Commit Graph

1708 Commits

Author SHA1 Message Date
Nick Mathewson
b46353b793 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-09-16 12:46:50 -04:00
Karsten Loesing
13d192c1d8 Update to the September 2013 GeoIP database. 2013-09-10 15:00:06 +02:00
Nick Mathewson
4f3dbb3c0a use !cbt_disabled in place of LearnCBT to avoid needless circs
This would make us do testing circuits "even when cbt is disabled by
consensus, or when we're a directory authority, or when we've failed
to write cbt history to our state file lately." (Roger's words.)

This is a fix for 9671 and an improvement in our fix for 5049.
The original misbehavior was in 0.2.2.14-alpha; the incomplete
fix was in 0.2.3.17-beta.
2013-09-04 15:54:05 -04:00
Nick Mathewson
8611195a00 Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3 2013-08-25 00:32:27 -04:00
Nick Mathewson
2530c84220 Replace return with continue in update_consensus_networkstatus_downloads
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-22 10:00:37 -04:00
Nick Mathewson
940cef3367 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:28:58 -04:00
Nick Mathewson
64410cc888 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-08-12 09:44:36 -04:00
Karsten Loesing
41bf8fa889 Update to the August 2013 GeoIP database. 2013-08-12 15:26:36 +02:00
Nick Mathewson
0b9c515870 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-07-08 09:22:00 -04:00
Karsten Loesing
2a61b0dd6b Update to the July 2013 GeoIP database. 2013-07-08 10:21:28 +02:00
Nick Mathewson
c37fdc2eef Merge branch 'bug9063_redux_023_squashed' into maint-0.2.3 2013-06-18 10:16:47 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
Nick Mathewson
dc516a5436 Limit hidden service descriptors to at most 10 guard nodes.
Fixes bug 9002; bugfix on 0.1.1.11-alpha (which introduced guard
nodes), or on 0.0.6pre1 (which introduced hidden services).
2013-06-16 20:24:48 -04:00
Andrea Shepard
2a95f31716 Disable middle relay queue overfill detection code due to possible guard discovery attack 2013-06-15 02:16:00 -07:00
Andrea Shepard
4cce58d3c2 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:39:04 -07:00
Nick Mathewson
4835faebf5 Merge branch 'bug9017' into maint-0.2.3 2013-06-10 12:25:14 -04:00
Nick Mathewson
77a1935339 Fix (Open?)BSD fast-connect bug with optimistic data.
There's an assertion failure that can occur if a connection has
optimistic data waiting, and then the connect() call returns 0 on the
first attempt (rather than -1 and EINPROGRESS).  That latter behavior
from connect() appears to be an (Open?)BSDism when dealing with remote
addresses in some cases. (At least, I've only seen it reported with
the BSDs under libevent, even when the address was 127.0.0.1.  And
we've only seen this problem in Tor with OpenBSD.)

Fixes bug 9017; bugfix on 0.2.3.1-alpha, which first introduced
optimistic data. (Although you could also argue that the commented-out
connection_start_writing in 155c9b80 back in 2002 is the real source
of the issue.)
2013-06-10 12:14:49 -04:00
Nick Mathewson
fe689de084 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-06-05 11:22:02 -04:00
Karsten Loesing
d34753174e Update to the June 2013 GeoIP database. 2013-06-05 08:43:03 +02:00
Nick Mathewson
78735f8778 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-05-20 12:34:59 -04:00
Karsten Loesing
f8053179c9 Update to the May 2013 GeoIP database. 2013-05-13 15:37:43 +02:00
Nick Mathewson
00e2310f12 Don't run off the end of the array-of-freelists
This is a fix for bug 8844, where eugenis correctly notes that there's
a sentinel value at the end of the list-of-freelists that's never
actually checked.  It's a bug since the first version of the chunked
buffer code back in 0.2.0.16-alpha.

This would probably be a crash bug if it ever happens, but nobody's
ever reported something like this, so I'm unsure whether it can occur.
It would require write_to_buf, write_to_buf_zlib, read_to_buf, or
read_to_buf_tls to get an input size of more than 32K.  Still, it's a
good idea to fix this kind of thing!
2013-05-09 13:10:48 -04:00
Nick Mathewson
39ac1db60e Avoid busy-looping on WANTREAD within connection_handle_write
Fix for bug 5650.  Also, if we get a WANTREAD while reading while
writing, make sure we're reading.
2013-04-12 01:11:31 -04:00
Nick Mathewson
9630fb917f Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-04-08 11:09:26 -04:00
Karsten Loesing
b41f03f6df Update to the April 2013 GeoIP database. 2013-04-08 12:18:40 +02:00
Nick Mathewson
ebb95d0f78 Merge remote-tracking branch 'public/bug8377' into maint-0.2.3 2013-03-18 15:27:50 -04:00
Nick Mathewson
c6ca199888 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-03-11 13:32:01 -04:00
Karsten Loesing
3dde6d5d29 Update to the March 2013 GeoIP database. 2013-03-07 20:58:31 +01:00
Nick Mathewson
b528aaef03 Make sure that [::1] is recognized as a private address
Fixes bug 8377; bugfix on 0.2.1.3-alpha.
2013-03-01 12:22:57 -05:00
Nick Mathewson
e3578d52e4 Check whether ei is non-NULL before altering it.
This fixes a crash bug if we fail to generate an extrainfo
descriptor.

Fixes bug 8208; bugfix on 0.2.3.16-alpha.
2013-02-11 16:05:03 -05:00
Nick Mathewson
b840b76b04 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-02-08 10:36:34 -05:00
Karsten Loesing
adff7f944a Update to the February 2013 GeoIP database. 2013-02-08 14:39:25 +01:00
Nick Mathewson
ae15b55173 Merge branch 'bug7889_023' into maint-0.2.3 2013-01-15 16:30:07 -05:00
Nick Mathewson
1625cddf3a Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-01-14 14:24:19 -05:00
Nick Mathewson
4ccf09b1c2 Reject create/begin/etc cells with {circ,stream}ID 0.
Otherwise, it's possible to create streams or circuits with these
bogus IDs, leading to orphaned circuits or streams, or to ones that
can cause bandwidth DOS problems.

Fixes bug 7889; bugfix on all released Tors.
2013-01-14 14:02:13 -05:00
Karsten Loesing
32114d70ae Update to the January 2013 GeoIP database. 2013-01-05 08:18:26 +01:00
Nick Mathewson
52bf1556b1 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-12-13 12:51:28 -05:00
Karsten Loesing
c9a5d613a6 Update to the December 2012 GeoIP database. 2012-12-13 08:44:30 +01:00
Karsten Loesing
d2cfd52d2c Update to the November 2012 GeoIP database. 2012-12-13 08:44:20 +01:00
Roger Dingledine
88bb48e785 use a more logical operator
Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set.

Fixes bug 7464; bugfix on 0.2.3.9-alpha.
2012-11-12 23:47:21 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Nick Mathewson
758428dd32 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node.
2012-10-23 22:58:38 -04:00
Nick Mathewson
b0646cc142 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-23 21:48:50 -04:00
Nick Mathewson
3365def68b Add a changes file for bug 7191. 2012-10-23 21:35:30 -04:00
Roger Dingledine
2ecee3fce2 Let 0.2.3 clients exit to internal addresses if they want
Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
2012-10-23 17:18:01 -04:00
Nick Mathewson
85659d3964 Fix parse_short_policy (bug 7192.)
Our implementation of parse_short_policy was screwed up: it would
ignore the last character of every short policy.  Obviously, that's
broken.

This patch fixes the busted behavior, and adds a bunch of unit tests
to make sure the rest of that function is okay.

Fixes bug 7192; fix on 0.2.3.1-alpha.
2012-10-23 13:49:48 -04:00
Nick Mathewson
1cc06bd35e Merge branch 'block_renegotiate_023' into maint-0.2.3 2012-10-19 14:30:31 -04:00
Robert Ransom
d3bfdd6108 Don't serve or accept v2 HS descs over a DirPort
(changes file tweaked by nickm)
2012-10-19 02:56:25 -04:00
Nick Mathewson
a0e9dc9f55 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-19 00:58:33 -04:00
Nick Mathewson
8743080a28 Disable TLS Session Tickets, which we were apparently getting for free
OpenSSL 1.0.0 added an implementation of TLS session tickets, a
"feature" that let session resumption occur without server-side state
by giving clients an encrypted "ticket" that the client could present
later to get the session going again with the same keys as before.
OpenSSL was giving the keys to decrypt these tickets the lifetime of
the SSL contexts, which would have been terrible for PFS if we had
long-lived SSL contexts.  Fortunately, we don't.  Still, it's pretty
bad.  We should also drop these, since our use of the extension stands
out with our non-use of session cacheing.

Found by nextgens. Bugfix on all versions of Tor when built with
openssl 1.0.0 or later.  Fixes bug 7139.
2012-10-19 00:54:51 -04:00