Commit Graph

475 Commits

Author SHA1 Message Date
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Roger Dingledine
0bfaf86612 Fix socks5 handshake for username/password auth
The fix for bug 8117 exposed this bug, and it turns out real-world
applications like Pidgin do care. Bugfix on 0.2.3.2-alpha; fixes bug 8879.
2013-05-15 03:34:37 -04:00
Nick Mathewson
bae5dd6c8d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-05-09 13:14:53 -04:00
Nick Mathewson
00e2310f12 Don't run off the end of the array-of-freelists
This is a fix for bug 8844, where eugenis correctly notes that there's
a sentinel value at the end of the list-of-freelists that's never
actually checked.  It's a bug since the first version of the chunked
buffer code back in 0.2.0.16-alpha.

This would probably be a crash bug if it ever happens, but nobody's
ever reported something like this, so I'm unsure whether it can occur.
It would require write_to_buf, write_to_buf_zlib, read_to_buf, or
read_to_buf_tls to get an input size of more than 32K.  Still, it's a
good idea to fix this kind of thing!
2013-05-09 13:10:48 -04:00
Nick Mathewson
7f50af116f Merge remote-tracking branch 'public/bug8117_023' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.c
2013-04-11 01:39:55 -04:00
Nick Mathewson
fa3c237739 Per-SOCKSPort configuration for bug 8117 fix.
This might be necessary if the bug8117 fix confuses any applications.

Also add a changes file.
2013-03-20 16:17:06 -04:00
Nick Mathewson
a264c4feda Prefer SOCKS_USER_PASS over SOCKS_NO_AUTH 2013-03-20 15:37:47 -04:00
Nick Mathewson
59fc77e29b Fix a bug that roger found in the wide_circ_id code 2013-02-15 18:20:46 -05:00
Nick Mathewson
d6634001c9 Merge remote-tracking branch 'public/wide_circ_ids'
Conflicts:
	src/or/channel.h
	src/or/connection_or.c
	src/or/cpuworker.c
2013-02-15 16:23:43 -05:00
Nick Mathewson
076654ce84 Replace magic constants for wide_circ_ids with inline function calls 2013-02-09 00:56:53 -05:00
Nick Mathewson
3433216268 Merge remote-tracking branch 'public/easy_ratelim'
Conflicts:
	src/or/connection.c
2013-02-07 17:13:51 -05:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Nick Mathewson
a7334f5122 Use log_fn_ratelim in a few places. 2012-12-26 11:07:15 -05:00
Nick Mathewson
7908ab2093 Move address map into its own file. 2012-11-14 23:16:20 -05:00
Nick Mathewson
81deddb08c Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/common/crypto.c
	src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Nick Mathewson
bfffc1f0fc Allow a v4 link protocol for 4-byte circuit IDs.
Implements proposal 214.

Needs testing.
2012-11-06 21:23:46 -05:00
Nick Mathewson
f45cde05f9 Remove tor_malloc_roundup().
This function never actually did us any good, and it added a little
complexity.  See the changes file for more info.
2012-08-13 13:27:32 -04:00
Nick Mathewson
2491fff5a6 Triage the XXX023 and XXX022 comments: postpone many. 2012-06-15 15:07:52 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
757725ffde MSVC build issue: we use INLINE as the one that will magically work 2012-05-14 13:04:37 -04:00
Arturo Filastò
e0e4b84757 Add a check_no_tls_errors() to read_to_buf_tls
Fixes bug #4528 "read_to_buf_tls(): Inconsistency in code".

This check was added back in 0.1.0.3-rc, but somehow we forgot to
leave it in when we refactored read_to_buf_tls in 0.1.0.5-rc.

(patch by Arturo; commit message and changes file by nickm)
2012-04-24 11:36:38 -04:00
Nick Mathewson
5cf9167f91 Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32
This commit is completely mechanical; I used this perl script to make it:

 #!/usr/bin/perl -w -i.bak -p

 if (/^\s*\#/) {
     s/MS_WINDOWS/_WIN32/g;
     s/\bWIN32\b/_WIN32/g;
 }
2012-01-31 15:48:47 -05:00
Nick Mathewson
6e8c2a3e46 Use SOCKET_OK macros in even more places
Add a TOR_INVALID_SOCKET macro to wrap -1/INVALID_SOCKET.

Partial work for bug4533.
2012-01-17 16:35:07 -05:00
Nick Mathewson
e402edd960 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-15 11:32:49 -05:00
Nick Mathewson
562c974ee7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-15 11:28:44 -05:00
Nick Mathewson
9d0777839b Add a fix for the buf_pullup bug that Vektor reported 2011-12-15 11:28:24 -05:00
Nick Mathewson
69921837a7 Fix a bunch of whitespace errors 2011-10-11 11:30:01 -04:00
Nick Mathewson
1b0645acba Cell types and states for new OR handshake
Also, define all commands > 128 as variable-length when using
v3 or later link protocol.  Running into a var cell with an
unrecognized type is no longer a bug.
2011-10-10 23:14:09 -04:00
Fabian Keil
13f0d22df0 Rephrase the log messages emitted if the TestSocks check is positive
Previously Tor would always claim to have been given a hostname
by the client, while actually only verifying that the client
is using SOCKS4A or SOCKS5 with hostnames. Both protocol versions
allow IP addresses, too, in which case the log messages were wrong.

Fixes #4094.
2011-10-03 12:56:46 -04:00
Nick Mathewson
df96aed14f Remove warning about a loop parsing evbuffer socks
This behavior is normal when we want more data than the evbuffer
actually has for us.  We'll ask for (say) 7 bytes, get only 5
(because that's all there is), try to parse the 5 bytes, and get
told "no, I want 7".  One option would be to bail out early whenever
want_length is > buflen, but sometimes we use an over-large
want_length.  So instead, let's just remove the warning here: it's
not a bug after all.
2011-08-18 16:15:03 -04:00
Nick Mathewson
263d68aa82 Appease "make check-spaces" 2011-08-18 15:17:37 -04:00
Nick Mathewson
d2cd67c83f Use evbuffer_copyout() in inspect_evbuffer(). 2011-08-17 13:09:05 -04:00
Nick Mathewson
413574ad38 Clear socks auth fields before free 2011-08-05 19:07:33 -04:00
Nick Mathewson
eaa1c05397 Merge branch 'optimistic-client'
The conflicts are with the proposal 171 circuit isolation code, and
they're all trivial: they're just a matter of both branches adding
some unrelated code in the same places.

Conflicts:
	src/or/circuituse.c
	src/or/connection.c
2011-07-20 09:50:53 -04:00
Nick Mathewson
553ae5dfb5 Fix spurious warning in bufferevent socks parsing
The problem was that we weren't initializing want_length to 0 before
calling parse_socks() the first time, so it looked like we were
risking an infinite loop when in fact we were safe.

Fixes 3615; bugfix on 0.2.3.2-alpha.
2011-07-19 20:40:15 -04:00
Nick Mathewson
34a52534bb Add a generic_buffer_t to use the best buffer type we have on hand
Also add a quick function to copy all the data in a buffer.  (This
one could be done much better, but let's see if it matters.)
2011-07-18 15:36:20 -04:00
Nick Mathewson
1aab5b6b39 Merge remote-tracking branch 'public/bug1666'
Conflicts:
	doc/spec/socks-extensions.txt
	src/or/buffers.c
	src/or/config.c
	src/or/connection_edge.c
2011-07-13 12:12:16 -04:00
Nick Mathewson
16c5a62a66 Add more error checks to socks parsing code
Suggested by Linus to avoid uninitialized reads or infinite loops if
it turns out our code is buggier than we had thought.
2011-07-12 10:51:31 -04:00
Nick Mathewson
31120ff692 Remove unused var in write_to_evbuffer_zlib 2011-07-07 11:00:51 -04:00
Nick Mathewson
05c424f4b8 Refactor fetch_from_buf_socks() to be greedy
Previously, fetch_from_buf_socks() might return 0 if there was still
data on the buffer and a subsequent call to fetch_from_buf_socks()
would return 1.  This was making some of the socks5 unit tests
harder to write, and could potentially have caused misbehavior with
some overly verbose SOCKS implementations.  Now,
fetch_from_buf_socks() does as much processing as it can, and
returns 0 only if it really needs more data.  This brings it into
line with the evbuffer socks implementation.
2011-06-29 17:45:27 -04:00
Nick Mathewson
ee42fe8fbb Don't drain extra data when parsing socks auth methods
We added this back in 0649fa14 in 2006, to deal with the case where
the client unconditionally sent us authentication data.  Hopefully,
that's not needed any longer, since we now can actually parse
authentication data.
2011-06-29 17:29:33 -04:00
Nick Mathewson
2e6604f42e Record username/password data in socks_request_t
This change also requires us to add and use a pair of
allocator/deallocator functions for socks_request_t, instead of
using tor_malloc_zero/tor_free directly.
2011-06-29 13:08:46 -04:00
Nick Mathewson
204bce7e3c If we negotiate authentication, require it. 2011-06-29 12:16:09 -04:00
Nick Mathewson
aec396d9d0 Be more strict about when to accept socks auth message
In the code as it stood, we would accept any number of socks5
username/password authentication messages, regardless of whether we
had actually negotiated username/password authentication.  Instead,
we should only accept one, and only if we have really negotiated
username/password authentication.

This patch also makes some fields of socks_request_t into uint8_t,
for safety.
2011-06-29 12:12:58 -04:00
Nick Mathewson
9b3f48c074 Fix 'make check-spaces' 2011-06-29 11:47:35 -04:00
Nick Mathewson
1ed615ded7 Correct byte-counting in socks auth parsing code 2011-06-29 11:45:15 -04:00
Nick Mathewson
47c8433a0c Make the get_options() return const
This lets us make a lot of other stuff const, allows the compiler to
generate (slightly) better code, and will make me get slightly fewer
patches from folks who stick mutable stuff into or_options_t.

const: because not every input is an output!
2011-06-14 13:17:06 -04:00
Nick Mathewson
21de9d46e2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.c
	src/or/main.c
2011-05-30 14:58:26 -04:00
Nick Mathewson
cfeafe5e77 Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int.  The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.

On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.

This patch should fix compilation and correctness when built for
64-bit windows.  Fixes bug 3270.
2011-05-23 00:17:48 -04:00
Nick Mathewson
67d88a7d60 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/address.c
	src/common/compat_libevent.c
	src/common/memarea.c
	src/common/util.h
	src/or/buffers.c
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection.c
	src/or/directory.c
	src/or/networkstatus.c
	src/or/or.h
	src/or/routerlist.c
2011-04-07 12:17:20 -04:00
Nick Mathewson
05887f10ff Triage the XXX022 and XXX021 comments remaining in the code
Remove some, postpone others, leave some alone.  Now the only
remaining XXX022s are ones that seem important to fix or investigate.
2011-03-25 18:32:27 -04:00
Nick Mathewson
b27f5cc50d Fix another instance of "128" in buffers.c. More bug2330. 2011-01-15 10:25:58 -05:00
Nick Mathewson
71d786b2d3 Merge branch 'bug2320' 2011-01-12 12:52:31 -05:00
Nick Mathewson
c9f8a5eebc Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/buffers.c
2011-01-10 17:31:11 -05:00
Nick Mathewson
aa45e82593 Pull up more data when parsing socks messages
Previously, we only looked at up to 128 bytes.  This is a bad idea
since socks messages can be at least 256+x bytes long.  Now we look at
up to 512 bytes; this should be enough for 0.2.2.x to handle all valid
SOCKS messages.  For 0.2.3.x, we can think about handling trickier
cases.

Fixes 2330.  Bugfix on 0.2.0.16-alpha.
2011-01-10 17:24:16 -05:00
Nick Mathewson
d4165ef8b4 Use autoconf's FLEXIBLE_ARRAY_MEMBER for unspecified-length arrays
C99 allows a syntax for structures whose last element is of
unspecified length:
   struct s {
     int elt1;
     ...
     char last_element[];
   };

Recent (last-5-years) autoconf versions provide an
AC_C_FLEXIBLE_ARRAY_MEMBER test that defines FLEXIBLE_ARRAY_MEMBER
to either no tokens (if you have c99 flexible array support) or to 1
(if you don't).  At that point you just use offsetof
[STRUCT_OFFSET() for us] to see where last_element begins, and
allocate your structures like:

   struct s {
     int elt1;
     ...
     char last_element[FLEXIBLE_ARRAY_MEMBER];
   };

   tor_malloc(STRUCT_OFFSET(struct s, last_element) +
                                   n_elements*sizeof(char));

The advantages are:

   1) It's easier to see which structures and elements are of
      unspecified length.
   2) The compiler and related checking tools can also see which
      structures and elements are of unspecified length, in case they
      wants to try weird bounds-checking tricks or something.
   3) The compiler can warn us if we do something dumb, like try
      to stack-allocate a flexible-length structure.
2011-01-06 15:59:05 -05:00
Nick Mathewson
8932753169 Merge remote branch 'rransom/bug2327-v2' 2011-01-03 13:07:43 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Robert Ransom
305ba230fe Don't throw away incomplete SOCKS proxy responses.
Introduced in 9796b9bfa6.
2010-12-29 05:55:45 -08:00
Robert Ransom
524fdeeb1e Use evbuffer_pullup properly in fetch_from_evbuffer_socks_client.
evbuffer_pullup does nothing and returns NULL if the caller asks it to
linearize more data than the buffer contains.

Introduced in 9796b9bfa6.

Reported by piebeer; fixed with help from doors.
2010-12-29 05:52:09 -08:00
Roger Dingledine
c79427a992 Merge branch 'maint-0.2.2' 2010-12-19 22:08:42 -05:00
Nick Mathewson
b5e293afe6 Merge remote branch fix_security_bug_021 into fix_security_bug_022
Conflicts:
	src/common/memarea.c
	src/or/or.h
	src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
b8a7bad799 Make payloads into uint8_t.
This will avoid some signed/unsigned assignment-related bugs.
2010-12-15 22:31:11 -05:00
Robert Hogan
02c2d9a4aa bug1666 - Pass-through support for SOCKS5 authentication(4)
Implement nickm's suggestion that we tolerate SOCKS5 clients
that send authentication credentials and SOCKS commands all in
one go.
2010-12-14 19:59:42 +00:00
Robert Hogan
f85f52808c bug1666 - Pass-through support for SOCKS5 authentication (2)
Address Nick's comments:
- Refactor against changes in buffers.c
- Ensure we have negotiated a method before accepting
  authentication credentials
2010-12-14 19:47:22 +00:00
Robert Hogan
bf136b94de bug1666 - Pass-through support for SOCKS5 authentication
If a SOCKS5 client insists on authentication, allow it to
negotiate a connection with Tor's SOCKS server successfully.
Any credentials the client provides are ignored.

This allows Tor to work with SOCKS5 clients that can only
support 'authenticated' connections.

Also add a bunch of basic unit tests for SOCKS4/4a/5 support
in buffers.c.
2010-12-14 19:47:22 +00:00
Nick Mathewson
550be1df69 Merge remote branch 'origin/maint-0.2.2' 2010-11-15 15:41:37 -05:00
Nick Mathewson
cbad9f4520 Move controller event for socks warning into log_unsafe_socks_warning 2010-11-15 15:41:21 -05:00
Nick Mathewson
9399b885cd Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/buffers.c
2010-11-15 15:37:23 -05:00
Sebastian Hahn
da3a6e724f Rate-limit unsafe socks warning
Pick 5 seconds as the limit. 5 seconds is a compromise here between
making sure the user notices that the bad behaviour is (still) happening
and not spamming their log too much needlessly (the log message is
pretty long). We also keep warning every time if safesocks is
specified, because then the user presumably wants to hear about every
blocked instance.

(This is based on the original patch by Sebastian, then backported to
0.2.2 and with warnings split into their own function.)
2010-11-15 13:57:37 -05:00
Nick Mathewson
d61736aa6a Merge remote branch 'origin/maint-0.2.2' 2010-11-12 13:06:54 -05:00
Nick Mathewson
dbba84c917 Avoid perma-blocking the controller on bug in shrink_freelist
In all likelihood, this bug would make Tor assert, but if it doesn't,
let's not have two bugs.
2010-11-12 13:05:58 -05:00
Robert Ransom
a421e284d0 Disable logging to control port connections in buf_shrink_freelists.
If buf_shrink_freelists calls log_warn for some reason, we don't want the log
call itself to throw buf_shrink_freelists further off the rails.
2010-11-12 03:07:09 -08:00
Robert Ransom
81affe1949 Move the original log_info call out of the core of buf_shrink_freelists.
Sending a log message to a control port can cause Tor to allocate a buffer,
thereby changing the length of the freelist behind buf_shrink_freelists's back,
thereby causing an assertion to fail.

Fixes bug #1125.
2010-11-12 03:04:07 -08:00
Robert Ransom
6a0657d4bb Disable logging to control port connections in buf_shrink_freelists.
If buf_shrink_freelists calls log_warn for some reason, we don't want the log
call itself to throw buf_shrink_freelists further off the rails.
2010-11-12 02:34:58 -08:00
Robert Ransom
6d2e02d79b Move the original log_info call out of the core of buf_shrink_freelists.
Sending a log message to a control port can cause Tor to allocate a buffer,
thereby changing the length of the freelist behind buf_shrink_freelists's back,
thereby causing an assertion to fail.

Fixes bug #1125.
2010-11-12 02:34:51 -08:00
Nick Mathewson
9516c1efdb Remove XXXs about improving buf_t API: bufferevents are the future 2010-10-15 11:38:33 -04:00
Nick Mathewson
b49cf6a77a Fix whitespace in bufferevents branch 2010-09-27 14:22:18 -04:00
Nick Mathewson
a16ed90ec8 Document and/or fix stuff found by Sebastian in code review
Thanks to Sebastian for his code-review of the bufferevents patch series.x
2010-09-27 14:22:18 -04:00
Sebastian Hahn
865bea3b89 Some bufferevents related fixes and pointers for nickm 2010-09-27 14:22:18 -04:00
Nick Mathewson
0c9b64d449 Get zlib compression working with bufferevents. 2010-09-27 14:22:11 -04:00
Nick Mathewson
9796b9bfa6 Implement SOCKS-client support for bufferevents 2010-09-27 12:31:14 -04:00
Nick Mathewson
bd3612cd2b Get SSL connections and linked connections working with bufferevents.
Clients are now verified to work and build circuits correctly.  There
are still a few warnings given here and there that I need to look into.
2010-09-27 12:31:14 -04:00
Nick Mathewson
44375d4eb8 Add a 0-pullup version of fetch_from_evbuffer_socks 2010-09-27 12:31:13 -04:00
Nick Mathewson
f6899f3a74 Documentation for inspect_evbuffer 2010-09-27 12:31:13 -04:00
Nick Mathewson
698085d56e Add pullup-free version of fetch_from_evbuffer_http 2010-09-27 12:31:13 -04:00
Nick Mathewson
ddcb59bb70 Fix more remaining users of inbuf/outbuf to handle bufferevents instead. 2010-09-27 12:31:13 -04:00
Nick Mathewson
63079efb87 Add a fetch_from_evbuffer_http 2010-09-27 12:29:42 -04:00
Nick Mathewson
a0f4841e2b Refactor SOCKS parsing code to handle evbuffers.
Now all of the logic is in a parse_socks() function that gets data
from a buf_t or evbuffer-specific wrapper.
2010-09-27 12:29:42 -04:00
Nick Mathewson
4836014168 Clone fetch_var_cell_from_buf() for evbuffers. 2010-09-27 12:28:43 -04:00
Nick Mathewson
0514917800 Add a new connection_fetch_from_buf_line() that can handle bufferevents 2010-09-27 12:28:43 -04:00
Nick Mathewson
57e7b54b7b Teach read_event/write_event manipulators about bufferevents.
Add an --enable-bufferevents config switch.
2010-09-27 12:28:43 -04:00
Nick Mathewson
94aac84a71 Remove never-actually-finished code to use readv and writev for IO.
We'll get this feature for free with bufferevents, so there's no good reason
to clone it in Tor.
2010-09-27 12:28:43 -04:00
Roger Dingledine
47b23bd03e A start at a patch for bug 1943 (alignment issues) 2010-09-20 18:40:32 -04:00
Nick Mathewson
8150e2ad24 Make buf_shrink_freelists warn, not crash, when n_to_skip is too high
This mitigates bug 1125, but doesn't fix its root cause (whatever
that is).
2010-08-10 15:58:41 -04:00