nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 13:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,960 Commits 53 Branches 630 Tags 125 MiB
aae570b493
Commit Graph

10349 Commits

Author SHA1 Message Date
Nick Mathewson
edcc9981d8 Try to use smartlist_add_asprintf consistently 
(To ensure correctness, in every case, make sure that the temporary
variable is deleted, renamed, or lowered in scope, so we can't have
any bugs related to accidentally relying on the no-longer-filled
variable.)
 2012-01-16 15:02:51 -05:00
Nick Mathewson
9c6d913b9e Rename smartlist_{v,}asprintf_add to smartlist_add_{v,}asprintf 2012-01-16 15:01:54 -05:00
Sebastian Hahn
88698993a9 check-spaces fix 2012-01-16 14:50:13 -05:00
Nick Mathewson
125fba2e99 Provide consensus params to constrain the threshold for Fast 
resolves ticket 3946
 2012-01-16 14:50:13 -05:00
Nick Mathewson
1810db9bb3 Comment fixups on 4207 suggested by arma 2012-01-16 14:45:12 -05:00
Nick Mathewson
938531773a Allow authorities to baddir/badexit/invalid/reject nodes by cc 
Implements ticket #4207
 2012-01-13 12:28:47 -05:00
George Kadianakis
39850f03f6 Improve names of some pluggable transport-related functions. 2012-01-13 16:44:30 +02:00
Robert Ransom
fbd243a165 Don't crash when HS circs which have not yet found an OR conn time out 
Fixes bug #4897, not yet in any release.

Using n_circ_id alone here (and below, when n_conn is NULL) really sucks,
but that's a separate bug which will need a changes/ file.
 2012-01-12 19:21:39 -08:00
Nick Mathewson
2cddd1d69f Move logging of bad hostnames into parse_extended_hostname 
This fixes bug 3325, where a bad .exit would get logged as a bad .onion
 2012-01-11 15:56:14 -05:00
Nick Mathewson
411cf8f714 Make openssl 0.9.8l log message accurate 
fixes 4837
 2012-01-11 15:41:46 -05:00
Nick Mathewson
b8675e5fe3 Do not pretend to allow PADDING as the first cell of a v3 handshake 2012-01-11 12:34:28 -05:00
Nick Mathewson
f54a10caa6 Merge branch 'prop187_squashed' 2012-01-11 12:27:14 -05:00
Nick Mathewson
fa83397ecd Fix a missing iso_time_nospace_usec 
Apparently I missed a case when converting sec,usec to
yyyy-mm-ddThh:mm:ss.uuuuuu .
 2012-01-11 12:23:43 -05:00
Nick Mathewson
f729e1e984 Merge branch 'feature3457-v4-nm-squashed' 
Conflicts:
	src/or/rendclient.c
 2012-01-11 12:10:14 -05:00
Nick Mathewson
b5af456685 Use spaceless ISO8601 time format, not sec,usec. 2012-01-11 12:08:01 -05:00
Nick Mathewson
3826e058ac Implement proposal 187: reserve a cell type for client authorization 
This needs a changes file and more testing.
 2012-01-11 11:10:18 -05:00
Nick Mathewson
ce703bd53e defensive programming to catch duplicate calls to connection_init_or_handshake_state 2012-01-11 11:10:17 -05:00
Nick Mathewson
f371816209 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-11 11:07:37 -05:00
Nick Mathewson
0126150c2d Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-11 11:07:13 -05:00
Nick Mathewson
8d5c0e58ea Fix a compilation warning for our bug4822 fix on 64-bit linux 2012-01-11 11:06:31 -05:00
Nick Mathewson
c5b58df775 Add clarity/typesafety wrappers for control_event_circuit_status_minor 2012-01-11 10:28:20 -05:00
Nick Mathewson
0e911abf27 Rename CIRC2 to CIRC_MINOR 
Also give the arguments to control_event_circuit_status_minor real
names.
 2012-01-11 10:19:24 -05:00
Nick Mathewson
fe4811471d Chop out the intro point calculation until it is simple enough for nickm to grok 2012-01-10 19:20:00 -05:00
Robert Ransom
31d6350737 Use my original formula for number of replacements for an intro point 
A fixup commit which was intended to make this formula easier to read
broke it instead.
 2012-01-10 19:20:00 -05:00
Nick Mathewson
5e9d349979 Merge remote-tracking branch 'public/bug4650_nm_squashed' 2012-01-10 17:59:49 -05:00
Nick Mathewson
73d4dbe103 whitespace and warning fixes for bug4746 2012-01-10 16:53:37 -05:00
Nick Mathewson
7fbf1e225e Merge remote-tracking branch 'asn-mytor/bug4746' 2012-01-10 16:44:03 -05:00
Nick Mathewson
8d74fba651 Merge branch 'absolute_cookie_file' 2012-01-10 15:00:02 -05:00
Nick Mathewson
dca3c9fff8 Add missing documentation for counter-mode checks 2012-01-10 11:15:46 -05:00
Nick Mathewson
cc5c14b732 Clean up indentation in aes.c 2012-01-10 11:15:42 -05:00
Nick Mathewson
d29a390733 Test for broken counter-mode at runtime 
To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode.
But Fedora (and maybe others) lie about the actual OpenSSL version,
so we can't trust the header to tell us if it's safe.

Instead, let's do a run-time test to see whether it's safe, and if
not, use our built-in version.

fermenthor contributed a pretty essential fixup to this patch. Thanks!
 2012-01-10 11:15:35 -05:00
Nick Mathewson
5741aef3dc We no longer need to detect openssl without RAND_poll() 
We require openssl 0.9.7 or later, and RAND_poll() was first added in
openssl 0.9.6.
 2012-01-10 10:40:31 -05:00
Nick Mathewson
85c7d7659e Add macros to construct openssl version numbers 
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
 2012-01-10 10:40:30 -05:00
Sebastian Hahn
6b9298ef72 Log which votes we still need to fetch 
This might help us see which authorities are problematic in getting
their vote published the first time.
 2012-01-10 16:13:30 +01:00
Sebastian Hahn
50a50392b7 Advertise dirport if accountingmax is large enough 
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
 2012-01-10 09:59:36 -05:00
Nick Mathewson
2a9b279163 Merge remote-tracking branch 'rransom-tor/bug4883' 2012-01-10 09:33:55 -05:00
Robert Ransom
72ed4a41f5 Fix brown-paper-bag bug in #4759 fix 
Fixes #4883, not yet in any release.
 2012-01-09 22:03:04 -08:00
Sebastian Hahn
2367f7e559 Make sure MAX_DNS_LABEL_SIZE is defined 
MAX_DNS_LABEL_SIZE was only defined for old versions of openssl, which
broke the build. Spotted by xiando. Fixes bug 4413; not in any released
version.
 2012-01-10 06:14:35 +01:00
Nick Mathewson
b1ee1a719d Tweaks for bug4413 fix 
The thing that's limited to 63 bytes is a "label", not a hostname.

Docment input constraints and behavior on bogus inputs.

Generally it's better to check for overflow-like conditions before
than after.  In this case, it's not a true overflow, so we're okay,
but let's be consistent.

pedantic less->fewer in the documentation
 2012-01-09 19:14:51 -05:00
Stephen Palmateer
3fadc074ca Remove (untriggerable) overflow in crypto_random_hostname() 
Fixes bug 4413; bugfix on xxxx.

Hostname components cannot be larger than 63 characters.
This simple check makes certain randlen cannot overflow rand_bytes_len.
 2012-01-09 19:05:05 -05:00
Nick Mathewson
1e5d66997b Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 16:40:42 -05:00
Nick Mathewson
c78a314e95 Fix comment about TLSv1_method() per comments by wanoskarnet 2012-01-09 16:40:21 -05:00
Nick Mathewson
4e14ce4dba Report cookie file location as absolute in protocolinfo message 2012-01-09 13:20:48 -05:00
Nick Mathewson
838ec086be Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 12:22:29 -05:00
Nick Mathewson
6fd61cf767 Fix a trivial log message error in renservice.c 
Fixes bug 4856; bugfix on 0.0.6

This bug was introduced in 79fc5217, back in 2004.
 2012-01-09 12:21:04 -05:00
Nick Mathewson
d4de312b3c Merge remote-tracking branch 'rransom-tor/bug4842' 2012-01-09 11:59:08 -05:00
Roger Dingledine
ecdea4eeaf Merge branch 'maint-0.2.2' 2012-01-08 12:17:16 -05:00
Roger Dingledine
cc1580dbe0 when the consensus fails, list which dir auths were in or out 2012-01-08 12:14:44 -05:00
Roger Dingledine
04bf17c50c nickname, not identity fingerprint, will help more 2012-01-08 12:09:01 -05:00
Roger Dingledine
78e95b7b71 tell me who votes are actually for, not just where they're from 2012-01-08 10:03:46 -05:00
Roger Dingledine
1416dd47a9 add a note from wanoskarnet 
he disagrees about what the code that we decided not to use would do
 2012-01-08 09:03:03 -05:00
Roger Dingledine
19c372daf0 clean up a comment that confused arturo 2012-01-07 07:41:46 -05:00
Robert Ransom
b46a7ebb2b Don't remove rend cpath element from relaunched service-side rend circs 
Fixes bug 4842, not in any release.
 2012-01-06 22:44:20 -08:00
Emile Snyder
d7eaa4b396 Change to use SSL_state_string_long() instead of homebrew ssl_state_to_string() function. 2012-01-06 05:31:34 -08:00
Nick Mathewson
ef69f2f2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-05 14:16:30 -05:00
Robert Ransom
4752b34879 Log at info level when disabling SSLv3 2012-01-05 12:28:56 -05:00
Nick Mathewson
db78fe4589 Disable SSLv3 when using a not-up-to-date openssl 
This is to address bug 4822, and CVE-2011-4576.
 2012-01-05 12:28:55 -05:00
Roger Dingledine
9bfb8af265 Merge branch 'maint-0.2.2' 2012-01-05 06:55:34 -05:00
Roger Dingledine
a1074c7aa2 Merge branch 'maint-0.2.1' into maint-0.2.2 2012-01-05 06:45:28 -05:00
Roger Dingledine
ff03347579 note some dead code. if i'm right, should this be removed? 2012-01-05 05:37:06 -05:00
Karsten Loesing
1db1b23a7b Update to the January 2012 GeoIP database. 2012-01-05 11:10:57 +01:00
Sebastian Hahn
98959f63ac Disallow disabling DisableDebuggerAttachment on runnning Tor 
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
 2012-01-04 15:09:02 -05:00
Nick Mathewson
65420e4cb5 Merge remote-tracking branch 'rransom-tor/bug1297b-v2' 2012-01-04 13:50:24 -05:00
Robert Ransom
0bd53b8d87 Verbotify documentation comments for the #1297-fix flags 2012-01-04 09:37:49 -08:00
Nick Mathewson
47b7a27929 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-03 13:22:34 -05:00
Sebastian Hahn
5d9be49540 Fix a check-spaces violation in compat.c 
Also fix a comment typo
 2011-12-30 23:30:57 +01:00
Sebastian Hahn
d861b4cc9d Fix spelling in a controlsocket log msg 
Fixes bug 4803.
 2011-12-30 23:27:02 +01:00
Nick Mathewson
bfae41328e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 16:52:31 -05:00
Nick Mathewson
84bf8e3808 Merge remote-tracking branch 'public/bug4788' into maint-0.2.2 2011-12-28 16:50:45 -05:00
Nick Mathewson
9f06ec0c13 Add interface enumeration based on SIOCGIFCONF for older unixes 2011-12-28 16:34:16 -05:00
Nick Mathewson
5d44a6b334 Multicast addresses, if any were configured, would not be good if addrs 2011-12-28 16:34:16 -05:00
Nick Mathewson
aa529f6c32 Use getifaddrs, not connect+getsockname, to find our address 
This resolves bug1827, and lets us avoid freaking people out.
Later, we can use it to get a complete list of our interfaces.
 2011-12-28 16:34:16 -05:00
Nick Mathewson
e3a6493898 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 15:57:48 -05:00
Nick Mathewson
c563551eef Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346 Bug 4786 fix: don't convert EARLY to RELAY on v1 connections 
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
 2011-12-28 15:54:06 -05:00
Robert Ransom
2b189a222b Don't exit when marking a newly created _C_INTRODUCING circ for close 2011-12-28 09:02:14 -08:00
Nick Mathewson
9bcb187387 Authorities reject insecure Tors. 
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427.  Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339).
 2011-12-27 21:47:04 -05:00
Nick Mathewson
78f43c5d03 Require openssl 1.0.0a for using openssl's ctr-mode implementation 
Previously we required 1.0.0, but there was a bug in the 1.0.0 counter
mode. Found by Pascal. Fixes bug 4779.

A more elegant solution would be good here if somebody has time to code
one.
 2011-12-27 20:31:23 -05:00
Robert Ransom
836161c560 Add an option to close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9 Don't close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5 Add an option to close 'almost-connected' HS client circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
4b13c33c0c Don't close HS client circs which are 'almost connected' on timeout 2011-12-27 08:02:42 -08:00
Nick Mathewson
334a0513de Downgrade relay_early-related warning 2011-12-26 18:11:41 -05:00
Nick Mathewson
85d7811456 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-26 17:58:51 -05:00
Roger Dingledine
3aade2fab7 Merge remote-tracking branch 'nickm/prop110_v2' 2011-12-25 17:43:09 -05:00
Sebastian Hahn
da876aec63 Provide correct timeradd/timersup replacements 
Bug caught and patch provided by Vektor. Fixes bug 4778.t
 2011-12-25 23:19:08 +01:00
Robert Ransom
4c3a23b283 Look up the rend circ whose INTRODUCE1 is being ACKed correctly 
This change cannibalizes circuit_get_by_rend_query_and_purpose because it
had exactly one caller.
 2011-12-22 23:46:09 -08:00
Nick Mathewson
7cb804343b Merge remote-tracking branch 'rransom/feature2411-v4' 2011-12-22 10:51:39 -05:00
Nick Mathewson
782b7f49d8 Fix bug2571: warn on EntryNodes set and UseEntryGuards disabled 2011-12-22 10:31:52 -05:00
Kamran Riaz Khan
a1c1fc72d1 Prepend cwd for relative config file paths. 
Modifies filenames which do not start with '/' or '.' on non-Windows
platforms; uses _fullpath on Windows.
 2011-12-22 10:17:48 -05:00
Nick Mathewson
2710a96ba4 Allow prop110 violations if AllowNonearlyExtend is set in consensus 2011-12-22 10:12:49 -05:00
Nick Mathewson
847541ce5d Log what fraction of EXTEND cells have died for being non-early 2011-12-22 09:51:59 -05:00
Nick Mathewson
0187bd8728 Implement the last of proposal 110 
Reject all EXTEND requests not received in a relay_early cell
 2011-12-22 09:51:59 -05:00
Robert Ransom
66f77561c0 Mark each intro circ with the rend cookie sent in its INTRODUCE1 cell 
Needed by fix for #4759.
 2011-12-22 06:45:45 -08:00
Nick Mathewson
878a684386 Merge remote-tracking branch 'public/bug4697' 2011-12-22 09:45:26 -05:00
Nick Mathewson
8cdeaedf86 Convert a couple of char[256]s into sockaddr_storage 2011-12-21 11:23:13 -05:00
Nick Mathewson
f75660958c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-21 11:20:56 -05:00
Nick Mathewson
b5e6bbc01d Do not even try to keep going on a socket with socklen==0 
Back in #1240, r1eo linked to information about how this could happen
with older Linux kernels in response to nmap.  Bugs #4545 and #4547
are about how our approach to trying to deal with this condition was
broken and stupid.  Thanks to wanoskarnet for reminding us about #1240.

This is a fix for the abovementioned bugs, and is a bugfix on
0.1.0.3-rc.
 2011-12-21 11:19:41 -05:00
Nick Mathewson
14127f226d Merge remote-tracking branch 'asn-mytor/bug4531' 2011-12-20 14:40:16 -05:00
Nick Mathewson
26053bd7c9 Merge remote-tracking branch 'asn-mytor/bug4725_take2' 2011-12-20 14:28:31 -05:00
George Kadianakis
0cfdd88adb Don't call tor_tls_set_logged_address till after checking conn->tls. 
Fixes bug 4531.
 2011-12-20 19:21:15 +01:00
Nick Mathewson
ba1766bc3f Add explicit cast to make gcc happy 2011-12-20 11:19:57 -05:00
Nick Mathewson
4080ac9eee Merge branch 'bug3825b-v8-squashed' 2011-12-20 11:15:49 -05:00
Robert Ransom
dae000735e Adjust n_intro_points_wanted when a service's intro points are closed 2011-12-20 11:15:33 -05:00
Robert Ransom
46783eb6d7 Extract function to determine how many intros an intro point has handled 2011-12-20 11:15:31 -05:00
Nick Mathewson
e535c8a460 Tweak the haiku-support patches 2011-12-19 11:27:08 -05:00
Martin Hebnes Pedersen
d5e964731c Fixed build with GCC < 3.3 
Preprocessor directives should not be put inside the arguments
of a macro. This is not supported on older GCC releases (< 3.3)
thus broke compilation on Haiku (running gcc2).
 2011-12-19 11:27:08 -05:00
Martin Hebnes Pedersen
f783a326b8 -lm should not be hardcoded. 
On some platforms (Haiku/BeOS) libm lives in libcore.

Also added 'network' to the list of libraries to search for connect().
 2011-12-19 11:27:08 -05:00
George Kadianakis
d05bc02192 Add an informative header on the 'keys/dynamic_dh_params' file. 2011-12-19 16:06:22 +01:00
George Kadianakis
539cb627f7 Server transports should be instructed to bind on INADDR_ANY by default. 2011-12-18 13:21:58 +01:00
Nick Mathewson
e5e50d86ca Ignore all bufferevent events on a marked connection 
Bug 4697; fix on 0.2.3.1-alpha
 2011-12-17 14:06:10 -05:00
Nick Mathewson
37504b5efa Merge remote-tracking branch 'asn-mytor/bug4726' 2011-12-17 12:49:15 -05:00
Peter Palfrader
f6b19ac79c test_util_spawn_background_ok: fix expectation 
test_util_spawn_background_ok() hardcoded the expected value
for ENOENT to 2.  This isn't portable as error numbers are
platform specific, and particularly the hurd has ENOENT at
0x40000002.

Construct expected string at runtime, using the correct value
for ENOENT (closes: #4733).
 2011-12-17 12:21:51 -05:00
Nick Mathewson
663913e5ca Increment version in master to 0.2.3.10-alpha-dev 2011-12-16 12:09:42 -05:00
George Kadianakis
6d35f08e01 Doxygenize the file-level documentation of transports.c. 2011-12-16 11:01:56 +01:00
Nick Mathewson
1fbce83f8c Bump version to Tor 0.2.3.10-alpha 2011-12-15 12:04:52 -05:00
Nick Mathewson
e402edd960 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-15 11:32:49 -05:00
Nick Mathewson
562c974ee7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-15 11:28:44 -05:00
Nick Mathewson
9d0777839b Add a fix for the buf_pullup bug that Vektor reported 2011-12-15 11:28:24 -05:00
Robert Ransom
d688a40a0e Don't crash on startup of a dormant relay 
If a relay is dormant at startup, it will call init_keys before
crypto_set_tls_dh_prime.  This is bad.  Let's make it not so bad, because
someday it *will* happen again.
 2011-12-12 11:25:55 -08:00
Sebastian Hahn
e4cebb76c5 Fix compilation of natpmp-helper on non-windows 
Fixes a small oversight in 5dbfb1b3e0.
 2011-12-10 03:25:40 +01:00
Robert Ransom
59b5379424 Remove comment complaining that we try to attach all streams to circs 
It's inefficient, but the more efficient solution (only try to attach
streams aiming for this HS) would require far more complexity for a gain
that should be tiny.
 2011-12-09 11:28:42 -05:00
Robert Ransom
832bfc3c46 Clear stream-isolation state on rend circs if needed to attach streams 
Fixes bug 4655; bugfix on 0.2.3.3-alpha.
 2011-12-09 11:28:42 -05:00
Robert Ransom
7b6b2d5fb8 Refactor stream attachment in circuit_has_opened 
Put the 'try attaching streams, clear isolation state if possible, retry
attaching streams' loop in its own separate function, where it belongs.
 2011-12-09 11:28:33 -05:00
Roger Dingledine
7a76994d62 bump to 0.2.3.9-alpha-dev 2011-12-08 16:25:36 -05:00
Roger Dingledine
d65f6ceee1 bump to 0.2.3.9-alpha 2011-12-08 04:53:12 -05:00
Roger Dingledine
97bd03661c Merge remote-tracking branch 'sebastian/bug4672' 2011-12-08 04:45:59 -05:00
Roger Dingledine
ae07af564e paint bug2474's fix a different neon color 
this way people with 80-column logs may read more of the warning
 2011-12-08 04:41:56 -05:00
Roger Dingledine
630337e762 Merge branch 'maint-0.2.2' 2011-12-08 04:40:30 -05:00
Roger Dingledine
0582746e0d Merge branch 'maint-0.2.1' into maint-0.2.2 2011-12-08 04:40:15 -05:00
Karsten Loesing
ff2c9acbb3 Update to the December 2011 GeoIP database. 2011-12-08 09:55:44 +01:00
Sebastian Hahn
0f8026ec23 Some more check-spaces stuff 
This re-applies a check-spaces fix that was part of
7920ea55b8 and got reverted along with the
rest of that commit in df1f72329a.
 2011-12-08 08:47:09 +01:00
Nick Mathewson
71ecfaa52f indent; add comment 
This re-applies 40a87c4c08 which got
accidentally reverted in 75134c6c86.
Thanks asn for spotting this.
 2011-12-08 08:45:24 +01:00
Sebastian Hahn
ee8b4b4e6e appease check-spaces 
This re-applies f77f9bddb8 which got
accidentally reverted in 53f535aeb8.
Thanks asn for spotting this.
 2011-12-08 08:43:32 +01:00
Nick Mathewson
8bb853b2a2 Merge remote-tracking branch 'public/revert_4312' 2011-12-07 21:12:20 -05:00
Roger Dingledine
299034edf5 clarify a debug line 2011-12-07 18:12:11 -05:00
Nick Mathewson
0ebcf345ce Revert "Refactor the SSL_set_info_callback() callbacks." 
This reverts commit 69a821ea1c.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
9727d21f68 Revert "Detect renegotiation when it actually happens." 
This reverts commit 4fd79f9def.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
e09dd43ab3 Revert "Detect and deny excess renegotiations attempts." 
This reverts commit ecd239e3b5.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
021ff31ba6 Revert "Get rid of tor_tls_block_renegotiation()." 
This reverts commit 340809dd22.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
fa74af0cfa Revert "Also handle needless renegotiations in SSL_write()." 
This reverts commit e2b3527106.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
45c46129ed Revert "Fix issues pointed out by nickm." 
This reverts commit e097bffaed.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
616b60cef3 Revert "Use callback-driven approach to block renegotiations." 
This reverts commit 406ae1ba5a.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
53f535aeb8 Revert "appease check-spaces" 
This reverts commit f77f9bddb8.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a Revert "Refactor tor_event_base_once to do what we actually want" 
This reverts commit 7920ea55b8.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
3a17a1a62f Revert "Avoid a double-mark in connection_or_close_connection_cb" 
This reverts commit 633071eb3b.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
17880e4c0a Revert "Fix some wide lines in tortls.c" 
This reverts commit e8dde3aabd.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
e83e720c8b Revert "use event_free() wrapper; fix bug 4582" 
This reverts commit 9a88c0cd32.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
acc1806eb8 Revert "Don't schedule excess_renegotiations_callback unless it's set" 
This reverts commit 617617e21a.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
75134c6c86 Revert "indent; add comment" 
This reverts commit 40a87c4c08.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3 Revert "Make pending libevent actions cancelable" 
This reverts commit aba25a6939.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef Revert "Set renegotiation callbacks immediately on tls inititation" 
This reverts commit e27a26d568.
 2011-12-06 19:49:19 -05:00
Nick Mathewson
4f47db3280 Merge remote-tracking branch 'sebastian/coverity' 2011-12-05 11:56:03 -05:00
Nick Mathewson
15d99fe4eb Add comment about bug4651 fix 2011-12-05 11:29:43 -05:00
Sebastian Hahn
60c330a251 cid 432: Remove dead code if we don't handle a consensus 
Bugfix on 0.2.3.1, fixes the second half of bug 4637.
 2011-12-04 17:36:23 +01:00
Robert Ransom
f5730d4698 Don't send two ESTABLISH_RENDEZVOUS cells when opening a new rend circ 2011-12-03 22:06:50 -08:00
Nick Mathewson
682a85ff7c Don't just tell the controller "foo" on id mismatch 
Fixes bug 4169; bugfix on 0.2.1.1-alpha.
 2011-12-02 16:27:33 -05:00
Nick Mathewson
5303918091 Init conn->addr to "unspec" on cpuworker connections 
Fixes bug 4532 reported by "troll_un"
 2011-12-02 16:21:50 -05:00
Nick Mathewson
6171bdd105 Don't call tor_tls_set_logged_address till after checking conn->tls 
Fixes bug 4531; partial backport of e27a26d5.
 2011-12-02 16:15:52 -05:00
Nick Mathewson
d9edee3a3b Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-02 16:10:17 -05:00
Nick Mathewson
2b5a035604 tor_accept_socket() should take tor_addr_t for listener arg 
Fixes bug 4535; bugfix on 0.2.2.28-beta; found by "troll_un"
 2011-12-02 16:09:16 -05:00
Nick Mathewson
f78fc8cfb4 Give DirAllowPrivateAddress an explicit default 
By convention, we say whether each bool's default is 0 or 1

Fixes 4536; found by "troll_un"
 2011-12-02 16:04:18 -05:00
Nick Mathewson
cf14a520c8 Resolve bug 3448: remove mention of tor-ops (which is not in use) 2011-12-02 15:42:15 -05:00
Nick Mathewson
0920cd02f4 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-02 15:38:29 -05:00
Nick Mathewson
b7015603fa Fix bug 4530; check return val of tor_addr_lookup correctly 
Fix on 0.2.1.5-alpha; reported by troll_un
 2011-12-02 15:37:24 -05:00
Nick Mathewson
cd10013218 Merge remote-tracking branch 'sebastian/coverity_strlen_fp' 2011-12-02 00:24:33 -05:00
Sebastian Hahn
95af91565b Work around a false positive in Coverity. 
Fixes cid 501 and 502.
 2011-12-02 06:16:57 +01:00
Sebastian Hahn
c811b8f3a0 Appease check-spaces 2011-12-02 06:16:57 +01:00
Robert Ransom
5ffa7102c0 Don't segfault when checking whether a not-yet-used intro point should expire 
Found by katmagic.  Bugfix on the #3460 branch, not yet in any release.
 2011-12-01 15:26:45 -08:00
Linus Nordberg
c06c80b7f7 Fix warnings. 
Remove environ declaration.
Use ORPort->value.  And it's a string.
Make tmp a char *.
 2011-12-01 09:40:47 +01:00
Nick Mathewson
d106caaadc Add an initializer to appease older gcc 2011-11-30 18:08:07 -05:00
Murdoch@cl.cam.ac.uk
b0d3c6a878 Only define set_buffer_lengths_to_zero if bufferevents are enabled 
Otherwise, on Windows, gcc will warn about the function being unused
 2011-11-30 18:06:55 -05:00
Nick Mathewson
0530e80e5d Merge remote-tracking branch 'sjmurdoch/bug1983-port-tor-fw-helper-to-windows' 2011-11-30 17:51:01 -05:00
Steven Murdoch
a65212e371 Make file descriptor type an unsigned integer 
This avoids a warning from gcc (comparison between signed and unsigned
integer expressions [-Werror=sign-compare]), under Windows
 2011-11-30 22:04:14 +00:00
Nick Mathewson
d04f21bf39 Merge branch 'feature2553-v4-rebased' 2011-11-30 14:54:33 -05:00
Arturo Filastò
db648fe886 Add some more documentation 2011-11-30 14:54:15 -05:00
Robert Ransom
c90c33fd53 Turn off LearnCircuitBuildTimeout when tor2web mode is on 2011-11-30 14:54:15 -05:00
Robert Ransom
328c9582a9 Add ifdefs to disable assertion in connection_ap_handshake_send_begin 2011-11-30 14:54:15 -05:00
Robert Ransom
a364f88477 Add ifdefs to disable #3332 assertions 2011-11-30 14:54:15 -05:00
Robert Ransom
826f1d5b0a Use single-hop intro and rend circuits when in tor2web mode 2011-11-30 14:54:15 -05:00
Robert Ransom
29287ed0ed Perform single-hop HS desc fetches when in tor2web mode 2011-11-30 14:54:15 -05:00
Robert Ransom
ebf524b48b Don't allow tor2web-mode Tors to connect to non-HS addresses 
The client's anonymity when accessing a non-HS address in tor2web-mode
would be easily nuked by inserting an inline image with a .onion URL, so
don't even pretend to access non-HS addresses through Tor.
 2011-11-30 14:54:15 -05:00
Robert Ransom
5f3e6eb0b9 Warn loudly on startup and SIGHUP if Tor is built for a non-anonymous mode 2011-11-30 14:54:14 -05:00
Robert Ransom
543a36a55b Add a compile-time #define to control whether Tor runs in 'tor2web mode' 
The Tor2webMode torrc option is still required to run a Tor client in
'tor2web mode', but now it can't be turned on at runtime in a normal build
of Tor.  (And a tor2web build of Tor can't be used as a normal Tor client,
so we don't have to worry as much about someone distributing packages with
this particular pistol accessible to normal users.)
 2011-11-30 14:54:14 -05:00
Steven Murdoch
5dbfb1b3e0 Support NAT-PMP on Windows 
- Link in libws32 and libiphlpapi, needed for libnatpmp (both in
  ./configure and when compiling tor-fw-helper-natpmp.c)
- Define STATICLIB under Windows, to allow tor-fw-helper-natpmp.c to link
- Don't include arpa/inet.h which isn't present in Mingw32 and doesn't
  appear to be needed on either Windows or MacOS X
 2011-11-30 19:46:38 +00:00
Nick Mathewson
3b88b63826 Merge branch 'bug933_nm_rebased_v2' 
Conflicts:
	src/test/test.c
 2011-11-30 14:10:22 -05:00
Nick Mathewson
e8d598c4ac Tweak addressmap_rewrite a little more 
This resolves a loop warning on "MapAddress *.example.com
example.com", makes the rewrite log messages correct, and fixes the
behavior of "MapAddress *.a *.b" when just given "a" as an input.
 2011-11-30 14:08:11 -05:00
Nick Mathewson
66859e2d4a Fix an issue in my mapaddress domains code spotted by arma 
MapAddress *.torproject.org torproject.org would have been interpreted
as a map from a domain to itself, and would have cleared the mapping.
Now we require not only a match of domains, but of wildcards.
 2011-11-30 14:08:11 -05:00
Nick Mathewson
04c622d720 Add some post-comma spaces to please arma 
Incidentally, we've got 30969 lines in master with a comma
in them, of which 1995 have a comma followed by a non-newline,
non-space character.  So about 93% of our commas are right,
but we have a substantial number of "crowded" lines.
 2011-11-30 14:08:11 -05:00
Nick Mathewson
ff3eb8e023 Forbid remapping of * 
It might be nice to support this someday, but for now it would fail
with an infinite remap cycle.  (If I say "remap * *.foo.exit",
then example.com ->
     example.com.foo.exit ->
     example.com.foo.exit.foo.exit ->
     example.com.foo.exit.foo.exit.foo.exit -> ...)
 2011-11-30 14:08:11 -05:00
Nick Mathewson
69d16900aa Refactor addressmap_match_superdomains and representation of wildcards 
In this new representation for wildcarded addresses, there are no
longer any 'magic addresses': rather, "a.b c.d", "*.a.b c.d" and
"*.a.b *.c.d" are all represented by a mapping from "a.b" to "c.d". we
now distinguish them by setting bits in the addressmap_entry_t
structure, where src_wildcard is set if the source address had a
wildcard, and dst_wildcard is set if the target address had a
wildcard.

This lets the case where "*.a.b *.c.d" or "*.a.b c.d" remap the
address "a.b" get handled trivially, and lets us simplify and improve
the addressmap_match_superdomains implementation: we can now have it
run in O(parts of address) rather than O(entries in addressmap).
 2011-11-30 14:08:11 -05:00
Nick Mathewson
df0da3991c No new "LEGACY" tests allowed. 2011-11-30 14:08:10 -05:00
Nick Mathewson
54d262a728 Fix compilation: get_options() now returns const 2011-11-30 14:08:10 -05:00
Robert Hogan
53ce6bb52d Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:8 
1. Only allow '*.' in MapAddress expressions. Ignore '*ample.com' and '.example.com'.
       This has resulted in a slight refactoring of config_register_addressmaps.
    2. Add some more detail to the man page entry for AddressMap.
    3. Fix initialization of a pointer to NULL rather than 0.
    4. Update the unit tests to cater for the changes in 1 and test more explicitly for
       recursive mapping.
 2011-11-30 14:08:10 -05:00
Robert Hogan
909e9769ec Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:4 
1. Implement the following mapping rules:

   MapAddress a.b.c d.e.f # This is what we have now
   MapAddress .a.b.c d.e.f # Replaces any address ending with .a.b.c with d.e.f
   MapAddress .a.b.c .d.e.f # Replaces the .a.b.c at the end of any addr with .d.e.f

   (Note that 'a.b.c .d.e.f' is invalid, and will be rejected.)

2. Add tests for the new rules.

3. Allow proper wildcard annotation, i.e. '*.d.e' '.d.e' will still work.

4. Update addressmap_entry_t with an is_wildcard member.
 2011-11-30 14:08:10 -05:00
Robert Hogan
c6d8c6baaa bug933 - Match against super-domains in MapAddress 
Allow MapAddress to handle directives such as:

MapAddress .torproject.org .torserver.exit
MapAddress .org 1.1.1.1

Add tests for addressmap_rewrite.
 2011-11-30 14:08:10 -05:00
George Kadianakis
02708b7d80 Free the global DH parameters in crypto_global_cleanup(). 2011-11-30 13:17:47 -05:00
George Kadianakis
a708e85236 Move crypto_global_cleanup() to the bottom of crypto.c. 2011-11-30 13:17:39 -05:00
Nick Mathewson
29db095a35 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-30 12:41:08 -05:00