Commit Graph

31236 Commits

Author SHA1 Message Date
David Goulet
faf89ec6c2 srv: Remove spammy debug log
Fixes #40135

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-09-22 11:06:34 -04:00
Nick Mathewson
8458c8211e gitlab-ci: Use test-network-all for debian-integration 2020-09-21 12:58:49 -04:00
Nick Mathewson
7280bb50b2 gitlab-ci: add an NSS check. 2020-09-21 12:58:49 -04:00
Nick Mathewson
3ee0f6371d gitlab-ci: Add all-bugs-are-fatal on hardened and integration builds. 2020-09-21 12:58:49 -04:00
Nick Mathewson
ab03ca9c75 gitlab-ci: Add disable-module builds. 2020-09-21 12:58:49 -04:00
Nick Mathewson
1bbeddf99e Add a few more options for the CI script.
These are:
  --disable-module-relay
  --disable-module-dirauth
  --enable-all-bugs-are-fatal
  --enable-nss
2020-09-21 12:58:49 -04:00
Nick Mathewson
0b77c706a1 Make debian-trace job conditional on src/lib/trace/trace_sys.c 2020-09-18 19:05:51 -04:00
Nick Mathewson
f8f3e57016 .gitlab.yml: missing comments 2020-09-18 15:55:06 -04:00
Nick Mathewson
122b297a20 Copy tracing things back to maint-0.3.5, for consistency. 2020-09-18 15:53:06 -04:00
Nick Mathewson
7945e075a4 Fix underflow in rend_cache/free_all test.
We already fixed these in #40099 and #40125.

This patch fixes #40126.  Bugfix on 0.2.8.1-alpha.
2020-09-17 14:04:54 -04:00
David Goulet
47f1d19f8e test: Increment rend cache allocation before freeing
The rend_cache/entry_free was missing the rend cache allocation increment
before freeing the object.

Without it, it had an underflow bug:

  Sep 17 08:40:13.845 [warn] rend_cache_decrement_allocation(): Bug: Underflow
  in rend_cache_decrement_allocation (on Tor 0.4.5.0-alpha-dev
  7eef9ced61)

Fixes #40125

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-09-17 13:00:23 -04:00
Nick Mathewson
72484a4953 Merge remote-tracking branch 'tor-gitlab/mr/125' into maint-0.3.5 2020-08-13 14:20:27 -04:00
Nick Mathewson
aeafb7f44f Improve comments in .gitlab-ci.yml 2020-08-12 20:20:58 -04:00
Nick Mathewson
41a7ab96e5 CI: Turn on stem with 044 and later. 2020-08-12 20:13:18 -04:00
Nick Mathewson
f9bb49d870 Fix allocation counting in clean_v2_descs_as_dir test.
Without this fix, running this test on its own would fail.

Fixes bug 40099. Bugfix on ade5005853 in 0.2.8.1-alpha.
2020-08-12 14:25:46 -04:00
Nick Mathewson
f5b9471547 CI: improve output when skipping doxygen 2020-08-12 12:28:44 -04:00
Nick Mathewson
50b7bd243f Try disabling "make all" when checking docs. 2020-08-12 12:28:44 -04:00
Nick Mathewson
fe0e62ddc4 CI: Try to enable integration tests, hardening, and clang. 2020-08-12 11:29:46 -04:00
George Kadianakis
8182f1351a CI: Remove VS2015 AppVeyor build. 2020-08-12 14:05:21 +03:00
Nick Mathewson
adb7268236 CI: label our python versions. 2020-08-11 12:24:03 -04:00
Nick Mathewson
9eb316de42 CI: Only run doxygen on 0.4.3 and later. 2020-08-11 12:22:35 -04:00
Nick Mathewson
6a91a50d32 CI: enable documentation testing 2020-08-11 11:06:49 -04:00
Nick Mathewson
aa2c93b90b Fix a pair of typos in ci-driver.sh. 2020-08-11 11:03:11 -04:00
Nick Mathewson
8a0f530adf Add a pair of warnings about only editing CI in 035 2020-08-11 10:44:32 -04:00
Nick Mathewson
e873c7e893 small code tweaks to try to work around debian stable complaints 2020-08-10 19:20:05 -04:00
Nick Mathewson
057f40f3d8 Try to set up a minimal gitlab CI script
This is based on @eighthave's templates, and the work we've been
doing to present a uniform testing environment.
2020-08-10 19:20:05 -04:00
Nick Mathewson
cb027b392f Add a shareable continuous-integration script.
Eventually this should be used by every one of our CI scripts.
2020-08-10 19:01:05 -04:00
Nick Mathewson
bac8967e24 Copy from master gitlab-ci.yml from master back to maint-0.3.5 2020-08-06 12:42:14 -04:00
Nick Mathewson
c4742b89b2 Fix a bug in buf_move_all() when the input buffer is empty.
We found this in #40076, after we started using buf_move_all() in
more places.  Fixes bug #40076; bugfix on 0.3.3.1-alpha.  As far as
I know, the crash only affects master, but I think this warrants a
backport, "just in case".
2020-07-30 14:24:25 -04:00
Nick Mathewson
0a588821cb Add unit test for buf_move_all(), including a failing case
The failing case is #if'd out for now, but will be fixed in the next
commit.

Testing for a fix for #40076.
2020-07-30 14:19:32 -04:00
Nick Mathewson
dcc60294ad Use _lseeki64() on windows.
Fixes bug 31036; bugfix on 0.2.1.8-alpha when we moved the logging
system to use posix fds.
2020-07-28 11:30:47 -04:00
David Goulet
564a9a54a1 fallbackdir: Remove all three Digitalcourage3 relays
They are about to be shutdown in September.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-24 14:56:07 -04:00
Nick Mathewson
f916ddd312 More info in the fallbackdir changes file 2020-07-23 10:08:42 -04:00
David Goulet
6f19e67c98 fallbackdir: Update list for 2020
Closes #40061

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-23 10:05:11 -04:00
Nick Mathewson
c9751e2611 Bump to 0.3.5.11-dev 2020-07-09 13:12:45 -04:00
Nick Mathewson
0bb227d170 bump to 0.3.5.11 2020-07-09 10:28:21 -04:00
Nick Mathewson
7142f3e435 Merge branch 'trove_2020_001_035' into maint-0.3.5 2020-07-09 09:28:36 -04:00
Nick Mathewson
3e08dd9df1 Resolve a compiler warning from a 32-bit signed/unsigned comparison
This warning only affects platforms (like win32) with 32-bit time_t.

Fixes bug 40028; bugfix on 0.3.2.8-rc.
2020-07-07 15:05:38 -04:00
David Goulet
d9cc2b2928 CI: Fix Appveyor printf format error
For some reasons, Appveyor started to use the stdio printf format for 64 bit
values (PRIu64, ...). Mingw doesn't like that so force it to use the Windows
specific macros by setting D__USE_MINGW_ANSI_STDIO=0.

Fixes #40026
2020-07-07 09:53:54 -04:00
Alexander Færøy
7b2d10700f Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes.
This patch changes our bits-to-bytes conversion logic in the NSS
implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
bits that is not a multiple of 8.

Additionally, we add a comment on why we cannot use the
`DER_ConvertBitString()` macro from NSS, as we would potentially apply
the bits-to-bytes conversion logic twice, which would lead to an
insignificant amount of bytes being compared in
`SECITEM_ItemsAreEqual()` and thus turn the logic into being a
prefix match instead of a full match.

The `DER_ConvertBitString()` macro is defined in NSS as:

    /*
    ** Macro to convert der decoded bit string into a decoded octet
    ** string. All it needs to do is fiddle with the length code.
    */
    #define DER_ConvertBitString(item)            \
        {                                         \
            (item)->len = ((item)->len + 7) >> 3; \
        }

Thanks to Taylor Yu for spotting this problem.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
06f1e959c2 Add constness to length variables in tor_tls_cert_matches_key.
We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
b46984e97e Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS.
This patch fixes an out-of-bound memory read in
`tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
instead of OpenSSL.

The NSS library stores some length fields in bits instead of bytes, but
the comparison function found in `SECITEM_ItemsAreEqual()` needs the
length to be encoded in bytes. This means that for a 140-byte,
DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
bytes instead of 140 (140bytes * 8bits = 1120bits).

This patch fixes the issue by converting from bits to bytes before
calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
bits before we leave the function.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
33e1c2e6fd Run tor_tls_cert_matches_key() Test Suite with both OpenSSL and NSS.
This patch lifts the `tor_tls_cert_matches_key()` tests out of the
OpenSSL specific TLS test suite and moves it into the generic TLS test
suite that is executed for both OpenSSL and NSS.

This patch is largely a code movement, but we had to rewrite parts of
the test to avoid using OpenSSL specific data-types (such as `X509 *`)
and replace it with the generic Tor abstraction type
(`tor_x509_cert_impl_t *`).

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Nick Mathewson
39830b6408 Downgrade "Bug: No entry found in extrainfo map" message.
This is not actually a bug!  It can happen for a bunch of reasons,
which all boil down to "trying to add an extrainfo for which we no
longer have the corresponding routerinfo".

Fixes #16016; bugfix on 0.2.6.3-alpha.
2020-06-30 11:54:13 -04:00
Alexander Færøy
8697205be4 Merge branch 'tor-github/pr/1909' into maint-0.3.5 2020-06-30 14:23:17 +00:00
Alexander Færøy
8444fbe904 Merge branch 'tor-github/pr/1793' into maint-0.3.5 2020-06-30 13:55:39 +00:00
Alexander Færøy
c3ad2a1d23 Merge branch 'tor-github/pr/1785' into maint-0.3.5 2020-06-30 13:47:55 +00:00
Alexander Færøy
bebdd2888f Merge remote-tracking branch 'nickm-github/bug32884_035' into maint-0.3.5 2020-06-30 13:35:13 +00:00
Nick Mathewson
0c0214bcc0 Merge remote-tracking branch 'tor-github/pr/1725/head' into maint-0.3.5 2020-06-29 12:55:27 -04:00
David Goulet
6a43aadecc Merge branch 'tor-github/pr/1912' into maint-0.3.5 2020-06-12 12:55:17 -04:00