Commit Graph

19480 Commits

Author SHA1 Message Date
Nick Mathewson
dc1aaa5b96 Make lintChanges happier 2014-12-30 08:54:01 -05:00
Nick Mathewson
e936b9b47d Merge remote-tracking branch 'dgoulet/bug13667_025_v4' 2014-12-30 08:34:48 -05:00
David Goulet
88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
Nick Mathewson
d7ecdd645a Wipe all of the target space in tor_addr_{to,from}_sockaddr()
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it.  Let's make sure that doesn't happen.

Closes ticket 14041
2014-12-29 10:06:12 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
Nick Mathewson
de432d5565 changes file for resolvemyaddr tests 2014-12-29 10:00:22 -05:00
Nick Mathewson
feed26d037 Make the resolvemyaddr unit tests pass when local dns is hijacked
If you are in a coffee shop that returns a helpful redirect page for
"onionrouter", or on an ISP that does the same, the test as written
would fail.
2014-12-29 10:00:22 -05:00
Nick Mathewson
3538dfc91f Fix memory leaks in resolvemyaddr tests 2014-12-29 10:00:22 -05:00
Nick Mathewson
c07747be2e Fix compilation errors in resolvemyaddr tests 2014-12-29 10:00:22 -05:00
rl1987
28217b969e Adding comprehensive test cases for resolve_my_address.
Also, improve comments on resolve_my_address to explain what it
actually does.
2014-12-29 09:59:47 -05:00
rl1987
a56511e594 Fix a few comments 2014-12-29 09:59:14 -05:00
Nick Mathewson
4d6a971ba9 Tweak 13913 fix: clarify that the behavior is not promised
Also, it's->its.  The apostrophe is used if and only if it's a
contraction for "it is".
2014-12-29 08:41:30 -05:00
Nick Mathewson
fd5d9d04b3 Merge remote-tracking branch 'rl1987/ticket13913' 2014-12-29 08:39:13 -05:00
Nick Mathewson
eda5cebd6c Add another cellintptr use; fixes 14031 2014-12-26 19:17:24 -05:00
Nick Mathewson
38af3b983f Improve a notice message in dirvote.c. (Roger asked for this.) 2014-12-26 19:14:56 -05:00
teor
2d199bdffe Fix grammar in comment on running_long_enough_to_decide_unreachable 2014-12-26 00:54:10 +11:00
teor
5710b83d5d Fix a function name in a comment in config.c 2014-12-26 00:54:09 +11:00
teor
0275b68764 Fix log messages in channeltls.c
Add hop number in debug "Contemplating intermediate hop..."
Fix capitalisation on warn "Failed to choose an exit server"
2014-12-26 00:53:58 +11:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
8a8797f1e4 Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13963.
2014-12-24 06:13:32 +11:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
d7776315df Merge remote-tracking branch 'public/bug13811_025' 2014-12-23 13:02:37 -05:00
Nick Mathewson
c10ff26265 Changes file for 13811 2014-12-23 13:00:21 -05:00
Francisco Blas Izquierdo Riera (klondike)
c83f180116 Fix Matthews code to actually use tmp
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.

This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 12:55:48 -05:00
Nick Mathewson
45b911b79b Add pkg.m4 to use pkgconfig macros 2014-12-23 11:39:48 -05:00
Nick Mathewson
6285d9bdcf Fix compilation on platforms without IP6T_SO_ORIGINAL_DST 2014-12-23 11:36:27 -05:00
Nick Mathewson
9545569d73 Merge branch 'ticket11016' 2014-12-23 11:32:22 -05:00
Nick Mathewson
7e1289b3ec changes file for ticket11016 2014-12-23 11:32:10 -05:00
Nick Mathewson
2f46e5e755 Adjust systemd watchdog support
Document why we divide it by two.

Check for > 0 instead of nonzero for success, since that's what the
manpage says.

Allow watchdog timers greater than 1 second.
2014-12-23 11:27:18 -05:00
Michael Scherer
29ac883606 Add support for systemd watchdog protocol
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
2014-12-23 11:22:42 -05:00
Michael Scherer
aabaed6f49 add support for systemd notification protocol
This permit for now to signal readiness in a cleaner way
to systemd.
2014-12-23 11:06:01 -05:00
Nick Mathewson
c6ac752353 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-23 11:00:02 -05:00
Nick Mathewson
dfebefe68f changs file for 13808 2014-12-23 10:59:48 -05:00
Nick Mathewson
184a2dbbdd whoops; missing changes file for 14013 2014-12-23 10:55:25 -05:00
Nick Mathewson
d151a069e9 tweak whitespace; log bad socket family if bug occurs 2014-12-23 10:53:40 -05:00
Francisco Blas Izquierdo Riera (klondike)
cca6ed80bf Add the transparent proxy getsockopt to the sandbox
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.

This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.

This patch is released under the same license as the original file as
long as the author is credited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:36 -05:00
Francisco Blas Izquierdo Riera (klondike)
39e71d8fa5 Use the appropriate call to getsockopt for IPv6 sockets
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.

This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:33 -05:00
Nick Mathewson
808e2b856b Tweak channel unit tests so we don't see coverity complaints
channel_write_*_cell() can delete its argument, so coverity doesn't
like us doing pointer comparison against that argument later.
Silly.
2014-12-22 16:06:05 -05:00
Nick Mathewson
0965bbd5ac Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-22 16:02:47 -05:00
Nick Mathewson
6d728ba880 Merge remote-tracking branch 'public/bug14013_024' into maint-0.2.5 2014-12-22 15:58:49 -05:00
Nick Mathewson
47760c7ba5 When decoding a base-{16,32,64} value, clear the target buffer first
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.

Prevents any fallout from bug 14013.
2014-12-22 12:56:35 -05:00
Nick Mathewson
03d2df62f6 Fix a bunch of memory leaks in the unit tests. Found with valgrind 2014-12-22 12:27:26 -05:00
Nick Mathewson
b94cb401d2 Coverity complained that we were not checking this return value 2014-12-22 11:13:11 -05:00
Nick Mathewson
13f26f41e4 Fix some coverity issues in the unit tests 2014-12-22 11:13:01 -05:00
Nick Mathewson
ec07c3c5c5 Reflow the changelog again 2014-12-22 10:54:09 -05:00
Nick Mathewson
fe0ecdcfed Rewrite some changelog entries 2014-12-22 10:53:52 -05:00
Nick Mathewson
8f242a72e7 Relabel some changelog items; re-sort them into place 2014-12-22 10:12:43 -05:00
Nick Mathewson
c12b2e1cce minor teaks fo the changelog 2014-12-22 10:06:56 -05:00
Nick Mathewson
0f5303f08a Auto-reformat the changelog for 0.2.6.2-alpha 2014-12-22 10:03:19 -05:00