diff options
35 files changed, 333 insertions, 156 deletions
@@ -1,3 +1,163 @@ +Changes in version 0.2.4.4-alpha - 2012-10-20 + Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy + vulnerability introduced by a change in OpenSSL, fixes a remotely + triggerable assert, and adds new channel_t and circuitmux_t abstractions + that will make it easier to test new connection transport and cell + scheduling algorithms. + + o New directory authorities (also in 0.2.3.23-rc): + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. + + o Major bugfixes (security/privacy, also in 0.2.3.23-rc): + - Disable TLS session tickets. OpenSSL's implementation was giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection + was closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by Florent Daignière. + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Internal abstraction features: + - Introduce new channel_t abstraction between circuits and + or_connection_t to allow for implementing alternate OR-to-OR + transports. A channel_t is an abstract object which can either be a + cell-bearing channel, which is responsible for authenticating and + handshaking with the remote OR and transmitting cells to and from + it, or a listening channel, which spawns new cell-bearing channels + at the request of remote ORs. Implements part of ticket 6465. + - Also new is the channel_tls_t subclass of channel_t, adapting it + to the existing or_connection_t code. The V2/V3 protocol handshaking + code which formerly resided in command.c has been moved below the + channel_t abstraction layer and may be found in channeltls.c now. + Implements the rest of ticket 6465. + - Introduce new circuitmux_t storing the queue of circuits for + a channel; this encapsulates and abstracts the queue logic and + circuit selection policy, and allows the latter to be overridden + easily by switching out a policy object. The existing EWMA behavior + is now implemented as a circuitmux_policy_t. Resolves ticket 6816. + + o Required libraries: + - Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is + strongly recommended. + + o Minor features: + - Warn users who run hidden services on a Tor client with + UseEntryGuards disabled that their hidden services will be + vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the + attack which motivated Tor to support entry guards in the first + place). Resolves ticket 6889. + - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from + dhill. Resolves ticket 6982. + + o Minor bugfixes (also in 0.2.3.23-rc): + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha. + + o Minor bugfixes: + - Command-line option "--version" implies "--quiet". Fixes bug 6997. + - Free some more still-in-use memory at exit, to make hunting for + memory leaks easier. Resolves bug 7029. + - When a Tor client gets a "truncated" relay cell, the first byte of + its payload specifies why the circuit was truncated. We were + ignoring this 'reason' byte when tearing down the circuit, resulting + in the controller not being told why the circuit closed. Now we + pass the reason from the truncated cell to the controller. Bugfix + on 0.1.2.3-alpha; fixes bug 7039. + - Downgrade "Failed to hand off onionskin" messages to "debug" + severity, since they're typically redundant with the "Your computer + is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. + - Make clients running with IPv6 bridges connect over IPv6 again, + even without setting new config options ClientUseIPv6 and + ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha. + - Use square brackets around IPv6 addresses in numerous places + that needed them, including log messages, HTTPS CONNECT proxy + requests, TransportProxy statefile entries, and pluggable transport + extra-info lines. Fixes bug 7011; patch by David Fifield. + + o Code refactoring and cleanup: + - Source files taken from other packages now reside in src/ext; + previously they were scattered around the rest of Tor. + - Avoid use of reserved identifiers in our C code. The C standard + doesn't like us declaring anything that starts with an + underscore, so let's knock it off before we get in trouble. Fix + for bug 1031; bugfix on the first Tor commit. + + +Changes in version 0.2.3.23-rc - 2012-10-20 + Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy + vulnerability introduced by a change in OpenSSL, and fixes a variety + of smaller bugs in preparation for the release. + + o New directory authorities: + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. + + o Major bugfixes (security/privacy): + - Disable TLS session tickets. OpenSSL's implementation was giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection + was closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by Florent Daignière. + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Major bugfixes: + - Fix a possible crash bug when checking for deactivated circuits + in connection_or_flush_from_first_active_circuit(). Fixes bug 6341; + bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously. + + o Minor bugfixes (on 0.2.3.x): + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + - Convert an assert in the pathbias code to a log message. The assert + appears to only be triggerable by Tor2Web mode. Fixes bug 6866; + bugfix on 0.2.3.17-beta. + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. + + o Minor bugfixes (on 0.2.2.x and earlier): + - Don't serve or accept v2 hidden service descriptors over a relay's + DirPort. It's never correct to do so, and disabling it might + make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. + - Correct file sizes when reading binary files on Cygwin, to avoid + a bug where Tor would fail to read its state file. Fixes bug 6844; + bugfix on 0.1.2.7-alpha. + - Avoid undefined behaviour when parsing the list of supported + rendezvous/introduction protocols in a hidden service descriptor. + Previously, Tor would have confused (as-yet-unused) protocol version + numbers greater than 32 with lower ones on many platforms. Fixes + bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis. + + o Documentation fixes: + - Clarify that hidden services are TCP only. Fixes bug 6024. + + Changes in version 0.2.4.3-alpha - 2012-09-22 Tor 0.2.4.3-alpha fixes another opportunity for a remotely triggerable assertion, resumes letting relays test reachability of their DirPort, diff --git a/changes/6757 b/changes/6757 deleted file mode 100644 index 6b17f951d1..0000000000 --- a/changes/6757 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client): - - Make clients running with IPv6 bridges connect over IPv6 again, - even without setting new config options ClientUseIPv6 and - ClientPreferIPv6ORPort. - Fixes bug 6757; bugfix on 0.2.4.1-alpha. diff --git a/changes/6982 b/changes/6982 deleted file mode 100644 index edfa066a56..0000000000 --- a/changes/6982 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from dhill. - Ticket 6982. diff --git a/changes/addr_is_internal_debug b/changes/addr_is_internal_debug deleted file mode 100644 index 6de221bb2e..0000000000 --- a/changes/addr_is_internal_debug +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Log the call-site of a failed tor_addr_is_internal(), so that we - can learn who is calling it with AF_UNSPECIFIED and fix the - second (unrelated) part of bug 7086. diff --git a/changes/bug1031 b/changes/bug1031 deleted file mode 100644 index e3ab49b2bd..0000000000 --- a/changes/bug1031 +++ /dev/null @@ -1,5 +0,0 @@ - o Code cleanup: - - Avoid use of reserved identifiers in our C code. The C standard - doesn't like us declaring anything that starts with an - underscore, so let's knock it off before we get in trouble. Fix - for bug 1031; bugfix on the first Tor commit. diff --git a/changes/bug6465 b/changes/bug6465 deleted file mode 100644 index a5ea9e213c..0000000000 --- a/changes/bug6465 +++ /dev/null @@ -1,12 +0,0 @@ - o Infrastructure features: - - Introduce new channel_t abstraction between circuits and or_connection_t - to allow for implementing alternate OR-to-OR transports. A channel_t is - an abstract object which can either be a cell-bearing channel, which is - responsible for authenticating and handshaking with the remote OR and - transmitting cells to and from it, or a listening channel, which spawns - new cell-bearing channels at the request of remote ORs. - - - Also new is the channel_tls_t subclass of channel_t, adapting it to the - existing or_connection_t code. The V2/V3 protocol handshaking code - which formerly resided in command.c has been moved below the channel_t - abstraction layer and may be found in channeltls.c now. diff --git a/changes/bug6816 b/changes/bug6816 deleted file mode 100644 index e9e6877a96..0000000000 --- a/changes/bug6816 +++ /dev/null @@ -1,6 +0,0 @@ - o Infrastructure features: - - Introduce new circuitmux_t storing the queue of circuits for a channel; - this encapsulates and abstracts the queue logic and circuit selection - policy, and allows the latter to be overridden easily by switching out - a policy object. The existing EWMA behavior is now implemented as a - circuitmux_policy_t. This fixes bug 6816. diff --git a/changes/bug7011 b/changes/bug7011 deleted file mode 100644 index f3d0aa2e1e..0000000000 --- a/changes/bug7011 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Use square brackets around IPv6 addresses in numerous places that needed - them, including log messages, HTTPS CONNECT proxy requests, - TransportProxy statefile entries, and pluggable transport extra-info - lines. Fix for bug 7011; patch by David Fifield. - diff --git a/changes/bug7014 b/changes/bug7014 deleted file mode 100644 index 1d39103a50..0000000000 --- a/changes/bug7014 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix two cases in src/or/transports.c where we were calling - fmt_addr() twice in a parameter list. Bug found by David - Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug7022 b/changes/bug7022 deleted file mode 100644 index 10ac354724..0000000000 --- a/changes/bug7022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix memory leaks whenever we logged any message about the "path - bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7029 b/changes/bug7029 deleted file mode 100644 index a115b42f8e..0000000000 --- a/changes/bug7029 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code cleanliness): - - Free some more still-in-use memory at exit, to make hunting for - memory leaks easier. Resolves bug 7029. diff --git a/changes/bug7037 b/changes/bug7037 deleted file mode 100644 index fc3a1ad1c5..0000000000 --- a/changes/bug7037 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When relays refuse a "create" cell because their queue of pending - create cells is too big (typically because their cpu can't keep up - with the arrival rate), send back reason "resource limit" rather - than reason "internal", so network measurement scripts can get a - more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/bug7038 b/changes/bug7038 deleted file mode 100644 index 3805d868b2..0000000000 --- a/changes/bug7038 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (log messages): - - Downgrade "Failed to hand off onionskin" messages to "debug" - severity, since they're typically redundant with the "Your computer - is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. - diff --git a/changes/bug7039 b/changes/bug7039 deleted file mode 100644 index dc5111a00c..0000000000 --- a/changes/bug7039 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - When a Tor client gets a "truncated" relay cell, the first byte of - its payload specifies why the circuit was truncated. We were - ignoring this 'reason' byte when tearing down the circuit, resulting - in the controller not being told why the circuit closed. Now we - pass the reason from the truncated cell to the controller. Bugfix - on 0.1.2.3-alpha; fixes bug 7039. diff --git a/changes/dropped_openssl_vers b/changes/dropped_openssl_vers deleted file mode 100644 index dc79d5e3ff..0000000000 --- a/changes/dropped_openssl_vers +++ /dev/null @@ -1,3 +0,0 @@ - o Required libraries: - - Tor now requires OpenSSL 0.9.8 or later; OpenSSL 1.0.0 or later is - strongly recommended. diff --git a/changes/src_ext b/changes/src_ext deleted file mode 100644 index a1b2a2198f..0000000000 --- a/changes/src_ext +++ /dev/null @@ -1,3 +0,0 @@ - o Code refactoring: - - Source files taken from other packages now reside in src/ext; - previously they were scattered around the rest of Tor. diff --git a/changes/ticket5749 b/changes/ticket5749 deleted file mode 100644 index 0237241981..0000000000 --- a/changes/ticket5749 +++ /dev/null @@ -1,3 +0,0 @@ - o New directory authorities: - - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory - authority. Closes ticket 5749. diff --git a/changes/ticket6997 b/changes/ticket6997 deleted file mode 100644 index 0a33b37552..0000000000 --- a/changes/ticket6997 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor bugfixes: - - Command-line option "--version" implies "--quiet". Closes ticket #6997. diff --git a/changes/warn-about-hses-without-guards b/changes/warn-about-hses-without-guards deleted file mode 100644 index 57b8b4d00f..0000000000 --- a/changes/warn-about-hses-without-guards +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - - Warn users who run hidden services on a Tor client with - UseEntryGuards disabled that their hidden services will be - vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the - attack which motivated Tor to support entry guards in the first - place). Fixes bug 6889. - diff --git a/configure.ac b/configure.ac index bb7ea6b861..1ca75cc4ae 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2012, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.4.3-alpha-dev]) +AC_INIT([tor],[0.2.4.4-alpha-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AM_INIT_AUTOMAKE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) diff --git a/contrib/polipo/polipo-mingw.nsi b/contrib/polipo/polipo-mingw.nsi index 624e825eb6..f119675eba 100644 --- a/contrib/polipo/polipo-mingw.nsi +++ b/contrib/polipo/polipo-mingw.nsi @@ -165,7 +165,7 @@ SectionEnd !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN !insertmacro MUI_DESCRIPTION_TEXT ${Polipo} "The core executable and config files needed for Polipo to run." !insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Polipo" - !insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Polipo and it's documentation from the Start Menu" + !insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Polipo and its documentation from the Start Menu" !insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Polipo from the desktop" !insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Polipo automatically at startup in a minimized window" !insertmacro MUI_FUNCTION_DESCRIPTION_END diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index cba8c43366..d2c5f3a8f3 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.4.3-alpha-dev" +!define VERSION "0.2.4.4-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" @@ -147,7 +147,7 @@ SectionEnd !insertmacro MUI_DESCRIPTION_TEXT ${Tor} "The core executable and config files needed for Tor to run." !insertmacro MUI_DESCRIPTION_TEXT ${Docs} "Documentation about Tor." !insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Tor" -!insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and it's documentation from the Start Menu" +!insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and its documentation from the Start Menu" !insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Tor from the desktop" !insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Tor automatically at startup in a minimized window" !insertmacro MUI_FUNCTION_DESCRIPTION_END diff --git a/contrib/tor.nsi.in b/contrib/tor.nsi.in index a7ed914b8d..dd24df454c 100644 --- a/contrib/tor.nsi.in +++ b/contrib/tor.nsi.in @@ -207,7 +207,7 @@ SectionEnd !insertmacro MUI_DESCRIPTION_TEXT ${OpenSSL} "OpenSSL libraries required by Tor." !insertmacro MUI_DESCRIPTION_TEXT ${Docs} "Documentation about Tor." !insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Tor" - !insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and it's documentation from the Start Menu" + !insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and its documentation from the Start Menu" !insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Tor from the desktop" !insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Tor automatically at startup in a minimized window" !insertmacro MUI_FUNCTION_DESCRIPTION_END diff --git a/src/common/tortls.c b/src/common/tortls.c index 75889e9ad4..2ff18355d1 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1190,6 +1190,14 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, #ifdef SSL_OP_NO_TLSv1_1 SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1); #endif + /* Disable TLS tickets if they're supported. We never want to use them; + * using them can make our perfect forward secrecy a little worse, *and* + * create an opportunity to fingerprint us (since it's unusual to use them + * with TLS sessions turned off). + */ +#ifdef SSL_OP_NO_TICKET + SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET); +#endif if ( #ifdef DISABLE_SSL3_HANDSHAKE diff --git a/src/ext/eventdns.c b/src/ext/eventdns.c index 768693aba6..7e99f55626 100644 --- a/src/ext/eventdns.c +++ b/src/ext/eventdns.c @@ -130,7 +130,7 @@ typedef int socklen_t; #define mm_realloc(x,y) tor_realloc((x),(y)) #define mm_free(x) tor_free(x) #define mm_strdup(x) tor_strdup(x) -#define _mm_free(x) _tor_free(x) +#define _mm_free(x) tor_free_(x) #undef MIN #define MIN(a,b) ((a)<(b)?(a):(b)) diff --git a/src/or/channel.c b/src/or/channel.c index 05ff9e2462..5552d39f5b 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -850,6 +850,11 @@ channel_listener_free(channel_listener_t *chan_l) { if (!chan_l) return; + log_debug(LD_CHANNEL, + "Freeing channel_listener_t " U64_FORMAT " at %p", + U64_PRINTF_ARG(chan_l->global_identifier), + chan_l); + /* It must be closed or errored */ tor_assert(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED || chan_l->state == CHANNEL_LISTENER_STATE_ERROR); @@ -937,6 +942,11 @@ channel_listener_force_free(channel_listener_t *chan_l) { tor_assert(chan_l); + log_debug(LD_CHANNEL, + "Force-freeing channel_listener_t " U64_FORMAT " at %p", + U64_PRINTF_ARG(chan_l->global_identifier), + chan_l); + /* Call a free method if there is one */ if (chan_l->free) chan_l->free(chan_l); @@ -3235,6 +3245,7 @@ channel_dump_statistics(channel_t *chan, int severity) /* Handle remote address and descriptions */ have_remote_addr = channel_get_addr_if_possible(chan, &remote_addr); if (have_remote_addr) { + char *actual = tor_strdup(channel_get_actual_remote_descr(chan)); remote_addr_str = tor_dup_addr(&remote_addr); log(severity, LD_GENERAL, " * Channel " U64_FORMAT " says its remote address" @@ -3243,16 +3254,19 @@ channel_dump_statistics(channel_t *chan, int severity) U64_PRINTF_ARG(chan->global_identifier), remote_addr_str, channel_get_canonical_remote_descr(chan), - channel_get_actual_remote_descr(chan)); + actual); tor_free(remote_addr_str); + tor_free(actual); } else { + char *actual = tor_strdup(channel_get_actual_remote_descr(chan)); log(severity, LD_GENERAL, " * Channel " U64_FORMAT " does not know its remote " "address, but gives a canonical description of \"%s\" and an " "actual description of \"%s\"", U64_PRINTF_ARG(chan->global_identifier), channel_get_canonical_remote_descr(chan), - channel_get_actual_remote_descr(chan)); + actual); + tor_free(actual); } /* Handle marks */ @@ -3467,8 +3481,10 @@ channel_listener_dump_transport_statistics(channel_listener_t *chan_l, * This function return a test provided by the lower layer of the remote * endpoint for this channel; it should specify the actual address connected * to/from. + * + * Subsequent calls to channel_get_{actual,canonical}_remote_{address,descr} + * may invalidate the return value from this function. */ - const char * channel_get_actual_remote_descr(channel_t *chan) { @@ -3476,7 +3492,20 @@ channel_get_actual_remote_descr(channel_t *chan) tor_assert(chan->get_remote_descr); /* Param 1 indicates the actual description */ - return chan->get_remote_descr(chan, 1); + return chan->get_remote_descr(chan, GRD_FLAG_ORIGINAL); +} + +/** + * Return the text address of the remote endpoint. + * + * Subsequent calls to channel_get_{actual,canonical}_remote_{address,descr} + * may invalidate the return value from this function. + */ +const char * +channel_get_actual_remote_address(channel_t *chan) +{ + /* Param 1 indicates the actual description */ + return chan->get_remote_descr(chan, GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY); } /** @@ -3485,8 +3514,10 @@ channel_get_actual_remote_descr(channel_t *chan) * This function return a test provided by the lower layer of the remote * endpoint for this channel; it should use the known canonical address for * this OR's identity digest if possible. + * + * Subsequent calls to channel_get_{actual,canonical}_remote_{address,descr} + * may invalidate the return value from this function. */ - const char * channel_get_canonical_remote_descr(channel_t *chan) { @@ -3498,12 +3529,12 @@ channel_get_canonical_remote_descr(channel_t *chan) } /** - * Get remote address if possible + * Get remote address if possible. * * Write the remote address out to a tor_addr_t if the underlying transport - * supports this operation. + * supports this operation, and return 1. Return 0 if the underlying transport + * doesn't let us do this. */ - int channel_get_addr_if_possible(channel_t *chan, tor_addr_t *addr_out) { diff --git a/src/or/channel.h b/src/or/channel.h index 33b7c8f88b..d90335c194 100644 --- a/src/or/channel.h +++ b/src/or/channel.h @@ -79,10 +79,13 @@ struct channel_s { * available. */ int (*get_remote_addr)(channel_t *, tor_addr_t *); +#define GRD_FLAG_ORIGINAL 1 +#define GRD_FLAG_ADDR_ONLY 2 /* - * Get a text description of the remote endpoint; canonicalized if the - * arg is 0, or the one we originally connected to/received from if it's - * 1. + * Get a text description of the remote endpoint; canonicalized if the flag + * GRD_FLAG_ORIGINAL is not set, or the one we originally connected + * to/received from if it is. If GRD_FLAG_ADDR_ONLY is set, we return only + * the original address. */ const char * (*get_remote_descr)(channel_t *, int); /* Check if the lower layer has queued writes */ @@ -424,6 +427,7 @@ const char * channel_describe_transport(channel_t *chan); void channel_dump_statistics(channel_t *chan, int severity); void channel_dump_transport_statistics(channel_t *chan, int severity); const char * channel_get_actual_remote_descr(channel_t *chan); +const char * channel_get_actual_remote_address(channel_t *chan); int channel_get_addr_if_possible(channel_t *chan, tor_addr_t *addr_out); const char * channel_get_canonical_remote_descr(channel_t *chan); int channel_has_queued_writes(channel_t *chan); diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 4a949da8f1..4e3c20ab71 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -46,6 +46,9 @@ uint64_t stats_n_authorize_cells_processed = 0; /** Active listener, if any */ channel_listener_t *channel_tls_listener = NULL; +/* Utility function declarations */ +static void channel_tls_common_init(channel_tls_t *tlschan); + /* channel_tls_t method declarations */ static void channel_tls_close_method(channel_t *chan); @@ -53,7 +56,7 @@ static const char * channel_tls_describe_transport_method(channel_t *chan); static int channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out); static const char * -channel_tls_get_remote_descr_method(channel_t *chan, int req); +channel_tls_get_remote_descr_method(channel_t *chan, int flags); static int channel_tls_has_queued_writes_method(channel_t *chan); static int channel_tls_is_canonical_method(channel_t *chan, int req); static int @@ -92,19 +95,18 @@ static int enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *tlschan); /** - * Start a new TLS channel - * - * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to - * handshake with an OR with identity digest <b>id_digest</b>, and wrap - * it in a channel_tls_t. + * Do parts of channel_tls_t initialization common to channel_tls_connect() + * and channel_tls_handle_incoming(). */ -channel_t * -channel_tls_connect(const tor_addr_t *addr, uint16_t port, - const char *id_digest) +static void +channel_tls_common_init(channel_tls_t *tlschan) { - channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan)); - channel_t *chan = &(tlschan->base_); + channel_t *chan; + + tor_assert(tlschan); + + chan = &(tlschan->base_); channel_init(chan); chan->magic = TLS_CHAN_MAGIC; chan->state = CHANNEL_STATE_OPENING; @@ -120,6 +122,29 @@ channel_tls_connect(const tor_addr_t *addr, uint16_t port, chan->write_packed_cell = channel_tls_write_packed_cell_method; chan->write_var_cell = channel_tls_write_var_cell_method; + chan->cmux = circuitmux_alloc(); + if (cell_ewma_enabled()) { + circuitmux_set_policy(chan->cmux, &ewma_policy); + } +} + +/** + * Start a new TLS channel + * + * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to + * handshake with an OR with identity digest <b>id_digest</b>, and wrap + * it in a channel_tls_t. + */ + +channel_t * +channel_tls_connect(const tor_addr_t *addr, uint16_t port, + const char *id_digest) +{ + channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan)); + channel_t *chan = &(tlschan->base_); + + channel_tls_common_init(tlschan); + log_debug(LD_CHANNEL, "In channel_tls_connect() for channel %p " "(global id " U64_FORMAT ")", @@ -129,11 +154,6 @@ channel_tls_connect(const tor_addr_t *addr, uint16_t port, if (is_local_addr(addr)) channel_mark_local(chan); channel_mark_outgoing(chan); - chan->cmux = circuitmux_alloc(); - if (cell_ewma_enabled()) { - circuitmux_set_policy(chan->cmux, &ewma_policy); - } - /* Set up or_connection stuff */ tlschan->conn = connection_or_connect(addr, port, id_digest, tlschan); /* connection_or_connect() will fill in tlschan->conn */ @@ -216,14 +236,26 @@ channel_tls_start_listener(void) void channel_tls_free_all(void) { + channel_listener_t *old_listener = NULL; + log_debug(LD_CHANNEL, "Shutting down TLS channels..."); if (channel_tls_listener) { - channel_listener_unregister(channel_tls_listener); - channel_listener_mark_for_close(channel_tls_listener); - channel_listener_free(channel_tls_listener); - channel_tls_listener = NULL; + /* + * When we close it, channel_tls_listener will get nulled out, so save + * a pointer so we can free it. + */ + old_listener = channel_tls_listener; + log_debug(LD_CHANNEL, + "Closing channel_tls_listener with ID " U64_FORMAT + " at %p.", + U64_PRINTF_ARG(old_listener->global_identifier), + old_listener); + channel_listener_unregister(old_listener); + channel_listener_mark_for_close(old_listener); + channel_listener_free(old_listener); + tor_assert(channel_tls_listener == NULL); } log_debug(LD_CHANNEL, @@ -243,19 +275,7 @@ channel_tls_handle_incoming(or_connection_t *orconn) tor_assert(orconn); tor_assert(!(orconn->chan)); - channel_init(chan); - chan->magic = TLS_CHAN_MAGIC; - chan->state = CHANNEL_STATE_OPENING; - chan->close = channel_tls_close_method; - chan->describe_transport = channel_tls_describe_transport_method; - chan->get_remote_descr = channel_tls_get_remote_descr_method; - chan->has_queued_writes = channel_tls_has_queued_writes_method; - chan->is_canonical = channel_tls_is_canonical_method; - chan->matches_extend_info = channel_tls_matches_extend_info_method; - chan->matches_target = channel_tls_matches_target_method; - chan->write_cell = channel_tls_write_cell_method; - chan->write_packed_cell = channel_tls_write_packed_cell_method; - chan->write_var_cell = channel_tls_write_var_cell_method; + channel_tls_common_init(tlschan); /* Link the channel and orconn to each other */ tlschan->conn = orconn; @@ -264,11 +284,6 @@ channel_tls_handle_incoming(or_connection_t *orconn) if (is_local_addr(&(TO_CONN(orconn)->addr))) channel_mark_local(chan); channel_mark_incoming(chan); - chan->cmux = circuitmux_alloc(); - if (cell_ewma_enabled()) { - circuitmux_set_policy(chan->cmux, &ewma_policy); - } - /* If we got one, we should register it */ if (chan) channel_register(chan); @@ -400,7 +415,7 @@ channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out) */ static const char * -channel_tls_get_remote_descr_method(channel_t *chan, int req) +channel_tls_get_remote_descr_method(channel_t *chan, int flags) { #define MAX_DESCR_LEN 32 @@ -415,21 +430,34 @@ channel_tls_get_remote_descr_method(channel_t *chan, int req) conn = TO_CONN(tlschan->conn); - switch (req) { + switch (flags) { case 0: - /* Canonical address */ + /* Canonical address with port*/ tor_snprintf(buf, MAX_DESCR_LEN + 1, "%s:%u", conn->address, conn->port); answer = buf; break; - case 1: - /* Actual address */ + case GRD_FLAG_ORIGINAL: + /* Actual address with port */ addr_str = tor_dup_addr(&(tlschan->conn->real_addr)); tor_snprintf(buf, MAX_DESCR_LEN + 1, "%s:%u", addr_str, conn->port); tor_free(addr_str); answer = buf; break; + case GRD_FLAG_ADDR_ONLY: + /* Canonical address, no port */ + strlcpy(buf, conn->address, sizeof(buf)); + answer = buf; + break; + case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY: + /* Actual address, no port */ + addr_str = tor_dup_addr(&(tlschan->conn->real_addr)); + strlcpy(buf, addr_str, sizeof(buf)); + tor_free(addr_str); + answer = buf; + break; + default: /* Something's broken in channel.c */ tor_assert(1); @@ -1118,6 +1146,7 @@ enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan) "Received a cell while TLS-handshaking, not in " "OR_HANDSHAKING_V3, on a connection we originated."); } + connection_or_block_renegotiation(chan->conn); chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3; if (connection_init_or_handshake_state(chan->conn, started_here) < 0) { connection_or_close_for_error(chan->conn, 0); diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 75f0d5b801..5e85b3e4b3 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1431,7 +1431,7 @@ circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer, int reason) * just give up. */ circuit_mark_for_close(TO_CIRCUIT(circ), - END_CIRC_REASON_FLAG_REMOTE|END_CIRC_REASON_CHANNEL_CLOSED|reason); + END_CIRC_REASON_FLAG_REMOTE|reason); return 0; #if 0 diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index e7bc09a197..4d528a810e 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3105,7 +3105,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) * we might already have corrected base_.addr[ess] for the relay's * canonical IP address. */ if (or_circ && or_circ->p_chan) - address = tor_strdup(channel_get_actual_remote_descr(or_circ->p_chan)); + address = tor_strdup(channel_get_actual_remote_address(or_circ->p_chan)); else address = tor_strdup("127.0.0.1"); port = 1; /* XXXX This value is never actually used anywhere, and there @@ -3180,7 +3180,12 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) n_stream->on_circuit = circ; if (rh.command == RELAY_COMMAND_BEGIN_DIR) { + tor_addr_t tmp_addr; tor_assert(or_circ); + if (or_circ->p_chan && + channel_get_addr_if_possible(or_circ->p_chan, &tmp_addr)) { + tor_addr_copy(&n_stream->base_.addr, &tmp_addr); + } return connection_exit_connect_dir(n_stream); } diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 970f55a74f..9cd56bb89c 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1253,6 +1253,17 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving) return 0; } +/** Block all future attempts to renegotiate on 'conn' */ +void +connection_or_block_renegotiation(or_connection_t *conn) +{ + tor_tls_t *tls = conn->tls; + if (!tls) + return; + tor_tls_set_renegotiate_callback(tls, NULL, NULL); + tor_tls_block_renegotiation(tls); +} + /** Invoked on the server side from inside tor_tls_read() when the server * gets a successful TLS renegotiation from the client. */ static void @@ -1262,8 +1273,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn) (void)tls; /* Don't invoke this again. */ - tor_tls_set_renegotiate_callback(tls, NULL, NULL); - tor_tls_block_renegotiation(tls); + connection_or_block_renegotiation(conn); if (connection_tls_finish_handshake(conn) < 0) { /* XXXX_TLS double-check that it's ok to do this from inside read. */ diff --git a/src/or/connection_or.h b/src/or/connection_or.h index adfdde8d1b..727de211b0 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -21,6 +21,7 @@ or_connection_t *connection_or_get_for_extend(const char *digest, int *launch_out); void connection_or_set_bad_connections(const char *digest, int force); +void connection_or_block_renegotiation(or_connection_t *conn); int connection_or_reached_eof(or_connection_t *conn); int connection_or_process_inbuf(or_connection_t *conn); int connection_or_flushed_some(or_connection_t *conn); diff --git a/src/or/directory.c b/src/or/directory.c index 2ceeb0bd02..1d511b5749 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -3169,6 +3169,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, } if (options->HidServDirectoryV2 && + connection_dir_is_encrypted(conn) && !strcmpstart(url,"/tor/rendezvous2/")) { /* Handle v2 rendezvous descriptor fetch request. */ const char *descp; @@ -3355,6 +3356,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, /* Handle v2 rendezvous service publish request. */ if (options->HidServDirectoryV2 && + connection_dir_is_encrypted(conn) && !strcmpstart(url,"/tor/rendezvous2/publish")) { switch (rend_cache_store_v2_desc_as_dir(body)) { case -2: diff --git a/src/or/reasons.c b/src/or/reasons.c index a04cd869a2..874a86774b 100644 --- a/src/or/reasons.c +++ b/src/or/reasons.c @@ -300,8 +300,13 @@ errno_to_orconn_end_reason(int e) const char * circuit_end_reason_to_control_string(int reason) { - if (reason >= 0 && reason & END_CIRC_REASON_FLAG_REMOTE) + int is_remote = 0; + + if (reason >= 0 && reason & END_CIRC_REASON_FLAG_REMOTE) { reason &= ~END_CIRC_REASON_FLAG_REMOTE; + is_remote = 1; + } + switch (reason) { case END_CIRC_AT_ORIGIN: /* This shouldn't get passed here; it's a catch-all reason. */ @@ -338,7 +343,18 @@ circuit_end_reason_to_control_string(int reason) case END_CIRC_REASON_MEASUREMENT_EXPIRED: return "MEASUREMENT_EXPIRED"; default: - log_warn(LD_BUG, "Unrecognized reason code %d", (int)reason); + if (is_remote) { + /* + * If it's remote, it's not a bug *here*, so don't use LD_BUG, but + * do note that the someone we're talking to is speaking the Tor + * protocol with a weird accent. + */ + log_warn(LD_PROTOCOL, + "Remote server sent bogus reason code %d", reason); + } else { + log_warn(LD_BUG, + "Unrecognized reason code %d", reason); + } return NULL; } } diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 78512c5765..258fddcefa 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -232,7 +232,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.4.3-alpha-dev" +#define VERSION "0.2.4.4-alpha-dev" |