Commit Graph

2511 Commits

Author SHA1 Message Date
Steven Murdoch
da34360952 Factor out and re-write code for splitting lines from a handle
Now handles non-printable characters and will not output a spurious
new-line if given a partial line.
2011-08-30 14:55:51 +01:00
Steven Murdoch
bc97f41080 Refactor out command line formatting
Now correctly handles whitespace, quotes and backslashes. Passes all unit tests.
2011-08-29 14:37:38 +01:00
Steven Murdoch
93792b5aa6 Add a sanity check 2011-08-29 00:36:41 +01:00
Steven Murdoch
f1ff65dfad Replace two magic tristates with #define'd names
- process_handle_t.status
- return value of tor_get_exit_code()
2011-08-29 00:30:18 +01:00
Steven Murdoch
3f0a197aad Make signature of tor_spawn_background more conventional
Conventionally in Tor, structs are returned as pointers, so change
tor_spawn_background() to return the process handle in a pointer rather
than as return value.
2011-08-28 23:35:02 +01:00
Nick Mathewson
f186e16241 Add write watermarks to filtered bufferevents. 2011-08-24 17:31:37 -04:00
Nick Mathewson
59d0f750c9 Apply rate-limiting to the lowest bufferevent in the stack.
When we're doing filtering ssl bufferevents, we want the rate-limits
to apply to the lowest level of the bufferevent stack, so that we're
actually limiting bytes sent on the network. Otherwise, we'll read
from the network aggressively, and only limit stuff as we process it.
2011-08-24 17:31:32 -04:00
Steven Murdoch
1da5081ae0 Appease "make check-spaces" 2011-08-24 21:34:13 +01:00
Steven Murdoch
50b48c3ea7 Improve comments and fix one bug 2011-08-24 21:33:53 +01:00
Steven Murdoch
476807211c We don't need to find our own path, just tell Windows to search 2011-08-24 20:50:58 +01:00
Nick Mathewson
ede9cd4f99 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-08-24 13:53:17 -04:00
Gisle Vanem
5939c09d35 lround() missing in MSVC
lround() is missing in MS Visual-C's <math.h>. Not available anywhere.
Here is an easy patch.
2011-08-24 13:52:44 -04:00
Steven Murdoch
2efafdfe14 Fix compilation errors under *nix 2011-08-23 01:09:24 +01:00
Steven Murdoch
1ad986335a Tidy up subprocess code
- Better error handling
- Write description of functions
- Don't assume non-negative process return values
2011-08-22 19:43:38 +01:00
Steven Murdoch
f46f6aabb4 Fix some compiler warnings 2011-08-22 18:13:58 +01:00
Steven Murdoch
6443a756df Merge branch 'bug1983-port-tor-fw-helper-to-windows' into bug2046
Conflicts:
	configure.in
	src/tools/tor-fw-helper/Makefile.am
	src/tools/tor-fw-helper/tor-fw-helper-upnp.c
	src/tools/tor-fw-helper/tor-fw-helper.c
2011-08-22 17:53:17 +01:00
Nick Mathewson
d3653063d3 Automatically use filtering bufferevents with IOCP. 2011-08-18 15:16:05 -04:00
Steven Murdoch
cc5b6d6cee Merge remote branch 'origin/master' into bug2046 2011-08-18 18:42:02 +01:00
Steven Murdoch
7d015c886a Complete logging of output from port forwarding helper 2011-08-18 18:41:23 +01:00
Nick Mathewson
52e36feda1 Call evthread_use_windows_threads when running with IOCP on windows 2011-08-17 14:44:16 -04:00
Sebastian Hahn
6a06f45b04 Actually pick a random port when "auto" is specified
ddc65e2b33 had broken this
2011-08-17 10:41:36 -04:00
George Kadianakis
db4cde3810 Improve the code a tad.
* Use strcmpstart() instead of strcmp(x,y,strlen(y)).
* Warn the user if the managed proxy failed to launch.
* Improve function documentation.
* Use smartlist_len() instead of n_unconfigured_proxies.
* Split managed_proxy_destroy() to managed_proxy_destroy()
  and managed_proxy_destroy_with_transports().
* Constification.
2011-08-15 17:26:03 +02:00
Sebastian Hahn
f137ae896e Don't warn on http connection to my orport
Also remove a few other related warnings that could occur during the ssl
handshake. We do this because the relay operator can't do anything about
them, and they aren't their fault.
2011-08-11 20:37:51 +02:00
Nick Mathewson
b76f46c6d8 Merge branch 'bug1692-squashed' 2011-08-10 15:04:36 -04:00
Robert Ransom
e42a74e563 Add smartlist_[v]asprintf_add
I should have added this before implementing #2411.
2011-08-10 15:03:24 -04:00
Sebastian Hahn
bed79c47f4 Get rid of an unused parameter warning on win 2011-08-09 11:03:17 +02:00
Sebastian Hahn
0a5338e03c Sockets are unsigned on windows
this gets rid of a warning about signed/unsigned comparison
2011-08-09 11:03:16 +02:00
Nick Mathewson
e802199cb3 Initial patch to build Tor with msvc and nmake
We'll still need to tweak it so that it looks for includes and
libraries somewhere more sensible than "where we happened to find
them on Erinn's system"; so that tests and tools get built too;
so that it's a bit documented; and so that we actually try running
the output.

Work done with Erinn Clark.
2011-08-01 12:36:59 -04:00
Steven Murdoch
5bf9890b3b Test case for reading the partial output of a background process 2011-07-25 04:08:08 +01:00
Steven Murdoch
99baa7e45c Fix compilation on non-Windows platforms 2011-07-23 23:49:30 +01:00
Steven Murdoch
c5796a8fb2 If hProcess is NULL, read_all_handle returns if it would block 2011-07-23 21:35:50 +01:00
Steven Murdoch
2d5059e08e Use PeekNamedPipe to avoid blocking ReadFile when there is nothing to read 2011-07-22 21:12:00 +01:00
Steven Murdoch
55a1cb53d6 Add code to read all from a handle, but this block forever
See http://stackoverflow.com/questions/3722409/windows-child-process-with-redirected-input-and-output
for a potential solution
2011-07-22 15:57:56 +01:00
Steven Murdoch
fec902dd60 Add Windows version of tor_spawn_background and ancillary functions 2011-07-21 19:26:19 +01:00
Steven Murdoch
35c89be02b Generalize process spawning so its test compiles (but fails) in Windows
- pid, stdout/stderr_pipe now encapsulated in process_handle
- read_all replaced by tor_read_all_from_process_stdin/stderr
- waitpid replaced by tor_get_exit_code

Untested on *nix
2011-07-21 16:34:48 +01:00
Nick Mathewson
1d7beea2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-20 13:17:59 -04:00
Nick Mathewson
718252b253 Check return value in fmt_addr
Previously, if tor_addr_to_str() returned NULL, we would reuse the
last value returned by fmt_addr().  (This could happen if we were
erroneously asked to format an AF_UNSPEC address.)  Now instead we
return "???".
2011-07-20 13:17:48 -04:00
Nick Mathewson
94f85f216a Turn streq_opt into a generic strcmp_opt. 2011-07-19 02:36:11 -04:00
Nick Mathewson
773bfaf91e Implement stream isolation
This is the meat of proposal 171: we change circuit_is_acceptable()
to require that the connection is compatible with every connection
that has been linked to the circuit; we update circuit_is_better to
prefer attaching streams to circuits in the way that decreases the
circuits' usefulness the least; and we update link_apconn_to_circ()
to do the appropriate bookkeeping.
2011-07-19 01:58:45 -04:00
George Kadianakis
69271b2a38 Reuse get_string_from_pipe() in log_from_pipe(). 2011-07-18 17:06:16 +02:00
George Kadianakis
14c5a24fe7 Replaced ST_* enum prefix for stream status with IO_STREAM_*. 2011-07-18 02:35:29 +02:00
Nick Mathewson
44cfa53873 Make WIN32_WINNT defines conditional
Requested by Gisle Vanem on tor-dev.  I'm not quite sure this is the
right solution, but it's probably harmless.
2011-07-15 10:03:59 -04:00
George Kadianakis
810a7a5fa0 Make some utility functions.
* Create a function that will get input from a stream, so that we can
  communicate with the managed proxy.
* Hackish change to tor_spawn_background() so that we can specify an
  environ for our spawn.
2011-07-13 18:59:52 +02:00
Nick Mathewson
3f97c665aa Document feature3116 fns and improve output
- We were reporting the _bottom_ N failing states, not the top N.
- With bufferevents enabled, we logged all TLS states as being "in
  bufferevent", which isn't actually informative.
- When we had nothing to report, we reported nothing too loudly.
- Also, we needed documentation.
2011-07-11 16:13:17 -04:00
Nick Mathewson
734d9486f6 Record the states of failing OR connections
This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.

More work is still needed:
  - We need documentation
  - We need to actually call the code that reports the failure when
    we realize that we're having a hard time connecting out or
    making circuits.
  - We need to periodically clear out all this data -- perhaps,
    whenever we build a circuit successfully?
  - We'll eventually want to expose it to controllers, perhaps.

Partial implementation of feature 3116.
2011-07-11 16:13:17 -04:00
Nick Mathewson
e273890b10 Merge branch 'cov217_master' 2011-07-01 12:57:21 -04:00
Nick Mathewson
734e860d98 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-01 12:56:40 -04:00
Nick Mathewson
2ba19f9b4a Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-07-01 12:55:23 -04:00
Nick Mathewson
d25feadebb Fix insanely large stack_allocation in log_credential_status
I'm not one to insist on C's miserly stack limits, but allocating a
256K array on the stack is too much even for me.

Bugfix on 0.2.1.7-alpha.  Found by coverity.  Fixes CID # 450.
2011-07-01 12:38:05 -04:00
Nick Mathewson
a0ae80788c Replace 4 more sscanf()s with tor_sscanf()
For some inexplicable reason, Coverity departs from its usual
standards of avoiding false positives here, and warns about all
sscanf usage, even when the formatting strings are totally safe.

Addresses CID # 447, 446.
2011-07-01 11:26:30 -04:00
Nick Mathewson
9919b01275 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-22 18:15:27 -04:00
Robert Ransom
2b5ebc7097 Improve documentation of smartlist_split_string 2011-06-22 14:09:43 -07:00
Robert Ransom
d7254bea11 Fix minor comment issues 2011-06-22 14:09:43 -07:00
Nick Mathewson
410e440a8d Log SSL state changes at LOG_DEBUG, LD_HANDSHAKE.
This can be slightly useful for debugging blocking events.

Addresses ticket 3116; based on loud_ssl_states branch.
2011-06-20 17:45:12 -04:00
Nick Mathewson
997499369e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-20 15:28:16 -04:00
Nick Mathewson
1040ccafb2 Fix overwide lines in util.c 2011-06-20 15:28:06 -04:00
Nick Mathewson
8839b86085 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 12:25:33 -04:00
Jérémy Bobbio
54d7d31cba Make ControlSocketsGroupWritable work with User.
Original message from bug3393:

check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.

The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.

(Code by lunar; changelog by nickm)
2011-06-14 12:18:32 -04:00
Nick Mathewson
d25d08dc4d Merge remote-tracking branch 'asn2/bug3336' 2011-06-06 18:34:45 -04:00
Nick Mathewson
8cd5a3c186 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-06 16:20:22 -04:00
Nick Mathewson
5afab5ca19 Check maximum properly in crypto_rand_int()
George Kadianakis notes that if you give crypto_rand_int() a value
above INT_MAX, it can return a negative number, which is not what
the documentation would imply.

The simple solution is to assert that the input is in [1,INT_MAX+1].
If in the future we need a random-value function that can return
values up to UINT_MAX, we can add one.

Fixes bug 3306; bugfix on 0.2.2pre14.
2011-06-06 16:18:06 -04:00
George Kadianakis
9eab601f10 Add the heartbeat domain in log.c:domain_list[]
so that parse_log_domain() doesn't fail.
2011-06-05 21:27:53 +02:00
Nick Mathewson
12f9c91c06 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:36:21 -04:00
Nick Mathewson
bbf2fee8ff Reject 128-byte keys that are not 1024-bit
When we added the check for key size, we required that the keys be
128 bytes.  But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024.  This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.

Also, credit the original bug3318 in the changes file.
2011-06-03 11:31:19 -04:00
Nick Mathewson
b73a662a26 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-01 11:11:31 -04:00
Gisle
1d8bcba067 Fix compile error in procmon.c
An elusive compile-error (MingW-gcc v4.50 on Win_XP); a missing
comma (!) and a typo ('err_msg' at line 277 changed to 'errmsg').
Aso changed the format for 'err_code' at line 293 into a "%ld" to suppress
a warning. How did this go unnoticed for ~1 month? Btw. This is my 1st ever
'git commit', so it better work.
2011-06-01 11:11:12 -04:00
Nick Mathewson
fa1d47293b Merge remote-tracking branch 'origin/maint-0.2.2'
The conflicts were mainly caused by the routerinfo->node transition.

Conflicts:
	src/or/circuitbuild.c
	src/or/command.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/relay.c
	src/or/rendservice.c
	src/or/routerlist.c
2011-05-30 15:41:46 -04:00
Nick Mathewson
7f0fb8e608 whitespace fixes 2011-05-30 15:21:06 -04:00
Nick Mathewson
21de9d46e2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.c
	src/or/main.c
2011-05-30 14:58:26 -04:00
Nick Mathewson
da7c60dcf3 Merge remote-tracking branch 'public/bug3270' into maint-0.2.2 2011-05-30 14:49:49 -04:00
Nick Mathewson
8e09f7cf10 Fix a -Wunused-but-set-variable instance in master 2011-05-28 01:57:38 -04:00
Nick Mathewson
6f200b61b7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-23 02:16:25 -04:00
Robert Ransom
6cac100b13 Unbreak the build on libevent 1.x systems 2011-05-22 22:54:02 -07:00
Nick Mathewson
2527acb2dc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/control.c
2011-05-23 01:23:53 -04:00
Nick Mathewson
b80a8bba19 Merge branch 'feature3049-v2' into maint-0.2.2
Conflicts:
	src/common/Makefile.am
2011-05-23 01:19:04 -04:00
Nick Mathewson
1e69c60dcc The first argument for a libevent callback should be evutil_socket_t 2011-05-23 01:12:00 -04:00
Nick Mathewson
93b699e1ea Appease make check-spaces wrt procmon.h 2011-05-23 01:10:49 -04:00
Nick Mathewson
cfeafe5e77 Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int.  The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.

On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.

This patch should fix compilation and correctness when built for
64-bit windows.  Fixes bug 3270.
2011-05-23 00:17:48 -04:00
Roger Dingledine
cb7fff193e Merge branch 'maint-0.2.2' 2011-05-21 18:14:16 -04:00
Roger Dingledine
a2851d3034 what's up with this trailing whitespace 2011-05-20 23:30:37 -04:00
Robert Ransom
0caa37db4d Fix some comments 2011-05-20 08:25:42 -07:00
Robert Ransom
4b266c6e72 Implement __OwningControllerProcess option
Implements part of feature 3049.
2011-05-20 08:25:42 -07:00
Nick Mathewson
03ccce6d77 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-16 14:50:53 -04:00
Nick Mathewson
e908e3a332 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Fixed trivial conflict due to headers moving into their own .h files
from or.h.

Conflicts:
	src/or/or.h
2011-05-16 14:49:55 -04:00
Nick Mathewson
4a22046c86 squash! Add crypto_pk_check_key_public_exponent function
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
2011-05-16 14:45:06 -04:00
Robert Ransom
d2629f78a0 Add crypto_pk_check_key_public_exponent function 2011-05-16 14:07:34 -04:00
Nick Mathewson
de8e0ef0bd Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 22:15:06 -04:00
Nick Mathewson
83fe07d3f2 Increase the length of the buffer in smartlist_string_num_isin().
This was harmless, since we only used this for checking for lists of
port values, but it's the principle of the thing.

Fixes 3175; bugfix on 0.1.0.1-rc
2011-05-15 22:13:53 -04:00
Nick Mathewson
4ac8ff9c9f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:22:44 -04:00
Nick Mathewson
f72e792be5 Make check_private_dir check for group ownership as appropriate 2011-05-15 20:20:30 -04:00
Nick Mathewson
287f6cb128 Fix up some comment issues spotted by rransom 2011-05-15 20:20:30 -04:00
Nick Mathewson
5d147d8527 Add a new flag to check_private_dir to make it _not_ change permissions
We'll need this for checking permissions on the directories that hold
control sockets: if somebody says "ControlSocket ~/foo", it would be
pretty rude to do a chmod 700 on their homedir.
2011-05-15 20:20:29 -04:00
Nick Mathewson
3b6cbf2534 Add a function to pull off the final component of a path 2011-05-15 20:20:29 -04:00
Nick Mathewson
b147c01295 Make check_private_dir accept g+rx dirs if told to do so. 2011-05-15 20:20:29 -04:00
Nick Mathewson
68acfefbdb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:12:20 -04:00
Nick Mathewson
4c3853aca8 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/networkstatus.c
2011-05-15 20:09:10 -04:00
Nick Mathewson
00ff80e0ae Fixup whitespace issues from 3122 commit 2011-05-15 20:06:36 -04:00
Nick Mathewson
ced06a8009 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 19:56:40 -04:00
Nick Mathewson
d29c2eb921 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-15 19:56:27 -04:00
Nick Mathewson
10d670674a Another doc tweak on tor_memcmp: <b>b</b>, not <b>. 2011-05-15 19:56:05 -04:00
Roger Dingledine
b48f83ab8c minor tweaks to 4b19730c82 2011-05-15 19:20:42 -04:00
Nick Mathewson
37e3fb8af2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c
2011-05-15 11:44:51 -04:00
Nick Mathewson
2253697a04 New smartlist function to see if two lists of strings are equal.
We'll use this to detect changes in CSV options.
2011-05-13 16:18:53 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
28cc7b0180 Add a new "tor_sockaddr_to_str()" function
It does what it says on the tin.  It turns out I'll want this in a couple
of places.
2011-05-13 10:41:18 -04:00
Robert Ransom
c714a098ea Improve a documentation comment 2011-05-12 02:57:09 -07:00
Robert Ransom
cb9df5e53c Fix comment typo 2011-05-12 00:27:19 -07:00
Nick Mathewson
9fba014e3f Merge remote-tracking branch 'public/bug3122_memcmp_022' into bug3122_memcmp_023
Conflicts in various places, mainly node-related.  Resolved them in
favor of HEAD, with copying of tor_mem* operations from bug3122_memcmp_022.

	src/common/Makefile.am
	src/or/circuitlist.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/microdesc.c
	src/or/networkstatus.c
	src/or/router.c
	src/or/routerlist.c
	src/test/test_util.c
2011-05-11 16:39:45 -04:00
Nick Mathewson
0cbcbc3412 Re-apply the automated conversion to 0.2.2 to make handle any memcmps that snuck in 2011-05-11 16:27:27 -04:00
Nick Mathewson
44ad734573 Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
Conflicts throughout.  All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.

	src/common/Makefile.am
	src/or/circuitbuild.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/dirvote.c
	src/or/networkstatus.c
	src/or/rendclient.c
	src/or/rendservice.c
	src/or/router.c
	src/or/routerlist.c
	src/or/routerparse.c
	src/or/test.c
2011-05-11 16:24:29 -04:00
Nick Mathewson
59f9097d5c Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:

   If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
   changed it to a fast_memcmp or fast_memeq.

   Otherwise if there was a tor_memcmp that could turn into a
   tor_memneq or tor_memeq, I converted it.

This wants close attention.

[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
2011-05-11 16:12:51 -04:00
Nick Mathewson
db7b2a33ee Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq
This commit is _exactly_ the result of

perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
2011-05-11 16:12:51 -04:00
Nick Mathewson
1d703ed22b Add a "di_ops.h" include to util.h 2011-05-11 16:12:51 -04:00
Nick Mathewson
4b19730c82 Add a data-independent variant of memcmp and a d-i memeq function.
The tor_memcmp code is by Robert Ransom, and the tor_memeq code is
by me.  Both incorporate some ideas from DJB's stuff.
2011-05-11 16:12:33 -04:00
Robert Ransom
b7452dcbcb Fix comment typo 2011-05-10 05:15:02 -07:00
Nick Mathewson
1065a5ef29 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-05 21:54:04 -04:00
Nick Mathewson
330116f034 Fix up some check-spaces issues 2011-05-05 21:53:46 -04:00
Nick Mathewson
8b33928676 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 17:15:31 -04:00
John Brooks
2dc9546eef Correct the logic from f14754fbd for tor_gmtime_r 2011-04-28 17:13:45 -04:00
Nick Mathewson
51e551d383 Detect and handle NULL returns from (gm/local)time_r
These functions can return NULL for otherwise-valid values of
time_t.  Notably, the glibc gmtime manpage says it can return NULL
if the year if greater than INT_MAX, and the windows MSDN gmtime
page says it can return NULL for negative time_t values.

Also, our formatting code is not guaranteed to correctly handle
years after 9999 CE.

This patch tries to correct this by detecting NULL values from
gmtime/localtime_r, and trying to clip them to a reasonable end of
the scale.  If they are in the middle of the scale, we call it a
downright error.

Arguably, it's a bug to get out-of-bounds dates like this to begin
with.  But we've had bugs of this kind in the past, and warning when
we see a bug is much kinder than doing a NULL-pointer dereference.

Boboper found this one too.
2011-04-28 17:12:54 -04:00
Nick Mathewson
26456d3354 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-27 22:14:54 -04:00
Nick Mathewson
0130e7c9d2 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/torint.h
2011-04-27 22:14:28 -04:00
Nick Mathewson
43ffd023e9 Make SIZE_T_CEILING unsigned; add a signed SSIZE_T_CEILING
None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.

Fixes bug2475.
2011-04-26 13:03:58 -04:00
Nick Mathewson
4a7f979b54 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:41:01 -04:00
Nick Mathewson
5cc322e547 Standardize our printf code on %d, not %i. 2011-04-19 12:40:29 -04:00
Nick Mathewson
99c2bfe76b Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rephist.c
2011-04-08 13:37:57 -04:00
Nick Mathewson
1be1221385 Free pending_cb_messages on exit 2011-04-07 15:25:33 -04:00
Nick Mathewson
67d88a7d60 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/address.c
	src/common/compat_libevent.c
	src/common/memarea.c
	src/common/util.h
	src/or/buffers.c
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection.c
	src/or/directory.c
	src/or/networkstatus.c
	src/or/or.h
	src/or/routerlist.c
2011-04-07 12:17:20 -04:00
Nick Mathewson
ba0cd8094f Merge remote-tracking branch 'public/xxx_fixups' into maint-0.2.2
Conflicts:
	src/or/or.h
2011-04-07 12:03:04 -04:00
Nick Mathewson
ee871e7a0e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.h
	src/or/circuitlist.c
	src/or/circuituse.c
	src/or/or.h
	src/or/rephist.c
2011-03-30 14:55:50 -04:00
Nick Mathewson
5eaba5ac21 Implement replacements for timer(add,cmp,sub) on platforms lacking them. 2011-03-30 14:41:41 -04:00
Sebastian Hahn
9facf8918f Improve a few comments 2011-03-28 19:28:04 +02:00
Nick Mathewson
05887f10ff Triage the XXX022 and XXX021 comments remaining in the code
Remove some, postpone others, leave some alone.  Now the only
remaining XXX022s are ones that seem important to fix or investigate.
2011-03-25 18:32:27 -04:00
Nick Mathewson
c4bd067359 Comment out ancient asserts for bug 930; resolve an xxx021 2011-03-25 16:28:38 -04:00
Nick Mathewson
41380fa3b3 Fixup tor_addr_to_sockaddr return convention 2011-03-25 16:28:38 -04:00
Nick Mathewson
88bb40d8f8 Clean up a comment-conversation about bad libevent version/method combos 2011-03-25 16:28:38 -04:00
Nick Mathewson
444e46d96d Remove the "fuzzy time" code
It was the start of a neat idea, but it only got used in 3 places,
none of which really needed it.
2011-03-25 16:28:37 -04:00
Nick Mathewson
1db6eb6cb7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-03-16 18:10:24 -04:00
Nick Mathewson
721954b3a2 Resolve the one DOCDOC in the 0.2.2 code atm 2011-03-16 18:07:55 -04:00
Nick Mathewson
b1b6552251 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/crypto.c
2011-03-16 17:16:54 -04:00
Nick Mathewson
3310dd2358 Clean up whitespace 2011-03-16 17:11:30 -04:00
Nick Mathewson
57b954293e Merge remote-tracking branch 'origin/maint-0.2.2'
Trivial Conflicts in
	src/common/crypto.c
	src/or/main.h
	src/or/or.h
2011-03-16 17:09:32 -04:00
Nick Mathewson
6617822b84 Doxygen documentation for about 100 things that didn't have any
About 860 doxygen-less things remain in 0.2.2
2011-03-16 17:05:37 -04:00
Nick Mathewson
7f6af7a602 Fix up all doxygen warnings other than "foo is not documented" 2011-03-16 14:47:27 -04:00
Nick Mathewson
26009a3ed0 Merge remote branch 'origin/maint-0.2.2' 2011-03-07 17:12:08 -05:00
Sebastian Hahn
f83debb51d Fix setting target port in get_interface_address6
We want to use the discard port correctly, so a htons() was missing.
Also we need to set it correctly depending on address family.

Review provided by danieldg
2011-03-05 16:58:20 +01:00
Sebastian Hahn
865ea5d263 Fix connect() failures in get_interface_address6()
The third argument for connect should be dependent on the address
family. Issue spotted by piebeer who also wrote the patch.
2011-03-05 16:57:05 +01:00
Nick Mathewson
f608872b0c C style fix: a no-args function is void fn(void), not void fn(). 2011-03-03 23:42:14 -05:00
Nick Mathewson
8ae179deec Add a magic field to tor_tls_t to catch exdata corruption bugs, if any appear. 2011-03-03 23:41:34 -05:00
Robert Ransom
74fc993b98 Check the result of SSL_set_ex_data
Reported by piebeer.
2011-03-03 16:17:39 -08:00
Robert Ransom
fe1137be6f Use SSL_*_ex_data instead of SSL_*_app_data
SSL_*_app_data uses ex_data index 0, which will be the first one allocated
by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
for some other purpose, or a library linked to Tor ever started using
OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
ways. Using the SSL_*_ex_data functions directly now may save us from
that particular form of breakage in the future.

But I would not be surprised if using OpenSSL's ex_data functions at all
(directly or not) comes back to bite us on our backends quite hard. The
specified behaviour of dup_func in the man page is stupid, and
crypto/ex_data.c is a horrific mess.
2011-03-03 15:34:53 -08:00
Robert Ransom
13ee803469 Remove now-unused helper functions
These functions were needed only by code removed in the preceding commit.

Reported by mobmix.
2011-03-03 14:59:21 -08:00
Gladys Shufflebottom
49de5431d5 remove tls related hash table code 2011-03-01 18:11:25 -05:00
Nick Mathewson
46b07462ae Merge remote branch 'origin/maint-0.2.2' 2011-02-22 13:02:42 -05:00
Nick Mathewson
9d5873cdae Merge branch 'log_domains' into maint-0.2.2 2011-02-22 13:01:02 -05:00
Nick Mathewson
ce149c1022 That shalt also not have a label without a statement. 2011-02-22 12:52:52 -05:00
Nick Mathewson
933ffd536d Merge remote branch 'origin/maint-0.2.2' 2011-02-22 12:47:47 -05:00
Sebastian Hahn
098b6ba72d Initial heartbeat subsystem commit.
Sets:
* Documentation
* Logging domain
* Configuration option
* Scheduled event
* Makefile
It also creates status.c and the log_heartbeat() function.

All code was written by Sebastian Hahn. Commit message was
written by me (George Kadianakis).
2011-02-22 12:40:36 -05:00
Sebastian Hahn
5dbaf9dbd5 Windows has EACCES, not EACCESS
Once again spotted by mobmix

Also add a changes file for the fix
2011-02-11 17:02:26 +01:00
Nick Mathewson
50c259d763 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.

(Backport from 0.2.2's 5ed73e3807)
2011-02-10 15:55:06 -05:00
Nick Mathewson
f25fc6e650 Merge remote branch 'origin/maint-0.2.2' 2011-02-08 14:02:43 -05:00
Sebastian Hahn
9c7e2cf010 Locking failures on windows are indicated by EACCES
Patch our implementation of tor_lockfile_lock() to handle this case
correctly. Also add a note that blocking behaviour differs from windows
to *nix. Fixes bug 2504, issue pointed out by mobmix.
2011-02-08 18:35:07 +01:00
Robert Ransom
0ab8b7c0f2 Thou shalt not overflow even stupidly small buffers 2011-02-04 05:50:44 -08:00
Nick Mathewson
912b76a1bf Merge remote branch 'origin/maint-0.2.2' 2011-02-03 13:56:37 -05:00
Nick Mathewson
e80bdfb4a0 Correctly detect BIO_new failures
This bug was noticed by cypherpunks; fixes bug 2378.

Bugfix on svn commit r110.
2011-01-25 18:26:49 -05:00
Nick Mathewson
bfde636aad Always treat failure to allocate an RSA key as an unrecoverable allocation error 2011-01-25 18:19:09 -05:00
Nick Mathewson
76582442a8 Handle failing cases of DH allocation 2011-01-25 18:09:38 -05:00
Nick Mathewson
c939c953ae Remove an unused function in crypto.c 2011-01-25 18:07:02 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
e261a1a3e6 Simplify syntax for negated log domains
Previously if you wanted to say "All messages except network
messages", you needed to say "[*,~net]" and if you said "[~net]" by
mistake, you would get no messages at all.  Now, if you say "[~net]",
you get everything except networking messages.
2011-01-25 15:03:36 -05:00
Nick Mathewson
aaa5737a2e Merge remote branch 'origin/maint-0.2.2' 2011-01-24 17:51:52 -05:00
Nick Mathewson
5ed73e3807 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
2011-01-24 16:50:11 -05:00
Nick Mathewson
07888ed8e4 Merge remote branch 'origin/maint-0.2.2' 2011-01-15 14:17:59 -05:00
Nick Mathewson
a7790d48af Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 14:15:19 -05:00
Nick Mathewson
9b09627edd Zero out some more key data before freeing it
Found by cypherpunks; fixes bug 2384.
2011-01-15 14:10:52 -05:00
Nick Mathewson
1758ef51de Merge remote branch 'origin/maint-0.2.2' 2011-01-15 13:26:02 -05:00
Nick Mathewson
1393985768 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
	src/or/test.c
2011-01-15 13:25:13 -05:00
Nick Mathewson
b97b0efec8 Merge branch 'bug2352_obsize' into maint-0.2.1 2011-01-15 13:15:06 -05:00
Robert Ransom
7ea674e0e0 Remove some unnecessary occurrences of +1.
I dug through the OpenSSL source and verified that RSA_private_decrypt will
not write more than RSA_size(key) bytes to its output buffer.
2011-01-15 13:11:44 -05:00
Nick Mathewson
f550c96ade Merge remote branch 'origin/maint-0.2.2' 2011-01-15 12:16:18 -05:00
Nick Mathewson
cff4cfef4f Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 12:13:50 -05:00
Nick Mathewson
8f11642ceb Merge branch 'bug2324_uncompress' into maint-0.2.1 2011-01-15 12:12:34 -05:00
Nick Mathewson
1fcfc18628 clean up message; explain a magic number in a comment 2011-01-15 12:12:10 -05:00
Nick Mathewson
1b8f2ef550 Merge remote branch 'origin/maint-0.2.2' 2011-01-15 12:03:44 -05:00
Nick Mathewson
ed87738ede Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/config.c
	src/or/networkstatus.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/or/test.c
2011-01-15 12:02:55 -05:00
Nick Mathewson
115782bdbe Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a
large enough buffer.  In one case, they weren't.

(Incorporates fixes from sebastian)
2011-01-15 11:49:25 -05:00
Roger Dingledine
10d385bd71 typos 2011-01-12 18:38:52 -05:00
Nick Mathewson
9a6a8ea466 Merge remote branch 'origin/maint-0.2.2' 2011-01-12 14:38:24 -05:00
Nick Mathewson
2c04c506a4 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-12 14:38:11 -05:00
Nick Mathewson
9fcc14224b Make our replacement INT32_MAX always signed
The C standard says that INT32_MAX is supposed to be a signed
integer.  On platforms that have it, we get the correct
platform-defined value.  Our own replacement, however, was
unsigned.  That's going to cause a bug somewhere eventually.
2011-01-12 14:29:38 -05:00
Nick Mathewson
71d786b2d3 Merge branch 'bug2320' 2011-01-12 12:52:31 -05:00
Nick Mathewson
3dbfc6a734 Merge remote branch 'origin/maint-0.2.2' 2011-01-12 12:43:30 -05:00
Nick Mathewson
729f404efe Add logic in routerparse to not read overlong private keys
I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
2011-01-10 12:07:34 -05:00
Nick Mathewson
d4165ef8b4 Use autoconf's FLEXIBLE_ARRAY_MEMBER for unspecified-length arrays
C99 allows a syntax for structures whose last element is of
unspecified length:
   struct s {
     int elt1;
     ...
     char last_element[];
   };

Recent (last-5-years) autoconf versions provide an
AC_C_FLEXIBLE_ARRAY_MEMBER test that defines FLEXIBLE_ARRAY_MEMBER
to either no tokens (if you have c99 flexible array support) or to 1
(if you don't).  At that point you just use offsetof
[STRUCT_OFFSET() for us] to see where last_element begins, and
allocate your structures like:

   struct s {
     int elt1;
     ...
     char last_element[FLEXIBLE_ARRAY_MEMBER];
   };

   tor_malloc(STRUCT_OFFSET(struct s, last_element) +
                                   n_elements*sizeof(char));

The advantages are:

   1) It's easier to see which structures and elements are of
      unspecified length.
   2) The compiler and related checking tools can also see which
      structures and elements are of unspecified length, in case they
      wants to try weird bounds-checking tricks or something.
   3) The compiler can warn us if we do something dumb, like try
      to stack-allocate a flexible-length structure.
2011-01-06 15:59:05 -05:00
Nick Mathewson
240fa42aac Fix size_t vs unsigned comparison too 2011-01-05 12:49:02 -05:00
Nick Mathewson
d14b0d54d2 Fix a SIZE_T_CEILING check in torgzip.c; noticed by cypherpunks 2011-01-05 12:42:34 -05:00
Nick Mathewson
0222228d64 Fix up size and sign issues in base32 code
Fixes bug 2331.
2011-01-03 16:16:53 -05:00
Nick Mathewson
a87a55a9b6 Merge remote branch 'origin/maint-0.2.2' 2011-01-03 15:55:41 -05:00
Nick Mathewson
64798dab4f Detect and disallow compression bombs 2011-01-03 15:54:23 -05:00
Nick Mathewson
f089804332 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:31:19 -05:00
Nick Mathewson
e365aee971 Avoid assertion on read_file_to_str() with size==SIZE_T_CEILING-1
Spotted by doors, fixes bug 2326.
2011-01-03 15:30:11 -05:00
Nick Mathewson
a96b46570f Merge remote branch 'origin/maint-0.2.2' 2011-01-03 15:16:36 -05:00
Nick Mathewson
cee433d751 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 15:15:54 -05:00
Nick Mathewson
e09ab69703 Check size against SIZE_T_CEILING in realloc too.
Fixes bug 2324.
2011-01-03 15:15:27 -05:00
Nick Mathewson
0489f7e004 Merge remote branch 'origin/maint-0.2.2' 2011-01-03 13:19:10 -05:00
Nick Mathewson
27cefef3a2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-03 13:18:33 -05:00
Nick Mathewson
394a6bf4cd Merge remote branch 'origin/maint-0.2.2' 2011-01-03 12:47:58 -05:00
Nick Mathewson
bb5f99d4df Merge remote branch 'sebastian/bug2314' into maint-0.2.2 2011-01-03 12:47:14 -05:00
Nick Mathewson
5c09431cc7 Never include pthread.h when building for Windows.
On Windows, we never use pthreads, since it doesn't usually exist,
and when it does it tends to be a little weirdly-behaved.  But some
mingw installations have a pthreads installed, so autoconf detects
pthread.h and tells us about it.  This would make us include
pthread.h, which could make for trouble when the iffy pthread.h
tried to include config.h.

This patch changes compat.h so that we never include pthread.h on
Windows.  Fixes bug 2313; bugfix on 0.1.0.1-rc.
2011-01-03 12:45:13 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
30b3475e6d Bump copyright statements to 2011 (0.2.2) 2011-01-03 11:52:09 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Sebastian Hahn
9ecf133686 Fix compile wanrings revealed by gcc 4.5 on mingw 2010-12-27 09:47:41 +01:00
Nick Mathewson
0a3b7f1471 Merge remote branch 'origin/maint-0.2.2' 2010-12-21 15:50:09 -05:00
Nick Mathewson
cdbd6d0fe8 Merge remote branch 'rransom/bug2190_the_hard_way' into maint-0.2.2 2010-12-21 15:48:14 -05:00
Nick Mathewson
69771bb5fc Merge remote branch 'public/bug2190_021' into maint-0.2.1 2010-12-21 15:44:50 -05:00
Roger Dingledine
c79427a992 Merge branch 'maint-0.2.2' 2010-12-19 22:08:42 -05:00
Nick Mathewson
dd2ae32bc1 Turn on epoll changelists with libevent 2.0.9-rc and later
Libevent 2.0 has a "changelist" feature that avoids making redundant
syscalls if we wind up doing a lot of event_add/event_del operations
on the same fd in a row.  Unfortunately, due to a weird design
choice in Linux, it doesn't work right with epoll when multiple fds
refer to the same socket (e.g., one is a dup() of the other).  We
don't dup() anything we give to Libevent, though, so it is safe for
us to explicitly turn this feature on.
2010-12-16 13:37:43 -05:00
Nick Mathewson
b5e293afe6 Merge remote branch fix_security_bug_021 into fix_security_bug_022
Conflicts:
	src/common/memarea.c
	src/or/or.h
	src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
b8a7bad799 Make payloads into uint8_t.
This will avoid some signed/unsigned assignment-related bugs.
2010-12-15 22:31:11 -05:00
Nick Mathewson
785086cfba Have all of our allocation functions and a few others check for underflow
It's all too easy in C to convert an unsigned value to a signed one,
which will (on all modern computers) give you a huge signed value.  If
you have a size_t value of size greater than SSIZE_T_MAX, that is way
likelier to be an underflow than it is to be an actual request for
more than 2gb of memory in one go.  (There's nothing in Tor that
should be trying to allocate >2gb chunks.)
2010-12-13 18:40:21 -05:00
Nick Mathewson
649ee99846 Base SIZE_T_CEILING on SSIZE_T_MAX. 2010-12-13 18:40:15 -05:00
Robert Ransom
cc051f9aca Only add each log message to pending_cb_messages once. 2010-12-11 05:26:36 -08:00
Robert Ransom
4a9d60734c Don't call flush_pending_log_callbacks while logging LD_NOCB messages.
Found by boboper.
2010-12-11 04:41:35 -08:00
Steven Murdoch
d5127ebdd8 Fix connecting the stdin of tor-fw-helper to /dev/null
This wasn't working due to the parameters of dup2 being in the wrong order.
As a result, tor-fw-helper was inheriting the stdin of Tor.
2010-12-01 12:22:21 -05:00
Nick Mathewson
9908404f01 Merge remote branch 'sjmurdoch/cloexec' 2010-12-01 11:42:34 -05:00
Steven Murdoch
a961521a86 Check that FD_CLOEXEC is set before using it
I don't know if any platforms we care about don't have FD_CLOEXEC,
but this is what we do elsewhere
2010-12-01 15:43:17 +00:00
Steven Murdoch
786abbd54c Open log files with CLOEXEC flag set 2010-12-01 15:38:18 +00:00
Nick Mathewson
3ed7505dc5 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/relay.c
2010-11-30 19:23:40 -05:00
Nick Mathewson
89e97bdf94 Add wrappers function for libc random()
On windows, it's called something different.
2010-11-29 16:00:47 -05:00
mingw-san
78df6404eb Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-11-23 12:47:38 -05:00
Nick Mathewson
cbd3745924 Merge remote branch 'origin/maint-0.2.2' 2010-11-21 14:34:22 -05:00
Nick Mathewson
2bd64f9e8f Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-21 14:33:11 -05:00
Steven Murdoch
15f2b7859b Don't both open the socket with SOCK_CLOEXEC and set FD_CLOEXEC 2010-11-21 15:40:17 +00:00
Nick Mathewson
92a99736fd Do not set the hostname TLS extension server-side; only client-side
This may fix bug 2204, and resolve the incompatibility with openssl
0.9.8p/1.0.0b.
2010-11-20 22:21:50 -05:00
Steven Murdoch
9d63dfcf49 Fix compile error on MacOS X (and other platforms without O_CLOEXEC) 2010-11-20 13:50:55 +00:00
Nick Mathewson
b4f56dd4c6 Obviate need for doing a CLOEXEC on pipes: just close them before exec 2010-11-20 01:24:30 -05:00
Nick Mathewson
e669d25e43 Do cloexec on socketpairs and stdio files 2010-11-20 01:16:29 -05:00
Nick Mathewson
5a66de7015 Initial work to set CLOEXEC on all possible fds
Still to go: some pipes, all stdio files.
2010-11-20 00:58:40 -05:00
Nick Mathewson
d166d18643 Better fix for 2190: defer libevent->controller messages instead of dropping 2010-11-19 22:52:32 -05:00
Nick Mathewson
668f7a2639 Do not send Libevent log messages to a controller (0.2.1 backport)
Doing so could make Libevent call Libevent from inside a Libevent
logging call, which is a recipe for reentrant confusion and
hard-to-debug crashes.  This would especially hurt if Libevent
debug-level logging is enabled AND the user has a controller
watching for low-severity log messages.

Fix bug 2190; fix on 0.1.0.2-rc.
2010-11-19 22:27:40 -05:00
Nick Mathewson
6199ac5fbe Do not send Libevent log messages to a controller.
Doing so could make Libevent call Libevent from inside a Libevent
logging call, which is a recipe for reentrant confusion and
hard-to-debug crashes.  This would especially hurt if Libevent
debug-level logging is enabled AND the user has a controller
watching for low-severity log messages.

Fix bug 2190; fix on 0.1.0.2-rc.
2010-11-19 22:22:43 -05:00
Nick Mathewson
223fc208f6 Split long lines in configure.in and Makefile.am files
Having very long single lines with lots and lots of things in them
tends to make files hard to diff and hard to merge.  Since our tools
are one-line-at-a-time, we should try to construct lists that way too,
within reason.

This incidentally turned up a few headers in configure.in that we were
for some reason searching for twice.
2010-11-11 14:22:48 -05:00
Nick Mathewson
d238d8386f Add a testing-only option to use bufferevent_openssl as a filter
We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows.  This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.

It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
2010-11-09 15:36:27 -05:00
Nick Mathewson
1fb342dfab Merge branch 'loggranularity' 2010-11-08 12:40:33 -05:00
Nick Mathewson
ccec0a1bd3 Merge remote branch 'origin/maint-0.2.2' 2010-10-26 13:59:09 -04:00
Sebastian Hahn
213139f887 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2010-10-26 18:22:04 +02:00
Nick Mathewson
17fdde3d92 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c
2010-10-21 16:23:01 -04:00
Nick Mathewson
4dbd8ba008 clarify fmt_addr32 documentation to note that the address is in host-order 2010-10-15 18:04:07 -04:00
Nick Mathewson
441d90a8f9 Fix one-time memory leak when initializing libevent. Spotted by Sebastian 2010-10-15 17:14:04 -04:00
Nick Mathewson
a7cf788740 Merge branch 'bug1992_part1' 2010-10-15 17:08:18 -04:00
Nick Mathewson
96ab83d3b6 Improve accuracy of comment about aes_crypt performance
The old comment was from before I tried a huge pile of crazy stuff to
make the inner loop faster.  Short answer: GCC already knows how to
unroll loops pretty well.  Other short answer: we should have made the
relay payload size an even multiple of 4, 8, or ideally 16.
2010-10-15 13:44:25 -04:00
Nick Mathewson
05274ba9b5 Kill comments saying to remove asserts once bug930 is solved.
It's okay to leave the asserts in: the code doesn't appear in profiles.
2010-10-15 13:44:25 -04:00
Nick Mathewson
04231a2ebe Fix an apostrophe in a comment 2010-10-15 12:39:23 -04:00
Nick Mathewson
94a99ad205 Add a portable tor_timercmp
We can't use the platform timercmp, because
  1) some platforms don't have them
  2) some that do have them only support certain relational operators
2010-10-15 12:35:05 -04:00
Nick Mathewson
59cba1767c Make the return value of tor_addr_sockaddr always be signed 2010-10-15 11:36:16 -04:00
Nick Mathewson
a5289fa794 Remove the unused old fuzzy-time code 2010-10-15 11:16:42 -04:00
Nick Mathewson
adc4f678f1 Fix an xxx wrt picking libevent methods known-to-work
The short version is, "where we want to do it, we have nothing real to
chose from and we can't do it easily. Where it's easy to do, we have
no reason to do it yet."
2010-10-15 10:58:16 -04:00
Sebastian Hahn
9bed40eb10 Make check-spaces happy 2010-10-14 17:54:45 +02:00
Nick Mathewson
8c837db38f Merge branch 'nodes' 2010-10-13 16:04:25 -04:00
Nick Mathewson
fbacbf9fd9 Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents
This seems to fix another case of bug2001.
2010-10-12 14:52:33 -04:00
Nick Mathewson
a9172c87be Actually call connection_tls_finish_handshake() with bufferevents
First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
2010-10-12 14:52:33 -04:00
Nick Mathewson
8ecb5abbe1 Add header for tor_tls_log_one_error 2010-10-11 13:26:57 -04:00
Nick Mathewson
4cfa6fbaca Log OpenSSL errors coming from bufferevent_openssl 2010-10-11 13:25:41 -04:00
Nick Mathewson
544a8afe5a Merge remote branch 'sjmurdoch/bug1903' 2010-10-11 11:01:15 -04:00
Nick Mathewson
8f76f31761 Make tor_sscanf handle %x 2010-10-11 10:50:47 -04:00
Steven Murdoch
8a12ce2cf9 Add a unit test for tor_spawn_background
- Test sucessfully starting a process
- Test failing to find the executable
2010-10-10 19:08:44 +01:00
Steven Murdoch
68e576e9f9 Update documentation for tor_spawn_background
- Include description of stdout_read, stderr_read, and argv
2010-10-10 19:08:44 +01:00
Steven Murdoch
23e9f362a2 Fix issues in nickm's review of log_from_pipe for bug #1903
- Replace sscanf with tor_sscanf
- Replace use of strstr with equivalent call to strcmpstart
2010-10-10 19:08:44 +01:00
Steven Murdoch
4d694c7890 Fix nickm's comments on logging for bug #1903
- Use log_warn rather than log_err for bad but survivable events
2010-10-10 19:08:44 +01:00
Steven Murdoch
708ba8899f Note icky constructs mentioned in bug #1903
- To be dealt with as part of bug #2029
2010-10-10 19:07:40 +01:00
Sebastian Hahn
34546e2573 Fix a compile warning on OSX 10.6 2010-10-07 06:31:08 +02:00
Robert Ransom
17efbe031d Maintain separate server and client TLS contexts.
Fixes bug #988.
2010-10-04 21:51:47 -07:00
Robert Ransom
d3879dbd16 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Nick Mathewson
4c71be65d8 Merge remote branch 'origin/maint-0.2.2' 2010-10-04 13:56:17 -04:00
Robert Ransom
1b8c8059c7 Correct a bogus comment.
Whether or not OpenSSL reference-counts SSL_CTX objects is irrelevant;
what matters is that Tor reference-counts its wrapper objects for
SSL_CTXs.
2010-10-04 13:53:54 -04:00
Robert Ransom
c70d9d77ab Correct a couple of log messages in tortls.c 2010-10-04 13:53:48 -04:00
Robert Ransom
068185eca2 Fix several comments in tortls.c 2010-10-04 13:47:57 -04:00
Steven Murdoch
5a77c64834 Fix issues in nickm's review of format_helper_exit_status for bug #1903
- Responsibility of clearing hex_errno is no longer with caller
- More conservative bounds checking
- Length requirement of hex_errno documented
- Output format documented
2010-10-04 14:31:27 +01:00
Karsten Loesing
8c5ba9388b Make logging resolution configurable.
Implements enhancement 1668.
2010-10-04 08:15:18 +02:00
Roger Dingledine
22f723e4a3 refactor all these tor_inet_ntoa idioms
but don't refactor the ones that look messy
2010-10-01 21:31:09 -04:00
Nick Mathewson
b5341314c1 Implement a few more node-based functions
Some of these functions only work for routerinfo-based nodes, and as
such are only usable for advisory purposes.  Fortunately, our uses
of them are compatible with this limitation.
2010-10-01 18:14:27 -04:00
Nick Mathewson
fe309e7ad6 Implement a basic node and nodelist type
The node_t type is meant to serve two key functions:

  1) Abstracting difference between routerinfo_t and microdesc_t
     so that clients can use microdesc_t instead of routerinfo_t.

  2) Being a central place to hold mutable state about nodes
     formerly held in routerstatus_t and routerinfo_t.

This patch implements a nodelist type that holds a node for every
router that we would consider using.
2010-10-01 18:14:26 -04:00
Nick Mathewson
80b515b85f Initialize fd values in tor_port_check_forwarding to -1 2010-10-01 18:14:17 -04:00
Nick Mathewson
495e630a49 Merge branch 'tor-fw-squashed2'
Conflicts:
	src/common/util.c
2010-09-30 16:22:39 -04:00
Nick Mathewson
0e9d969bb2 Fix space and formatting issues 2010-09-30 15:55:42 -04:00
Nick Mathewson
d39e46c26d Merge remote branch 'origin/maint-0.2.2' 2010-09-30 15:30:14 -04:00
Nick Mathewson
2835dcf69f #if-out the fw-helper code in util.c when building on windows 2010-09-30 12:58:48 -04:00
Steven Murdoch
a6dc00fa75 Start tor-fw-helper in the background, and log whatever it outputs 2010-09-30 11:40:37 -04:00
Sebastian Hahn
45c51e3238 Fix check-spaces 2010-09-30 06:17:32 +02:00
Roger Dingledine
50720a9a4f make c612ddee compile with old libevents 2010-09-29 02:50:46 -04:00
Nick Mathewson
73d93c033d Autodetect the number of CPUs when possible if NumCPUs==0
This is needed for IOCP, since telling the IOCP backend about all
your CPUs is a good idea.  It'll also come in handy with asn's
multithreaded crypto stuff, and for people who run servers without
reading the manual.
2010-09-28 14:42:21 -04:00
Nick Mathewson
c612ddee17 Add a new option to enable/disable IOCP support 2010-09-28 14:01:45 -04:00
Nick Mathewson
5c83c06c98 Merge branch 'bufferevent5' 2010-09-27 16:48:25 -04:00
Nick Mathewson
6950749c0a Make the bufferevent code use the renegotiation-reenabling hack 2010-09-27 16:07:14 -04:00
Nick Mathewson
e385961542 Merge remote branch 'public/bug1954' into maint-0.2.2 2010-09-27 15:39:40 -04:00
Nick Mathewson
b7ae108e18 Always defer bufferevent_openssl callbacks to avoid reentrant invocations 2010-09-27 14:29:42 -04:00
Nick Mathewson
b49cf6a77a Fix whitespace in bufferevents branch 2010-09-27 14:22:18 -04:00
Nick Mathewson
a16ed90ec8 Document and/or fix stuff found by Sebastian in code review
Thanks to Sebastian for his code-review of the bufferevents patch series.x
2010-09-27 14:22:18 -04:00
Sebastian Hahn
865bea3b89 Some bufferevents related fixes and pointers for nickm 2010-09-27 14:22:18 -04:00
Nick Mathewson
ffd5070b04 Convert bufferevents to use rate-limiting.
This requires the latest Git version of Libevent as of 24 March 2010.
In the future, we'll just say it requires Libevent 2.0.5-alpha or
later.

Since Libevent doesn't yet support hierarchical rate limit groups,
there isn't yet support for tracking relayed-bytes separately when
using the bufferevent system.  If a future version does add support
for hierarchical buckets, we can add that back in.
2010-09-27 14:22:18 -04:00
Nick Mathewson
c74a4ab515 Documentation for a few bufferevent functions. 2010-09-27 12:31:14 -04:00
Nick Mathewson
bd3612cd2b Get SSL connections and linked connections working with bufferevents.
Clients are now verified to work and build circuits correctly.  There
are still a few warnings given here and there that I need to look into.
2010-09-27 12:31:14 -04:00
Nick Mathewson
57e7b54b7b Teach read_event/write_event manipulators about bufferevents.
Add an --enable-bufferevents config switch.
2010-09-27 12:28:43 -04:00
Nick Mathewson
d073d7d4eb Consistency issues in load_windows_system_library patch. Thanks Sebastian 2010-09-24 14:16:55 -04:00
Nick Mathewson
c8e1538a0b Merge remote branch 'sebastian/continuation' 2010-09-24 13:43:55 -04:00
Sebastian Hahn
851255170a Note that the torrc format doesn't need nl at end 2010-09-24 13:32:27 +02:00
Nick Mathewson
0a0cc4599f Tweak continuation-and-comment logic
I think there was a read-off-the-end-of-the-buffer bug that I fixed.
At least I added some good comments, I hope.
2010-09-23 22:58:04 -04:00
Nick Mathewson
418e6caeeb New function to load windows system libraries
This function uses GetSystemDirectory() to make sure we load the version
of the library from c:\windows\system32 (or local equivalent) rather than
whatever version lives in the cwd.
2010-09-21 14:39:23 -04:00
Nick Mathewson
6d8fc4eb38 Add a simple integer-ceiling-division macro before we get it wrong 2010-09-14 22:32:36 -04:00
Sebastian Hahn
a05ef55b66 Allow comments for multi-line torrc options 2010-09-11 01:41:23 +02:00
Nick Mathewson
07049b3d25 Support mutli-line torrc options via the usual backslash syntax 2010-09-10 09:19:10 -04:00
Nick Mathewson
edc9256e95 Merge remote branch 'public/win_unicode_fixes' 2010-09-06 10:06:07 -04:00
Nick Mathewson
285addbd94 Fix some issues in rate-limiting noticed by Sebastian 2010-08-31 12:52:11 -04:00
Nick Mathewson
c0c7868250 Make the windows build succeed with or without -DUNICODE enabled.
This should keep WinCE working (unicode always-on) and get Win98
working again (unicode never-on).

There are two places where we explicitly use ASCII-only APIs, still:
in ntmain.c and in the unit tests.

This patch also fixes a bug in windoes tor_listdir that would cause
the first file to be listed an arbitrary number of times that was
also introduced with WinCE support.

Should fix bug 1797.
2010-08-20 13:40:01 -04:00
Nick Mathewson
ba9c1275c4 Add a generic rate-limited log mechanism, and use it in a few places
Incidentally fixes bug 1042.
2010-08-18 15:55:49 -04:00
Nick Mathewson
51377ae1bb Merge commit 'sebastian/mlockall' 2010-08-03 10:50:18 -04:00
Sebastian Hahn
90d3260b4a whitespace fix 2010-07-27 07:56:25 +02:00
mingw-san
856a36c434 Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-07-26 15:05:11 -04:00
Sebastian Hahn
6cee3d466d Make sure we don't warn for libevent versions like 1.4.14b-stable 2010-07-26 20:39:12 +02:00
Nick Mathewson
14bc4dcc22 Rename log.h to torlog.h
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.

The actual change was done with one "git mv", by editing
Makefile.am, and running
   find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
Nick Mathewson
485cab869d Merge remote branch 'public/rand_double2' 2010-06-29 18:57:59 -04:00
Nick Mathewson
b111a7cd9c Make cbt_generate_sample use crypto_rand_double()
Possible workaround for bug 1139, if anybody cares.
2010-06-25 21:33:22 -04:00
Nick Mathewson
faad8bd0e8 Merge branch 'bug1526-v2' 2010-06-25 18:56:15 -04:00
Nick Mathewson
0d5ff48b92 Fix a compile error when building with Libevent before 1.4.5-stable
Older versions of Libevent forgot to declare enough function arguments
constant.
2010-06-25 16:14:21 -04:00
Nick Mathewson
ad2d8ac073 Use Libevent 2.0's periodic timers where available.
These timers behave better with non-monotonic clocks than our old
ones, and also try harder to make once-per-second events get called
one second apart, rather than one-plus-epsilon seconds apart.

This fixes bug 943 for everybody using Libevent 2.0 or later.
2010-06-25 15:31:46 -04:00
Nick Mathewson
1a52e39c22 Fix zlib macro brokenness on osx with zlib 1.2.4 and higher.
From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.
2010-06-22 23:25:08 -04:00
Nick Mathewson
8e1bf98f4a Log an error if openssl fails to copy a key for us
This should never happen unless openssl is buggy or some of our
assumptions are deeply wrong, but one of those might have been the
cause of the not-yet-reproducible bug 1209.  If it ever happens again,
let's get some info we can use.
2010-06-22 22:20:52 -04:00
Nick Mathewson
006e2e8620 Add a function to return a double in range [0,1). 2010-06-22 21:30:26 -04:00
Florian Zumbiehl
426116113f Save a couple characters' allocation in esc_for_log 2010-06-14 14:05:18 -04:00
Nick Mathewson
03ea5f930e Reinstate warning when HOME isn't set.
Having ~/.tor expand into /.tor is, after all, almost certainly not
what the user wanted, and it deserves a warning message.

Also, convert a guess-and-malloc-and-sprintf triple into an asprintf.
2010-06-07 11:20:39 -04:00
Sebastian Hahn
0882e1e839 Treat unset $HOME like empty $HOME
This means Tor no longer dies when it doesn't have a $HOME.
2010-06-07 02:18:01 +02:00
Nick Mathewson
312f4ee410 Make pointer types correct in WinCE patch 2010-05-24 12:30:19 -04:00
valerino
076063ca90 moved wince related includes and defs to compat.h where possible, removed unused/redundant wince includes 2010-05-24 11:46:54 -04:00
valerino
8d31141ccb Port Tor to work on Windows CE
Most of the changes here are switches to use APIs available on Windows
CE.  The most pervasive change is that Windows CE only provides the
wide-character ("FooW") variants of most of the windows function, and
doesn't support the older ASCII verions at all.

This patch will require use of the wcecompat library to get working
versions of the posix-style fd-based file IO functions.

[commit message by nickm]
2010-05-24 11:46:45 -04:00
Sebastian Hahn
0b82ce3eb6 Demote a warning about missing client ciphers 2010-04-20 03:57:33 -04:00
Roger Dingledine
77babb832a minor cleanups 2010-04-20 02:48:35 -04:00
Nick Mathewson
6ff471d814 Fix a compilation warning on compat_libevent.c on some versions of windows libevent 2010-04-19 16:41:25 -04:00
Nick Mathewson
af9dd4af02 Fix two compile-blockers in tor_vasprintf().
1) mingw doesn't have _vscprintf(); mingw instead has a working snprintf.

2) windows compilers that _do_ have a working _vscprintf spell it so; they do
   not spell it _vcsprintf().
2010-04-19 16:37:26 -04:00
Nick Mathewson
c38fa93ad1 Merge commit 'origin/maint-0.2.1' 2010-04-15 10:35:09 -04:00
Nick Mathewson
6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
Nick Mathewson
927425150b Merge branch 'asprintf' 2010-04-02 12:30:46 -04:00
Roger Dingledine
625963d92a commit my annotations while i was hunting down the host order bug 2010-03-05 16:04:01 -05:00
Nick Mathewson
897b0ebbac better handle the case where *strp is in asprintf args 2010-02-28 21:46:46 -05:00
Sebastian Hahn
4aa56cbd2d Remove the request for current memlock limits
The getrlimit call didn't have any effect. Also make some logging
less verbose on default log level, and refactor a bit.
2010-02-28 14:48:47 +01:00
Nick Mathewson
da220157a9 Update copyright dates for files not in maint-0.2.1 2010-02-27 17:19:00 -05:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Sebastian Hahn
a9802d3322 Zero a cipher completely before freeing it
We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
2010-02-26 05:47:25 +01:00
Nick Mathewson
f0b5f87eab Add the MIN and MAX macros for platforms that lack them 2010-02-25 16:48:39 -05:00
Nick Mathewson
eb10d441b6 Fix 64-bit printf issues in consensus-bw-weights5-merge.
For my 64-bit Linux system running with GCC 4.4.3-fc12-whatever, you
can't do 'printf("%lld", (int64_t)x);' Instead you need to tell the
compiler 'printf("%lld", (long long int)x);' or else it doesn't
believe the types match.  This is why we added U64_PRINTF_ARG; it
looks like we needed an I64_PRINTF_ARG too.
2010-02-25 16:22:40 -05:00
Nick Mathewson
6fa8dacb97 Add a tor_asprintf() function, and use it in a couple of places.
asprintf() is a GNU extension that some BSDs have picked up: it does a printf
into a newly allocated chunk of RAM.

Our tor_asprintf() differs from standard asprintf() in that:
  - Like our other malloc functions, it asserts on OOM.
  - It works on windows.
  - It always sets its return-field.
2010-02-25 16:09:10 -05:00
Mike Perry
f4d6315afa Remove misc unnecessary newlines found by new check. 2010-02-22 16:52:11 -08:00
Mike Perry
95aad71678 Add %lld compat defines. 2010-02-22 16:52:10 -08:00
Nick Mathewson
c084ae145e Merge remote branch 'sebastian/bug1254' 2010-02-22 12:45:01 -05:00
Nick Mathewson
d35b8dc582 Make expand_filename into a tor_strdup() alias on windows.
On Windows, we don't have a notion of ~ meaning "our homedir", so we
were deliberately using an #ifdef to avoid calling expand_filename()
in multiple places.  This is silly: The right place to turn a function
into a no-op on a single platform is in the function itself, not in
every single call-site.
2010-02-22 12:42:31 -05:00
Sebastian Hahn
f5112fa487 Zero a cipher completely before freeing it
We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
2010-02-22 11:41:39 +01:00
Roger Dingledine
603432090d fix typo and garbage grammar 2010-02-21 17:18:42 -05:00
Nick Mathewson
391f75d792 Merge remote branch 'sebastian/bug1143' 2010-02-19 16:58:24 -05:00
Sebastian Hahn
408a828b1f Make the DNSPort option work with libevent 2.x
We need to use evdns_add_server_port_with_base() when configuring
our DNS listener, because libevent segfaults otherwise. Add a macro
in compat_libevent.h to pick the correct implementation depending
on the libevent version.

Fixes bug 1143, found by SwissTorExit
2010-02-19 22:36:53 +01:00
Nick Mathewson
715f104eeb Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-02-18 12:01:56 -05:00
Sebastian Hahn
c2c3a5a3f5 Fix compile 2010-02-18 13:08:57 +01:00
Nick Mathewson
e861b3be88 Even more conservative option-setting for SSL renegotiation.
This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every
version before OpenSSL 0.9.8l.  I can confirm that the option value (0x0010)
wasn't reused until OpenSSL 1.0.0beta3.
2010-02-17 23:55:03 -05:00
Nick Mathewson
79bdfb63e9 Remove the --enable-iphone option as needless.
On or-talk, Marco Bonetti reports that recent iPhone SDKs build
Tor fine without it.
2010-02-12 23:06:05 -05:00
Sebastian Hahn
fe18275563 Add Windows version detection for Vista and 7
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.

Also fix a coding style violation.
2010-02-10 08:40:44 +01:00
Nick Mathewson
c0d682686a Make tor_addr_copy() conform to memcpy requirements
The src and dest of a memcpy() call aren't supposed to overlap,
but we were sometimes calling tor_addr_copy() as a no-op.

Also, tor_addr_assign was a redundant copy of tor_addr_copy(); this patch
removes it.
2010-02-09 12:32:10 -05:00
Nick Mathewson
5314438799 Merge remote branch 'origin/maint-0.2.1' 2010-01-31 22:53:19 -05:00
Nick Mathewson
abd447f876 Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c
2010-01-31 22:48:29 -05:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Nick Mathewson
4905eaa38c Detect the correct versions of openssl for tls negotiation fix
Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
2010-01-29 17:11:20 -05:00
Nick Mathewson
8d68e5c748 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.
2010-01-29 17:02:17 -05:00
Nick Mathewson
ab87b61a9d Don't unlock a new log until done logging the tor version.
This might please coverity scan.
2010-01-25 14:09:18 -05:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
4ad5094c90 Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc.  This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.

Spotted by rieo on IRC.
2010-01-22 16:32:15 -05:00
Sebastian Hahn
4728bd904f Fix build on Solaris by disabling support for DisableAllSwap
Fixes bug 1198. Solaris doesn't have RLIMIT_MEMLOCK for get/setrlimit,
so disable support because we don't know if all memory can be locked.
2010-01-19 05:04:50 +01:00
Roger Dingledine
356c927476 don't list windows capabilities in windows uname
we never used them, and maybe it's a bad idea to publish them
2010-01-15 15:56:53 -05:00
Nick Mathewson
05a2473b7f Merge branch 'ewma' 2009-12-18 22:33:02 -05:00
Karsten Loesing
f80672d747 Remove duplicate words and a duplicate newline. 2009-12-18 12:55:05 +01:00
Nick Mathewson
235f1e1a96 Refactor out the 'find string at start of any line' logic.
We do this in too many places throughout the code; it's time to start
clamping down.

Also, refactor Karsten's patch to use strchr-then-strndup, rather than
malloc-then-strlcpy-then-strchr-then-clear.
2009-12-17 18:29:37 -05:00
Nick Mathewson
616cbb31c7 Merge commit 'origin/maint-0.2.1' 2009-12-15 17:11:40 -05:00
Nick Mathewson
1c87a27574 Fix bug 1173: remove an assert(unsigned >= 0). 2009-12-15 15:51:59 -05:00
Nick Mathewson
e56747f9cf Refactor a bit so that it is safe to include math.h, and mostly not needed. 2009-12-15 14:40:49 -05:00
Nick Mathewson
2c672f73bf Fix comment typos in container.c 2009-12-15 13:20:02 -05:00
Nick Mathewson
c210db0d41 Enhance pqueue so we can remove items from the middle.
This changes the pqueue API by requiring an additional int in every
structure that we store in a pqueue to hold the index of that structure
within the heap.
2009-12-12 19:06:38 -05:00
Nick Mathewson
d086c9a7f7 Merge commit 'sebastian/fixes' 2009-12-12 02:10:57 -05:00
Nick Mathewson
9e6225ae16 Merge commit 'sebastian/coverity' 2009-12-12 02:10:19 -05:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Sebastian Hahn
28b29e0fd7 Fix typo in a comment 2009-12-12 02:53:27 +01:00
Nick Mathewson
b51a33e527 Merge commit 'origin/maint-0.2.1' 2009-12-04 14:31:17 -05:00
Martin Peck
3a2d677fa7 Improved workaround for disabled OpenSSL renegotiation.
It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p   Fixes bug 1158.

(patch by coderman; commit message by nickm)
2009-12-04 14:25:08 -05:00
Roger Dingledine
403f99eaa4 add a minimum for CircuitStreamTimeout, plus a man page
plus some other unrelated touchups that have been sitting in my
sandbox
2009-11-22 07:15:30 -05:00
Nick Mathewson
2b1bb233b3 Use the same mlockall checks with tor_set_max_memlock 2009-11-20 14:45:29 -05:00
Nick Mathewson
444eff6286 Fix compilation on OSX 10.3.
On this OSX version, there is a stub mlockall() function
that doesn't work, *and* the declaration for it is hidden by
an '#ifdef _P1003_1B_VISIBLE'.  This would make autoconf
successfully find the function, but our code fail to build
when no declaration was found.

This patch adds an additional test for the declaration.
2009-11-20 13:28:16 -05:00
Jacob Appelbaum
6f1fe7e941 Fix compilation with with bionic libc.
This fixes bug 1147:

 bionic doesn't have an actual implementation of mlockall();
 mlockall() is merely in the headers but not actually in the library.
 This prevents Tor compilation with the bionic libc for Android handsets.
2009-11-14 16:45:14 -05:00
Nick Mathewson
0a58567ce3 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2009-11-06 15:24:52 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Sebastian Hahn
70abd843fd crypto_cipher_set_key cannot fail
In 5e4d53d535 we made it so that
crypto_cipher_set_key cannot fail. The call will now
always succeed, to returning a boolean for success/failure makes
no sense.
2009-10-27 04:31:23 +01:00
Nick Mathewson
5e4d53d535 Remove checks for array existence. (CID 410..415)
In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement.  Coverity notices this now.

In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed.  Those cases are now always-true.

In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
2009-10-26 22:40:41 -04:00
Karsten Loesing
d2b4b49ff0 Reduce log level for someone else sending us weak DH keys.
See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
2009-10-25 23:47:05 -07:00
Nick Mathewson
afc76a4e71 Fix two bugs found by Coverity scan.
One was a simple buffer overrun; the other was a high-speed pointer
collision.  Both were introduced by my microdescs branch.
2009-10-19 23:19:42 -04:00
Nick Mathewson
f629687053 Merge branch 'microdesc' 2009-10-19 00:45:47 -04:00
Nick Mathewson
465d4e1cd1 Document some formerly undocumented functions. 2009-10-19 00:30:52 -04:00
Nick Mathewson
200c39b66c Document the microdescriptor code better. 2009-10-18 18:46:12 -04:00
Nick Mathewson
e26a79ca8a Make start_writing_to_stdio_file() respect O_BINARY. 2009-10-15 15:17:13 -04:00
Nick Mathewson
5576a3a094 Parse detached signature documents with multiple flavors and algorithms. 2009-10-15 15:17:13 -04:00
Nick Mathewson
3b2fc659a8 Refactor consensus signature storage for multiple digests and flavors.
This patch introduces a new type called document_signature_t to represent the
signature of a consensus document.  Now, each consensus document can have up
to one document signature per voter per digest algorithm.  Also, each
detached-signatures document can have up to one signature per <voter,
algorithm, flavor>.
2009-10-15 15:17:13 -04:00
Nick Mathewson
e1ddee8bbe Code to generate, store, and parse microdescriptors and consensuses.
The consensus documents are not signed properly, not served, and not
exchanged yet.
2009-10-15 15:17:13 -04:00
Nick Mathewson
a8e92ba8fd Add a function to get the most frequent member of a list. 2009-10-15 15:17:13 -04:00
Nick Mathewson
8d41e6c471 Support for encoding and decoding 256-bit digests in base64 2009-10-15 15:17:12 -04:00
Nick Mathewson
83c3f118db Code to parse and access network parameters.
Partial backport of 381766ce4b.
Partial backport of 56c6d78520.
2009-10-14 16:15:41 -04:00
Nick Mathewson
cfba9c01bf Alter keygen function to generate keys of different lengths. 2009-09-29 00:53:25 -04:00
Nathan Freitas
76d26ae52d Disable OpenSSL engines when building for Android.
Apparently the Android developers dumped OpenSSL's support for hardware
acceleration in order to save some memory, so you can't build programs using
engines on Android.

[Patch revised by nickm]
2009-09-29 00:53:10 -04:00
Nathan Freitas
8c585cce39 Include util.h and log.h as relative paths.
This shouldn't be necessary, but apparently the Android cross-compiler
doesn't respect -I as well as it should.  (-I is supposed to add to the
*front* of the search path.  Android's gcc wrapper apparently likes to add to
the end.  This is broken, but we need to work around it.)
2009-09-29 00:52:52 -04:00
Nick Mathewson
0a438c7daf Describe how to regenerate the TLS state name table. 2009-09-25 15:15:06 -04:00
Nick Mathewson
a3f1da2ec0 Fix compilation on OpenSSLs with unusual state lists.
"Unusual" in this context means "not the same as nickm's."  We should grow a
better list later.

(Also, move TLS state table to a separate header.)
2009-09-24 13:00:28 -04:00
Nick Mathewson
b8b2935367 Debugging logs for TLS handshake
The big change is to add a function to display the current SSL handshake
state, and to log it everywhere reasonable.  (A failure in
SSL23_ST_CR_SRVR_HELLO_A is different from one in
SSL3_ST_CR_SESSION_TICKET_A.)

This patch also adds a new log domain for OR handshaking, so you can pull out
all the handshake log messages without having to run at debug for everything.
For example, you'd just say "log notice-err [handshake]debug-err file
tor.log".
2009-09-24 12:31:22 -04:00
Nick Mathewson
d4b54549b8 Refactor unit tests to use the tinytest framework.
"Tinytest" is a minimalist C unit testing framework I wrote for
Libevent.  It supports some generally useful features, like being able
to run separate unit tests in their own processes.

I tried to do the refactoring to change test.c as little as possible.
Thus, we mostly don't call the tinytest macros directly.  Instead, the
test.h header is now a wrapper on tinytest.h to make our existing
test_foo() macros work.

The next step(s) here will be:
  - To break test.c into separate files, each with its own test group.
  - To look into which things we can test
  - To refactor the more fiddly tests to use the tinytest macros
    directly and/or run forked.
  - To see about writing unit tests for things we couldn't previously
    test without forking.
2009-09-23 00:24:43 -04:00
Sebastian Hahn
772ce9d085 Fix compile on Snow Leopard 2009-09-20 23:17:00 -04:00
Mike Perry
e2cc4e353a Add a couple of time helper functions.
Also add rounding support to tv_mdiff().
2009-09-20 18:03:39 -07:00
Nick Mathewson
4b10ba484b Merge commit 'origin/maint-0.2.1' 2009-09-17 00:42:41 -04:00
Nick Mathewson
9c38941195 Work around a memory leak in openssl 0.9.8g (and maybe others) 2009-09-17 00:01:20 -04:00
Sebastian Hahn
5e01a86b42 some cleanups:
documentation fix for get_uint64
remove extra "." from a log line
fix a long line
2009-09-15 07:12:12 -04:00
Nick Mathewson
381766ce4b Implement proposal 167: Authorities vote on network parameters.
This code adds a new field to vote on: "params".  It consists of a list of
sorted key=int pairs.  The output is computed as the median of all the
integers for any key on which anybody voted.

Improved with input from Roger.
2009-09-14 23:21:53 -04:00
Nick Mathewson
0edc39303d Add a median_int32 and find_nth_int32 2009-09-14 23:21:52 -04:00
Sebastian Hahn
0a71d1c6a7 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 22:16:46 +02:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Sebastian Hahn
742788b737 typo 2009-09-01 21:58:06 +02:00
Nick Mathewson
bddda9bbdb Use an _actual_ fix for the byte-reverse warning.
(Given that we're pretty much assuming that int is 32 bits, and given that
hex values are always unsigned, taking out the "ul" from 0xff000000 should
be fine.)
2009-09-01 15:51:09 -04:00
Nick Mathewson
2f0184ece1 Use a simpler fix for the byte-reversing warning 2009-09-01 15:41:38 -04:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Nick Mathewson
00b37f071d Revise parsing of time and memory units to handle spaces.
When we added support for fractional units (like 1.5 MB) I broke
support for giving units with no space (like 2MB).  This patch should
fix that.  It also adds a propoer tor_parse_double().

Fix for bug 1076.  Bugfix on 0.2.2.1-alpha.
2009-08-31 00:18:55 -04:00
Roger Dingledine
659552a3c6 Merge branch 'maint-0.2.1' 2009-08-27 21:42:58 -04:00
Nick Mathewson
5da3b45fdc Make crypto_digest_get_digest nondestructive again.
Fixes bug in f57883a39.
2009-08-20 12:03:32 -04:00
Nick Mathewson
9d11827780 Fix a rare infinite-recursion bug when shutting down.
Once we had called log_free_all(), anything that tried to log a
message (like a failed tor_assert()) would fail like this:

   1. The logging call eventually invokes the _log() function.
   2. _log() calls tor_mutex_lock(log_mutex).
   3. tor_mutex_lock(m) calls tor_assert(m).
   4. Since we freed the log_mutex, tor_assert() fails, and tries to
      log its failure.
   5. GOTO 1.

Now we allocate the mutex statically, and never destroy it on
shutdown.

Bugfix on 0.2.0.16-alpha, which introduced the log mutex.

This bug was found by Matt Edman.
2009-08-20 11:55:33 -04:00
Nick Mathewson
d0c212995a Add a SHA256 implementation for platforms that lack it.
(This would be everywhere running OpenSSL 0.9.7x and earlier, including
all current Macintosh users.)

The code is based on Tom St Denis's LibTomCrypt implementation,
modified to be way less general and use Tor's existing facilities.  I
picked this one because it was pretty fast and pretty free, and
because Python uses it too.
2009-08-20 01:47:13 -04:00
Nick Mathewson
f57883a39e Add basic support for SHA256.
This adds an openssl 0.9.8 dependency.  Let's see if anybody cares.
2009-08-19 19:43:54 -04:00
Mike Perry
9e1fe29beb Switch over to tor_strtok_r instead of strtok_r. 2009-08-09 18:42:29 -07:00
Nick Mathewson
3886467f38 Add a new tor_strtok_r for platforms that don't have one, plus tests.
I don't think we actually use (or plan to use) strtok_r in a reentrant
way anywhere in our code, but would be nice not to have to think about
whether we're doing it.
2009-08-09 17:30:15 -07:00
Karsten Loesing
7b716878cb Fix dirreq and cell stats on 32-bit architectures.
When determining how long directory requests take or how long cells spend
in queues, we were comparing timestamps on microsecond detail only to
convert results to second or millisecond detail later on. But on 32-bit
architectures this means that 2^31 microseconds only cover time
differences of up to 36 minutes. Instead, compare timestamps on
millisecond detail.
2009-07-27 16:23:53 +02:00
Karsten Loesing
8f1a973669 Two tweaks to exit-port statistics.
Add two functions for round_to_next_multiple_of() for uint32_t and
uint64_t.

Avoid division in every step of the loop over all ports.
2009-07-13 22:43:06 +02:00
Nick Mathewson
94e8c34cb7 Set EV_PERSIST flag on signal events with Libevent < 2.0.
Fix for bug 1007.
2009-06-18 10:07:26 -04:00
Sebastian Hahn
0caf8dd0b6 Fix bug 1001
For compatibility with Libevent2, tor_event_new should accept
a NULL base without crashing.
2009-06-16 17:30:08 +02:00
Nick Mathewson
74bf885b2d Whitespace and osx fixes on libevent2 patch. 2009-06-12 15:09:09 -04:00
Nick Mathewson
33b1d714e7 Make Tor compile with Libevent 1.0 again. 2009-06-12 14:27:53 -04:00
Nick Mathewson
c0af3cdfb6 Move the Libvent setup logic into compat_libevent from config.
This has been some pretty ugly and voodoo-laden code.  I've tried to
clean it up a bit, but more work probably remains.
2009-06-12 14:27:52 -04:00
Nick Mathewson
e5b88dc83f Update Tor to use Libevent 2.0 APIs when available.
This patch adds a new compat_libevent.[ch] set of files, and moves our
Libevent compatibility and utilitity functions there.  We build them
into a separate .a so that nothing else in src/commmon depends on
Libevent (partially fixing bug 507).

Also, do not use our own built-in evdns copy when we have Libevent
2.0, whose evdns is finally good enough (thus fixing Bug 920).
2009-06-12 14:27:52 -04:00
Nick Mathewson
77ffd6b2a7 Merge commit 'origin/maint-0.2.1' 2009-05-31 19:17:22 -04:00
Nick Mathewson
e84ddead34 Merge branch 'hardware_accel_improvements' 2009-05-31 13:36:50 -04:00
Nick Mathewson
fd992deeea Don't attempt to log messages to a controller from a worker thread.
This patch adds a function to determine whether we're in the main
thread, and changes control_event_logmsg() to return immediately if
we're in a subthread.  This is necessary because otherwise we will
call connection_write_to_buf, which modifies non-locked data
structures.

Bugfix on 0.2.0.x; fix for at least one of the things currently
called "bug 977".
2009-05-30 18:16:24 -04:00
Nick Mathewson
4913a8c4ba Merge commit 'origin/maint-0.2.1' 2009-05-28 16:07:49 -04:00
Nick Mathewson
260de44313 Fixes to spelling fixes. Thanks, Roger! 2009-05-28 12:22:48 -04:00
Nick Mathewson
cb18fc2190 Merge commit 'origin/maint-0.2.1' 2009-05-27 18:12:18 -04:00
Nick Mathewson
ec7e054668 Spell-check Tor. 2009-05-27 17:55:51 -04:00
Nick Mathewson
f0453c45c8 Spelling fixes in comments and strings 2009-05-27 16:36:13 -04:00
Martin Peck
7703b887f5 Add support for dynamic OpenSSL hardware crypto acceleration engines. 2009-05-23 16:42:44 -07:00
Nick Mathewson
793e97bb2a Add a quick macro to calculate hashtable memory usage 2009-05-22 23:30:52 -04:00
Nick Mathewson
14a549552a Merge branch 'maint-0.2.1' into merge_tmp 2009-05-17 02:11:34 -04:00
Nick Mathewson
11b9c839f0 Stop using malloc_usable_size(): valgrind hates it. 2009-05-17 01:55:02 -04:00
Nick Mathewson
e563874045 Merge commit 'origin/maint-0.2.1' 2009-05-17 00:05:38 -04:00
Nick Mathewson
9f25a5529a Fix an assertion-failure in memarea_alloc() on 64-bit platforms.
The trick is that we should assert that our next_mem pointer has not
run off the end of the array _before_ we realign the pointer, since
doing that could take us over the end... but only if we're on a system
where malloc() gives us ram in increments smaller than sizeof(void*).
2009-05-17 00:02:59 -04:00
Nick Mathewson
479d21254a Merge commit 'origin/maint-0.2.1' 2009-05-13 16:55:42 -04:00
Nick Mathewson
c36efb0c45 Use a mutex to protect the count of open sockets.
This matters because a cpuworker can close its socket when it
finishes.  Cpuworker typically runs in another thread, so without a
lock here, we can have a race condition and get confused about how
many sockets are open.  Possible fix for bug 939.
2009-05-13 09:38:48 -04:00
Nick Mathewson
d9650cfa50 Add sentinel values to the end of memarea chunks.
This might detect some possible causes of bug 930, and will at least
make sure we aren't doing some dumb memory-corruption stuff with the heap
and router-parsing.
2009-05-12 15:10:23 -04:00
Nick Mathewson
fdbdb4dc15 Include the *_sha1.i files in their own *_codedigest.c files.
This way we do not need to rebuild util.c and/or config.c whenever
any unrelated source file in src/common or src/or has changed.
2009-05-08 12:35:36 -04:00
Sebastian Hahn
b9b16ef9a5 Add a missing newline 2009-05-05 11:12:41 -04:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Karsten Loesing
4ebcc4da34 Update copyright to 2009. 2009-05-02 22:00:54 +02:00
Nick Mathewson
6ac3a8b0cd Command-line option to dump SHA1 digests of all source files.
Now, when you call tor --digests, it dumps the SHA1 digest of each
source file that Tor was built with.  We support both 'sha1sum' and
'openssl sha1'.  If the user is building from a tarball and they
haven't edited anything, they don't need any program that calculates
SHA1.  If they _have_ modified a file but they don't have a program to
calculate SHA1, we try to build so we do not output digests.
2009-04-29 14:46:04 -04:00
Nick Mathewson
be9d72303e Actually do that memarea_strndup fix right. Not only must you not examine unmapped ram, but you also must not copy it. From lark.
svn:r19095
2009-03-21 16:01:52 +00:00
Nick Mathewson
0fa01654b9 fix from lark: make memarea_strndup() work even at the end of a mmap chunk. Bug was harmless for now, I think.
svn:r19094
2009-03-21 11:52:53 +00:00
Nick Mathewson
cb3b95de19 Add some asserts to try to catch bug 930
svn:r19074
2009-03-18 15:12:56 +00:00
Roger Dingledine
2f69c67957 doxygen tweak
svn:r18818
2009-03-09 06:20:15 +00:00
Nick Mathewson
cbbc0c9c86 Actually use tor_sscanf() to parse untrusted input.
svn:r18761
2009-03-03 18:02:36 +00:00
Nick Mathewson
26d83fc04c Add a simple locale-independent no-surprises sscanf replacement.
tor_sscanf() only handles %u and %s for now, which will make it
adequate to replace sscanf() for date/time/IP parsing.  We want this
to prevent attackers from constructing weirdly formed descriptors,
cells, addresses, HTTP responses, etc, that validate under some
locales but not others.

svn:r18760
2009-03-03 18:02:31 +00:00
Nick Mathewson
9f8d095e0f Add and use set/get_uint64 on onion tags. [bug 604; backportable]
It seems that 64-bit Sparc Solaris demands 64-bit-aligned access to
uint64_t, but does not 64-bit-align the stack-allocated char array we
use for cpuworker tags.  So this patch adds a set/get_uint64 pair, and
uses them to access the conn_id field in the tag.

svn:r18743
2009-03-02 19:15:05 +00:00
Nick Mathewson
f99098cca4 Use prctl to reenable core dumps when we have setuid to a non-root user.
svn:r18449
2009-02-09 15:20:17 +00:00
Nick Mathewson
fe987d3a17 Remove some deadcode and use tor_inet_aton uniformly.
svn:r18422
2009-02-09 03:13:05 +00:00
Nick Mathewson
72e420ff3c Fix typo found by Justin Coffi on or-talk
svn:r18258
2009-01-23 22:45:08 +00:00
Nick Mathewson
25c6ff6f55 Support 64-bit time_t. Patch from Matthias Drochner. Partial backport candidate.
svn:r18234
2009-01-22 16:28:12 +00:00
Nick Mathewson
8ebceeb352 Make sure that even in the weird fiddly paths that lead to init_keys,
crypto_global_init gets called.  Also have it be crypto_global_init
that calls crypto_seed_rng, so we are not dependent on OpenSSL's
RAND_poll in these fiddly cases.

Should fix bug 907.  Bugfix on 0.0.9pre6.  Backport candidate.

svn:r18210
2009-01-21 15:38:39 +00:00
Nick Mathewson
bf2b71beb8 Fix an error in tor_addr_parse that kept us from having a hidden service or a bridge live at an IPv6 address.
svn:r18206
2009-01-21 07:24:50 +00:00
Nick Mathewson
3f8ab367c1 Fix warning on panther compile, and bug 913. Backport candidate.
svn:r18203
2009-01-21 03:51:14 +00:00
Nick Mathewson
a87980c2eb Add a better (non-locale-having) ctypes implementation to avoid protocol and parsing mismatches on different platforms.
svn:r18189
2009-01-20 21:33:56 +00:00
Nick Mathewson
a33452c401 Fix up (I hope) most ot the things that coverity suddenly claimed were REVERSE_INULL. This is what we get for bragging about being down to 0 issues.
svn:r18096
2009-01-13 14:43:51 +00:00
Nick Mathewson
943626050c Fix a leak memory on the failing case of test_memeq_hex
svn:r18094
2009-01-13 14:43:43 +00:00
Nick Mathewson
0fe5ce423a Fix a harmless-to-us bug in ht.h.
There was a field that _HT_FOI_INSERT was never setting. Everything that calls _HT_FOI_INSERT was setting it via tor_malloc_zero, but that's fragile.

svn:r18064
2009-01-10 14:40:43 +00:00
Nick Mathewson
585d4a12b5 Note a problem in the interface tor_addr_to_sockaddr.
svn:r17982
2009-01-06 20:50:51 +00:00
Nick Mathewson
765bb14f69 Another fun openbsd warning fix. On ioerror's computer at least, they redefined an unsigned field in zlib.h to be signed. I am quite sure this makes me more secure somehow.
svn:r17892
2009-01-04 23:15:42 +00:00
Nick Mathewson
743c6c8277 OpenBSD malloc.h believes that you should be able to detect headers with autoconf, or build without warnings, but not both. So never include malloc.h on OpenBSD. Backport candidate.
svn:r17891
2009-01-04 22:47:42 +00:00
Nick Mathewson
9c94b428d9 Fix the oldest bug in a while: stop accepting 1.2.3 as a valid IPv4 address on any platform.
svn:r17887
2009-01-04 19:47:17 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version.
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
9c20441bcb Only set sin_len/sin6_len when they exist.
svn:r17851
2009-01-02 20:57:10 +00:00
Nick Mathewson
48f2ce298b Try harder to make sure we zero-out the extraneous sockaddr fields and that we set sockaddr_len. Conceivably a backport candidate, though nothing has yet been sen to break.
svn:r17849
2009-01-02 20:39:38 +00:00
Nick Mathewson
52932d6f1a Remove some code that is #ifdefed out, and that we no longer seem to use, if we ever did.
svn:r17827
2008-12-30 04:16:49 +00:00
Nick Mathewson
e8a3fa91a6 Use a consistent naming standard for header file guard macros, taking care not to collide with any system headers. This tripped us up on Android.
svn:r17805
2008-12-29 02:21:02 +00:00
Nick Mathewson
b0a8ecd193 Use RSA_generate_key_ex where available.
svn:r17804
2008-12-29 02:20:57 +00:00
Nick Mathewson
94507f1b6d Fix bug in recent address.c patch: actually set the value of address * to 0.0.0.0 as we did before. This makes CMP_EXACT comparisons with bitmask 0 work on address * again.
svn:r17801
2008-12-29 01:30:35 +00:00
Nick Mathewson
ccda4e481c Fix compilation under gethostbyname-based systems.
svn:r17800
2008-12-27 15:46:16 +00:00
Nick Mathewson
374c1e979f Refactor tor_addr_t manipulation functions so that as few as possible look at the tor_addr_t representation.
svn:r17790
2008-12-26 21:26:05 +00:00
Nick Mathewson
616f6643ef get_interface_addr6(), and by extension get_interface_addr(), were pretty borked. Copying a tor_addr_t from a sockaddr_storage using memcpy is a poor notion.
svn:r17789
2008-12-26 21:26:03 +00:00
Nick Mathewson
61722638ea Refactor tor_addr_compare_masked() so that CMP_SEMANTIC makes more sense, and has decent semantics for maskbits; and so that CMP_EXACT works right for bits==0.
svn:r17788
2008-12-26 20:37:18 +00:00
Nick Mathewson
73e1a1d26e Document our Bloom filter parameter choices.
svn:r17785
2008-12-26 17:35:18 +00:00
Nick Mathewson
df5e8f65bc Add more missing documentation, and correct an error in container.c documentation: Don't introduce two parameters called n when you're calling an algorithm O(n).
svn:r17783
2008-12-26 17:35:08 +00:00
Roger Dingledine
a12c3f2c86 some fixes i found in my sandbox
svn:r17771
2008-12-25 15:37:47 +00:00
Nick Mathewson
558e9899e4 Document most undocumented variables.
svn:r17754
2008-12-23 17:56:31 +00:00
Nick Mathewson
d7f55dafe0 Properly zero-out addresses when setting them. Probably this was not hurting anything.
svn:r17749
2008-12-23 14:21:34 +00:00
Nick Mathewson
b4d387c28b Make freelist_len in memarea.c static; document a few variables.
svn:r17741
2008-12-22 19:14:08 +00:00
Nick Mathewson
b68379b13b Add DOCDOC entries for undocumented static and global variables.
svn:r17739
2008-12-22 19:00:05 +00:00
Nick Mathewson
1e5f457461 Fix most DOCDOCs remaining and/or added by redox.
svn:r17734
2008-12-22 17:53:04 +00:00
Nick Mathewson
1725c0c8a5 Add DOCDOC comments for all undocumented functions. Add missing *s to other comments so that they will get recognized as doxygen.
svn:r17729
2008-12-22 14:56:28 +00:00
Nick Mathewson
55348884b5 Fix all of the doxygen warnings not pertaining to missing documentation.
svn:r17727
2008-12-22 14:56:16 +00:00
Nick Mathewson
029be5ad02 Move in-addr.arpa parsing and generation into address.c, and simplify the code that does it elsewhere. Incidentally, this lets exit servers answer requests for ip6.arpa addresses.
svn:r17707
2008-12-19 18:52:00 +00:00
Nick Mathewson
efb863189c Expose hex_decode_digit from util.c
svn:r17706
2008-12-19 18:51:52 +00:00
Nick Mathewson
bf80e2df3f Replace calls to time(NULL) that occur on the order of once per read, one per write, or once per cell with calls to a function that looks at a cached value of time. This is tricksy to benchmark, since it will only help on systems where time() is a syscall and syscalls are relatively slow.
svn:r17690
2008-12-18 17:19:04 +00:00
Nick Mathewson
b6f89a647a One log.c XXX021 was a misunderstanding. Also, clip log messages passed to syslog to their maximum length when there is a maximum.
svn:r17688
2008-12-18 17:18:06 +00:00
Nick Mathewson
122170c1d3 Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this patch.
svn:r17686
2008-12-18 16:11:24 +00:00
Nick Mathewson
6c6b0283cb Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing.
svn:r17685
2008-12-18 16:11:16 +00:00
Nick Mathewson
8d5a9d762c Log an error on win32 if directory listing fails.
svn:r17684
2008-12-18 16:11:12 +00:00
Nick Mathewson
9c3d17ebb5 Fix a small memory leak of around 32 bytes per TLS connection opened. Bugfix on 0.2.1.1-alpha.
svn:r17678
2008-12-18 15:00:09 +00:00
Nick Mathewson
cebdf93949 Fix bug 889: share deep-copied keys between threads to avoid races in reference counts. Bugfix on 0.1.0.1-rc.
svn:r17672
2008-12-18 05:28:27 +00:00
Nick Mathewson
6693f32530 Resolve many DOCDOCs.
svn:r17662
2008-12-17 22:58:20 +00:00
Nick Mathewson
f43bcdc063 Use ctags and a python script to find identifiers that are never used anywhere, and remove the ones that we really want gone.
svn:r17651
2008-12-17 17:20:42 +00:00
Nick Mathewson
98066d62bc Lower sprintf buffer max to ~SSIZE_T_MAX from SIZE_T_CEILING, since we need to compare it to a signed int.
svn:r17600
2008-12-11 21:11:22 +00:00
Nick Mathewson
4277b0e926 Remove some cargo-cult gcc hacks around tor_assert and predict_unlikely; instead, use the standard convert-to-boolean hack of "svn st"
svn:r17597
2008-12-11 20:23:46 +00:00
Nick Mathewson
3be88b2c70 Change test_memeq macro to not leak memory. Addresses coverity CID 47.
svn:r17577
2008-12-11 06:17:54 +00:00
Nick Mathewson
d60d8976b9 Better error message when told to setuid to ourself.
svn:r17543
2008-12-09 23:26:12 +00:00
Nick Mathewson
07c8b2be21 Compile without warnings on mingw.
svn:r17522
2008-12-08 19:52:26 +00:00
Nick Mathewson
6fb06f334a Try to fix windows mmap code.
svn:r17493
2008-12-05 19:36:35 +00:00
Nick Mathewson
7f793fa733 Simplify mmap object layout to avoid confusing static analysis tools, and us too.
svn:r17490
2008-12-05 02:17:41 +00:00
Nick Mathewson
2be5215181 Fix a hard-to-trigger memory leak in log_credential status. Found by Coverity scan. CID 349.
svn:r17484
2008-12-05 01:29:59 +00:00
Nick Mathewson
37bd9181f0 Do not use O_APPEND on fd-based operations that do not really want it; have them just lseek instead.
svn:r17460
2008-12-02 23:49:40 +00:00
Roger Dingledine
96a185d9b7 style cleanup
svn:r17457
2008-12-02 23:42:21 +00:00
Nick Mathewson
bd6b3072f9 Change logging code to use fds instead of stdio. Fixes bug 861, and probably makes logging slightly faster. Not a backport candidate: bug 861 is too obscure and harmless.
svn:r17456
2008-12-02 23:36:58 +00:00
Nick Mathewson
6221bdd294 Add two lseek wrappers to compat.[ch]: one to return current fd position, and one to move the fd to the end of the file.
svn:r17454
2008-12-02 23:26:04 +00:00
Nick Mathewson
60738daf85 Define socklen_t before using it in compat.h
svn:r17444
2008-12-02 18:54:47 +00:00
Nick Mathewson
191197eff7 Revert my older supposed gcc-4.4 warning workaround. GCC was not being needlessly prissy; it was hinting at the wrongly pure smartlist_bsearch_idx.
svn:r17396
2008-11-26 17:14:59 +00:00
Nick Mathewson
651a0a2fb5 Stop marking bsearch_idx as pure; it is not.
svn:r17393
2008-11-26 16:57:46 +00:00
Nick Mathewson
4cddcf8873 Cast uid_t and gid_t to unsigned before passing to printf %u.
svn:r17392
2008-11-26 16:13:12 +00:00
Nick Mathewson
bc597758dc Use fcntl for file locking when flock() is not available.
svn:r17391
2008-11-26 16:10:56 +00:00
Nick Mathewson
07a08d933d Resolve a warning under gcc 4.4 trunk.
svn:r17357
2008-11-22 02:19:14 +00:00
Nick Mathewson
bdc0aec00a Update _log_global_min_severity after switch_logs_debug(), so that USR2 will work again. Bugfix on 0.1.2.8-beta. Spotted by Geoff Down.
svn:r17317
2008-11-17 19:58:51 +00:00
Nick Mathewson
a790a13705 define get_uint8 and set_uint8 macros to make code cleaner.
svn:r17261
2008-11-12 14:39:25 +00:00
Nick Mathewson
a95e0e7355 apply sebastian's fix for bug 859. Apparently on win32 one must lock at least one byte when locking, but locking a nonexistant byte is okay. )
svn:r17244
2008-11-11 15:29:40 +00:00
Nick Mathewson
6c50ab6e61 Document a couple of functions.
svn:r17239
2008-11-10 20:40:01 +00:00
Roger Dingledine
c62d5f6a5c beg nick for some documentation on the locking functions
svn:r17233
2008-11-10 00:48:13 +00:00
Roger Dingledine
0554e87f58 better error message when you set User but start tor as non-root.
hopefully will address bug 857.


svn:r17232
2008-11-10 00:41:07 +00:00
Nick Mathewson
13e079f9ec Log a little more when credential-switching fails.
svn:r17228
2008-11-09 16:54:54 +00:00
Roger Dingledine
b32e600d50 while we're cleaning code, get rid of some unreachable code at
the bottom of switch_id


svn:r17205
2008-11-07 04:35:41 +00:00
Roger Dingledine
14773f42a7 now that we drop privs more thoroughly, switch_id() is no longer
idempotent. so now we remember if we've succeeded, and if so we
don't even try.


svn:r17204
2008-11-07 04:34:47 +00:00
Roger Dingledine
7c65792500 remove more redundant code from r17200
svn:r17203
2008-11-07 04:11:03 +00:00
Nick Mathewson
1b98f45b3d Developers should usually configure with --enable-gcc-warnings, and should regularly make check-spaces. Also, int fn() does not mean the same in C as it does in C++ or Java.
svn:r17201
2008-11-07 02:53:46 +00:00
Steven Murdoch
9d68ed08e9 Patch from Jacob Appelbaum and me to make User option more robust, properly set supplementary groups, deprecated the Group option, and log more information on credential switching
svn:r17200
2008-11-07 02:06:12 +00:00
Nick Mathewson
3ebd1ebeca The chunk_size field in memarea_t was never actually set. Remove the whole thing.
svn:r17195
2008-11-05 20:34:22 +00:00
Nick Mathewson
35bef7fefd make read_all and write_all return ssize_t.
svn:r17194
2008-11-05 19:29:17 +00:00
Nick Mathewson
b56d1545db Fix freebsd 7 compile by adding malloc_np.h header. Fix bug 850.
svn:r17190
2008-11-05 15:56:53 +00:00
Nick Mathewson
3f84ed3d46 Add a new memcmpstart to use instead of strcmpstart when the thing we are comparing is not nul-terminated.
svn:r17187
2008-11-03 16:35:48 +00:00
Nick Mathewson
361086005c Fix a possible negative shift in address comparison. May fix bug 845 and bug 811
svn:r17169
2008-10-29 13:29:54 +00:00
Nick Mathewson
0ab45fee73 Document some dmalloc stuff and some stupid C tricks.
svn:r17161
2008-10-27 16:30:52 +00:00
Jacob Appelbaum
7873d324df This patch changes some of the code in util.c to refactor calls to
dmalloc_malloc, dmalloc_realloc and dmalloc_strdup. It only calls those
functions if we're using the magic USE_DMALLOC macro. If we're not doing
that, we call the normal malloc, realloc and strdup. This is my first
night at malloc disambiguation club, so I had to disambiguate. Also, first commit, I have my commit bit now. Huzzzah!!!


svn:r17157
2008-10-26 22:56:53 +00:00
Roger Dingledine
c7af43a624 Now NodeFamily and MyFamily config options allow spaces in
identity fingerprints, so it's easier to paste them in.
Suggested by Lucky Green.


svn:r17021
2008-10-01 03:41:33 +00:00
Roger Dingledine
982a22a121 fix typo
svn:r16949
2008-09-24 00:49:29 +00:00
Nick Mathewson
f28fc83ea5 More logging for mtbf/wfu calculations.
svn:r16941
2008-09-23 18:24:20 +00:00
Nick Mathewson
f95d7c189b Refactor unit test macros and tor_free_all() logic a bit so as to make it easier to free memory on failing tests, in order to suppress scanner warnings and to make dmalloc() usable with tests.
svn:r16816
2008-09-09 20:43:31 +00:00
Nick Mathewson
6c432a5565 Replace the dummy-use var in SMARTLIST_FOREACH_END() with one that is less likely to confuse analysis tools into thinking we do use after free. Arguably, (void)x should count as use in suppressing unused variable warnings, but not in generating hey-you-used-a-variable warnings. Arguably, though, it shouldn't.
svn:r16815
2008-09-09 19:29:33 +00:00
Nick Mathewson
aacda9cd8e We should not alter an addr_policy_t that has been canonicalized.
svn:r16802
2008-09-09 03:48:01 +00:00
Nick Mathewson
339f094056 Refactor some code and add some asserts based on scanner results.
svn:r16783
2008-09-05 21:19:53 +00:00
Nick Mathewson
a345506672 Add an assert to make tools happier.
svn:r16782
2008-09-05 20:59:09 +00:00
Nick Mathewson
4d94e061c7 Clean up some redundant stuff in crypto_dh_new().
svn:r16778
2008-09-05 20:18:22 +00:00
Nick Mathewson
8ea780632f Make severity args to add_*_log() functions be const
svn:r16775
2008-09-05 19:52:44 +00:00
Nick Mathewson
c33dde4ac1 Fix mingw build with --enable-gcc-warnings set.
svn:r16759
2008-09-04 21:58:09 +00:00
Nick Mathewson
fa2f72ded7 An asterisk makes a difference sometimes. Fixes bug 809.
svn:r16758
2008-09-04 20:42:02 +00:00
Roger Dingledine
ed45a42f98 take out the crazy line from last night that made no sense. apparently
it does work for tas after all.


svn:r16724
2008-09-01 21:24:25 +00:00
Roger Dingledine
9f823f54d5 remove some redundant includes. i expect the first one to be a problem
for tas, but who knows.


svn:r16723
2008-09-01 21:16:07 +00:00
Nick Mathewson
f80ac31d74 Add a lockfile to the Tor data directory to avoid situations where two Tors start with the same datadir, or where a --list-fingerprints races with a server to create keys, or such.
svn:r16722
2008-09-01 20:06:26 +00:00
Roger Dingledine
04eded4a5c take out a line that i think is extraneous. come on, what could
go wrong?


svn:r16714
2008-09-01 08:01:40 +00:00
Roger Dingledine
6942bd66ea Fix compile on OpenBSD 4.4-current. Bugfix on 0.2.1.5-alpha.
Reported by Tas.


svn:r16713
2008-09-01 08:01:22 +00:00
Roger Dingledine
4eab76f074 remove a code path that should never happen (and if it did, we'd be
complaining about an errno set from some arbitrary previous problem).


svn:r16684
2008-08-29 09:06:18 +00:00
Roger Dingledine
c5fef3c57f commit jake's patch to include strings with socks5 error numbers
svn:r16657
2008-08-25 21:02:22 +00:00
Nick Mathewson
88e6162649 r17848@tombo: nickm | 2008-08-22 12:10:11 -0400
Make definition of tor_mutex_t go into compat.h, so that it is possible to inline mutexes in critical objects.  Add init/uninit functions for mutexes allocated inside other structs.


svn:r16623
2008-08-22 16:24:52 +00:00
Nick Mathewson
0711408c22 Adjust definition of SMARTLIST_FOREACH_END() to enforce matching variable.
svn:r16597
2008-08-19 15:33:03 +00:00
Nick Mathewson
22259a0877 The first of Karsten's proposal 121 patches: configure and maintain client authorization data. Tweaked a bit: see comments on or-dev.
svn:r16475
2008-08-08 14:36:11 +00:00
Nick Mathewson
f6879caa04 Try once again to make BSD compilation happy.
svn:r16474
2008-08-08 12:58:17 +00:00
Nick Mathewson
d9601c65e0 r17666@tombo: nickm | 2008-08-07 15:12:30 -0400
Make tor_addr_from_sockaddr also give away the port in a useful format


svn:r16458
2008-08-07 19:13:35 +00:00
Nick Mathewson
2905291af2 r17659@tombo: nickm | 2008-08-06 12:22:11 -0400
Fix bug 794: recover 3 bytes wasted per memory chunk.  Fix from rovv.


svn:r16447
2008-08-06 16:22:25 +00:00
Nick Mathewson
645cbd690b r17643@31-33-44: nickm | 2008-08-05 16:18:25 -0400
Oops.  Remove code to set (nonportable) sin_len fields.  Added it to try to fix a bug that turned out to be something else.


svn:r16436
2008-08-05 20:18:28 +00:00
Nick Mathewson
960a0f0a99 r17641@31-33-44: nickm | 2008-08-05 16:07:53 -0400
Initial conversion of uint32_t addr to tor_addr_t addr in connection_t and related types.  Most of the Tor wire formats using these new types are in, but the code to generate and use it is not.  This is a big patch.  Let me know what it breaks for you.


svn:r16435
2008-08-05 20:08:19 +00:00
Karsten Loesing
626fafe563 Make compiler with GCC warnings enabled happy.
svn:r16300
2008-07-31 10:33:02 +00:00
Nick Mathewson
f366d10a2f r17435@tombo: nickm | 2008-07-30 08:50:54 -0400
Allow alternate form of SMARTLIST_FOREACH with paired BEGIN and END macros.  This lets the compiler tell us which line an error has occurred on.


svn:r16256
2008-07-30 13:04:28 +00:00
Nick Mathewson
e5bc5f11b8 r17434@tombo: nickm | 2008-07-29 10:58:36 -0400
Refactor tor_addr_from_string: it didnt need most of parse_addr_mask_port_range, and its dependence on that latter function made it less flexible.


svn:r16255
2008-07-30 13:04:26 +00:00
Nick Mathewson
507b01357a r17426@tombo: nickm | 2008-07-28 20:34:03 -0400
More test coverage for tor_addr_t; fix a couple of bugs.


svn:r16234
2008-07-29 00:34:50 +00:00
Nick Mathewson
056d97da0c r17391@pc-10-8-1-079: nickm | 2008-07-25 17:11:17 +0200
Tor_addr_compare did a semantic comparison, such that ::1.2.3.4 and 1.2.3.4 were "equal".  we sometimes need an exact comparison.  Add a feature to do that.


svn:r16210
2008-07-25 15:11:21 +00:00
Nick Mathewson
9da0482007 r17358@pc-10-8-1-079: nickm | 2008-07-25 16:41:03 +0200
Split out the address manipulation functions from compat and util: they were about 21% of the total of those, and spread out too much.


svn:r16208
2008-07-25 14:43:24 +00:00
Nick Mathewson
3ce6e2fba2 r17346@aud-055: nickm | 2008-07-24 15:37:19 +0200
Make generic address manipulation functions work better.  Switch address policy code to use tor_addr_t, so it can handle IPv6.  That is a good place to start.


svn:r16178
2008-07-24 13:44:04 +00:00
Karsten Loesing
9231858ff5 Fix bug 763. When a hidden service is giving up on an introduction point candidate that was not included in the last published rendezvous descriptor, don't reschedule publication of the next descriptor.
svn:r15825
2008-07-10 21:02:01 +00:00
Nick Mathewson
cb7cc9e12d r16882@tombo: nickm | 2008-07-10 14:31:25 -0400
Fix for session-related bug found by Geoff Goodell. backport candidate, once tested.


svn:r15821
2008-07-10 18:31:33 +00:00
Nick Mathewson
c5ec7a3677 Stop using __attribute__((nonnull)): It gets us occcasional warnings when we do something so foolish it can be detected without dataflow analysis, but it also eliminates some of our error checking code. Suggested by Peter Gutmann.
svn:r15803
2008-07-09 15:23:23 +00:00
Nick Mathewson
1a564901e4 Fix the rest of the GCC warnings on OpenBSD_malloc_linux.c
svn:r15698
2008-07-06 18:33:35 +00:00
Nick Mathewson
8bc2ab03f8 Remove spurious "netintet" check from configure.in
svn:r15672
2008-07-05 21:17:04 +00:00
Nick Mathewson
9d7a2d4eae r16689@tombo: nickm | 2008-07-03 11:03:14 -0400
Fix for bug 742: do not use O_CREAT on 2-option version of open().  Especially do not use it on /dev/null.  Fix from Michael Scherer. Bugfix on 0.0.2pre19 (wow).


svn:r15626
2008-07-03 15:04:16 +00:00
Nick Mathewson
3ec25c2410 r16587@tombo: nickm | 2008-06-28 00:13:40 -0400
fix for bug 704; found by sjmurdoch.  Windows and recent openssl both want to define OCSP_RESPONSE; do not let them.


svn:r15533
2008-06-28 04:16:17 +00:00
Nick Mathewson
d4ed91c672 Set dynamic-locking callbacks in openssl. These can be more efficient when openssl uses them.
svn:r15222
2008-06-13 16:35:12 +00:00
Roger Dingledine
d395135e2f fix a few typos, and give the bootstrap phase stuff a changelog entry.
svn:r15183
2008-06-13 04:26:05 +00:00
Nick Mathewson
22080354ed r16217@tombo: nickm | 2008-06-12 21:13:09 -0400
Remove spurious debugging message.


svn:r15176
2008-06-13 01:13:12 +00:00
Nick Mathewson
617843988c r16215@tombo: nickm | 2008-06-12 18:39:03 -0400
Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers.  This is a bit of a kludge, but it is at least decently well commented.


svn:r15173
2008-06-12 22:39:13 +00:00
Nick Mathewson
d0a4ad3a1c r16127@tombo: nickm | 2008-06-10 14:03:01 -0400
Improved code for counting clients by country: support recording by number of directory status requests in addition to number of IPs seen.


svn:r15097
2008-06-10 18:08:56 +00:00
Nick Mathewson
ae2d022f0c Remov unused macro in crypto.c
svn:r14950
2008-06-04 18:41:08 +00:00
Nick Mathewson
61ac80a914 Ouch. We were sometimes getting openssl compression by default. This is pointless for us, since the overwhelming majority of our cells are encrypted, full of compressed data, or both. This is also harmful, since doing piles of compression is not cheap. Backport candidate once more tested.
svn:r14830
2008-05-29 14:39:56 +00:00
Nick Mathewson
ac330d9ba7 New code to implement proposal for local geoip stats. Only enabled with --enable-geoip-stats passed to configure.
svn:r14802
2008-05-29 02:29:35 +00:00
Nick Mathewson
da67500336 If the user has an openssl that supports my "release buffer ram" patch, use it.
svn:r14671
2008-05-19 18:13:00 +00:00
Nick Mathewson
09cd8fa371 r19795@catbus: nickm | 2008-05-16 14:54:24 -0400
Rename tor_addr_t manipulation functions for a consistent style.


svn:r14639
2008-05-16 19:19:49 +00:00
Nick Mathewson
b7a80920e2 r15558@tombo: nickm | 2008-05-09 04:35:12 -0400
New (temporary) tool to dump the modulus of a key.  May help with a project of weasel's.


svn:r14580
2008-05-09 08:35:38 +00:00
Nick Mathewson
1823c45a71 r19613@catbus: nickm | 2008-05-05 19:57:06 -0400
Log correct openssl buf capacity when using my sooper sekrit buffer hack.  This will help test the aforementioned ssbh.


svn:r14567
2008-05-05 23:57:17 +00:00
Roger Dingledine
a364592ca0 make check-spaces wants a newline at the end of tortls
svn:r14508
2008-04-29 19:51:38 +00:00
Nick Mathewson
05b184de01 r15304@tombo: nickm | 2008-04-23 16:31:40 -0400
Forward-port: I had apparently broken OSX and Freebsd by not initializing threading before we initialize the logging system.  This patch should do so, and fix bug 671.


svn:r14430
2008-04-23 20:32:31 +00:00
Nick Mathewson
299014b2c7 r15251@tombo: nickm | 2008-04-22 11:59:46 -0400
On platforms using pthreads, allow a thread to acquire a lock it already holds.  This is crucial for logging: otherwise any log message thrown from inside the logging process (especially from control.c) will deadlock.  Win32 CriticalSections are already recursive.  Bug spotted by nwf.  Bugfix on 0.2.0.16-alpha.  Backport candidate. I hope this is portable.


svn:r14406
2008-04-22 15:59:59 +00:00
Nick Mathewson
b927ede48c r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400
Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.


svn:r14350
2008-04-10 15:12:24 +00:00
Nick Mathewson
20cf4d1f09 r19283@catbus: nickm | 2008-04-09 21:44:18 -0400
The optimist calls the glass half full.  The pessimist calls it half empty.  The engineer says it is twice as large as it needs to be.  In this case, the engineer says that the default smartlist size is twice as large as it needs to be and wouldn't it be nice to save half a megabyte with a one-line patch?


svn:r14341
2008-04-10 01:44:23 +00:00
Nick Mathewson
cc7a8a63b1 r15120@tombo: nickm | 2008-04-08 18:01:58 -0400
Add very short 0.2.1.x list based on discussion from arma. needs fleshing out and merging with other lists.


svn:r14324
2008-04-08 22:02:08 +00:00
Nick Mathewson
98aea7186c r19249@catbus: nickm | 2008-04-08 14:04:02 -0400
Oops. Fix one last memarea freelist bug.


svn:r14322
2008-04-08 18:04:05 +00:00
Nick Mathewson
a725d5da5e r19247@catbus: nickm | 2008-04-08 13:50:01 -0400
Fix behavior of memarea freelists.


svn:r14321
2008-04-08 17:50:03 +00:00
Nick Mathewson
f8bacfd724 r19245@catbus: nickm | 2008-04-08 13:33:27 -0400
Oops. It turns out that there are some subtle differences between >= and <.


svn:r14320
2008-04-08 17:33:29 +00:00
Nick Mathewson
31153d6374 r19243@catbus: nickm | 2008-04-08 13:28:59 -0400
Use a freelist to hold a few recent memarea chunks.  We do a kazillion memarea allocs and frees; that cant be good for us.


svn:r14319
2008-04-08 17:29:05 +00:00
Nick Mathewson
a627407fcb r19233@catbus: nickm | 2008-04-08 13:06:34 -0400
When we remove old routers, use Bloom filters rather than a digestmap-based set in order to tell which ones we absolutely need to keep.  This will save us roughly a kazillion little short-lived allocations for hash table entries.


svn:r14318
2008-04-08 17:06:41 +00:00
Nick Mathewson
2d68487e7f r19229@catbus: nickm | 2008-04-07 12:28:22 -0400
Add a new SMARTLIST_FOREACH_JOIN macro to iterate through two sorted lists in lockstep.  This happens at least 3 times in the code so far, and is likely to happen more in the future.  Previous attempts to do so proved touchy, tricky, and error-prone: now, we only need to get it right in one place.


svn:r14309
2008-04-07 16:28:34 +00:00
Nick Mathewson
4c04b7f4f6 r19201@catbus: nickm | 2008-04-04 14:23:19 -0400
Better macro documentation


svn:r14298
2008-04-04 21:18:51 +00:00
Peter Palfrader
9d132fbde6 Add --hush switch.
New --hush command-line option similar to --quiet.  While --quiet disables all
logging to the console on startup, --hush limits the output to messages of
warning and error severity.


svn:r14222
2008-03-27 17:25:49 +00:00
Nick Mathewson
02acee891c r19089@catbus: nickm | 2008-03-27 11:05:23 -0400
Free some static hashtables and the log mutex on exit. Backport candidate.


svn:r14212
2008-03-27 15:05:28 +00:00
Roger Dingledine
e9221f4a0d fix a leak when adding a temp log
svn:r14203
2008-03-26 18:59:45 +00:00
Roger Dingledine
8dfccf6145 fix mem leak in parsing log config lines
svn:r14202
2008-03-26 18:36:46 +00:00
Nick Mathewson
e8cc756c13 r19072@catbus: nickm | 2008-03-26 13:50:24 -0400
Add code to debug memory area size.  Use results of this code to set a couple of area sizes more sanely.


svn:r14201
2008-03-26 17:50:27 +00:00
Nick Mathewson
762d82cf74 r19062@catbus: nickm | 2008-03-26 12:56:25 -0400
Fix whitespace


svn:r14197
2008-03-26 16:56:37 +00:00
Nick Mathewson
e4ebe3409e r19049@catbus: nickm | 2008-03-26 12:33:25 -0400
Add new stacklike, free-all-at-once memory allocation strategy.  Use it when parsing directory information.  This helps parsing speed, and may well help fragmentation some too.  hidden-service-related stuff still uses the old tokenizing strategies.


svn:r14194
2008-03-26 16:33:33 +00:00
Nick Mathewson
df6b256bc0 r19041@catbus: nickm | 2008-03-25 16:20:42 -0400
More unit tests to improve coverage.


svn:r14185
2008-03-25 20:20:45 +00:00
Nick Mathewson
41deb5cd7b r19039@catbus: nickm | 2008-03-25 12:15:58 -0400
Add some unit tests, particularly for AES counter mode.


svn:r14180
2008-03-25 16:16:05 +00:00
Roger Dingledine
901e2ad04b correct a confusing log message
svn:r14165
2008-03-24 18:37:52 +00:00
Nick Mathewson
b5b77f8bf3 r19004@catbus: nickm | 2008-03-21 15:18:43 -0400
Use RAND_poll() again: the bug that made us stop using it has been fixed.


svn:r14150
2008-03-21 19:18:57 +00:00
Nick Mathewson
7dd78f1576 r18929@catbus: nickm | 2008-03-18 12:08:16 -0400
Detect errors from directory listing correctly on win32.  Bug found by lodger.


svn:r14102
2008-03-18 16:08:49 +00:00
Nick Mathewson
199d65d059 r18927@catbus: nickm | 2008-03-18 11:11:49 -0400
Combine common code in set_max_file_descriptors(): all that varies from platform to platform in the no-getrlimit() case is the connection limit and the platform name.


svn:r14101
2008-03-18 15:11:52 +00:00
Nick Mathewson
fba2599680 r18923@catbus: nickm | 2008-03-18 11:01:22 -0400
Add missing typecasts to log message  in set_max_file_descriptors to tell gcc everything is okay on windows.  Fixes bug 630.


svn:r14099
2008-03-18 15:01:36 +00:00
Nick Mathewson
05f5d778a2 r18919@catbus: nickm | 2008-03-18 10:53:38 -0400
Forward-port bug 622 fix as diagnosed by lodger.


svn:r14096
2008-03-18 14:53:41 +00:00
Nick Mathewson
ea6f636e94 r18890@catbus: nickm | 2008-03-17 13:19:29 -0400
Clarify documentation for file_status a little


svn:r14079
2008-03-17 17:21:09 +00:00
Peter Palfrader
0cccf7375b And use 16k pages on ia64. Maybe this should be a configure thing
svn:r14073
2008-03-17 09:46:18 +00:00
Nick Mathewson
2ed4b818cb r18878@catbus: nickm | 2008-03-17 00:11:02 -0400
Clean up an overwide line.


svn:r14072
2008-03-17 04:11:05 +00:00
Nick Mathewson
bd547e3cfc r18861@catbus: nickm | 2008-03-16 23:22:56 -0400
Fix a couple of bugs in setting control log callback severity.


svn:r14065
2008-03-17 03:37:52 +00:00
Nick Mathewson
0b941640df r18852@catbus: nickm | 2008-03-16 22:47:19 -0400
Downgrade "sslv3 alert handshake failure" message to info.


svn:r14057
2008-03-17 02:47:49 +00:00
Nick Mathewson
b29f763ee1 r18850@catbus: nickm | 2008-03-16 22:35:38 -0400
Use 8k pages in openbsd malloc code on alpha. Bug and solution found by weasel.  Also, when initializing openbsd malloc code, check that compiled page size matches output of getpagesize().


svn:r14056
2008-03-17 02:47:40 +00:00
Nick Mathewson
46155aca17 r18804@catbus: nickm | 2008-03-13 18:18:31 -0400
Refactor log domain mask code so that nobody outside of log.c has to use SEVERITY_MASK_IDX.  It is error-prone.


svn:r14016
2008-03-13 22:18:38 +00:00
Nick Mathewson
d928e5685f r18803@catbus: nickm | 2008-03-13 17:59:25 -0400
Fix behavior of switch_logs_debug() in trunk.  Fixes bug 626. Bugfix on r13875.


svn:r14015
2008-03-13 22:18:36 +00:00
Nick Mathewson
0c6fc51909 r18793@catbus: nickm | 2008-03-13 14:09:19 -0400
Add a malloc_good_size() implementation to OpenBSD_malloc_Linux.c.  Also, make configure.in not use support functions for the platform malloc when we are not using the platform mallocs.


svn:r14010
2008-03-13 18:11:33 +00:00
Peter Palfrader
e6b2d119e8 Assert that severity in logv() is sane. Interesting effects otherwise (It is being used as an array index)
svn:r14006
2008-03-13 16:56:14 +00:00
Nick Mathewson
cad3d651d0 r18783@catbus: nickm | 2008-03-13 11:06:45 -0400
Oops, do a better fix for that.


svn:r14001
2008-03-13 15:06:49 +00:00
Nick Mathewson
ac6cc43047 r18781@catbus: nickm | 2008-03-13 11:00:51 -0400
Have OpenBSD_malloc_Linux.c use SIZE_T_MAX from torint.h, instead of checking cpu macros.  There is always one more cpu you havent checked for.


svn:r14000
2008-03-13 15:06:26 +00:00
Peter Palfrader
3a92e3f15f I wonder what the DISGARD service is
svn:r13999
2008-03-13 14:09:01 +00:00
Nick Mathewson
11e464c331 r18753@catbus: nickm | 2008-03-11 14:56:39 -0400
Make some assert()s into tor_assert()s.  Make some tor_assert()s called from logging into assert()s, and document why.


svn:r13977
2008-03-11 18:56:41 +00:00
Nick Mathewson
4d32c2e81f r18751@catbus: nickm | 2008-03-11 14:22:43 -0400
Fix for bug 614: always look at the network BIO for the SSL object, not at the buffering BIO (if one exists because we are renegotiating or something).  Bugfix on 0.1.2.x, oddly enough, though it should be impossible to trigger the problem there.  Backport candidate.  See comments in tortls.c for detailed implementation note.


svn:r13975
2008-03-11 18:22:49 +00:00
Nick Mathewson
24f91d2876 r18747@catbus: nickm | 2008-03-11 13:21:25 -0400
Request client certs when renegotiating on server-side. Spotted by lodger.  Bugfix on 0.2.0.x.


svn:r13973
2008-03-11 17:21:44 +00:00
Nick Mathewson
7587e16796 r18639@catbus: nickm | 2008-03-07 20:11:48 -0500
Change semantics of add-a-log functions to copy severity setup: that is way less error-prone.  Fix up config.c to act accordingly.


svn:r13888
2008-03-08 01:11:54 +00:00
Nick Mathewson
2675276618 r18638@catbus: nickm | 2008-03-07 20:11:15 -0500
Fix typo in tortls.c comment.


svn:r13887
2008-03-08 01:11:52 +00:00
Nick Mathewson
f56ba5f3d6 r18630@catbus: nickm | 2008-03-05 17:31:33 -0500
Implement domain-selection for logging.  Source is documented; needs documentation in manpage (maybe).  For now, see doxygen comment on parse_log_severity_config in log.c


svn:r13875
2008-03-05 22:31:39 +00:00
Nick Mathewson
77d1654c50 r18535@catbus: nickm | 2008-03-01 09:58:33 -0500
Whoo.  People diagnosed and fixed bug 616. See changelog for details.  Bugfix on 0.2.0.20-rc.


svn:r13793
2008-03-01 14:59:03 +00:00
Roger Dingledine
04efc74e18 be a little bit more helpful than "Error reading directory."
make a note to try to be more helpful still.


svn:r13776
2008-02-28 21:37:39 +00:00
Nick Mathewson
d14f8f2547 r14516@tombo: nickm | 2008-02-27 03:10:26 -0500
Write some unit tests for a few functions and cases that needed them.


svn:r13751
2008-02-27 08:10:28 +00:00
Roger Dingledine
e7f3d6f76c fix most of pnx's warnings on irix64
svn:r13706
2008-02-24 23:39:53 +00:00
Nick Mathewson
3452486ac6 r14422@tombo: nickm | 2008-02-24 17:09:56 -0500
Whitespace fixes


svn:r13700
2008-02-24 22:11:18 +00:00
Roger Dingledine
a0bc80bbf8 <weasel> tortls.c: In function `tor_tls_client_is_using_v2_ciphers':
<weasel> tortls.c:634: warning: passing arg 1 of `SSL_get_session' discards
qualifiers from pointer target type

Nick, see if you like this patch.


svn:r13690
2008-02-24 00:35:20 +00:00
Nick Mathewson
e7db789e82 r14399@tombo: nickm | 2008-02-22 14:09:38 -0500
More 64-to-32 fixes. Partial backport candidate. still not done.


svn:r13680
2008-02-22 19:09:45 +00:00
Nick Mathewson
031c212776 r18360@catbus: nickm | 2008-02-21 22:26:32 -0500
Make torint.h define ssize_t more robustly; add spaces to last patch


svn:r13670
2008-02-22 03:26:35 +00:00
Nick Mathewson
688b7ddf83 r18358@catbus: nickm | 2008-02-21 22:21:57 -0500
Remove extraneous commas in compat.c


svn:r13669
2008-02-22 03:23:20 +00:00
Nick Mathewson
6a1e0c2373 r18356@catbus: nickm | 2008-02-21 21:54:55 -0500
Remove redundant check from container.c that gcc 4.2 didnt like


svn:r13668
2008-02-22 02:55:02 +00:00
Nick Mathewson
b21a122ef6 r14379@tombo: nickm | 2008-02-21 17:14:24 -0500
Enable v2 handshakes.


svn:r13666
2008-02-21 22:14:32 +00:00
Nick Mathewson
69300eb606 r14374@tombo: nickm | 2008-02-21 16:57:39 -0500
Fix all remaining shorten-64-to-32 errors in src/common.  Some were genuine problems.  Many were compatibility errors with libraries (openssl, zlib) that like predate size_t.  Partial backport candidate.


svn:r13665
2008-02-21 21:57:47 +00:00
Nick Mathewson
b375472d14 r14373@tombo: nickm | 2008-02-21 16:29:18 -0500
Apply warnings about implicit 64-to-32 conversions; some from Sebastian Hahn; some not.


svn:r13664
2008-02-21 21:57:42 +00:00
Roger Dingledine
1cd90948ab maybe appease the overflow detectors more
svn:r13663
2008-02-21 21:56:04 +00:00
Nick Mathewson
daefbfe691 r14371@tombo: nickm | 2008-02-21 16:13:18 -0500
Fix all -Wshorten-64-to-32 warnings that appear on my macbook.


svn:r13662
2008-02-21 21:15:31 +00:00
Nick Mathewson
5c03f82a65 r18345@catbus: nickm | 2008-02-21 13:45:04 -0500
Do the last part of arma's fix for bug 437: Track the origin of every addrmap, and use this info so we can remove all the trackhostexits-originated mappings for a given exit.


svn:r13660
2008-02-21 18:45:11 +00:00
Nick Mathewson
e2f25558b9 r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500
Change some of our log messages related to closed TLS connections in order to better reflect reality.


svn:r13657
2008-02-21 16:11:58 +00:00
Nick Mathewson
8b1789c71f r18336@catbus: nickm | 2008-02-21 09:33:15 -0500
Patch from Sebastian Hahn: remove obsolete timeval manipulation functions.


svn:r13653
2008-02-21 14:33:20 +00:00
Roger Dingledine
b3c0d066e5 other cleanups that have been sitting in my sandbox
svn:r13649
2008-02-21 09:01:32 +00:00
Roger Dingledine
b28a342e35 resolve one more, and leave two for nick.
svn:r13644
2008-02-21 05:53:50 +00:00
Nick Mathewson
063ced8903 r18296@catbus: nickm | 2008-02-20 23:30:11 -0500
Answer one xxx020 item; move 7 other ones to a new "XXX020rc" category: they should get fixed before we cut a release candidate. arma: please review these to see whether you have fixes/answers for any. Please check out the other 14 XXX020s to see if any look critical for the release candidate.


svn:r13640
2008-02-21 04:30:14 +00:00
Nick Mathewson
47e6247673 r18294@catbus: nickm | 2008-02-20 22:42:44 -0500
Fix a spelling error and clean up a recent veracode-induced integer overflow check.  Both spotted by Chris Palmer.


svn:r13639
2008-02-21 03:42:56 +00:00
Nick Mathewson
1df0647c66 r18291@catbus: nickm | 2008-02-20 22:35:32 -0500
Resolve all DOCDOC issues, and document some other undocumented code, and fix a changelog entry.


svn:r13638
2008-02-21 03:38:46 +00:00
Nick Mathewson
7b022eda9c r18290@catbus: nickm | 2008-02-20 22:34:59 -0500
Correct handling of nested MAP_FOREACH loops.  There are none of those ATM, but isn't it nice that now they'll be correct?


svn:r13637
2008-02-21 03:38:44 +00:00
Nick Mathewson
93aa335516 r18269@catbus: nickm | 2008-02-20 17:28:24 -0500
Apply patch from Sebastian Hahn: stop imposing an arbitrary maximum on the number of file descriptors used for busy servers.  Bug reported by Olaf Selke.


svn:r13626
2008-02-20 22:28:26 +00:00
Nick Mathewson
b30c1637bd One last tweak on debugging code.
svn:r13621
2008-02-20 17:30:00 +00:00
Nick Mathewson
88efec10a2 r18256@catbus: nickm | 2008-02-20 11:57:31 -0500
Simplify rounding logic in bitarray; fix a bug in bitarray_expand().


svn:r13619
2008-02-20 16:57:41 +00:00
Nick Mathewson
0399538b90 r18233@catbus: nickm | 2008-02-19 18:46:07 -0500
Count sockets returned from socketpair() too.  This is probably not the socket counting bug.


svn:r13600
2008-02-19 23:46:08 +00:00
Nick Mathewson
42c4670e27 r18230@catbus: nickm | 2008-02-19 18:29:43 -0500
Add a few asserts to catch possible errors found by veracode.


svn:r13598
2008-02-19 23:29:45 +00:00
Nick Mathewson
dbcf29d301 r18228@catbus: nickm | 2008-02-19 18:05:53 -0500
Chris Palmer notes that almost nobody is using smartlist_set_capacity().  Chris Palmer is right.  Remove this basically pointless function.


svn:r13596
2008-02-19 23:05:56 +00:00
Nick Mathewson
9479dd3768 r18226@catbus: nickm | 2008-02-19 18:01:01 -0500
Brown-paper-bag time.  We were failing to count all the sockets from accept().


svn:r13595
2008-02-19 23:01:07 +00:00
Nick Mathewson
632c035ad9 r18221@catbus: nickm | 2008-02-19 17:46:16 -0500
New debugging code to figure out what is happending with socket counts.


svn:r13593
2008-02-19 22:46:19 +00:00
Nick Mathewson
4ccffd7aea r18218@catbus: nickm | 2008-02-19 17:27:40 -0500
When SafeLogging is off, have TLS errors and messages logged with their associated addresses.


svn:r13591
2008-02-19 22:27:44 +00:00
Nick Mathewson
749735215b r18208@catbus: nickm | 2008-02-19 17:02:30 -0500
Add some checks in torgzip.c to make sure we never overflow size_t there.  Also make sure we do not realloc(list,0) in container.c.  Backport candidate.


svn:r13587
2008-02-19 22:05:49 +00:00
Roger Dingledine
d61835a4ba clean up the socket counting thing. third time's a charm.
svn:r13581
2008-02-19 19:48:07 +00:00
Nick Mathewson
f4dc006fb5 r18198@catbus: nickm | 2008-02-19 14:30:30 -0500
Try to *fix* the socket counting problem, and add an info log to detect whether we really fixed it


svn:r13580
2008-02-19 19:30:41 +00:00
Roger Dingledine
ab4d3888e4 hunt for killerchicken's socket counting problem
svn:r13578
2008-02-19 19:27:55 +00:00
Nick Mathewson
5d069a543b r18138@catbus: nickm | 2008-02-18 13:13:18 -0500
Try to make conditional include logic for openbsd malloc not warn on arma's computer. May fix bug 610.


svn:r13557
2008-02-18 18:14:32 +00:00