Commit Graph

1482 Commits

Author SHA1 Message Date
Sebastian Hahn
b67657bd95 Properly handle non-terminated strings
Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.

Discovered by rieo.
2010-02-27 02:13:22 +01:00
Sebastian Hahn
86828e2004 Proper NULL checking in circuit_list_path_impl()
Another dereference-then-NULL-check sequence. No reports of this bug
triggered in the wild. Fixes bugreport 1256.

Thanks to ekir for discovering and reporting this bug.
2010-02-26 05:53:26 +01:00
Sebastian Hahn
f36c36f4a8 Proper NULL checking for hsdesc publication
Fix a dereference-then-NULL-check sequence. This bug wasn't triggered
in the wild, but we should fix it anyways in case it ever happens.
Also make sure users get a note about this being a bug when they
see it in their log.

Thanks to ekir for discovering and reporting this bug.
2010-02-26 05:49:34 +01:00
Sebastian Hahn
a9802d3322 Zero a cipher completely before freeing it
We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
2010-02-26 05:47:25 +01:00
Roger Dingledine
b9696b96da bump to 0.2.1.24 2010-02-21 17:27:12 -05:00
Nick Mathewson
428c07ea0d Add changelog for latest openssl fix 2010-02-18 11:54:26 -05:00
Roger Dingledine
c9a3781580 give it a blurb, update the date 2010-02-13 14:10:57 -05:00
Roger Dingledine
3e6a37e61e new dannenberg address; make moria2's demise official. 2010-02-12 14:31:08 -05:00
Roger Dingledine
33f8dcae6a prepare for 0.2.1.23 2010-02-12 12:35:40 -05:00
Sebastian Hahn
a168cd2a54 Don't use gethostbyname() in resolve_my_address()
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
Bug 1244 occured because gethostbyname() returned an ipv6 address, which
Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
Reported by Mike Mestnik.
2010-02-08 15:49:54 +01:00
Sebastian Hahn
dfee173289 lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
2010-02-07 06:37:35 +01:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Roger Dingledine
1fc94bfd0e spread guard rotation out throughout the month 2010-01-19 17:52:52 -05:00
Roger Dingledine
0642ab2428 weight guard choice by bandwidth; discard old guards 2010-01-19 17:30:52 -05:00
Roger Dingledine
f43f87db5b bump to 0.2.1.22, and give it a changelog 2010-01-19 14:43:05 -05:00
Roger Dingledine
adae600715 rotate keys for moria1 and gabelmoo 2010-01-19 14:12:39 -05:00
Roger Dingledine
79eaeef1cd stop bridge authorities from leaking their bridge list 2010-01-17 19:41:22 -05:00
Roger Dingledine
5201e05fc5 bump to 0.2.1.21 so we can release 2009-12-21 03:22:49 -05:00
Nick Mathewson
1c87a27574 Fix bug 1173: remove an assert(unsigned >= 0). 2009-12-15 15:51:59 -05:00
Roger Dingledine
a89f51c936 fix race condition that can cause crashes at client or exit relay
Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
2009-11-23 10:13:50 -05:00
Roger Dingledine
0656c12b07 add the 0.2.1.20 changelog blurb, plus update the releasenotes 2009-11-17 15:35:14 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
e50e739556 Add changelog to describe coverity fixes for 0.2.1.21 2009-10-26 22:39:42 -04:00
Nick Mathewson
56048637a5 Only send the if_modified_since header for a v3 consensus.
Spotted by xmux; bugfix on 0.2.0.10-alpha.
(Bug introduced by 20b10859)
2009-10-26 20:14:11 -04:00
Roger Dingledine
16dc543851 bump to 0.2.1.20 2009-10-15 12:14:18 -04:00
Roger Dingledine
2bee297d57 Move moria1 and Tonga to alternate IP addresses. 2009-10-15 12:14:18 -04:00
Roger Dingledine
2394336426 read the "circwindow" parameter from the consensus
backport of c43859c5c1
backport of 0d13e0ed14
2009-10-14 17:07:32 -04:00
Roger Dingledine
95008db08d Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
This reverts commit dc3229313b.

We're going to do this more thoroughly in 0.2.2.x, and not in
maint-0.2.1.
2009-09-20 23:50:48 -04:00
Nick Mathewson
9c38941195 Work around a memory leak in openssl 0.9.8g (and maybe others) 2009-09-17 00:01:20 -04:00
Nick Mathewson
b3991ea7d1 Merge commit 'karsten/fix-1073' into maint-0.2.1 2009-09-16 23:36:01 -04:00
Sebastian Hahn
dc3229313b Teach connection_ap_can_use_exit about Exclude*Nodes
To further attempt to fix bug 1090, make sure connection_ap_can_use_exit
always returns 0 when the chosen exit router is excluded. This should fix
bug1090.
2009-09-16 02:29:57 +02:00
Nick Mathewson
24c740e5fd Merge commit 'sebastian/memleak' into maint-0.2.1 2009-09-15 19:35:16 -04:00
Sebastian Hahn
113ba0e727 make some bug 1090 warnings go away
When we excluded some Exits, we were sometimes warning the user that we
were going to use the node regardless. Many of those warnings were in
fact bogus, because the relay in question was not used to connect to
the outside world.

Based on patch by Rotor, thanks!
2009-09-16 01:17:51 +02:00
Sebastian Hahn
b792afa919 Fix a memory leak when parsing a ns
Adding the same vote to a networkstatus consensus leads to a memory leak
on the client side. Fix that by only using the first vote from any given
voter, and ignoring the others.

Problem found by Rotor, who also helped writing the patch. Thanks!
2009-09-14 22:25:08 +02:00
Roger Dingledine
fcacf22491 Fix obscure 64-bit big-endian hidserv bug
Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
2009-09-02 20:36:11 -04:00
Roger Dingledine
3db36d86c4 turns out the packaging changes aren't in 0.2.1.20 2009-09-01 22:46:41 -04:00
Andrew Lewman
5657e803f8 update changelog with bundle details 2009-09-01 22:04:10 +02:00
Roger Dingledine
075c004095 Add getinfo accepted-server-descriptor. Clean spec.
Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
2009-08-31 18:37:25 -04:00
Roger Dingledine
4c297f74f7 Only send reachability status events on overall success/failure
We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
2009-08-31 16:14:41 -04:00
Karsten Loesing
dd8f16beb5 Avoid segfault when accessing hidden service. 2009-08-29 19:41:08 +02:00
Roger Dingledine
64f393d56f Only send netinfo clock_skew to controller if an authority told us so
We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
2009-08-28 03:42:09 -04:00
Roger Dingledine
d52284559b extremely infinite? who talks like that? 2009-08-27 21:54:41 -04:00
Roger Dingledine
127069f3d2 nobody forward-ported the 0.2.0.35 changelog 2009-08-26 14:11:53 -04:00
Nick Mathewson
9d11827780 Fix a rare infinite-recursion bug when shutting down.
Once we had called log_free_all(), anything that tried to log a
message (like a failed tor_assert()) would fail like this:

   1. The logging call eventually invokes the _log() function.
   2. _log() calls tor_mutex_lock(log_mutex).
   3. tor_mutex_lock(m) calls tor_assert(m).
   4. Since we freed the log_mutex, tor_assert() fails, and tries to
      log its failure.
   5. GOTO 1.

Now we allocate the mutex statically, and never destroy it on
shutdown.

Bugfix on 0.2.0.16-alpha, which introduced the log mutex.

This bug was found by Matt Edman.
2009-08-20 11:55:33 -04:00
Karsten Loesing
a98643c1b5 Fix possible segmentation fault on directory authorities.
The more verbose logs that were added in ee58153 also include a string
that might not have been initialized. This can lead to segfaults, e.g.,
when setting up private Tor networks. Initialize this string with NULL.
2009-08-11 17:33:58 +02:00
Roger Dingledine
e50b7768b9 Send sendmes when we're down 100 cells, not 101.
Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
2009-08-10 04:13:18 -04:00
Roger Dingledine
8abe3bac7e Set up urras as the seventh v3 directory authority. 2009-08-10 01:32:51 -04:00
Roger Dingledine
6a960d515f credit optimist for the bug 1038 diagnosis
also bring the release notes up to date
2009-07-28 20:44:51 -04:00
Roger Dingledine
6249b0fd77 Fix a signed/unsigned compile warning in 0.2.1.19 2009-07-28 18:34:35 -04:00
Roger Dingledine
69706f99e8 bump to 0.2.1.19 2009-07-28 17:39:51 -04:00