Commit Graph

3466 Commits

Author SHA1 Message Date
Nick Mathewson
f4221a809a Make test_cmdline_args.py work on Windows
Patch from Gisle Vanem on tor-dev ml
2015-01-06 13:26:52 -05:00
Nick Mathewson
d74f0cff92 make "make test-stem" run stem tests on tor
Closes ticket 14107.
2015-01-06 09:03:44 -05:00
Nick Mathewson
6d6643298d Don't crash on malformed EXTENDCIRCUIT.
Fixes 14116; bugfix on ac68704f in 0.2.2.9-alpha.
2015-01-06 08:49:57 -05:00
Nick Mathewson
276700131a Tolerate starting up with missing hidden service directory
Fixes bug 14106; bugfix on 0.2.6.2-alpha

Found by stem tests.
2015-01-05 11:39:38 -05:00
Nick Mathewson
b06b783fa0 Tolerate relative paths for torrc files with RunAsDaemon
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them.  That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.

Fixes bug 13397; bugfix on 0.2.3.11-alpha.
2015-01-04 19:34:38 -05:00
Nick Mathewson
8ef6cdc39f Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything."  But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.

Instead, let "." remain ".", and treat it specially when we're
checking for a match.

Fixes bug 12509; bugfix on 0.2.0.1-alpha.
2015-01-04 17:28:54 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
03e9aa0941 Fold more things into the 0.2.6.2-alpha changelog 2014-12-30 09:53:13 -05:00
Nick Mathewson
b32e10253c Lintchanges some more. 2014-12-30 09:39:12 -05:00
Nick Mathewson
5b770ac7b7 Merge branch 'no-exit-bootstrap-squashed' 2014-12-30 09:06:47 -05:00
teor
2b8e1f9133 Fix Reachability self-tests in test networks
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13924.
2014-12-30 09:06:00 -05:00
teor
c3a4201faa Add "internal" to some bootstrap statuses when no exits are available.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.

If a future consensus contains Exits, exit circuits may become available.

Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.

Consequential change from #13718.
2014-12-30 09:06:00 -05:00
teor
cb94f7534d Avoid building exit circuits from a consensus with no exits
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.

The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.

Exit Circuits:
    Predicted Exit Circuits
    User Traffic Circuits
    Most AP Streams
    Circuits Marked Exit
    Build Timeout Circuits (with exits)

Internal Circuits:
    Hidden Service Server Circuits
    Hidden Service Client Circuits
    Hidden Service AP Streams
    Hidden Service Intro Point Streams
    Circuits Marked Internal
    Build Timeout Circuits (with no exits)
    Other Circuits?
2014-12-30 09:06:00 -05:00
teor
55ad54e014 Allow tor to build circuits using a consensus with no exits
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.

When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)

This assists in bootstrapping a testing Tor network.

Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
2014-12-30 09:06:00 -05:00
teor
9b2d106e49 Check if there are exits in the consensus
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.

Used by #13718 and #13814.
2014-12-30 09:06:00 -05:00
teor
d812baf54c Refactor count_usable_descriptors to use named enums for exit_only
count_usable_descriptors now uses named exit_only values:
  USABLE_DESCRIPTOR_ALL
  USABLE_DESCRIPTOR_EXIT_ONLY

Add debug logging code for descriptor counts.

This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
2014-12-30 09:06:00 -05:00
teor
22a1e9cac1 Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.

This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *

This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).

Discovered as part of #13718.
2014-12-30 09:06:00 -05:00
Nick Mathewson
dc1aaa5b96 Make lintChanges happier 2014-12-30 08:54:01 -05:00
Nick Mathewson
e936b9b47d Merge remote-tracking branch 'dgoulet/bug13667_025_v4' 2014-12-30 08:34:48 -05:00
David Goulet
88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
Nick Mathewson
d7ecdd645a Wipe all of the target space in tor_addr_{to,from}_sockaddr()
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it.  Let's make sure that doesn't happen.

Closes ticket 14041
2014-12-29 10:06:12 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
Nick Mathewson
de432d5565 changes file for resolvemyaddr tests 2014-12-29 10:00:22 -05:00
Nick Mathewson
4d6a971ba9 Tweak 13913 fix: clarify that the behavior is not promised
Also, it's->its.  The apostrophe is used if and only if it's a
contraction for "it is".
2014-12-29 08:41:30 -05:00
Nick Mathewson
fd5d9d04b3 Merge remote-tracking branch 'rl1987/ticket13913' 2014-12-29 08:39:13 -05:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
8a8797f1e4 Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13963.
2014-12-24 06:13:32 +11:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
d7776315df Merge remote-tracking branch 'public/bug13811_025' 2014-12-23 13:02:37 -05:00
Nick Mathewson
c10ff26265 Changes file for 13811 2014-12-23 13:00:21 -05:00
Nick Mathewson
7e1289b3ec changes file for ticket11016 2014-12-23 11:32:10 -05:00
Nick Mathewson
c6ac752353 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-23 11:00:02 -05:00
Nick Mathewson
dfebefe68f changs file for 13808 2014-12-23 10:59:48 -05:00
Nick Mathewson
184a2dbbdd whoops; missing changes file for 14013 2014-12-23 10:55:25 -05:00
Nick Mathewson
6830667d58 Increase bandwidth usage report interval to 4 hours. 2014-12-22 12:24:13 -05:00
Nick Mathewson
f645564778 Start on a changelog for 0.2.6.2-alpha 2014-12-22 10:02:18 -05:00
Nick Mathewson
845d92295f have lintchanges check header format. 2014-12-22 10:00:34 -05:00
Nick Mathewson
441a481bb8 Resolve issues in changes files 2014-12-22 09:49:33 -05:00
Nick Mathewson
1c05dfd0b6 Merge branch 'ticket7356_squashed' 2014-12-21 14:48:53 -05:00
rl1987
ed0b46e711 Changes file for 7356 2014-12-21 14:48:39 -05:00
Nick Mathewson
647a90b9b3 Merge remote-tracking branch 'teor/bug14002-osx-transproxy-ipfw-pf' 2014-12-21 13:37:40 -05:00
teor
6fad395300 Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

Fixes bug 14001.
2014-12-21 13:35:03 -05:00
rl1987
f785723e0b Document the case of HiddenServiceDir being defined as relative path. 2014-12-21 19:05:10 +02:00
teor
d93516c445 Fix transparent proxy checks to allow OS X to use ipfw or pf
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.

Fixes bug 14002.
2014-12-20 22:28:58 +11:00
teor
6a9cae2e1d Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.
2014-12-20 22:20:54 +11:00
Nick Mathewson
64787e99fa Merge branch 'asn-karsten-task-13192-5-squashed' 2014-12-19 10:35:47 -05:00
George Kadianakis
13a6fb9a2a HS stats: Add changes file and improve man page. 2014-12-19 10:35:34 -05:00
Nick Mathewson
eee248bc59 Merge remote-tracking branch 'dgoulet/bug13936_025_v2' 2014-12-19 09:38:46 -05:00
David Goulet
3d83907ab1 Fix: call circuit_has_opened() for rendezvous circuit
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.

Furthermore, a controller event is triggered where the former did not.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-17 16:06:53 -05:00
Nick Mathewson
7d5916c0a7 Reference bug number in changes file 2014-12-12 08:53:42 -05:00
Nick Mathewson
915c9a517e Merge remote-tracking branch 'meejah/ticket-13941-b' 2014-12-12 08:53:14 -05:00
Nick Mathewson
7c5d888977 Tweak 13942 fix 2014-12-12 08:49:52 -05:00
meejah
85bfad1875 Pre-check hidden-service-dir permissions/ownership
See ticket #13942 where Tor dies if you feed it a hidden service
directory with the wrong owner via SETCONF.
2014-12-11 18:46:56 -07:00
meejah
76753efd7b Fix 13941: make calling log_new_relay_greeting() optional.
Specifically, only if we're creating secret_id_key do we log the
greeting (and then only if the key is actually created).
2014-12-11 18:43:51 -07:00
rl1987
9c239eccc9 Use END_CIRC_REASON_TORPROTOCOL instead of magic number. 2014-12-07 15:47:09 +02:00
Nick Mathewson
95ead31349 Tweak global_scheduler changes file 2014-11-27 23:05:21 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
3a91a08e21 Merge branch 'feature9503_squashed' 2014-11-25 12:49:09 -05:00
rl1987
8c135062e5 Adding 'SIGNAL HEARTBEAT' message that causes unscheduled heartbeat. 2014-11-25 12:48:41 -05:00
Nick Mathewson
b4ead16d57 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-24 09:19:22 -05:00
Nick Mathewson
5b55778c86 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-24 09:19:06 -05:00
Nick Mathewson
137982f955 Merge remote-tracking branch 'karsten/geoip6-nov2014' into maint-0.2.4 2014-11-24 09:18:36 -05:00
Nick Mathewson
8d5f1e6961 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-11-24 09:18:21 -05:00
Karsten Loesing
5441c733e0 Update geoip6 to the November 15 2014 database. 2014-11-24 14:23:18 +01:00
Karsten Loesing
8611c6bccd Update geoip to the November 15 2014 database. 2014-11-24 14:21:31 +01:00
Nick Mathewson
336c856e52 Make can_complete_circuits a static variable. 2014-11-20 12:03:46 -05:00
Nick Mathewson
f15cd22bb7 Don't build introduction circuits until we know we can build circuits
Patch from akwizgran.  Ticket 13447.
2014-11-20 11:51:36 -05:00
Nick Mathewson
b3bd7a736c Remove Support022HiddenServices
This has been already disabled in the directory consensus for a while;
it didn't seem to break anything.

Finally closes #7803.
2014-11-17 11:52:10 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
rl1987
a68b90fc7a Changes file for 13212. 2014-11-16 16:12:08 +02:00
Nick Mathewson
5c813f6ca1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-12 15:32:15 -05:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Sebastian Hahn
0493db4adb Add changes file for #13926 2014-11-12 15:25:52 -05:00
Nick Mathewson
9b11dc3617 Merge remote-tracking branch 'public/bug7484'
Conflicts:
	src/test/test_addr.c
2014-11-12 13:44:57 -05:00
Nick Mathewson
2170171d84 Merge branch 'ticket13172' 2014-11-12 13:25:17 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
Nick Mathewson
ccc54d545e tweak 9812 changes file 2014-11-12 10:28:33 -05:00
Nick Mathewson
99e2a325f6 Merge remote-tracking branch 'rl1987/bug9812' 2014-11-12 10:27:12 -05:00
Nick Mathewson
a87c697fb1 Merge remote-tracking branch 'public/bug13698_024_v1' 2014-11-12 10:23:55 -05:00
Nick Mathewson
5e4174f3b4 Revise changes file 2014-11-12 10:23:24 -05:00
rl1987
032560fc75 Adding changes file for 13644. 2014-11-11 21:01:30 +02:00
David Goulet
34eb007d22 Fix: don't report timeout when closing parallel intro points
When closing parallel introduction points, the given reason (timeout)
was actually changed to "no reason" thus when the circuit purpose was
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, we were reporting an introduction
point failure and flagging it "unreachable". After three times, that
intro point gets removed from the rend cache object.

In the case of CIRCUIT_PURPOSE_C_INTRODUCING, the intro point was
flagged has "timed out" and thus not used until the connection to the HS
is closed where that flag gets reset.

This commit adds an internal circuit reason called
END_CIRC_REASON_IP_NOW_REDUNDANT which tells the closing circuit
mechanism to not report any intro point failure.

This has been observed while opening hundreds of connections to an HS on
different circuit for each connection. This fix makes this use case to
work like a charm.

Fixes #13698.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-11-10 15:02:54 -05:00
Nick Mathewson
26e7e519dc Document networkstatus-bridges
Closes 13713; patch from 'tom'
2014-11-10 09:03:11 -05:00
rl1987
e395783f23 Adding changes file for 9812. 2014-11-09 17:55:35 +02:00
rl1987
7f7df97579 Fixing typo in manpage. 2014-11-09 16:34:34 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
teor
ce7fd6e160 Stop crashing when a NULL filename is passed to file_status()
Stop crashing when a NULL filename is passed to file_status(),
instead, return FN_ERROR.
Also return FN_ERROR when a zero-length filename is passed to file_status().
Fixed as part of bug 13111.
2014-11-08 20:26:53 +11:00
David Goulet
151f5f90b8 Wrong format in log statement
Fixes bug 13701.
2014-11-07 11:44:41 -05:00
Nick Mathewson
6344345140 Add correctness assertions for hashtable iteration
This is meant to prevent memory corruption bugs from doing
unspeakable infinite-loop-like things to the hashtables.  Addresses
ticket 11737.  We should disable these if they turn out to be
expensive.
2014-11-06 13:57:17 -05:00
Nick Mathewson
00f5909876 Define macros meaning <,>,==,!=,<=,>=
This lets us avoid putting operators directly in macro arguments,
and thus will help us unconfuse coccinelle.

For ticket 13172.
2014-11-06 11:21:13 -05:00
Nick Mathewson
68af1e7e9b Throw identify-node-by-nickname down the memory hole
Authorities are no longer voting on Named, so specifying nodes by
nickname isn't a clever thing to do.  (Not that it ever was!)  So
remove the documentation that suggests that you should do it.

Additionally, add proper cross-references to our __node__ lists, and
explain about the optional $ before identity digests.

Also, the oxford comma: endorsed by Steven Pinker, my spouse, and my
11th grade English teacher.

Closes 13381.
2014-11-06 11:10:58 -05:00
Nick Mathewson
1dcc492295 chgrp the testing tempdir to ourself to clear the sticky bit
Closes 13678.  Doesn't actually matter for older tors.
2014-11-05 14:28:34 -05:00
Nick Mathewson
8f645befba 11291: Fix warnings, add changes file, rename 'mask'. 2014-11-05 14:12:18 -05:00
Nick Mathewson
fc62721b06 Fix version number parsing to allow 2- and 3-part versions.
Fixes bug 13661; bugfix on 0.0.8pre1.
2014-11-05 13:29:28 -05:00
Nick Mathewson
3d8cb10732 Changes file for Andrea's work on 6456 2014-11-04 09:59:25 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
rl1987
fc9591da72 Adding changes file for 13315. 2014-11-04 00:37:24 -05:00
Nick Mathewson
593909ea70 Merge remote-tracking branch 'public/bug13214_025_squashed' 2014-11-04 00:24:56 -05:00
Nick Mathewson
b10e5ac7b8 Check descriptor ID in addition to HS ID when saving a v2 hs descriptor
Fixes bug 13214; reported by 'special'.
2014-11-04 00:24:15 -05:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
5bcf952261 Check more thoroughly for unlogged OpenSSL errors 2014-11-02 13:04:44 -05:00
Nick Mathewson
efd5001c3b Use digest256_len in networkstatus_copy_old_consensus_info()
Now, if a router ever changes its microdescriptor, but the new
microdescriptor SHA256 hash has the same 160-bit prefix as the old
one, we treat it as a new microdescriptor when deciding whether to
copy status information.

(This function also is used to compare SHA1 digests of router
descriptors, but don't worry: the descriptor_digest field either holds
a SHA256 hash, or a SHA1 hash padded with 0 bytes.)
2014-10-31 11:36:31 -04:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
Nick Mathewson
542b470164 Refactor {str,digest}map into a common implementation; add digest256map
Needed for #13399.
2014-10-31 10:54:12 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
5ef96d3209 Add in a few more changes entries for 0.2.6.1-alpha
(Also resort and rewrap)
2014-10-29 09:06:55 -04:00
rl1987
fd83bc1d41 Adding changes file for 9708. 2014-10-28 14:13:30 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
2c884fd8cc Merge remote-tracking branch 'rl1987/feature10427' 2014-10-28 14:03:40 -04:00
Nick Mathewson
0793ef862b Merge remote-tracking branch 'sebastian/bug13286' 2014-10-27 12:12:16 -04:00
Nick Mathewson
682c154cc4 Start on an 0.2.6.1-alpha changelog
I concatenated the remaining changes/* files, removed them, made the
headings more uniform, then told format_changelog.py to sort,
collate, and wrap them.
2014-10-27 11:27:52 -04:00
Nick Mathewson
a477d7c666 Remove changes files that have already been merged in release-0.2.5
(This means that changes/* is now "everything that changed since
0.2.5.10".)
2014-10-27 11:09:41 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
rl1987
36e771628e Congratulate relay operator when OR is first started
When Tor first generates identity keypair, emit a log message that
thanks for their participation and points to new Tor relay lifecycle
document.
2014-10-26 21:53:48 +02:00
Nick Mathewson
67fdfcf27c Fix a changes typo spotted by wfn 2014-10-22 11:02:56 -04:00
Nick Mathewson
653221e807 Merge remote-tracking branch 'public/bug11824_v2' 2014-10-22 11:01:50 -04:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
3826a88fc0 Merge remote-tracking branch 'teor/bug13476-improve-time-handling' 2014-10-21 13:14:27 -04:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
291cd50939 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-19 15:40:25 -04:00
Nick Mathewson
fd8f21e730 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-19 15:40:07 -04:00
Nick Mathewson
403c6ae78e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-19 15:39:48 -04:00
Nick Mathewson
c1dd598df8 Note that our #13426 fix is also a #13471 fix.
See also http://marc.info/?l=openssl-dev&m=141357408522028&w=2
2014-10-19 15:38:44 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
teor
879b39e1a8 Further unit test tor_timegm and parse_rfc1123_time
Add unit tests for tor_timegm signed overflow,
tor_timegm and parse_rfc1123_time validity checks,
and correct_tm year clamping.
Unit tests (visible) fixes in bug 13476.
2014-10-20 02:52:21 +11:00
teor
d7b13543e2 Clamp (some) years supplied by the system to 1 CE
Clamp year values returned by system localtime(_r) and
gmtime(_r) to year 1. This ensures tor can read any
values it might write out.

Fixes bug 13476.
2014-10-20 02:47:31 +11:00
teor
238b8eaa60 Improve date validation in HTTP headers
Check all date/time values passed to tor_timegm
and parse_rfc1123_time for validity, taking leap
years into account.
Improves HTTP header validation.

Avoid unlikely signed integer overflow in tor_timegm
on systems with 32-bit time_t.
Fixes bug 13476.
2014-10-20 02:40:27 +11:00
teor
dd556fb1e6 Use correct day of year in correct_tm()
Set the correct day of year value in correct_tm() when the
system's localtime(_r) or gmtime(_r) functions fail to set struct tm.

Fixes bug 13476.
2014-10-20 02:32:05 +11:00
Nick Mathewson
fc5cab4472 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 13:29:14 -04:00
Nick Mathewson
fb91d647ac Downgrade 'invalid result from curve25519 handshake: 4' warning
Also, refactor the way we handle failed handshakes so that this
warning doesn't propagate itself to "onion_skin_client_handshake
failed" and "circuit_finish_handshake failed" and
"connection_edge_process_relay_cell (at origin) failed."

Resolves warning from 9635.
2014-10-16 13:26:42 -04:00
Nick Mathewson
ab4b29625d Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN
Closes 8093.
2014-10-16 13:04:11 -04:00
Nick Mathewson
a5cc5ad08d Merge remote-tracking branch 'yawning/bug13314' 2014-10-16 09:12:13 -04:00
Nick Mathewson
33b399a7b2 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 09:09:20 -04:00
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
c1c83eb376 Merge branch 'no_sslv3_023' into maint-0.2.3 2014-10-16 09:08:09 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
teor
f51418aabc Avoid overflow in format_time_interval, create unit tests
Fix an instance of integer overflow in format_time_interval() when
taking the absolute value of the supplied signed interval value.
Fixes bug 13393.

Create unit tests for format_time_interval().
2014-10-12 20:50:10 +11:00
Nick Mathewson
cd678ae790 Remove is_router_version_good_for_possible_guard()
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
2014-10-09 15:12:36 -04:00
Nick Mathewson
90bce702ba Merge remote-tracking branch 'public/bug10816' 2014-10-09 10:57:19 -04:00
Nick Mathewson
e5f9f287ce Merge remote-tracking branch 'teor/bug-13163-AlternateAuthorities-type-handling-fixed' 2014-10-09 10:55:09 -04:00
Nick Mathewson
cc5571e1f1 Merge remote-tracking branches 'teor/issue-13161-test-network' and 'teor/issue-13161-TestingDirAuthVoteExit' 2014-10-08 15:46:29 -04:00
Nick Mathewson
40375fbce5 Merge remote-tracking branch 'teor/test-network-hang-on-make-j2' 2014-10-08 15:42:20 -04:00
teor
31bf8f2690 Bitwise check BRIDGE_DIRINFO
Bitwise check for the BRIDGE_DIRINFO flag, rather than checking for
equality.

Fixes a (potential) bug where directories offering BRIDGE_DIRINFO,
and some other flag (i.e. microdescriptors or extrainfo),
would be ignored when looking for bridge directories.

Final fix in series for bug 13163.
2014-10-08 05:37:15 +11:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
teor
c1dd43d823 Stop using default authorities with both Alternate Dir and Bridge Authority
Stop using the default authorities in networks which provide both
AlternateDirAuthority and AlternateBridgeAuthority.

This bug occurred due to an ambiguity around the use of NO_DIRINFO.
(Does it mean "any" or "none"?)

Partially fixes bug 13163.
2014-10-08 05:36:54 +11:00
teor
9a2d4b6647 Stop an apparent test-network hang when used with make -j2
If (GNU) Make 3.81 is running processes in parallel using -j2 (or more),
it waits until all descendent processes have exited before it returns to
the shell.

When a command like "make -j2 test-network" is run, this means that
test-network.sh apparently hangs until it either make is forcibly
terminated, or all the chutney-launched tor processes have exited.

A workaround is to use make without -j, or make -j1 if there is an
existing alias to "make -jn" in the shell.

We resolve this bug in tor by using "chutney stop" after "chutney verify"
in test-network.sh.
2014-10-04 13:18:56 +10:00
Nick Mathewson
bbffd0a018 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-03 19:58:25 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Yawning Angel
c8132aab92 Send back SOCKS5 errors for all of the address related failures.
Cases that now send errors:
 * Malformed IP address (SOCKS5_GENERAL_ERROR)
 * CONNECT/RESOLVE request with IP, when SafeSocks is set
   (SOCKS5_NOT_ALLOWED)
 * RESOLVE_PTR request with FQDN (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)
 * Malformed FQDN (SOCKS5_GENERAL_ERROR)
 * Unknown address type (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)

Fixes bug 13314.
2014-10-01 14:16:59 +00:00
teor
bae7334390 Add test-network delay option
Add a --delay option to test-network.sh, which configures the delay before
the chutney network tests for data transmission. The default remains at
18 seconds if the argument isn't specified.

Apparently we should be using bootstrap status for this (eventually).

Partially implements ticket 13161.
2014-10-01 18:05:04 +10:00
teor
7c0215f8ca test-network.sh: Use "/bin/echo -n" rather than builtin echo
The default shell on OS X is bash, which has a builtin echo. When called
in "sh" mode, this echo does not accept "-n". This patch uses "/bin/echo -n"
instead.

Partially fixes issue 13161.
2014-10-01 17:56:53 +10:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Andrea Shepard
52cfaa84b7 Add changes file for global scheduler/cmux refactor 2014-09-30 22:49:58 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
18f2bfb8c3 Note when 13290 was introduced. 2014-09-29 09:50:27 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
ba7b6246b7 Note when 13291 was introduced. 2014-09-29 09:40:33 -04:00
teor
b827a08284 Stop spawn test failures due to a race condition with SIGCHLD on process exit
When a spawned process forks, fails, then exits very quickly, (this
typically occurs when exec fails), there is a race condition between the
SIGCHLD handler updating the process_handle's fields, and checking the
process status in those fields. The update can occur before or after the
spawn tests check the process status.

We check whether the process is running or not running (rather than just
checking if it is running) to avoid this issue.
2014-09-29 09:37:53 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
f15e5aedbc Changes file for ticket 961 2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
56f92ca02d Merge remote-tracking branch 'rl1987/bug13228' 2014-09-29 08:55:17 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
rl1987
f20c72f456 Improving error message. 2014-09-28 18:09:25 +03:00
Nick Mathewson
7f5103ec59 Require two c99 features (midblock decls, designated initializers)
c99 lets us do neat stuff like:

    {
      int j, k;
      foo(&j, &k);
      int z = j + k;
    }

and also
    struct point { int x; int y; };
    struct point pt = { .x=5, .y=5 };

This commit makes the configure scripts check to make sure your
compiler implements them.  It also disables our longstanding warning
about midblock declarations.

Closes ticket 13233.
2014-09-25 11:20:04 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Nick Mathewson
e6150c7fc0 Merge remote-tracking branch 'public/bug12693_025' 2014-09-22 14:45:38 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
45fc0612d3 Adding changes file for 8197. 2014-09-22 14:18:01 -04:00
Nick Mathewson
c8d927bad4 changes file for 12884 2014-09-22 10:55:53 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
01b23a6d49 changes file for 7733 2014-09-22 10:39:51 -04:00
Nick Mathewson
bc758e4a5e Merge remote-tracking branch 'intrigeri/bug13196-systemd-writable-run-directory' 2014-09-22 10:31:24 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
intrigeri
2f47ab247a Add changes file for #13196.
Note that this will likely need to be folded with the changes file for #12751,
as this change is a mere fixup on top of the changes introduced for #12751.
2014-09-19 16:10:39 +00:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
35156ffcc3 Merge remote-tracking branch 'public/ticket_13119_v3' 2014-09-17 10:27:40 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
c72a94ea1c Add a changes file for 13119 2014-09-15 21:39:12 -04:00
George Kadianakis
a77e44d8c0 Add changes file for Tor2webRendezvousPoints. 2014-09-15 16:07:48 +03:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
9e595a95a8 Add a changes file for bug 13104 2014-09-11 00:05:56 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
5474d8ae05 Merge remote-tracking branch 'public/torrc_minimal' 2014-09-10 23:36:27 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
Nick Mathewson
54348201f7 Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'
Conflicts:
	contrib/dist/tor.service.in
2014-09-03 13:29:43 -04:00
Nick Mathewson
f58cdb3be7 Merge remote-tracking branch 'intrigeri/bug12751-systemd-filesystem-sandbox' 2014-09-03 13:28:46 -04:00
Nick Mathewson
8a79b56ac6 Divide torrc.sample into torrc.sample and torrc.minimal
torrc.minimal is now the one that should change as infrequently as
possible.  To schedule an change to go into it eventually, make your
change to torrc.minimal.in-sample.

torrc.sample is now the volatile one: we can change it to our hearts'
content.

Closes ticket #11144
2014-09-02 19:14:30 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
67c0ad5426 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-01 16:23:34 -04:00
rl1987
8139db3725 Adding changes file. 2014-09-01 16:22:52 -04:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b Initialize crash handler in unit tests
This way, we don't get locking failures when we hit an assertion in
the unit tests.  Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
intrigeri
9f0161f73d Add changes file for #12751. 2014-08-27 03:33:05 +00:00
intrigeri
a8dd279fa5 Add changes file for #12939. 2014-08-27 03:32:20 +00:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
446e481c90 Check for duplicate arguments to tor-gencert
Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00
Nick Mathewson
916fba2243 Merge branch 'bug12205_take2_squashed' 2014-08-20 15:32:48 -04:00
rl1987
197d855009 Rewriting entry_is_time_to_retry() using table approach. 2014-08-20 15:29:55 -04:00
Nick Mathewson
01a0ab02a3 Merge branch 'bug10116_squashed' 2014-08-20 14:52:24 -04:00
Nick Mathewson
7f5a440421 Don't allocate an extra smartlist in the OOM handler
Fixes issue 10116
2014-08-20 14:50:38 -04:00
Nick Mathewson
a32913d5aa Allow named pipes for our log files.
Closes ticket 12061. Based on a patch from "carlo von lynX" on tor-dev at
  https://lists.torproject.org/pipermail/tor-dev/2014-April/006705.html
2014-08-20 13:45:16 -04:00
Nick Mathewson
fb762f6db0 Merge remote-tracking branch 'public/bug11787' 2014-08-20 13:34:02 -04:00
Nick Mathewson
c3f04f3daa Changes file for bug 11787 2014-08-20 13:33:49 -04:00
Nick Mathewson
c57e8da4ea Merge remote-tracking branch 'public/bug12908_025' 2014-08-20 12:58:26 -04:00
Sathyanarayanan Gunasekaran
a3fe8b1166 Warn if Tor is a relay and a HS
Closes 12908; see #8742
2014-08-20 12:56:57 -04:00
Nick Mathewson
d0009cb8e8 Merge remote-tracking branch 'public/bug12728_024' 2014-08-20 12:44:15 -04:00
Nick Mathewson
764cebb4d9 Merge remote-tracking branch 'public/bug12700_024' 2014-08-20 09:00:41 -04:00
Nick Mathewson
ec59167cae When counting memory from closing a connection, count the dir conn too
Fix part of bug 11972
2014-08-18 15:21:50 -04:00
Nick Mathewson
1196ed7cc4 Fix relay_command_to_string(); solve 12700.
Two bugs here:
  1) We didn't add EXTEND2/EXTENDED2 to relay_command_to_string().

  2) relay_command_to_string() didn't log the value of unrecognized
     commands.

Both fixed here.
2014-08-18 13:21:40 -04:00
Nick Mathewson
6a8d2e21b8 changes file for bug 10163 / proposal 215. 2014-08-15 18:15:57 -04:00
Nick Mathewson
1f35fd0017 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-15 17:41:13 -04:00
Nick Mathewson
ff4ba9f8a0 Missing changes file for 3f683aadcd
Looks like I forgot to commit this.
2014-08-15 10:06:27 -04:00
Nick Mathewson
0808ed83f9 Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
2014-08-15 08:30:44 -04:00
Nick Mathewson
c69e96680a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 23:15:44 -04:00
Nick Mathewson
d443658fad Merge remote-tracking branch 'public/bug12848_024' into maint-0.2.5
Conflicts:
	src/or/circuitbuild.c
2014-08-13 23:14:28 -04:00
Nick Mathewson
283730ad1c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 15:11:52 -04:00
Nick Mathewson
789c8d8573 Apply an MSVC compilation fix from Gisle Vanem
This fixes a double-define introduced in 28538069b2
2014-08-13 15:11:00 -04:00
Nick Mathewson
9114346d32 Merge remote-tracking branch 'public/use_calloc' 2014-08-13 15:01:04 -04:00
Nick Mathewson
938deecc87 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 12:52:57 -04:00
Nick Mathewson
fa7ce6d3be Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-08-13 12:52:40 -04:00
Nick Mathewson
b45f0f8fb9 Merge remote-tracking branch 'karsten/geoip6-aug2014' into maint-0.2.4 2014-08-13 12:51:38 -04:00
Nick Mathewson
244ca67e47 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-08-13 12:51:27 -04:00
Nick Mathewson
883dc335e9 Fix configure script build with autoconf < 2.63
We added some AS_VAR_IF-based checks to detect whether we have
managed to compile (but not link) with stack-protector.  On autoconf
before 2.63, we don't have AS_VAR_IF, so we just have to let the
user get a compile error rather than a helpful "find libssp" error.

Fixes bug 12693; bugfix on 0.2.5.2-alpha (commit 21ac292820)
2014-08-13 12:01:58 -04:00
Nick Mathewson
4410f6fb83 Add changes file for bug12855 2014-08-13 10:39:56 -04:00
Karsten Loesing
6235b4769d Update geoip6 to the August 7 2014 database. 2014-08-13 16:16:11 +02:00
Karsten Loesing
b98e3f9936 Update geoip to the August 7 2014 database. 2014-08-13 16:08:33 +02:00
Nick Mathewson
b32a8b024c Don't send DESTROY to circID 0 when circuit_deliver_create_cell fails
Cypherpunks found this and wrote this patch.

Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
2014-08-12 12:12:02 -04:00
Nick Mathewson
4056c61608 Fix some URLs in the README
patch from mttp; fixes 12830
2014-08-09 15:57:44 -04:00
Nick Mathewson
bb68c731b8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-08 10:09:17 -04:00
Roger Dingledine
fcac4b4467 Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
2014-08-06 18:30:14 -04:00
Nick Mathewson
04007448b9 Correctly remove extraneous space in router family lines
Fixes bug 12728; bugfix on 0.2.1.7-alpha when the SPLIT_IGNORE_SPACE
option was added.
2014-08-05 11:09:08 -04:00
Nick Mathewson
0edb9b0492 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-30 14:18:11 -04:00
Nick Mathewson
74a8555d2b Merge remote-tracking branch 'intrigeri/bug12731-systemd-no-run-as-daemon' into maint-0.2.5
Conflicts:
	contrib/dist/tor.service.in
2014-07-30 14:00:21 -04:00
Nick Mathewson
88590ed3a6 Merge remote-tracking branch 'intrigeri/bug12730-systemd-verify-config' into maint-0.2.5 2014-07-30 13:59:39 -04:00
intrigeri
0a70579784 Verify configuration file via ExecStartPre in the systemd unit file (#12730). 2014-07-30 16:56:55 +00:00