Commit Graph

4317 Commits

Author SHA1 Message Date
Nick Mathewson
1efb84215e Improve Windows performance with SIO_IDEAL_SEND_BACKLOG_QUERY.
Patch written by "Vort" on trac. Addresses ticket 22798.
2018-01-17 10:40:00 -05:00
Nick Mathewson
60dfdd9b15 Merge branch 'bug21074_029' 2018-01-17 09:07:50 -05:00
Nick Mathewson
0bfd5a6597 Add a cast to avoid a signed/unsigned comparison 2018-01-17 09:06:32 -05:00
Nick Mathewson
454d854363 Merge branch 'bug21074_029' 2018-01-16 14:13:39 -05:00
Nick Mathewson
edc87b263f Merge remote-tracking branch 'ffmancera/bug24861' 2018-01-12 13:29:53 -05:00
Fernando Fernandez Mancera
06368e5310 Fix minGW compatibility issue with zu format specifier.
Define TOR_PRIuSZ as minGW compiler doesn't support zu format specifier for
size_t type.

Fixes #24861 on ac9eebd.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-12 17:44:30 +01:00
Nick Mathewson
42751e2123 On shutdown, mark openssl as uninitialized.
This causes openssl to get completely reinitialized on startup,
which is probably a good idea.
2018-01-11 13:00:15 -05:00
Nick Mathewson
05ac3d0458 Merge branch 'restart_nocrash' 2018-01-11 12:45:25 -05:00
Nick Mathewson
c8c258a433 Merge branch 'bug24733_squashed_2' 2018-01-10 12:57:23 -05:00
Nick Mathewson
519fa1a3e6 Document the alignment limitation of tor_free() 2018-01-10 12:57:13 -05:00
Nick Mathewson
f71bbd20a4 Extract the raw_free() of ifc_buf into a new function.
Explain the problem more correctly.
2018-01-10 12:57:13 -05:00
teor
54899b404c Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
... in get_interface_addresses_ioctl().

This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist
elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have
8-byte ints.)

Fixes bug 24733; not in any released version of tor.
2018-01-10 12:57:13 -05:00
Fernando Fernandez Mancera
7353c9496e Add free_openssl() to crypto_openssl module.
Add free_openssl() function to free the memory allocated for OpenSSL version
management variables. It is required since OpenSSL management has been isolated
from the crypto module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 15:31:41 +01:00
Fernando Fernandez Mancera
4022277272 Refactor crypto.[ch] into smaller OpenSSL module.
Add two new files (crypto_openssl.c, crypto_openssl.h) as new module of
crypto.[ch]. This new module includes all functions and dependencies related
to OpenSSL management. Those have been removed from crypto.[ch].

All new changes related to OpenSSL management must be done in these files.

Follows #24658

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 14:02:17 +01:00
Roger Dingledine
4f83d6d6ad Merge branch 'maint-0.3.2' 2018-01-05 18:44:08 -05:00
Roger Dingledine
5f2c7a8567 remove redundant "implement this" from log message 2018-01-05 18:23:07 -05:00
Nick Mathewson
68ca6d2e19 Don't treat a setrlimit failure as fatal.
Fixes bug 21074; bugfix on 4689243242 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
2018-01-04 13:21:29 -05:00
Chelsea Holland Komlo
3dfe8e6522 add minimal rust module for logging to tor's logger
Allows an optional no-op for testing purposes
2017-12-21 15:29:33 -05:00
Nick Mathewson
719db28f54 Add minimal implementations of functions Rust needs for logging 2017-12-21 15:28:29 -05:00
Nick Mathewson
bac0bcbba1 type error fix for monotime_coarse_add_msec on windows 2017-12-20 17:45:59 -05:00
Nick Mathewson
a499be33b8 Merge branch 'maint-0.3.2' 2017-12-20 11:19:23 -05:00
Nick Mathewson
f7e393eb4c Another attempt at fixing the STACK warning in tortls.c
Patch suggestion from catalyst.

Related to 24423
2017-12-13 10:09:10 -05:00
Nick Mathewson
dd6dec2665 Add a function to add msec to a monotime.
We'll use this for the channel padding logic.
2017-12-13 08:54:29 -05:00
Nick Mathewson
4c877ae874 Add monotime functions for clearing monotonic times
We need this to replace some of our "msec" users with monotime
users.
2017-12-13 08:29:23 -05:00
Nick Mathewson
426110dfa2 Merge branch 'maint-0.3.2' 2017-12-12 19:46:53 -05:00
Nick Mathewson
15b41fa6ae Make sandbox.c compile when libseccomp-dev is installed on arm64
Fixes ticket 24424.  Patch from weasel.
2017-12-12 19:46:03 -05:00
Nick Mathewson
9c604e2bbb Fix compilation: logfile_is_external() must accept const* 2017-12-12 09:21:12 -05:00
Nick Mathewson
6c5a73f87a Merge remote-tracking branch 'ahf-oniongit/bugs/24362' 2017-12-12 09:18:52 -05:00
Alexander Færøy
cbc465a3d1 Simplify explicit conditional checks into an inlined function.
This patch lifts the check for whether a given log file (`logfile_t`) is
an "external logfile" (handled by an external logging system such as
syslog, android's logging subsystem, or as an external C callback
function) into a function on its own.

See: https://bugs.torproject.org/24362
2017-12-12 01:17:57 +00:00
Nick Mathewson
828333e38c Merge remote-tracking branch 'public/bug24099_031' into maint-0.3.1 2017-12-11 16:48:44 -05:00
Nick Mathewson
d5400d50e7 Merge branch 'maint-0.3.2' 2017-12-11 16:43:51 -05:00
Nick Mathewson
418d8bbe92 Merge branch 'stack_fixes_032_v2' into maint-0.3.2 2017-12-11 16:25:04 -05:00
Nick Mathewson
3da15bcbe8 Stop checking for sandbox:new_element() failures: it can't fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK
2017-12-11 16:06:25 -05:00
Nick Mathewson
06ffafcb9d Set DH parameters to NULL on shutdown
If we don't do this, we will use freed memory on restart.

Part of 24581.
2017-12-11 11:52:19 -05:00
Nick Mathewson
322abc030e On exit, free the event_base and set its pointer to NULL.
When we didn't do this before, we'd have some still-reachable memory
warnings, and we'd find ourselves crashing when we tried to
reinitialize libevent.

Part of 24581 (don't crash when restarting Tor in-process)
2017-12-11 11:52:19 -05:00
Nick Mathewson
ea929e8456 Merge remote-tracking branch 'public/feature24427' 2017-12-11 09:59:46 -05:00
Alexander Færøy
b0b8f7c30c Add support for Android's logging subsystem.
This patch adds support for Android's logging subsystem in Tor. When
debugging Android applications it is useful to be able to collect
information about the application running on the platform via the
various system services that is available on the platform.

This patch allows you to add "Log notice android" to your torrc and have
Tor send everything above and including the notice severity to Android's
ring buffer which can be inspected using the 'adb logcat' program.

See: https://bugs.torproject.org/24362
2017-12-11 13:22:39 +00:00
Nick Mathewson
58e8094816 Fix compilation with --disable-memory-sentinels
We'd broken this with the recent _free() rewrite.
2017-12-11 08:01:54 -05:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
Nick Mathewson
17dcce3fe1 Fix wide lines introduced by previous patch. 2017-12-08 14:47:19 -05:00
Nick Mathewson
285632a61b Replace all FREE_AND_NULL* uses to take a type and a free function.
This commit was made mechanically by this perl script:

\#!/usr/bin/perl -w -i -p

next if /^#define FREE_AND_NULL/;
s/\bFREE_AND_NULL\((\w+),/FREE_AND_NULL\(${1}_t, ${1}_free_,/;
s/\bFREE_AND_NULL_UNMATCHED\(/FREE_AND_NULL\(/;
2017-12-08 14:47:19 -05:00
Nick Mathewson
95531ddfbf Let's have only one FREE_AND_NULL variant.
This commit removes the old FREE_AND_NULL, and renames the old
FREE_AND_NULL_UNMATCHED so that it is now called FREE_AND_NULL.

This will break all the FREE_AND_NULL_* users; the next commit will
fix them.
2017-12-08 14:47:19 -05:00
Nick Mathewson
1d348989b0 Make tor_free only evaluate its input once (at least on gcc and clang) 2017-12-08 14:47:19 -05:00
Nick Mathewson
db024adc90 Switch to a safer FREE_AND_NULL implementation
This one only evaluates the input once, so it cannot mess up even if
there are side effects.
2017-12-08 14:47:19 -05:00
Nick Mathewson
c92ac9f5cb Convert the rest of src/common's headers to use FREE_AND_NULL 2017-12-08 14:47:19 -05:00
Nick Mathewson
021fdd39e4 Use mach_approximate_time() for coarse time where available.
This lets us have a coarse-time implementation with reasonable
performance characteristics on OSX and iOS.

Implements 24427.
2017-12-08 09:24:02 -05:00
Nick Mathewson
afceb431ed add a missing windows underscore 2017-12-07 15:14:49 -05:00
Nick Mathewson
046acf208b Fix a compiler warning 2017-12-06 15:46:54 -05:00
Nick Mathewson
5f518c69aa Merge remote-tracking branch 'public/monotime_coarse_stamps' 2017-12-06 15:43:50 -05:00
Nick Mathewson
a798ba6e9b Merge branch 'maint-0.3.2' 2017-12-05 12:10:06 -05:00
Nick Mathewson
779e4b9dcf Tweaks to strings in 24500 2017-12-05 12:09:57 -05:00
Fernando Fernandez Mancera
313360e6e6 Make errno error log more useful for getrandom()
Making errno error log more useful for getrandom() call. Adding if statement to
make difference between ENOSYS and other errors.

Fixes #24500

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-05 12:05:09 -05:00
Nick Mathewson
cef844d017 Merge branch 'maint-0.3.2' 2017-11-30 12:07:59 -05:00
Nick Mathewson
fd73a168ca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-30 12:07:59 -05:00
Nick Mathewson
ee48eb1eb5 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 12:07:59 -05:00
Nick Mathewson
7e2b012b46 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-30 12:07:59 -05:00
Nick Mathewson
5fc0587c04 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 12:07:59 -05:00
Nick Mathewson
ba4a9cf0c0 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-30 12:07:59 -05:00
Nick Mathewson
1880a6a88e Avoid asking for passphrase on junky PEM input
Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bbed.
2017-11-27 15:25:03 -05:00
Nick Mathewson
c3c0a05f51 Add a new notion of "stamps" to be a fast 32-bit monotonic timestamp
The goal here is to replace our use of msec-based timestamps with
something less precise, but easier to calculate.  We're doing this
because calculating lots of msec-based timestamps requires lots of
64/32 division operations, which can be inefficient on 32-bit
platforms.

We make sure that these stamps can be calculated using only the
coarse monotonic timer and 32-bit bitwise operations.
2017-11-27 09:43:15 -05:00
Nick Mathewson
bf882b0373 re-run ./scripts/maint/annotate_ifdef_directives 2017-11-21 14:07:43 -05:00
Nick Mathewson
5da0a73838 Merge branch 'ticket23953_033_squashed' 2017-11-21 14:06:57 -05:00
Nick Mathewson
25f882a9cf Use stdatomic.h for atomic_counter_t where available.
Closes ticket 23953.
2017-11-21 14:06:48 -05:00
Nick Mathewson
517032b8ce Merge branch 'maint-0.3.2' 2017-11-21 12:41:39 -05:00
Nick Mathewson
ba94dc28e8 Merge branches 'bug24099_031' and 'bug24086_031' into maint-0.3.2 2017-11-21 12:37:46 -05:00
Nick Mathewson
729f9a286c Merge branch 'maint-0.3.2' 2017-11-20 13:22:10 -05:00
Nick Mathewson
846df5b3cd Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2 2017-11-20 13:20:25 -05:00
Nick Mathewson
cabcb752d7 In storagedir, take more care with errno on empty or mislabeled file
Required for 24099 fix -- we won't be able to act based on errno
unless we can trust it.
2017-11-20 10:10:13 -05:00
Nick Mathewson
2f086888b1 Make all the crypto free() functions macros that clear their targets 2017-11-17 12:01:30 -05:00
Nick Mathewson
94db8f32e4 Make all the free() functions from container.h clear their targets 2017-11-17 12:01:19 -05:00
Nick Mathewson
c1bdb80aba Add a macro to call a free_ function and clear a variable 2017-11-17 11:45:47 -05:00
Nick Mathewson
2d3904aba6 Check the libc version to decide whether to allow openat. 2017-11-16 14:06:38 -05:00
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
a321f8f4af Merge branch 'buf_for_stringbuffer_squashed' 2017-11-02 10:01:30 -04:00
Nick Mathewson
095e15f8ac Add a zero-copy buffer move implementation. 2017-11-02 10:00:32 -04:00
Nick Mathewson
d5ba4851bd Add buf_t API helpers for using buffers to construct outputs. 2017-11-02 10:00:32 -04:00
Nick Mathewson
cd606d5ad3 Merge remote-tracking branch 'public/owning_control_fd' 2017-11-01 13:28:31 -04:00
Nick Mathewson
b76a161e01 Merge branch 'fix-torrcd-sandbox-22605v2' 2017-10-31 13:58:33 -04:00
Nick Mathewson
30a681553f Merge remote-tracking branch 'public/exit_carefully' 2017-10-27 11:13:05 -04:00
Nick Mathewson
fa78546dbc Make sure all C files have copyright/license notices 2017-10-27 10:59:36 -04:00
Nick Mathewson
f5e9e2748f Merge branch 'protover-rust-impl_squashed' 2017-10-27 10:05:30 -04:00
Chelsea Holland Komlo
91bca5c31b move to allocating c strings from rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
be583a34a3 use tor allocator for string allocation in rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c04b54d4d minimize scope for unsafe
update documentation

missing check for null
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d1820c1516 rust implementation of protover 2017-10-27 10:02:08 -04:00
Nick Mathewson
f0c3b62381 Expose a new function to make the event loop exit once and for all.
Instead of calling tor_cleanup(), exit(x), we can now call
tor_shutdown_event_loop_and_exit.
2017-10-20 11:39:17 -04:00
Nick Mathewson
35746a9ee7 Comment-only change: annotate exit() calls.
Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.

But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.

I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.

First step towards 23848.
2017-10-19 13:42:28 -04:00
Nick Mathewson
0956242158 Mark some unreachable code in compat_winthreads.c as unreachable 2017-10-19 13:21:48 -04:00
Nick Mathewson
4eb5753bd2 New function for Tor to treat itself as the "owner" of a socket
Our socket accounting functions assumed that we'd never be asked to
close a socket that we didn't open ourselves.  But now we want to
support taking control sockets that we inherit -- so we need a way
of taking ownership of them, so we don't freak out later on when we
close them.
2017-10-18 12:17:44 -04:00
Nick Mathewson
5bcd8dc5c4 Make the mark_socket_open() no-op treat the socket as used.
This is preliminary for extracting the "take socket ownership" code
into its own function.
2017-10-18 12:13:26 -04:00
Nick Mathewson
b0ddaac074 Make some assertions nonfatal to help prevent bug23690 recurrence. 2017-09-29 10:29:33 -04:00
Alexander Færøy
8d6940814a
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 20:17:41 +02:00
Alexander Færøy
44dc4b73ec
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
c3b7f9d762
Fix whitespace issue in compress.c 2017-09-28 18:58:15 +02:00
Alexander Færøy
a196fdb622
Fix typo in buffers.c. 2017-09-28 18:58:09 +02:00
Nick Mathewson
3a073c463d Improve unit test coverage for compression code.
These tests try uncompressing garbage, verify that we won't
make compression bombs, and verify that we won't uncompress
compression bombs.
2017-09-28 12:20:02 -04:00
Nick Mathewson
14614a592e Fix spelling: compressing, not compresing 2017-09-28 12:17:34 -04:00
Nick Mathewson
55873107d0 Correct docs for config_lines_dup_and_filter 2017-09-28 09:40:04 -04:00
Nick Mathewson
a64d79ca4c Move around some LCOV_EXCLs in src/common
Apparently, my compiler now generates coverage markers for
label-only lines, so we need to exclude those too if they are meant
to be unreachable.
2017-09-28 09:25:17 -04:00
Nick Mathewson
01d67a9071 Note an unreachable (?) section in buffers.c 2017-09-28 08:35:24 -04:00
Nick Mathewson
ff0aabc35d Merge branch 'maint-0.3.1' 2017-09-20 09:45:07 -04:00
Andreas Stieger
427c2cc9e8 in zstd compression, fix 32 bit build
format '%lu' expects argument of type 'long unsigned int', but argument ... has type 'size_t'

Closes ticket 23568.
2017-09-20 09:43:08 -04:00
David Goulet
5dea4b565f Add a BASE32_DIGEST_LEN define
Use this value instead of hardcoded values of 32 everywhere. This also
addresses the use of REND_DESC_ID_V2_LEN_BASE32 in
hs_lookup_last_hid_serv_request() for the HSDir encoded identity digest length
which is accurate but semantically wrong.

Fixes #23305.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 12:33:04 -04:00
Nick Mathewson
76c33f7ff4 Merge branch 'scan-build-032' 2017-09-15 16:40:11 -04:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Nick Mathewson
7a597718bb Split some long #if lines to make the #endif annotator happy 2017-09-15 16:24:21 -04:00
Nick Mathewson
9201e4c74b Merge branch 'bug23487_029' 2017-09-15 14:27:58 -04:00
Nick Mathewson
75659fd548 Use different variable names for pw_uid usages
Catalyst points out that using pw_uid for two different purposes
here is likely to be confusing.
2017-09-15 14:26:59 -04:00
Nick Mathewson
0f4f40b70f Merge remote-tracking branch 'dgoulet/ticket12541_032_02' 2017-09-15 12:00:50 -04:00
David Goulet
6e598bbcd8 sched: Add sandbox support for KIST
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
teor
42e7d0ea14
Explain the restrictions on divisor in round*_to_next_multiple_of
Closes 23528.
2017-09-15 16:06:17 +10:00
Nick Mathewson
4ff170d7b1 Fix warnings about passing uninitialized buffers into functions
Most of these buffers were never actually inspected, but it's still
bad style.
2017-09-12 21:32:42 -04:00
Nick Mathewson
f2f729e26b Clear up dead-assignment warnings from scan-build 2017-09-12 21:32:34 -04:00
Nick Mathewson
a4847ffa91 clang scan-build: Fix "dead increment" warnings.
For the most part, these indicated a spot where the code could have
been better.
2017-09-12 19:03:04 -04:00
Nick Mathewson
7ee486c15f Log correctly on owner/user mismatch.
Found with clang's scan-build while looking at dead assignments.

Fixes bug 23487; bugfix on 1135405c8c in 0.2.9.1-alpha
2017-09-12 17:37:25 -04:00
Nick Mathewson
0729ba2868 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-12 09:23:57 -04:00
Nick Mathewson
bac160b4e0 One more implicit fallthrough warning to fix on GCC 7 2017-09-12 09:22:50 -04:00
Nick Mathewson
c894e9d3d4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-11 16:29:10 -04:00
Nick Mathewson
6a49e3360b Fix mixed-sign comparison warning in fix for 22797. 2017-09-11 16:29:06 -04:00
Nick Mathewson
a25d97e530 Merge branch 'teor-bug22797-025' into maint-0.2.9 2017-09-11 16:28:59 -04:00
Nick Mathewson
52c40330c8 Merge branch 'maint-0.3.1' 2017-09-11 13:49:20 -04:00
Nick Mathewson
72ea4a8f08 Extract the important parts of the run-pending-timers function.
Our unit tests will need this, so that they can simulate advancing
time without getting libevent involved.
2017-09-11 13:48:39 -04:00
Nick Mathewson
c151f46445 Merge branch 'ticket20119' 2017-09-08 08:56:53 -04:00
Nick Mathewson
1502bf03fd Add a module comment to util_bug.h
Closes ticket 22824.
2017-09-07 09:31:30 -04:00
Nick Mathewson
ab18e5e5fc Better error on failure to load seccomp2 sandbox
There are two reasons this is likeliest to happen -- no kernel
support, and some bug in Tor.  We'll ask people to check the former
before they report. Closes 23090.
2017-09-06 14:23:47 -04:00
Nick Mathewson
1098893e4f Exit when we can't write to a configured pid file
This is probably what the user wants, according to 20119.
2017-09-06 11:50:22 -04:00
Nick Mathewson
c0b9f594b6 Make preferred_chunk_size nonstatic, and add a prefix to it 2017-09-05 14:17:18 -04:00
Nick Mathewson
6ec5059723 Refactor buffer APIs to put a buf_t first.
By convention, a function that frobs a foo_t should be called
foo_frob, and it should have a foo_t * as its first argument.  But
for many of the buf_t functions, the buf_t was the final argument,
which is silly.
2017-09-05 13:57:51 -04:00
Nick Mathewson
d61da9e61f Repair wide lines from previous commit. 2017-09-05 13:57:51 -04:00
Nick Mathewson
4a7e90adc5 Repair buffer API so everything starts with buf_.
Our convention is that functions which manipulate a type T should be
named T_foo.  But the buffer functions were super old, and followed
all kinds of conventions.  Now they're uniform.

Here's the perl I used to do this:

\#!/usr/bin/perl -w -i -p

s/read_to_buf\(/buf_read_from_socket\(/;
s/flush_buf\(/buf_flush_to_socket\(/;
s/read_to_buf_tls\(/buf_read_from_tls\(/;
s/flush_buf_tls\(/buf_flush_to_tls\(/;
s/write_to_buf\(/buf_add\(/;
s/write_to_buf_compress\(/buf_add_compress\(/;
s/move_buf_to_buf\(/buf_move_to_buf\(/;
s/peek_from_buf\(/buf_peek\(/;
s/fetch_from_buf\(/buf_get_bytes\(/;
s/fetch_from_buf_line\(/buf_get_line\(/;
s/fetch_from_buf_line\(/buf_get_line\(/;
s/buf_remove_from_front\(/buf_drain\(/;
s/peek_buf_startswith\(/buf_peek_startswith\(/;
s/assert_buf_ok\(/buf_assert_ok\(/;
2017-09-05 13:57:51 -04:00
Nick Mathewson
336aa21e37 Move buffers.c and buffers_tls.c into src/common
These are no longer tor-specific, so they can be part of the
infrastructure.
2017-09-05 13:57:51 -04:00
Daniel Pinto
23147dd168 Adds files included by torrc and defaults to sandbox filter #22605 2017-08-30 18:20:07 +01:00
Nick Mathewson
4b4b3afb56 Merge branch 'bug22802_squashed' 2017-08-28 10:23:05 -04:00
Nick Mathewson
b88d00fea3 Don't fall back to _atoi64
We only did this on windows when building with MSVC 6 and earlier,
which is now considered a screamingly bad idea.
2017-08-28 10:21:29 -04:00
Nick Mathewson
e37c1df9cd Don't use "0" as a "base" argument to tor_parse_*().
Telling these functions to autodetect the numeric base has lead to
trouble in the past.

Fixes bug 22469. Bugfix on 0.2.2.various.
2017-08-28 10:21:29 -04:00
Nick Mathewson
b91dce9454 Merge branch 'maint-0.3.1' 2017-08-25 11:39:38 -04:00
Nick Mathewson
6069c829f9 Merge branch 'bug19418_029' into maint-0.3.1 2017-08-25 11:38:24 -04:00
Nick Mathewson
e884248118 Fix a needless line-continuation in aes.c
coccinelle was getting confused
2017-08-24 15:32:30 -04:00
Nick Mathewson
1d0f7b7ccd Apply test-operator-cleanup to src/common too. 2017-08-24 15:26:57 -04:00
Nick Mathewson
d37e8b407a Merge branch 'feature22976_squashed' 2017-08-24 09:23:43 -04:00
Nick Mathewson
6247f5a5ba Merge branch 'maint-0.3.1' 2017-08-11 11:51:06 -04:00
Nick Mathewson
b4963da987 Treat a bad tor_spawn_background() as a BUG().
The contract is that, if may_spawn_background_process() is 0, you're
not even allowed to try to spawn a process.
2017-08-09 10:58:07 -04:00
Nick Mathewson
eb43401bfb Add a 'NoExec' option that causes tor_spawn_background() to fail
Core of an implementation for 22976.
2017-08-09 10:45:48 -04:00
Nick Mathewson
94352368db Remove the #if 0ed code that was supposed to let the sandbox allow exec 2017-08-09 10:36:45 -04:00
Nick Mathewson
418f3d6298 Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.

Fixes bug 19418.  Reported by Guido Vranken.
2017-08-09 09:24:16 -04:00
Nick Mathewson
72832086e2 Use a single free-and-exit strategy in config_process_include.
This avoids a double-free when a pointer already freed with
tor_free(config_line) is freed again in the cleanup-and-exit code.

Fixes bug 23155.
2017-08-08 20:08:43 -04:00
Nick Mathewson
649104fdb9 Remove a needless memwipe.
The interior of ctx here is already wiped by
crypto_digest_free(). This memwipe call only wiped the pointer
itself, which isn't sensitive.
2017-08-08 19:58:19 -04:00
Nick Mathewson
48a57f9815 Merge branch 'maint-0.3.1' 2017-08-08 10:10:52 -04:00
Nick Mathewson
7465ea4ad9 Remove some LCOV_EXCL stuff that I think may be testable after all.
This is partial revert on 22286.

Also, tweak some log messages to be distinct.
2017-08-08 10:08:06 -04:00
Nick Mathewson
6121ca16bc Merge remote-tracking branch 'ahf/bugs/22286' into maint-0.3.1 2017-08-08 10:03:08 -04:00
Roger Dingledine
2032b9b1b1 fix typo in comment 2017-08-07 00:22:27 -04:00
Nick Mathewson
89407bedf8 Tweak usage of get_current_working_dir() for tor_malloc() paranoia.
We assume that tor_free() is not required to be compatible with
the platform malloc(), so we need to use a strdup here.
2017-08-04 12:26:35 -04:00
cypherpunks
bfe740f065 Refactor retrieving the current working directory
The GNU C Library (glibc) offers an function which allocates the
necessary memory automatically [0]. When it is available, we use that.

Otherwise we depend upon the `getcwd` function which requires a
preallocated buffer (and its size). This function was used incorrectly
by depending on the initial buffer size being big enough and otherwise
failing to return the current working directory. The proper way of
getting the current working directory requires a loop which doubles the
buffer size if `getcwd` requires it. This code was copied from [1] with
modifications to fit the context.

[0] https://www.gnu.org/software/hurd/hurd/porting/guidelines.html
[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/getcwd.html
2017-08-04 12:22:53 -04:00
Neel Chauhan
5ee6ca8da2 Switch to offsetof() 2017-08-03 08:56:35 -04:00
Nick Mathewson
accb734c5f Turn base < 0 into a BUG() in our long-parse functions. 2017-07-28 10:26:06 -04:00
Nick Mathewson
602c52cad4 Coverity deadcode shenanigans on BUG() macro.
We don't actually want Coverity to complain when a BUG() check can
never fail, since such checks can prevent us from introducing bugs
later on.

Closes ticket 23054. Closes CID 1415720, 1415724.
2017-07-28 10:02:38 -04:00
Nick Mathewson
baf53300d7 Merge branch 'maint-0.3.1' 2017-07-27 20:33:01 -04:00
Nick Mathewson
af3079a492 Try to work around a compile warning in workqueue.c 2017-07-27 20:32:59 -04:00
Nick Mathewson
15ed1c0c83 Merge branch 'maint-0.3.1' 2017-07-27 16:30:52 -04:00
Nick Mathewson
ba334c00da Merge branch 'multi-priority_squashed' into maint-0.3.1 2017-07-27 16:29:34 -04:00
Nick Mathewson
f5a852de91 Note that threadpool_queue_work...() can't actually return NULL 2017-07-27 16:28:59 -04:00
Nick Mathewson
bddea78ded Fix a pair of stale comments in workqueue.c
These comments said that each thread had a separate queue, but we
haven't been using that design for some while.
2017-07-27 16:28:59 -04:00
Nick Mathewson
efadebf7c3 Make the chance for priority inversion thread-specific
Instead of choosing a lower-priority job with a 1/37 chance, have
the chance be 1/37 for half the threads, and 1/2147483647 for the
other half.  This way if there are very slow jobs of low priority,
they shouldn't be able to grab all the threads when there is better
work to do.
2017-07-27 16:28:59 -04:00
Nick Mathewson
10e0bff4ca Add support for multi-priority workqueues
Each piece of queued work now has an associated priority value; each
priority goes on a separate queue.

With probability (N-1)/N, the workers will take work from the highest
priority nonempty queue.  Otherwise, they'll look for work in a
queue of lower priority.  This behavior is meant to prevent
starvation for lower-priority tasks.
2017-07-27 16:28:05 -04:00
Nick Mathewson
ced2dd5f92 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-27 08:23:37 -04:00
Nick Mathewson
b387dd364f Merge branch 'maint-0.3.1' 2017-07-27 08:23:37 -04:00
Nick Mathewson
ad35e595e5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-27 08:23:36 -04:00
Nick Mathewson
24ddf5862e Merge remote-tracking branch 'public/bug20247_029' into maint-0.2.9 2017-07-27 08:23:34 -04:00
Nick Mathewson
8d3c3f039d Merge branch 'maint-0.3.1' 2017-07-26 12:58:22 -04:00
Nick Mathewson
431c8d09ee Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:58:22 -04:00
Nick Mathewson
18734d3b25 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:58:22 -04:00
Nick Mathewson
32b9edeb91 Fix build warnings from Coverity related to our BUG macro
In the Linux kernel, the BUG() macro causes an instant panic.  Our
BUG() macro is different, however: it generates a nonfatal assertion
failure, and is usable as an expression.

Additionally, this patch tells util_bug.h to make all assertion
failures into fatal conditions when we're building with a static
analysis tool, so that the analysis tool can look for instances
where they're reachable.

Fixes bug 23030.
2017-07-26 12:57:49 -04:00
Nick Mathewson
8b5b3b5fb4 Merge branch 'maint-0.3.1' 2017-07-26 12:54:41 -04:00
Nick Mathewson
30a98c765f Merge branch 'bug22927_031' into maint-0.3.1 2017-07-26 12:54:37 -04:00
Nick Mathewson
3c017e823b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:53:38 -04:00
Nick Mathewson
5141360099 Merge branch 'maint-0.3.1' 2017-07-26 12:53:38 -04:00
Nick Mathewson
d068f3359f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:53:38 -04:00
Nick Mathewson
fca1934c88 Suppress clang4-specific -Wdouble-promotion warnings
Wow, it sure seems like some compilers can't implement isnan() and
friends in a way that pleases themselves!

Fixes bug 22915. Bug trigged by 0.2.8.1-alpha and later; caused by
clang 4.
2017-07-26 12:53:00 -04:00
Nick Mathewson
6c8c973191 Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.
2017-07-24 14:34:53 -04:00
Nick Mathewson
db1664e593 Improve comment about why we disable TLS compression.
Closes bug 22964.  Based on Teor's replacement there, but tries
to put the comment in a more logical place, and explain why we're
actually disabling compression in the first place.
2017-07-24 14:17:16 -04:00
Roger Dingledine
ec5b30ca0b fix whitespace issue 2017-07-23 00:57:10 -04:00
Nick Mathewson
2ae51ed5e2 Fix zstd 1.3.0 trouble: Be more respectful of its state machine
In zstd 1.3.0, once you have called ZSTD_endStream and been told
that your putput buffer is full, it really doesn't want you to call
ZSTD_compressStream again.  ZSTD 1.2.0 didn't seem to mind about
this.

This patch fixes the issue by making sure never to call
ZSTD_endStream if there's any more data on the input buffer to
process, by flushing even when we're about to call "endStream", and
by never calling "compress" or "flush" after "endStream".
2017-07-14 16:31:29 -04:00
Nick Mathewson
ec29cae8d7 Merge branch 'maint-0.3.1' 2017-07-13 16:52:20 -04:00
Nick Mathewson
63ceadb485 Use LANG_ENGLISH in windows error messages
This change prevents us from generating corrupt messages when we
are confused about codepage settings, and makes Windows errors
consistent with the rest of our logs.

Fixes bug 22520; bugfix on 0.1.2.8-alpha.  Patch from "Vort".
2017-07-07 13:12:45 -04:00
Nick Mathewson
c387cc5022 Merge branch 'ticket21859_032_01_squashed' 2017-07-07 11:17:53 -04:00
George Kadianakis
f35f52e869 Hide crypto_digest_t again and use an accessor for tests. 2017-07-07 11:12:27 -04:00
George Kadianakis
43a73f6eb6 test: Crypto groundwork for e2e circuit unittests.
- Move some crypto structures so that they are visible by tests.

- Introduce a func to count number of hops in cpath which will be used
  by the tests.

- Mark a function as mockable.
2017-07-07 11:12:26 -04:00
Nick Mathewson
55777b3ff9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 16:11:48 -04:00
Nick Mathewson
0dc7d68bb5 Merge branch 'maint-0.3.1' 2017-07-05 16:11:48 -04:00
Nick Mathewson
15b13578e8 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 16:11:48 -04:00
Nick Mathewson
dfc0614840 Only disable -Wfloat-conversion on mingw when it exists.
The 22081 fix disabled -Wfloat-conversion, but -Wfloat-conversion
didn't exist in every relevant mingw; it was added in GCC 4.9.x some
time, if the documentation can be trusted.

Bug not in any released version of tor.
2017-07-05 16:10:45 -04:00
Nick Mathewson
13024c7932 Merge branch 'maint-0.3.1' 2017-07-05 15:57:09 -04:00
Nick Mathewson
9383fa3851 Fix mixed-sign comparison warning in fix for 22797. 2017-07-05 15:56:57 -04:00
Nick Mathewson
546f5b364b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 13:43:31 -04:00
Nick Mathewson
15fddaffd5 Merge branch 'maint-0.3.1' 2017-07-05 13:43:31 -04:00
Nick Mathewson
5434b2451e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 13:43:31 -04:00
Nick Mathewson
32c0066e4b Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-05 13:43:21 -04:00
Nick Mathewson
5ff0f1ab9e Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-05 13:42:47 -04:00
Nick Mathewson
6cd6d488dc Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-05 13:42:37 -04:00
Nick Mathewson
f6420bceec Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-05 13:42:32 -04:00
Nick Mathewson
ff8c230d7c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-05 13:42:26 -04:00
Nick Mathewson
16d2bce893 Allow setsockopt(IPV6_V6ONLY) in sandbox.
Fixes bug 20247.  We started setting V6ONLY in 0.2.3.13-alpha and
added the sandbox on 0.2.5.1-alpha.
2017-07-05 13:09:21 -04:00
Nick Mathewson
8bc70a2ad2 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 11:19:03 -04:00
Nick Mathewson
d4f08c74fe Merge branch 'maint-0.3.1' 2017-07-05 11:19:03 -04:00
Nick Mathewson
0f97f963e3 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 11:19:03 -04:00
Nick Mathewson
bb97f680e7 Merge branch 'bug22801_028' into maint-0.2.9 2017-07-05 11:18:59 -04:00
Nick Mathewson
e04cc7e27f Merge branch 'maint-0.3.1' 2017-07-05 11:16:51 -04:00
Nick Mathewson
e88aa98451 Merge branch 'teor-bug22797-025' into maint-0.3.1 2017-07-05 11:16:30 -04:00
teor
878e0d45a5 Always allow extra file descriptors when setting the connection maximum
When setting the maximum number of connections allowed by the OS,
always allow some extra file descriptors for other files.

Fixes bug 22797; bugfix on 0.2.0.10-alpha.
2017-07-05 11:15:10 -04:00
cypherpunks
c79e286386 Use the proper syscall in sandbox error messages
Fixes #22750.
2017-07-05 09:56:28 -04:00
Nick Mathewson
bb3f74e66b Fix assertion failure related to openbsd strtol().
Fixes bug 22789; bugfix on 0.2.3.8-alpha.
2017-07-03 11:22:27 -04:00
Nick Mathewson
5361032219 Fix -Wfloat-conversion C warnings on mingw in clamp_double_to_int64.
We just have to suppress these warnings: Mingw's math.h uses gcc's
__builtin_choose_expr() facility to declare isnan, isfinite, and
signbit.  But as implemented in at least some versions of gcc,
__builtin_choose_expr() can generate type warnings even from
branches that are not taken.

Fixes bug 22801; bugfix on 0.2.8.1-alpha.
2017-07-03 10:59:31 -04:00
Nick Mathewson
2c718c1a12 Merge branch 'maint-0.3.1' 2017-06-29 10:43:50 -04:00
Nick Mathewson
a088a08eeb Log real error message when unable to remove a storagedir file
Attempts to help diagnose 22752.
2017-06-28 14:24:27 -04:00
Nick Mathewson
01404d7c52 Merge branch 'maint-0.3.1' 2017-06-28 12:25:09 -04:00
Alexander Færøy
c239b2fc9c Fix crash in LZMA module when the Sandbox is enabled.
This patch fixes a crash in our LZMA module where liblzma will allocate
slightly more data than it is allowed to by its limit, which leads to a
crash.

See: https://bugs.torproject.org/22751
2017-06-28 10:00:24 -04:00
George Kadianakis
0d9873ac0d ed25519: Check retval of unpack_negative_vartime in donna. 2017-06-28 14:58:22 +03:00
Nick Mathewson
733ce556ad Merge branch 'asn_bug22006_final_squashed' 2017-06-27 18:21:46 -04:00
Nick Mathewson
3f94041589 no newlines in log messages. 2017-06-27 18:21:35 -04:00
Nick Mathewson
7fff6cfead Merge branch 'asn_bug22006_final_squashed' 2017-06-27 17:19:08 -04:00
George Kadianakis
559658ff1c ed25519: Add func that checks for torsion component in pubkeys.
See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
2017-06-27 17:17:58 -04:00
Nick Mathewson
82a68be69a Merge branch 'maint-0.3.1' 2017-06-26 10:32:57 -04:00
Nick Mathewson
0c7c49483f Fix a coverity warning about a no-op assert with-64 bit size_t
This is CID 1403400
2017-06-26 10:31:13 -04:00
Nick Mathewson
acbe16a9a2 Log even more to try to debug 22719 2017-06-24 13:40:02 -04:00
Nick Mathewson
6caf924605 Add an additional log message to try to diagnose #22719 2017-06-24 11:27:46 -04:00
Nick Mathewson
e51e7bd38b Merge branch 'bug22502_redux_031' into maint-0.3.1 2017-06-20 20:27:48 -04:00
Nick Mathewson
c999e84436 Merge branch 'bug22672_031' into maint-0.3.1 2017-06-20 20:26:45 -04:00
Nick Mathewson
392e5457b8 Merge remote-tracking branch 'argonblue/bug22638' into maint-0.3.1 2017-06-20 13:35:38 -04:00
Nick Mathewson
9328bd524e Enforce the rule that COMPRESS_OK means progress was made.
If COMPRESS_OK occurs but data is neither consumed nor generated,
treat it as a BUG and a COMPRESS_ERROR.

This change is meant to prevent infinite loops in the case where
we've made a mistake in one of our compression backends.

Closes ticket 22672.
2017-06-20 12:26:57 -04:00
Nick Mathewson
945256188a mingw/windows printf lacks %zd ; use %lu and casts instead
(This approach can lose accuracy, but it's only in debug-level messages.)

Fixes windows compilation. Bugfix on recent compress.c changes; bug
not in any released Tor.
2017-06-20 12:12:55 -04:00
Taylor Yu
25edb41e6f Fix compress_none.c header comment
The Doxygen \file markup for compress_none.c had the wrong filename.
Fixes #22638.
2017-06-20 11:27:17 -04:00
Nick Mathewson
eb632afb17 Correct the fix to bug 22629 to permit trailing non-garbage
This change makes it so that we can decompress concatenated zstd
outputs.
2017-06-20 10:24:22 -04:00
Nick Mathewson
1c0459f19a Merge remote-tracking branch 'teor/bug22502' into maint-0.3.1 2017-06-20 10:04:16 -04:00
Nick Mathewson
eff5e29404 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-19 13:52:19 -04:00
Nick Mathewson
71c701927a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-19 13:52:19 -04:00
Nick Mathewson
59f29970fa Permit the fchmod system call.
Fixes bug 22516; bugfix on 0.2.5.4-alpha.
2017-06-16 14:03:02 -04:00
teor
7d535ea9d3
Add extra logging during compression and decompression
This helps diagnose failures.

Part of #22502.
2017-06-16 09:48:18 +10:00
teor
cbaf0c049c
Return TOR_COMPRESS_BUFFER_FULL when zstd has additional input
Fixes #22628.
2017-06-16 09:47:32 +10:00
teor
617e1da636
Remove a redundant conditional in tor_zstd_compress_process
Part of #22502
2017-06-16 09:46:46 +10:00
teor
7605bd528e
Move a comment to the right place in tor_zstd_compress_process
Part of #22502
2017-06-16 09:45:58 +10:00
teor
952c9073ad
Check for trailing input garbage in tor_compress_impl() when decompressing
Fixes #22629.
2017-06-16 09:41:29 +10:00
teor
8e1b37a4aa
Check if tor_compress_new() returns NULL in tor_compress_impl()
Partial fix to 22626.
2017-06-16 09:38:18 +10:00
Nick Mathewson
e3b1573be6 Merge branch 'maint-0.3.0' 2017-06-05 15:52:06 -04:00
Nick Mathewson
d1c1dc229e Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 15:44:12 -04:00
Nick Mathewson
ec84fc1d8e Improve documentation on get_{peer,own}_certificate()
Make it clear that we're returning a newly allocated copy.
2017-06-05 15:27:33 -04:00
Nick Mathewson
39b7e89c28 Test prerequisites: function to dup a cert, make get_own_cert mockable. 2017-06-05 15:27:33 -04:00
Nick Mathewson
50facb40bb On v3 link handshake, send the correct link certificate
Previously we'd send the _current_ link certificate, which would
cause a handshaking failure when the TLS context rotated.
2017-06-05 15:27:33 -04:00
Nick Mathewson
0fbe1a2c6f Merge remote-tracking branch 'teor/bug22424' 2017-05-30 08:50:45 -04:00
Daniel Pinto
94d321120e Replace 3-star pointer with 2-star pointer 2017-05-28 20:24:48 +01:00
teor
79725289e1
If we do underflow the know usage of a storage, recalculate it
Fixes bug #22424 on 0.3.1.1-alpha.
2017-05-28 22:34:43 +10:00
teor
69b234a0a8
Refactor storage usage reductions into a static function
No behaviour change.

Part of #22424.
2017-05-28 22:28:43 +10:00
teor
334fe6bb6b
Don't underflow usage when it is unknown and a file is removed
Part of #22424.
2017-05-28 22:16:00 +10:00
teor
9e36b0beb9
Always check for usage underflow when removing a file in storage.c
Part of #22424.
2017-05-28 22:12:09 +10:00
teor
f6841ae263
Fix comment typos in storage.c 2017-05-28 22:11:22 +10:00
Daniel Pinto
f8ccf8d9a9 Fix crash with %include
Fixes crash when including a folder that contains a non-empty file
without any values followed by any other non-empty file.
2017-05-28 09:53:14 +01:00
Nick Mathewson
6fcaf83c98 Cleanup MOCK_IMPL (etc) to be findable with etags
A fair number of our mock_impl declarations were messed up so that
even our special AM_ETAGSFLAGS couldn't find them.

This should be a whitespace-only patch.
2017-05-26 14:07:06 -04:00
teor
af98b862a5
Fix comments of functions that return tor_snprintf
No code changes needed: in the places where we actually check the
return value of these functions, we handle it correctly.
2017-05-23 18:44:45 +10:00
Roger Dingledine
0698a0beca fix two typos in comments
closes ticket 22322
2017-05-22 01:43:52 -04:00
Nick Mathewson
d950ad0dfd Remove call to get_unquoted_path in config_process_include()
parse_config_line_from_str_verbose() already looks for strings
that are surrounded by quotes, and processes them with
unescape_string().  So things were getting decoded twice, which was
(in turn) playing havoc with backslashes on Windows.
2017-05-19 14:09:51 -04:00
Nick Mathewson
ff1af5550a strlen() returns size_t 2017-05-19 08:54:56 -04:00
Nick Mathewson
69ef94820b Merge branch 'add_rust_squashed' 2017-05-19 08:47:18 -04:00
Sebastian Hahn
f8ef7c65d1 Add some Rust utility functions and print support
This gives an indication in the log that Tor was built with Rust
support, as well as laying some groundwork for further string-returning
APIs to be converted to Rust
2017-05-19 08:47:10 -04:00
Nick Mathewson
92d335b3dc Merge remote-tracking branch 'jigsaw/torrc-dir-fix-1922_squashed2' 2017-05-19 08:46:13 -04:00
Daniel Pinto
ba3a5f82f1 Add support for %include funcionality on torrc #1922
config_get_lines is now split into two functions:
 - config_get_lines which is the same as before we had %include
 - config_get_lines_include which actually processes %include
2017-05-18 23:44:16 +01:00
Alexander Færøy
fcf836d239 Add coverage markers in Zstd + LZMA compression backends.
See: https://bugs.torproject.org/22286
2017-05-17 13:23:54 +00:00
Alexander Færøy
77511aed6c Fix whitespace issue.
See: https://bugs.torproject.org/22286
2017-05-17 13:23:46 +00:00
Daniel Pinto
e04da2828d Fixed error on BASEXX_NOPAD LEN and BUFSIZE macros #21872 2017-05-17 00:22:11 +01:00
Alexander Færøy
3a05687c6d
Add API for getting human readable descriptions of a compress_method_t
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Nick Mathewson
95fa7d1cf8 In channelpadding tests that touch libevent, call event_reinit().
This is necessary to avoid crashes and test failures on kevent-based
systems.

Fixes bug 22209; bug not in any released Tor.
2017-05-10 11:01:13 -04:00
Nick Mathewson
35025ee51f Merge branch 'maint-0.3.0' 2017-05-08 13:40:41 -04:00
Nick Mathewson
d792d2a14d Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-08 13:40:26 -04:00
Nick Mathewson
584ab1f29b Merge branch 'compress_none_v2_squashed' 2017-05-02 08:33:35 -04:00
Nick Mathewson
1bc21111d8 Treat the identity transformation as another kind of compression.
This will allow us to treat NO_METHOD as a real compression method,
and to simplify code that currently does

   if (compressing) {
      compress
   } else {
      copy
   }
2017-05-02 08:31:32 -04:00
Nick Mathewson
c486ef57a3 Rename x-lzma to x-tor-lzma
We shouldn't call it lzma, because we are imposing a limit on the
memory needed for decoding.
2017-05-01 15:31:28 -04:00
Nick Mathewson
4837421d7c Merge remote-tracking branch 'ahf/bugs/21665' 2017-05-01 14:22:49 -04:00
Nick Mathewson
531835f561 Increase MALLOC_MP_LIM to 16MB
Increase the maximum allowed size passed to mprotect(PROT_WRITE)
from 1MB to 16MB. This was necessary with the glibc allocator
in order to allow worker threads to allocate more memory --
which in turn is necessary because of our new use of worker
threads for compression.

Closes ticket #22096. Found while working on #21648.
2017-04-28 10:55:10 -04:00
Nick Mathewson
00a12337ff Merge branches 'consdiffmgr_orig_squashed' and 'actually_compute_diffs_squashed' 2017-04-27 21:43:06 -04:00
Nick Mathewson
7a0964279f Functionality to ensure there is space to add files to cache. 2017-04-27 21:40:13 -04:00
Nick Mathewson
16d6ab6640 Fix use-after-free bug in storage_dir sandbox code. 2017-04-27 21:40:12 -04:00
Alexander Færøy
0672b33f1e
Enforce 16 MB upper bound of memory usage in LZMA decoder.
This patch changes two things in our LZMA compression backend:

- We lower the preset values for all `compression_level_t` values to
  ensure that we can run the LZMA decoder with less than 65 MB of memory
  available. This seems to have a small impact on the real world usage
  and fits well with our needs.

- We set the upper bound of memory usage for the LZMA decoder to 16 MB.

See: https://bugs.torproject.org/21665
2017-04-27 20:09:20 +02:00
Alexander Færøy
e5122b91a9
Only compare the first 3 bytes when trying to detect LZMA compression.
This patch changes the logic in `detect_compression_method()` to only
use the 3 first bytes when checking if a given input is LZMA encoded.
2017-04-27 20:07:08 +02:00
Nick Mathewson
10a4f9cd07 Merge branch 'parse_accept_encoding' 2017-04-27 11:31:31 -04:00
Nick Mathewson
2903c329aa Move the "supported compression bitmask" into compress.[ch] 2017-04-27 11:30:51 -04:00
Nick Mathewson
49deb1e1b8 Document and test nul-terminating behavior of tor_uncompress()
We added this as a safety feature, but there are a few places in the
code that actually depend on it.
2017-04-27 10:59:48 -04:00
Nick Mathewson
39cfaba9e2 Fix handling of "final" flag in zstd decompression
We were returning "DONE" on truncated input streams, which was not
what we wanted.
2017-04-27 10:42:05 -04:00
Nick Mathewson
7fb9586953 Fix compilation when lzma or zstd is absent 2017-04-26 15:00:40 -04:00
Nick Mathewson
4038202f89 Avoid a warning from the use of floating-point in zstd
Replace "(preset - 0.5) * 1mb" with "preset * 1mb - 0.5 mb", to
avoid warning about converting double to size_t.
2017-04-26 14:21:45 -04:00
Nick Mathewson
be0557f759 Merge remote-tracking branch 'ahf/bugs/22066' 2017-04-26 14:20:01 -04:00
Alexander Færøy
e42c204f67
Approximate memory usage needed for the Zstandard backend.
This patch adds support for measuring the approximated memory usage by
the individual `tor_zstd_compress_state_t` object instances.

See: https://bugs.torproject.org/22066
2017-04-26 19:54:18 +02:00
Alexander Færøy
2aa28e7cb7
Better documentation for tor_uncompress().
This patch fixes the documentation string for `tor_uncompress()` to
ensure that it does not explicitly mention zlib or gzip since we now
support multiple compression backends.
2017-04-26 19:54:18 +02:00
Alexander Færøy
341824687a
Approximate memory usage needed for the LZMA backend.
This patch adds support for measuring the approximated memory usage by
the individual `tor_lzma_compress_state_t` object instances.

The LZMA library provides the functions `lzma_easy_encoder_memusage()`
and `lzma_easy_decoder_memusage()` which is used to find the estimated
usage in bytes.

See: https://bugs.torproject.org/22066
2017-04-26 19:54:18 +02:00
Nick Mathewson
99e943998d Add getpid() to the seccomp2 sandbox.
We hadn't needed this before, because most getpid() callers on Linux
were looking at the vDSO version of getpid().  I don't know why at
least one version of OpenSSL seems to be ignoring the vDSO, but this
change should fix it.

Fixes bug 21943; bugfix on 0.2.5.1-alpha when the sandbox was
introduced.
2017-04-26 12:56:06 -04:00
Sebastian Hahn
71c8974af0 Fix coverity cid 1405509
Locking in the init function is not necessary, but coverity gets
confused about it. So let's trick it.
2017-04-26 08:48:24 +02:00
Alexander Færøy
08d86e8408
Store compression overhead from tor_compress_state_t.
The `tor_compress_state_t` data-type is used as a wrapper around the
more specialized state-types used by the various compression backends.
This patch ensures that the overhead of this "thin" wrapper type is
included in the value returned by `tor_compress_get_total_allocation()`.

See: https://bugs.torproject.org/22066
2017-04-26 02:56:21 +02:00
Alexander Færøy
fac8ac0e4a
Remove unused header from the Zstandard compression backend.
Since we stopped looking at Zstandard error codes there is no need to
include the zstd_errors.h header file anymore.
2017-04-26 02:54:34 +02:00
Nick Mathewson
2655a72d89 Use x-lzma, not x-lzma2, as the identifier 2017-04-25 19:00:52 -04:00
Nick Mathewson
0274ea749a Function to convert compression methods to/from strings. 2017-04-25 16:47:46 -04:00
Nick Mathewson
43db91bd87 Teach cov-exclude to detect runaway LCOV_EXCL_START lines
Also, fix two instances of runaway LCOV_EXCL_START lines.
2017-04-25 10:59:19 -04:00