nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 13:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,252 Commits 53 Branches 630 Tags 125 MiB
f68c042637
Commit Graph

512 Commits

Author SHA1 Message Date
Nick Mathewson
f68c042637 Resolve all currently pending DOCDOC items in master 2012-06-04 19:05:51 -04:00
Nick Mathewson
41e8bee188 Merge origin/maint-0.2.2 for 6007_strict 
This code shouldn't have any effect in 0.2.3, since we already accept
(and handle) data received while we are expecting a renegotiation.
(That's because the 0.2.3.x handshake _does_ have data there instead of
the renegotiation.)

I'm leaving it in anyway, since if it breaks anything, we'll want it
broken in master too so we can find out about it.  I added an XXX023
comment so that we can come back later and fix that.
 2012-06-04 11:47:36 -04:00
Nick Mathewson
af54a01828 Kill non-open OR connections with any data on their inbufs. 
This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM.  Fix for bug 5934 and
6007.  Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
 2012-06-04 11:29:18 -04:00
Linus Nordberg
0ed963e72a Remove unexpected "unexpectedly". 2012-05-31 13:08:57 +02:00
Linus Nordberg
c074562a17 Remove spurioius return in one out of four if-else clauses. 
We do return right after the if-else.  This return (with its confusing
comments) comes from before 6b7c3b42 but doesn't make sense now.
 2012-05-31 13:05:24 +02:00
Nick Mathewson
6b7c3b42ee Change an assertion into a warning in connection_or_handle_event_cb() 
Possibly addresses bug 4873, though IMO that's likely not a real
bug: it seems likely to have been an ssl version mismatch.
 2012-05-24 11:14:28 -04:00
George Kadianakis
5dc9acb5e5 Use a more helpful log message when we can't find a proxy. 2012-05-18 03:07:46 +03:00
Roger Dingledine
5cb82e44d1 simplify further 2012-03-29 16:37:50 -04:00
Karsten Loesing
4aca55efd2 Count IPv6 connections in bridge and entry stats. 2012-02-09 11:12:30 +01:00
Nick Mathewson
26e789fbfd Rename nonconformant identifiers. 
Fixes bug 4893.

These changes are pure mechanical, and were generated with this
perl script:

  /usr/bin/perl -w -i.bak -p

  s/crypto_pk_env_t/crypto_pk_t/g;
  s/crypto_dh_env_t/crypto_dh_t/g;
  s/crypto_cipher_env_t/crypto_cipher_t/g;
  s/crypto_digest_env_t/crypto_digest_t/g;

  s/aes_free_cipher/aes_cipher_free/g;
  s/crypto_free_cipher_env/crypto_cipher_free/g;
  s/crypto_free_digest_env/crypto_digest_free/g;
  s/crypto_free_pk_env/crypto_pk_free/g;

  s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
  s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
  s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
  s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;

  s/crypto_new_cipher_env/crypto_cipher_new/g;
  s/crypto_new_digest_env/crypto_digest_new/g;
  s/crypto_new_digest256_env/crypto_digest256_new/g;
  s/crypto_new_pk_env/crypto_pk_new/g;

  s/crypto_create_crypto_env/crypto_cipher_new/g;

  s/connection_create_listener/connection_listener_new/g;
  s/smartlist_create/smartlist_new/g;
  s/transport_create/transport_new/g;
 2012-01-18 15:53:30 -05:00
Nick Mathewson
ce703bd53e defensive programming to catch duplicate calls to connection_init_or_handshake_state 2012-01-11 11:10:17 -05:00
George Kadianakis
0cfdd88adb Don't call tor_tls_set_logged_address till after checking conn->tls. 
Fixes bug 4531.
 2011-12-20 19:21:15 +01:00
Nick Mathewson
021ff31ba6 Revert "Get rid of tor_tls_block_renegotiation()." 
This reverts commit 340809dd22.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
616b60cef3 Revert "Use callback-driven approach to block renegotiations." 
This reverts commit 406ae1ba5a.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a Revert "Refactor tor_event_base_once to do what we actually want" 
This reverts commit 7920ea55b8.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
3a17a1a62f Revert "Avoid a double-mark in connection_or_close_connection_cb" 
This reverts commit 633071eb3b.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3 Revert "Make pending libevent actions cancelable" 
This reverts commit aba25a6939.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef Revert "Set renegotiation callbacks immediately on tls inititation" 
This reverts commit e27a26d568.
 2011-12-06 19:49:19 -05:00
Nick Mathewson
682a85ff7c Don't just tell the controller "foo" on id mismatch 
Fixes bug 4169; bugfix on 0.2.1.1-alpha.
 2011-12-02 16:27:33 -05:00
Nick Mathewson
6171bdd105 Don't call tor_tls_set_logged_address till after checking conn->tls 
Fixes bug 4531; partial backport of e27a26d5.
 2011-12-02 16:15:52 -05:00
Linus Nordberg
2376a6ade4 Merge node_get_{prim,pref,pref_ipv6}_addr with their _orport counterparts. 
This keeps the IP address and TCP for a given OR port together,
reducing the risk of using an address for one address family with a
port of another.

Make node_get_addr() a wrapper function for compatibility.
 2011-11-30 11:55:46 -05:00
Linus Nordberg
529820f8ba Use correct address family where necessary for bridges on IPv6. 2011-11-30 11:55:46 -05:00
Linus Nordberg
f89c619679 Use the preferred address and port when initiating a connection. 
This is not as conservative as we could do it, f.ex. by looking at the
connection and only do this for connections to bridges.  A non-bridge
should never have anything else than its primary IPv4 address set
though, so I think this is safe.
 2011-11-30 11:55:46 -05:00
Linus Nordberg
7b02d1a73e Clarify function documentation. 2011-11-30 11:55:45 -05:00
Nick Mathewson
8bb23c7def Merge branch 'bug4587_v2' 2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568 Set renegotiation callbacks immediately on tls inititation 
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts.  Partial fix for bug 4587.
 2011-11-29 19:10:19 -05:00
Nick Mathewson
aba25a6939 Make pending libevent actions cancelable 
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
 2011-11-29 17:08:29 -05:00
Nick Mathewson
633071eb3b Avoid a double-mark in connection_or_close_connection_cb 2011-11-25 17:21:11 -05:00
Nick Mathewson
7920ea55b8 Refactor tor_event_base_once to do what we actually want 
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
 2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844 Merge remote-tracking branch 'asn/bug4312' 2011-11-25 17:00:47 -05:00
Nick Mathewson
0539c34c35 Merge branch 'bug4360' 2011-11-21 10:48:02 -05:00
Sebastian Hahn
688b53059e Don't fail to send netinfo if real_addr is unset 
If we haven't set real_addr on a connection, we also now that _base.addr
hasn't been tampered with. So we can use that.
 2011-11-16 16:05:46 +01:00
Nick Mathewson
3ef40f6993 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-15 11:42:38 -05:00
Nick Mathewson
5bea660f8e Use real_addr in send_netinfo 
Reported by "troll_un"; bugfix on 0.2.0.10-alpha; fixes bug 4349.
 2011-11-14 22:43:40 -05:00
George Kadianakis
406ae1ba5a Use callback-driven approach to block renegotiations. 
Also use this new approach in the bufferevents-enabled case.
 2011-11-13 14:47:11 +01:00
Roger Dingledine
be1f3a5eb5 normalize the name of the CERTS cell 2011-10-31 04:33:38 -04:00
Roger Dingledine
eeb6588389 bridges send netinfo cells like clients on outgoing conns 
fixes bug 4348
 2011-10-29 21:43:23 -04:00
Sebastian Hahn
2dec6597af Merge branch 'maint-0.2.2_secfix' into master_secfix 
Conflicts:
	src/common/tortls.c
	src/or/connection_or.c
	src/or/dirserv.c
	src/or/or.h
 2011-10-27 00:38:45 +02:00
Sebastian Hahn
df05e5ef4d Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix 
Conflicts:
	src/or/connection_or.c
 2011-10-26 23:30:27 +02:00
Robert Ransom
c05bb53508 Mark which OR connections are outgoing 2011-10-26 23:21:11 +02:00
Robert Ransom
af12c39d6d Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND 
Fix suggested by Nick Mathewson.
 2011-10-26 23:20:56 +02:00
Nick Mathewson
2a2301e411 Rename get_client_identity_key to get_tlsclient_identity_key 2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2 Maintain separate server and client identity keys when appropriate. 
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
 2011-10-26 14:16:20 +02:00
George Kadianakis
340809dd22 Get rid of tor_tls_block_renegotiation(). 
Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
 2011-10-26 13:16:14 +02:00
Nick Mathewson
69921837a7 Fix a bunch of whitespace errors 2011-10-11 11:30:01 -04:00
Sebastian Hahn
35fe4825fc Quiet two notices, and spelling mistake cleanup 2011-10-10 23:14:31 -04:00
Sebastian Hahn
66200320ff Fix a few 64bit compiler warnings 2011-10-10 23:14:31 -04:00
Nick Mathewson
1bd65680bd Add more log statements for protocol/internal failures 2011-10-10 23:14:31 -04:00
Nick Mathewson
e56d7a3809 Give tor_cert_get_id_digests() fail-fast behavior 
Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key.  The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key.  This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".

Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
 2011-10-10 23:14:31 -04:00
Nick Mathewson
7aadae606b Make sure we stop putting cells into our hash at the right time. 2011-10-10 23:14:30 -04:00