Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5

11 files changed, 120 insertions, 5 deletions

diff --git a/changes/bug12160 b/changes/bug12160
new file mode 100644
index 0000000000..2a7ace3410
--- /dev/null
+++ b/changes/bug12160
@@ -0,0 +1,4 @@
+ o Bugfixes
+   - Correctly update the local mark on the controlling channel when changing
+     the address of an or_connection_t after the handshake.  Fixes bug #12160;
+     bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug12908 b/changes/bug12908
new file mode 100644
index 0000000000..bd6784cbd2
--- /dev/null
+++ b/changes/bug12908
@@ -0,0 +1,4 @@
+  o Minor features:
+    - Warn about attempts to run hidden services and relays in the
+      same process: that's probably not a good idea. Closes ticket
+      12908.
diff --git a/changes/bug13096 b/changes/bug13096
new file mode 100644
index 0000000000..521faaf143
--- /dev/null
+++ b/changes/bug13096
@@ -0,0 +1,4 @@
+  o Minor bugfixes (conformance):
+    - In routerlist_assert_ok(), don't take the address of a routerinfo's
+      cache_info member unless that routerinfo is non-NULL. Fixes bug
+      13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
diff --git a/changes/bug13124 b/changes/bug13124
new file mode 100644
index 0000000000..be7df70347
--- /dev/null
+++ b/changes/bug13124
@@ -0,0 +1,8 @@
+  o Minor bugfixes:
+    - Reduce the log severity of the "Pluggable transport proxy does
+      not provide any needed transports and will not be launched."
+      message, since Tor Browser includes several ClientTransportPlugin
+      lines in its torrc-defaults file, leading every Tor Browser user
+      who looks at her logs to see these notices and wonder if they're
+      dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha.
+
diff --git a/src/or/channel.c b/src/or/channel.c
index ffd68493d0..b2b670e4fb 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -3760,6 +3760,23 @@ channel_mark_local(channel_t *chan)
 }
 
 /**
+ * Mark a channel as remote
+ *
+ * This internal-only function should be called by the lower layer if the
+ * channel is not to a local address but has previously been marked local.
+ * See channel_is_local() above or the description of the is_local bit in
+ * channel.h
+ */
+
+void
+channel_mark_remote(channel_t *chan)
+{
+  tor_assert(chan);
+
+  chan->is_local = 0;
+}
+
+/**
  * Test outgoing flag
  *
  * This function gets the outgoing flag; this is the inverse of the incoming
diff --git a/src/or/channel.h b/src/or/channel.h
index 3e164c6892..148199235a 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -349,6 +349,7 @@ void channel_clear_remote_end(channel_t *chan);
 void channel_mark_local(channel_t *chan);
 void channel_mark_incoming(channel_t *chan);
 void channel_mark_outgoing(channel_t *chan);
+void channel_mark_remote(channel_t *chan);
 void channel_set_identity_digest(channel_t *chan,
                                  const char *identity_digest);
 void channel_set_remote_end(channel_t *chan,
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 632bc328b7..245e33583b 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -156,7 +156,18 @@ channel_tls_connect(const tor_addr_t *addr, uint16_t port,
             tlschan,
             U64_PRINTF_ARG(chan->global_identifier));
 
-  if (is_local_addr(addr)) channel_mark_local(chan);
+  if (is_local_addr(addr)) {
+    log_debug(LD_CHANNEL,
+              "Marking new outgoing channel " U64_FORMAT " at %p as local",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+    channel_mark_local(chan);
+  } else {
+    log_debug(LD_CHANNEL,
+              "Marking new outgoing channel " U64_FORMAT " at %p as remote",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+    channel_mark_remote(chan);
+  }
+
   channel_mark_outgoing(chan);
 
   /* Set up or_connection stuff */
@@ -286,7 +297,18 @@ channel_tls_handle_incoming(or_connection_t *orconn)
   tlschan->conn = orconn;
   orconn->chan = tlschan;
 
-  if (is_local_addr(&(TO_CONN(orconn)->addr))) channel_mark_local(chan);
+  if (is_local_addr(&(TO_CONN(orconn)->addr))) {
+    log_debug(LD_CHANNEL,
+              "Marking new incoming channel " U64_FORMAT " at %p as local",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+    channel_mark_local(chan);
+  } else {
+    log_debug(LD_CHANNEL,
+              "Marking new incoming channel " U64_FORMAT " at %p as remote",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+    channel_mark_remote(chan);
+  }
+
   channel_mark_incoming(chan);
 
   /* Register it */
@@ -1209,6 +1231,44 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
 }
 
 /**
+ * Update channel marks after connection_or.c has changed an address
+ *
+ * This is called from connection_or_init_conn_from_address() after the
+ * connection's _base.addr or real_addr fields have potentially been changed
+ * so we can recalculate the local mark.  Notably, this happens when incoming
+ * connections are reverse-proxied and we only learn the real address of the
+ * remote router by looking it up in the consensus after we finish the
+ * handshake and know an authenticated identity digest.
+ */
+
+void
+channel_tls_update_marks(or_connection_t *conn)
+{
+  channel_t *chan = NULL;
+
+  tor_assert(conn);
+  tor_assert(conn->chan);
+
+  chan = TLS_CHAN_TO_BASE(conn->chan);
+
+  if (is_local_addr(&(TO_CONN(conn)->addr))) {
+    if (!channel_is_local(chan)) {
+      log_debug(LD_CHANNEL,
+                "Marking channel " U64_FORMAT " at %p as local",
+                U64_PRINTF_ARG(chan->global_identifier), chan);
+      channel_mark_local(chan);
+    }
+  } else {
+    if (channel_is_local(chan)) {
+      log_debug(LD_CHANNEL,
+                "Marking channel " U64_FORMAT " at %p as remote",
+                U64_PRINTF_ARG(chan->global_identifier), chan);
+      channel_mark_remote(chan);
+    }
+  }
+}
+
+/**
  * Check if this cell type is allowed before the handshake is finished
  *
  * Return true if <b>command</b> is a cell command that's allowed to start a
diff --git a/src/or/channeltls.h b/src/or/channeltls.h
index b4a7e2beac..c872a09d79 100644
--- a/src/or/channeltls.h
+++ b/src/or/channeltls.h
@@ -49,6 +49,7 @@ void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
                                                uint8_t state);
 void channel_tls_handle_var_cell(var_cell_t *var_cell,
                                  or_connection_t *conn);
+void channel_tls_update_marks(or_connection_t *conn);
 
 /* Cleanup at shutdown */
 void channel_tls_free_all(void);
diff --git a/src/or/config.c b/src/or/config.c
index 921503b4b9..31a3586256 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2564,6 +2564,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
 #endif
 
+  if (server_mode(options) && options->RendConfigLines)
+    log_warn(LD_CONFIG,
+        "Tor is currently configured as a relay and a hidden service. "
+        "That's not very secure: you should probably run your hidden service "
+        "in a separate Tor process, at least -- see "
+        "https://trac.torproject.org/8742");
+
   /* XXXX require that the only port not be DirPort? */
   /* XXXX require that at least one port be listened-upon. */
   if (n_ports == 0 && !options->RendConfigLines)
@@ -4820,8 +4827,8 @@ parse_client_transport_line(const or_options_t *options,
 
   if (is_managed) { /* managed */
     if (!validate_only && is_useless_proxy) {
-      log_notice(LD_GENERAL, "Pluggable transport proxy (%s) does not provide "
-                 "any needed transports and will not be launched.", line);
+      log_info(LD_GENERAL, "Pluggable transport proxy (%s) does not provide "
+               "any needed transports and will not be launched.", line);
     }
 
     /* If we are not just validating, use the rest of the line as the
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 16f87349fc..c372270b4c 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -923,6 +923,15 @@ connection_or_init_conn_from_address(or_connection_t *conn,
     tor_free(conn->base_.address);
     conn->base_.address = tor_dup_addr(addr);
   }
+
+  /*
+   * We have to tell channeltls.c to update the channel marks (local, in
+   * particular), since we may have changed the address.
+   */
+
+  if (conn->chan) {
+    channel_tls_update_marks(conn);
+  }
 }
 
 /** These just pass all the is_bad_for_new_circs manipulation on to
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index b5e924522e..32cbe19379 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -4938,7 +4938,7 @@ routerlist_assert_ok(const routerlist_t *rl)
   } SMARTLIST_FOREACH_END(r);
   SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) {
     r2 = rimap_get(rl->identity_map, sd->identity_digest);
-    tor_assert(sd != &(r2->cache_info));
+    tor_assert(!r2 || sd != &(r2->cache_info));
     sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest);
     tor_assert(sd == sd2);
     tor_assert(sd->routerlist_index == sd_sl_idx);