Commit Graph

3175 Commits

Author SHA1 Message Date
Andrea Shepard
d97f43dc8b Fix formatting 2015-03-02 10:24:58 +00:00
Nick Mathewson
0dde4d6fa2 Merge remote-tracking branch 'yawning/bug14922' 2015-02-25 08:56:34 -05:00
Nick Mathewson
a9720b90f8 Fix whitespace from tor_x509_cert rename 2015-02-24 12:03:11 -05:00
Nick Mathewson
f253aef14f Mechanical rename: tor_cert_t -> tor_x509_cert_t 2015-02-24 12:03:10 -05:00
Nick Mathewson
d74a78c58a Merge branch 'bug14950_logs_squashed' 2015-02-23 13:04:03 -05:00
Nick Mathewson
21ac0cd2af Let AF_UNIX connections through the sandbox
Fixes bug 15003; bugfix on 0.2.6.3-alpha.
2015-02-23 12:35:20 -05:00
Nick Mathewson
7a1a0a4cd7 Merge remote-tracking branch 'public/bug14988_025' 2015-02-23 11:33:07 -05:00
Nick Mathewson
aeb38bbdce add another unused-var marker in backtrace.c for 14988 2015-02-23 11:32:04 -05:00
Nick Mathewson
8a9d86bf05 Merge remote-tracking branch 'public/bug11454_11457' 2015-02-20 01:08:12 -05:00
Nick Mathewson
251f6cfcd8 Quiet "caching debian-tor for debian-tor" notice 2015-02-19 12:30:34 -05:00
Yawning Angel
cbd26157c5 Remove tor_strclear(), and replace previous calls with memwipe(). 2015-02-17 18:53:33 +00:00
Nick Mathewson
0b46b08225 Check thread count for negative; realloc->reallocarray
CID 1268069
2015-02-17 08:46:11 -05:00
Nick Mathewson
5d2a23397a Fix a few coverity "Use after NULL check" warnings
Also remove the unit test mocks that allowed get_options() to be
NULL; that's an invariant violation for get_options().
2015-02-16 15:40:15 -05:00
Nick Mathewson
7117959199 Fix deadcode warning in get_interface_addresses_raw().
CID  1268070
2015-02-16 15:28:36 -05:00
Nick Mathewson
2af7bc5b46 Fix a trivial double-close in address.c. CID 1268071 2015-02-16 15:24:13 -05:00
Sebastian Hahn
424edd5710 Don't leak a cond var when starting threads in a pool 2015-02-15 11:21:54 +01:00
Nick Mathewson
5644d92dd7 Merge remote-tracking branch 'sebastian/bug14875' 2015-02-12 14:50:13 -05:00
Sebastian Hahn
c8ce973dc7 Avoid undefined behaviour in ifreq_to_smartlist
This could trigger where _SIZEOF_ADDR_IFREQ() might not return a
multiple of sizeof(void *). Fixes bug 14875; not in any released version
of Tor.
2015-02-12 14:56:47 +01:00
Sebastian Hahn
87a95b0236 Actually get all interface addresses
If we guessed a buffer size too small, we never increased the buffer and
tried again

Also simplify the interface of ifreq_to_smartlist a little
2015-02-12 14:54:39 +01:00
Nick Mathewson
99e915dbfe Merge remote-tracking branch 'public/bug14759' 2015-02-11 15:15:24 -05:00
Nick Mathewson
f5f6d13e4c Fix crash on glibc __libc_message()
__libc_message() tries to open /dev/tty with O_RDWR, but the sandbox
catches that and calls it a crash.  Instead, I'm making the sandbox
setenv LIBC_FATAL_STDERR_, so that glibc uses stderr instead.

Fix for 14759, bugfix on 0.2.5.1-alpha
2015-02-11 09:46:29 -05:00
Nick Mathewson
6f331645c7 Remove mempools and buf freelists
They have been off-by-default since 0.2.5 and nobody has complained. :)

Also remove the buf_shrink() function, which hasn't done anything
since we first stopped using contiguous memory to store buffers.

Closes ticket 14848.
2015-02-11 09:03:50 -05:00
Nick Mathewson
5c820def99 Merge remote-tracking branch 'sysrqb/bug14802_025' 2015-02-09 22:39:55 -08:00
Matthew Finkel
9ae321db66 Return 0 when detecting the amount of memory fails
Fixes bug 14802;  bugfix on 0.2.5.4-alpha.
2015-02-09 02:06:18 +00:00
Sebastian Hahn
6d8b614729 Avoid logging startup messages twice 2015-02-06 21:34:21 +01:00
Nick Mathewson
3f993dacc1 use ARRAY_LENGTH macro in domain_to_string 2015-02-05 11:01:13 -05:00
Yawning Angel
b330bdec8e Add a string representation for LD_SCHED, and a extra sanity check.
This both fixes the problem, and ensures that forgetting to update
domain_list in the future will trigger the bug codepath instead of
a NULL pointer deref.
2015-02-05 15:46:27 +00:00
Nick Mathewson
5c807f30e4 Add more parenthesis to the definition of ARRAY_LENGTH 2015-02-02 14:14:35 -05:00
Nick Mathewson
69deab8b2a Merge remote-tracking branch 'public/bug13319' 2015-02-02 10:25:25 -05:00
Nick Mathewson
e78b7e2776 Merge remote-tracking branch 'public/14188_part1' 2015-02-02 10:15:26 -05:00
David Goulet
2c41f12048 Fix: check r < 0 before checking errno
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 15:18:40 -05:00
David Goulet
51f793e37e Fix possible infinite loop on pipe/sock_drain()
If the returned value of read/recv is 0 (meaning EOF), we'll end up in an
infinite loop (active wait) until something is written on the pipe which is
not really what we want here especially because those functions are called
from the main thread.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 15:05:18 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Arthur Edelstein
cb714d896c Bug #8405: Report SOCKS username/password in CIRC status events
Introduces two new circuit status name-value parameters: SOCKS_USERNAME
and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
are escaped.

Example:

    650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"
2015-01-28 12:02:15 -05:00
Nick Mathewson
e9caa8645e Try to work around changes in openssl 1.1.0
Prefer not to use a couple of deprecated functions; include more
headers in tortls.c

This is part of  ticket 14188.
2015-01-28 10:00:58 -05:00
Nick Mathewson
420037dcef Merge branch 'if_addr_refactoring_squashed'
Conflicts:
	src/test/include.am
	src/test/test.c
2015-01-23 10:13:37 -05:00
rl1987
3966145dff Refactor code that looks up addresses from interfaces
Now the code has separate implementation and examination functions,
uses smartlists sanely, and has relatively decent test coverage.
2015-01-23 10:07:17 -05:00
Nick Mathewson
4a6b43bf76 fix some warnings in compat_threads.c 2015-01-22 14:22:39 -05:00
Nick Mathewson
1fb9979eb8 Move a redundant _GNU_SOURCE to where it is not redundant 2015-01-22 14:18:10 -05:00
Nick Mathewson
38b3f9a619 use the correct free fn. spotted by dgoulet 2015-01-21 14:54:38 -05:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
David Goulet
d684dbb0c7 Support monotonic time for pthread_cond_timedwait
This is to avoid that the pthread_cond_timedwait() is not affected by time
adjustment which could make the waiting period very long or very short which
is not what we want in any cases.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-21 14:29:12 -05:00
Nick Mathewson
3c8dabf69a Fix up some workqueue/threading issues spotted by dgoulet. 2015-01-21 12:26:41 -05:00
Nick Mathewson
ac5b70c700 handle EINTR in compat_*threads.c 2015-01-21 12:18:11 -05:00
Nick Mathewson
746bb55851 Ignore warning for redundant decl in openssl/srtp.h
Backports some commits from tor master.
2015-01-15 12:38:08 -05:00
Nick Mathewson
a52e549124 Update workqueue implementation to use a single queue for the work
Previously I used one queue per worker; now I use one queue for
everyone.  The "broadcast" code is gone, replaced with an idempotent
'update' operation.
2015-01-15 11:05:22 -05:00
George Kadianakis
45bc5a0743 Restrict sample values of the Laplace distribution to int64_t.
This helps avoid undefined behavior from casting big double values to
int64_t. Fixes #14090.
2015-01-15 14:43:58 +00:00
Nick Mathewson
051ad788e0 Incorporate some comments based on notes from dgoulet 2015-01-14 11:31:14 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
Nick Mathewson
cc6529e9bb Fix check-spaces 2015-01-14 11:19:35 -05:00
Nick Mathewson
e5f8c772f4 Test and fix workqueue_entry_cancel(). 2015-01-14 11:17:46 -05:00
Nick Mathewson
e47a90a976 "Recursive" locks, not "reentrant" locks. Duh. 2015-01-14 11:12:40 -05:00
Nick Mathewson
d69717f61b Use correct (absolute) time for pthread_cond_timedwait 2015-01-14 11:09:52 -05:00
Nick Mathewson
9fdc0d0594 Fix windows compilation of condition code 2015-01-14 11:09:51 -05:00
Nick Mathewson
d850ec8574 Fix linux compilation (pipe2 needs _GNU_SOURCE) 2015-01-14 11:09:51 -05:00
Nick Mathewson
c51f7c23e3 Test a little more of compat_threads.c 2015-01-14 11:05:56 -05:00
Nick Mathewson
3868b5d210 Rename mutex_for_cond -> mutex_nonreentrant
We'll want to use these for other stuff too.
2015-01-14 11:05:56 -05:00
Nick Mathewson
b2db3fb462 Documentation for new workqueue and condition and locking stuff 2015-01-14 11:05:54 -05:00
Nick Mathewson
4abbf13f99 Add a way to tell all threads to do something. 2015-01-14 11:01:21 -05:00
Nick Mathewson
51bc0e7f3d Isolate the "socketpair or a pipe" logic for alerting main thread
This way we can use the linux eventfd extension where available.
Using EVFILT_USER on the BSDs will be a teeny bit trickier, and will
require libevent hacking.
2015-01-14 11:01:19 -05:00
Nick Mathewson
c7eebe237d Make pending work cancellable. 2015-01-14 10:56:27 -05:00
Nick Mathewson
a82604b526 Initial workqueue implemention, with a simple test.
It seems to be working, but more tuning is needed.
2015-01-14 10:56:24 -05:00
Nick Mathewson
6c9363310a Specialize handling for mutexes allocated for condition variables
(These must not be reentrant mutexes with pthreads.)
2015-01-14 10:52:56 -05:00
Nick Mathewson
65016304d2 Add tor_cond_init/uninit 2015-01-14 10:49:59 -05:00
Nick Mathewson
e865248156 Add a timeout to tor_cond_wait; add tor_cond impl from libevent
The windows code may need some tweaks for it to compile; I've not
tested it yet.
2015-01-14 10:47:39 -05:00
Nick Mathewson
c2f0d52b7f Split threading-related code out of compat.c
Also, re-enable the #if'd out condition-variable code.

Work queues are going to make us hack on all of this stuff a bit more
closely, so it might not be a terrible idea to make it easier to hack.
2015-01-14 10:41:53 -05:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Nick Mathewson
2edfdc02a2 Merge remote-tracking branch 'teor/bug13111-empty-key-files-fn-empty' 2015-01-12 14:06:14 -05:00
Anthony G. Basile
8df35a0c88 src/common/compat_libevent.h: include testsupport.h
When tor is configured with --enable-bufferevents, the build fails
because compat_libevent.h makes use of the macro MOCK_DECL() which
is defined in testsupport.h, but not included.  We add the include.
2015-01-12 01:03:47 -05:00
Nick Mathewson
b2663298e9 Fix tortls.c build with GCC<4.6
apparantly, "pragma GCC diagnostic push/pop" don't exist with older versions.

Fixes bug in 740e592790f570c446cbb5e6d4a77f842f75; bug not in any
released Tor.
2015-01-10 17:31:48 -05:00
Nick Mathewson
740e592790 Ignore warning for redundant decl in openssl/srtp.h 2015-01-10 16:06:25 -05:00
Nick Mathewson
53ecfba284 Merge remote-tracking branch 'teor/fix-typos' 2015-01-10 16:00:12 -05:00
Nick Mathewson
ddfdeb5659 More documentation for proposal 227 work 2015-01-10 15:44:32 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
teor
5ac26cb7c7 Fix a minor misspelling in util.c 2015-01-10 15:52:55 +11:00
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75 Merge remote-tracking branch 'public/bug12985_025' 2015-01-07 11:55:50 -05:00
Nick Mathewson
cb54cd6745 Merge branch 'bug9286_v3_squashed' 2015-01-07 10:06:50 -05:00
Nick Mathewson
7984fc1531 Stop accepting milliseconds in various directory contexts
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in.  But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.

Fixes bug 9286.
2015-01-07 10:05:55 -05:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
6e689aed75 Fix a memory leak in tor-resolve
Resolves bug 14050
2014-12-30 12:35:01 -05:00
Nick Mathewson
b3b840443d Remove a logically dead check to please coverity 2014-12-30 12:10:30 -05:00
Nick Mathewson
d7ecdd645a Wipe all of the target space in tor_addr_{to,from}_sockaddr()
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it.  Let's make sure that doesn't happen.

Closes ticket 14041
2014-12-29 10:06:12 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
rl1987
28217b969e Adding comprehensive test cases for resolve_my_address.
Also, improve comments on resolve_my_address to explain what it
actually does.
2014-12-29 09:59:47 -05:00
rl1987
a56511e594 Fix a few comments 2014-12-29 09:59:14 -05:00
Nick Mathewson
d151a069e9 tweak whitespace; log bad socket family if bug occurs 2014-12-23 10:53:40 -05:00
Francisco Blas Izquierdo Riera (klondike)
cca6ed80bf Add the transparent proxy getsockopt to the sandbox
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.

This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.

This patch is released under the same license as the original file as
long as the author is credited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:36 -05:00
Nick Mathewson
0965bbd5ac Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-22 16:02:47 -05:00
Nick Mathewson
6d728ba880 Merge remote-tracking branch 'public/bug14013_024' into maint-0.2.5 2014-12-22 15:58:49 -05:00
Nick Mathewson
47760c7ba5 When decoding a base-{16,32,64} value, clear the target buffer first
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.

Prevents any fallout from bug 14013.
2014-12-22 12:56:35 -05:00
teor
e40591827e Make log bufer 10k, not 9.78k. 2014-12-21 13:36:06 -05:00
teor
769fc5af09 Fix a comment in tor_addr_parse 2014-12-21 13:35:42 -05:00
teor
6a9cae2e1d Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.
2014-12-20 22:20:54 +11:00
Nick Mathewson
357191a095 Define an int64_min when it is missing 2014-12-19 14:12:22 -05:00
Karsten Loesing
7cd53b75c1 Add better support to obfuscate statistics. 2014-12-10 11:16:26 +01:00
George Kadianakis
447ece46f5 Constify crypto_pk_get_digest(). 2014-12-02 12:15:11 +00:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
Nick Mathewson
9b11dc3617 Merge remote-tracking branch 'public/bug7484'
Conflicts:
	src/test/test_addr.c
2014-11-12 13:44:57 -05:00
Nick Mathewson
a3dafd3f58 Replace operators used as macro arguments with OP_XX macros
Part of fix for 13172
2014-11-12 13:28:07 -05:00
Nick Mathewson
2170171d84 Merge branch 'ticket13172' 2014-11-12 13:25:17 -05:00
rl1987
4b18d8931b Downgrade RSA signature verification failure error message to info loglevel. 2014-11-09 17:39:23 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
teor
ce7fd6e160 Stop crashing when a NULL filename is passed to file_status()
Stop crashing when a NULL filename is passed to file_status(),
instead, return FN_ERROR.
Also return FN_ERROR when a zero-length filename is passed to file_status().
Fixed as part of bug 13111.
2014-11-08 20:26:53 +11:00
Nick Mathewson
00f5909876 Define macros meaning <,>,==,!=,<=,>=
This lets us avoid putting operators directly in macro arguments,
and thus will help us unconfuse coccinelle.

For ticket 13172.
2014-11-06 11:21:13 -05:00
Nick Mathewson
8f645befba 11291: Fix warnings, add changes file, rename 'mask'. 2014-11-05 14:12:18 -05:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
Nick Mathewson
74cbd8d559 fix indentation 2014-11-04 00:46:32 -05:00
Nick Mathewson
254ab5a8de Use correct argument types for inet_pton.
(I blame whoever decided that using a void* for a union was a good
idea.)
2014-11-04 00:45:14 -05:00
rl1987
0da4ddda4f Checking if FQDN is actually IPv6 address string and handling that case. 2014-11-04 00:37:24 -05:00
rl1987
2f1068e68a Adding helper function that checks if string is a valid IPv6 address. 2014-11-04 00:37:21 -05:00
rl1987
e8e45ff13e Introducing helper function to validate IPv4 address strings. 2014-11-04 00:36:37 -05:00
rl1987
1ea9a6fd72 Introducing helper function to validate DNS name strings. 2014-11-04 00:35:43 -05:00
Nick Mathewson
5bcf952261 Check more thoroughly for unlogged OpenSSL errors 2014-11-02 13:04:44 -05:00
Nick Mathewson
a142fc29af Use tor_malloc_zero(x), not tor_calloc(x,sizeof(char))
(Also, fixes a wide line.)
2014-11-02 12:08:51 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
ded33cb2c7 Use the | trick to save a comparison in our calloc check. 2014-11-02 11:54:42 -05:00
Nick Mathewson
0d8abf5365 Switch to a < comparison for our calloc check; explain how it works 2014-11-02 11:54:42 -05:00
Mansour Moufid
81b452d245 Document the calloc function overflow check. 2014-11-02 11:54:42 -05:00
Mansour Moufid
06b1ef7b76 Remove a duplicate comment. 2014-11-02 11:54:42 -05:00
Mansour Moufid
3206dbdce1 Refactor the tor_reallocarray_ overflow check. 2014-11-02 11:54:42 -05:00
Mansour Moufid
aff6fa0b59 Refactor the tor_calloc_ overflow check. 2014-11-02 11:54:41 -05:00
Nick Mathewson
542b470164 Refactor {str,digest}map into a common implementation; add digest256map
Needed for #13399.
2014-10-31 10:54:12 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
teor
c9d0967dd9 Fix minor typos, two line lengths, and a repeated include 2014-10-23 02:57:11 +11:00
Nick Mathewson
653221e807 Merge remote-tracking branch 'public/bug11824_v2' 2014-10-22 11:01:50 -04:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
3826a88fc0 Merge remote-tracking branch 'teor/bug13476-improve-time-handling' 2014-10-21 13:14:27 -04:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
affa251c83 Use a macro to indicate "The ecdhe group we use by default".
This might make Coverity happier about the if statement where we
have a default case that's the same as one of the other cases. CID 1248515
2014-10-20 09:08:42 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
teor
d7b13543e2 Clamp (some) years supplied by the system to 1 CE
Clamp year values returned by system localtime(_r) and
gmtime(_r) to year 1. This ensures tor can read any
values it might write out.

Fixes bug 13476.
2014-10-20 02:47:31 +11:00
teor
238b8eaa60 Improve date validation in HTTP headers
Check all date/time values passed to tor_timegm
and parse_rfc1123_time for validity, taking leap
years into account.
Improves HTTP header validation.

Avoid unlikely signed integer overflow in tor_timegm
on systems with 32-bit time_t.
Fixes bug 13476.
2014-10-20 02:40:27 +11:00
teor
dd556fb1e6 Use correct day of year in correct_tm()
Set the correct day of year value in correct_tm() when the
system's localtime(_r) or gmtime(_r) functions fail to set struct tm.

Fixes bug 13476.
2014-10-20 02:32:05 +11:00
Nick Mathewson
33b399a7b2 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 09:09:20 -04:00
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
f1782d9c4c Clean whitespace in last patch. 2014-10-13 13:20:07 -04:00
teor
f51418aabc Avoid overflow in format_time_interval, create unit tests
Fix an instance of integer overflow in format_time_interval() when
taking the absolute value of the supplied signed interval value.
Fixes bug 13393.

Create unit tests for format_time_interval().
2014-10-12 20:50:10 +11:00
Nick Mathewson
90bce702ba Merge remote-tracking branch 'public/bug10816' 2014-10-09 10:57:19 -04:00
Nick Mathewson
bbffd0a018 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-03 19:58:25 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Andrea Shepard
5a07fb96f2 Make tor_libevent_get_base() mockable 2014-09-30 23:14:25 -07:00
Andrea Shepard
d438cf1ec9 Implement scheduler mechanism to track lists of channels wanting cells or writes; doesn't actually drive the cell flow from it yet 2014-09-30 22:48:24 -07:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
5190ec0bc4 Merge remote-tracking branch 'public/require_some_c99' 2014-09-26 11:06:41 -04:00
Nick Mathewson
6e7cbfc465 Avoid a "constant variable guards dead code" warning from coverity
Fixes CID 752028
2014-09-26 09:40:30 -04:00
Nick Mathewson
7c52a0555a Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.

Found by coverity; this is CID 1241500
2014-09-26 09:06:36 -04:00
Nick Mathewson
4e87b97872 Fix on that last fix. 2014-09-25 17:59:10 -04:00
Nick Mathewson
9190468246 Fix warnings on 32-bit builds.
When size_t is the most memory you can have, make sure that things
referring to real parts of memory are size_t, not uint64_t or off_t.

But not on any released Tor.
2014-09-25 17:50:13 -04:00
Nick Mathewson
1c5d680b3d Merge branch 'ed25519_ref10_squashed'
Conflicts:
	src/common/include.am
	src/ext/README
2014-09-25 15:11:34 -04:00
Nick Mathewson
46cda485bc Comments and tweaks based on review by asn
Add some documentation

Rename "derive" -> "blind"

Check for failure on randombytes().
2014-09-25 15:08:32 -04:00
Nick Mathewson
f0eb7ae79f More documentation for ed25519 stuff. 2014-09-25 15:08:31 -04:00
Nick Mathewson
25b1a32ef8 Draft implementation for ed25519 key blinding, as in prop224
This implementation allows somebody to add a blinding factor to a
secret key, and a corresponding blinding factor to the public key.

Robert Ransom came up with this idea, I believe.  Nick Hopper proved a
scheme like this secure.  The bugs are my own.
2014-09-25 15:08:31 -04:00
Nick Mathewson
4caa6fad4c Add curve25519->ed25519 key conversion per proposal 228
For proposal 228, we need to cross-certify our identity with our
curve25519 key, so that we can prove at descriptor-generation time
that we own that key.  But how can we sign something with a key that
is only for doing Diffie-Hellman?  By converting it to the
corresponding ed25519 point.

See the ALL-CAPS warning in the documentation.  According to djb
(IIUC), it is safe to use these keys in the ways that ntor and prop228
are using them, but it might not be safe if we start providing crazy
oracle access.

(Unit tests included.  What kind of a monster do you take me for?)
2014-09-25 15:08:31 -04:00
Nick Mathewson
ed48b0fe56 Support for writing ed25519 public/private components to disk.
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25 15:08:31 -04:00
Nick Mathewson
c75e275574 Add encode/decode functions for ed25519 public keys 2014-09-25 15:08:31 -04:00
Nick Mathewson
22760c4899 Restore the operation of extra_strong in ed25519_secret_key_generate 2014-09-25 15:08:31 -04:00
Nick Mathewson
006e6d3b6f Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
2014-09-25 15:08:31 -04:00
Nick Mathewson
9e43ee5b4c Fix API for ed25519_ref10_open()
This is another case where DJB likes sticking the whole signature
prepended to the message, and I don't think that's the hottest idea.

The unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
e0097a8839 Tweak ed25519 ref10 signing interface to use less space.
Unit tests still pass.
2014-09-25 15:08:31 -04:00
Nick Mathewson
87ba033cd5 Add Ed25519 support, wrappers, and tests.
Taken from earlier ed25519 branch based on floodyberry's
ed25519-donna.  Tweaked so that it applies to ref10 instead.
2014-09-25 15:08:20 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
3b7d0ed08e Use trunnel for crypto_pwbox encoding/decoding.
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.

This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401 Adjust pwbox format: use a random IV each time
Suggested by yawning
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f Use preferred key-expansion means for pbkdf2, scrypt.
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141 Tweak and expose secret_to_key_compute_key for testing
Doing this lets me pass in a salt of an unusual length.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47 Rudimentary-but-sufficient passphrase-encrypted box code.
See crypto_pwbox.c for a description of the file format.

There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
b0767e85b8 Tell autoconf to make the compiler act as c99
Apparently some compilers want extra switches.
2014-09-25 11:36:28 -04:00
Nick Mathewson
0ca8387246 Tweak address.c to use a little c99 syntax
Since address.c is the first file to get compiled, let's have it use
a little judicious c99 in order to catch broken compilers that
somehow make it past our autoconf tests.
2014-09-25 11:22:02 -04:00
Nick Mathewson
53a94c4b4b Clear up another clangalyzer issue
"The NULL pointer warnings on the return value of
tor_addr_to_in6_addr32() are incorrect. But clang can't work this
out itself due to limited analysis depth. To teach the analyser that
the return value is safe to dereference, I applied tor_assert to the
return value."

Patch from teor.  Part of 13157.
2014-09-15 13:52:13 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
284cc9a224 Avoid an overflow on negation in format_helper_exit_status
Part of 13104; patch from teor.
2014-09-11 00:00:13 -04:00
Nick Mathewson
d2463c0cfe Avoid overflows and underflows in sscanf and friends
(Patch from teor on 13104)
2014-09-10 23:57:31 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
6e2ef4bc5e Refactor the 'deliver a log message' logic to its own function. 2014-09-10 22:58:36 -04:00
Nick Mathewson
de114587f0 Turn log loop into a for loop, and "Does this lf want this" into a fn 2014-09-10 22:39:55 -04:00
Nick Mathewson
15a318b49a Refactor pending_cb_message_t into a type with proper functions
Also, rename it.
2014-09-10 22:35:16 -04:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
David Stainton
b59fd2efb6 Fix permissions logic 2014-09-04 22:21:30 +00:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
David Stainton
59e052b896 Remove HiddenServiceDirGroupReadable from or_options_t
...and also fix whitespace.
2014-09-03 17:22:15 +00:00
David Stainton
7203040835 Fix regression nickm pointed out 2014-09-03 03:53:32 +00:00
Nick Mathewson
a14c6cb70f Make iter for DECLARE_TYPED_DIGESTMAP_FNS be a pointer.
This fixes a clangalyzer warning, and makes our C slightly better C.
2014-09-02 15:40:04 -04:00
David Stainton
6e4efb559d Fix white space 2014-09-02 18:08:57 +00:00
Nick Mathewson
9b850f9200 Add more assertions to esc_for_log to please the clangalyzer. 2014-09-02 13:29:45 -04:00
Nick Mathewson
07a16b3372 Add an assertion to read_file_to_str_until_eof
The clangalyzer doesn't believe our math here.  I'm pretty sure our
math is right.  Also, add some unit tests.
2014-09-02 13:29:11 -04:00
Nick Mathewson
1a2f2c163f Explicitly initialize addresses in tor_ersatz_socketpair
This should stop a false positive from the clangalyzer.
2014-09-02 12:58:32 -04:00
Nick Mathewson
57c48bf734 Apply the MALLOC_ZERO_WORKS fixup to tor_realloc as well.
Also, make MALLOC_ZERO_WORKS never get applied when clang analyzer is
running.  This should make the clangalyzer a little happier.
2014-09-02 12:55:20 -04:00
Nick Mathewson
00ffccd9a6 Another clang analyzer complaint wrt HT_GENERATE
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
David Stainton
6b9016fe3c Correct check_private_dir's dir mode
This commit attempts to satisfy nickm's comment on check_private_dir() permissions:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12
"""check_private_dir() ensures that the directory has bits 0700 if CPD_CHECK_MODE_ONLY is not set. Shouldn't it also ensure that the directory has bits 0050 if CPD_CHECK_MODE_ONLY is not set, and CPD_GROUP_READ is set?"""
2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
dana koch
c887e20e6a Introduce full coverage tests for module routerset.c.
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
e72a5b3c07 Move secret-to-key functionality into a separate module
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
72ba1739e2 Fix another memory leak case in sandbox.c:prot_strings()
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c Use the ARRAY_LENGTH macro more consistently. 2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d Remove the non-implemented versions of the sandbox _array() functions 2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
523587a5cf fix memory leak on failure in sandbox.c:prot_strings()
[CID 1205014]
2014-08-21 11:40:48 -04:00
Nick Mathewson
35b2e11755 Store sandbox params as char *, since that's what they are.
This allows coverity to infer that we aren't leaking them.

[Fixes a lot of CIDs]
2014-08-21 11:22:42 -04:00
Nick Mathewson
917e1042f7 Suppress coverity warning about overflowing in safe_mem_is_zero
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 11:22:42 -04:00
Nick Mathewson
7bc25b5a78 Avoid performing an assert on an always-true value
This was freaking out coverity.

[CID 743379]
2014-08-21 11:22:42 -04:00
Nick Mathewson
c43e45d0ea Suppress coverity warning about overflowing in tor_memeq.
The unsigned underflow here is defined and intentional.

CID 202482
2014-08-21 10:44:13 -04:00
Nick Mathewson
0de7565dfd Check return values for fcntl in tor_spawn_background.
[CID 718609]
2014-08-21 10:38:19 -04:00
Nick Mathewson
2cf229ab60 Make the two branches of tor_tls_used_v1_handshake into one.
(Coverity thinks that "if (a) X; else X;" is probably a bug.)

[Coverity CID 1232086]
2014-08-21 10:12:54 -04:00
Nick Mathewson
7c61d10c6c Fix return value of tor_fd_seekend.
Previously, we had documented it to return -1 or 0, when in fact
lseek returns -1 or the new position in the file.

This is harmless, since we were only checking for negative values
when we used tor_fd_seekend.
2014-08-20 13:49:25 -04:00
Nick Mathewson
a32913d5aa Allow named pipes for our log files.
Closes ticket 12061. Based on a patch from "carlo von lynX" on tor-dev at
  https://lists.torproject.org/pipermail/tor-dev/2014-April/006705.html
2014-08-20 13:45:16 -04:00
Nick Mathewson
fb762f6db0 Merge remote-tracking branch 'public/bug11787' 2014-08-20 13:34:02 -04:00
Nick Mathewson
4570805efd Fix whitespace issues 2014-08-13 10:42:20 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00
Nick Mathewson
19b137bc05 Add reallocarray clone so we can stop doing multiply-then-reallocate 2014-08-13 10:39:56 -04:00
Nick Mathewson
1b551823de Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Nick Mathewson
a36cd51b59 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-17 11:34:33 +02:00
Nick Mathewson
f6a776d915 Merge remote-tracking branch 'public/bug12602_024' into maint-0.2.5 2014-07-17 11:32:16 +02:00
Nick Mathewson
66798dfdc0 Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression.  Patch from
dhill, who attributes it to "OpenBSD".  Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
2014-07-17 11:25:56 +02:00
Nick Mathewson
8c7fbdf3af fix a c99-ism 2014-07-16 15:30:14 +02:00
Nick Mathewson
867f5e6a76 Add a tor_ftruncate to replace ftruncate.
(Windows doesn't have ftruncate, and some ftruncates do not move the
file pointer to the start of the file.)
2014-07-16 13:58:55 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
58f4200789 Thread support is now required
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.

This resolves tickets 9495 and 12439.  It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
2014-06-20 10:20:10 -04:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
dd362b52f3 whitespace fixes 2014-06-16 15:18:02 -04:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
e2e588175e New testing-only tor_sleep_msec function
In the unit tests I want to loop with a delay, but I want less than
a 1 second delay.  This, sadly, requires compatibility code.
2014-06-14 11:40:27 -04:00
Nick Mathewson
34f8723dc7 On Windows, terminate processes by handle, not pid
When we create a process yourself with CreateProcess, we get a
handle to the process in the PROCESS_INFO output structure.  But
instead of using that handle, we were manually looking up a _new_
handle based on the process ID, which is a poor idea, since the
process ID might refer to a new process later on, but the handle
can't.
2014-06-14 11:40:27 -04:00
Nick Mathewson
f8344c2d28 Use waitpid code to learn when a controlled process dies
This lets us avoid sending SIGTERM to something that has already
died, since we realize it has already died, and is a fix for the
unix version of #8746.
2014-06-14 11:40:27 -04:00