Commit Graph

24694 Commits

Author SHA1 Message Date
Nick Mathewson
2b825a1a2e Fix a crash bug in max_u16_in_sl()
The documentation for this function says that the smartlist can
contain NULLs, but the code only handled NULLs if they were at the
start of the list.

We didn't notice this for a long time, because when Tor is run
normally, the sequence of msg_id_t is densely packed, and so this
list (mapping msg_id_t to channel_id_t) contains no NULL elements.
We could only run into this bug:
  * when Tor was running in embedded mode, and starting more than once.
  * when Tor ran first with more pubsub messages enabled, and then
    later with fewer.
  * When the second run (the one with fewer enabled pubsub messages)
    had at least some messages enabled, and those messages were not
    the ones with numerically highest msg_id_t values.

Fixes bug 31898; bugfix on 47de9c7b0a
in 0.4.1.1-alpha.
2019-10-01 13:01:20 -04:00
Nick Mathewson
34bbdaf5d4 Add a test for max_u16_in_sl().
This test does not currently pass, because of bug 31898.
2019-10-01 13:01:20 -04:00
Nick Mathewson
f17591b8e5 Rename max_in_sl to max_in_u16_sl, and expose it as STATIC.
Since we want to make this function slightly more visible for testing
purposes, it needs a better name.
2019-10-01 13:01:20 -04:00
Nick Mathewson
39640728c3 Add comments to try to prevent recurrence of #31495.
There is a bad design choice in two of our configuration types,
where the empty string encodes a value that is not the same as the
default value.  This design choice, plus an implementation mistake,
meant that config_dup() did not preserve the value of routerset_t,
and thereby caused bug #31495.

This comment-only patch documents the two types with the problem,
and suggests that implementors try to avoid it in the future.

Closes ticket 31907.
2019-10-01 09:45:12 -04:00
George Kadianakis
e8e42f4af9 Help users who try to use v2 client auth in v3 onions. 2019-10-01 13:41:21 +03:00
teor
56d0655ed8 err: Remove a duplicate header in backtrace.c 2019-09-30 23:17:04 +10:00
teor
c23986246b err: Always lock the backtrace buffer before it is used
Fixes bug 31734; bugfix on 0.2.5.3-alpha.
2019-09-30 23:17:04 +10:00
Nick Mathewson
53116ca0b7 Re-run "make autostyle" with improved annotate_ifdef_directives 2019-09-30 08:57:37 -04:00
teor
db329522ef
log: When initialising log domain masks, only set known log domains
And add a runtime test that checks for unknown domains and flags.

Fixes bug 31854; bugfix on 0.2.1.1-alpha.
2019-09-30 22:05:00 +10:00
teor
25c5322dfe
log: Define count, boundary, and all macros for domains and flags
And do static checks on those macro definitions.

Part of 31854.
2019-09-30 22:04:03 +10:00
teor
4c88ebcf47
log: Remove duplicate code and an outdated comment
Preparation for 31854.
2019-09-30 22:03:59 +10:00
George Kadianakis
9318682109 Merge branch 'tor-github/pr/1346' 2019-09-30 13:56:51 +03:00
George Kadianakis
ae8d36db31 Merge branch 'tor-github/pr/1302' 2019-09-30 13:47:53 +03:00
George Kadianakis
fc760c5088 Merge branch 'tor-github/pr/1356' 2019-09-30 13:47:06 +03:00
George Kadianakis
4673cb8168 Merge branch 'tor-github/pr/1339' 2019-09-30 13:44:59 +03:00
teor
2420c8c936 test: Avoid a map_anon_nofork test failure on SunOS
This test failure happened due to a signed/unsigned integer
comparison.

This bug occurred on SunOS, it may also occur on other systems that
use signed char as the default. (And cast 1-byte integer constants
to an unsigned integer.)

Fixes bug 31897; bugfix on 0.4.1.1-alpha.
2019-09-30 14:54:56 +10:00
Nick Mathewson
194dbea24d Run "make autostyle" with new "annotate_ifdef_directives" 2019-09-26 15:52:45 -04:00
Nick Mathewson
ffd857bbe1 Merge remote-tracking branch 'tor-github/pr/1308' 2019-09-26 14:36:37 -04:00
teor
d1eab05834
lock: Avoid some undefined behaviour when freeing mutexes.
Fixes bug 31736; bugfix on 0.0.7.
2019-09-26 12:37:25 +10:00
teor
749c2e1761
log: explain why it is safe to leave the log mutex initialized
The log mutex is dynamically initialized, guarded by log_mutex_initialized.
We don't want to destroy it, because after it is destroyed, we won't see
any more logs.

If tor is re-initialized, log_mutex_initialized will still be 1. So we
won't trigger any undefined behaviour by trying to re-initialize the
log mutex.

Part of 31736, but committed in this branch to avoid merge conflicts.
2019-09-26 12:22:34 +10:00
teor
2f8a9a2db6
sandbox: Allow backtrace signals to be disabled
Part of 31614.
2019-09-26 12:22:30 +10:00
teor
315f14c709
backtrace: avoid undefined behaviour on re-initialisation
cb_buf_mutex is statically initialised, so we can not destroy it when
we are shutting down the err subsystem. If we destroy it, and then
re-initialise tor, all our backtraces will fail.

Part of 31736, but committed in this branch to avoid merge conflicts.
2019-09-26 12:07:25 +10:00
Nick Mathewson
40a22fb707 Merge remote-tracking branch 'tor-github/pr/1349' 2019-09-25 13:07:19 -04:00
George Kadianakis
01a797be4e Merge branch 'tor-github/pr/1334' 2019-09-25 14:19:02 +03:00
George Kadianakis
0a77e5f1c2 Merge branch 'tor-github/pr/1341' 2019-09-25 14:18:15 +03:00
George Kadianakis
09769779a0 Merge branch 'tor-github/pr/1357' 2019-09-25 14:17:35 +03:00
George Kadianakis
2199629648 Merge branch 'tor-github/pr/1345' 2019-09-25 14:14:30 +03:00
George Kadianakis
99f75373de Merge branch 'tor-github/pr/1309' 2019-09-25 14:12:42 +03:00
teor
d30a042fa8 test: Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes
In the unit tests and fuzzers.

Fixes bug 31334; bugfix on 0.2.5.2-alpha.
2019-09-25 16:40:09 +10:00
teor
1ad1e84b17 log: Move SEVERITY_MASK_IDX() to log.h
Move SEVERITY_MASK_IDX() to log.h private/unit tests section, so that
we can use it in log.c, the unit tests, and the fuzzers.

(The test and fuzzer code changes are in a subsequent commit.)

Preparation for bug 31334.
2019-09-25 16:37:07 +10:00
teor
0cb57a4908
feature/control: add a missing word to the send_control_done() comment 2019-09-24 15:08:37 +10:00
teor
dfea789203
log: Improve the documentation for tor_log_update_sigsafe_err_fds()
Part of 31839.
2019-09-24 15:04:03 +10:00
teor
ab7bfdf404
backtrace: Add a missing check for HAVE_PTHREAD_H before using mutexes
Fixes bug 31614; bugfix on 0.2.5.2-alpha.
2019-09-24 13:35:55 +10:00
teor
6b97a5a843
backtrace: Disable signal handlers in remove_bt_handler()
Fixes bug 31614; bugfix on 0.2.5.2-alpha.
2019-09-24 13:35:48 +10:00
teor
83fa962c1a
test: a file with no config options, at the end of an %include directory
(The file must contain whitespace or comments to trigger the bug.)

Regression test for 31408.
2019-09-24 11:10:50 +10:00
teor
876b3e2775
Merge branch 'bug31408_035' into bug31408_master 2019-09-24 11:07:38 +10:00
Roger Dingledine
e1429d9148 fix typo in comment 2019-09-23 18:32:05 -04:00
AmreshVenugopal
3e45260594 fix: Ticket #31589
- The function `decrypt_desc_layer` has a cleaner interface.
- `is_superencrypted_layer` changed from `int` -> `bool`

[ticket details](https://trac.torproject.org/projects/tor/ticket/31589)

add(changes/*): changes file
fix(src/features/hs): is_superencrypted changed from `int` -> `bool`
fix(changes/ticket31589): header
add(changes/ticket31589): subsystem(onion services) to change
2019-09-23 23:52:01 +05:30
Daniel Pinto
15490816da
Fix bug when %including folder with comment only files. #31408
When processing a %included folder, a bug caused the pointer to
the last element of the options list to be set to NULL when
processing a file with only comments or whitepace. This could
cause options from other files on the same folder to be
discarded depending on the lines after the affected %include.
2019-09-23 10:39:08 +10:00
Nick Mathewson
c309169217 microdesc_parse: convert some ints to bools
Noted by ahf during review of #31675
2019-09-19 14:37:24 -04:00
Nick Mathewson
194884977c microdesc_parse: Rename "next" label to "err". 2019-09-19 14:37:24 -04:00
Nick Mathewson
2094796c24 Reindent microdesc_parse_fields().
I suggest reviewing this with -b: it should be whitespace-only.
2019-09-19 14:37:24 -04:00
Nick Mathewson
ec368409fa Extract field-parsing code for microdesc_parse.c
The code here parses the fields from the microdescriptor, including
possible annotations, and stores them into a microdesc_t object.

This commit is almost pure code movement; I recommend using
--color-moved to review it.
2019-09-19 14:37:24 -04:00
Nick Mathewson
b1552e8814 Reindent microdesc_extract_body().
This commit is whitespace-only; I suggest reviewing with -b.
2019-09-19 14:37:24 -04:00
Nick Mathewson
9cbc166ea0 Extract the body-copying portion of microdesc parsing
This code is logically independent of the rest of the function, and
goes better in its own function.

This is almost purely code movement; I suggest reviewing with
--color-moved.
2019-09-19 14:37:24 -04:00
Nick Mathewson
6f3f93d86c bump to 0.4.1.6-dev 2019-09-19 08:52:15 -04:00
teor
69a1f9c8a7
test: test dirserv_router_has_valid_address() with DirAllowPrivateAddresses
Part of 31793.
2019-09-19 16:19:19 +10:00
teor
c2ceede376
test: refactor dirserv_router_has_valid_address() tests
Cleanup after 31793.
2019-09-19 16:19:16 +10:00
teor
03c2b1be8d
dirauth: reorder the checks in dirserv_router_has_valid_address()
To avoid a bug warning.

Fixes 31793. Bug not in any release, no changes file required.
2019-09-19 16:19:12 +10:00
teor
46fea1dfee
test: dirserv_router_has_valid_address() with zero-family addresses
Sometimes tor doesn't initialise an address, so its family is zero.

Failing test for 31793. Future commits will fix the code.
2019-09-19 16:19:04 +10:00
Nick Mathewson
37c616aeaf Merge branch 'bug31466_035' into bug31466_042 2019-09-18 15:48:25 -04:00
Nick Mathewson
bf4a27c0ea Merge branch 'bug31466_029' into bug31466_035_tmp 2019-09-18 15:42:40 -04:00
Nick Mathewson
f0e4120996 Add a rate-limit to our warning about the disabled .exit notation
This warning would previously be given every time we tried to open a
connection to a foo.exit address, which could potentially be used to
flood the logs.  Now, we don't allow this warning to appear more
than once every 15 minutes.

Fixes bug 31466; bugfix on 0.2.2.1-alpha, when .exit was first
deprecated.
2019-09-18 15:38:33 -04:00
Nick Mathewson
4bbefc2aac Merge branch 'bug30916_035' into bug30916_041 2019-09-18 11:19:41 -04:00
Nick Mathewson
2da4d64a64 Avoid a crash if our "current" and "old" ntor onion keys are equal
Our dimap code asserts if you try to add the same key twice; this
can't happen if everything is running smoothly, but it's possible if
you try to start a relay where secret_onion_key_ntor is the same as
secret_onion_key_ntor.old.

Fixes bug 30916; bugfix on 0.2.4.8-alpha when ntor keys were
introduced.
2019-09-18 11:14:45 -04:00
Nick Mathewson
1e9488f2fd Extract expressions in construct_ntor_key_map()
No behavioral change here: this is just refactoring.
2019-09-18 11:12:43 -04:00
Nick Mathewson
d6d3e829dd Merge branch 'maint-0.4.1' 2019-09-18 08:07:56 -04:00
Nick Mathewson
70bcff6010 Merge branch 'bug31772_041' into maint-0.4.1 2019-09-18 08:07:50 -04:00
Nick Mathewson
5f00c03ed0 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-09-17 21:28:38 -04:00
Nick Mathewson
9e674d0eb4 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-09-17 21:28:37 -04:00
Nick Mathewson
02840169d8 Merge remote-tracking branch 'tor-github/pr/1300' into maint-0.3.5 2019-09-17 21:28:29 -04:00
Nick Mathewson
25af8ada30 Correct the syntax description for the MAPADDRESS command.
In 0.4.1.1-alpha I introduced a bug where we would require and
ignore a single positional argument.

Fixes bug 31772.
2019-09-17 19:26:45 -04:00
Nick Mathewson
a3342b382a Bump version to 0.4.1.6 2019-09-17 19:11:56 -04:00
Nick Mathewson
c6f7943269 Merge branch 'bug31570_041' into maint-0.4.1 2019-09-17 19:04:25 -04:00
Nick Mathewson
50f981719f Merge branch 'maint-0.4.0' into maint-0.4.1 2019-09-17 18:58:44 -04:00
Nick Mathewson
ef35435584 Merge branch 'maint-0.3.5' into maint-0.4.0 2019-09-17 18:58:43 -04:00
Nick Mathewson
dc41e6a80c Merge remote-tracking branch 'tor-github/pr/1307' into maint-0.3.5 2019-09-17 18:58:06 -04:00
Nick Mathewson
cec42be570 Merge branch 'maint-0.4.0' into maint-0.4.1 2019-09-17 18:56:52 -04:00
Nick Mathewson
ab74c3560a Merge branch 'ticket31552_041' into maint-0.4.1 2019-09-17 18:54:05 -04:00
Nick Mathewson
2d744de355 Correct a comment in channel_tls_process_cell. 2019-09-17 11:42:19 -04:00
Nick Mathewson
7f5c6a603c Move PROCESS_CELL macros outside of channel_tls_process_cell().
These macros are used in multiple functions, and as such really
don't belong within a single function.

Also #undef them once we are done with them.

This change makes practracker pass again.
2019-09-17 11:40:14 -04:00
Nick Mathewson
75d3c08219 bump to 0.4.2.1-alpha-dev 2019-09-17 11:36:43 -04:00
Nick Mathewson
4d7ce27105 Merge branch 'bug31107_041' into bug31107_master 2019-09-17 09:16:53 -04:00
Nick Mathewson
6ee19e57c2 Merge branch 'bug31107_040' into bug31107_041 2019-09-17 09:16:52 -04:00
Nick Mathewson
da8ba5010b Merge branch 'bug31107_035' into bug31107_040 2019-09-17 09:16:52 -04:00
Nick Mathewson
7589995111 Merge branch 'maint-0.3.5' into bug31107_035 2019-09-17 09:16:52 -04:00
Nick Mathewson
3c97ab3c24 Treat an unexpected constant-sized VERSIONS cell as a PROTOCOL_WARN.
We previously used tor_fragile_assert() to declare that this case
could not happen: VERSIONS cells are always supposed to be
variable-sized, right?

This is incorrect, though.  On a v1 link protocol connection, all
cells are fixed-sized.  There aren't supposed to be any VERSIONS
cells with this version of the protocol, but apparently, somebody
was messing up.  (The v1 link protocol is obsolete, so probably the
implementer responsible didn't mean to be using it.)

Fixes bug 31107.  Bugfix on 0.2.4.4-alpha, when we introduced a
tor_fragile_assert() for this case.
2019-09-17 09:13:25 -04:00
George Kadianakis
585eaa123f Merge branch 'tor-github/pr/1323' 2019-09-17 14:51:43 +03:00
Nick Mathewson
a28a682a1f bump version to 0.4.2.1-alpha 2019-09-16 16:24:24 -04:00
Nick Mathewson
68a0106bf3 Run "make autostyle" and fix wide lines. 2019-09-16 13:27:42 -04:00
Nick Mathewson
8ad419744f On windows, allow failures in test_parseconf.sh
There seems to be some unreliability issue with this test on
appveyor.

Addresses ticket 31757; This isn't a final fix for this issue, but
it should make CI pass.
2019-09-16 11:01:03 -04:00
Nick Mathewson
a1694b7363 Fix a shellcheck warning in test_parseconf.sh.
I wonder why this didn't show up before.
2019-09-16 09:22:43 -04:00
George Kadianakis
cd72850e08 Merge branch 'tor-github/pr/1316' 2019-09-16 15:22:18 +03:00
George Kadianakis
5ec751b38b Merge branch 'tor-github/pr/1324' 2019-09-16 15:21:28 +03:00
George Kadianakis
a1192b6b4a Merge branch 'tor-github/pr/1273' 2019-09-16 15:20:25 +03:00
George Kadianakis
bdd17da9fd Merge branch 'tor-github/pr/1318' 2019-09-16 15:19:38 +03:00
Nick Mathewson
11cf4d9c3a test_parseconf.sh: On --dump-config failure, --verify-config 2019-09-14 19:00:41 -04:00
Nick Mathewson
7e9ee3a58d Add a test with many non-default options. 2019-09-14 19:00:41 -04:00
Nick Mathewson
617679df42 Add a few error test cases 2019-09-14 19:00:41 -04:00
Nick Mathewson
80e858e3e6 Add an integration test for %include. 2019-09-14 19:00:41 -04:00
Nick Mathewson
28025698a1 test_parseconf: run each test from inside its directory.
We need this to test includes and relative paths.
2019-09-14 19:00:41 -04:00
Nick Mathewson
850a00dc07 Add test for +Option, /Option, and Option
Here we use these directives to replace, extend, or clear values in
torrc.defaults and in torrc.
2019-09-14 19:00:41 -04:00
Nick Mathewson
2f7be9620b Move our first 3 example conf_examples to named directories
I'm not planning to use "example" as the name for all of them, but
these first three _are_ simple examples.
2019-09-14 19:00:41 -04:00
Nick Mathewson
7c7e8402b5 Add a test script to try parsing and encoding Tor configurations
This script takes a set of example torrcs and command-lines from
src/test/conf_examples.  If a success is expected, it runs "tor
--dump-config" and compares the result with the one we expect.  If a
failure is expected, it runs "tor --verify-config" and greps for the
error we expect.
2019-09-14 19:00:41 -04:00
Nick Mathewson
bfc5f09979 Detect overflow or underflow on double config values.
Any floating point value too positive or negative to distinguish
from +/-Inf, or too small to distinguish from +/-0, is an
over/underflow.
2019-09-13 18:26:16 -04:00
David Goulet
286b129b09 Merge branch 'tor-github/pr/1319' 2019-09-12 13:53:59 -04:00
David Goulet
c39c9ce26b Merge branch 'tor-github/pr/1285' 2019-09-12 13:47:09 -04:00
George Kadianakis
028733e8b6 Merge branch 'tor-github/pr/1303' 2019-09-12 18:09:35 +03:00
George Kadianakis
3aaa4d416b Merge branch 'tor-github/pr/1299' 2019-09-12 18:08:00 +03:00
Nick Mathewson
c3b1a25d46 Workaround for GCC "note" about "variable tracking size limit"
GCC complains that we are using too many variables here, probably
because of the sheer number of locals used for our tinytest macros.
Eventually we should fix that (see 30968), but this commit just
makes the "note" go away by splitting the test function into two.
2019-09-12 18:07:47 +03:00