nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-22 22:14:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,173 Commits 53 Branches 629 Tags 108 MiB
c5a3664f27
Commit Graph

1448 Commits

Author SHA1 Message Date
Nick Mathewson
fd992deeea Don't attempt to log messages to a controller from a worker thread. 
This patch adds a function to determine whether we're in the main
thread, and changes control_event_logmsg() to return immediately if
we're in a subthread.  This is necessary because otherwise we will
call connection_write_to_buf, which modifies non-locked data
structures.

Bugfix on 0.2.0.x; fix for at least one of the things currently
called "bug 977".
 2009-05-30 18:16:24 -04:00
Nick Mathewson
260de44313 Fixes to spelling fixes. Thanks, Roger! 2009-05-28 12:22:48 -04:00
Nick Mathewson
ec7e054668 Spell-check Tor. 2009-05-27 17:55:51 -04:00
Nick Mathewson
f0453c45c8 Spelling fixes in comments and strings 2009-05-27 16:36:13 -04:00
Nick Mathewson
11b9c839f0 Stop using malloc_usable_size(): valgrind hates it. 2009-05-17 01:55:02 -04:00
Nick Mathewson
9f25a5529a Fix an assertion-failure in memarea_alloc() on 64-bit platforms. 
The trick is that we should assert that our next_mem pointer has not
run off the end of the array _before_ we realign the pointer, since
doing that could take us over the end... but only if we're on a system
where malloc() gives us ram in increments smaller than sizeof(void*).
 2009-05-17 00:02:59 -04:00
Nick Mathewson
c36efb0c45 Use a mutex to protect the count of open sockets. 
This matters because a cpuworker can close its socket when it
finishes.  Cpuworker typically runs in another thread, so without a
lock here, we can have a race condition and get confused about how
many sockets are open.  Possible fix for bug 939.
 2009-05-13 09:38:48 -04:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Nick Mathewson
be9d72303e Actually do that memarea_strndup fix right. Not only must you not examine unmapped ram, but you also must not copy it. From lark. 
svn:r19095
 2009-03-21 16:01:52 +00:00
Nick Mathewson
0fa01654b9 fix from lark: make memarea_strndup() work even at the end of a mmap chunk. Bug was harmless for now, I think. 
svn:r19094
 2009-03-21 11:52:53 +00:00
Nick Mathewson
cb3b95de19 Add some asserts to try to catch bug 930 
svn:r19074
 2009-03-18 15:12:56 +00:00
Roger Dingledine
2f69c67957 doxygen tweak 
svn:r18818
 2009-03-09 06:20:15 +00:00
Nick Mathewson
cbbc0c9c86 Actually use tor_sscanf() to parse untrusted input. 
svn:r18761
 2009-03-03 18:02:36 +00:00
Nick Mathewson
26d83fc04c Add a simple locale-independent no-surprises sscanf replacement. 
tor_sscanf() only handles %u and %s for now, which will make it
adequate to replace sscanf() for date/time/IP parsing.  We want this
to prevent attackers from constructing weirdly formed descriptors,
cells, addresses, HTTP responses, etc, that validate under some
locales but not others.

svn:r18760
 2009-03-03 18:02:31 +00:00
Nick Mathewson
9f8d095e0f Add and use set/get_uint64 on onion tags. [bug 604; backportable] 
It seems that 64-bit Sparc Solaris demands 64-bit-aligned access to
uint64_t, but does not 64-bit-align the stack-allocated char array we
use for cpuworker tags.  So this patch adds a set/get_uint64 pair, and
uses them to access the conn_id field in the tag.

svn:r18743
 2009-03-02 19:15:05 +00:00
Nick Mathewson
f99098cca4 Use prctl to reenable core dumps when we have setuid to a non-root user. 
svn:r18449
 2009-02-09 15:20:17 +00:00
Nick Mathewson
fe987d3a17 Remove some deadcode and use tor_inet_aton uniformly. 
svn:r18422
 2009-02-09 03:13:05 +00:00
Nick Mathewson
72e420ff3c Fix typo found by Justin Coffi on or-talk 
svn:r18258
 2009-01-23 22:45:08 +00:00
Nick Mathewson
25c6ff6f55 Support 64-bit time_t. Patch from Matthias Drochner. Partial backport candidate. 
svn:r18234
 2009-01-22 16:28:12 +00:00
Nick Mathewson
8ebceeb352 Make sure that even in the weird fiddly paths that lead to init_keys, 
crypto_global_init gets called.  Also have it be crypto_global_init
that calls crypto_seed_rng, so we are not dependent on OpenSSL's
RAND_poll in these fiddly cases.

Should fix bug 907.  Bugfix on 0.0.9pre6.  Backport candidate.

svn:r18210
 2009-01-21 15:38:39 +00:00
Nick Mathewson
bf2b71beb8 Fix an error in tor_addr_parse that kept us from having a hidden service or a bridge live at an IPv6 address. 
svn:r18206
 2009-01-21 07:24:50 +00:00
Nick Mathewson
3f8ab367c1 Fix warning on panther compile, and bug 913. Backport candidate. 
svn:r18203
 2009-01-21 03:51:14 +00:00
Nick Mathewson
a87980c2eb Add a better (non-locale-having) ctypes implementation to avoid protocol and parsing mismatches on different platforms. 
svn:r18189
 2009-01-20 21:33:56 +00:00
Nick Mathewson
a33452c401 Fix up (I hope) most ot the things that coverity suddenly claimed were REVERSE_INULL. This is what we get for bragging about being down to 0 issues. 
svn:r18096
 2009-01-13 14:43:51 +00:00
Nick Mathewson
943626050c Fix a leak memory on the failing case of test_memeq_hex 
svn:r18094
 2009-01-13 14:43:43 +00:00
Nick Mathewson
0fe5ce423a Fix a harmless-to-us bug in ht.h. 
There was a field that _HT_FOI_INSERT was never setting. Everything that calls _HT_FOI_INSERT was setting it via tor_malloc_zero, but that's fragile.

svn:r18064
 2009-01-10 14:40:43 +00:00
Nick Mathewson
585d4a12b5 Note a problem in the interface tor_addr_to_sockaddr. 
svn:r17982
 2009-01-06 20:50:51 +00:00
Nick Mathewson
765bb14f69 Another fun openbsd warning fix. On ioerror's computer at least, they redefined an unsigned field in zlib.h to be signed. I am quite sure this makes me more secure somehow. 
svn:r17892
 2009-01-04 23:15:42 +00:00
Nick Mathewson
743c6c8277 OpenBSD malloc.h believes that you should be able to detect headers with autoconf, or build without warnings, but not both. So never include malloc.h on OpenBSD. Backport candidate. 
svn:r17891
 2009-01-04 22:47:42 +00:00
Nick Mathewson
9c94b428d9 Fix the oldest bug in a while: stop accepting 1.2.3 as a valid IPv4 address on any platform. 
svn:r17887
 2009-01-04 19:47:17 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version. 
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
 2009-01-04 00:35:51 +00:00
Nick Mathewson
9c20441bcb Only set sin_len/sin6_len when they exist. 
svn:r17851
 2009-01-02 20:57:10 +00:00
Nick Mathewson
48f2ce298b Try harder to make sure we zero-out the extraneous sockaddr fields and that we set sockaddr_len. Conceivably a backport candidate, though nothing has yet been sen to break. 
svn:r17849
 2009-01-02 20:39:38 +00:00
Nick Mathewson
52932d6f1a Remove some code that is #ifdefed out, and that we no longer seem to use, if we ever did. 
svn:r17827
 2008-12-30 04:16:49 +00:00
Nick Mathewson
e8a3fa91a6 Use a consistent naming standard for header file guard macros, taking care not to collide with any system headers. This tripped us up on Android. 
svn:r17805
 2008-12-29 02:21:02 +00:00
Nick Mathewson
b0a8ecd193 Use RSA_generate_key_ex where available. 
svn:r17804
 2008-12-29 02:20:57 +00:00
Nick Mathewson
94507f1b6d Fix bug in recent address.c patch: actually set the value of address * to 0.0.0.0 as we did before. This makes CMP_EXACT comparisons with bitmask 0 work on address * again. 
svn:r17801
 2008-12-29 01:30:35 +00:00
Nick Mathewson
ccda4e481c Fix compilation under gethostbyname-based systems. 
svn:r17800
 2008-12-27 15:46:16 +00:00
Nick Mathewson
374c1e979f Refactor tor_addr_t manipulation functions so that as few as possible look at the tor_addr_t representation. 
svn:r17790
 2008-12-26 21:26:05 +00:00
Nick Mathewson
616f6643ef get_interface_addr6(), and by extension get_interface_addr(), were pretty borked. Copying a tor_addr_t from a sockaddr_storage using memcpy is a poor notion. 
svn:r17789
 2008-12-26 21:26:03 +00:00
Nick Mathewson
61722638ea Refactor tor_addr_compare_masked() so that CMP_SEMANTIC makes more sense, and has decent semantics for maskbits; and so that CMP_EXACT works right for bits==0. 
svn:r17788
 2008-12-26 20:37:18 +00:00
Nick Mathewson
73e1a1d26e Document our Bloom filter parameter choices. 
svn:r17785
 2008-12-26 17:35:18 +00:00
Nick Mathewson
df5e8f65bc Add more missing documentation, and correct an error in container.c documentation: Don't introduce two parameters called n when you're calling an algorithm O(n). 
svn:r17783
 2008-12-26 17:35:08 +00:00
Roger Dingledine
a12c3f2c86 some fixes i found in my sandbox 
svn:r17771
 2008-12-25 15:37:47 +00:00
Nick Mathewson
558e9899e4 Document most undocumented variables. 
svn:r17754
 2008-12-23 17:56:31 +00:00
Nick Mathewson
d7f55dafe0 Properly zero-out addresses when setting them. Probably this was not hurting anything. 
svn:r17749
 2008-12-23 14:21:34 +00:00
Nick Mathewson
b4d387c28b Make freelist_len in memarea.c static; document a few variables. 
svn:r17741
 2008-12-22 19:14:08 +00:00
Nick Mathewson
b68379b13b Add DOCDOC entries for undocumented static and global variables. 
svn:r17739
 2008-12-22 19:00:05 +00:00
Nick Mathewson
1e5f457461 Fix most DOCDOCs remaining and/or added by redox. 
svn:r17734
 2008-12-22 17:53:04 +00:00
Nick Mathewson
1725c0c8a5 Add DOCDOC comments for all undocumented functions. Add missing *s to other comments so that they will get recognized as doxygen. 
svn:r17729
 2008-12-22 14:56:28 +00:00
Nick Mathewson
55348884b5 Fix all of the doxygen warnings not pertaining to missing documentation. 
svn:r17727
 2008-12-22 14:56:16 +00:00
Nick Mathewson
029be5ad02 Move in-addr.arpa parsing and generation into address.c, and simplify the code that does it elsewhere. Incidentally, this lets exit servers answer requests for ip6.arpa addresses. 
svn:r17707
 2008-12-19 18:52:00 +00:00
Nick Mathewson
efb863189c Expose hex_decode_digit from util.c 
svn:r17706
 2008-12-19 18:51:52 +00:00
Nick Mathewson
bf80e2df3f Replace calls to time(NULL) that occur on the order of once per read, one per write, or once per cell with calls to a function that looks at a cached value of time. This is tricksy to benchmark, since it will only help on systems where time() is a syscall and syscalls are relatively slow. 
svn:r17690
 2008-12-18 17:19:04 +00:00
Nick Mathewson
b6f89a647a One log.c XXX021 was a misunderstanding. Also, clip log messages passed to syslog to their maximum length when there is a maximum. 
svn:r17688
 2008-12-18 17:18:06 +00:00
Nick Mathewson
122170c1d3 Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this patch. 
svn:r17686
 2008-12-18 16:11:24 +00:00
Nick Mathewson
6c6b0283cb Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing. 
svn:r17685
 2008-12-18 16:11:16 +00:00
Nick Mathewson
8d5a9d762c Log an error on win32 if directory listing fails. 
svn:r17684
 2008-12-18 16:11:12 +00:00
Nick Mathewson
9c3d17ebb5 Fix a small memory leak of around 32 bytes per TLS connection opened. Bugfix on 0.2.1.1-alpha. 
svn:r17678
 2008-12-18 15:00:09 +00:00
Nick Mathewson
cebdf93949 Fix bug 889: share deep-copied keys between threads to avoid races in reference counts. Bugfix on 0.1.0.1-rc. 
svn:r17672
 2008-12-18 05:28:27 +00:00
Nick Mathewson
6693f32530 Resolve many DOCDOCs. 
svn:r17662
 2008-12-17 22:58:20 +00:00
Nick Mathewson
f43bcdc063 Use ctags and a python script to find identifiers that are never used anywhere, and remove the ones that we really want gone. 
svn:r17651
 2008-12-17 17:20:42 +00:00
Nick Mathewson
98066d62bc Lower sprintf buffer max to ~SSIZE_T_MAX from SIZE_T_CEILING, since we need to compare it to a signed int. 
svn:r17600
 2008-12-11 21:11:22 +00:00
Nick Mathewson
4277b0e926 Remove some cargo-cult gcc hacks around tor_assert and predict_unlikely; instead, use the standard convert-to-boolean hack of "svn st" 
svn:r17597
 2008-12-11 20:23:46 +00:00
Nick Mathewson
3be88b2c70 Change test_memeq macro to not leak memory. Addresses coverity CID 47. 
svn:r17577
 2008-12-11 06:17:54 +00:00
Nick Mathewson
d60d8976b9 Better error message when told to setuid to ourself. 
svn:r17543
 2008-12-09 23:26:12 +00:00
Nick Mathewson
07c8b2be21 Compile without warnings on mingw. 
svn:r17522
 2008-12-08 19:52:26 +00:00
Nick Mathewson
6fb06f334a Try to fix windows mmap code. 
svn:r17493
 2008-12-05 19:36:35 +00:00
Nick Mathewson
7f793fa733 Simplify mmap object layout to avoid confusing static analysis tools, and us too. 
svn:r17490
 2008-12-05 02:17:41 +00:00
Nick Mathewson
2be5215181 Fix a hard-to-trigger memory leak in log_credential status. Found by Coverity scan. CID 349. 
svn:r17484
 2008-12-05 01:29:59 +00:00
Nick Mathewson
37bd9181f0 Do not use O_APPEND on fd-based operations that do not really want it; have them just lseek instead. 
svn:r17460
 2008-12-02 23:49:40 +00:00
Roger Dingledine
96a185d9b7 style cleanup 
svn:r17457
 2008-12-02 23:42:21 +00:00
Nick Mathewson
bd6b3072f9 Change logging code to use fds instead of stdio. Fixes bug 861, and probably makes logging slightly faster. Not a backport candidate: bug 861 is too obscure and harmless. 
svn:r17456
 2008-12-02 23:36:58 +00:00
Nick Mathewson
6221bdd294 Add two lseek wrappers to compat.[ch]: one to return current fd position, and one to move the fd to the end of the file. 
svn:r17454
 2008-12-02 23:26:04 +00:00
Nick Mathewson
60738daf85 Define socklen_t before using it in compat.h 
svn:r17444
 2008-12-02 18:54:47 +00:00
Nick Mathewson
191197eff7 Revert my older supposed gcc-4.4 warning workaround. GCC was not being needlessly prissy; it was hinting at the wrongly pure smartlist_bsearch_idx. 
svn:r17396
 2008-11-26 17:14:59 +00:00
Nick Mathewson
651a0a2fb5 Stop marking bsearch_idx as pure; it is not. 
svn:r17393
 2008-11-26 16:57:46 +00:00
Nick Mathewson
4cddcf8873 Cast uid_t and gid_t to unsigned before passing to printf %u. 
svn:r17392
 2008-11-26 16:13:12 +00:00
Nick Mathewson
bc597758dc Use fcntl for file locking when flock() is not available. 
svn:r17391
 2008-11-26 16:10:56 +00:00
Nick Mathewson
07a08d933d Resolve a warning under gcc 4.4 trunk. 
svn:r17357
 2008-11-22 02:19:14 +00:00
Nick Mathewson
bdc0aec00a Update _log_global_min_severity after switch_logs_debug(), so that USR2 will work again. Bugfix on 0.1.2.8-beta. Spotted by Geoff Down. 
svn:r17317
 2008-11-17 19:58:51 +00:00
Nick Mathewson
a790a13705 define get_uint8 and set_uint8 macros to make code cleaner. 
svn:r17261
 2008-11-12 14:39:25 +00:00
Nick Mathewson
a95e0e7355 apply sebastian's fix for bug 859. Apparently on win32 one must lock at least one byte when locking, but locking a nonexistant byte is okay. ) 
svn:r17244
 2008-11-11 15:29:40 +00:00
Nick Mathewson
6c50ab6e61 Document a couple of functions. 
svn:r17239
 2008-11-10 20:40:01 +00:00
Roger Dingledine
c62d5f6a5c beg nick for some documentation on the locking functions 
svn:r17233
 2008-11-10 00:48:13 +00:00
Roger Dingledine
0554e87f58 better error message when you set User but start tor as non-root. 
hopefully will address bug 857.


svn:r17232
 2008-11-10 00:41:07 +00:00
Nick Mathewson
13e079f9ec Log a little more when credential-switching fails. 
svn:r17228
 2008-11-09 16:54:54 +00:00
Roger Dingledine
b32e600d50 while we're cleaning code, get rid of some unreachable code at 
the bottom of switch_id


svn:r17205
 2008-11-07 04:35:41 +00:00
Roger Dingledine
14773f42a7 now that we drop privs more thoroughly, switch_id() is no longer 
idempotent. so now we remember if we've succeeded, and if so we
don't even try.


svn:r17204
 2008-11-07 04:34:47 +00:00
Roger Dingledine
7c65792500 remove more redundant code from r17200 
svn:r17203
 2008-11-07 04:11:03 +00:00
Nick Mathewson
1b98f45b3d Developers should usually configure with --enable-gcc-warnings, and should regularly make check-spaces. Also, int fn() does not mean the same in C as it does in C++ or Java. 
svn:r17201
 2008-11-07 02:53:46 +00:00
Steven Murdoch
9d68ed08e9 Patch from Jacob Appelbaum and me to make User option more robust, properly set supplementary groups, deprecated the Group option, and log more information on credential switching 
svn:r17200
 2008-11-07 02:06:12 +00:00
Nick Mathewson
3ebd1ebeca The chunk_size field in memarea_t was never actually set. Remove the whole thing. 
svn:r17195
 2008-11-05 20:34:22 +00:00
Nick Mathewson
35bef7fefd make read_all and write_all return ssize_t. 
svn:r17194
 2008-11-05 19:29:17 +00:00
Nick Mathewson
b56d1545db Fix freebsd 7 compile by adding malloc_np.h header. Fix bug 850. 
svn:r17190
 2008-11-05 15:56:53 +00:00
Nick Mathewson
3f84ed3d46 Add a new memcmpstart to use instead of strcmpstart when the thing we are comparing is not nul-terminated. 
svn:r17187
 2008-11-03 16:35:48 +00:00
Nick Mathewson
361086005c Fix a possible negative shift in address comparison. May fix bug 845 and bug 811 
svn:r17169
 2008-10-29 13:29:54 +00:00
Nick Mathewson
0ab45fee73 Document some dmalloc stuff and some stupid C tricks. 
svn:r17161
 2008-10-27 16:30:52 +00:00
Jacob Appelbaum
7873d324df This patch changes some of the code in util.c to refactor calls to 
dmalloc_malloc, dmalloc_realloc and dmalloc_strdup. It only calls those
functions if we're using the magic USE_DMALLOC macro. If we're not doing
that, we call the normal malloc, realloc and strdup. This is my first
night at malloc disambiguation club, so I had to disambiguate. Also, first commit, I have my commit bit now. Huzzzah!!!


svn:r17157
 2008-10-26 22:56:53 +00:00
Roger Dingledine
c7af43a624 Now NodeFamily and MyFamily config options allow spaces in 
identity fingerprints, so it's easier to paste them in.
Suggested by Lucky Green.


svn:r17021
 2008-10-01 03:41:33 +00:00