58:25 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Yawning Angel
c8132aab92 Send back SOCKS5 errors for all of the address related failures.
Cases that now send errors:
 * Malformed IP address (SOCKS5_GENERAL_ERROR)
 * CONNECT/RESOLVE request with IP, when SafeSocks is set
   (SOCKS5_NOT_ALLOWED)
 * RESOLVE_PTR request with FQDN (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)
 * Malformed FQDN (SOCKS5_GENERAL_ERROR)
 * Unknown address type (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)

Fixes bug 13314.
2014-10-01 14:16:59 +00:00
teor
bae7334390 Add test-network delay option
Add a --delay option to test-network.sh, which configures the delay before
the chutney network tests for data transmission. The default remains at
18 seconds if the argument isn't specified.

Apparently we should be using bootstrap status for this (eventually).

Partially implements ticket 13161.
2014-10-01 18:05:04 +10:00
teor
7c0215f8ca test-network.sh: Use "/bin/echo -n" rather than builtin echo
The default shell on OS X is bash, which has a builtin echo. When called
in "sh" mode, this echo does not accept "-n". This patch uses "/bin/echo -n"
instead.

Partially fixes issue 13161.
2014-10-01 17:56:53 +10:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Andrea Shepard
a28cfa128f Update test_relay.c for recent test suite changes and --enable-mempools support 2014-09-30 23:16:11 -07:00
Andrea Shepard
4d20c427b4 Update test_relay.c for recent test suite changes and --enable-mempools support 2014-09-30 23:15:43 -07:00
Andrea Shepard
faea058baa Update test_channeltls.c for recent test suite changes and --enable-mempools support 2014-09-30 23:15:43 -07:00
Andrea Shepard
2d171c1081 Update test_channel.c for recent test suite changes and --enable-mempools support 2014-09-30 23:15:41 -07:00
Andrea Shepard
41cf9f6260 Add scheduler/loop unit test 2014-09-30 23:14:59 -07:00
Andrea Shepard
99d312c293 Make channel_flush_some_cells() mockable 2014-09-30 23:14:59 -07:00
Andrea Shepard
684bcd886a Add scheduler channel states unit test 2014-09-30 23:14:58 -07:00
Andrea Shepard
dc3af04ba8 Make scheduler_compare_channels() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
f8ceb0f028 Make scheduler_run() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
314c2f18ae Add scheduler/compare_channels unit test 2014-09-30 23:14:58 -07:00
Andrea Shepard
b7125961de Expose scheduler_compare_channels() to test suite 2014-09-30 23:14:58 -07:00
Andrea Shepard
c5f73e52e5 Make circuitmux_compare_muxes() and circuitmux_get_policy() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
030608d68d Add scheduler/queue_heuristic unit test 2014-09-30 23:14:58 -07:00
Andrea Shepard
71a9ed6feb Make some scheduler.c static functions visible to the test suite 2014-09-30 23:14:57 -07:00
Andrea Shepard
0af88f9096 Initial test_scheduler.c 2014-09-30 23:14:56 -07:00
Andrea Shepard
9869254608 Make scheduler.c static globals visible to test suite 2014-09-30 23:14:25 -07:00
Andrea Shepard
5a07fb96f2 Make tor_libevent_get_base() mockable 2014-09-30 23:14:25 -07:00
Andrea Shepard
5e9a88e001 Add channel_tls_num_cells_writeable_method() coverage to channeltls/num_bytes_queued unit test 2014-09-30 23:14:25 -07:00
Andrea Shepard
030b0fe107 Add channeltls/num_bytes_queued unit test 2014-09-30 23:14:25 -07:00
Andrea Shepard
a2de0a1034 Make buf_datalen() mockable 2014-09-30 23:14:25 -07:00
Andrea Shepard
8719f8ff09 Implement tlschan create and overhead estimate unit tests 2014-09-30 23:14:25 -07:00
Andrea Shepard
3b080230e9 Make connection_or_connect() mockable 2014-09-30 23:14:24 -07:00
Andrea Shepard
3bc7108d2c Make is_local_addr() mockable 2014-09-30 23:14:24 -07:00
Andrea Shepard
50d5fb87bd Initial test_channeltls.c 2014-09-30 23:14:24 -07:00
Andrea Shepard
462eaed43e Limited unit test for channel_dump_statistics() 2014-09-30 23:14:24 -07:00
Andrea Shepard
5ee25cc185 Add channel/dumpstats unit test 2014-09-30 23:14:24 -07:00
Andrea Shepard
452bce6c72 Make channel_dump_statistics() mockable 2014-09-30 23:14:23 -07:00
Andrea Shepard
5a24ff0563 What the hell was I on? 2014-09-30 23:14:23 -07:00
Andrea Shepard
9740a07b8c Check queueing case in channel/flushmux unit test too 2014-09-30 23:14:23 -07:00
Andrea Shepard
f12f7159a5 Add channel/flushmux unit test 2014-09-30 23:14:22 -07:00
Andrea Shepard
9eea42f844 Make channel_flush_from_first_active_circuit() mockable 2014-09-30 23:14:02 -07:00
Andrea Shepard
5b7a58f7c4 Make circuitmux_num_cells() mockable 2014-09-30 23:14:02 -07:00
Andrea Shepard
76fcb8cb55 Add channel/incoming unit test 2014-09-30 23:14:02 -07:00
Andrea Shepard
b5d4ef18e1 Add unknown cell queue entry type case to channel/queue_impossible unit test 2014-09-30 23:14:02 -07:00
Andrea Shepard
f7951d318a Small channel unit test improvements 2014-09-30 23:14:01 -07:00
Andrea Shepard
ae3ed185e4 Let channel unit tests mess with global queue estimate 2014-09-30 23:14:01 -07:00
Andrea Shepard
3b78667d65 Unit test for unusual channel lifecycles 2014-09-30 23:14:01 -07:00
Andrea Shepard
b6d0aaec07 Check some can't-happen cases draining channel cell queues 2014-09-30 23:13:58 -07:00
Andrea Shepard
bbb06b73cd Expose some channel cell queue stuff to the test suite 2014-09-30 23:09:15 -07:00
Andrea Shepard
5992a69dee Add append_cell_to_circuit_queue() unit test 2014-09-30 23:09:15 -07:00
Andrea Shepard
46ff91b6ec Add scheduler_channel_has_waiting_cells_mock() and some mock counter queries 2014-09-30 23:09:15 -07:00
Andrea Shepard
2ee69bd5d7 Expose get_unique_circ_id_by_chan() to test suite 2014-09-30 23:09:14 -07:00
Andrea Shepard
ade60890d0 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 23:09:14 -07:00
Andrea Shepard
bef11b7156 Expose a useful mock from test_channel.c 2014-09-30 23:09:14 -07:00
Andrea Shepard
79b8f14c25 Expose fake channel utility functions in test suite in fakechans.h, and fix a test_channel.c bug 2014-09-30 23:09:14 -07:00
Andrea Shepard
ba294ff2dc Implement channel flush unit test 2014-09-30 23:09:00 -07:00
Andrea Shepard
37baef0687 Add channel lifecycle test 2014-09-30 23:08:16 -07:00
Andrea Shepard
fd57840a77 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 22:54:10 -07:00
Andrea Shepard
e00fde1797 Implement two-channel queue estimate test 2014-09-30 22:54:09 -07:00
Andrea Shepard
6e427c30af Implement channel queue size estimate unit test 2014-09-30 22:54:09 -07:00
Andrea Shepard
6d886787e3 Unit tests for channel_get_cell_queue_entry_size() and channel_write_*() functions 2014-09-30 22:54:02 -07:00
Andrea Shepard
85ee070852 Make scheduler_release_channel() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
8907554cf3 Make channel_note_destroy_not_pending() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
dabf4c33e2 Refactor channel_get_cell_queue_entry_size() to avoid an unreachable line for test coverage, and fix a nasty lurking memory bug in channel_flush_some_cells_from_outgoing_queue() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ac1b627e85 Implement scheduler_touch_channel() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ed1927d6bf Use a non-stupid data structure in the scheduler 2014-09-30 22:49:56 -07:00
Andrea Shepard
3530825c53 Eliminate some unnecessary smartlists in scheduler.c 2014-09-30 22:49:36 -07:00
Andrea Shepard
283646fd90 Fix scheduler assertion in circuitmux/destroy_cell_queue unit test 2014-09-30 22:49:36 -07:00
Andrea Shepard
63bb9a795e Fix compiler warning 2014-09-30 22:49:36 -07:00
Andrea Shepard
55907da28d Sort the scheduler's channel list by cmux comparisons 2014-09-30 22:49:36 -07:00
Andrea Shepard
700d6e7525 Add inter-cmux comparison support to circuitmux_ewma.c 2014-09-30 22:49:35 -07:00
Andrea Shepard
9db596d2ef Add cmux support for inter-cmux comparisons 2014-09-30 22:49:35 -07:00
Andrea Shepard
1275002a46 Schedule according to a queue size heuristic 2014-09-30 22:49:35 -07:00
Andrea Shepard
4f567c8cc8 Let the new scheduler handle writes 2014-09-30 22:49:03 -07:00
Andrea Shepard
f314d9509c Fix return values from channel_flush_some_cells() to correctly count cells directly written by channel_flush_from_first_active_circuit() 2014-09-30 22:49:03 -07:00
Andrea Shepard
2fc3da3ff5 Implement global queue size query in channel.c 2014-09-30 22:49:03 -07:00
Andrea Shepard
8852a1794c Track total queue size per channel, with overhead estimates, and global queue total 2014-09-30 22:49:03 -07:00
Andrea Shepard
5e0a6d54d0 Add global cell/byte counters and per channel byte counters to channel.c 2014-09-30 22:49:02 -07:00
Andrea Shepard
f0533d8d22 Remove no-longer-used channel_tls_t functions 2014-09-30 22:49:02 -07:00
Andrea Shepard
b09f41424c Actually call channel_flush_some_cells() from the scheduler 2014-09-30 22:49:01 -07:00
Andrea Shepard
2efbab2aaf Provide generic mechanism for scheduler to query writeable cells on a channel 2014-09-30 22:48:26 -07:00
Nick Mathewson
472b62bfe4 Uglify scheduler init logic to avoid crash on startup.
Otherwise, when we authority try to do a self-test because of
init-keys, if that self-test can't be launched for whatever reason and
so we close the channel immediately, we crash.

Yes, this a silly way for initialization to work.
2014-09-30 22:48:26 -07:00
Nick Mathewson
85ee5b3095 Use event_active, not 0-length timeouts. It's idempotent, too. 2014-09-30 22:48:26 -07:00
Nick Mathewson
fc13184e44 Fix unused-arguments warnings 2014-09-30 22:48:26 -07:00
Nick Mathewson
08bea13c35 Temporarily disable scheduler_trigger as unused 2014-09-30 22:48:26 -07:00
Andrea Shepard
d438cf1ec9 Implement scheduler mechanism to track lists of channels wanting cells or writes; doesn't actually drive the cell flow from it yet 2014-09-30 22:48:24 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
ac9b0a3110 Try to make max_dl_per_request a bit smarter 2014-09-29 10:56:38 -04:00
Nick Mathewson
a0be2f1350 Automake syntax error :/ 2014-09-29 10:10:37 -04:00
Nick Mathewson
9455f45ae3 Add missing ed25519_ref10 headers to NOINST_HEADERS. 2014-09-29 10:10:08 -04:00
Nick Mathewson
fa80983e52 fixup! Unit tests for router download functions.
(Add missing test_routerlist.c that I forgot to add from arlo's branch
last time.  Oops.)
2014-09-29 09:59:59 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
15b0bf0aad Whitespace fixes on 13291 fix 2014-09-29 09:39:21 -04:00
Nick Mathewson
0a985af072 Parenthesize macro arguments for 13291 fix 2014-09-29 09:38:50 -04:00
teor
b827a08284 Stop spawn test failures due to a race condition with SIGCHLD on process exit
When a spawned process forks, fails, then exits very quickly, (this
typically occurs when exec fails), there is a race condition between the
SIGCHLD handler updating the process_handle's fields, and checking the
process status in those fields. The update can occur before or after the
spawn tests check the process status.

We check whether the process is running or not running (rather than just
checking if it is running) to avoid this issue.
2014-09-29 09:37:53 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
Nick Mathewson
fcebc8da95 Rename socks5 error code setting function again
I'd prefer not to use the name "send" for any function that doesn't
really send things.
2014-09-29 09:17:29 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
4903ab1caa Avoid frequent strcmp() calls for AccountingRule
Generally, we don't like to parse the same thing over and over; it's
best IMO to do it once at the start of the code.
2014-09-29 09:05:11 -04:00
Nick Mathewson
8527a29966 Add an "AccountingRule" feature to permit limiting bw usage by read+write
Patch from "chobe".  Closes ticket 961.
2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
b45bfba2ce Whitespace fixes 2014-09-29 08:48:22 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
Nick Mathewson
47fab50cba Merge branch 'bug13280' 2014-09-28 21:01:14 -04:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
teor
b7eab94a90 Stop ed25519 8-bit signed left shift overflowing
Standardise usage in ge_scalarmult_base.c for 1 new fix.
2014-09-28 20:44:00 -04:00
Nick Mathewson
6129ff320e Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values
This helps us avoid undefined behavior. It's based on a patch from teor,
except that I wrote a perl script to regenerate the patch:

  #!/usr/bin/perl -p -w -i

  BEGIN { %vartypes = (); }

  if (/^[{}]/) {
      %vartypes = ();
  }

  if (/^ *crypto_int(\d+) +([a-zA-Z_][_a-zA-Z0-9]*)/) {
      $vartypes{$2} = $1;
  } elsif (/^ *(?:signed +)char +([a-zA-Z_][_a-zA-Z0-9]*)/) {
      $vartypes{$1} = '8';
  }

  # This fixes at most one shift per line. But that's all the code does.
  if (/([a-zA-Z_][a-zA-Z_0-9]*) *<< *(\d+)/) {
      $v = $1;
      if (exists $vartypes{$v}) {
  	s/$v *<< *(\d+)/SHL$vartypes{$v}($v,$1)/;
      }
  }

  # remove extra parenthesis
  s/\(SHL64\((.*)\)\)/SHL64\($1\)/;
  s/\(SHL32\((.*)\)\)/SHL32\($1\)/;
  s/\(SHL8\((.*)\)\)/SHL8\($1\)/;
2014-09-28 20:41:05 -04:00
teor
6b155dc1a6 Stop signed left shifts overflowing in ed25519: Macros
The macros let us use unsigned types for potentially overflowing left
shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
2014-09-28 20:38:12 -04:00
Nick Mathewson
5190ec0bc4 Merge remote-tracking branch 'public/require_some_c99' 2014-09-26 11:06:41 -04:00
Nick Mathewson
6e7cbfc465 Avoid a "constant variable guards dead code" warning from coverity
Fixes CID 752028
2014-09-26 09:40:30 -04:00
Nick Mathewson
9fd6fbec28 Regenerate pwbox.c with the latest trunnel
This one should no longer generate dead-code warnings with coverity.
Fingers crossed?  This was CID 1241498
2014-09-26 09:33:24 -04:00
Nick Mathewson
27bd1ef100 Comment-out dead code in ed25519/ref10
There are some loops of the form

       for (i=1;i<1;++i) ...

And of course, if the loop index is initialized to 1, it will never
be less than 1, and the loop body will never be executed.  This
upsets coverity.

Patch fixes CID 1221543 and 1221542
2014-09-26 09:07:44 -04:00
Nick Mathewson
7c52a0555a Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.

Found by coverity; this is CID 1241500
2014-09-26 09:06:36 -04:00
Nick Mathewson
801f4d4384 Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.

[Yes, I used this commit message before, in 58e813d0fc.
Turns out, that fix wasn't right, since I didn't look up a
screen. :P ]
2014-09-26 08:58:15 -04:00
Nick Mathewson
4e87b97872 Fix on that last fix. 2014-09-25 17:59:10 -04:00
Nick Mathewson
9190468246 Fix warnings on 32-bit builds.
When size_t is the most memory you can have, make sure that things
referring to real parts of memory are size_t, not uint64_t or off_t.

But not on any released Tor.
2014-09-25 17:50:13 -04:00
Nick Mathewson
1c5d680b3d Merge branch 'ed25519_ref10_squashed'
Conflicts:
	src/common/include.am
	src/ext/README
2014-09-25 15:11:34 -04:00
Nick Mathewson
46cda485bc Comments and tweaks based on review by asn
Add some documentation

Rename "derive" -> "blind"

Check for failure on randombytes().
2014-09-25 15:08:32 -04:00
Nick Mathewson
6dbd451b9f Add benchmarks for ed25519 functions 2014-09-25 15:08:32 -04:00
Nick Mathewson
9b43a4a122 Add comments to ed25519_vectors.inc 2014-09-25 15:08:32 -04:00
Nick Mathewson
6981341764 Cut the time to run the python ed25519 tests by a factor of ~6
I know it's pointless to optimize them, but I just can't let them
spend all that time in expmod() when native python pow() does the same
thing.
2014-09-25 15:08:32 -04:00
Nick Mathewson
7ca470e13c Add a reference implementation of our ed25519 modifications
Also, use it to generate test vectors, and add those test vectors
to test_crypto.c

This is based on ed25519.py from the ed25519 webpage; the kludgy hacks
are my own.
2014-09-25 15:08:32 -04:00
Nick Mathewson
d10e1bdec4 Add the pure-python ed25519 implementation, for testing. 2014-09-25 15:08:31 -04:00
Nick Mathewson
f0eb7ae79f More documentation for ed25519 stuff. 2014-09-25 15:08:31 -04:00
Nick Mathewson
1d3b33e1ed Fix linux compilation of ed25519_ref10
Our integer-definition headers apparently suck in a definition for
select(2), which interferes with the select() in ge_scalarmult_base.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56 Support for writing ed25519 public/private components to disk.
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899 Restore the operation of extra_strong in ed25519_secret_key_generate 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c Fix API for ed25519_ref10_open()
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.

The unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839 Tweak ed25519 ref10 signing interface to use less space.
Unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e5a1cf9937 Tweak ref10 keygen APIs to be more sane. 2014-09-25 15:08:30 -04:00
Nick Mathewson
87ba033cd5 Add Ed25519 support, wrappers, and tests.
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna.  Tweaked so that it applies to ref10 instead.
2014-09-25 15:08:20 -04:00
Nick Mathewson
50d15e06b3 Use --require-version to prevent running trunnel pre-1.2
(Also, regenerate trunnel stuff with trunnel 1.2.  This just adds a
few comments to our output.)
2014-09-25 14:49:00 -04:00
Nick Mathewson
1b13139709 Add a script to run trunnel on the trunnel files.
Also, re-run the latest trunnel.

Closes ticket 13242
2014-09-25 12:32:08 -04:00
Nick Mathewson
36700ee99e Mention trunnel in LICENSE and src/ext/README 2014-09-25 12:03:46 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
c433736734 Add tests for failing cases of crypto_pwbox 2014-09-25 11:58:14 -04:00
Nick Mathewson
3b7d0ed08e Use trunnel for crypto_pwbox encoding/decoding.
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.

This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401 Adjust pwbox format: use a random IV each time
Suggested by yawning
2014-09-25 11:58:14 -04:00
Nick Mathewson
d0f5d2b662 Test a full array of s2k flags with pwbox test.
Suggested by yawning.
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f Use preferred key-expansion means for pbkdf2, scrypt.
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8d84f3af7b Test vectors for PBKDF2 from RFC6070 2014-09-25 11:58:13 -04:00
Nick Mathewson
b59d0dae14 Test vectors for scrypt from draft-josefsson-scrypt-kdf-00 2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141 Tweak and expose secret_to_key_compute_key for testing
Doing this lets me pass in a salt of an unusual length.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47 Rudimentary-but-sufficient passphrase-encrypted box code.
See crypto_pwbox.c for a description of the file format.

There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
b0767e85b8 Tell autoconf to make the compiler act as c99
Apparently some compilers want extra switches.
2014-09-25 11:36:28 -04:00
Nick Mathewson
0ca8387246 Tweak address.c to use a little c99 syntax
Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.
2014-09-25 11:22:02 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Roger Dingledine
ecab261641 two more typos 2014-09-23 18:30:02 -04:00
Nick Mathewson
6523eff9b3 Send long URLs when requesting ordinary server descriptors too. 2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb fixup! Send more descriptor requests per attempt when using tunneled connections
Limit the number of simultaneous connections to a single router for
server descriptors too.
2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3 fixup! Refactor initiate_descriptor_downloads() to be safer
Calculate digest_len correctly.

Also, refactor setting of initial variables to look a little nicer.
2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
2014-09-23 12:47:39 -04:00
Nick Mathewson
482e3cfa09 fixup! Unit tests for router download functions.
Fix compilation warnings
2014-09-23 12:38:43 -04:00
Nick Mathewson
02464694b2 fixup! Send more descriptor requests per attempt when using tunneled connections
Compilation fixes
2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600 fixup! Download microdescriptors if you're a cache 2014-09-23 12:32:02 -04:00
Nick Mathewson
cae0e7b06b fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Clean up comments on PDS_NO_EXISTING_*
2014-09-23 12:30:47 -04:00
Arlo Breault
bb137e23c1 Unit tests for router download functions.
Also, sort test suites alphabetically.
2014-09-23 12:23:18 -04:00
Arlo Breault
5ed5ac185b Send more descriptor requests per attempt when using tunneled connections 2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474 Refactor initiate_descriptor_downloads() to be safer
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed Make router_pick_directory_server respect PDS_NO_EXISTING_* 2014-09-23 12:19:15 -04:00
Arlo Breault
f752093e16 Re-enable last resort attempt to get via tor.
This looks like a bug introduced in
af658b7828.
2014-09-23 12:15:10 -04:00
Arlo Breault
f591a4d94c Remove a needless if (1) 2014-09-23 12:14:41 -04:00
Arlo Breault
c00b397992 Split dirinfo_type_t computation into a new function 2014-09-23 12:12:57 -04:00
Arlo Breault
2e16856665 Fix a comment typo. 2014-09-23 12:11:06 -04:00
Roger Dingledine
1987157d0c + is not how we say concatenate 2014-09-22 20:09:03 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
80622c0664 Writing comments for newly added functions. 2014-09-22 14:18:01 -04:00
rl1987
2e951f8dda Whitespace fixes 2014-09-22 14:18:00 -04:00
rl1987
0eaf82947d Using the new API in unit-test. 2014-09-22 14:18:00 -04:00
rl1987
c735b60e4c New API for policies_parse_exit_policy(). 2014-09-22 14:18:00 -04:00
George Kadianakis
d9968dd0ab Scrub from logs the name of the RP we picked. 2014-09-22 19:16:30 +01:00
Adrien BAK
8858194952 Remove config options that have been obsolete since 0.2.3 2014-09-22 10:55:01 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
1a1e695800 Merge remote-tracking branch 'public/bug7733a' 2014-09-22 10:38:05 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
530fac10aa Use optimistic data even if we don't know exitnode->rs
I think we should know the routerstatus for our exit relay, since
we built a circuit to it. So I think this is just a code simplication.
2014-09-21 19:12:20 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
4c8b809b96 get rid of trivial redundant comment 2014-09-21 18:56:48 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
58e813d0fc Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.
2014-09-18 11:13:57 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
bb175dac96 Activate INSTRUMENT_DOWNLOADS under clang analyzer as well as coverity
Patch from teor; ticket 13177.
2014-09-18 10:23:33 -04:00
Nick Mathewson
3f9fac7ee4 Fix a windows unused-arg warning 2014-09-17 11:00:27 -04:00
Nick Mathewson
35156ffcc3 Merge remote-tracking branch 'public/ticket_13119_v3' 2014-09-17 10:27:40 -04:00
Peter Palfrader
64f65f2359 torrc.sample: Fix units 2014-09-16 12:03:47 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
ef9a0d2048 Add script to detect and remove unCish malloc-then-cast pattern
Also, apply it.
2014-09-16 10:57:00 -04:00
Nick Mathewson
ea72b4f60a clean up eol whitespace from coccinelle-generated patches 2014-09-16 09:40:38 -04:00
Nick Mathewson
a6627fdb80 Remove the legacy_test_helper and legacy_setup wrappers
These wrappers went into place when the default type for our unit
test functions changed from "void fn(void)" to "void fn(void *arg)".

To generate this patch, I did the same hokey-pokey as before with
replacing all operators used as macro arguments, then I ran a
coccinelle script, then I ran perl script to fix up everything that
used legacy_test_helper, then I manually removed the
legacy_test_helper functions, then I ran a final perl script to put
the operators back how they were.

==============================
 #!/usr/bin/perl -w -i -p

s/==,/_X_EQ_,/g;
s/!=,/_X_NE_,/g;
s/<,/_X_LT_,/g;
s/>,/_X_GT_,/g;
s/>=,/_X_GEQ_,/g;
s/<=,/_X_LEQ_,/g;

--------------------

@@
identifier func =~ "test_.*$";
statement S, S2;
@@
 static void func (
-void
+void *arg
 )
 {
 ... when != S2
+(void) arg;
 S
 ...
 }

--------------------
 #!/usr/bin/perl -w -i -p

s/, *legacy_test_helper, *([^,]+), *\&legacy_setup, *([^\}]+) *}/, $2, $1, NULL, NULL }/g;

--------------------
 #!/usr/bin/perl -w -i -p

s/_X_NEQ_/!=/g;
s/_X_NE_/!=/g;
s/_X_EQ_/==/g;
s/_X_GT_/>/g;
s/_X_LT_/</g;
s/_X_GEQ_/>=/g;
s/_X_LEQ_/<=/g;

--------------------
2014-09-16 09:30:22 -04:00
Nick Mathewson
d684657548 Replace all uses of test_{str,}eq 2014-09-15 21:36:23 -04:00
Nick Mathewson
34bf9b3690 Replace the remaining test_assert instances 2014-09-15 21:29:48 -04:00
Nick Mathewson
0e0cef1d60 remove two unused test_* macros 2014-09-15 21:28:26 -04:00
Nick Mathewson
0d654d2355 Replace remaining uses of deprecated test_mem* functions 2014-09-15 21:27:23 -04:00
Nick Mathewson
1146a6a1c5 Replace the remaining test_n?eq_ptr calls 2014-09-15 21:25:27 -04:00
Nick Mathewson
5253ba3184 Make not even macros use test_fail_msg. 2014-09-15 21:22:36 -04:00
Nick Mathewson
0243895792 Use coccinelle scripts to clean up our unit tests
This should get rid of most of the users of the old test_*
functions.  Some are in macros and will need manual cleanup, though.

This patch is for 13119, and was automatically generated with these
scripts.  The perl scripts are there because coccinelle hates
operators as macro arguments.

------------------------------

s/==,/_X_EQ_,/g;
s/!=,/_X_NE_,/g;
s/<,/_X_LT_,/g;
s/>,/_X_GT_,/g;
s/>=,/_X_GEQ_,/g;
s/<=,/_X_LEQ_,/g;

------------------------------
@@
expression a;
identifier func;
@@
 func (...) {
<...
-test_fail_msg
+TT_DIE
 (
+(
 a
+)
 )
 ...>
 }

@@
identifier func;
@@
 func (...) {
<...
-test_fail()
+TT_DIE(("Assertion failed."))
 ...>
 }

@@
expression a;
identifier func;
@@
 func (...) {
<...
-test_assert
+tt_assert
	(a)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_eq
+tt_int_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_neq
+tt_int_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_streq
+tt_str_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_strneq
+tt_str_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func (...) {
<...
-test_eq_ptr
+tt_ptr_op
 (a,
+_X_EQ_,
  b)
 ...>
 }

@@
expression a, b;
identifier func;
@@
 func() {
<...
-test_neq_ptr
+tt_ptr_op
 (a,
+_X_NEQ_,
  b)
 ...>
 }

@@
expression a, b, len;
identifier func;
@@
 func (...) {
<...
-test_memeq
+tt_mem_op
 (a,
+_X_EQ_,
  b, len)
 ...>
 }

@@
expression a, b, len;
identifier func;
@@
 func (...) {
<...
-test_memneq
+tt_mem_op
 (a,
+_X_NEQ_,
  b, len)
 ...>
 }

------------------------------
@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a == b
+a, _X_EQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a != b
+a, _X_NEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a >= b
+a, _X_GEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a <= b
+a, _X_LEQ_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a > b
+a, _X_GT_, b
 )
 ...>
}

@@
char a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_int_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
unsigned int a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

@@
unsigned long a, b;
identifier func;
@@
 func (...) {
<...
-tt_assert
+tt_uint_op
 (
-a < b
+a, _X_LT_, b
 )
 ...>
}

------------------------------

s/_X_NEQ_/!=/g;
s/_X_NE_/!=/g;
s/_X_EQ_/==/g;
s/_X_GT_/>/g;
s/_X_LT_/</g;
s/_X_GEQ_/>=/g;
s/_X_LEQ_/<=/g;

s/test_mem_op\(/tt_mem_op\(/g;
2014-09-15 21:18:21 -04:00
Nick Mathewson
0bd220adcb Don't pass invalid memory regions to digestmap_set/get in test_routerlist
Fixes bug in c887e20e6a5a2c17c65; bug in no released Tor version.
2014-09-15 14:04:19 -04:00
Nick Mathewson
1dc0d26b50 Clean up a clangalyzer warning in directory_remove_invalid
"At this point in the code, msg has been set to a string
constant. But the tor code checks that msg is not NULL, and the
redundant NULL check confuses the analyser[...] To avoid this
spurious warning, the patch initialises msg to NULL."

Patch from teor. another part of 13157.
2014-09-15 13:52:56 -04:00
Nick Mathewson
53a94c4b4b Clear up another clangalyzer issue
"The NULL pointer warnings on the return value of
tor_addr_to_in6_addr32() are incorrect. But clang can't work this
out itself due to limited analysis depth. To teach the analyser that
the return value is safe to dereference, I applied tor_assert to the
return value."

Patch from teor.  Part of 13157.
2014-09-15 13:52:13 -04:00
George Kadianakis
bc80b0a50c Write some unittests for Tor2webRendezvousPoints. 2014-09-15 16:07:48 +03:00
George Kadianakis
a72b92676e Fix up testhelper to be used by the entryguard unittests. 2014-09-15 16:07:48 +03:00
George Kadianakis
532ab7e13c Move some useful unittest functions to a testhelper.c file.
This commit only moves code.
2014-09-15 16:07:48 +03:00
George Kadianakis
6c512d2f63 Fix a tor2web log message that referenced the wrong configure switch. 2014-09-15 16:07:48 +03:00
George Kadianakis
24a7726955 Implement Tor2webRendezvousPoints functionality. 2014-09-15 16:07:48 +03:00
George Kadianakis
3e7c5e9f44 Block circuit canibalization when Tor2webRendezvousPoints is active. 2014-09-15 16:07:48 +03:00
George Kadianakis
e02138eb65 Introduce the Tor2webRendezvousPoints torrc option. 2014-09-15 16:07:46 +03:00
Roger Dingledine
d6b2a1709d fix typo in comment 2014-09-13 17:10:04 -04:00
Nick Mathewson
550c03336c Bump maint-0.2.5 to 0.2.5.7-rc-dev 2014-09-11 21:38:32 -04:00
Nick Mathewson
89e32c7c08 One more whitespace fix 2014-09-11 14:40:24 -04:00
Nick Mathewson
32f75c870e Whitespace cleanups in test_util 2014-09-11 14:37:12 -04:00
Nick Mathewson
6d66e9068b Whitespace cleanups in transports/test_pt 2014-09-11 14:36:51 -04:00
Nick Mathewson
43a47ae726 Use tor_malloc_zero() in pt tests
Fixes for PT tests merged with 8402; patch from Yawning.
2014-09-11 09:17:13 -04:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Nick Mathewson
121f4a9ca4 Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 08:30:41 -04:00
Nick Mathewson
d02937a203 Fix "comparison is always false" warnings in new test_util_di_ops
Having a constant zero means that unsigned < 0 is always false.
2014-09-11 08:28:46 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
2491eadf00 C90 compliance for #13104 fixes 2014-09-11 00:10:53 -04:00
Nick Mathewson
284cc9a224 Avoid an overflow on negation in format_helper_exit_status
Part of 13104; patch from teor.
2014-09-11 00:00:13 -04:00
Nick Mathewson
59f9a5c786 Avoid divide by zero and NaNs in scale_array_elements_to_u64
Patch from teor; part of 13104
2014-09-10 23:59:21 -04:00
Nick Mathewson
5126bc2ebd Extra tests for tor_memeq and memcmp
(Patch from teor; part of 13104)
2014-09-10 23:58:02 -04:00
Nick Mathewson
d2463c0cfe Avoid overflows and underflows in sscanf and friends
(Patch from teor on 13104)
2014-09-10 23:57:31 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
5474d8ae05 Merge remote-tracking branch 'public/torrc_minimal' 2014-09-10 23:36:27 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
6e2ef4bc5e Refactor the 'deliver a log message' logic to its own function. 2014-09-10 22:58:36 -04:00
Nick Mathewson
de114587f0 Turn log loop into a for loop, and "Does this lf want this" into a fn 2014-09-10 22:39:55 -04:00
Nick Mathewson
15a318b49a Refactor pending_cb_message_t into a type with proper functions
Also, rename it.
2014-09-10 22:35:16 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Nick Mathewson
40b7dfaed2 Remove now-pointless SIZE_MAX stanza from OpenBSD_malloc_linux 2014-09-09 12:09:18 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
David Stainton
b59fd2efb6 Fix permissions logic 2014-09-04 22:21:30 +00:00
Sebastian Hahn
8356721662 Fix add_fingerprint_to_dir() doc and signature
This function never returns non-null, but its usage doesn't reflect
that. Let's make it explicit. This will be mostly overridden by later
commits, so no changes file here.
2014-09-04 22:22:56 +02:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
David Stainton
59e052b896 Remove HiddenServiceDirGroupReadable from or_options_t
...and also fix whitespace.
2014-09-03 17:22:15 +00:00
Nick Mathewson
ed8f020e20 Fix a couple of small memory leaks on failure cases.
[CID 1234702, 1234703]
2014-09-03 10:59:39 -04:00
Nick Mathewson
c4d0d30bf3 Fix some 'dereference-before-null-check' warnings in test_circuitlist.c
Found by Coverity Scan.

[CID 1234704, 1234705, 1234706]
2014-09-03 10:59:10 -04:00
Nick Mathewson
0e66edb254 Fix the leaks that valgrind found in the new routerset tests.
(We have a tests-shouldn't-leak policy so that we won't accidentally
ignore true-positives.)
2014-09-03 09:51:14 -04:00
David Stainton
7203040835 Fix regression nickm pointed out 2014-09-03 03:53:32 +00:00
Nick Mathewson
9ab35b0a2e Use 'Bytes', not 'B', in torrc.sample.
Also put this change into torrc.minimal.in-staging

Closes ticket 10343
2014-09-02 19:18:21 -04:00
Magnus Nord
d0113a0c2a Fix: typo in torrc.sample.in 2014-09-02 19:16:16 -04:00
Nick Mathewson
8a79b56ac6 Divide torrc.sample into torrc.sample and torrc.minimal
torrc.minimal is now the one that should change as infrequently as
possible.  To schedule an change to go into it eventually, make your
change to torrc.minimal.in-sample.

torrc.sample is now the volatile one: we can change it to our hearts'
content.

Closes ticket #11144
2014-09-02 19:14:30 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
Nick Mathewson
bce32e0a35 Fix more (void*)11 warnings in the tests 2014-09-02 15:40:47 -04:00
Nick Mathewson
a14c6cb70f Make iter for DECLARE_TYPED_DIGESTMAP_FNS be a pointer.
This fixes a clangalyzer warning, and makes our C slightly better C.
2014-09-02 15:40:04 -04:00
David Stainton
6e4efb559d Fix white space 2014-09-02 18:08:57 +00:00
Nick Mathewson
44f0dfa53b Use real pointers in unit tests, not (void*)101 etc
The clangalyzer hates (void*)101 etc
2014-09-02 13:56:54 -04:00
Nick Mathewson
32b88d2565 Don't include a backtrace test for dereferencing 0 under analyzers
They hate this.
2014-09-02 13:56:31 -04:00
Nick Mathewson
9b850f9200 Add more assertions to esc_for_log to please the clangalyzer. 2014-09-02 13:29:45 -04:00
Nick Mathewson
07a16b3372 Add an assertion to read_file_to_str_until_eof
The clangalyzer doesn't believe our math here.  I'm pretty sure our
math is right.  Also, add some unit tests.
2014-09-02 13:29:11 -04:00
Nick Mathewson
1a2f2c163f Explicitly initialize addresses in tor_ersatz_socketpair
This should stop a false positive from the clangalyzer.
2014-09-02 12:58:32 -04:00
Nick Mathewson
57c48bf734 Apply the MALLOC_ZERO_WORKS fixup to tor_realloc as well.
Also, make MALLOC_ZERO_WORKS never get applied when clang analyzer is
running.  This should make the clangalyzer a little happier.
2014-09-02 12:55:20 -04:00
Nick Mathewson
00ffccd9a6 Another clang analyzer complaint wrt HT_GENERATE
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
87f9c51f64 Avoid unsigned/sign compare warning from last patch. 2014-09-01 15:42:17 -04:00
Philip Van Hoof
60a3897ed9 Bounds check while looping over a fixed size table or array
(Edited to use existing ARRAY_LENGTH macro --nickm)
2014-09-01 15:40:47 -04:00
meejah
7caf7e9f2a Make HiddenServiceDirGroupReadable per-hidden-service 2014-08-30 15:23:05 -06:00
meejah
ae18c0812e fix two typos 2014-08-30 15:23:05 -06:00
David Stainton
6b9016fe3c Correct check_private_dir's dir mode
This commit attempts to satisfy nickm's comment on check_private_dir() permissions:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12
"""check_private_dir() ensures that the directory has bits 0700 if CPD_CHECK_MODE_ONLY is not set. Shouldn't it also ensure that the directory has bits 0050 if CPD_CHECK_MODE_ONLY is not set, and CPD_GROUP_READ is set?"""
2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Nick Mathewson
573d62748a Fix some coverity warnings in new routerset tests 2014-08-29 15:09:27 -04:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
dana koch
c887e20e6a Introduce full coverage tests for module routerset.c.
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
d8fe499e08 Revert "restore the sensible part of ac268a83408e1450544db2f23f364dfa3"
This reverts commit b82e166bec.

We don't need that part in 0.2.5, since 0.2.5 no longer supports
non-multithreaded builds.
2014-08-29 12:25:05 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
b82e166bec restore the sensible part of ac268a8340
We don't want to call event_del() postfork, if cpuworkers are
multiprocess.
2014-08-29 12:21:57 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
e72a5b3c07 Move secret-to-key functionality into a separate module
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b Initialize crash handler in unit tests
This way, we don't get locking failures when we hit an assertion in
the unit tests.  Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
Nick Mathewson
b2acd3580c ed25519_ref10: use uint64_t and int64_t, not long long 2014-08-26 10:58:26 -04:00
Nick Mathewson
8b36bb9299 Add headers as needed to make ed25519_ref10 compile. 2014-08-26 10:56:22 -04:00
Nick Mathewson
8594e97c03 Add some explicit casts as needed to make ed25519_ref10 compile
Apparently, ref10 likes implicit conversions from int64 to int32 more
than our warnings do.
2014-08-26 10:14:18 -04:00
Nick Mathewson
4847136d2c Integrate ed25519_ref10 into our build system. 2014-08-26 10:11:56 -04:00
Nick Mathewson
b40ac6808f Add the ed25519 ref10 code verbatim from supercop-20140622
We might use libsodium or ed25519-donna later on, but for now, let's
see whether this is fast enough.  We should use it in all cases when
performance doesn't matter.
2014-08-26 10:08:44 -04:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Isis Lovecruft
374b531dba
Add published line to @type bridge-network-status documents.
This modifies the format of the bridge networkstatus documents produced
by the BridgeAuth. The new format adds a `published` line to the header
of the file, before the `flag-thresholds` line. This is done once per
networkstatus file that is written. The timestamp in the `published`
line is the standard ISO 8601 format (with a space as the separator)
used throughout the rest of tor.

 * FIXES #12951 https://bugs.torproject.org/12951
2014-08-25 23:46:17 +00:00
Nick Mathewson
051dd9c409 Remove the assigned-but-unused chosen_named_idx local variable
It had been used in consensus method 1.  But now that 13 is the
minimum (see #10163), we don't need it around.

Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
72ba1739e2 Fix another memory leak case in sandbox.c:prot_strings()
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c Use the ARRAY_LENGTH macro more consistently. 2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d Remove the non-implemented versions of the sandbox _array() functions 2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
d6033843a4 When looking for conns to close, count the age of linked queued data
Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.
2014-08-24 13:04:45 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
d31bcc4b23 Tidy status handling in rendservice.c
We had some code to fix up the 'status' return value to -1 on error
if it wasn't set, but it was unreachable because our code was
correct.  Tweak this by initializing status to -1, and then only
setting it to 0 on success.  Also add a goto which was missing: its
absence was harmless.

[CID 718614, 718616]
2014-08-22 12:23:01 -04:00
Nick Mathewson
523587a5cf fix memory leak on failure in sandbox.c:prot_strings()
[CID 1205014]
2014-08-21 11:40:48 -04:00
Nick Mathewson
35b2e11755 Store sandbox params as char *, since that's what they are.
This allows coverity to infer that we aren't leaking them.

[Fixes a lot of CIDs]
2014-08-21 11:22:42 -04:00
Nick Mathewson
446e481c90 Check for duplicate arguments to tor-gencert
Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00
Nick Mathewson
a66fff6381 Mark one use of networkstatus_check_document_signature as (void)
Also explain why we aren't checking its return value.

[CID 1198197]
2014-08-21 11:22:42 -04:00
Nick Mathewson
059e33de59 remove meaningless checks for chunks==NULL in dirserv stuff
Also, make it clearer that chunks cannot be NULL

[CID 1031750, 1031751]
2014-08-21 11:22:42 -04:00
Nick Mathewson
917e1042f7 Suppress coverity warning about overflowing in safe_mem_is_zero
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 11:22:42 -04:00
Nick Mathewson
7bc25b5a78 Avoid performing an assert on an always-true value
This was freaking out coverity.

[CID 743379]
2014-08-21 11:22:42 -04:00
Nick Mathewson
c43e45d0ea Suppress coverity warning about overflowing in tor_memeq.
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 10:44:13 -04:00
Nick Mathewson
0de7565dfd Check return values for fcntl in tor_spawn_background.
[CID 718609]
2014-08-21 10:38:19 -04:00
Nick Mathewson
377b5c0510 Allow rend_service_intro_free to get called with NULL
(We allowed it previously, but produced an LD_BUG message when it
happened, which is not consistent

Also, remove inconsistent NULL checks before calling
rend_service_intro_free.

(Removing the check is for CID 718613)
2014-08-21 10:34:29 -04:00
Nick Mathewson
c9cac69ac6 Remove a dead check for errmsg in handle_control_authenticate
Coverity doesn't like doing NULL checks on things that can't be
NULL; I like checking things where the logic for their not being
NULL is nontrivial.  Let's compromise, and make it obvious that this
field can't be NULL.

[Coverity CID 202004]
2014-08-21 10:27:43 -04:00
Nick Mathewson
e6a05c1c54 Add a missing goto to an unusable branch and make the branch LD_BUG.
(It's LD_BUG to reach this point because the hashed password values
were tested earlier from options_validate)

[Coverity CID 1232091]
2014-08-21 10:21:17 -04:00
Nick Mathewson
2a0a5fe612 Explicitly cast when dividing ints then implicitly casting to double.
Coverity thinks that when we do "double x = int1/int2;", we probably
meant "double x = ((double)int1) / int2;".  In these cases, we
didn't.

[Coverity CID 1232089 and 1232090]
2014-08-21 10:19:26 -04:00
Nick Mathewson
b6a725c67e Fix memory leaks in test_entrynodes.c
[Coverity CID 1232087 and 1232088]
2014-08-21 10:18:17 -04:00
Nick Mathewson
2cf229ab60 Make the two branches of tor_tls_used_v1_handshake into one.
(Coverity thinks that "if (a) X; else X;" is probably a bug.)

[Coverity CID 1232086]
2014-08-21 10:12:54 -04:00
Nick Mathewson
916fba2243 Merge branch 'bug12205_take2_squashed' 2014-08-20 15:32:48 -04:00
Nick Mathewson
2994f00199 Whitespace fixes 2014-08-20 15:32:35 -04:00
Nick Mathewson
a5fe84b5a6 Small cleanups to test_entry_is_time_to_retry 2014-08-20 15:31:25 -04:00
rl1987
8b539cc276 Unit testing entry_is_time_to_retry(). 2014-08-20 15:29:56 -04:00
rl1987
c731a1c68f Write comments for members of periods array. 2014-08-20 15:29:56 -04:00
rl1987
197d855009 Rewriting entry_is_time_to_retry() using table approach. 2014-08-20 15:29:55 -04:00
Nick Mathewson
01a0ab02a3 Merge branch 'bug10116_squashed' 2014-08-20 14:52:24 -04:00
Nick Mathewson
7f5a440421 Don't allocate an extra smartlist in the OOM handler
Fixes issue 10116
2014-08-20 14:50:38 -04:00
Nick Mathewson
82d4b60b91 fix remaining compilation problems 2014-08-20 14:50:37 -04:00
Nick Mathewson
7c61d10c6c Fix return value of tor_fd_seekend.
Previously, we had documented it to return -1 or 0, when in fact
lseek returns -1 or the new position in the file.

This is harmless, since we were only checking for negative values
when we used tor_fd_seekend.
2014-08-20 13:49:25 -04:00
Nick Mathewson
a32913d5aa Allow named pipes for our log files.
Closes ticket 12061. Based on a patch from "carlo von lynX" on tor-dev at
  https://lists.torproject.org/pipermail/tor-dev/2014-April/006705.html
2014-08-20 13:45:16 -04:00
Nick Mathewson
fb762f6db0 Merge remote-tracking branch 'public/bug11787' 2014-08-20 13:34:02 -04:00
Nick Mathewson
c57e8da4ea Merge remote-tracking branch 'public/bug12908_025' 2014-08-20 12:58:26 -04:00
Sathyanarayanan Gunasekaran
a3fe8b1166 Warn if Tor is a relay and a HS
Closes 12908; see #8742
2014-08-20 12:56:57 -04:00
Nick Mathewson
d0009cb8e8 Merge remote-tracking branch 'public/bug12728_024' 2014-08-20 12:44:15 -04:00
George Kadianakis
d28670c94f Fix entrynodes test fails because of outdated test vectors. 2014-08-20 10:25:27 -04:00
Nick Mathewson
764cebb4d9 Merge remote-tracking branch 'public/bug12700_024' 2014-08-20 09:00:41 -04:00
Nick Mathewson
ec59167cae When counting memory from closing a connection, count the dir conn too
Fix part of bug 11972
2014-08-18 15:21:50 -04:00
Nick Mathewson
1196ed7cc4 Fix relay_command_to_string(); solve 12700.
Two bugs here:
  1) We didn't add EXTEND2/EXTENDED2 to relay_command_to_string().

  2) relay_command_to_string() didn't log the value of unrecognized
     commands.

Both fixed here.
2014-08-18 13:21:40 -04:00
Nick Mathewson
2937de2180 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-18 10:20:37 -04:00
Nick Mathewson
b159ffb675 Fix windows warning introduced by 0808ed83f9
This will fix the warning
   "/src/or/config.c:6854:48: error: unused parameter 'group_readable'"
that I introduced while fixing 12864.

Bug not in any released version of Tor.
2014-08-18 10:19:05 -04:00
Nick Mathewson
d38aa5545f Remove implementation code for all pre-13 consensus methods.
Also remove a test for the way that we generated parameter votes
before consensus method 12.
2014-08-15 18:11:26 -04:00
Nick Mathewson
908bd4cee3 Remove support for generating consensuses with methods <= 9.
The last patch disabled these; this one removes the code to implement
them.
2014-08-15 18:05:53 -04:00
Nick Mathewson
df99ce2395 No longer advertise or negotiate any consensus method before 13.
Implements proposal 215; closes ticket 10163.

Why?  From proposal 215:

   Consensus method 1 is no longer viable for the Tor network.  It
   doesn't result in a microdescriptor consensus, and omits other
   fields that clients need in order to work well.  Consensus methods
   under 12 have security issues, since they let a single authority
   set a consensus parameter.
...
   For example, while Tor 0.2.4.x is under development, authorities
   should really not be running anything before Tor 0.2.3.x.  Tor
   0.2.3.x has supported consensus method 13 since 0.2.3.21-rc, so
   it's okay for 0.2.4.x to require 13 as the minimum method.  We even
   might go back to method 12, since the worst outcome of not using 13
   would be some warnings in client logs.  Consensus method 12 was a
   security improvement, so we don't want to roll back before that.
2014-08-15 17:57:37 -04:00
Nick Mathewson
1f35fd0017 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-15 17:41:13 -04:00
Nick Mathewson
967b4e7c54 Merge remote-tracking branch 'asn/nickm-bug12864_025' into maint-0.2.5 2014-08-15 17:40:13 -04:00
Nick Mathewson
664b2645fb Hand-fix a few global_circuit_list cases 2014-08-15 16:32:32 -04:00
Nick Mathewson
6969bd9a02 Autoconvert most circuit-list iterations to smartlist iterations
Breaks compilation.

Used this coccinelle script:

@@
identifier c;
typedef circuit_t;
iterator name TOR_LIST_FOREACH;
iterator name SMARTLIST_FOREACH_BEGIN;
statement S;
@@
- circuit_t *c;
   ...
- TOR_LIST_FOREACH(c, \(&global_circuitlist\|circuit_get_global_list()\), head)
+ SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c)
  S
+ SMARTLIST_FOREACH_END(c);
2014-08-15 16:23:22 -04:00
George Kadianakis
112c984f92 Some documentation fixes for #12864. 2014-08-15 23:12:06 +03:00
Nick Mathewson
db2af2abb0 Start converting circuitlist to smartlist. 2014-08-15 15:58:00 -04:00
Nick Mathewson
33fab2846a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-15 10:07:04 -04:00
Nick Mathewson
0cb028b7c0 Remove stale printfs from buffer/zlib_fin_at_chunk_end test
These got committed by mistake.
2014-08-15 09:34:10 -04:00
Nick Mathewson
0fc2d0edce Documentation fix for policy_summarize().
Spotted by "epilys"
2014-08-15 08:53:29 -04:00
Nick Mathewson
0808ed83f9 Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
2014-08-15 08:30:44 -04:00
Nick Mathewson
c69e96680a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 23:15:44 -04:00
Nick Mathewson
d443658fad Merge remote-tracking branch 'public/bug12848_024' into maint-0.2.5
Conflicts:
	src/or/circuitbuild.c
2014-08-13 23:14:28 -04:00
Nick Mathewson
283730ad1c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 15:11:52 -04:00
Nick Mathewson
789c8d8573 Apply an MSVC compilation fix from Gisle Vanem
This fixes a double-define introduced in 28538069b2
2014-08-13 15:11:00 -04:00
Nick Mathewson
9114346d32 Merge remote-tracking branch 'public/use_calloc' 2014-08-13 15:01:04 -04:00
Nick Mathewson
938deecc87 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 12:52:57 -04:00
Nick Mathewson
fa7ce6d3be Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-08-13 12:52:40 -04:00
Nick Mathewson
b45f0f8fb9 Merge remote-tracking branch 'karsten/geoip6-aug2014' into maint-0.2.4 2014-08-13 12:51:38 -04:00
Nick Mathewson
244ca67e47 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-08-13 12:51:27 -04:00
Nick Mathewson
4570805efd Fix whitespace issues 2014-08-13 10:42:20 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00
Nick Mathewson
19b137bc05 Add reallocarray clone so we can stop doing multiply-then-reallocate 2014-08-13 10:39:56 -04:00
Karsten Loesing
6235b4769d Update geoip6 to the August 7 2014 database. 2014-08-13 16:16:11 +02:00
Karsten Loesing
b98e3f9936 Update geoip to the August 7 2014 database. 2014-08-13 16:08:33 +02:00
Nick Mathewson
0044d74b3c Fix another case of 12848 in circuit_handle_first_hop
I looked for other places where we set circ->n_chan early, and found
one in circuit_handle_first_hop() right before it calls
circuit_send_next_onion_skin(). If onion_skin_create() fails there,
then n_chan will still be set when circuit_send_next_onion_skin()
returns. We should probably fix that too.
2014-08-12 12:15:09 -04:00
Nick Mathewson
981e037fd3 Add an extra check in channel_send_destroy for circID==0
Prevents other cases of 12848.
2014-08-12 12:14:05 -04:00
Nick Mathewson
b32a8b024c Don't send DESTROY to circID 0 when circuit_deliver_create_cell fails
Cypherpunks found this and wrote this patch.

Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
2014-08-12 12:12:02 -04:00
Nick Mathewson
bb68c731b8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-08 10:09:17 -04:00
Roger Dingledine
fcac4b4467 Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
2014-08-06 18:30:14 -04:00
Roger Dingledine
0c869af7f8 fix three typos in comments 2014-08-06 02:20:51 -04:00
Nick Mathewson
04007448b9 Correctly remove extraneous space in router family lines
Fixes bug 12728; bugfix on 0.2.1.7-alpha when the SPLIT_IGNORE_SPACE
option was added.
2014-08-05 11:09:08 -04:00
Roger Dingledine
374611d9f6 and oh hey, repeat code :) 2014-08-03 15:45:07 -04:00
Roger Dingledine
52d5ef5aff fix typo 2014-08-03 15:43:21 -04:00
Andrea Shepard
2d4241d584 Merge and refactor redundant parse_client_transport_line() and parse_server_transport_line() functions 2014-07-31 12:50:34 -07:00
Andrea Shepard
4a5164fd86 Replace all calls to parse_client_transport_line() or parse_server_transport_line() with new parse_transport_line() stub 2014-07-28 19:32:23 -07:00
Peter Palfrader
f8cbba7a33 Cast long long arguments to (int) for tt_int_op() 2014-07-28 15:42:20 -04:00
Roger Dingledine
77609161f3 bump to 0.2.5.6-alpha 2014-07-28 04:13:18 -04:00
Roger Dingledine
fcbb21b414 bump to 0.2.4.23 2014-07-28 04:07:36 -04:00
Roger Dingledine
6c4a26b8ca Merge branch 'maint-0.2.5' 2014-07-28 02:47:43 -04:00
Roger Dingledine
29a82b5a8b Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-28 02:47:15 -04:00
Roger Dingledine
68a2e4ca4b Warn and drop the circuit if we receive an inbound 'relay early' cell
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
2014-07-28 02:44:05 -04:00
Arlo Breault
8f70d756fb Confusing log message when circuit can't be extended 2014-07-27 15:01:15 -04:00
Andrea Shepard
5d81fd25a0 Add unit test for ClientTransportPlugin/ServerTransportPlugin config line parsing 2014-07-25 21:42:12 -07:00
Andrea Shepard
b8b46e8ef8 Add some mocks needed to unit test ClientTransportPlugin/ServerTransportPlugin config line parsing 2014-07-25 21:41:03 -07:00
Andrea Shepard
18c97ad8bc Expose parse_client_transport_line() and parse_server_transport_line() for the test suite 2014-07-25 17:49:47 -07:00
Nick Mathewson
d5558f0072 circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"
Roger spotted this on tor-dev in his comments on proposal 221.

(Actually, detect DESTROY vs everything else, since arma likes
network timeout indicating failure but not overload indicating failure.)
2014-07-25 11:59:00 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
bdc2cefd4e Merge branch 'maint-0.2.5' 2014-07-24 19:49:29 -04:00
Nick Mathewson
1b551823de Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Roger Dingledine
a3d8ffe010 fix typo that crept in to 0.2.4.4-alpha 2014-07-24 17:07:39 -04:00
Roger Dingledine
eb3e0e3da3 Merge branch 'maint-0.2.5' 2014-07-24 16:30:50 -04:00
Roger Dingledine
a57c07b210 Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.

Implements ticket 12690.
2014-07-24 16:24:17 -04:00
Roger Dingledine
bc9866e13f Merge branch 'maint-0.2.5' 2014-07-24 16:23:26 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
dfe80c966d Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-23 21:28:58 -04:00
Nick Mathewson
5c200d9be2 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-07-23 21:28:42 -04:00
Nick Mathewson
303d7f55d9 Merge branch 'curve25519-donna32' into maint-0.2.4 2014-07-23 21:28:18 -04:00
Nick Mathewson
641c1584f7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-21 14:30:27 -04:00
Nick Mathewson
e0aa88d106 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-07-21 14:30:09 -04:00
Nick Mathewson
75501dbe4a Merge remote-tracking branch 'karsten/geoip6-jul2014' into maint-0.2.4 2014-07-21 14:29:43 -04:00
Nick Mathewson
015f710f72 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-07-21 14:29:30 -04:00
Nick Mathewson
e7e92fb2f9 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-21 14:01:00 -04:00
Sathyanarayanan Gunasekaran
3af2a5d00e Fix warning on building with bufferevents
Fixes #11578
2014-07-21 13:58:14 -04:00
Nick Mathewson
486bd4fae7 Use safe_str in channel_dumpstats: improve 12184 diagnostic 2014-07-18 21:20:44 +02:00
Karsten Loesing
6345dfa1fe Update geoip6 to the July 10 2014 database. 2014-07-18 16:31:25 +02:00
Karsten Loesing
6d5efbef22 Update geoip to the July 10 2014 database. 2014-07-18 16:28:50 +02:00
Nick Mathewson
a36cd51b59 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-17 11:34:33 +02:00
Nick Mathewson
f6a776d915 Merge remote-tracking branch 'public/bug12602_024' into maint-0.2.5 2014-07-17 11:32:16 +02:00
Nick Mathewson
66798dfdc0 Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression.  Patch from
dhill, who attributes it to "OpenBSD".  Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
2014-07-17 11:25:56 +02:00
Nick Mathewson
7259e3f604 Move test_descriptors.txt to an include file
Making the text file work out-of-tree didn't work on windows.

Maybe we can get it working that way later.
2014-07-16 22:37:00 +02:00
Nick Mathewson
facecce176 Fix tests when building out-of-tree
(This was too hard. Silly autoconf.)
2014-07-16 21:07:22 +02:00
Nick Mathewson
b408125288 Merge remote-tracking branch 'andrea/bug11302' 2014-07-16 16:58:41 +02:00
Nick Mathewson
5690284559 Fix wide lines, make entry_is_live() non-inline 2014-07-16 16:52:16 +02:00
Nick Mathewson
368ff2291b Merge remote-tracking branch 'asn/bug12202' 2014-07-16 16:49:07 +02:00
Nick Mathewson
f74a932e0b Merge remote-tracking branch 'sysrqb/bug12573' 2014-07-16 15:38:10 +02:00
Nick Mathewson
d8705ec720 Merge remote-tracking branch 'asn/bug12207_second_draft' 2014-07-16 15:33:00 +02:00
Nick Mathewson
8c7fbdf3af fix a c99-ism 2014-07-16 15:30:14 +02:00
Nick Mathewson
867f5e6a76 Add a tor_ftruncate to replace ftruncate.
(Windows doesn't have ftruncate, and some ftruncates do not move the
file pointer to the start of the file.)
2014-07-16 13:58:55 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
3f683aadcd When making a tempdir for windows unit tests, avoid an extra backslash
The extra \ is harmless, but mildly unpleasant.

Fixes 12392; bugfix on 0.2.2.25-alpha where we started using
GetTempDir().  Based on a patch by Gisle Vanem.
2014-07-16 11:39:03 +02:00
Nick Mathewson
4da4c4c63f Apply GeoIPExcludeUnknown before checking transitions
Otherwise, it always seems as though our Exclude* options have
changed, since we're comparing modified to unmodified values.

Patch from qwerty1. Fixes bug 9801. Bugfix on 0.2.4.10-alpha, where
GeoIPExcludeUnknown was introduced.
2014-07-16 11:14:59 +02:00
Nick Mathewson
7591ce64fb Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-16 11:01:20 +02:00
Anthony G. Basile
d504a4e36f src/or/connection.c: expose bucket_millis_empty for bufferevents test
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends.  This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.

This patch moves the functions outside the #ifndef and exposes them.

See downstream bug:

	https://bugs.gentoo.org/show_bug.cgi?id=510124
2014-07-16 10:37:00 +02:00
Nick Mathewson
5d2045ee8b diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
Nick Mathewson
32495ee309 Add another 8387 diagnostic
When we run into bug 8387 (if we run into it again), report when we
last called circuit_expire_old_circuits_clientside().  This will let
us know -- if my fix for 8387 doesn't work -- whether my diagnosis
was at least correct.

Suggested by Andrea.
2014-07-16 10:05:00 +02:00
Nick Mathewson
856114ab1c Merge remote-tracking branch 'public/bug8387_024' into maint-0.2.5 2014-07-16 10:01:56 +02:00
cypherpunks
6150741791 Fixed fgets_eagain unit test.
On a non-blocking pipe fgets sets EAGAIN when it encounters partial lines. No
error is set on full lines or EOF. EOF is reached when the writing end of the
pipe is closed. Partial lines and full lines are both returned by fgets, EOF
results in NULL.

Mention of this behaviour can be found in #1903 and #2045.
2014-07-16 09:50:09 +02:00
Nick Mathewson
391861311c Small tweaks to make curve25519-donna32 compile with our warnings 2014-07-15 15:43:40 +02:00
Nick Mathewson
8cc0860592 Update to latest curve25519-donna32 2014-07-15 15:42:20 +02:00
Nick Mathewson
ed3d7892c7 Fix a bug where streams would linger forever when we had no dirinfo
fixes bug 8387; fix on 0.1.1.11-alpha (code), or on 0.2.4.10-alpha (behavior).
2014-07-09 16:15:05 -04:00
George Kadianakis
b74442db94 Change interface of router_descriptor_is_too_old(). 2014-07-09 19:20:41 +03:00
Nick Mathewson
35791f4238 Remove executable bit from control.c, router.c
Fix for 12512.
2014-07-09 08:54:08 -04:00
Matthew Finkel
43bba9541a Only active relays should be given HSDir
We should only assign a relay the HSDir flag if it is currently
considered valid. We can accomplish this by only considering active
relays, and as a consequence of this we also exclude relays that are
currently hibernating. Fixes #12573
2014-07-09 00:48:00 +00:00
George Kadianakis
8bbb217964 Change the interface of entry_is_live() to take a bitmap. 2014-06-25 15:44:36 -04:00
George Kadianakis
46d41e6e9b Basic entry_is_live() unittest. 2014-06-25 15:39:00 -04:00
George Kadianakis
a8fcdbf4a0 Add the entrynodes.c unit tests. 2014-06-24 14:22:52 -04:00
George Kadianakis
4245662b28 Functionify the descriptor age check so that we can NOP it in tests. 2014-06-24 14:19:07 -04:00
Arlo Breault
48d7fceee5 Update a comment and undef an identifier
* Trac #11452
2014-06-23 20:28:34 -04:00
Nick Mathewson
58f4200789 Thread support is now required
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.

This resolves tickets 9495 and 12439.  It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
2014-06-20 10:20:10 -04:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
456184c2a0 Authorities also advertise caches-extra-info
(Whoops, thought I had committed this before)

Improvement to 11683 fix. Based on patch from Karsten.
2014-06-20 09:02:24 -04:00
Nick Mathewson
922be84ca3 Merge remote-tracking branch 'karsten/bug11683' 2014-06-19 10:42:19 -04:00
Nick Mathewson
c6e1080211 Bump version in master to 0.2.6.0-alpha-dev 2014-06-18 15:18:26 -04:00
Nick Mathewson
3487d26de3 Bump version to Tor 0.2.5.5-alpha-dev 2014-06-18 15:01:45 -04:00
Nick Mathewson
9329c3828d bump version to 0.2.5.5-alpha. Not released yet. 2014-06-16 15:32:35 -04:00
Nick Mathewson
dd362b52f3 whitespace fixes 2014-06-16 15:18:02 -04:00
George Kadianakis
727ed5448a Add some test descriptors to src/test/. 2014-06-15 19:03:38 -07:00
George Kadianakis
61629b4f6c Document choose_random_entry_impl() and populate_live_entry_guards(). 2014-06-15 19:03:38 -07:00
George Kadianakis
bf263a9b99 Make a few entrynodes.c functions testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
71da44f159 Make populate_live_entry_guards() more smoothly testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
c7b05a6aef Constify aggressively in populate_live_entry_guards(). 2014-06-15 19:02:59 -07:00
George Kadianakis
a59429f1e4 Fix the functionality of populate_live_entry_guards(). 2014-06-15 19:02:55 -07:00
George Kadianakis
427cc8a452 Move code from choose_random_entry_impl() to the new function.
This commit only _moves_ code.
2014-06-15 18:25:45 -07:00
George Kadianakis
e8c366e9ea Create skeleton for populate_live_entry_guards().
Now we are ready to move code from choose_random_entry_impl() to it.
2014-06-15 18:25:45 -07:00
George Kadianakis
f75c6ce981 choose_random_entry_impl(): Remove useless consider_exit_family.
The variable was useless since it was only toggled off in disabled code.

If the 'exit_family' smartlist is empty, we don't consider exit family
anyway.
2014-06-15 18:25:45 -07:00
George Kadianakis
115b3e7645 Remove a piece of disabled code in choose_random_entry_impl(). 2014-06-15 18:25:45 -07:00
Nick Mathewson
9b10d7a7dd Add ATTR_UNUSED to HT_FIND
The fix for bug 8746 added a hashtable instance that never actually
invoked HT_FIND.  This caused a warning, since we didn't mark HT_FIND
as okay-not-to-use.
2014-06-14 11:46:54 -04:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
a5c092b34b refactor win/nix handling for test_spawn_background*()
Instead of having a #if ... for every function, just define
TEST_CHILD to the right patch and EOL to the expected line terminator.
2014-06-14 11:40:28 -04:00
Nick Mathewson
e3833193af More unit tests for process spawning
Try killing a running process; try noticing that a process has
exited without checking its output; verify that waitpid_cb (when
present) is set to NULL when you would expect it to be.
2014-06-14 11:40:27 -04:00
Nick Mathewson
e2e588175e New testing-only tor_sleep_msec function
In the unit tests I want to loop with a delay, but I want less than
a 1 second delay.  This, sadly, requires compatibility code.
2014-06-14 11:40:27 -04:00
Nick Mathewson
34f8723dc7 On Windows, terminate processes by handle, not pid
When we create a process yourself with CreateProcess, we get a
handle to the process in the PROCESS_INFO output structure.  But
instead of using that handle, we were manually looking up a _new_
handle based on the process ID, which is a poor idea, since the
process ID might refer to a new process later on, but the handle
can't.
2014-06-14 11:40:27 -04:00
Nick Mathewson
f8344c2d28 Use waitpid code to learn when a controlled process dies
This lets us avoid sending SIGTERM to something that has already
died, since we realize it has already died, and is a fix for the
unix version of #8746.
2014-06-14 11:40:27 -04:00
Nick Mathewson
4ed03965a5 New waitpid-handler functions to run callbacks when a child exits.
Also, move 'procmon' into libor_event library, since it uses libevent.
2014-06-14 11:40:27 -04:00
Nick Mathewson
a58d94fb7c Merge branch 'bug12184_diagnostic_squashed' 2014-06-14 11:01:04 -04:00
Nick Mathewson
8f3e3279c1 Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs.  Check for consistency in the count of queued destroy
cells in several ways.  Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
2014-06-14 11:00:44 -04:00
Nick Mathewson
cfca2a6037 Merge branch 'bug12191_squashed' 2014-06-13 08:40:59 -04:00
Nick Mathewson
f9f450d688 Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
2014-06-13 08:39:39 -04:00
Nick Mathewson
bbb1ffe535 sandbox: Permit stat() of DataDir/stats
This is a fix for another case of 12064 that alphawolf just spotted.

There's already an 0.2.5.5 changelog entry for this.
2014-06-13 08:36:43 -04:00
Nick Mathewson
02dafc270c whitespaces fixes 2014-06-11 12:00:14 -04:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
7f3563058d Fix a 32-big conversion warning in 11970 fix 2014-06-11 11:29:44 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
b883b8d1a5 Yield a real error in the bug case of sandbox_getaddrinfo() 2014-06-11 11:00:56 -04:00
Nick Mathewson
e8dd34f165 Merge remote-tracking branch 'public/not_bug8093' 2014-06-11 09:24:16 -04:00
Nick Mathewson
a5036d20ce Merge remote-tracking branch 'public/more_bug8387_diagnosis' 2014-06-11 09:22:46 -04:00
Nick Mathewson
af53e4bd1c Move circuit-id-in-use check for CREATE cells to before all other checks
This means that we never send a DESTROY cell in response to an attempt
to CREATE an existing circuit.  Fixes bug 12191.
2014-06-10 22:41:13 -04:00
Nick Mathewson
173a1afc58 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-06-10 21:09:27 -04:00
Nick Mathewson
3bc28c4c04 Merge remote-tracking branch 'karsten/geoip6-jun2014' into maint-0.2.4 2014-06-10 21:08:12 -04:00
Nick Mathewson
ab774a8500 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-06-10 21:07:57 -04:00
Karsten Loesing
555c43cd03 Update geoip to the June 4 2014 database. 2014-06-10 21:33:52 +02:00
Karsten Loesing
40579cb6a5 Update geoip6 to the June 4 2014 database. 2014-06-10 21:32:24 +02:00
Nick Mathewson
562299d57b Improved diagnostic log for bug 8387.
When we find a stranded one-hop circuit, log whether it is dirty,
log information about any streams on it, and log information about
connections they might be linked to.
2014-06-10 12:04:06 -04:00
Nick Mathewson
55c7a559df Merge remote-tracking branch 'public/bug12227_024' 2014-06-10 11:17:39 -04:00
Nick Mathewson
cca6198c77 Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-06-10 11:11:47 -04:00
Nick Mathewson
307aa7eb43 Spell getrlimit correctly.
Fixes bug in b0c1c700114aa8d4dfc180d85870c5bbe15fcacb; bug
12229. Bugfix not in any released Tor.  Patch from "alphawolf".
2014-06-08 22:33:38 -04:00
Nick Mathewson
95d47a7481 Merge remote-tracking branch 'public/bug12169_relay_check' 2014-06-04 15:30:43 -04:00
Nick Mathewson
0073c5b517 Merge remote-tracking branch 'andrea/bug10616' 2014-06-04 15:12:45 -04:00
Nick Mathewson
b16321425f Bulletproof our 11246 fix a little, based on recommendation from andrea. 2014-06-04 12:27:42 -04:00
Nick Mathewson
e74c360156 Merge remote-tracking branch 'public/bug12195' 2014-06-04 12:16:03 -04:00
Nick Mathewson
84ed086d48 Fix ancient code that only checked circ_id, not circ_id and chan
This code mis-handled the case where a circuit got the same circuit
ID in both directions.  I found three instances of it in the
codebase, by grepping for [pn]_circ_id.

Because of the issue in command_process_relay_cell(), this would
have made roughly one circuit in a million completely nonfunctional.

Fixes bug 12195.
2014-06-03 18:19:08 -04:00
Andrea Shepard
2de0281879 Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply() 2014-06-03 14:37:49 -07:00
Nick Mathewson
dd0745d066 Don't try to fetch bridge descriptors when DisableNetwork is set
Patch from Roger; changes file by me.

Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
2014-06-02 02:17:28 -04:00
Nick Mathewson
723894f114 Merge remote-tracking branch 'public/bug12170_024_v2' 2014-06-02 00:47:51 -04:00
Nick Mathewson
ad8977e394 Avoid needless router_dir_info_has_changed from router_set_status
On some profiles of Andrea's from #11332, I found that a great deal
of time can still be attributed to functions called from
update_router_have_minimum_dir_info().  This is making our
digestmap, tor_memeq, and siphash functions take a much bigger
portion of runtime than they really should.

If we're calling update_router_have_minimum_dir_info() too often,
that's because we're calling router_dir_info_changed() too often.
And it looks like most of the callers of router_dir_info_changed()
are coming as tail-calls from router_set_status() as invoked by
channel_do_open_actions().

But we don't need to call router_dir_info_changed() so much!  (I'm
not quite sure we need to call it from here at all, but...) Surely
we don't need to call it from router_set_status when the router's
status has not actually changed.

This patch makes us call router_dir_info_changed() from
router_set_status only when we are changing the router's status.

Fix for bug 12170.  This is leftover from our fix back in 273ee3e81
in 0.1.2.1-alpha, where we started caching the value of
update_router_have_minimum_dir_info().
2014-06-02 00:45:15 -04:00
Nick Mathewson
d9564d5285 Use uint32 !=, not tor_memneq, for relay cell integrity checking
tor_memeq has started to show up on profiles, and this is one of the
most frequent callers of that function, appearing as it does on every
cell handled for entry or exit.

59f9097d5c introduced tor_memneq here;
it went into Tor 0.2.1.31.  Fixes part of 12169.
2014-06-01 14:05:10 -04:00
Nick Mathewson
a6688f9cbb sandbox: allow enough setsockopt to make ConstrainedSockets work
fixes bug 12139; bugfix on 0.2.5.1-alpha
2014-05-29 11:04:32 -04:00
Nick Mathewson
a056ffabbb sandbox: permit listen(2)
Fix for 12115; bugfix on 0.2.5.1-alpha
2014-05-27 19:28:12 -04:00
Nick Mathewson
14842de9a7 sandbox: Allow DirPortFrontPage unconditionally if it's set
fixes 12114; bug not in any release.

Improves fix for 12028
2014-05-27 19:21:11 -04:00
Nick Mathewson
f0945ac270 Log the errno value if seccomp_load() fails.
(This is how I found out I was trying to test with a kernel too old
for seccomp. I think.)
2014-05-27 17:34:52 -04:00
Nick Mathewson
b0c1c70011 Make sandbox.c compile on arm
This is a minimal set of changes for compilation; I need a more
recent kernel to test this stuff.
2014-05-27 17:34:52 -04:00
Nick Mathewson
824bebd409 sandbox: Correct fix for hs part of 12064
Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
2014-05-23 11:46:44 -04:00
Nick Mathewson
5de91d118d Merge branch 'bug11965_v2' 2014-05-23 11:23:00 -04:00
Nick Mathewson
802c063148 Postpone fetches based on should_delay_dir_fetch(), not DisableNetwork
Without this fix, when running with bridges, we would try fetching
directory info far too early, and have up to a 60 second delay if we
started with bridge descriptors available.

Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
2014-05-23 11:22:35 -04:00
Nick Mathewson
cfd0ee514c sandbox: allow reading of hidden service configuration files.
fixes part of 12064
2014-05-22 20:39:10 -04:00
Nick Mathewson
85f49abfbe sandbox: refactor string-based option-unchanged tests to use a macro
There was too much code duplication in doing it the old way, and I
nearly made a copy-and-paste error in the last commit.
2014-05-22 20:00:22 -04:00
Nick Mathewson
ffc1fde01f sandbox: allow access to cookie files, approved-routers
fixes part of 12064
2014-05-22 19:56:56 -04:00
Michael Wolf
387f294d40 sandbox: allow access to various stats/*-stats files
Fix for 12064 part 1
2014-05-22 19:48:24 -04:00
Nick Mathewson
e425fc7804 sandbox: revamp sandbox_getaddrinfo cacheing
The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.
2014-05-22 17:39:36 -04:00
Nick Mathewson
1a73e17801 Merge remote-tracking branch 'andrea/bug11476' 2014-05-22 16:27:29 -04:00
Andrea Shepard
170e0df741 Eliminate #ifdef ENABLE_MEMPOOLS in packed_cell_new/free() 2014-05-21 10:53:25 -07:00
Yawning Angel
60ac9f1c90 Improve the log message when a transport doesn't support proxies.
Per feedback, explicltly note that the transport will be killed when it
does not acknowledge the configured outgoing proxy.
2014-05-21 08:14:39 +00:00
Yawning Angel
1210bdf146 Log the correct proxy type on failure.
get_proxy_addrport fills in proxy_type with the correct value, so there
is no point in logging something that's a "best guess" based off the
config.
2014-05-21 08:14:39 +00:00
Yawning Angel
cd56b1a86e Remove get_bridge_pt_addrport().
The code was not disambiguating ClientTransportPlugin configured and
not used, and ClientTransportPlugin configured, but in a failed state.

The right thing to do is to undo moving the get_transport_by_addrport()
call back into get_proxy_addrport(), and remove and explicit check for
using a Bridge since by the time the check is made, if a Bridge is
being used, it is PT/proxy-less.
2014-05-21 08:14:39 +00:00
Yawning Angel
7a18ac7454 Fixed the test build with --enable-gcc-warnings 2014-05-21 08:14:38 +00:00
Yawning Angel
41d2b4d3af Allow ClientTransportPlugins to use proxies
This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
ClientTransportPlugins via the TOR_PT_PROXY extension to the
pluggable transport specification.

This fixes bug #8402.
2014-05-21 08:14:38 +00:00
Nick Mathewson
fef65fa643 sandbox: permit gettid, sched_getaffinity
These are needed under some circumstances if we are running with
expensive-hardening and sandbox at the same time.

fixes 11477, bugfix on 0.2.5.4-alpha (where we introduced
expensive-hardening)
2014-05-20 15:49:01 -04:00
Nick Mathewson
2609b939d6 fix a wide line 2014-05-20 15:22:27 -04:00
Nick Mathewson
c21377e7bc sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20 15:21:48 -04:00
Nick Mathewson
268a117cdf sandbox: tolerate reloading with DirPortFrontPage set
Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.
2014-05-20 14:58:28 -04:00
Nick Mathewson
465982012c sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.

The longer-term solution is to have an exec() helper, but wow is
that risky.

fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
f87071f49e sandbox: Permit access to stats/dirreq-stats
This prevents a crash when rotating logs with dirreq-stats enabled

fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20 12:06:08 -04:00
Nick Mathewson
0b2b5b7606 Oops; permit rename with the correct filename 2014-05-20 12:03:27 -04:00
Nick Mathewson
ace9063fb4 Fix a sentence that I never 2014-05-20 11:58:18 -04:00
Nick Mathewson
f6d3006363 Sandbox: allow access to stats/bridge-stats
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-20 11:57:29 -04:00
Roger Dingledine
767b18ea8e note a comment that nickm didn't finish 2014-05-17 00:02:41 -04:00
Nick Mathewson
8d9602c21c Bump maint-0.2.4 version to 0.2.4.22-dev
(See discussion on #9553)
2014-05-16 09:16:54 -04:00
Nick Mathewson
2d21a8f4d6 Merge remote-tracking branch 'public/bug11469_024' 2014-05-15 13:35:08 -04:00
Nick Mathewson
081ff5fa83 whitespace fix, more 2014-05-14 22:55:02 -04:00
Nick Mathewson
a6eea86a2c Merge branch 'bug11946' 2014-05-14 22:51:51 -04:00
Nick Mathewson
a88923e455 whitespace fix 2014-05-14 22:50:25 -04:00
Nick Mathewson
f694a443fc Improved comments on bug11946 fix 2014-05-14 22:49:38 -04:00
Nick Mathewson
1badef5cec Use DirPort for uploading descriptors.
When we converted the horrible set of options that previously
controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to
a single 'indirection' argument, we missed
directory_post_to_dirservers.

The problematic code was introduced in 5cbeb6080, which went into
0.2.4.3-alpha.  This is a fix for bug 11469.
2014-05-14 21:49:57 -04:00
Nick Mathewson
79c875ecdc Would-be fix for bug 7733: learn bridge ID from descriptor
If somebody has configured a client to use a bridge without setting
an identity digest (not recommended), learn the identity digest from
whatever bridge descriptor we have downloaded or have in our cache.
2014-05-14 14:34:01 -04:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
e12af2adb0 Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
2014-05-14 13:50:43 -04:00
Andrea Shepard
39d4e67be8 Add --disable-mempools configure option 2014-05-12 18:23:34 -07:00
Nick Mathewson
585582fc8c Merge branch 'bug9781_v2' 2014-05-12 13:35:22 -04:00
Nick Mathewson
b5e142cb1b Log an error reply from tor-fw-helper correctly.
Fix for bug 9781; bugfix on cd05f35d2c in 0.2.4.2-alpha.
2014-05-12 13:35:01 -04:00
Gisle Vanem
c7ab8587c9 Fix compilation of test_status.c with MSVC 2014-05-12 00:34:23 -04:00
Nick Mathewson
6267d4f97a fix whitespace 2014-05-11 23:40:48 -04:00
dana koch
d6e6c63baf Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
de2010e9c2 One more 64->32 2014-05-08 14:10:30 -04:00
Nick Mathewson
28538069b2 Fix numerous 64->32 errors in the unit tests
Before the 11825 fix, these were all silently ignored.
2014-05-08 14:01:17 -04:00
Nick Mathewson
df68478938 Fix unearthed problems in unit tests 2014-05-08 13:16:08 -04:00
Nick Mathewson
5bb6172367 Fix numerous type errors in the unit tests
Remove tinytest casts that were suppressing them.

Fix for #11825.
2014-05-08 13:08:13 -04:00
Nick Mathewson
1f11be2170 Fix test_util_max_mem on 32-bit CPUs 2014-05-08 12:48:41 -04:00
Nick Mathewson
891d239e01 More unit tests for #11648-related stuff
These are actually tests for #311.  It appears to me that we didn't
fix #311 properly when we thought we did in 475eb5d6; instead, the
real fix was 05eff35ac6, a few minutes earlier.
2014-05-08 12:41:01 -04:00
Nick Mathewson
4eb3018f94 Move structures into (private) part of buffers.h so we can inspect them while testing 2014-05-08 12:40:40 -04:00
Nick Mathewson
5b861ae53f Merge remote-tracking branch 'public/bug11648' 2014-05-08 12:01:23 -04:00
Nick Mathewson
a32d7e1910 Return success when get_total_system_memory() succeeds.
Fixes bug 11805; bugfix on 0.2.5.4-alpha.
2014-05-08 00:32:22 -04:00
Nick Mathewson
411c622906 Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4 2014-05-07 23:11:32 -04:00
Nick Mathewson
0ad8133a7e Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4 2014-05-07 23:04:59 -04:00
Nick Mathewson
882893c8c3 Merge remote-tracking branch 'public/bug11513_024' into maint-0.2.4 2014-05-07 23:04:48 -04:00
Nick Mathewson
894c8b2266 Merge remote-tracking branch 'public/update_ciphers_ff28' into maint-0.2.4 2014-05-07 23:04:22 -04:00
Nick Mathewson
683b80bf81 Merge remote-tracking branch 'public/bug11737_diagnostic' 2014-05-07 22:52:44 -04:00
Nick Mathewson
0de2625675 Merge remote-tracking branch 'public/bug8387_diagnostic' 2014-05-07 22:15:24 -04:00
Nick Mathewson
48b9c6fcc6 Better log message for 8387 diagnostic 2014-05-07 22:13:29 -04:00
Nick Mathewson
8ecfcf712c Synchronize less frequently when compressing descriptors
This may improve our compression ratios.

fix for 11787
2014-05-07 10:27:52 -04:00
Nick Mathewson
6d39c8d156 Always finalize a zlib stream of server descriptors.
Possible fix for bug 11648.
2014-05-07 10:23:08 -04:00
Nick Mathewson
8a2e66b623 Fix test_pick_circid on 32-bit platforms 2014-05-07 03:27:49 -04:00
Nick Mathewson
499e77663e Basic tests for get_unique_circ_id_by_chan. 2014-05-07 02:57:50 -04:00
Nick Mathewson
e198faa633 Quick-and-dirty test for packed_cell_is_destroy 2014-05-07 02:05:35 -04:00
Nick Mathewson
de3bbc4f53 Move code-generation scripts to scripts/codegen
Now that we have a scripts/* directory, let's put the scripts we use
for generating C there.
2014-05-07 01:17:41 -04:00
Nick Mathewson
a1cdc619bb Mention siphash in src/ext/README 2014-05-07 01:03:14 -04:00
Nick Mathewson
1adc98b9b5 Split portfw-error-logging code into a new function.
No code has changed; only moved. Part of a fix for 9781.
2014-05-06 21:22:40 -04:00
Nick Mathewson
ba5069b310 Remove a spurious variable. 2014-05-06 20:46:26 -04:00
Nick Mathewson
4a740451ac Merge remote-tracking branch 'public/bug11750' 2014-05-06 20:44:41 -04:00
Nick Mathewson
5cea500ce7 Merge branch 'bug11743_option_b' 2014-05-06 20:40:40 -04:00
Nick Mathewson
52416f8cfb Unit test for dirvote_create_microdescriptor 2014-05-06 20:36:19 -04:00
Nick Mathewson
ed0e2ecaa7 Unit test for write_to_buf_zlib 2014-05-06 19:29:56 -04:00
Nick Mathewson
2fa601c797 Future-proof "id" lines against proposal 220. 2014-05-06 17:10:59 -04:00
Nick Mathewson
f077bb55ab fix a copy-paste comment mistake 2014-05-06 17:09:16 -04:00
Nick Mathewson
c7549cb4cd Merge remote-tracking branch 'karsten/bug11742' 2014-05-06 13:54:37 -04:00
Nick Mathewson
a06044a485 Check HT_REP_IS_BAD_() when giving a bug-7164 warning.
This may let us know if we're hitting 7164 because of an
hte_hash-corruption situation proposed by "cypherpunks" in bug
11737.
2014-05-06 13:03:24 -04:00
Nick Mathewson
e9c1c3ff7f Add a siphash benchmark. 2014-05-06 12:55:39 -04:00
Nick Mathewson
0ad607d604 Faster chan_circid_entry_hash implementation
Since this is critical-path, let's tune the value we pass to
csiphash a little so it fits into one whole round.
2014-05-06 12:27:18 -04:00
Nick Mathewson
78301d99fe Fix compilation with DEBUG_DNS_CACHE
Reported by cypherpunks.

Fix for #11761; bugfix on 0.2.3.13-alpha where we made ht.h stop using
_identifiers.
2014-05-06 10:18:34 -04:00
Nick Mathewson
8127f4db30 Use siphash on channel/circuit-id map too
Fixes ticket 11750.
2014-05-05 12:13:58 -04:00
Nick Mathewson
4a621a50f5 Consensus method 18: Add a base64 ID digest to the microdesc
This is a stopgap measure to make sure that microdescriptors never
collide; see bug 11743.
2014-05-05 11:31:24 -04:00
Nick Mathewson
5d496963b4 Don't start sandbox except for CMD_RUN_TOR
This was crashing on --verify-config in the debian startup script, if you
had sandboxing enabled.  Fixes 11609; fix on 0.2.5.1-alpha.
2014-05-05 10:29:35 -04:00
Karsten Loesing
5e9bd1b5db Believe that v3 dirauths always serve extra infos.
Clients should always believe that v3 directory authorities serve
extra-info documents, regardless of whether their server descriptor
contains a "caches-extra-info" line or not.

Fixes part of #11683.
2014-05-05 15:31:52 +02:00
Karsten Loesing
1289474dbd Remove /tor/dbg-stability.txt URL.
The /tor/dbg-stability.txt URL was meant to help debug WFU and MTBF
calculations, but nobody was using it.

Fixes #11742.
2014-05-05 11:21:35 +02:00
Nick Mathewson
29b7397ebe Fix test_config_write_to_data_subdir
Bugfix on aa0eb2022342798fc78b2bde89d393f37c59fe78; bugfix not on any
released Tor.
2014-05-01 13:27:20 -04:00
Nick Mathewson
df03e9b737 have only one code path for #9635 logging 2014-05-01 12:40:33 -04:00
Nick Mathewson
7ad0cd209c Merge remote-tracking branch 'public/bug9635' 2014-05-01 12:39:39 -04:00
Nick Mathewson
c472ac4fb8 Merge remote-tracking branch 'public/bug11233_diagnose' 2014-05-01 12:37:16 -04:00
Nick Mathewson
a2b59dba71 Merge branch 'bug11654_squashed' 2014-05-01 12:34:59 -04:00
George Kadianakis
a787575b7f Fix a misuse of strlcpy() introduced by the #11156 patch. 2014-05-01 12:34:50 -04:00
Nick Mathewson
0e20825bf2 whitespace fix 2014-05-01 12:31:38 -04:00
Nick Mathewson
b51ce90777 Merge remote-tracking branch 'public/valgrind_tests' 2014-05-01 12:29:31 -04:00
Nick Mathewson
b6c8a14bf3 Merge remote-tracking branch 'public/bug4345a_024' 2014-05-01 12:13:07 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
14bc6e8993 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/microdesc.c
2014-05-01 11:44:25 -04:00
Nick Mathewson
6a4f5d9b4d Downgrade bug 7164 warning to INFO
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
2014-05-01 11:42:02 -04:00
Nick Mathewson
630b4af260 Merge remote-tracking branch 'andrea/bug11476' 2014-05-01 11:30:55 -04:00
Nick Mathewson
9511522bd4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-30 20:26:55 -04:00
Nick Mathewson
efab3484e6 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-30 20:25:15 -04:00
Nick Mathewson
8828794dc2 Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3 2014-04-30 20:23:22 -04:00
Nick Mathewson
35699ef9f5 Drop the MaxMemInCellQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.

This is a backport of 647248729f to 0.2.4.

Note that in 0.2.4, the option is called MaxMemInCellQueues.
2014-04-29 20:48:22 -04:00
Nick Mathewson
545e2119f2 Merge remote-tracking branch 'public/bug11605_024' 2014-04-29 14:33:39 -04:00
Nick Mathewson
b0e078d5af Log info on ancient one-hop circuits in heartbeat
This is an attempt to diagnose 8387.
2014-04-29 14:02:12 -04:00
dana koch
88679aa53f Quench gcc's complaints about discarding constness in TO_ORIGIN_CIRCUIT.
This was previously satisfied by using a temporary variable, but there
are three other instances in circuitlist.c that gcc is now bothered by,
so now introduce a CONST_TO_ORIGIN_CIRCUIT that takes a const
circuit_t instead.
2014-04-29 13:18:12 -04:00
Nick Mathewson
0514bcd37c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-29 13:03:27 -04:00
Nick Mathewson
1d3ffc0ec9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-29 13:02:18 -04:00
Nick Mathewson
65575b0755 Stop leaking memory in error cases of md parsing
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-29 13:00:00 -04:00
Nick Mathewson
aa0eb20223 Fix leaks in tests related to setting options->DataDirectory
We pre-populate that value in main(), and we weren't freeing it
before overriding it.
2014-04-29 12:48:02 -04:00
Nick Mathewson
ee9ed9d817 Fix memory leaks in test_status.c 2014-04-29 12:48:02 -04:00
Nick Mathewson
212e982d9b Fix leaks in dir voting tests 2014-04-29 12:48:02 -04:00
Andrea Shepard
91ff10f6be Make --disable-buf-freelists build and pass unit tests 2014-04-29 02:18:34 -07:00
Nick Mathewson
cdc64f020c Merge remote-tracking branch 'public/bug11608' 2014-04-28 15:52:57 -04:00
Nick Mathewson
1b7e297985 Fix capitalization of MaxMemInQueues
This won't affect anybody's configuration, but it makes it match what
we documented. Fixes part of 11634.
2014-04-28 12:25:52 -04:00
Nick Mathewson
4b519de5f9 Actually put ExtORPortCookieAuthFile into config.c
Fixes bug 11635; bugfix on 0.2.5.1-alpha.
2014-04-28 12:23:18 -04:00
Nick Mathewson
f4be34f70d Make the python test scripts work on python3
The python scripts invoked by 'make check' didn't work on python3
before.  That was a problem on systems where 'python' is python3.

Fixes bug 11608; bugfix on 0.2.5.2-alpha.
2014-04-27 22:54:24 -04:00
Nick Mathewson
504e2000ed Fix leaks in test_oom.c 2014-04-26 12:17:10 -04:00
Nick Mathewson
97664cfd2a Fix leaks in test_dir_formats 2014-04-26 12:16:12 -04:00
Nick Mathewson
b60782b6d6 Fix numerous leaks in test_pt.c
I didn't find a managed_proxy_free() function any place; shouldn't
there be one?
2014-04-26 11:28:39 -04:00
Nick Mathewson
b11ab0d91d test_cntev_append_cell_stats now no longer leaks 2014-04-26 00:40:22 -04:00
Nick Mathewson
b4b07c17e3 Fix leaks in test_exit_policy_dump_to_string 2014-04-26 00:36:09 -04:00
Nick Mathewson
558becad8c Memory leaks in test_config_addressmap 2014-04-26 00:27:21 -04:00
Nick Mathewson
ffffd860c9 Fix a leak in test_buffer_allocation_tracking 2014-04-26 00:18:15 -04:00
Nick Mathewson
1117889f4a Fix memory leak in unittest helper function. 2014-04-26 00:13:49 -04:00
Nick Mathewson
9fbb5a44b8 Fix memory leak in test_util_asprintf 2014-04-26 00:13:27 -04:00
Nick Mathewson
dc0fcbd812 Fix memory leaks in test_cntev_append_cell_stats 2014-04-26 00:12:39 -04:00
Nick Mathewson
3fa296ce28 fix uninitialized memory reads from test_geoip_with_pt. Found with valgrind 2014-04-26 00:12:16 -04:00
Nick Mathewson
fa202c4127 Fix memory leak in test_geoip 2014-04-26 00:11:46 -04:00
Nick Mathewson
1cf02605d4 Fix memory leak in test_onion_queues 2014-04-26 00:11:17 -04:00
Nick Mathewson
c7951731ed Fix memory leaks in test_circuit_timeout
Found with valgrind.
2014-04-26 00:10:04 -04:00
Nick Mathewson
3a3ed2abb2 Bump version to 0.2.5.4-alpha-dev 2014-04-25 23:38:12 -04:00
Nick Mathewson
9735ca6e30 resolve a typo: sanboxing->sandboxing. 2014-04-25 21:08:01 -04:00
Nick Mathewson
f8248abbd6 Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HS
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-25 14:24:41 -04:00
Nick Mathewson
f0a57bd363 Make compilation of tor_memdup_nulterm() with dmalloc
Fixes bug 11605; bugfix on 0.2.4.10-alpha.
2014-04-25 13:52:07 -04:00
Nick Mathewson
b54669bc00 Bump version to 0.2.5.4-alpha.
Probably releasing within ~22 hours, pending testing
2014-04-25 02:07:53 -04:00
Nick Mathewson
167536a112 fix memory leak in dump_exit_policy_to_string tests 2014-04-25 01:59:20 -04:00
Nick Mathewson
d3c05a79f0 Merge branch 'scanbuild_fixes' 2014-04-25 01:24:39 -04:00
Nick Mathewson
95e617c828 whitespace fix 2014-04-24 12:34:23 -04:00
Nick Mathewson
5a9ac0df99 Merge remote-tracking branch 'public/bug11553_025' 2014-04-24 10:48:32 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
e3af72647d Expose the real maxmeminqueues via a GETINFO
That is, GETINFO limits/max-mem-in-queues
2014-04-24 10:26:14 -04:00
Nick Mathewson
17ecd04fde Change the logic for the default for MaxMemInQueues
If we can't detect the physical memory, the new default is 8 GB on
64-bit architectures, and 1 GB on 32-bit architectures.

If we *can* detect the physical memory, the new default is
  CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT)
where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit
architectures.

You can still override the default by hand.  The logic here is simply
trying to choose a lower default value on systems with less than 12 GB
of physical RAM.
2014-04-24 10:26:14 -04:00
Nick Mathewson
aca05fc5c0 get_total_system_memory(): see how much RAM we have 2014-04-24 10:26:14 -04:00
Nick Mathewson
17ad309d33 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/circuitbuild.c
2014-04-23 12:44:18 -04:00
Nick Mathewson
a770b74501 Improvements to #11553 fix based on review
Use a per-channel ratelim_t to control the rate at which we report
failures for each channel.

Explain why I picked N=32.

Never return a zero circID.

Thanks to Andrea and to cypherpunks.
2014-04-23 12:39:01 -04:00
Nick Mathewson
7a8cac14d5 Merge remote-tracking branch 'public/bug10268' 2014-04-23 11:11:08 -04:00
Nick Mathewson
66833311eb Merge remote-tracking branch 'public/bug11200' 2014-04-23 11:07:52 -04:00
Nick Mathewson
830492fbda Merge branch 'bug11156_issue2_squashed' 2014-04-23 11:05:54 -04:00
George Kadianakis
29c28d312c Slightly improve the documentation of src/or/transports.c
Make it clear that a SIGHUP is not the only action that can cause a
config re-read.
2014-04-23 11:05:45 -04:00
George Kadianakis
fa0c5da68b Rename the got_hup element of managed proxies.
Since we need to toggle that element in non-SIGHUP situations too where
the config was re-read (like in SETCONF or RESETCONF).
2014-04-23 11:05:45 -04:00
George Kadianakis
bf7cb6acf6 Don't halt bootstrap to figure out if we should restart PT proxies.
Instead, figure out if we should restart PT proxies _immediately_ after
we re-read the config file.
2014-04-23 11:05:45 -04:00
Nick Mathewson
9e44df2c98 Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4 2014-04-23 11:01:39 -04:00
Nick Mathewson
7b4b137dc9 Merge remote-tracking branch 'public/bug9229_025'
Conflicts:
	src/or/entrynodes.c
2014-04-23 11:00:49 -04:00
Nick Mathewson
3b1f7f75a7 scan-build: memarea_strndup() undefined behavior
The memarea_strndup() function would have hit undefined behavior by
creating an 'end' pointer off the end of a string if it had ever been
given an 'n' argument bigger than the length of the memory ares that
it's scanning.  Fortunately, we never did that except in the unit
tests.  But it's not a safe behavior to leave lying around.
2014-04-19 13:16:56 -04:00
Nick Mathewson
685d450ab3 scan-build: avoid undef behaior in tor_inet_pton
If we had an address of the form "1.2.3.4" and we tried to pass it to
tor_inet_pton with AF_INET6, it was possible for our 'eow' pointer to
briefly move backwards to the point before the start of the string,
before we moved it right back to the start of the string.  C doesn't
allow that, and though we haven't yet hit a compiler that decided to
nuke us in response, it's best to fix.

So, be more explicit about requiring there to be a : before any IPv4
address part of the IPv6 address.  We would have rejected addresses
without a : for not being IPv6 later on anyway.
2014-04-19 13:14:33 -04:00
Nick Mathewson
78f555a248 scan-build: sizeof(ptr*) in a debugging log in ext_orport.c
Instead of taking the length of a buffer, we were taking the length of
a pointer, so that our debugging log would cover only the first
sizeof(void*) bytes of the client nonce.
2014-04-19 12:53:57 -04:00
Nick Mathewson
1800e79ca5 scan-build: Fix harmless sizeof(ptr) in test_oom.c
We meant to using random bytes to fill a buffer, up to 3000 at a
time. Instead we were taking them sizeof(void*) at a time.
2014-04-19 12:52:00 -04:00
Nick Mathewson
5670e38efb scan-build: close stdio FILEs on error in tor-gencert
This is harmless, since tor-gencert exits right afterwards, but it's
best to clean up after ourselves.
2014-04-19 12:47:58 -04:00
Nick Mathewson
9c9e07963d scan-build: truncate tinytest hexified outputs to 1024 bytes.
scan-build didn't like the unlimited version since we might need to
overflow size_t to hexify a string that took up half our address
space. (!)
2014-04-19 12:47:51 -04:00
Nick Mathewson
4d51dcda2f scan-build: limit hashtable size so it always fits in SSIZE_MAX
scan-build recognizes that in theory there could be a numeric overflow
here.

This can't numeric overflow can't trigger IRL, since in order to fill a
hash table with more than P=402653189 buckets with a reasonable load
factor of 0.5, we'd first have P/2 malloced objects to put in it--- and
each of those would have to take take at least sizeof(void*) worth of
malloc overhead plus sizeof(void*) content, which would run you out of
address space anyway on a 32-bit system.
2014-04-19 12:39:14 -04:00
Nick Mathewson
d4ad254917 scan-build: bulletproof last-chance errormsg generation in rendservice.c
If 'intro' is NULL in these functions, I'm pretty sure that the
error message must be set before we hit the end.  But scan-build
doesn't notice that, and is worried that we'll do a null-pointer
dereference in the last-chance errormsg generation.
2014-04-18 21:24:16 -04:00
Nick Mathewson
1b3bddd013 scan-build: Have clear_pending_onions walk the lists more obviously
As it stands, it relies on the fact that onion_queue_entry_remove
will magically remove each onionskin from the right list.  This
patch changes the logic to be more resilient to possible bugs in
onion_queue_entry_remove, and less confusing to static analysis tools.
2014-04-18 21:17:40 -04:00
Nick Mathewson
78bc814c04 scan-build: in cpuworker, initialize tv_start
scan-build doesn't realize that a request can't be timed at the end
unless it's timed at the start, and so it's not possible for us to
be subtracting start from end without start being set.
Nevertheless, let's not confuse it.
2014-04-18 21:12:45 -04:00
Nick Mathewson
895b6789e8 scan-build: get_proxy_addrport should always set its outputs
When get_proxy_addrport returned PROXY_NONE, it would leave
addr/port unset. This is inconsistent, and could (if we used the
function in a stupid way) lead to undefined behavior. Bugfix on
5b050a9b0, though I don't think it affects tor-as-it-is.
2014-04-18 20:41:40 -04:00
Nick Mathewson
7cd9520ba9 scan-build: when logging a path length, check build_state.
Throughout circuituse, when we log about a circuit, we log its
desired path length from build_state. scan-build is irrationally
concerned that build_state might be NULL.
2014-04-18 20:40:34 -04:00
Nick Mathewson
7106492571 scan-build: Be consistent with a needless check in circuitmux.c
In circuitmux_detach_all_circuits, we check whether an HT iterator
gives us NULL.  That should be impossible for an HT iterator.  But
our checking it has confused scan-build (justly) into thinking that
our later use of HT_NEXT_RMV might not be kosher.  I'm taking the
coward's route here and strengthening the check.  Bugfix on
fd31dd44. (Not a real bug though)
2014-04-18 20:35:59 -04:00
Nick Mathewson
69ea4450ca scan-build: fix a crash-on-fail possibility in test_policy.c 2014-04-18 20:33:21 -04:00
Nick Mathewson
0fd0f5f7a9 scan-build: Avoid crashing on BUG in circuit_get_by_rend_token_and_purpose
If we fail in circuit_get_by_rend_token_and_purpose because the
circuit has no rend_info, don't try to reference fiends from its
rend_info when logging an error.  Bugfix on 8b9a2cb68, which is
going into Tor 0.2.5.4-alpha.
2014-04-18 20:31:42 -04:00
Nick Mathewson
d1be2f5cf8 scan-build: circuit_cpath_support_ntor had a dead initialization
We were initializing cpath twice, which doesn't make sense.
2014-04-18 20:29:51 -04:00
Nick Mathewson
41a8930fa1 scan-build: check impossible null-pointer case in buffers.c
When maintaining buffer freelists, we don't skip more than there
are, so (*chp) can't be null to begin with.  scan-build has no way
to know that.
2014-04-18 20:28:46 -04:00
Nick Mathewson
08325b58be scan-build: Add a check for result from getaddrinfo
As documented, getaddrinfo always sets its result when it returns
no error.  But scan-build doesn't know that, and thinks we might
be def
2014-04-18 20:26:47 -04:00
Nick Mathewson
0cca8dc35a Merge remote-tracking branch 'public/bug9963_v2_024' 2014-04-18 15:25:36 -04:00
Nick Mathewson
b8fe8ee748 Improved message when running sandbox on Linux without libseccomp
Previously we said "Sandbox is not implemented on this platform" on
Linux boxes without libseccomp.  Now we say that you need to build
Tor built with libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
2014-04-18 14:54:27 -04:00
Nick Mathewson
fd9961d220 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025 2014-04-18 13:23:44 -04:00
Nick Mathewson
985deaaaf7 Add a rate-limiter for the other circuitID exhaustion warning 2014-04-18 13:22:42 -04:00
Nick Mathewson
47a0c10728 Diagnostic warning to see if it's pending destroys causing 11553 2014-04-18 13:04:37 -04:00
Nick Mathewson
bd169aa9a5 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/channel.h
2014-04-18 13:00:45 -04:00
Nick Mathewson
0d75344b0e Switch to random allocation on circuitIDs.
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID.  Previously, we would test every possible
circuit ID until we found one or ran out.

This algorithm succeeds probabilistically. As the comment says:

  This potentially causes us to give up early if our circuit ID
  space is nearly full.  If we have N circuit IDs in use, then we
  will reject a new circuit with probability (N / max_range) ^
  MAX_CIRCID_ATTEMPTS.  This means that in practice, a few percent
  of our circuit ID capacity will go unused.

  The alternative here, though, is to do a linear search over the
  whole circuit ID space every time we extend a circuit, which is
  not so great either.

This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
2014-04-18 12:58:58 -04:00
Nick Mathewson
bb9b4c37f8 Supply better and less frequent warnings on circID exhaustion
Fixes the surface behavior of #11553
2014-04-18 12:31:06 -04:00
Nick Mathewson
eb896d5e6f Merge remote-tracking branch 'public/ticket11528_024' 2014-04-17 12:17:14 -04:00
Nick Mathewson
9c3f7a6d35 Remove spurious libevent include in sandbox.c 2014-04-17 12:13:35 -04:00
Nick Mathewson
0b319de60f Elevate server TLS cipher preferences over client
The server cipher list is (thanks to #11513) chosen systematically to
put the best choices for Tor first.  The client cipher list is chosen
to resemble a browser.  So let's set SSL_OP_CIPHER_SERVER_PREFERENCE
to have the servers pick according to their own preference order.
2014-04-17 10:33:04 -04:00
Nick Mathewson
0175fcaf7c Fix uninitialized-ram free in unit tests
Fix on fb595922; bug not in any released Tor. Found with
--enable-expensive-hardening.
2014-04-17 01:03:10 -04:00
Nick Mathewson
4367cbd71b Merge remote-tracking branch 'public/sandbox_fixes_rebased_2' 2014-04-16 23:45:55 -04:00
Nick Mathewson
c856193199 Merge remote-tracking branch 'andrea/bug11304' 2014-04-16 23:13:30 -04:00
Nick Mathewson
74ddd5f739 Merge remote-tracking branch 'andrea/bug11306' 2014-04-16 23:13:27 -04:00
Nick Mathewson
973661394a Merge branch '10267_plus_10896_rebased_twice' 2014-04-16 23:03:41 -04:00
Nick Mathewson
89e520e2a7 Call pf-divert openbsd-specific, not no-linux 2014-04-16 23:03:25 -04:00
Nick Mathewson
c00c45fee1 Fix OSX compilation. 2014-04-16 23:03:25 -04:00
Nick Mathewson
db8259c230 Whitespace, doc fixes 2014-04-16 23:03:25 -04:00
dana koch
f680d0fdd2 Educate tor on OpenBSD's use of divert-to rules with the pf firewall.
This means that tor can run without needing to communicate with ioctls
to the firewall, and therefore doesn't need to run with privileges to
open the /dev/pf device node.

A new TransProxyType is added for this purpose, "pf-divert"; if the user
specifies this TransProxyType in their torrc, then the pf device node is
never opened and the connection destination is determined with getsockname
(as per pf(4)). The default behaviour (ie., when TransProxyType is "default"
when using the pf firewall) is still to assume that pf is configured with
rdr-to rules.
2014-04-16 23:03:25 -04:00
Nick Mathewson
08ef8c0958 tor_addr_from_sockaddr() is applicable in ipfw code, so use it. 2014-04-16 23:03:25 -04:00
Nick Mathewson
3e4680f312 ipfw TransPort support on FreeBSD (10267)
This isn't on by default; to get it, you need to set "TransProxyType
ipfw".  (The original patch had automatic detection for whether
/dev/pf is present and openable, but that seems marginally fragile.)
2014-04-16 23:03:25 -04:00
Nick Mathewson
f41491816c Log the name of the failing syscall on failure 2014-04-16 22:23:36 -04:00
Nick Mathewson
2ae47d3c3a Block certain option transitions while sandbox enabled 2014-04-16 22:03:18 -04:00
Nick Mathewson
f70cf9982a Sandbox: permit O_NONBLOCK and O_NOCTTY for files we refuse
OpenSSL needs this, or RAND_poll() will kill the process.

Also, refuse with EACCESS, not errno==-1 (!).
2014-04-16 22:03:18 -04:00
Nick Mathewson
c80a6bd9d5 Don't reload logs or rewrite pidfile while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
6194970765 Don't allow change to ConnLimit while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
18f7f49a8c Allow reloading torrc and writing to router-stability 2014-04-16 22:03:17 -04:00
Nick Mathewson
69eb278830 Use SCMP_CMP_MASKED_EQ to allow flags, not force them
Older versions of Libevent are happy to open SOCK_DGRAM sockets
non-cloexec and non-nonblocking, and then set those flags
afterwards. It's nice to be able to allow a flag to be on or off in
the sandbox without having to enumerate all its values.

Also, permit PF_INET6 sockets. (D'oh!)
2014-04-16 22:03:10 -04:00
Nick Mathewson
ce776cf270 Add a couple of missing renames so the server sandbox works again 2014-04-16 22:03:09 -04:00
Nick Mathewson
e6785ee16d Get Libevent's PRNG functioning under the linux sandbox
Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization.  But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}).  To make _that_ work, we
were permitting sysctl unconditionally.  That's not such a great
idea.

Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
2014-04-16 22:03:09 -04:00
Nick Mathewson
156eefca45 Make sure everything using an interned string is preceded by a log
(It's nice to know what we were about to rename before we died from
renaming it.)
2014-04-16 22:03:09 -04:00
Nick Mathewson
8dc6755f6d Introduce arg-counting macros to wrap seccomp_rule_add()
The compiler doesn't warn about this code:
       rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
           SCMP_CMP(0, SCMP_CMP_EQ, AT_FDCWD),
           SCMP_CMP(1, SCMP_CMP_EQ, param->value),
           SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|...));
but note that the arg_cnt argument above is only 1.  This means that
only the first filter (argument 0 == AT_FDCWD) is actually checked!

This patch also fixes the above error in the openat() filter.
Earlier I fixed corresponding errors in filters for rename() and
mprotect().
2014-04-16 22:03:09 -04:00
Nick Mathewson
12028c29e6 Fix sandbox protection for rename
(We were only checking the first parameter of each rename call.)
2014-04-16 22:03:09 -04:00
Nick Mathewson
739a52592b Upgrade warning about missing interned string for sandbox 2014-04-16 22:03:09 -04:00
Nick Mathewson
5aaac938a9 Have sandbox string protection include multi-valued parmeters. 2014-04-16 22:03:09 -04:00
Nick Mathewson
f268101a61 Clean up sandbox structures a bit
Drop pindex,pindex2 as unused.

Admit a type to avoid using a void*
2014-04-16 22:03:08 -04:00
Nick Mathewson
6807b76a5e Add missing rename function for non-linux platforms 2014-04-16 22:03:08 -04:00
Nick Mathewson
71eaebd971 Drop 'fr' parameter from sandbox code.
Appearently, the majority of the filenames we pass to
sandbox_cfg_allow() functions are "freeable right after". So, consider
_all_ of them safe-to-steal, and add a tor_strdup() in the few cases
that aren't.

(Maybe buggy; revise when I can test.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
e051e192a8 Remove nonsensical exec permission from sandbox code. 2014-04-16 22:03:08 -04:00
Nick Mathewson
cbfb8e703e Add 'rename' to the sandboxed syscalls
(If we don't restrict rename, there's not much point in restricting
open, since an attacker could always use rename to make us open
whatever they want.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
3802e32c7d Only intern one copy of each magic string for the sandbox
If we intern two copies of a string, later calls to
sandbox_intern_string will give the wrong one sometimes.
2014-04-16 22:03:08 -04:00
Nick Mathewson
ae9d6d73f5 Fix some initial sandbox issues.
Allow files that weren't in the list; Allow the _sysctl syscall;
allow accept4 with CLOEXEC and NONBLOCK.
2014-04-16 22:03:07 -04:00
Nick Mathewson
211b8cc318 Only expose clean_backtrace() if we'll implement it
Fixes windows compilation; bug not in any released Tor.

Bugfix on cc9e86db.
2014-04-16 22:00:13 -04:00
Nick Mathewson
438a03ef7c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-16 15:37:19 -04:00
Nick Mathewson
3fc0f9efb8 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97 remove note about dannenberg; it has upgraded. 2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21 Update the authority signing key blacklist
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Andrea Shepard
65a0f895c7 Check for orconns and use connection_or_close_for_error() when appropriate in connection_handle_write_impl() 2014-04-15 23:03:16 -07:00
Andrea Shepard
6ee9138576 Call connection_or_close_for_error() properly if write_to_buf() ever fails on an orconn 2014-04-15 21:25:49 -07:00
Andrea Shepard
f36e93206a Avoid redundant calls to connection_mark_for_close() on listeners when setting DisableNetwork to 1 2014-04-15 20:35:31 -07:00
Andrea Shepard
a5544e589d Close orconns correctly through channels when setting DisableNetwork to 1 2014-04-15 20:19:39 -07:00
Nick Mathewson
125c8e5468 Merge remote-tracking branch 'public/bug11465' 2014-04-15 20:55:28 -04:00
Nick Mathewson
03e0c7e366 Answer a question in a comment; fix a wide line. 2014-04-15 20:52:31 -04:00
Nick Mathewson
1126ce1d86 Fix compiler warning on test_status.c 2014-04-15 15:19:41 -04:00
dana koch
3ce3984772 Uplift status.c unit test coverage with new test cases and macros.
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
2014-04-15 15:00:34 -04:00
Nick Mathewson
2704441e7f Merge remote-tracking branch 'public/bug11513_024' 2014-04-15 14:54:25 -04:00
Nick Mathewson
9556668f5f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-15 14:52:12 -04:00
Nick Mathewson
f3c20a28ab Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuituse.c
2014-04-15 14:51:19 -04:00
Nick Mathewson
b2106956e0 Don't send uninitialized stack to the controller and say it's a date.
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14 21:51:30 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42 Fill in the list of blacklisted signing keys.
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Nick Mathewson
bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
Nick Mathewson
0820031419 Merge remote-tracking branch 'asn/bug11486' 2014-04-12 21:42:45 -04:00
George Kadianakis
1ec4d52e59 Add another unit test for parse_bridge_line(). 2014-04-11 21:06:53 +03:00
Nick Mathewson
cc9e86db61 Log a backtrace when the sandbox finds a failure
This involves some duplicate code between backtrace.c and sandbox.c,
but I don't see a way around it: calling more functions would mean
adding more steps to our call stack, and running clean_backtrace()
against the wrong point on the stack.
2014-04-10 15:44:52 -04:00
Nick Mathewson
196895ed7e Make the sandbox code allow the writev() syscall.
Tor doesn't use it directly, but the glibc backtrace-to-fd code does
2014-04-10 15:08:28 -04:00
Nick Mathewson
a790454368 Demote "we stalled too much while trying to write" message to INFO
Resolves ticket 5286.
2014-04-09 11:34:00 -04:00
Nick Mathewson
2f73525883 Fix a dumb C bug in the unit tests for 9841
Fixes bug 11460; bug only affects unit tests and is not in any
released version of Tor.
2014-04-09 09:20:25 -04:00
Nick Mathewson
fa6b80d6e5 Merge remote-tracking branch 'public/bug10431' 2014-04-09 08:29:21 -04:00
Roger Dingledine
aacbf551c4 note a missing word 2014-04-09 01:01:52 -04:00
Nick Mathewson
88179bd9b6 Merge remote-tracking branch 'public/update_ciphers_ff28' 2014-04-08 20:43:21 -04:00
Nick Mathewson
6a0dc0e585 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-08 20:30:30 -04:00
Nick Mathewson
08ced4a7bf Merge remote-tracking branch 'public/bug11426' 2014-04-08 16:46:34 -04:00
Nick Mathewson
6ab10a5466 Make num_bridges_usable work properly.
My first implementation was broken, since it returned "whether there
is one bridge" rather than "how many bridges."

Also, the implementation for the n_options_out feature in
choose_random_entry_impl was completely broken due to a missing *.
2014-04-08 15:51:40 -04:00
Nick Mathewson
689863d0a9 Merge branch 'bug2454_025_squashed' 2014-04-08 15:37:15 -04:00
Matthew Finkel
2d5a7b1842 Check for new IP addr after circuit liveliness returns
When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.
2014-04-08 15:37:01 -04:00
Nick Mathewson
b933fdcc11 Move existing policy tests from test.c to new test_policy.c 2014-04-08 14:14:12 -04:00
Nick Mathewson
d0af665758 Remove unused extern decl for a nonexistent test suite 2014-04-08 14:10:59 -04:00
Nick Mathewson
245f273aaf Merge branch 'bug7952_final'
Conflicts:
	src/test/include.am
	src/test/test.c
2014-04-08 13:55:02 -04:00
rl1987
51e13cd1ad Making entire exit policy available to Tor controller. 2014-04-08 13:50:02 -04:00
Nick Mathewson
3ac426afe8 Merge remote-tracking branch 'public/bug4241' 2014-04-08 12:41:03 -04:00
Nick Mathewson
fffc59b0e9 Merge remote-tracking branch 'public/bug9841_025' 2014-04-08 12:06:03 -04:00
Nick Mathewson
4231729176 Update ciphers.inc to match ff28
The major changes are to re-order some ciphers, to drop the ECDH suites
(note: *not* ECDHE: ECDHE is still there), to kill off some made-up
stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop
some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites.

This change is autogenerated by get_mozilla_ciphers.py from
Firefox 28 and OpenSSL 1.0.1g.

Resolves ticket 11438.
2014-04-08 11:42:07 -04:00
Nick Mathewson
d00dc9f7d1 Teach the get_mozilla_ciphers.py script to parse recent firefoxen 2014-04-08 11:42:07 -04:00
Nick Mathewson
ab1a679eef Fix a small memory leak when resolving PTR addresses
Fixes bug 11437; bugfix on 0.2.4.7-alpha.

Found by coverity; this is CID 1198198.
2014-04-07 23:29:47 -04:00
Nick Mathewson
f0bce2dc35 Fix some harmless/untriggerable memory leaks found by coverity 2014-04-07 23:20:13 -04:00
Nick Mathewson
595303fd1e Merge remote-tracking branch 'public/bug10363_024_squashed' 2014-04-07 23:03:04 -04:00
Nick Mathewson
6d9c332757 Another 10363 instance -- this one in the eventdns.c code 2014-04-07 22:56:42 -04:00
Nick Mathewson
9dd115d6b5 Another 10363 instance: this one in tor_memmem fallback code 2014-04-07 22:56:42 -04:00
Nick Mathewson
092ac26ea2 Fix undefined behavior with pointer addition in channeltls.c
In C, it's a bad idea to do this:

   char *cp = array;
   char *end = array + array_len;

   /* .... */

   if (cp + 3 >= end) { /* out of bounds */ }

because cp+3 might be more than one off the end of the array, and
you are only allowed to construct pointers to the array elements,
and to an element one past the end.  Instead you have to say

   if (cp - array + 3 >= array_len) { /* ... */ }

or something like that.

This patch fixes two of these: one in process_versions_cell
introduced in 0.2.0.10-alpha, and one in process_certs_cell
introduced in 0.2.3.6-alpha.  These are both tracked under bug
10363. "bobnomnom" found and reported both. See also 10313.

In our code, this is likely to be a problem as we used it only if we
get a nasty allocator that makes allocations end close to (void*)-1.
But it's best not to have to worry about such things at all, so
let's just fix all of these we can find.
2014-04-07 22:56:42 -04:00
Nick Mathewson
6d0991ea08 Give no answer, not NOTIMPL, for unsupported DNS query types
According to reports, most programs degrade somewhat gracefully on
getting no answer for an MX or a CERT for www.example.com, but many
flip out completely on a NOTIMPL error.

Also, treat a QTYPE_ALL query as just asking for an A record.

The real fix here is to implement proposal 219 or something like it.

Fixes bug 10268; bugfix on 0.2.0.1-alpha.

Based on a patch from "epoch".
2014-04-07 22:08:41 -04:00
Nick Mathewson
90341b4852 For missing transport, say "PT_MISSING" not "NO_ROUTE" 2014-04-07 13:44:22 -04:00
Nick Mathewson
754a50592c Forward-port bug9665 fix to work with our fix for 11069 2014-04-07 13:41:07 -04:00
Fábio J. Bertinatto
08ae53e400 Fix bug9665 2014-04-07 13:36:36 -04:00
Nick Mathewson
9ccedbece0 Make csiphash use the proper endian-converter on solaris
fixes bug 11426; bugfix on 0.2.5.3-alpha, where csiphash was
introduced.
2014-04-07 13:07:14 -04:00
Nick Mathewson
bc0882c868 Merge remote-tracking branch 'public/bug9650' 2014-04-05 14:53:48 -04:00
Nick Mathewson
2ff664ee20 Merge remote-tracking branch 'public/bug10801_024'
Conflicts:
	src/common/address.c
	src/or/config.c
2014-04-05 14:50:57 -04:00
Nick Mathewson
b3469e4207 Make tor_addr_port_parse handle portless IPv6 addresses correctly.
(Not a bugfix on any Tor release; before 10801_024, it didn't handle
portless addresses at all.)
2014-04-05 14:41:37 -04:00
Nick Mathewson
eefa3ebc78 Add a test for default/port conflicts in tor_addr_port_parse 2014-04-05 14:18:39 -04:00
Nick Mathewson
8f16a77d6a Protocol_Warn when a rendezvous cookie is used twice. 2014-04-04 12:17:16 -04:00
Nick Mathewson
d22ce149c8 Test for circuit_set_rend_token(.,.,NULL) 2014-04-04 12:06:54 -04:00
Nick Mathewson
1bb6e3b503 Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025 2014-04-04 12:05:51 -04:00
Nick Mathewson
09dbcf3b82 Fix to 9841 fix: setting a token to NULL should clear it
Found by testing with chutney.  The old behavior was "fail an
assertion", which obviously isn't optimal.

Bugfix on 8b9a2cb68b290e550695124d7ef0511225b451d5; bug not in any
released version.
2014-04-04 12:01:49 -04:00
Nick Mathewson
d290e36576 Fix make_socket_reusable() on windows. Bug not in any released Tor 2014-04-02 21:11:45 -04:00
Nick Mathewson
24c4b56a39 Merge remote-tracking branch 'public/bug10081' 2014-04-02 15:45:20 -04:00
Nick Mathewson
da908a593f Unit tests for connection_edge_process_resolved_cell
Also rename a function to be more accurate (resolve->resolved)
2014-04-02 15:38:00 -04:00
Nick Mathewson
4215c801ff Tests for resolved_cell_parse 2014-04-02 15:38:00 -04:00
Nick Mathewson
c230ff4ca9 Look at all of a RESOLVED cell; not just the first answer.
Also, stop accepting the old kind of RESOLVED cells with no TTL
fields; they haven't been sent since 0.1.1.6-alpha.

This patch won't work without the fix to #10468 -- it will break
DNSPorts unless they set the proper ipv4/6 flags on entry_connection_t.
2014-04-02 15:38:00 -04:00
Nick Mathewson
2f59d6e2d8 Drop MAX_REND_FAILURES to 8 2014-04-02 15:36:13 -04:00
Nick Mathewson
4fb3ae69a6 Extract code to handle RESOLVED cells
No other changes have been made; only code has been moved.
2014-04-01 23:30:41 -04:00
Nick Mathewson
17d5734df4 Merge remote-tracking branch 'public/bug11278' 2014-04-01 21:56:49 -04:00
Nick Mathewson
86f619d0d3 Merge remote-tracking branch 'public/bug10468_024' 2014-04-01 21:50:55 -04:00
Nick Mathewson
fc9e84062b Merge remote-tracking branch 'public/bug4645'
Conflicts:
	src/or/dirserv.c
2014-04-01 21:49:01 -04:00
Nick Mathewson
408bd98e79 Add one more missing heck on bug4645 fixes 2014-04-01 21:10:14 -04:00
Nick Mathewson
b4b91864bb Merge remote-tracking branch 'public/bug9870'
Conflicts:
	src/or/config.c
2014-04-01 20:48:15 -04:00
Nick Mathewson
6bef082d0a Merge remote-tracking branch 'public/bug11232' 2014-04-01 09:39:48 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
1a9b4bd28c Munmap the right pointers in routerlist_free() 2014-03-31 11:43:51 -04:00
Nick Mathewson
449b87791d NULL out all mappings after tor_munmap_file() 2014-03-31 11:42:49 -04:00
Nick Mathewson
8e94d5f22e Check return values for tor_munmap_file() in unit tests 2014-03-31 11:40:00 -04:00
Nick Mathewson
7cdb50e866 Handle tor_munmap_file(NULL) consistently 2014-03-31 11:35:39 -04:00
Andrea Shepard
dea8190111 Check strftime() return in tortls.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
0938c20fa3 Eliminate lseek() with unchecked return in tor_mmap_file() 2014-03-31 11:27:08 -04:00
Andrea Shepard
abdf1878a3 Always check returns from unlink() 2014-03-31 11:27:08 -04:00
Andrea Shepard
df076eccfa Always check returns from tor_munmap_file() in microdesc.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
947a6daa31 Always check returns from tor_munmap_file() in routerlist.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
389251eda9 Add return value and assert for null parameter to tor_munmap_file() 2014-03-31 11:27:08 -04:00
Nick Mathewson
f82e499aa5 Merge remote-tracking branch 'public/bug11342' 2014-03-31 10:51:09 -04:00
Nick Mathewson
5e0cfba969 Fix a clang compilation warning
Subtracting two time_t values was yielding something that maybe
can't be fit in an int.

Bugfix on 0389d4aa; bug not in any released Tor.
2014-03-31 10:07:42 -04:00
Nick Mathewson
bfe783f167 Make dump_desc() use binary mode
Otherwise, it could mung the thing that came over the net on windows,
which would defeat the purpose of recording the unparseable thing.

Fixes bug 11342; bugfix on 0.2.2.1-alpha.
2014-03-27 23:53:03 -04:00
Nick Mathewson
234dfb0c65 Better log message when writing a CR in text mode on windows
Help to diagnose #11233
2014-03-27 23:48:17 -04:00
Nick Mathewson
9efd970dd9 Merge branch 'bug9658_refactor' 2014-03-27 23:00:28 -04:00
Nick Mathewson
6ad7f3417c Renamed "onionskins_completed" to "onionskins_assigned"
This improves the accuracy of the function/variable names.
2014-03-27 22:57:53 -04:00
Nick Mathewson
46a3914079 Respond to AAAA requests on DNSPort with AAAA automaps
Other DNS+IPv6 problems remain, but at least this fixes the
automapping.

Fixes bug 10468; bugfix on 0.2.4.7-alpha.
2014-03-27 17:41:43 -04:00
Nick Mathewson
753a246a14 check outputs from get_first_listener_addrport_string
Fix for 9650; bugfix for 0.2.3.16-alpha.
2014-03-27 17:12:01 -04:00
Nick Mathewson
b0bbe6b2f1 Report only the first bootstrap failure from an orconn
Otherwise, when we report "identity mismatch", we then later report
DONE when the connection gets closed.

Fixes bug 10431; bugfix on 0.2.1.1-alpha.
2014-03-27 15:58:43 -04:00
Nick Mathewson
24e0b1088a whitespace fix 2014-03-27 15:34:57 -04:00
Nick Mathewson
9c0a1adfa2 Don't do a DNS lookup on a bridge line address
Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
2014-03-27 15:31:29 -04:00
Nick Mathewson
2721246f5d Merge branch 'bug7164_diagnose_harder_v2' 2014-03-27 14:26:21 -04:00
Nick Mathewson
0389d4aa56 More logs to try to diagnose bug 7164
This time, check in microdesc_cache_clean() to see what could be
going wrong with an attempt to clean a microdesc that's held by a node.
2014-03-27 14:23:19 -04:00
Nick Mathewson
de9de9e7dd Give specific warnings when client-side onionskin handshakes fail
Fix for bug9635.
2014-03-27 14:15:53 -04:00
Nick Mathewson
60abc4804f Don't warn when setsockopt(SO_REUSEABLE) on accept()ed socket says EINVAL
This should fix bug10081.  I believe this bug pertains to OSX
behavior, not any Tor behavior change.
2014-03-27 13:55:18 -04:00
Nick Mathewson
5b36f0d7e7 Log descriptor-download bootstrapping messages less verbosely
This is a fix for 9963.  I say this is a feature, but if it's a
bugfix, it's a bugfix on 0.2.4.18-rc.

Old behavior:

    Mar 27 11:02:19.000 [notice] Bootstrapped 50%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 51%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 52%: Loading relay descriptors.
    ... [Many lines omitted] ...
    Mar 27 11:02:29.000 [notice] Bootstrapped 78%: Loading relay descriptors.
    Mar 27 11:02:33.000 [notice] We now have enough directory information to build circuits.

New behavior:

    Mar 27 11:16:17.000 [notice] Bootstrapped 50%: Loading relay descriptors
    Mar 27 11:16:19.000 [notice] Bootstrapped 55%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 60%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 65%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 70%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 75%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] We now have enough directory information to build circuits.
2014-03-27 11:23:53 -04:00
Nick Mathewson
0b43c499b2 Merge remote-tracking branch 'public/bug11296' 2014-03-26 11:46:51 -04:00
Nick Mathewson
6da2544f20 Turn off testing code for #9683.
(This wasn't supposed to get committed turned-on.)
2014-03-26 10:31:56 -04:00
Nick Mathewson
07eb481492 Demote "Invalid length on ESTABLISH_RENDEZVOUS" to protocol_warn
Fixes bug 11279
2014-03-25 11:55:27 -04:00
Nick Mathewson
d5e11f21cc Fix warnings from doxygen
Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
2014-03-25 11:27:43 -04:00
Nick Mathewson
e83eddd113 Add missing -Isrc/ext to tor-fw-helper/include.am
We need this now that tor-fw-helper will pull in siphash.h

Fixes bug 11296; bugfix on 0.2.5.4-alpha where siphash.h was introduced.
2014-03-25 10:21:07 -04:00
Nick Mathewson
852fd1819e Free placeholder circid/chan->circuit map entries on exit
In circuitlist_free_all, we free all the circuits, removing them from
the map as we go, but we weren't actually freeing the placeholder
entries that we use to indicate pending DESTROY cells.

Fix for bug 11278; bugfix on the 7912 code that was merged in
0.2.5.1-alpha
2014-03-25 10:14:26 -04:00
Roger Dingledine
85ef58e5ba quiet the debug message in circuit_build_times_disabled()
something recently made it get called once per second, which will clutter
up your debug log file.
2014-03-24 02:33:17 -04:00
Nick Mathewson
6709a1f58d Merge remote-tracking branch 'arma/bug11276' 2014-03-23 15:57:56 -04:00
Nick Mathewson
3ddbf2880f Merge remote-tracking branch 'public/bug11275_024' 2014-03-23 15:56:23 -04:00
Roger Dingledine
eff16e834b Stop leaking 'sig' at each call of router_append_dirobj_signature()
The refactoring in commit cb75519b (tor 0.2.4.13-alpha) introduced
this leak.
2014-03-23 15:53:51 -04:00
Roger Dingledine
ddaeb4deee Be more lenient in our fix for bug 11149
There are still quite a few 0.2.3.2x relays running for x<5, and while I
agree they should upgrade, I don't think cutting them out of the network
is a net win on either side.
2014-03-23 02:53:08 -04:00
Roger Dingledine
c08b47977e Never run crypto_early_init() more than once
Previously we had set up all the infrastructure to avoid calling it
after the first time, but didn't actually use it.
2014-03-23 00:38:17 -04:00
Nick Mathewson
f560eeadc3 Remove the unused circuit_dump_by_chan().
Also remove its helper function.
2014-03-23 00:28:39 -04:00
Nick Mathewson
2cfc4453c2 Merge remote-tracking branch 'public/bug9683_rebased' 2014-03-23 00:20:05 -04:00
Nick Mathewson
f4e2c72bee Merge remote-tracking branch 'karsten/task-11070' 2014-03-23 00:18:48 -04:00
Nick Mathewson
f2c6c5e69c Merge branch 'ticket11149' 2014-03-23 00:18:11 -04:00
Nick Mathewson
a53e9bfeb4 bump to 0.2.5.3-alpha-dev 2014-03-23 00:15:25 -04:00
Roger Dingledine
d336d407d6 whitespace fix 2014-03-23 00:12:40 -04:00
Nick Mathewson
2bd7280d79 Increment version to 0.2.5.3-alpha 2014-03-22 21:07:50 -04:00
Nick Mathewson
a83abcf5ee Fix unittest compilation with --disable-curve25519
This is a fix for 9700, which we already fixed in 0.2.5.x, but which
got left in 0.2.4.x.

This is a partial backport of a0a855d586
2014-03-20 13:53:32 -04:00
Andrea Shepard
3b31b45ddb Appease make check-spaces 2014-03-18 10:26:44 -07:00
Nick Mathewson
dfdeb6418d Fix a ubsan warning in addr_mask_get_bits
ubsan doesn't like us to do (1u<<32) when 32 is wider than
unsigned.  Fortunately, we already special-case
addr_mask_get_bits(0), so we can just change the loop bounds.
2014-03-18 10:49:39 -04:00
Nick Mathewson
2aea6ca326 Fix a ubsan warning in our ctypes replacements
ubsan doesn't like 1<<31, since that's an undefined integer
overflow.  Instead, we should do 1u<<31.
2014-03-18 10:47:26 -04:00
Nick Mathewson
aaa33f144c csiphash: don't attempt unaligned access
In digestmap_set/get benchmarks, doing unaligned access on x86
doesn't save more than a percent or so in the fast case.  In the
slow case (where we cross a cache line), it could be pretty
expensive.  It also makes ubsan unhappy.
2014-03-18 10:43:46 -04:00
Nick Mathewson
204f7255f4 memarea.c: use flexible array member for mem
This make clang's memory sanitizer happier that we aren't reading
off the end of a char[1].  We hadn't replaced the char[1] with a
char[FLEXIBLE_ARRAY_MEMBER] before because we were doing a union
trick to force alignment.  Now we use __attribute__(aligned) where
available, and we do the union trick elsewhere.

Most of this patch is just replacing accesses to (x)->u.mem with
(x)->U_MEM, where U_MEM is defined as "u.mem" or "mem" depending on
our implementation.
2014-03-18 10:02:27 -04:00
Nick Mathewson
98b1aad201 Fix a use-after-free in test_circuitlist.c
Found by clang-3.4 analyzers.
2014-03-18 09:47:13 -04:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
d769cab3e5 Defensive programming: null [pn]_chan,circ_id in circuit_mark_for_close_
Doing this as part of the patch for #9683 to prevent possible bugs
down the line
2014-03-14 11:58:34 -04:00
Nick Mathewson
1a74360c2d Test code for implementation of faster circuit_unlink_all_from_channel
This contains the obvious implementation using the circuitmux data
structure.  It also runs the old (slow) algorithm and compares
the results of the two to make sure that they're the same.

Needs review and testing.
2014-03-14 11:57:51 -04:00
Nick Mathewson
d01cf18ecb should_disable_dir_fetches() now returns 1 if DisableNetwork==1
This change prevents LD_BUG warnings and bootstrap failure messages
when we try to do directory fetches when starting with
DisableNetwork == 1, a consensus present, but no descriptors (or
insufficient descriptors) yet.

Fixes bug 11200 and bug 10405.  It's a bugfix on 0.2.3.9-alpha.
Thanks to mcs for walking me through the repro instructions!
2014-03-14 10:42:49 -04:00
Nick Mathewson
102bb1c04f Update to latest tinytest
(This pulls in some fixes to tinytest_demo.c, which Tor doesn't build.)
2014-03-14 10:09:04 -04:00
Nick Mathewson
119896cd43 Fix some leaks/missed checks in the unit tests
Coverity spotted these.
2014-03-13 10:07:10 -04:00
Nick Mathewson
df836b45b0 Merge remote-tracking branch 'asn/bug5018_notice' 2014-03-12 11:10:51 -04:00
Nick Mathewson
9077118ee2 Remove the unused router_hex_digest_matches
When I removed some unused functions in 5bfa373eee, this became
unused as well.
2014-03-11 11:17:46 -04:00
Nick Mathewson
cce06b649e Merge remote-tracking branch 'asn/bug11069_take2' 2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018 Throw control port warning if we failed to connect to all our bridges. 2014-03-10 22:52:07 +00:00
George Kadianakis
cc1bb19d56 Tone down the log message for when we don't need a PT proxy. 2014-03-10 22:05:31 +00:00
Nick Mathewson
7aa2192048 Fix our check for the "first" bridge descriptor.
This is meant to be a better bug 9229 fix -- or at least, one more
in tune with the intent of the original code, which calls
router_retry_directory_downloads() only on the first bridge descriptor.
2014-03-10 15:11:21 -04:00
Nick Mathewson
db72479eea Update ns downloads when we receive a bridge descriptor
This prevents long stalls when we're starting with a state file but
with no bridge descriptors.  Fixes bug 9229.  I believe this bug has
been present since 0.2.0.3-alpha.
2014-03-10 15:01:27 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
Nick Mathewson
0c04416c11 Merge branch 'bug11043_take2_squashed' 2014-03-10 14:08:29 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
George Kadianakis
8c8e21e296 Improve the log message for when the Extended ORPort is not enabled. 2014-03-10 12:54:46 -04:00
Nick Mathewson
1365ff5b9a Upgrade to the latest version of tinytest.
This brings us to tinytest commit 709a36ba63ff16d8.

The only big change tor-side is that we don't need our own test_mem_op
operation any longer.
2014-03-06 18:06:08 -05:00
Nick Mathewson
065097b81b tinytest tt_{mem,str}_op now handle NULLs better
Now a NULL argument to either makes it fail, not crash.

Fies bug 9004; bugfix on 0.2.2.4-alpha.
2014-03-06 12:12:13 -05:00
Nick Mathewson
a50690e68f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-03-06 11:52:22 -05:00
Nick Mathewson
4a2a1e572e Merge branch 'bug11108' 2014-03-06 10:22:40 -05:00
Nick Mathewson
cbf9e74236 Correct the URL in the "a relay on win95???" message
This is a fix for 9393; it's not a bugfix on any Tor version per se,
but rather on whatever Tor version was current when we reorganized the
wiki.
2014-03-06 09:57:42 -05:00
Nick Mathewson
a4b447604a Stop accepting 0.2.2 relay uploads for the consensus.
Resolves ticket 11149.
2014-03-06 09:38:35 -05:00
Nick Mathewson
663aba07e5 Fix whitespace errors, all of them mine. 2014-03-05 14:36:32 -05:00
Nick Mathewson
22ccfc6b5f Rename PredictedCircsRelevanceTime->PredictedPortsRelevanceTime
All circuits are predictive; it's the ports that are expiring here.
2014-03-05 14:35:07 -05:00
Nick Mathewson
103cebd924 Merge branch 'ticket9176_squashed'
Conflicts:
	doc/tor.1.txt
2014-03-05 14:32:05 -05:00
Nick Mathewson
25374d307d Fix wide lines. 2014-03-05 14:31:13 -05:00
Nick Mathewson
2c25bb413e Lower the maximum for PrecictedCircsRelevanceTime to one hour 2014-03-05 14:31:13 -05:00
unixninja92
4f03804b08 Fixed spacing. 2014-03-05 14:31:13 -05:00
unixninja92
5c310a4fa2 Added max value to PredictedCircsRelevanceTime. 2014-03-05 14:31:13 -05:00
unixninja92
898154f717 PredictedCircsRelevanceTime: limit how long we predict a port will be used
By default, after you've made a connection to port XYZ, we assume
you might still want to have an exit ready to connect to XYZ for one
hour. This patch lets you lower that interval.

Implements ticket 91
2014-03-05 14:29:54 -05:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
1295490862 Merge remote-tracking branch 'public/bug8788' 2014-03-05 12:17:31 -05:00
Nick Mathewson
496fe685fd Include v3 in documented 'protocols' in rend_service_descriptor_t
Also make it unsigned and document that it's for INTRODUCE cell versions.

Fixes 9099; bugfix on 0.2.1.5-alpha, which introduced the v3 protocol.
2014-03-04 12:03:18 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
bb37544214 Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/common/compat_libevent.h
	src/or/relay.c
2014-03-04 11:00:02 -05:00
Nick Mathewson
46118d7d75 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	src/or/relay.c
2014-03-04 10:54:54 -05:00
Nick Mathewson
0db39eb89f ATTR_NORETURN is needed on lost_owning_controller now
This should fixes some "hey, that function could have
__attribute__((noreturn))" warnings  introduced by f96400d9.

Bug not in any released version of Tor.
2014-03-03 10:54:20 -05:00
Nick Mathewson
4050dfa320 Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them.  This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
also adjusts the manpage to say that ports are ignored.

Fixes ticket 11108.
2014-03-03 10:45:39 -05:00
Nick Mathewson
d98f743b28 Fix compilation warnings in tor_addr_make_null patch
There was one "missing prototype" warning because the test function
wasn't static, and one "unused parameter" warning about the "data"
parameter.

Also, I added a couple of tests to make sure that the "make_null"
addresses really were the addresses we expected, by formatting them
as strings.
2014-03-03 10:05:02 -05:00
Kevin Murray
4deae59e1c add test for tor_addr_make_null
Signed-off-by: Kevin Murray <spam@kdmurray.id.au>
2014-03-03 09:58:01 -05:00
Roger Dingledine
bd49653f8e trivial whitespace fixes 2014-03-03 06:53:08 -05:00
Nick Mathewson
0b7a66fac7 whitespace fix 2014-02-28 08:57:29 -05:00
Nick Mathewson
273f536d72 Merge branch 'bug10884_squashed' 2014-02-28 08:54:50 -05:00
Nick Mathewson
886d4be149 Unit tests for test_routerkeys_write_fingerprint 2014-02-28 08:53:14 -05:00
Nick Mathewson
0be9e6099b Unit tests for pk fingerprint functions 2014-02-28 08:53:14 -05:00
Nick Mathewson
25c0435aa5 Tighten router_write_fingerprint impl 2014-02-28 08:53:14 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
043329eeb6 Merge remote-tracking branch 'karsten/task-5824' 2014-02-28 08:32:13 -05:00
Nick Mathewson
833d027778 Monotonize the OOM-killer data timers
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks.  These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation.  This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.

A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
2014-02-26 09:51:30 -05:00
Nick Mathewson
bf1678603f Merge remote-tracking branch 'public/bug10449' 2014-02-25 16:09:15 -05:00
Nick Mathewson
c3800f631b Merge remote-tracking branch 'public/no_itime_queue' into maint-0.2.4 2014-02-25 15:58:53 -05:00
Nick Mathewson
f8e3c1672d Trivial comment fix. 2014-02-25 10:23:38 -05:00
Nick Mathewson
92da2e27a2 Merge remote-tracking branch 'public/bug11048' 2014-02-25 10:23:09 -05:00
Nick Mathewson
613b0a3bc5 Merge remote-tracking branch 'karsten/geoip2regcountry' 2014-02-25 10:04:37 -05:00
Nick Mathewson
23a5921e9a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-25 10:04:10 -05:00
Nick Mathewson
d7950eda2b Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-02-25 10:02:14 -05:00
Karsten Loesing
2658e70d16 Fix geoip by falling back to registered countries.
See 1d2179bc90 in master for details.

"""
Fall back to registered country if necessary.

When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.

But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there.  Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.

What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.

In short: let's fill all A1 entries with what ARIN et. al think.
"""
2014-02-25 13:28:34 +01:00
Karsten Loesing
1d2179bc90 Fall back to registered country if necessary.
When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.

But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there.  Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.

What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.

In short: let's fill all A1 entries with what ARIN et. al think.
2014-02-25 13:20:04 +01:00
Karsten Loesing
5015279153 Download MaxMind's geoip file over https.
If the cert turns out to be invalid or if wget is otherwise unable to
verify it, it's going to return an error and not download the file for us.

Spotted by nickm.
2014-02-25 11:26:27 +01:00
Nick Mathewson
d21b24b3b6 Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4 2014-02-24 13:05:25 -05:00
Nick Mathewson
a3ab31f5dc Threadproof our log_backtrace implementation
It's possible for two threads to hit assertion failures at the same
time.  If that happens, let's keep them from stomping on the same
cb_buf field.

Fixes bug 11048; bugfix on 0.2.5.2-alpha. Reported by "cypherpunks".
2014-02-24 12:15:32 -05:00
Karsten Loesing
c857276bd7 Include instructions on generating geoip files.
Implements #10924.
2014-02-21 19:13:33 +00:00
Nick Mathewson
1753975ece When not an exit node, don't test for DNS hijacking.
Back in 5e762e6a5c, non-exit servers
stopped launching DNS requests for users.  So there's no need for them
to see if their DNS answers are hijacked.

Patch from Matt Pagan.  I think this is a 965 fix.
2014-02-21 18:04:48 +00:00
Nick Mathewson
6eba3584b1 Merge remote-tracking branch 'public/bug10987_024' 2014-02-21 17:29:48 +00:00
Nick Mathewson
f3e8271652 Style tweaks on code, changes file for 10987 2014-02-21 17:27:35 +00:00
David Goulet
1532cff2ce Fix: send back correct IPv6 SOCKS5 connect reply
For a client using a SocksPort connection and IPv6, the connect reply
from tor daemon did not handle AF_INET6 thus sending back the wrong
payload to the client.

A changes file is provided and this fixes #10987

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-02-21 17:19:11 +00:00
Nick Hopper
b063ebbc60 fixed long -> int implicit cast warning line 3453 2014-02-20 11:54:01 +00:00
dana koch
f49805b681 Restitute a successful stat call to this test case.
Since the first stat call is made for it to deliberately fail, and we
reference st.st_mode without st having valid data, st.st_mode can contain
garbage and cause chmod to fail with EINVAL. We rerun stat and ensure it
succeeded.

Also make use of tt_abort_perror, to properly convey failure reasons to
the user.
2014-02-17 22:55:40 +00:00
dana koch
8999150f71 Appropriately condition the _le64toh macro definition for OpenBSD.
This corrects a linker error on OpenBSD, where the function is called letoh64. See also http://git.kernel.org/cgit/docs/man-pages/man-pages.git/tree/man3/endian.3#n84.
2014-02-17 22:42:19 +00:00
Nick Mathewson
e1deb01e5f mingw fix: Rename a variable in the unit tests
Apparently, MS C is #defining "IN" on us, so we can't name a
variable IN.  Delightful!
2014-02-16 12:51:35 -05:00
Nick Mathewson
3dfed0806c Merge remote-tracking branch 'public/bug10722' 2014-02-16 12:13:12 -05:00
Nick Mathewson
b5d6e47002 Warning message when bug 10722 would trigger
If somebody's excludenodes settings are keeping their hidden service
connections from working, they should probably get notified about it.
2014-02-16 12:11:07 -05:00
Nick Mathewson
35423d397f Merge branch 'bug4900_siphash_v2' 2014-02-15 15:59:10 -05:00
Nick Mathewson
1ad6dd0dbe Remove string hash in ht.h so we can't accidentally use it 2014-02-15 15:45:38 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
67749475f5 Merge remote-tracking branch 'public/bug10841' 2014-02-15 15:06:06 -05:00
Nick Mathewson
9d0af78e3c Merge remote-tracking branch 'karsten/mmdb-convert' 2014-02-15 00:08:36 -05:00
Nick Mathewson
c64b549621 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:07:15 -05:00
Nick Mathewson
bc58bfda70 Merge remote-tracking branch 'karsten/geoip6-feb2014' into maint-0.2.4 2014-02-15 00:06:40 -05:00
Nick Mathewson
260b3b1a19 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-02-15 00:06:25 -05:00
Nick Mathewson
405d055465 Merge remote-tracking branch 'karsten/geoip-feb2014' into maint-0.2.3 2014-02-15 00:06:01 -05:00
Nick Mathewson
339a47e80b Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:03:29 -05:00
Sebastian Hahn
3f567f529f gcc/clang: Mark macro-generated functions as possible unused
clang 3.4 introduced a new by-default warning about unused static
functions, which we triggered heavily for the hashtable and map function
generating macros. We can use __attribute__ ((unused)) (thanks nickm for
the suggestion :-) ) to silence these warnings.
2014-02-14 23:43:15 -05:00
Nick Mathewson
ac5ae794bd tristate->enum in rendcommon functions
When we have more than two return values, we should really be using
an enum rather than "-2 means this, -1 means that, 0 means this, and
1 or more means a number."
2014-02-14 23:23:53 -05:00
Nick Mathewson
1987894626 fix a whitespace snafu 2014-02-14 23:00:04 -05:00
Karsten Loesing
c024ff8671 Remove another unused v0 hidserv function.
Noted by Nick on #10841.
2014-02-14 17:54:16 +01:00
Nick Mathewson
fb595922b1 Tests for rend_token maps
This gets coverage of everything except for the cases which should be
impossible.
2014-02-13 15:24:15 -05:00
Nick Mathewson
949c9ae26b Tweak sign of rend_token params for consistency 2014-02-13 15:24:09 -05:00
Nick Mathewson
ecf61e924d Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025
Conflicts:
	src/or/circuitlist.c
2014-02-13 14:49:15 -05:00
Nick Mathewson
8b9a2cb68b Faster circuit_get_by_rend_token_and_purpose()
On busy servers, this function takes up something like 3-7% in
different profiles, and gets invoked every time we need to participate
as the midpoint in a hidden service.

So maybe walking through a linked list of all the circuits here wasn't
a good idea.
2014-02-13 14:44:43 -05:00
Karsten Loesing
f6f691df73 Update geoip6 to the February 2014 GeoIP database. 2014-02-13 19:04:51 +01:00
Karsten Loesing
436f7106b4 Exclude Teredo IPv6 prefix from geoip6.
The latest GeoLite2 database includes a pointer from 2001::/32 to the root
node of the IPv4 address space in the tree.  We need to exclude this whole
address space from geoip6, similar to how we exclude IPv4-mapped IPv6
addresses and the 6to4 mapping subnet.
2014-02-13 18:58:21 +01:00
Roger Dingledine
745434d29a bump to 0.2.5.2-alpha 2014-02-13 04:06:36 -05:00
Nick Mathewson
ecd16edafe Disallow "*/maskbits" as an address pattern.
Fixes bug 7484. We've had this bug back in a8eaa79e03 in
0.0.2pre14, when we first started allowing address masks.
2014-02-12 16:00:26 -05:00
Nick Mathewson
c4bb3c8d44 Log only one message for dangerous log settings.
We log only one message, containing a complete list of what's
wrong.  We log the complete list whenever any of the possible things
that could have gotten wrong gets worse.

Fix for #9870. Bugfix on 10480dff01, which we merged in
0.2.5.1-alpha.
2014-02-12 15:32:50 -05:00
Nick Mathewson
24add404ac eventdns.c: survive broken resolv.conf files
If you had a resolv.conf file with a nameserver line containing no
nameserver IP, we would crash.  That's not terrible, but it's not
desirable.

Fixes bug 8788; bugfix on 0.1.1.23.  Libevent already has this fix.
2014-02-12 15:11:31 -05:00
Nick Mathewson
79c234e0e3 On OOM, also log N circuits remaining 2014-02-12 13:09:02 -05:00
Nick Mathewson
c8d41da52d More unit tests for OOM handling.
This gets us up to no interesting untested new or changed lines for
the 10169 code.
2014-02-12 12:50:16 -05:00
Nick Mathewson
48877e24a8 Initial unit tests for OOM handling 2014-02-12 12:49:56 -05:00
Nick Mathewson
9a07ec751f Refactor OOM-handling functions for more testability
This patch splits out some of the functions in OOM handling so that
it's easier to check them without involving the rest of Tor or
requiring that the circuits be "wired up".
2014-02-12 12:48:20 -05:00
Nick Mathewson
52d222aafb Add tests for buffer time tracking. 2014-02-12 12:48:11 -05:00
Nick Mathewson
d379fc6e0f Several tests for buffer allocation 2014-02-12 12:48:00 -05:00
Nick Mathewson
f425cf8338 Start writing tests for 10169.
Now we cover more chunk allocation functions.
2014-02-12 12:47:49 -05:00
Nick Mathewson
eb6f433bdb Debugging code inbuffers.c for debugging chunk allocation.
Currently on; will disable later in this branch.
2014-02-12 12:46:17 -05:00
Nick Mathewson
87fb1e324c Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/or/circuitlist.c
2014-02-12 12:44:58 -05:00
Nick Mathewson
05d8111eed Merge remote-tracking branch 'public/bug10169_023' into bug10169_024 2014-02-12 12:39:15 -05:00
Nick Mathewson
fd28754dd3 Actually release buffer freelists when handling OOM conditions.
Otherwise freeing buffers won't help for a little while.
2014-02-12 12:38:20 -05:00
Nick Mathewson
7951591744 Fix bugs in bug10169 bugfix memory tracking
The chunk_grow() and chunk_copy() functions weren't adjusting the
memory totals properly.

Bugfix not on any released Tor version.
2014-02-12 12:37:41 -05:00
Nick Mathewson
c1e98c8afe Randomize the global siphash key at startup
This completes our conversion to using siphash for our hash functions.
2014-02-12 12:12:58 -05:00
Nick Mathewson
d3fb846d8c Split crypto_global_init() into pre/post config
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us.  (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)

We'll also need this for making sure we initialize the siphash key
before we do any hashes.
2014-02-12 12:04:07 -05:00
Nick Mathewson
0e97c8e23e Siphash-2-4 is now our hash in nearly all cases.
I've made an exception for cases where I'm sure that users can't
influence the inputs.  This is likely to cause a slowdown somewhere,
but it's safer to siphash everything and *then* look for cases to
optimize.

This patch doesn't actually get us any _benefit_ from siphash yet,
since we don't really randomize the key at any point.
2014-02-12 11:32:10 -05:00
Nick Mathewson
f05820531a csiphash: Add functions to take a global key. 2014-02-12 11:27:41 -05:00
Nick Mathewson
f51df9bb93 Tests for siphash, from reference implementation. 2014-02-12 10:58:03 -05:00
Nick Mathewson
1bd86b69b6 csiphash: avoid unaligned access on non-x86 2014-02-12 10:57:46 -05:00
Nick Mathewson
9605978eb6 Get csiphash better integrated with our build system 2014-02-12 10:24:04 -05:00
Nick Mathewson
f4656c0cc9 Raw import of Marek Majkowski's cisphash.c
siphash is a hash function designed for producing hard-to-predict
64-bit outputs from short inputs and a 128-bit key.  It's chosen for
security and speed.

See https://131002.net/siphash/ for more information on siphash.

Source: https://github.com/majek/csiphash/
2014-02-12 10:09:45 -05:00
Nick Mathewson
2c0088b8aa Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-12 09:17:11 -05:00
Nick Mathewson
d6e6eaba60 Fix windows compilation of e0c8031516
There is no WSAEPERM; we were implying that there was.This fixes a
bug in e0c8031516, which hadn't yet
appeared in any released Tor.
2014-02-12 09:16:22 -05:00
Karsten Loesing
74c2bff781 Remove remaining v0 hidden service descriptor code.
Fixes the rest of #10841 after #10881 already removed some hidden service
authority code.
2014-02-12 14:36:08 +01:00
Nick Mathewson
0ee449ca92 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-11 18:58:58 -05:00
Nick Mathewson
91d4bb0b00 Merge branch 'bug10777_netunreach_024' into maint-0.2.4 2014-02-11 18:57:55 -05:00
Nick Mathewson
8836c1ee2f Merge remote-tracking branch 'public/bug10777_nointernal_024' into maint-0.2.4 2014-02-11 18:55:26 -05:00
Nick Mathewson
c3720c05fa Free leakable values in the unit tests.
Thanks, Coverity!  (CID 1171414, 1171415, 1171416)
2014-02-11 18:10:33 -05:00
Nick Mathewson
10d4d3e2d5 Merge remote-tracking branch 'public/no_itime_queue_025' 2014-02-11 11:52:35 -05:00
Nick Mathewson
5e0cdc5ef2 Merge branch 'bug10881' 2014-02-11 11:42:06 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Nick Mathewson
cb065a55bd Merge remote-tracking branch 'karsten/one-dirauth' 2014-02-11 10:15:03 -05:00
Nick Mathewson
cb28fe486f Merge remote-tracking branch 'public/bug10722' 2014-02-11 10:08:58 -05:00
Nick Mathewson
c0483c7f85 Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
2014-02-10 22:41:52 -05:00
Roger Dingledine
dd3f2f6332 fix trivial typo 2014-02-10 16:05:35 -05:00
Nick Mathewson
e0c8031516 make EACCES survivable too. 2014-02-10 15:06:10 -05:00
Nick Mathewson
5b55e0e181 Merge remote-tracking branch 'public/no_itime_queue'
The conflicts here were tricky, and required me to eliminate the
command-queue as well.  That wasn't so hard.

Conflicts:
	src/or/or.h
	src/or/relay.c
2014-02-10 15:04:23 -05:00
Nick Mathewson
3133cde3c1 Excise the insertion_time_elem_t logic
It's now redundant with the inserted_time field in packed_cell_t

Fixes bug 10870.
2014-02-10 13:55:27 -05:00
Nick Mathewson
a73b0da653 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-09 21:41:59 -05:00
Nick Mathewson
7f6aa780e3 Merge remote-tracking branch 'andrea/bug9602' into maint-0.2.4 2014-02-09 21:41:24 -05:00
Nick Mathewson
b15f75b632 Don't treat END_STREAM_REASON_INTERNAL as total circuit failure
It can happen because we sent something that got an ENETUNREACH
response.

Bugfix on 0.2.4.8-alpha; fixes a part of bug 10777.
2014-02-09 21:35:14 -05:00
Nick Mathewson
f5d32c08ba Call ENETUNREACH a case of NOROUTE, not a case of INTERNAL.
Found by cypherpunks; fix for a part of bug 10777; bugfix on 0.1.0.1-rc.
2014-02-09 21:30:23 -05:00
Andrea Shepard
c330d63ff7 Make sure orconn->chan gets nulled out when channels exit from channel_free_all() too 2014-02-08 14:05:51 -08:00
Karsten Loesing
26dd328891 Update to the February 2014 GeoIP database. 2014-02-08 12:09:37 +01:00
Karsten Loesing
749ead79ad Don't zero-pad day of the month. 2014-02-08 12:03:27 +01:00
Karsten Loesing
3bea0fff79 Add script to convert GeoLite2 country databases.
Copied over from https://github.com/nmathewson/mmdb-convert,
commit 52f0d43408ed3a0fe7c3b2fa7099da7f6b7c4502.
2014-02-08 11:56:54 +01:00
Karsten Loesing
becc3d5b4e Remove script to clean up GeoLite country databases. 2014-02-08 11:56:27 +01:00
Karsten Loesing
ebe7e22045 Suppress warning in networks with only 1 dirauth. 2014-02-08 11:02:27 +01:00
Nick Mathewson
a0577aacb4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 17:41:41 -05:00
Nick Mathewson
9bb34aa897 Survive fedora's openssl in our benchmarks
Apparently fedora currently has ECDH but not P224. This isn't a huge
deal, since we no longer use OpenSSL's P224 ever (see #9780 and
72c1e5acfe). But we shouldn't have segfaulting benchmarks really.

Fixes bug 10835; bugfix on 0.2.4.8-alpha.
2014-02-07 17:36:11 -05:00
Nick Mathewson
fdf68479b0 Explain CURVE25519_ENABLED: closes 9774 2014-02-07 16:16:56 -05:00
Nick Mathewson
1ebdaf5788 More hacking around spawn_func issues
This time, we use a pthread_attr to make sure that if pthread_create
succeeds, the thread is successfully detached.

This probably isn't the big thing going on with 4345, since it'd be
a bit weird for pthread_detach to be failing.  But it's worth
getting it right.
2014-02-07 13:13:15 -05:00
Nick Mathewson
aa3c8c1397 Use the right functions; strncpy is usually not the answer 2014-02-07 12:25:49 -05:00
Nick Mathewson
f1682a615f Merge remote-tracking branch 'houqp/hs_control_fix' 2014-02-07 12:22:56 -05:00
Nick Mathewson
040b478692 Remove a needless check in channel_tls_handle_incoming
This patch removes an "if (chan)" that occurred at a place where
chan was definitely non-NULL.  Having it there made some static
analysis tools conclude that we were up to shenanigans.

This resolves #9979.
2014-02-07 12:01:16 -05:00
Nick Mathewson
ef4eb823f3 Merge the circuit_{free,clear}_cpath functions
(Based on a suggestion by arma at #9777)
2014-02-07 10:50:06 -05:00
Nick Mathewson
babbd3ff08 Merge remote-tracking branch 'public/feature9777_024_squashed'
Conflicts:
	src/or/circuitbuild.c
2014-02-07 10:47:34 -05:00
Nick Mathewson
1068e50aec Discard circuit paths on which nobody supports ntor
Right now this accounts for about 1% of circuits over all, but if you
pick a guard that's running 0.2.3, it will be about 6% of the circuits
running through that guard.

Making sure that every circuit has at least one ntor link means that
we're getting plausibly good forward secrecy on every circuit.

This implements ticket 9777,
2014-02-07 10:45:34 -05:00
Nick Mathewson
372adfa09a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 10:38:24 -05:00
Andrea Shepard
707c1e2e26 NULL out conns on tlschans when freeing in case channel_run_cleanup() is late; fixes bug 9602 2014-02-06 14:47:34 -08:00
Nick Mathewson
b4e8d8dc0e Merge remote-tracking branch 'public/bug9716_024' into maint-0.2.4 2014-02-06 16:29:08 -05:00
Nick Mathewson
075482ff80 Merge remote-tracking branch 'public/bug10543_024_v2' 2014-02-06 16:25:26 -05:00
Nick Mathewson
dffac251f1 Make the handling for usable-exit counting handle ExitNodes better
It's possible to set your ExitNodes to contains only exits that don't
have the Exit flag.  If you do that, we'll decide that 0 of your exits
are working.  Instead, in that case we should look at nodes which have
(or which might have) exit policies that don't reject everything.

Fix for bug 10543; bugfix on 0.2.4.10-alpha.
2014-02-06 16:24:08 -05:00
Qingping Hou
57da1a5057 add test case for node_get_verbose_nickname 2014-02-06 16:13:55 -05:00
Qingping Hou
39ff3b00cf add test for node_get_verbose_nickname_by_id 2014-02-06 16:13:55 -05:00
Qingping Hou
0fbe7f3188 remove node_describe_by_id() function
This function is not used anymore
2014-02-06 16:13:55 -05:00
Qingping Hou
bf66ff915a fix longname returned in HS_DESC control events
According to control spec, longname should not contain any spaces and is
consists only of identy_digest + nickname

added two functions:
* node_get_verbose_nickname_by_id()
* node_describe_longname_by_id()
2014-02-06 16:13:55 -05:00
Florent Daigniere
01132c93fd Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-06 16:09:12 -05:00
Nick Mathewson
1b93e3c6d9 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	changes/bug10485
	src/or/rephist.c
	src/or/status.c
2014-02-06 13:27:04 -05:00
Nick Mathewson
655adbf667 Add a missing include 2014-02-06 13:25:36 -05:00
Nick Mathewson
edc6fa2570 Deliver circuit handshake counts as part of the heartbeat
Previously, they went out once an hour, unconditionally.

Fixes 10485; bugfix on 0.2.4.17-rc.
2014-02-06 13:03:01 -05:00
Nick Mathewson
34740a17ea Rename sun to s_un in test_addr.c
Apparently the compiler on solaris 9 didn't like "sun" as an identifier.

Fix for bug 10565; bugfix on 0.2.5.1-alpha.
2014-02-06 12:36:33 -05:00
Nick Mathewson
4268cbf294 Distcheck repair: add new python testing code to "tarballs"
'make distcheck' now passes again.
2014-02-04 11:08:22 -05:00
Nick Mathewson
c61a472076 test_config.c: log which address should have failed 2014-02-03 16:21:32 -05:00
Nick Mathewson
24544a10c0 Clean up test_hs.c: warning fix; tor_free() usage.
My OSX laptop rightly gave a warning because of sticking strlen() into
an int, but once I took a closer look... it appears that the strlen()
was part of a needlessly verbose implementation for tor_strdup().

While I was there, I fixed the usage of tor_free() in test_hs.c: It
checks for NULL, and it zeros its argument.  So instead of
    if (foo) {
      tor_free(foo);
      foo = NULL;
    }
we should just say
    tor_free(foo);
2014-02-03 16:12:30 -05:00
Nick Mathewson
dafed84dab Fixes for bug4645 fix. 2014-02-03 14:31:31 -05:00
rl1987
e82e772f2b Using proper functions to create tor_addr_t. 2014-02-03 14:20:24 -05:00
rl1987
3a4b24c3ab Removing is_internal_IP() function. Resolves ticket 4645. 2014-02-03 14:20:17 -05:00
Nick Mathewson
5991f9a156 TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)
2014-02-03 13:56:19 -05:00
Karsten Loesing
00ec6e6af0 More fixes to rip out all of the v2 directory code.
(This was a squash commit, but I forgot to squash it. Sorry! --Nick)
2014-02-03 13:34:30 -05:00
rl1987
881c7c0f7d 10365: Close connections if the VERSIONS cell has an odd length.
Fixes issue 10365.
2014-02-03 13:14:27 -05:00
Nick Mathewson
8db8fda43f check-spaces fixes for test_router.c 2014-02-03 13:00:15 -05:00
Nick Mathewson
f96400d9df bug10449: a dying owning controller makes Tor exit immediately
If you want a slow shutdown, send SIGNAL SHUTDOWN.

(Why not just have the default be SIGNAL QUIT?  Because this case
should only happen when an owning controller has crashed, and a
crashed controller won't be able to give the user any "tor is
shutting down" feedback, and so the user gets confused for a while.
See bug 10449 for more info)
2014-02-03 12:54:06 -05:00
Nick Mathewson
696b484d4d Defensive programming in control_event_hs_descriptor_*
It looks to me like these functions can never get called with NULL
arguments, but better safe than sorry.
2014-02-03 12:35:35 -05:00
Nick Mathewson
fee7f25ff8 Merge remote-tracking branch 'houqp/hs_control' 2014-02-03 12:28:42 -05:00
Nick Mathewson
27d81c756b slownacl's pure-python curve25519 lets us test ntor everywhere.
Improvement on f308adf838, where we made the ntor
unit tests run everywhere... so long as a python curve25519 module
was installed.  Now the unit tests don't require that module.
2014-02-03 11:34:13 -05:00
Nick Mathewson
c6c87fb6d1 Merge remote-tracking branch 'public/bug10758' 2014-02-03 11:05:29 -05:00
Florent Daigniere
9d6e805d28 Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-03 10:44:19 -05:00
Nick Mathewson
25f0eb4512 Add a sandbox rule to allow IP_TRANSPARENT 2014-02-02 15:47:48 -05:00
Nick Mathewson
fd8947afc2 Move the friendly warning about TPROXY and root to EPERM time
I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.
2014-02-02 15:45:00 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Qingping Hou
ebd99314cf add test case for node_describe_by_id 2014-01-29 22:47:05 -05:00
Qingping Hou
0b0d4b4ebc add test case for hidden service async events 2014-01-29 22:43:11 -05:00
Qingping Hou
29c18f5b71 add hidden service descriptor async control event 2014-01-29 22:23:57 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
bb21d14255 Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.

Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.

Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
2014-01-24 12:56:10 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
85b46d57bc Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it
for ages and ages.

Found by skruffy.  This was a bug in 2dda97e8fd, a.k.a. svn
revision 402. It's been there since we have been using cpuworkers.
2014-01-17 12:04:53 -05:00
Nick Mathewson
8a49fac9e0 Coverate in util.c: test that tor_parse_* rejects negative base. 2014-01-17 11:58:09 -05:00
Nick Mathewson
ab0fdbb618 Add an --accel switch to run unit tests with crypto acceleration 2014-01-17 11:58:09 -05:00
Nick Mathewson
682c2252a5 Fix some seccomp2 issues
Fix for #10563.  This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
2014-01-06 04:27:58 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
9030360277 Add explicit check for 0-length extend2 cells
This is harmless in the Tor of today, but important for correctness.

Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
2014-01-03 10:43:09 -05:00
Nick Mathewson
573ee36eae Merge remote-tracking branch 'public/bug10485' 2013-12-24 11:42:35 -05:00
Nick Mathewson
2b8962bc64 Move onion-type stats message into heartbeat
Fix for 10485. Fix on 0.2.4.17-alpha.
2013-12-24 11:41:48 -05:00
Nick Mathewson
6276cca8ce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-22 17:26:25 -05:00
Nick Mathewson
b9f6e40ecb Fix automapping to ipv6
Bugfix on 0.2.4.7-alpha; fixes bug 10465.
2013-12-22 17:19:22 -05:00
Nick Mathewson
bbc85b18ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-21 21:16:06 -05:00
Nick Mathewson
b5d13d11c9 Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in
62fb209d83, I had a spurious ! in the
circuit_stream_is_being_handled loop.  This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.

Fixes bug 10456; bugfix on 0.2.4.12-alpha.
2013-12-21 10:15:09 -05:00
Nick Mathewson
b98c5884fc Merge remote-tracking branch 'linus/bug10324' 2013-12-20 11:40:21 -05:00
Nick Mathewson
85284c33d1 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-12-18 22:04:21 -05:00
Karsten Loesing
b7d8a1e141 Report complete directory request statistics on bridges.
When we wrote the directory request statistics code in August 2009, we
thought that these statistics were only relevant for bridges, and that
bridges should not report them.  That's why we added a switch to discard
relevant observations made by bridges.  This code was first released in
0.2.2.1-alpha.

In May 2012 we learned that we didn't fully disable directory request
statistics on bridges.  Bridges did report directory request statistics,
but these statistics contained empty dirreq-v3-ips and dirreq-v3-reqs
lines.  But the remaining dirreq-* lines have always been non-empty.  (We
didn't notice for almost three years, because directory-request statistics
were disabled by default until 0.2.3.1-alpha, and all statistics have been
removed from bridge descriptors before publishing them on the metrics
website.)

Proposal 201, created in May 2012, suggests to add a new line called
bridge-v3-reqs that is similar to dirreq-v3-reqs, but that is published
only by bridges.  This proposal is still open as of December 2013.

Since October 2012 we're using dirreq-v3-resp (not -reqs) lines in
combination with bridge-ips lines to estimate bridge user numbers; see
task 8462.  This estimation method has superseded the older approach that
was only based on bridge-ips lines in November 2013.  Using dirreq-v3-resp
and bridge-ips lines is a workaround.  The cleaner approach would be to
use dirreq-v3-reqs instead.

This commit makes bridges report the same directory request statistics as
relays, including dirreq-v3-ips and dirreq-v3-reqs lines.  It makes
proposal 201 obsolete.
2013-12-18 18:02:10 +01:00
Karsten Loesing
90f0358e3e Disable (Cell,Entry,ExitPort)Statistics on bridges
In 0.2.3.8-alpha we attempted to "completely disable stats if we aren't
running as a relay", but instead disabled them only if we aren't running
as a server.

This commit leaves DirReqStatistics enabled on both relays and bridges,
and disables (Cell,Entry,ExitPort)Statistics on bridges.
2013-12-18 18:01:25 +01:00
Nick Mathewson
7b87003957 Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG.  That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.

Thanks to coderman and rl1987 for diagnosing and tracking this down.
2013-12-18 11:53:07 -05:00
Nick Mathewson
f12d3fe9aa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-17 13:54:02 -05:00
Nick Mathewson
561d9880f8 Merge branch 'bug10423' into maint-0.2.4 2013-12-17 13:53:11 -05:00
Nick Mathewson
adfcc1da4a Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/microdesc.c

Conflict because one change was on line adjacent to line where
01206893 got fixed.
2013-12-17 13:18:00 -05:00
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00
Linus Nordberg
129f26e959 Make tor-gencert create 2048 bit signing keys. 2013-12-12 17:39:22 +01:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
9c048d90b6 Merge remote-tracking branch 'public/bug10131_024' 2013-12-09 11:06:20 -05:00
Nick Mathewson
c56bb30044 Remove a check in channeltls.c that could never fail.
We were checking whether a 8-bit length field had overflowed a
503-byte buffer. Unless somebody has found a way to store "504" in a
single byte, it seems unlikely.

Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found
by David Fifield with STACK.
2013-12-09 11:02:34 -05:00
David Fifield
b600495441 Set CREATE_NO_WINDOW in tor_spawn_background.
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.

http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW

The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.

https://trac.torproject.org/projects/tor/ticket/9444#comment:30
2013-12-05 12:30:11 -05:00
Nick Mathewson
8f9c847fbf Restore prop198 behavior from 4677 patch
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.

Bug not in any released Tor.
2013-11-25 10:53:37 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
acd8c4f868 Avoid warning about impossible check for flags & 0
Fixes CID 743381
2013-11-22 12:42:05 -05:00
Nick Mathewson
23dae51976 Only update view of micrdescriptor pos if pos is fetchable.
It's conceivable (but probably impossible given our code) that lseek
could return -1 on an error; when that happens, we don't want off to
become -1.

Fixes CID 1035124.
2013-11-22 12:38:58 -05:00
Nick Mathewson
a7410c9199 Add checks to prevent memcmp(.,.,negative) in tests (CID 1064417) 2013-11-22 12:33:25 -05:00
Nick Mathewson
569dbcc615 Fix another unit test memory leak. CID1087949,CID1087950. 2013-11-22 12:27:41 -05:00
Nick Mathewson
7c76fd5a82 Fix a bunch of coverity-spotted unit test resource leaks
CIDs: 1130994, 1130993, 1130992, 1130991
2013-11-22 12:21:14 -05:00
Nick Mathewson
6f7eb7a0a5 Remove needless fd var from test. CID 1130989. 2013-11-22 12:16:17 -05:00
Nick Mathewson
6cbd17470d Handle unlikely negative time in tor_log_err_sigsafe
Coverity wants this; CID 1130990.
2013-11-22 12:14:11 -05:00
Nick Mathewson
647248729f Drop the MaxMemInQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
2013-11-20 12:13:30 -05:00
Nick Mathewson
e572ec856d Rename MaxMemInCellQueues to MaxMemInQueues 2013-11-20 12:12:23 -05:00
Nick Mathewson
a406f6d0f0 doxygen comments for 10169 code 2013-11-20 12:05:36 -05:00
Nick Mathewson
eabcab2b7c Count freed buffer bytes from buffers when oom-killing circuits.
Also, aggressively clear the buffers to try to make their bytes go
away fast rather than waiting for the close-marked-connection code
to get 'em.
2013-11-20 11:57:45 -05:00
Nick Mathewson
027f4c82eb Whitespace cleanup 2013-11-20 11:05:00 -05:00
Nick Mathewson
03da9be2f1 Merge remote-tracking branch 'sysrqb/bug9859_5' 2013-11-20 11:03:37 -05:00
Nick Mathewson
e7165659e0 Fix crypto/digests test 2013-11-18 13:33:29 -05:00
Nick Mathewson
a7c9d64fd6 Merge branch 'finish_prop157' 2013-11-18 13:27:06 -05:00
Nick Mathewson
ec9d88e5a2 Tweak #10162 documentation a bit 2013-11-18 13:26:58 -05:00
Nick Mathewson
3cdd7966d7 Add a _GNU_SOURCE definition to backtrace.c to fix compilation 2013-11-18 13:05:23 -05:00
Nick Mathewson
9025423471 Whoops -- add missing defined(). 2013-11-18 11:36:23 -05:00
Nick Mathewson
93c99508d2 Make header includes match declarations in pc_from_ucontext.m4
With any luck, this will clean up errors where we detect that
REG_{EIP,RIP} is present in autoconf, but when we go to include it,
it isn't there.
2013-11-18 11:34:15 -05:00
Nick Mathewson
adf2fa9b49 Fix compilation under openssl 0.9.8
It's not nice to talk about NID_aes_{128,256}_{ctr,gcm} when they
don't exist.

Fix on 84458b79a78ea7e26820bf0; bug not in any released Tor.
2013-11-18 11:25:07 -05:00
Nick Mathewson
bd25bda7c0 Remove 'struct timeval now' that was shadowing 'struct timeval now'.
This was a mistake in the merge commit 7a2b30fe16. It
would have made the CellStatistics code give completely bogus
results. Bug not in any released Tor.
2013-11-18 11:20:35 -05:00
Nick Mathewson
4b9ec85e47 Fix whitespace 2013-11-18 11:13:40 -05:00
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup.
Fixes ticket 10043; patch from Joshua Datko.
2013-11-18 11:12:24 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
c2dfae78d3 Refactor format_*_number_sigsafe to have a common implementation 2013-11-18 10:43:16 -05:00
Nick Mathewson
c3ea946839 Reseolve DOCDOC and XXXXs in backtrace.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
56e3f056e9 Tests for backtrace.c
These need to be a separate executable, since the point of backtrace.c
is that it can crash and write stuff.
2013-11-18 10:43:15 -05:00
Nick Mathewson
0cf234317f Unit tests for new functions in log.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
d631ddfb59 Make backtrace handler handle signals correctly.
This meant moving a fair bit of code around, and writing a signal
cleanup function.  Still pretty nice from what I can tell, though.
2013-11-18 10:43:15 -05:00
Nick Mathewson
ce8ae49c94 Improve new assertion message logging
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
91ec6f7269 Have the OOM handler also count the age the data in a stream buffer 2013-11-15 18:38:52 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
f6e07c158f Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha.  All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.

The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
2013-11-14 09:37:41 -05:00
Nick Mathewson
4aa9affec2 Fix test_cmdline_args to work with old openssl
If openssl was old, Tor would add a warning about its version in
between saying "no torrc found, using reasonable defaults" and
"configuration was valid".
2013-11-11 15:22:08 -05:00
Nick Mathewson
fc5a881bd3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-11-10 12:24:12 -05:00
Nick Mathewson
8bfa596c15 Fix two more DirServer mentions in log 2013-11-10 12:23:56 -05:00
Nick Mathewson
56ac75b265 Fix a wide line 2013-11-10 12:22:34 -05:00
Nick Mathewson
532f70a807 Change documentation DirServer->DirAuthority
We renamed the option, but we didn't actually fix it in the log
messages or the docs.  This patch does that.

For #10124.  Patch by sqrt2.
2013-11-10 12:21:23 -05:00
Nick Mathewson
940d286a74 Documentation and tests for 10060 2013-11-07 14:42:58 -05:00
rl1987
86cfc64d45 Implementing --allow-missing-torrc CLI option. 2013-11-07 14:26:05 -05:00
Nick Mathewson
1b8ceb83c9 Improved circuit queue out-of-memory handler
Previously, when we ran low on memory, we'd close whichever circuits
had the most queued cells. Now, we close those that have the
*oldest* queued cells, on the theory that those are most responsible
for us running low on memory, and that those are the least likely to
actually drain on their own if we wait a little longer.

Based on analysis from a forthcoming paper by Jansen, Tschorsch,
Johnson, and Scheuermann. Fixes bug 9093.
2013-11-07 12:15:30 -05:00
Nick Mathewson
12dc55f487 Merge branch 'prop221_squashed_024'
Conflicts:
	src/or/or.h
2013-11-01 10:28:01 -04:00
Nick Mathewson
5de88dda0a circuit_build_failed: distinguish "got DESTROY" case
Roger spotted this on tor-dev in his comments on proposal 221.

We etect DESTROY vs everything else, since arma likes network
timeout indicating failure but not overload indicating failure.
2013-11-01 10:04:48 -04:00
Nick Mathewson
0de71bf8eb Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2013-11-01 10:04:48 -04:00
Nick Mathewson
5cc155e02a Merge remote-tracking branch 'public/bug9645' into maint-0.2.4 2013-10-31 16:09:41 -04:00
Nick Mathewson
275ab61ad4 Appease make check-spaces 2013-10-31 14:45:20 -04:00
Nick Mathewson
9bcd93a364 Merge remote-tracking branch 'public/bug10063' 2013-10-31 14:43:20 -04:00
Nick Mathewson
761ee93c69 Add missing includes for circpathbias.h 2013-10-31 14:33:34 -04:00
Nick Mathewson
8f793c38fb Move other #9731 check to start of its functions
At arma's suggestion.  Looks like I missed this one.
2013-10-31 14:29:18 -04:00
Nick Mathewson
5cba0ddfc4 Make circpathbias and circuitbuild compile.
That was the tricky part
2013-10-31 14:28:49 -04:00
Nick Mathewson
b4ebf8421a Move pathbias functions into a new file.
Does not compile yet.  This is the "no code changed" diff.
2013-10-31 14:17:49 -04:00
Nick Mathewson
96f92f2062 Move #9731 checks to start of their functions
At arma's suggestion.
2013-10-31 14:10:23 -04:00
Nick Mathewson
702c0502cf Merge remote-tracking branch 'public/bug9731' 2013-10-31 14:09:18 -04:00
Nick Mathewson
db2c2a6909 Merge remote-tracking branch 'public/bug9731b' into maint-0.2.4 2013-10-31 14:08:28 -04:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
0e8ee795d9 Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4 2013-10-31 13:14:39 -04:00
Nick Mathewson
f6fee77375 Add some clarity and checks to cell_queue_append_packed_copy
It's not cool to have "circ may be NULL if use_stats false, but
otherwise we crash" as an undocumented API constraint. :)
2013-10-30 23:03:20 -04:00
Nick Mathewson
83d9d72bf3 Merge remote-tracking branch 'karsten/morestats5' 2013-10-30 22:53:05 -04:00
George Kadianakis
9e0ed8136a Fix an always-true assert in PT code. 2013-10-29 22:49:37 +00:00
Nick Mathewson
4b6f074df9 Merge remote-tracking branch 'public/bug5018'
Conflicts:
	src/or/entrynodes.c
2013-10-29 01:29:59 -04:00
David Fifield
2235d65240 Document that unneeded transports are ignored.
Suggested by Roger in
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:06:03 -04:00
David Fifield
e6e6c245c8 Simplify transport_is_needed.
By Roger at
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:05:57 -04:00
George Kadianakis
6f33dffec1 Only launch transport proxies that provide useful transports. 2013-10-29 01:05:56 -04:00
Karsten Loesing
2e0fad542c Merge branch 'morestats4' into morestats5
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.h
	src/or/control.c
	src/or/control.h
	src/or/or.h
	src/or/relay.c
	src/or/relay.h
	src/test/test.c
2013-10-28 12:09:42 +01:00
Karsten Loesing
e46de82c97 squash! Pass const uint64_t pointers, document array length.
Don't cast uint64_t * to const uint64_t * explicitly.  The cast is always
safe, so C does it for us.  Doing the cast explitictly can hide bugs if
the input is secretly the wrong type.

Suggested by Nick.
2013-10-28 10:48:18 +01:00
Nick Mathewson
7578606a22 Merge remote-tracking branch 'public/bug9934_nm' 2013-10-25 12:15:31 -04:00
Nick Mathewson
f249074e41 Merge remote-tracking branch 'Ryman/bug5605' 2013-10-25 12:03:42 -04:00
Nick Mathewson
4b8282e50c Log the origin address of controller connections
Resolves 9698; patch from "sigpipe".
2013-10-25 11:52:45 -04:00
Nick Mathewson
338bcad9e4 Make test_cmdline_args.py work with older pythons
I was using the assertIn() function on unit tests, which Python 2.7
introduced.  But we'd like to be able to run our unit tests on Pythons
from older operating systems.
2013-10-21 14:35:01 -04:00
Matthew Finkel
b36f93a671 A Bridge Authority should compute flag thresholds
As a bridge authority, before we create our networkstatus document, we
should compute the thresholds needed for the various status flags
assigned to each bridge based on the status of all other bridges. We
then add these thresholds to the networkstatus document for easy access.
Fixes for #1117 and #9859.
2013-10-21 17:49:33 +00:00
Nick Mathewson
71bd100976 DROPGUARDS controller command
Implements ticket 9934; patch from "ra"
2013-10-21 13:02:25 -04:00
Nick Mathewson
17d368281a Merge remote-tracking branch 'linus/bug9206_option' 2013-10-16 11:20:43 -04:00
Nick Mathewson
7f2415683a Merge remote-tracking branch 'asn/bug9651' 2013-10-14 11:43:33 -04:00
Roger Dingledine
a26a5794a3 Merge branch 'maint-0.2.4' 2013-10-12 10:48:30 -04:00
Roger Dingledine
8f9fb63cdb be willing to bootstrap from all three of our directory guards
Also fix a bug where if the guard we choose first doesn't answer, we
would try the second guard, but once we connected to the second guard
we would abandon it and retry the first one, slowing down bootstrapping.

The fix in both cases is to treat all our initially chosen guards as
acceptable to use.

Fixes bug 9946.
2013-10-12 10:42:27 -04:00
Nick Mathewson
d5f050111e Fix out-of-tree "make check-local" 2013-10-11 13:42:27 -04:00
Nick Mathewson
f308adf838 When possible, run the ntor python integration tests too 2013-10-11 13:21:42 -04:00
Nick Mathewson
187398318e When python is available, run the commandline unit tests from "make check" 2013-10-11 13:07:14 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
7ef9ecf6b3 Fix some whitespace; tighten the tests. 2013-10-11 12:51:07 -04:00
Nick Mathewson
6f9584b3fd Make --version, --help, etc incremement quiet level, never decrease it
Fixes other case of #9578
2013-10-11 12:32:59 -04:00
Nick Mathewson
3e3b9219ec Merge remote-tracking branch 'karsten/geoip-manual-update-oct2013' 2013-10-11 11:17:25 -04:00