aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog26
-rw-r--r--doc/spec/control-spec.txt15
-rw-r--r--src/common/address.c9
-rw-r--r--src/common/log.c4
-rw-r--r--src/common/tortls.c4
-rw-r--r--src/common/tortls.h4
-rw-r--r--src/common/util.c7
-rw-r--r--src/or/circuitbuild.c56
-rw-r--r--src/or/circuituse.c5
-rw-r--r--src/or/command.c2
-rw-r--r--src/or/config.c5
-rw-r--r--src/or/connection_edge.c8
-rw-r--r--src/or/control.c8
-rw-r--r--src/or/directory.c9
-rw-r--r--src/or/eventdns.c6
-rw-r--r--src/or/eventdns.h4
-rw-r--r--src/or/main.c17
-rw-r--r--src/or/rendclient.c2
-rw-r--r--src/or/rendservice.c5
-rw-r--r--src/or/router.c17
-rw-r--r--src/or/routerparse.c13
-rw-r--r--src/or/test.c2
-rw-r--r--src/tools/tor-gencert.c4
-rw-r--r--src/tools/tor-resolve.c4
24 files changed, 145 insertions, 91 deletions
diff --git a/ChangeLog b/ChangeLog
index 6282157f1e..fccae7daed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@ Changes in version 0.2.1.20 - 2009-??-??
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
+ - Fix a remotely triggerable memory leak when a consensus document
+ contains more than one signature from the same voter. Bugfix on
+ 0.2.0.3-alpha.
o New directory authorities:
- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
@@ -18,15 +21,38 @@ Changes in version 0.2.1.20 - 2009-??-??
- Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
+ - Fix an obscure bug where hidden services on 64-bit big-endian
+ systems might mis-read the timestamp in v3 introduce cells, and
+ refuse to connect back to the client. Discovered by "rotor".
+ Bugfix on 0.2.1.6-alpha.
- We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
+ - We were telling the controller about CHECKING_REACHABILITY and
+ REACHABILITY_FAILED status events whenever we launch a testing
+ circuit or notice that one has failed. Instead, only tell the
+ controller when we want to inform the user of overall success or
+ overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
+ by SwissTorExit.
+ - Don't warn when we're using a circuit that ends with a node
+ excluded in ExcludeExitNodes, but the circuit is not used to access
+ the outside world. This should help fix bug 1090. Bugfix on
+ 0.2.1.6-alpha.
+ - Teach connection_ap_can_use_exit to respect the Exclude*Nodes config
+ options. Should fix bug 1090. Bugfix on 0.0.2-pre16.
- Avoid segfault in rare cases when finishing an introduction circuit
as a client and finding out that we don't have an introduction key
for it. Fixes bug 1073. Reported by Aaron Swartz.
+ o Minor features:
+ - Add a "getinfo status/accepted-server-descriptor" controller
+ command, which is the recommended way for controllers to learn
+ whether our server descriptor has been successfully received by at
+ least on directory authority. Un-recommend good-server-descriptor
+ getinfo and status events until we have a better design for them.
+
Changes in version 0.2.1.19 - 2009-07-28
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt
index 0cc3bb2928..cf92e2b9e3 100644
--- a/doc/spec/control-spec.txt
+++ b/doc/spec/control-spec.txt
@@ -558,6 +558,7 @@ $Id$
"status/circuit-established"
"status/enough-dir-info"
"status/good-server-descriptor"
+ "status/accepted-server-descriptor"
"status/..."
These provide the current internal Tor values for various Tor
states. See Section 4.1.10 for explanations. (Only a few of the
@@ -1488,18 +1489,22 @@ $Id$
We successfully uploaded our server descriptor to at least one
of the directory authorities, with no complaints.
- {This event could affect the controller's idea of server status, but
- the controller should not interrupt the user to tell them so.}
+ {Originally, the goal of this event was to declare "every authority
+ has accepted the descriptor, so there will be no complaints
+ about it." But since some authorities might be offline, it's
+ harder to get certainty than we had thought. As such, this event
+ is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers
+ should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore
+ this event for now.}
NAMESERVER_STATUS
"NS=addr"
"STATUS=" "UP" / "DOWN"
"ERR=" message
One of our nameservers has changed status.
- // actually notice
- {This event could affect the controller's idea of server status, but
- the controller should not interrupt the user to tell them so.}
+ {This event could affect the controller's idea of server status, but
+ the controller should not interrupt the user to tell them so.}
NAMESERVER_ALL_DOWN
All of our nameservers have gone down.
diff --git a/src/common/address.c b/src/common/address.c
index fac9d50e15..2fe013a2cd 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address,
return -1; /* malformed. */
/* reverse the bytes */
- inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24)
- |((inaddr.s_addr & 0x0000ff00ul) << 8)
- |((inaddr.s_addr & 0x00ff0000ul) >> 8)
- |((inaddr.s_addr & 0xff000000ul) >> 24));
+ inaddr.s_addr = (uint32_t)
+ (((inaddr.s_addr & 0x000000ff) << 24)
+ |((inaddr.s_addr & 0x0000ff00) << 8)
+ |((inaddr.s_addr & 0x00ff0000) >> 8)
+ |((inaddr.s_addr & 0xff000000) >> 24));
if (result) {
tor_addr_from_in(result, &inaddr);
diff --git a/src/common/log.c b/src/common/log.c
index ea09fca167..423a687a51 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -149,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity)
t = (time_t)now.tv_sec;
n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm));
- r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ",
- (long)now.tv_usec / 1000, sev_to_string(severity));
+ r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ",
+ (int)now.tv_usec / 1000, sev_to_string(severity));
if (r<0)
return buf_len-1;
else
diff --git a/src/common/tortls.c b/src/common/tortls.c
index f14eab18a5..aeb0ca0800 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1443,8 +1443,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
* buffer and *<b>wbuf_bytes</b> to the amount actually used. */
void
tor_tls_get_buffer_sizes(tor_tls_t *tls,
- int *rbuf_capacity, int *rbuf_bytes,
- int *wbuf_capacity, int *wbuf_bytes)
+ size_t *rbuf_capacity, size_t *rbuf_bytes,
+ size_t *wbuf_capacity, size_t *wbuf_bytes)
{
if (tls->ssl->s3->rbuf.buf)
*rbuf_capacity = tls->ssl->s3->rbuf.len;
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 44e3b499ef..d00690911c 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
size_t *n_read, size_t *n_written);
void tor_tls_get_buffer_sizes(tor_tls_t *tls,
- int *rbuf_capacity, int *rbuf_bytes,
- int *wbuf_capacity, int *wbuf_bytes);
+ size_t *rbuf_capacity, size_t *rbuf_bytes,
+ size_t *wbuf_capacity, size_t *wbuf_bytes);
int tor_tls_used_v1_handshake(tor_tls_t *tls);
diff --git a/src/common/util.c b/src/common/util.c
index 7b9e5eb562..9dcf9fba64 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks,
int open_flags)
{
open_file_t *file = NULL;
- int fd, result;
+ int fd;
+ ssize_t result;
fd = start_writing_to_file(fname, open_flags, 0600, &file);
if (fd<0)
return -1;
@@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
int fd; /* router file */
struct stat statbuf;
char *string;
- int r;
+ ssize_t r;
int bin = flags & RFTS_BIN;
tor_assert(filename);
@@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
* match for size. */
int save_errno = errno;
log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".",
- r, (long)statbuf.st_size,filename);
+ (int)r, (long)statbuf.st_size,filename);
tor_free(string);
close(fd);
errno = save_errno;
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index d78981e09b..983eb6dac1 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -527,9 +527,16 @@ inform_testing_reachability(void)
routerinfo_t *me = router_get_my_routerinfo();
if (!me)
return 0;
- if (me->dir_port)
+ control_event_server_status(LOG_NOTICE,
+ "CHECKING_REACHABILITY ORADDRESS=%s:%d",
+ me->address, me->or_port);
+ if (me->dir_port) {
tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d",
me->address, me->dir_port);
+ control_event_server_status(LOG_NOTICE,
+ "CHECKING_REACHABILITY DIRADDRESS=%s:%d",
+ me->address, me->dir_port);
+ }
log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... "
"(this may take up to %d minutes -- look for log "
"messages indicating success)",
@@ -537,6 +544,7 @@ inform_testing_reachability(void)
me->dir_port ? dirbuf : "",
me->dir_port ? "are" : "is",
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
+
return 1;
}
@@ -1436,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir,
/** Log a warning if the user specified an exit for the circuit that
* has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
static void
-warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
+warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit)
{
or_options_t *options = get_options();
routerset_t *rs = options->ExcludeNodes;
const char *description;
- int severity;
int domain = LD_CIRC;
+ uint8_t purpose = circ->_base.purpose;
+
+ if (circ->build_state->onehop_tunnel)
+ return;
switch (purpose)
{
@@ -1455,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
(int)purpose);
return;
case CIRCUIT_PURPOSE_C_GENERAL:
+ if (circ->build_state->is_internal)
+ return;
description = "Requested exit node";
rs = options->_ExcludeExitNodesUnion;
- severity = LOG_WARN;
break;
case CIRCUIT_PURPOSE_C_INTRODUCING:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED:
- description = "Introduction point for hidden service";
- severity = LOG_INFO;
- break;
+ case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
+ case CIRCUIT_PURPOSE_S_CONNECT_REND:
+ case CIRCUIT_PURPOSE_S_REND_JOINED:
+ case CIRCUIT_PURPOSE_TESTING:
+ return;
case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
case CIRCUIT_PURPOSE_C_REND_READY:
case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
case CIRCUIT_PURPOSE_C_REND_JOINED:
description = "Chosen rendezvous point";
- severity = LOG_WARN;
domain = LD_BUG;
break;
- case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
- description = "Chosen introduction point";
- severity = LOG_INFO;
- break;
- case CIRCUIT_PURPOSE_S_CONNECT_REND:
- case CIRCUIT_PURPOSE_S_REND_JOINED:
- description = "Client-selected rendezvous point";
- severity = LOG_INFO;
- break;
- case CIRCUIT_PURPOSE_TESTING:
- description = "Target for testing circuit";
- severity = LOG_INFO;
- break;
case CIRCUIT_PURPOSE_CONTROLLER:
rs = options->_ExcludeExitNodesUnion;
description = "Controller-selected circuit target";
- severity = LOG_WARN;
break;
}
- if (routerset_contains_extendinfo(rs, exit))
- log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s. Using anyway.",
+ if (routerset_contains_extendinfo(rs, exit)) {
+ log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway "
+ "(circuit purpose %d).",
description,exit->nickname,
- rs==options->ExcludeNodes?"":" or ExcludeExitNodes.");
+ rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
+ (int)purpose);
+ circuit_log_path(LOG_WARN, domain, circ);
+ }
return;
}
@@ -1521,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
}
if (exit) { /* the circuit-builder pre-requested one */
- warn_if_last_router_excluded(circ->_base.purpose, exit);
+ warn_if_last_router_excluded(circ, exit);
log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname);
exit = extend_info_dup(exit);
} else { /* we have to decide one */
@@ -1568,6 +1571,7 @@ int
circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit)
{
int err_reason = 0;
+ warn_if_last_router_excluded(circ, exit);
circuit_append_new_exit(circ, exit);
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
if ((err_reason = circuit_send_next_onion_skin(circ))<0) {
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 6a54c34397..3acc0e9a74 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ)
static void
circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
{
- routerinfo_t *me = router_get_my_routerinfo();
if (server_mode(get_options()) && check_whether_orport_reachable())
return;
- if (!me)
- return;
log_info(LD_GENERAL,
"Our testing circuit (to see if your ORPort is reachable) "
"has failed. I'll try again later.");
- control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d",
- me->address, me->or_port);
/* These aren't used yet. */
(void)circ;
diff --git a/src/or/command.c b/src/or/command.c
index 98f093a72b..67e463723f 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
/* Consider all the other addresses; if any matches, this connection is
* "canonical." */
tor_addr_t addr;
- const char *next = decode_address_from_payload(&addr, cp, end-cp);
+ const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
if (next == NULL) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Bad address in netinfo cell; closing connection.");
diff --git a/src/or/config.c b/src/or/config.c
index 84146c1063..8fd70bec9f 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2504,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr)
* the same /24 as last_resolved_addr will be the same as checking whether
* it was on net 0, which is already done by is_internal_IP.
*/
- if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul))
+ if ((last_resolved_addr & (uint32_t)0xffffff00ul)
+ == (ip & (uint32_t)0xffffff00ul))
return 1;
}
return 0;
@@ -4187,7 +4188,7 @@ options_init_from_string(const char *cf,
err:
config_free(&options_format, newoptions);
if (*msg) {
- int len = strlen(*msg)+256;
+ int len = (int)strlen(*msg)+256;
char *newmsg = tor_malloc(len);
tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index d699591cdc..ba1304a653 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2851,11 +2851,13 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn)
/** Return 1 if router <b>exit</b> is likely to allow stream <b>conn</b>
* to exit from it, or 0 if it probably will not allow it.
* (We might be uncertain if conn's destination address has not yet been
- * resolved.)
+ * resolved.) If the router is in the list of excluded nodes, also return 0;
*/
int
connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
{
+ or_options_t *options = get_options();
+
tor_assert(conn);
tor_assert(conn->_base.type == CONN_TYPE_AP);
tor_assert(conn->socks_request);
@@ -2901,6 +2903,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
if (!conn->chosen_exit_name && policy_is_reject_star(exit->exit_policy))
return 0;
}
+ if (options->_ExcludeExitNodesUnion &&
+ routerset_contains_router(options->_ExcludeExitNodesUnion, exit))
+ return 0;
+
return 1;
}
diff --git a/src/or/control.c b/src/or/control.c
index 90c99fd51a..5688b8e71f 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn,
*answer = tor_strdup(has_completed_circuit ? "1" : "0");
} else if (!strcmp(question, "status/enough-dir-info")) {
*answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
- } else if (!strcmp(question, "status/good-server-descriptor")) {
+ } else if (!strcmp(question, "status/good-server-descriptor") ||
+ !strcmp(question, "status/accepted-server-descriptor")) {
+ /* They're equivalent for now, until we can figure out how to make
+ * good-server-descriptor be what we want. See comment in
+ * control-spec.txt. */
*answer = tor_strdup(directories_have_accepted_server_descriptor()
? "1" : "0");
} else if (!strcmp(question, "status/reachability-succeeded/or")) {
@@ -2597,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
int is_reverse = 0;
(void) len; /* body is nul-terminated; it's safe to ignore the length */
- if (!(conn->event_mask & (1L<<EVENT_ADDRMAP))) {
+ if (!(conn->event_mask & ((uint32_t)1L<<EVENT_ADDRMAP))) {
log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
"isn't listening for ADDRMAP events. It probably won't see "
"the answer.");
diff --git a/src/or/directory.c b/src/or/directory.c
index 4ab2633022..5b8637a39d 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -554,11 +554,6 @@ void
connection_dir_request_failed(dir_connection_t *conn)
{
if (directory_conn_is_self_reachability_test(conn)) {
- routerinfo_t *me = router_get_my_routerinfo();
- if (me)
- control_event_server_status(LOG_WARN,
- "REACHABILITY_FAILED DIRADDRESS=%s:%d",
- me->address, me->dir_port);
return; /* this was a test fetch. don't retry. */
}
if (entry_list_can_grow(get_options()))
@@ -877,7 +872,7 @@ static char *
directory_get_consensus_url(int supports_conditional_consensus)
{
char *url;
- int len;
+ size_t len;
if (supports_conditional_consensus) {
char *authority_id_list;
@@ -2347,7 +2342,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
need_at_least = smartlist_len(want_authorities)/2+1;
SMARTLIST_FOREACH(want_authorities, const char *, d, {
char want_digest[DIGEST_LEN];
- int want_len = strlen(d)/2;
+ size_t want_len = strlen(d)/2;
if (want_len > DIGEST_LEN)
want_len = DIGEST_LEN;
diff --git a/src/or/eventdns.c b/src/or/eventdns.c
index 4ae17a40c3..a889e803ed 100644
--- a/src/or/eventdns.c
+++ b/src/or/eventdns.c
@@ -2385,7 +2385,7 @@ out1:
/* exported function */
int
-evdns_nameserver_add(unsigned long int address) {
+evdns_nameserver_add(uint32_t address) {
struct sockaddr_in sin;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
@@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) {
cp = strchr(ip_as_string, ':');
if (*ip_as_string == '[') {
- int len;
+ size_t len;
if (!(cp = strchr(ip_as_string, ']'))) {
log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]");
return 4;
}
len = cp-(ip_as_string + 1);
- if (len > (int)sizeof(buf)-1) {
+ if (len > sizeof(buf)-1) {
log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer.");
return 4;
}
diff --git a/src/or/eventdns.h b/src/or/eventdns.h
index 734bacf2d2..bf3b64d08a 100644
--- a/src/or/eventdns.h
+++ b/src/or/eventdns.h
@@ -112,7 +112,7 @@
*
* API reference:
*
- * int evdns_nameserver_add(unsigned long int address)
+ * int evdns_nameserver_add(uint32_t address)
* Add a nameserver. The address should be an IP address in
* network byte order. The type of address is chosen so that
* it matches in_addr.s_addr.
@@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl,
int evdns_init(void);
void evdns_shutdown(int fail_requests);
const char *evdns_err_to_string(int err);
-int evdns_nameserver_add(unsigned long int address);
+int evdns_nameserver_add(uint32_t address);
int evdns_count_nameservers(void);
int evdns_clear_nameservers_and_suspend(void);
int evdns_resume(void);
diff --git a/src/or/main.c b/src/or/main.c
index 60c42aaae3..ca09af0561 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args)
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
/* every 20 minutes, check and complain if necessary */
routerinfo_t *me = router_get_my_routerinfo();
- if (me && !check_whether_orport_reachable())
+ if (me && !check_whether_orport_reachable()) {
log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
"its ORPort is reachable. Please check your firewalls, ports, "
"address, /etc/hosts file, etc.",
me->address, me->or_port);
- if (me && !check_whether_dirport_reachable())
+ control_event_server_status(LOG_WARN,
+ "REACHABILITY_FAILED ORADDRESS=%s:%d",
+ me->address, me->or_port);
+ }
+
+ if (me && !check_whether_dirport_reachable()) {
log_warn(LD_CONFIG,
"Your server (%s:%d) has not managed to confirm that its "
"DirPort is reachable. Please check your firewalls, ports, "
"address, /etc/hosts file, etc.",
me->address, me->dir_port);
+ control_event_server_status(LOG_WARN,
+ "REACHABILITY_FAILED DIRADDRESS=%s:%d",
+ me->address, me->dir_port);
+ }
}
/** If more than this many seconds have elapsed, probably the clock
@@ -1599,7 +1608,7 @@ dumpstats(int severity)
{
time_t now = time(NULL);
time_t elapsed;
- int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
+ size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
log(severity, LD_GENERAL, "Dumping stats:");
@@ -1635,7 +1644,7 @@ dumpstats(int severity)
log(severity, LD_GENERAL,
"Conn %d: %d/%d bytes used on OpenSSL read buffer; "
"%d/%d bytes used on write buffer.",
- i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap);
+ i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
}
}
}
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 3dd77a854b..13e43c87b7 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -151,7 +151,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
REND_DESC_COOKIE_LEN);
v3_shift += 2+REND_DESC_COOKIE_LEN;
}
- set_uint32(tmp+v3_shift+1, htonl(time(NULL)));
+ set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
v3_shift += 4;
} /* if version 2 only write version number */
else if (entry->parsed->protocols & (1<<2)) {
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 2fd041d33e..3144ef2f04 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
}
/* Check timestamp. */
- memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t));
+ ts = ntohl(get_uint32(buf+1+v3_shift));
v3_shift += 4;
- ts = ntohl(ts);
if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
(now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
- (now - ts) < 0 ? "old" : "new");
+ (now - ts) < 0 ? "old" : "new");
return -1;
}
}
diff --git a/src/or/router.c b/src/or/router.c
index f0a1e40743..fcfbe79112 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir)
me->address, me->or_port);
circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me,
CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
- control_event_server_status(LOG_NOTICE,
- "CHECKING_REACHABILITY ORADDRESS=%s:%d",
- me->address, me->or_port);
}
tor_addr_from_ipv4h(&addr, me->addr);
@@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir)
DIR_PURPOSE_FETCH_SERVERDESC,
ROUTER_PURPOSE_GENERAL,
1, "authority.z", NULL, 0, 0);
-
- control_event_server_status(LOG_NOTICE,
- "CHECKING_REACHABILITY DIRADDRESS=%s:%d",
- me->address, me->dir_port);
}
}
@@ -807,8 +800,11 @@ router_orport_found_reachable(void)
" Publishing server descriptor." : "");
can_reach_or_port = 1;
mark_my_descriptor_dirty();
- if (!me)
+ if (!me) { /* should never happen */
+ log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo "
+ "yet. Failing to inform controller of success.");
return;
+ }
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
me->address, me->or_port);
@@ -826,8 +822,11 @@ router_dirport_found_reachable(void)
can_reach_dir_port = 1;
if (!me || decide_to_advertise_dirport(get_options(), me->dir_port))
mark_my_descriptor_dirty();
- if (!me)
+ if (!me) { /* should never happen */
+ log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo "
+ "yet. Failing to inform controller of success.");
return;
+ }
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
me->address, me->dir_port);
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8021158e31..189458ee1e 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1917,8 +1917,9 @@ routerstatus_parse_entry_from_string(memarea_t *area,
for (i=0; i < tok->n_args; ++i) {
if (!strcmpstart(tok->args[i], "Bandwidth=")) {
int ok;
- rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10,
- 0, UINT32_MAX, &ok, NULL);
+ rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
+ 10, 0, UINT32_MAX,
+ &ok, NULL);
if (!ok) {
log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i]));
goto err;
@@ -2508,6 +2509,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
} else {
if (tok->object_size >= INT_MAX)
goto err;
+ /* We already parsed a vote from this voter. Use the first one. */
+ if (v->signature) {
+ log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
+ "that contains two votes from the same voter. Ignoring "
+ "the second vote.");
+ continue;
+ }
+
v->signature = tor_memdup(tok->object_body, tok->object_size);
v->signature_len = (int) tok->object_size;
}
diff --git a/src/or/test.c b/src/or/test.c
index 7b7411e2f8..e06dd5951f 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -410,7 +410,7 @@ test_crypto_dh(void)
char p2[DH_BYTES];
char s1[DH_BYTES];
char s2[DH_BYTES];
- int s1len, s2len;
+ ssize_t s1len, s2len;
test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 4971668c9f..c7d9282076 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -70,7 +70,7 @@ show_help(void)
static void
crypto_log_errors(int severity, const char *doing)
{
- unsigned int err;
+ unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
@@ -94,7 +94,7 @@ load_passphrase(void)
{
char *cp;
char buf[1024]; /* "Ought to be enough for anybody." */
- int n = read_all(passphrase_fd, buf, sizeof(buf), 0);
+ ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0);
if (n < 0) {
log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
strerror(errno));
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index fe4e882416..f12c3d8dd3 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN;
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
* <b>username</b> and <b>hostname</b> as provided. Return the number
* of bytes in the request. */
-static int
+static ssize_t
build_socks_resolve_request(char **out,
const char *username,
const char *hostname,
@@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
int s;
struct sockaddr_in socksaddr;
char *req = NULL;
- int len = 0;
+ ssize_t len = 0;
tor_assert(hostname);
tor_assert(result_addr);