diff options
| -rw-r--r-- | ChangeLog | 26 | ||||
| -rw-r--r-- | doc/spec/control-spec.txt | 15 | ||||
| -rw-r--r-- | src/common/address.c | 9 | ||||
| -rw-r--r-- | src/common/log.c | 4 | ||||
| -rw-r--r-- | src/common/tortls.c | 4 | ||||
| -rw-r--r-- | src/common/tortls.h | 4 | ||||
| -rw-r--r-- | src/common/util.c | 7 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 56 | ||||
| -rw-r--r-- | src/or/circuituse.c | 5 | ||||
| -rw-r--r-- | src/or/command.c | 2 | ||||
| -rw-r--r-- | src/or/config.c | 5 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 8 | ||||
| -rw-r--r-- | src/or/control.c | 8 | ||||
| -rw-r--r-- | src/or/directory.c | 9 | ||||
| -rw-r--r-- | src/or/eventdns.c | 6 | ||||
| -rw-r--r-- | src/or/eventdns.h | 4 | ||||
| -rw-r--r-- | src/or/main.c | 17 | ||||
| -rw-r--r-- | src/or/rendclient.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 5 | ||||
| -rw-r--r-- | src/or/router.c | 17 | ||||
| -rw-r--r-- | src/or/routerparse.c | 13 | ||||
| -rw-r--r-- | src/or/test.c | 2 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 4 | ||||
| -rw-r--r-- | src/tools/tor-resolve.c | 4 |
24 files changed, 145 insertions, 91 deletions
@@ -6,6 +6,9 @@ Changes in version 0.2.1.20 - 2009-??-?? patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. + - Fix a remotely triggerable memory leak when a consensus document + contains more than one signature from the same voter. Bugfix on + 0.2.0.3-alpha. o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory @@ -18,15 +21,38 @@ Changes in version 0.2.1.20 - 2009-??-?? - Fix an extremely rare infinite recursion bug that could occur if we tried to log a message after shutting down the log subsystem. Found by Matt Edman. Bugfix on 0.2.0.16-alpha. + - Fix an obscure bug where hidden services on 64-bit big-endian + systems might mis-read the timestamp in v3 introduce cells, and + refuse to connect back to the client. Discovered by "rotor". + Bugfix on 0.2.1.6-alpha. - We were triggering a CLOCK_SKEW controller status event whenever we connect via the v2 connection protocol to any relay that has a wrong clock. Instead, we should only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit. + - We were telling the controller about CHECKING_REACHABILITY and + REACHABILITY_FAILED status events whenever we launch a testing + circuit or notice that one has failed. Instead, only tell the + controller when we want to inform the user of overall success or + overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported + by SwissTorExit. + - Don't warn when we're using a circuit that ends with a node + excluded in ExcludeExitNodes, but the circuit is not used to access + the outside world. This should help fix bug 1090. Bugfix on + 0.2.1.6-alpha. + - Teach connection_ap_can_use_exit to respect the Exclude*Nodes config + options. Should fix bug 1090. Bugfix on 0.0.2-pre16. - Avoid segfault in rare cases when finishing an introduction circuit as a client and finding out that we don't have an introduction key for it. Fixes bug 1073. Reported by Aaron Swartz. + o Minor features: + - Add a "getinfo status/accepted-server-descriptor" controller + command, which is the recommended way for controllers to learn + whether our server descriptor has been successfully received by at + least on directory authority. Un-recommend good-server-descriptor + getinfo and status events until we have a better design for them. + Changes in version 0.2.1.19 - 2009-07-28 Tor 0.2.1.19 fixes a major bug with accessing and providing hidden diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt index 0cc3bb2928..cf92e2b9e3 100644 --- a/doc/spec/control-spec.txt +++ b/doc/spec/control-spec.txt @@ -558,6 +558,7 @@ $Id$ "status/circuit-established" "status/enough-dir-info" "status/good-server-descriptor" + "status/accepted-server-descriptor" "status/..." These provide the current internal Tor values for various Tor states. See Section 4.1.10 for explanations. (Only a few of the @@ -1488,18 +1489,22 @@ $Id$ We successfully uploaded our server descriptor to at least one of the directory authorities, with no complaints. - {This event could affect the controller's idea of server status, but - the controller should not interrupt the user to tell them so.} + {Originally, the goal of this event was to declare "every authority + has accepted the descriptor, so there will be no complaints + about it." But since some authorities might be offline, it's + harder to get certainty than we had thought. As such, this event + is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers + should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore + this event for now.} NAMESERVER_STATUS "NS=addr" "STATUS=" "UP" / "DOWN" "ERR=" message One of our nameservers has changed status. - // actually notice - {This event could affect the controller's idea of server status, but - the controller should not interrupt the user to tell them so.} + {This event could affect the controller's idea of server status, but + the controller should not interrupt the user to tell them so.} NAMESERVER_ALL_DOWN All of our nameservers have gone down. diff --git a/src/common/address.c b/src/common/address.c index fac9d50e15..2fe013a2cd 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address, return -1; /* malformed. */ /* reverse the bytes */ - inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24) - |((inaddr.s_addr & 0x0000ff00ul) << 8) - |((inaddr.s_addr & 0x00ff0000ul) >> 8) - |((inaddr.s_addr & 0xff000000ul) >> 24)); + inaddr.s_addr = (uint32_t) + (((inaddr.s_addr & 0x000000ff) << 24) + |((inaddr.s_addr & 0x0000ff00) << 8) + |((inaddr.s_addr & 0x00ff0000) >> 8) + |((inaddr.s_addr & 0xff000000) >> 24)); if (result) { tor_addr_from_in(result, &inaddr); diff --git a/src/common/log.c b/src/common/log.c index ea09fca167..423a687a51 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -149,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity) t = (time_t)now.tv_sec; n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm)); - r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ", - (long)now.tv_usec / 1000, sev_to_string(severity)); + r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ", + (int)now.tv_usec / 1000, sev_to_string(severity)); if (r<0) return buf_len-1; else diff --git a/src/common/tortls.c b/src/common/tortls.c index f14eab18a5..aeb0ca0800 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1443,8 +1443,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls) * buffer and *<b>wbuf_bytes</b> to the amount actually used. */ void tor_tls_get_buffer_sizes(tor_tls_t *tls, - int *rbuf_capacity, int *rbuf_bytes, - int *wbuf_capacity, int *wbuf_bytes) + size_t *rbuf_capacity, size_t *rbuf_bytes, + size_t *wbuf_capacity, size_t *wbuf_bytes) { if (tls->ssl->s3->rbuf.buf) *rbuf_capacity = tls->ssl->s3->rbuf.len; diff --git a/src/common/tortls.h b/src/common/tortls.h index 44e3b499ef..d00690911c 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written); void tor_tls_get_buffer_sizes(tor_tls_t *tls, - int *rbuf_capacity, int *rbuf_bytes, - int *wbuf_capacity, int *wbuf_bytes); + size_t *rbuf_capacity, size_t *rbuf_bytes, + size_t *wbuf_capacity, size_t *wbuf_bytes); int tor_tls_used_v1_handshake(tor_tls_t *tls); diff --git a/src/common/util.c b/src/common/util.c index 7b9e5eb562..9dcf9fba64 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks, int open_flags) { open_file_t *file = NULL; - int fd, result; + int fd; + ssize_t result; fd = start_writing_to_file(fname, open_flags, 0600, &file); if (fd<0) return -1; @@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) int fd; /* router file */ struct stat statbuf; char *string; - int r; + ssize_t r; int bin = flags & RFTS_BIN; tor_assert(filename); @@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) * match for size. */ int save_errno = errno; log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".", - r, (long)statbuf.st_size,filename); + (int)r, (long)statbuf.st_size,filename); tor_free(string); close(fd); errno = save_errno; diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index d78981e09b..983eb6dac1 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -527,9 +527,16 @@ inform_testing_reachability(void) routerinfo_t *me = router_get_my_routerinfo(); if (!me) return 0; - if (me->dir_port) + control_event_server_status(LOG_NOTICE, + "CHECKING_REACHABILITY ORADDRESS=%s:%d", + me->address, me->or_port); + if (me->dir_port) { tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d", me->address, me->dir_port); + control_event_server_status(LOG_NOTICE, + "CHECKING_REACHABILITY DIRADDRESS=%s:%d", + me->address, me->dir_port); + } log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... " "(this may take up to %d minutes -- look for log " "messages indicating success)", @@ -537,6 +544,7 @@ inform_testing_reachability(void) me->dir_port ? dirbuf : "", me->dir_port ? "are" : "is", TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60); + return 1; } @@ -1436,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir, /** Log a warning if the user specified an exit for the circuit that * has been excluded from use by ExcludeNodes or ExcludeExitNodes. */ static void -warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit) +warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit) { or_options_t *options = get_options(); routerset_t *rs = options->ExcludeNodes; const char *description; - int severity; int domain = LD_CIRC; + uint8_t purpose = circ->_base.purpose; + + if (circ->build_state->onehop_tunnel) + return; switch (purpose) { @@ -1455,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit) (int)purpose); return; case CIRCUIT_PURPOSE_C_GENERAL: + if (circ->build_state->is_internal) + return; description = "Requested exit node"; rs = options->_ExcludeExitNodesUnion; - severity = LOG_WARN; break; case CIRCUIT_PURPOSE_C_INTRODUCING: case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT: case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED: - description = "Introduction point for hidden service"; - severity = LOG_INFO; - break; + case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: + case CIRCUIT_PURPOSE_S_CONNECT_REND: + case CIRCUIT_PURPOSE_S_REND_JOINED: + case CIRCUIT_PURPOSE_TESTING: + return; case CIRCUIT_PURPOSE_C_ESTABLISH_REND: case CIRCUIT_PURPOSE_C_REND_READY: case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: case CIRCUIT_PURPOSE_C_REND_JOINED: description = "Chosen rendezvous point"; - severity = LOG_WARN; domain = LD_BUG; break; - case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: - description = "Chosen introduction point"; - severity = LOG_INFO; - break; - case CIRCUIT_PURPOSE_S_CONNECT_REND: - case CIRCUIT_PURPOSE_S_REND_JOINED: - description = "Client-selected rendezvous point"; - severity = LOG_INFO; - break; - case CIRCUIT_PURPOSE_TESTING: - description = "Target for testing circuit"; - severity = LOG_INFO; - break; case CIRCUIT_PURPOSE_CONTROLLER: rs = options->_ExcludeExitNodesUnion; description = "Controller-selected circuit target"; - severity = LOG_WARN; break; } - if (routerset_contains_extendinfo(rs, exit)) - log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s. Using anyway.", + if (routerset_contains_extendinfo(rs, exit)) { + log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway " + "(circuit purpose %d).", description,exit->nickname, - rs==options->ExcludeNodes?"":" or ExcludeExitNodes."); + rs==options->ExcludeNodes?"":" or ExcludeExitNodes", + (int)purpose); + circuit_log_path(LOG_WARN, domain, circ); + } return; } @@ -1521,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit) } if (exit) { /* the circuit-builder pre-requested one */ - warn_if_last_router_excluded(circ->_base.purpose, exit); + warn_if_last_router_excluded(circ, exit); log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname); exit = extend_info_dup(exit); } else { /* we have to decide one */ @@ -1568,6 +1571,7 @@ int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit) { int err_reason = 0; + warn_if_last_router_excluded(circ, exit); circuit_append_new_exit(circ, exit); circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING); if ((err_reason = circuit_send_next_onion_skin(circ))<0) { diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 6a54c34397..3acc0e9a74 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ) static void circuit_testing_failed(origin_circuit_t *circ, int at_last_hop) { - routerinfo_t *me = router_get_my_routerinfo(); if (server_mode(get_options()) && check_whether_orport_reachable()) return; - if (!me) - return; log_info(LD_GENERAL, "Our testing circuit (to see if your ORPort is reachable) " "has failed. I'll try again later."); - control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d", - me->address, me->or_port); /* These aren't used yet. */ (void)circ; diff --git a/src/or/command.c b/src/or/command.c index 98f093a72b..67e463723f 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) /* Consider all the other addresses; if any matches, this connection is * "canonical." */ tor_addr_t addr; - const char *next = decode_address_from_payload(&addr, cp, end-cp); + const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp)); if (next == NULL) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Bad address in netinfo cell; closing connection."); diff --git a/src/or/config.c b/src/or/config.c index 84146c1063..8fd70bec9f 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2504,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr) * the same /24 as last_resolved_addr will be the same as checking whether * it was on net 0, which is already done by is_internal_IP. */ - if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul)) + if ((last_resolved_addr & (uint32_t)0xffffff00ul) + == (ip & (uint32_t)0xffffff00ul)) return 1; } return 0; @@ -4187,7 +4188,7 @@ options_init_from_string(const char *cf, err: config_free(&options_format, newoptions); if (*msg) { - int len = strlen(*msg)+256; + int len = (int)strlen(*msg)+256; char *newmsg = tor_malloc(len); tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg); diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index d699591cdc..ba1304a653 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2851,11 +2851,13 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) /** Return 1 if router <b>exit</b> is likely to allow stream <b>conn</b> * to exit from it, or 0 if it probably will not allow it. * (We might be uncertain if conn's destination address has not yet been - * resolved.) + * resolved.) If the router is in the list of excluded nodes, also return 0; */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) { + or_options_t *options = get_options(); + tor_assert(conn); tor_assert(conn->_base.type == CONN_TYPE_AP); tor_assert(conn->socks_request); @@ -2901,6 +2903,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) if (!conn->chosen_exit_name && policy_is_reject_star(exit->exit_policy)) return 0; } + if (options->_ExcludeExitNodesUnion && + routerset_contains_router(options->_ExcludeExitNodesUnion, exit)) + return 0; + return 1; } diff --git a/src/or/control.c b/src/or/control.c index 90c99fd51a..5688b8e71f 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn, *answer = tor_strdup(has_completed_circuit ? "1" : "0"); } else if (!strcmp(question, "status/enough-dir-info")) { *answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0"); - } else if (!strcmp(question, "status/good-server-descriptor")) { + } else if (!strcmp(question, "status/good-server-descriptor") || + !strcmp(question, "status/accepted-server-descriptor")) { + /* They're equivalent for now, until we can figure out how to make + * good-server-descriptor be what we want. See comment in + * control-spec.txt. */ *answer = tor_strdup(directories_have_accepted_server_descriptor() ? "1" : "0"); } else if (!strcmp(question, "status/reachability-succeeded/or")) { @@ -2597,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len, int is_reverse = 0; (void) len; /* body is nul-terminated; it's safe to ignore the length */ - if (!(conn->event_mask & (1L<<EVENT_ADDRMAP))) { + if (!(conn->event_mask & ((uint32_t)1L<<EVENT_ADDRMAP))) { log_warn(LD_CONTROL, "Controller asked us to resolve an address, but " "isn't listening for ADDRMAP events. It probably won't see " "the answer."); diff --git a/src/or/directory.c b/src/or/directory.c index 4ab2633022..5b8637a39d 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -554,11 +554,6 @@ void connection_dir_request_failed(dir_connection_t *conn) { if (directory_conn_is_self_reachability_test(conn)) { - routerinfo_t *me = router_get_my_routerinfo(); - if (me) - control_event_server_status(LOG_WARN, - "REACHABILITY_FAILED DIRADDRESS=%s:%d", - me->address, me->dir_port); return; /* this was a test fetch. don't retry. */ } if (entry_list_can_grow(get_options())) @@ -877,7 +872,7 @@ static char * directory_get_consensus_url(int supports_conditional_consensus) { char *url; - int len; + size_t len; if (supports_conditional_consensus) { char *authority_id_list; @@ -2347,7 +2342,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url) need_at_least = smartlist_len(want_authorities)/2+1; SMARTLIST_FOREACH(want_authorities, const char *, d, { char want_digest[DIGEST_LEN]; - int want_len = strlen(d)/2; + size_t want_len = strlen(d)/2; if (want_len > DIGEST_LEN) want_len = DIGEST_LEN; diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 4ae17a40c3..a889e803ed 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -2385,7 +2385,7 @@ out1: /* exported function */ int -evdns_nameserver_add(unsigned long int address) { +evdns_nameserver_add(uint32_t address) { struct sockaddr_in sin; memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; @@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) { cp = strchr(ip_as_string, ':'); if (*ip_as_string == '[') { - int len; + size_t len; if (!(cp = strchr(ip_as_string, ']'))) { log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]"); return 4; } len = cp-(ip_as_string + 1); - if (len > (int)sizeof(buf)-1) { + if (len > sizeof(buf)-1) { log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer."); return 4; } diff --git a/src/or/eventdns.h b/src/or/eventdns.h index 734bacf2d2..bf3b64d08a 100644 --- a/src/or/eventdns.h +++ b/src/or/eventdns.h @@ -112,7 +112,7 @@ * * API reference: * - * int evdns_nameserver_add(unsigned long int address) + * int evdns_nameserver_add(uint32_t address) * Add a nameserver. The address should be an IP address in * network byte order. The type of address is chosen so that * it matches in_addr.s_addr. @@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl, int evdns_init(void); void evdns_shutdown(int fail_requests); const char *evdns_err_to_string(int err); -int evdns_nameserver_add(unsigned long int address); +int evdns_nameserver_add(uint32_t address); int evdns_count_nameservers(void); int evdns_clear_nameservers_and_suspend(void); int evdns_resume(void); diff --git a/src/or/main.c b/src/or/main.c index 60c42aaae3..ca09af0561 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args) TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) { /* every 20 minutes, check and complain if necessary */ routerinfo_t *me = router_get_my_routerinfo(); - if (me && !check_whether_orport_reachable()) + if (me && !check_whether_orport_reachable()) { log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that " "its ORPort is reachable. Please check your firewalls, ports, " "address, /etc/hosts file, etc.", me->address, me->or_port); - if (me && !check_whether_dirport_reachable()) + control_event_server_status(LOG_WARN, + "REACHABILITY_FAILED ORADDRESS=%s:%d", + me->address, me->or_port); + } + + if (me && !check_whether_dirport_reachable()) { log_warn(LD_CONFIG, "Your server (%s:%d) has not managed to confirm that its " "DirPort is reachable. Please check your firewalls, ports, " "address, /etc/hosts file, etc.", me->address, me->dir_port); + control_event_server_status(LOG_WARN, + "REACHABILITY_FAILED DIRADDRESS=%s:%d", + me->address, me->dir_port); + } } /** If more than this many seconds have elapsed, probably the clock @@ -1599,7 +1608,7 @@ dumpstats(int severity) { time_t now = time(NULL); time_t elapsed; - int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len; + size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len; log(severity, LD_GENERAL, "Dumping stats:"); @@ -1635,7 +1644,7 @@ dumpstats(int severity) log(severity, LD_GENERAL, "Conn %d: %d/%d bytes used on OpenSSL read buffer; " "%d/%d bytes used on write buffer.", - i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap); + i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap); } } } diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 3dd77a854b..13e43c87b7 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -151,7 +151,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, REND_DESC_COOKIE_LEN); v3_shift += 2+REND_DESC_COOKIE_LEN; } - set_uint32(tmp+v3_shift+1, htonl(time(NULL))); + set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL))); v3_shift += 4; } /* if version 2 only write version number */ else if (entry->parsed->protocols & (1<<2)) { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 2fd041d33e..3144ef2f04 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, } /* Check timestamp. */ - memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t)); + ts = ntohl(get_uint32(buf+1+v3_shift)); v3_shift += 4; - ts = ntohl(ts); if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 || (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) { log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", - (now - ts) < 0 ? "old" : "new"); + (now - ts) < 0 ? "old" : "new"); return -1; } } diff --git a/src/or/router.c b/src/or/router.c index f0a1e40743..fcfbe79112 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir) me->address, me->or_port); circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL); - control_event_server_status(LOG_NOTICE, - "CHECKING_REACHABILITY ORADDRESS=%s:%d", - me->address, me->or_port); } tor_addr_from_ipv4h(&addr, me->addr); @@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir) DIR_PURPOSE_FETCH_SERVERDESC, ROUTER_PURPOSE_GENERAL, 1, "authority.z", NULL, 0, 0); - - control_event_server_status(LOG_NOTICE, - "CHECKING_REACHABILITY DIRADDRESS=%s:%d", - me->address, me->dir_port); } } @@ -807,8 +800,11 @@ router_orport_found_reachable(void) " Publishing server descriptor." : ""); can_reach_or_port = 1; mark_my_descriptor_dirty(); - if (!me) + if (!me) { /* should never happen */ + log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo " + "yet. Failing to inform controller of success."); return; + } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d", me->address, me->or_port); @@ -826,8 +822,11 @@ router_dirport_found_reachable(void) can_reach_dir_port = 1; if (!me || decide_to_advertise_dirport(get_options(), me->dir_port)) mark_my_descriptor_dirty(); - if (!me) + if (!me) { /* should never happen */ + log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo " + "yet. Failing to inform controller of success."); return; + } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d", me->address, me->dir_port); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 8021158e31..189458ee1e 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1917,8 +1917,9 @@ routerstatus_parse_entry_from_string(memarea_t *area, for (i=0; i < tok->n_args; ++i) { if (!strcmpstart(tok->args[i], "Bandwidth=")) { int ok; - rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10, - 0, UINT32_MAX, &ok, NULL); + rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1, + 10, 0, UINT32_MAX, + &ok, NULL); if (!ok) { log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i])); goto err; @@ -2508,6 +2509,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, } else { if (tok->object_size >= INT_MAX) goto err; + /* We already parsed a vote from this voter. Use the first one. */ + if (v->signature) { + log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus " + "that contains two votes from the same voter. Ignoring " + "the second vote."); + continue; + } + v->signature = tor_memdup(tok->object_body, tok->object_size); v->signature_len = (int) tok->object_size; } diff --git a/src/or/test.c b/src/or/test.c index 7b7411e2f8..e06dd5951f 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -410,7 +410,7 @@ test_crypto_dh(void) char p2[DH_BYTES]; char s1[DH_BYTES]; char s2[DH_BYTES]; - int s1len, s2len; + ssize_t s1len, s2len; test_eq(crypto_dh_get_bytes(dh1), DH_BYTES); test_eq(crypto_dh_get_bytes(dh2), DH_BYTES); diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index 4971668c9f..c7d9282076 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -70,7 +70,7 @@ show_help(void) static void crypto_log_errors(int severity, const char *doing) { - unsigned int err; + unsigned long err; const char *msg, *lib, *func; while ((err = ERR_get_error()) != 0) { msg = (const char*)ERR_reason_error_string(err); @@ -94,7 +94,7 @@ load_passphrase(void) { char *cp; char buf[1024]; /* "Ought to be enough for anybody." */ - int n = read_all(passphrase_fd, buf, sizeof(buf), 0); + ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0); if (n < 0) { log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s", strerror(errno)); diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c index fe4e882416..f12c3d8dd3 100644 --- a/src/tools/tor-resolve.c +++ b/src/tools/tor-resolve.c @@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN; /** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with * <b>username</b> and <b>hostname</b> as provided. Return the number * of bytes in the request. */ -static int +static ssize_t build_socks_resolve_request(char **out, const char *username, const char *hostname, @@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport, int s; struct sockaddr_in socksaddr; char *req = NULL; - int len = 0; + ssize_t len = 0; tor_assert(hostname); tor_assert(result_addr); |