diff options
| -rw-r--r-- | changes/bug2031 | 5 | ||||
| -rw-r--r-- | changes/caches_if_exit | 5 | ||||
| -rw-r--r-- | changes/set_ns_crash | 4 | ||||
| -rw-r--r-- | configure.in | 7 | ||||
| -rw-r--r-- | src/or/dirserv.c | 2 | ||||
| -rw-r--r-- | src/or/networkstatus.c | 26 |
6 files changed, 34 insertions, 15 deletions
diff --git a/changes/bug2031 b/changes/bug2031 new file mode 100644 index 0000000000..59afc022e1 --- /dev/null +++ b/changes/bug2031 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Enable protection of small arrays whenever we build with gcc hardening + features, not only when also building with warnings enabled. Fixes bug + 2031; bugfix on 0.2.2.14-alpha. Reported by keb. + diff --git a/changes/caches_if_exit b/changes/caches_if_exit new file mode 100644 index 0000000000..0e662270e2 --- /dev/null +++ b/changes/caches_if_exit @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Fix a logic error where servers that _didn't_ act as exits would + try to keep their server lists more aggressively up to date than + exits, when it was supposed to be the other way around. Bugfix + on 0.2.2.17-alpha. diff --git a/changes/set_ns_crash b/changes/set_ns_crash new file mode 100644 index 0000000000..34466d7ad0 --- /dev/null +++ b/changes/set_ns_crash @@ -0,0 +1,4 @@ + o Major bugfixes: + - Avoid a crash bug triggered by looking at a dangling pointer while + setting the network status consensus. Found by Robert Ransom. + Bugfix on 0.2.2.17-alpha. Fixes bug 2097. diff --git a/configure.in b/configure.in index 891daa82c1..65e82de7cc 100644 --- a/configure.in +++ b/configure.in @@ -98,8 +98,8 @@ AC_ARG_ENABLE(gcc-hardening, AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), [if test x$enableval = xyes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security" - CFLAGS="$CFLAGS -Wpointer-sign" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" LDFLAGS="$LDFLAGS -pie" fi]) @@ -892,9 +892,8 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy if test x$have_gcc42 = xyes ; then # These warnings break gcc 4.0.2 and work on gcc 4.2 - # XXXX020 Use -fstack-protector. # XXXX020 See if any of these work with earlier versions. - CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1 --param ssp-buffer-size=1" + CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1" # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3. fi diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 8ae03424a2..8d0ec981a7 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1213,7 +1213,7 @@ directory_caches_dir_info(or_options_t *options) return 0; /* We need an up-to-date view of network info if we're going to try to * block exit attempts from unknown relays. */ - return router_my_exit_policy_is_reject_star() && + return ! router_my_exit_policy_is_reject_star() && should_refuse_unknown_exits(options); } diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 1d8a20be11..d645ee2b40 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -1569,6 +1569,7 @@ networkstatus_set_current_consensus(const char *consensus, const digests_t *current_digests = NULL; consensus_waiting_for_certs_t *waiting = NULL; time_t current_valid_after = 0; + int free_consensus = 1; /* Free 'c' at the end of the function */ if (flav < 0) { /* XXXX we don't handle unrecognized flavors yet. */ @@ -1661,7 +1662,7 @@ networkstatus_set_current_consensus(const char *consensus, networkstatus_vote_free(waiting->consensus); tor_free(waiting->body); waiting->consensus = c; - c = NULL; /* Prevent free. */ + free_consensus = 0; waiting->body = tor_strdup(consensus); waiting->set_at = now; waiting->dl_failed = 0; @@ -1706,6 +1707,10 @@ networkstatus_set_current_consensus(const char *consensus, if (current_consensus) { networkstatus_copy_old_consensus_info(c, current_consensus); networkstatus_vote_free(current_consensus); + /* Defensive programming : we should set current_consensus very soon, + * but we're about to call some stuff in the meantime, and leaving this + * dangling pointer around has proven to be trouble. */ + current_consensus = NULL; } } @@ -1731,16 +1736,9 @@ networkstatus_set_current_consensus(const char *consensus, download_status_failed(&consensus_dl_status[flav], 0); } - if (directory_caches_dir_info(options)) { - dirserv_set_cached_consensus_networkstatus(consensus, - flavor, - &c->digests, - c->valid_after); - } - if (flav == USABLE_CONSENSUS_FLAVOR) { current_consensus = c; - c = NULL; /* Prevent free. */ + free_consensus = 0; /* Prevent free. */ /* XXXXNM Microdescs: needs a non-ns variant. */ update_consensus_networkstatus_fetch_time(now); @@ -1754,6 +1752,13 @@ networkstatus_set_current_consensus(const char *consensus, circuit_build_times_new_consensus_params(&circ_times, current_consensus); } + if (directory_caches_dir_info(options)) { + dirserv_set_cached_consensus_networkstatus(consensus, + flavor, + &c->digests, + c->valid_after); + } + if (!from_cache) { write_str_to_file(consensus_fname, consensus, 0); } @@ -1776,7 +1781,8 @@ networkstatus_set_current_consensus(const char *consensus, result = 0; done: - networkstatus_vote_free(c); + if (free_consensus) + networkstatus_vote_free(c); tor_free(consensus_fname); tor_free(unverified_fname); return result; |