Commit Graph

826 Commits

Author SHA1 Message Date
Nick Mathewson
34e4122025 Merge branch 'ticket20657_nickm_bugfixes_squashed' 2017-08-08 20:31:57 -04:00
George Kadianakis
440eaa9b22 Correctly assign HSDir flags based on protocol list
In Nick's words:

"We want to always return false if the platform is a Tor version, and it
is not as new as 0.3.0.8 -- but if the platform is not a Tor version, or
if the version is as new as 0.3.0.8, then we want to obey the protocol
list.

That way, other implementations of our protocol won't have to claim any
particular Tor version, and future versions of Tor will have the freedom
to drop this protocol in the distant future."
2017-08-08 20:29:34 -04:00
David Goulet
85c80adf4a prop224: HSDir v3 support is >= 0.3.0.8
Because of bug #22447, we have to select nodes that are at least this version.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
Nick Mathewson
decb927685 Add an assertion to try to please coverity.
Coverity, for some reason, thought that weight_scale might be 0,
leading to a divide-by-zero error.
2017-07-28 10:17:57 -04:00
Isis Lovecruft
c59ba01550
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified.  This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).

 * FIXES #19871.
 * REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
   src/or/rephist.c.
 * REMOVES every external call to these functions.
2017-07-13 20:24:48 +00:00
Roger Dingledine
0fe7c42e0e general formatting / whitespace / typo fixes 2017-07-01 17:56:06 -04:00
Nick Mathewson
ee3ccd2fac #22211 Fix a comment in routerparse.c 2017-05-10 11:16:07 -04:00
Nick Mathewson
e1d31f2a2f Update the consdiff directory code based on #22143 fixes
These are mostly just identifier renames, except for one place in
routerparse.c where we switch to using a correct hash.
2017-05-04 08:49:02 -04:00
Nick Mathewson
112286338b Store the sha3 of a networkstatus as part of the networkstatus_t
Also store it in the cached_dir_t.
2017-05-04 08:37:41 -04:00
Nick Mathewson
5acddbbbf7 bug#22143/prop#140: identify input diffs by their digest-as-signed
See may 3 changes to prop140 for more background.
2017-05-03 13:09:08 -04:00
David Goulet
dff50001ec prop224: Flag router with HSIntro/HSDir using protover
Note down in the routerstatus_t of a node if the router supports the HSIntro=4
version for the ed25519 authentication key and HSDir=2 version for the v3
descriptor supports.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-07 09:44:52 -04:00
Nick Mathewson
7505f452c8 Run the copyright update script. 2017-03-15 16:13:17 -04:00
Nick Mathewson
5203cd2f11 Check for NULL as input to extrainfo_parse_entry_from_string()
We hope this will make the clangalyzer less worried about this function.

Closes ticket 21496.
2017-03-06 11:31:11 -05:00
Nick Mathewson
ef610467fa Merge remote-tracking branch 'teor/bug21507-029' 2017-02-28 11:19:24 -05:00
teor
57154e71aa
Reject Tor versions that contain non-numeric prefixes
strto* and _atoi64 accept +, -, and various whitespace before numeric
characters. And permitted whitespace is different between POSIX and Windows.

Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.
2017-02-19 22:38:06 +11:00
Nick Mathewson
5dbbd6bc39 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-02-17 11:32:45 -05:00
Nick Mathewson
67cec7578c Check for micro < 0, rather than checking "minor" twice.
Bug found with clang scan-build.  Fixes bug on f63e06d3dc.
Bug not present in any released Tor.
2017-02-17 11:31:39 -05:00
Nick Mathewson
d633c4757c Merge branch 'maint-0.2.9' 2017-02-15 08:19:51 -05:00
Nick Mathewson
fea93abecd whoops; make 21450 compile 2017-02-15 08:19:37 -05:00
Nick Mathewson
62f98ad485 Merge branch 'maint-0.2.9' 2017-02-15 07:58:15 -05:00
Nick Mathewson
cb6b3b7cad Limit version numbers to 0...INT32_MAX.
Closes 21450; patch from teor.
2017-02-15 07:57:34 -05:00
Nick Mathewson
76d79d597a Merge branch 'maint-0.2.9' 2017-02-15 07:48:42 -05:00
Nick Mathewson
ec6b5a098d Merge branch 'bug21278_redux_029_squashed' into maint-0.2.9 2017-02-15 07:48:18 -05:00
Nick Mathewson
eeb743588a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-02-15 07:48:10 -05:00
Nick Mathewson
1ebdae6171 Merge branch 'maint-0.2.7' into maint-0.2.8 2017-02-15 07:47:28 -05:00
Nick Mathewson
ed806843dc Merge branch 'maint-0.2.6' into maint-0.2.7 2017-02-15 07:47:21 -05:00
Nick Mathewson
3781f24b80 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-15 07:47:12 -05:00
Nick Mathewson
a452b71395 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-15 07:47:04 -05:00
Roger Dingledine
3c4da8a130 give tor_version_parse_platform some function documentation 2017-02-15 07:46:34 -05:00
Nick Mathewson
f63e06d3dc Extract the part of tor_version_as_new_as that extracts platform
Also add a "strict" mode to reject negative inputs.
2017-02-15 07:46:34 -05:00
Nick Mathewson
194e31057f Avoid integer underflow in tor_version_compare.
Fix for TROVE-2017-001 and bug 21278.

(Note: Instead of handling signed ints "correctly", we keep the old
behavior, except for the part where we would crash with -ftrapv.)
2017-02-14 16:10:27 -05:00
Nick Mathewson
143235873b Memory leak on bogus ed key in microdesc 2017-01-30 08:37:26 -05:00
Nick Mathewson
a092bcdd4f Fix a memory leak found while fuzzing 2017-01-30 08:37:26 -05:00
Nick Mathewson
b1567cf500 Three more fuzzers: consensus, hsdesc, intro points 2017-01-30 08:37:24 -05:00
Nick Mathewson
e2aeaeb76c Make a bunch of signature/digest-checking functions mockable 2017-01-30 08:37:22 -05:00
Nick Mathewson
a9c8a5ff18 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-20 18:14:21 -05:00
Nick Mathewson
b18bde23cf Merge branch 'maint-0.2.5' into maint-0.2.6 2016-12-20 18:11:25 -05:00
Nick Mathewson
db58d4d16f Merge branch 'maint-0.2.4' into maint-0.2.5 2016-12-20 18:11:08 -05:00
Nick Mathewson
f9f1e3c94b Merge branch 'maint-0.2.9' 2016-12-19 08:03:17 -05:00
Nick Mathewson
de65647461 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:58:43 -05:00
Nick Mathewson
c11de4c45f Merge branch 'bug21018_024' into maint-0.2.8 2016-12-19 07:58:21 -05:00
Nick Mathewson
d978216dea Fix parsing bug with unecognized token at EOS
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.

This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.

Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Nick Mathewson
2cee38f76a Merge branch 'prop271_030_v1_squashed' 2016-12-16 11:20:59 -05:00
Nick Mathewson
56b11905e5 Remove a little dead code from routerparse.c
In c35fad2bde, merged in
0.2.4.7-alpha, we removed the code to parse v1 directory
objects. When we did so, we removed everything that could set the
CST_CHECK_AUTHORITY flag for check_signature_token().

So in this code, we remove the flag itself, the code to handle the
flag, and a function that only existed to handle the flag.
2016-12-13 09:36:59 -05:00
Nick Mathewson
41adfd6fa3 Fix a couple more crypto_digest() calls to be explicit < 0 2016-12-05 10:31:31 -05:00
Nick Mathewson
539eba0a4b Teach parse_iso_time about the spaceless variant.
(We previously added support for generating the spaceless
2016-11-14T19:58:12 variant, but not for actually parsing it.)
2016-11-30 14:42:52 -05:00
Chelsea H. Komlo
9d9110f65d
crypto_digest256 returns expected error value of -1 2016-11-24 12:13:07 -05:00
Chelsea H. Komlo
276d07a88a
crypto_digest returns expected error value of -1 2016-11-24 10:01:03 -05:00
Nick Mathewson
b6164e1604 Merge remote-tracking branch 'public/feature20552' 2016-11-10 09:25:11 -05:00
Nick Mathewson
c58592e658 Merge branch 'maint-0.2.9' 2016-11-08 18:51:19 -05:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
David Goulet
e8c12175fe Move token parsing code to parsecommon.{c|h}
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
fae7060aea Fix a misfeature with the Ed cert expiration API
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.

This closes ticket 15087.
2016-11-03 08:37:22 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
Nick Mathewson
aae034d13e Write a bunch of module documentation.
This commit adds or improves the module-level documenation for:

  buffers.c circuitstats.c command.c connection_edge.c control.c
  cpuworker.c crypto_curve25519.c crypto_curve25519.h
  crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c
  dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c
  onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c
  protover.c protover.h reasons.c rephist.c replaycache.c
  routerlist.c routerparse.c routerset.c statefile.c status.c
  tor_main.c workqueue.c

In particular, I've tried to explain (for each documented module)
what each module does, what's in it, what the big idea is, why it
belongs in Tor, and who calls it.  In a few cases, I've added TODO
notes about refactoring opportunities.

I've also renamed an argument, and fixed a few DOCDOC comments.
2016-10-17 10:16:59 -04:00
Nick Mathewson
55c468c521 Whitespace cleaning 2016-10-14 10:40:31 -04:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
1ab641a70e Remove version_known, and subtly change the meaning of protocols_known 2016-09-26 10:56:53 -07:00
Nick Mathewson
f3382bd722 Rename "proto " to "pr " in consensuses 2016-09-26 10:56:53 -07:00
Nick Mathewson
e525f5697f Use protocols to see when EXTEND2 support exists.
(Technically, we could just remove extend2 cell checking entirely,
since all Tor versions on our network are required to have it, but
let's keep this around as an example of How To Do It.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
90a6fe318c Vote on 'proto' lines and include them after 'v' lines.
(Despite the increased size of the consensus, this should have
approximately zero effect on the compressed consensus size, since
the "proto" line should be completely implied by the "v" line.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
cca1e0acff Add necessary code to parse and handle required/recommended protocols 2016-09-26 10:56:49 -07:00
Nick Mathewson
4df12239f6 Emit and parse protocol lists in router descriptors 2016-09-26 10:56:49 -07:00
Nick Mathewson
8fdf2f583c Unit tests for proposal 271 client-side implementation 2016-09-13 09:45:55 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
aaa3129043 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
Trivial Conflicts:
	src/or/or.h
	src/or/routerparse.c
2016-07-01 15:29:05 -04:00
David Goulet
0c26a6db7e prop250: Parse votes and consensus
One of the last piece that parses the votes and consensus in order to update
our state and make decision for the SR values.

We need to inform the SR subsystem when we set the current consensus because
this can be called when loaded from file or downloaded from other authorities
or computed.

The voting schedule is used for the SR timings since we are bound to the
voting system.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
Nick Mathewson
ac9784f7f5 Fix a missing break; in dump_desc_init()
Found by coverity scan; this is CID 1362983
2016-07-01 10:02:22 -04:00
Nick Mathewson
69e22e294b Set binary mode when checking malformed descriptor. 2016-06-30 18:23:58 -04:00
Nick Mathewson
b750a77e3f fix naked memcmps 2016-06-30 15:34:16 -04:00
Nick Mathewson
c3b720fb26 Try to fix warnings when size_t is smaller than st.st_size. 2016-06-30 14:20:04 -04:00
Andrea Shepard
13a16e0011 Also check if the sandbox is configured as well as if it's active; sandbox_init() runs rather late in the startup process 2016-06-30 09:37:23 +00:00
Andrea Shepard
34d9dabed1 Do sandbox_is_active() check before reconstructing dump_desc() FIFO on startup too 2016-06-30 07:45:55 +00:00
Andrea Shepard
9580b99dab Add unit test for dump_desc_populate_fifo_from_directory() 2016-06-30 07:03:26 +00:00
Andrea Shepard
f99c9df02b Make things mockable for dump_desc_populate_fifo_from_directory() unit test 2016-06-30 07:03:26 +00:00
Andrea Shepard
42f089473a Unit test for dump_desc_populate_one_file() 2016-06-30 07:03:26 +00:00
Andrea Shepard
421cf21b3c Reload unparseable descriptor dump FIFO state from on-disk dumped descriptors at startup 2016-06-30 07:03:26 +00:00
Andrea Shepard
38cced90ef Move unparseable descriptor dumps into subdirectory of DataDir 2016-06-30 07:03:25 +00:00
Andrea Shepard
dc37546cff Add sandbox_is_active() check to dump_desc() 2016-06-30 07:03:25 +00:00
Andrea Shepard
603f483092 Use uint64_t for total length of dumped descriptors, nad be careful about overflows in the loop in dump_desc_fifo_add_and_clean() 2016-06-30 07:03:25 +00:00
Andrea Shepard
35fc5879fb Expose a few more dump_desc()-related things to the test suite 2016-06-30 07:03:25 +00:00
Andrea Shepard
17ed2fed68 Expose dump_desc() to the test suite and make things it calls mockable 2016-06-30 07:03:24 +00:00
Andrea Shepard
726dc9acf5 Remove old unparseable descriptor logging mechanism, add bump-to-head-of-queue for repeated unparseable descriptors, rename config variable 2016-06-30 07:03:24 +00:00
Andrea Shepard
1cde3e2776 Add multiple descriptor dump support for dump_desc() in routerparse.c; fixes bug 18322 2016-06-30 07:03:24 +00:00
Nick Mathewson
4e2a7cd3ae Add missing braces around conditional. 2016-06-27 13:19:49 -04:00
Nick Mathewson
703254a832 Merge remote-tracking branch 'public/bug15942_v2_alternative' 2016-06-23 09:01:24 -04:00
nikkolasg
568dc27a19 Make base16_decodes return number of decoded bytes
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 08:44:58 -04:00
Andrea Shepard
6370c4ee87 Use exponential backoff for router descriptor downloads from consensuses 2016-06-18 16:32:17 +00:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
b53a2059c4 Expose crypto_digest_algorithm_get_length from crypto.c
Also, use it in routerparse.c
2016-05-23 10:58:27 -04:00
Nick Mathewson
2a884926c0 Merge remote-tracking branch 'dgoulet/bug19066_029_01' 2016-05-23 10:45:13 -04:00
Nick Mathewson
4a14c2cfc7 Merge branch 'maint-0.2.8' 2016-05-19 15:56:39 -04:00
Nick Mathewson
2729f166cb whitespace fixes 2016-05-17 20:08:03 -04:00
Nick Mathewson
ab932cd7bf Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here.  Here
I remove the original location in 0.2.8.  (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)

Closes 19073.
2016-05-17 20:04:16 -04:00
Nick Mathewson
a7f6e434be Merge branch 'maint-0.2.8' 2016-05-17 19:48:49 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00