diff options
| author | Roger Dingledine <arma@torproject.org> | 2012-10-13 18:35:05 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2012-10-13 18:35:05 -0400 |
| commit | f52fd41842b4ef207f15c693420df7af51a192f6 (patch) | |
| tree | d2be1bd620a730198614797933161f664c4b578d | |
| parent | 213ba1a70b41ea975f2e0119a746aa1bad6f1e22 (diff) | |
| parent | e2549c3b745313d6647c7e1d05025a84e1d33873 (diff) | |
| download | tor-f52fd41842b4ef207f15c693420df7af51a192f6.tar.gz tor-f52fd41842b4ef207f15c693420df7af51a192f6.zip | |
Merge branch 'maint-0.2.3' into release-0.2.3
| -rw-r--r-- | changes/bug6024 | 2 | ||||
| -rw-r--r-- | changes/bug6341 | 5 | ||||
| -rw-r--r-- | changes/bug6827 | 9 | ||||
| -rw-r--r-- | changes/bug6844 | 4 | ||||
| -rw-r--r-- | changes/bug6866 | 4 | ||||
| -rw-r--r-- | changes/bug7014 | 5 | ||||
| -rw-r--r-- | changes/bug7022 | 3 | ||||
| -rw-r--r-- | changes/bug7037 | 6 | ||||
| -rw-r--r-- | changes/ticket5749 | 3 | ||||
| -rw-r--r-- | doc/tor.1.txt | 21 | ||||
| -rw-r--r-- | src/common/util.c | 2 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 70 | ||||
| -rw-r--r-- | src/or/command.c | 2 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 7 | ||||
| -rw-r--r-- | src/or/relay.c | 2 | ||||
| -rw-r--r-- | src/or/routerparse.c | 3 |
17 files changed, 123 insertions, 28 deletions
diff --git a/changes/bug6024 b/changes/bug6024 new file mode 100644 index 0000000000..743e6ef1fe --- /dev/null +++ b/changes/bug6024 @@ -0,0 +1,2 @@ + o Documentation fixes: + - Clarify that hidden services are TCP only. Fixes bug 6024. diff --git a/changes/bug6341 b/changes/bug6341 new file mode 100644 index 0000000000..04e52c7cd3 --- /dev/null +++ b/changes/bug6341 @@ -0,0 +1,5 @@ + o Major bugfixes: + - Fix a possible crash bug when checking for deactivated circuits + in connection_or_flush_from_first_active_circuit(). Fixes bug + 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received + pseudonymously. diff --git a/changes/bug6827 b/changes/bug6827 new file mode 100644 index 0000000000..bf71d2b97c --- /dev/null +++ b/changes/bug6827 @@ -0,0 +1,9 @@ + o Minor bugfixes: + + - Avoid undefined behaviour when parsing the list of supported + rendezvous/introduction protocols in a hidden service + descriptor. Previously, Tor would have confused (as-yet-unused) + protocol version numbers greater than 32 with lower ones on many + platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by + George Kadianakis. + diff --git a/changes/bug6844 b/changes/bug6844 new file mode 100644 index 0000000000..338e19d9a5 --- /dev/null +++ b/changes/bug6844 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Correct file sizes when reading binary files on + Cygwin, to avoid a bug where Tor would fail to read its state file. + Fixes bug 6844; bugfix on 0.1.2.7-alpha. diff --git a/changes/bug6866 b/changes/bug6866 new file mode 100644 index 0000000000..561676b765 --- /dev/null +++ b/changes/bug6866 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Convert an assert in the pathbias code to a log message. Assert + appears to only be triggerable by Tor2Web mode. Fixes bug 6866; + bugfix on 0.2.3.17-beta. diff --git a/changes/bug7014 b/changes/bug7014 new file mode 100644 index 0000000000..1d39103a50 --- /dev/null +++ b/changes/bug7014 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + diff --git a/changes/bug7022 b/changes/bug7022 new file mode 100644 index 0000000000..10ac354724 --- /dev/null +++ b/changes/bug7022 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7037 b/changes/bug7037 new file mode 100644 index 0000000000..fc3a1ad1c5 --- /dev/null +++ b/changes/bug7037 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/ticket5749 b/changes/ticket5749 new file mode 100644 index 0000000000..0237241981 --- /dev/null +++ b/changes/ticket5749 @@ -0,0 +1,3 @@ + o New directory authorities: + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 0bd970965a..773fccf536 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -81,7 +81,7 @@ COMMAND-LINE OPTIONS Other options can be specified on the command-line in the format "--option value", in the format "option value", or in a configuration file. For instance, you can tell Tor to start listening for SOCKS connections on port -9999 by passing --SOCKSPort 9999 or SOCKPort 9999 to it on the command line, +9999 by passing --SOCKSPort 9999 or SOCKSPort 9999 to it on the command line, or by putting "SOCKSPort 9999" in the configuration file. You will need to quote options with spaces in them: if you want Tor to log all debugging messages to debug.log, you will probably need to say --Log 'debug file @@ -237,7 +237,7 @@ GENERAL OPTIONS recommend that you leave this alone unless you know what you're doing, since giving attackers access to your control listener is really dangerous. This directive can be specified multiple - times to bind to multiple addresses/ports. (Default: 127.0.0.1) + times to bind to multiple addresses/ports. (Default: 127.0.0.1) **ControlSocket** __Path__:: Like ControlPort, but listens on a Unix domain socket, rather than a TCP @@ -762,7 +762,7 @@ The following options are useful only for clients (that is, if purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and this option is not set, the hidden service is not accessible. Hidden - services can be configured to require authorization using the + services can be configured to require authorization using the **HiddenServiceAuthorizeClient** option. **CloseHSClientCircuitsImmediatelyOnTimeout** **0**|**1**:: @@ -1017,7 +1017,7 @@ The following options are useful only for clients (that is, if Open this port to listen for transparent proxy connections. Set this to 0 if you don't want to allow transparent proxy connections. Set the port to "auto" to have Tor pick a port for you. This directive can be - specified multiple times to bind to multiple addresses/ports. See + specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. + + TransPort requires OS support for transparent proxies, such as BSDs' pf or @@ -1055,7 +1055,7 @@ The following options are useful only for clients (that is, if **AutomapHostsOnResolve** **0**|**1**:: When this option is enabled, and we get a request to resolve an address that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an - unused virtual address to that address, and return the new virtual address. + unused virtual address to that address, and return the new virtual address. This is handy for making ".onion" addresses work with applications that resolve an address and then connect to it. (Default: 0) @@ -1747,10 +1747,11 @@ The following options are used to configure a hidden service. Configure a virtual port VIRTPORT for a hidden service. You may use this option multiple times; each time applies to the service using the most recent hiddenservicedir. By default, this option maps the virtual port to - the same port on 127.0.0.1. You may override the target port, address, or - both by specifying a target of addr, port, or addr:port. You may also have - multiple lines with the same VIRTPORT: when a user connects to that - VIRTPORT, one of the TARGETs from those lines will be chosen at random. + the same port on 127.0.0.1 over TCP. You may override the target port, + address, or both by specifying a target of addr, port, or addr:port. + You may also have multiple lines with the same VIRTPORT: when a user + connects to that VIRTPORT, one of the TARGETs from those lines will be + chosen at random. **PublishHidServDescriptors** **0**|**1**:: If set to 0, Tor will run any hidden services you configure, but it won't @@ -1775,7 +1776,7 @@ The following options are used to configure a hidden service. their configuration file using **HidServAuth**. **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: - Every time the specified period elapses, Tor uploads any rendezvous + Every time the specified period elapses, Tor uploads any rendezvous service descriptors to the directory servers. This information is also uploaded whenever it changes. (Default: 1 hour) diff --git a/src/common/util.c b/src/common/util.c index 55f4d906f5..6fb597a3a5 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2322,7 +2322,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) } string[r] = '\0'; /* NUL-terminate the result. */ -#ifdef _WIN32 +#if defined(_WIN32) || defined(__CYGWIN__) if (!bin && strchr(string, '\r')) { log_debug(LD_FS, "We didn't convert CRLF to LF as well as we hoped " "when reading %s. Coping.", diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 9d52b5e021..f8521c5cff 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2646,8 +2646,25 @@ pathbias_count_first_hop(origin_circuit_t *circ) char *rate_msg = NULL; /* Completely ignore one hop circuits */ - if (circ->build_state->onehop_tunnel) { - tor_assert(circ->build_state->desired_path_len == 1); + if (circ->build_state->onehop_tunnel || + circ->build_state->desired_path_len == 1) { + /* Check for inconsistency */ + if (circ->build_state->desired_path_len != 1 || + !circ->build_state->onehop_tunnel) { + if ((rate_msg = rate_limit_log(&first_hop_notice_limit, + approx_time()))) { + log_info(LD_BUG, + "One-hop circuit has length %d. Path state is %s. " + "Circuit is a %s currently %s.%s", + circ->build_state->desired_path_len, + pathbias_state_to_string(circ->path_state), + circuit_purpose_to_string(circ->_base.purpose), + circuit_state_to_string(circ->_base.state), + rate_msg); + tor_free(rate_msg); + } + tor_fragile_assert(); + } return 0; } @@ -2658,11 +2675,12 @@ pathbias_count_first_hop(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "Opened circuit is in strange path state %s. " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", pathbias_state_to_string(circ->path_state), circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } @@ -2685,11 +2703,12 @@ pathbias_count_first_hop(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "Unopened circuit has strange path state %s. " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", pathbias_state_to_string(circ->path_state), circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } } else { @@ -2697,10 +2716,11 @@ pathbias_count_first_hop(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "Unopened circuit has no known guard. " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } } @@ -2711,12 +2731,13 @@ pathbias_count_first_hop(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "A %s circuit is in cpath state %d (opened: %d). " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", pathbias_state_to_string(circ->path_state), circ->cpath->state, circ->has_opened, circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } } @@ -2740,8 +2761,25 @@ pathbias_count_success(origin_circuit_t *circ) char *rate_msg = NULL; /* Ignore one hop circuits */ - if (circ->build_state->onehop_tunnel) { - tor_assert(circ->build_state->desired_path_len == 1); + if (circ->build_state->onehop_tunnel || + circ->build_state->desired_path_len == 1) { + /* Check for consistency */ + if (circ->build_state->desired_path_len != 1 || + !circ->build_state->onehop_tunnel) { + if ((rate_msg = rate_limit_log(&success_notice_limit, + approx_time()))) { + log_info(LD_BUG, + "One-hop circuit has length %d. Path state is %s. " + "Circuit is a %s currently %s.%s", + circ->build_state->desired_path_len, + pathbias_state_to_string(circ->path_state), + circuit_purpose_to_string(circ->_base.purpose), + circuit_state_to_string(circ->_base.state), + rate_msg); + tor_free(rate_msg); + } + tor_fragile_assert(); + } return; } @@ -2763,11 +2801,12 @@ pathbias_count_success(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "Succeeded circuit is in strange path state %s. " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", pathbias_state_to_string(circ->path_state), circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } @@ -2782,10 +2821,11 @@ pathbias_count_success(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "Completed circuit has no known guard. " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } } else { @@ -2794,11 +2834,12 @@ pathbias_count_success(origin_circuit_t *circ) approx_time()))) { log_info(LD_BUG, "Opened circuit is in strange path state %s. " - "Circuit is a %s currently %s. %s", + "Circuit is a %s currently %s.%s", pathbias_state_to_string(circ->path_state), circuit_purpose_to_string(circ->_base.purpose), circuit_state_to_string(circ->_base.state), rate_msg); + tor_free(rate_msg); } } } @@ -5269,19 +5310,22 @@ transport_resolve_conflicts(transport_t *t) t_tmp->marked_for_removal = 0; return 1; } else { /* same name but different addrport */ + char *new_transport_addr = tor_strdup(fmt_addr(&t->addr)); if (t_tmp->marked_for_removal) { /* marked for removal */ log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' " "but there was already a transport marked for deletion at " "'%s:%u'. We deleted the old transport and registered the " - "new one.", t->name, fmt_addr(&t->addr), t->port, + "new one.", t->name, new_transport_addr, t->port, fmt_addr(&t_tmp->addr), t_tmp->port); smartlist_remove(transport_list, t_tmp); transport_free(t_tmp); + tor_free(new_transport_addr); } else { /* *not* marked for removal */ log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' " "but the same transport already exists at '%s:%u'. " - "Skipping.", t->name, fmt_addr(&t->addr), t->port, + "Skipping.", t->name, new_transport_addr, t->port, fmt_addr(&t_tmp->addr), t_tmp->port); + tor_free(new_transport_addr); return -1; } } diff --git a/src/or/command.c b/src/or/command.c index abf664c1e2..d8a409bc27 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -428,7 +428,7 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn) log_warn(LD_GENERAL,"Failed to hand off onionskin. Closing.%s",m); tor_free(m); } - circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); + circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT); return; } log_debug(LD_OR,"success: handed off onionskin."); diff --git a/src/or/config.c b/src/or/config.c index b9170f4200..90a5dfbda1 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -969,6 +969,9 @@ add_default_trusted_dir_authorities(dirinfo_type_t type) "maatuska orport=80 no-v2 " "v3ident=49015F787433103580E3B66A1707A00E60F2D15B " "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810", + "Faravahar orport=443 no-v2 " + "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 " + "154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", NULL }; for (i=0; dirservers[i]; i++) { diff --git a/src/or/or.h b/src/or/or.h index 9074083a04..51c23d305d 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4279,14 +4279,17 @@ typedef struct rend_intro_point_t { time_t time_expiring; } rend_intro_point_t; +#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16 + /** Information used to connect to a hidden service. Used on both the * service side and the client side. */ typedef struct rend_service_descriptor_t { crypto_pk_t *pk; /**< This service's public key. */ int version; /**< Version of the descriptor format: 0 or 2. */ time_t timestamp; /**< Time when the descriptor was generated. */ - uint16_t protocols; /**< Bitmask: which rendezvous protocols are supported? - * (We allow bits '0', '1', and '2' to be set.) */ + /** Bitmask: which rendezvous protocols are supported? + * (We allow bits '0', '1', and '2' to be set.) */ + int protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH; /** List of the service's introduction points. Elements are removed if * introduction attempts fail. */ smartlist_t *intro_nodes; diff --git a/src/or/relay.c b/src/or/relay.c index 3d261c2650..5f7fcd8b7c 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -2478,7 +2478,7 @@ connection_or_flush_from_first_active_circuit(or_connection_t *conn, int max, tor_assert(tmp == cell_ewma); add_cell_ewma_to_conn(conn, cell_ewma); } - if (circ != conn->active_circuits) { + if (!ewma_enabled && circ != conn->active_circuits) { /* If this happens, the current circuit just got made inactive by * a call in connection_write_to_buf(). That's nothing to worry about: * circuit_make_inactive_on_conn() already advanced conn->active_circuits diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 60a2eae75f..2bf072b3cf 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4823,6 +4823,9 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, 10, 0, INT_MAX, &num_ok, NULL); if (!num_ok) /* It's a string; let's ignore it. */ continue; + if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH) + /* Avoid undefined left-shift behaviour. */ + continue; result->protocols |= 1 << version; } SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp)); |