Commit Graph

35877 Commits

Author SHA1 Message Date
Nick Mathewson
be6b30e642 Merge branch 'maint-0.4.4' 2020-07-09 09:59:54 -04:00
Nick Mathewson
8dd89e4330 Merge remote-tracking branch 'dgoulet/ticket33796_044_01' into maint-0.4.4 2020-07-09 09:59:45 -04:00
Nick Mathewson
b0399c6026 Merge branch 'maint-0.4.4' 2020-07-09 09:28:53 -04:00
Nick Mathewson
0f39cc10f6 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-07-09 09:28:53 -04:00
Nick Mathewson
af08dad6d1 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-09 09:28:53 -04:00
Nick Mathewson
283ce30c53 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-09 09:28:53 -04:00
Nick Mathewson
7142f3e435 Merge branch 'trove_2020_001_035' into maint-0.3.5 2020-07-09 09:28:36 -04:00
David Goulet
32a0bc2a84 Merge branch 'maint-0.4.4' 2020-07-09 07:27:25 -04:00
David Goulet
1af7f40dad Merge branch 'tor-github/pr/1988' into maint-0.4.4 2020-07-09 07:27:13 -04:00
David Goulet
d7f3d1196c Merge branch 'maint-0.4.4' 2020-07-09 07:25:26 -04:00
George Kadianakis
c1598be1e0 Refactor setup_intro_circ_auth_key() to make it simpler.
It now uses the 'goto err' pattern, instead of the fatal_unreached()
pattern. The latter pattern is usually used when there is a loop, but there is
no loop in this function so it can be simplified easily.
2020-07-09 10:40:56 +03:00
George Kadianakis
e0da64fd27 Handle a failure edge-case when a client-side intro circ opens. 2020-07-09 10:10:57 +03:00
Guinness
562957e0db socks: Returns 0xF6 only if BAD_HOSTNAME
This commit modifies the behavior of `parse_extended_address` in such a way
that if it fails, it will always return a `BAD_HOSTNAME` value, which is then
used to return the 0xF6 extended error code.  This way, in any case that is
not a valid v2 address, we return the 0xF6 error code, which is the expected
behavior.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 16:20:31 -04:00
Alexander Færøy
c364e0e83b Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-08 00:36:48 +00:00
Alexander Færøy
e4bfa734a6 Merge branch 'maint-0.4.4' 2020-07-08 00:36:48 +00:00
Alexander Færøy
9603d8af0b Merge branch 'maint-0.4.3' into maint-0.4.4 2020-07-08 00:36:48 +00:00
Alexander Færøy
b81e24cda6 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-08 00:36:47 +00:00
Nick Mathewson
3e08dd9df1 Resolve a compiler warning from a 32-bit signed/unsigned comparison
This warning only affects platforms (like win32) with 32-bit time_t.

Fixes bug 40028; bugfix on 0.3.2.8-rc.
2020-07-07 15:05:38 -04:00
David Goulet
66d5292ee6 Revert "config: Make clients tell dual-stack exits they prefer IPv6"
This reverts commit bf2a399fc0.

Don't set by default the prefer IPv6 feature on client ports because it breaks
the torsocks use case. The SOCKS resolve command is lacking a mechanism to ask
for a specific address family (v4 or v6) thus prioritizing IPv6 when an IPv4
address is asked on the resolve SOCKS interface resulting in a failure.

Tor Browser explicitly set PreferIPv6 so this should not affect the majority
of our users.

Closes #33796

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 12:58:41 -04:00
Nick Mathewson
9e33391ebb Merge remote-tracking branch 'tor-github/pr/1974/head' 2020-07-07 11:08:20 -04:00
David Goulet
640a777c9b Merge branch 'ticket33236_045_01' 2020-07-07 11:01:26 -04:00
David Goulet
809c864707 addr: Attempt to learn our address with ORPort
If no Address statement are found in the configuration file, attempt to learn
our address by looking at the ORPort address if any. Specifying an address is
optional so if we can't find one, it is fine, we move on to the next discovery
mechanism.

Note that specifying a hostname on the ORPort is not yet supported at this
commit.

Closes #33236

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:52:43 -04:00
Alexander Færøy
a213d27938 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-07 14:48:36 +00:00
Alexander Færøy
d4c79cae76 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-07-07 14:48:36 +00:00
Alexander Færøy
aa80f73fc4 Merge branch 'maint-0.4.4' 2020-07-07 14:48:36 +00:00
Alexander Færøy
19d579e8cb Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-07 14:48:35 +00:00
Nick Mathewson
bc63f59f3c Add correct exclusions to Doxyfile.in.
Now that we have src/ext/ext.md (since b0a716dfb0), we
don't want to have src/ext excluded in its entirety.

Like a smart person, when I added src/ext/ext.md, I edited Doxyfile,
forgetting that it is generated from Doxyfile.in.  :/

This should fix travis builds.
2020-07-07 10:24:24 -04:00
David Goulet
d9cc2b2928 CI: Fix Appveyor printf format error
For some reasons, Appveyor started to use the stdio printf format for 64 bit
values (PRIu64, ...). Mingw doesn't like that so force it to use the Windows
specific macros by setting D__USE_MINGW_ANSI_STDIO=0.

Fixes #40026
2020-07-07 09:53:54 -04:00
George Kadianakis
86fdddccb2 Merge branch 'tor-github/pr/1973' 2020-07-07 15:34:14 +03:00
Nick Mathewson
2aa5e95f58 Fix coccinelle complaint in test-memwipe.c 2020-07-07 15:33:35 +03:00
Bartosz Duszel
9cefc47231 add changes file for ticket31699 2020-07-07 08:00:30 -04:00
Bartosz Duszel
c890a06fe4 remove autoconf check for malloc 2020-07-07 08:00:30 -04:00
Bartosz Duszel
da85062631 remove autoconf check for EVP_sha3_256 2020-07-07 08:00:30 -04:00
Bartosz Duszel
b192bc6ff3 remove autoconf check for htonll 2020-07-07 08:00:30 -04:00
Bartosz Duszel
06dafe8c1f remove autoconf check for syslimits 2020-07-07 08:00:30 -04:00
Bartosz Duszel
3ebf3cf946 remove autoconf check for getpass 2020-07-07 08:00:30 -04:00
George Kadianakis
118c35b55b Mark some log messages as used by Chutney. 2020-07-07 12:45:29 +03:00
Alexander Færøy
7b2d10700f Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes.
This patch changes our bits-to-bytes conversion logic in the NSS
implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
bits that is not a multiple of 8.

Additionally, we add a comment on why we cannot use the
`DER_ConvertBitString()` macro from NSS, as we would potentially apply
the bits-to-bytes conversion logic twice, which would lead to an
insignificant amount of bytes being compared in
`SECITEM_ItemsAreEqual()` and thus turn the logic into being a
prefix match instead of a full match.

The `DER_ConvertBitString()` macro is defined in NSS as:

    /*
    ** Macro to convert der decoded bit string into a decoded octet
    ** string. All it needs to do is fiddle with the length code.
    */
    #define DER_ConvertBitString(item)            \
        {                                         \
            (item)->len = ((item)->len + 7) >> 3; \
        }

Thanks to Taylor Yu for spotting this problem.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
06f1e959c2 Add constness to length variables in tor_tls_cert_matches_key.
We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
b46984e97e Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS.
This patch fixes an out-of-bound memory read in
`tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
instead of OpenSSL.

The NSS library stores some length fields in bits instead of bytes, but
the comparison function found in `SECITEM_ItemsAreEqual()` needs the
length to be encoded in bytes. This means that for a 140-byte,
DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
bytes instead of 140 (140bytes * 8bits = 1120bits).

This patch fixes the issue by converting from bits to bytes before
calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
bits before we leave the function.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
33e1c2e6fd Run tor_tls_cert_matches_key() Test Suite with both OpenSSL and NSS.
This patch lifts the `tor_tls_cert_matches_key()` tests out of the
OpenSSL specific TLS test suite and moves it into the generic TLS test
suite that is executed for both OpenSSL and NSS.

This patch is largely a code movement, but we had to rewrite parts of
the test to avoid using OpenSSL specific data-types (such as `X509 *`)
and replace it with the generic Tor abstraction type
(`tor_x509_cert_impl_t *`).

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Nick Mathewson
1ee748e4ca Fix coccinelle complaint in test_config.c 2020-07-06 15:17:47 -04:00
David Goulet
95fc085bf3 addr: Fix possible memleak in find_my_address()
Unit tests also suffered from a memleak.

Closes #40024

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-06 11:21:41 -04:00
Nick Mathewson
ac3bc88343 Merge remote-tracking branch 'tor-github/pr/1938/head' 2020-07-06 09:34:13 -04:00
George Kadianakis
00f921edb9 Merge branch 'maint-0.4.4' 2020-07-03 15:54:41 +03:00
George Kadianakis
05ca50c9a3 Merge branch 'tor-github/pr/1962' into maint-0.4.4 2020-07-03 15:54:24 +03:00
David Goulet
6ff4596753 hs-v2: Add deprecation warning for service
If at least one service is configured as a version 2, a log warning is emitted
once and only once.

Closes #40003

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-03 15:52:54 +03:00
George Kadianakis
3bb9b7e743 Merge branch 'tor-github/pr/1934' 2020-07-03 10:50:47 +03:00
David Goulet
a73049d1a0 changes: Add changes file for ticket #40019
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-02 14:39:44 -04:00
David Goulet
8c3e4837f0 make: Don't run check-best-practices in check-local
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-02 14:39:44 -04:00