Commit Graph

27788 Commits

Author SHA1 Message Date
Nick Mathewson
c1bb8836ff Protover tests: disable some obsoleted tests
These were meant to demonstrate old behavior, or old rust behavior.

One of them _should_ work in Rust, but won't because of
implementation details.  We'll fix that up later.
2018-03-01 16:05:17 -05:00
Nick Mathewson
c5295cc1be Spec conformance on protover: always reject ranges where lo>hi 2018-03-01 16:05:17 -05:00
Nick Mathewson
1fe0bae508 Forbid UINT32_MAX as a protocol version
The C code and the rust code had different separate integer overflow
bugs here.  That suggests that we're better off just forbidding this
pathological case.

Also, add tests for expected behavior on receiving a bad protocol
list in a consensus.

Fixes another part of 25249.
2018-03-01 16:05:17 -05:00
Nick Mathewson
8b405c609e Forbid "-0" as a protocol version.
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
2018-03-01 16:05:17 -05:00
Nick Mathewson
0953c43c95 Add more of Teor's protover tests.
These are as Teor wrote them; I've disabled the ones that don't pass
yet, with XXXX comments.
2018-03-01 16:05:17 -05:00
Nick Mathewson
d3a1bdbf56 Add some protover vote round-trip tests from Teor.
I've refactored these to be a separate function, to avoid tricky
merge conflicts.

Some of these are disabled with "XXXX" comments; they should get
fixed moving forward.
2018-03-01 16:05:17 -05:00
Nick Mathewson
a83650852d Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly
signed consensus, so it's not as bad as 25074.

Fixes bug 25251; also tracked as TROVE-2018-004.
2018-03-01 16:05:17 -05:00
Nick Mathewson
65f2eec694 Correctly handle NULL returns from parse_protocol_list when voting.
In some cases we had checked for it, but in others we had not.  One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.

Fixes TROVE-2018-001.
2018-03-01 16:05:17 -05:00
Taylor Yu
09484b9449 Document how to allow partial Travis failures
Add some commented-out allow_failures clauses to make it easier to
temporarily allow less-critical sub-builds to fail while still
reporting success.
2018-03-01 13:18:33 -06:00
Nick Mathewson
d489e4847b Fix a variable name in tor-rust-dependencies 2018-02-21 11:55:25 -05:00
Nick Mathewson
d2bdb54d37 Wrap GettingStartedRust.md to 72 columns. 2018-02-21 11:55:07 -05:00
Nick Mathewson
bcfb034957 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-21 11:53:50 -05:00
Nick Mathewson
8a5cb58ad0 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-02-21 11:53:50 -05:00
Nick Mathewson
ac1942ac58 Update the .gitmodules to refer to project-level tor-rust-dependencies
Closes most of #25323.
2018-02-21 11:53:04 -05:00
Nick Mathewson
6384d314fb Merge branch 'maint-0.3.2' into maint-0.3.3
"ours" merge to avoid taking 24902 a second time and having to reconcile
all the merge conflicts.
2018-02-16 09:55:41 -05:00
Nick Mathewson
bd71e0a0c8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-16 09:54:13 -05:00
Nick Mathewson
2bcd264a28 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-16 09:48:11 -05:00
Nick Mathewson
cb92d47dec Merge remote-tracking branch 'dgoulet/ticket24902_029_05' into maint-0.2.9 2018-02-16 09:41:06 -05:00
Nick Mathewson
9f1899fdfd Merge branch 'maint-0.3.2' into maint-0.3.3 2018-02-16 08:49:08 -05:00
Nick Mathewson
c67adddacb Remove changes file for 24898-029 backports in maint-0.3.2
These patches were already merged, and so don't need a changes file
in these branches.
2018-02-16 08:48:46 -05:00
Nick Mathewson
8970058af6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-02-16 08:47:41 -05:00
Nick Mathewson
c8b087d901 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-16 08:47:41 -05:00
Nick Mathewson
3930ffdf63 Merge branch 'maint-0.2.9' into maint-0.3.1
"ours" merge to avoid conflicts with the cherry-picked fix for 24898.
2018-02-16 08:47:12 -05:00
Roger Dingledine
d21e5cfc24 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.

[Cherry-picked]
2018-02-16 08:46:57 -05:00
Roger Dingledine
2b99350ca4 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
2018-02-16 08:46:31 -05:00
Roger Dingledine
8d5dcdbda2 backport to make channel_is_client() accurate
This commit takes a piece of commit af8cadf3a9 and a piece of commit
46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.
2018-02-16 08:39:10 -05:00
Nick Mathewson
d662d4470a Merge remote-tracking branch 'dgoulet/ticket24343_033_01' into maint-0.3.3 2018-02-15 21:05:08 -05:00
Nick Mathewson
799c82be70 Merge remote-tracking branch 'isis/bug25171' into maint-0.3.3 2018-02-15 20:32:57 -05:00
Isis Lovecruft
5f7d78ce2a
tests: Remove duplicate included header file in src/test/test.c.
* FIXES #25271: https://bugs.torproject.org/25271
2018-02-16 01:19:12 +00:00
Nick Mathewson
744399ea78 Merge branch 'protover_rust_compat_v3' 2018-02-15 20:00:33 -05:00
Nick Mathewson
5af03c1ef3 rust protover: match the C implementation on empty-str cases
Empty versions lists are permitted; empty keywords are not.
2018-02-15 19:08:52 -05:00
Nick Mathewson
b58a2febe3 Forbid u32::MAX as a protover range element in rust
Part of the 25249 fix to make rust match the C.
2018-02-15 19:07:38 -05:00
Nick Mathewson
f69510ba4b Rust protover compat: forbid more than MAX_VERSIONS_TO_EXPAND in a range
Also correct MAX_VERSIONS_TO_EXPAND to match the C.

NOTE that this patch leads to incorrect behavior: the C code allows
huge ranges; it just doesn't allow votes on them (currently).  For
full compatibility, we'll need to make the rust code store ranges as
ranges natively, possibly using something like the range_map crate.

Still, this patch is smaller than a "proper" fix.

Fixes TROVE-2018-003.
2018-02-15 19:07:25 -05:00
Nick Mathewson
f6a230ec95 Merge remote-tracking branch 'mikeperry/bug24769' 2018-02-14 10:03:14 -05:00
Nick Mathewson
9e566f3a72 Merge branch 'tests_rust' 2018-02-13 18:12:01 -05:00
Nick Mathewson
17c6de2493 Merge branch 'maint-0.3.2' 2018-02-13 16:55:34 -05:00
Nick Mathewson
cb9a322b67 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-13 16:55:19 -05:00
Nick Mathewson
f647035b37 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-13 16:55:18 -05:00
Taylor Yu
f0ed7895ca fix make check-changes 2018-02-13 15:07:55 -06:00
Nick Mathewson
86f461e362 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-13 15:00:43 -05:00
David Goulet
e7f6314782 Make check-changes happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 14:56:31 -05:00
David Goulet
9cf8d669fa man: Document default values if not in the consensus for DoS mitigation
Fixes #25236

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 14:21:47 -05:00
David Goulet
b60ffc5ce0 Merge remote-tracking branch 'dgoulet/bug25223_029_01' into ticket24902_029_05 2018-02-13 13:11:10 -05:00
David Goulet
305e39d0f8 dos: Add extra safety asserts in cc_stats_refill_bucket()
Never allow the function to set a bucket value above the allowed circuit
burst.

Closes #25202

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:41:21 -05:00
David Goulet
4fe4f8179f dos: Don't set consensus param if we aren't a public relay
We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.

Fixes #25223

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:35:41 -05:00
Nick Mathewson
412a8256a5 Remove 25170 changes file from master: it was already merged in 0.3.3.2-alpha 2018-02-13 08:51:29 -05:00
Nick Mathewson
b062730a11 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-13 08:50:59 -05:00
Nick Mathewson
5e3c545af7 Merge branch 'maint-0.3.2' 2018-02-13 08:50:59 -05:00
Nick Mathewson
17a923941a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-13 08:50:58 -05:00
David Goulet
e658dad625 dirserv: Improve returned message when relay is rejected
Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.

Fixes #25170

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 08:47:42 -05:00