diff options
44 files changed, 98 insertions, 211 deletions
diff --git a/.travis.yml b/.travis.yml index 01343e65d9..cbbff2d942 100644 --- a/.travis.yml +++ b/.travis.yml @@ -210,7 +210,10 @@ install: ## If we're running chutney, install it. - if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi ## If we're running stem, install it. - - if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi + ## XXXX We are temporarily fixing the version at d1174a83 to work around + ## https://github.com/torproject/stem/issues/63 . + ## - if [[ "$TEST_STEM" != "" ]]; then git clone --no-tags --depth 1 https://github.com/torproject/stem.git; export STEM_SOURCE_DIR=`pwd`/stem; fi + - if [[ "$TEST_STEM" != "" ]]; then git clone https://github.com/torproject/stem.git && ( cd ./stem && git checkout d1174a83c2dcb7b855d8fc986be3ab8f8d88d68c) ; export STEM_SOURCE_DIR=`pwd`/stem; fi ## ## Finally, list installed package versions - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi diff --git a/ReleaseNotes b/ReleaseNotes index a9adbfe342..a241da3027 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,107 +2,6 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. -Changes in version 0.4.3.3-alpha - 2020-03-18 - Tor 0.4.3.3-alpha fixes several bugs in previous releases, including - TROVE-2020-002, a major denial-of-service vulnerability that affected - all released Tor instances since 0.2.1.5-alpha. Using this - vulnerability, an attacker could cause Tor instances to consume a huge - amount of CPU, disrupting their operations for several seconds or - minutes. This attack could be launched by anybody against a relay, or - by a directory cache against any client that had connected to it. The - attacker could launch this attack as much as they wanted, thereby - disrupting service or creating patterns that could aid in traffic - analysis. This issue was found by OSS-Fuzz, and is also tracked - as CVE-2020-10592. - - We do not have reason to believe that this attack is currently being - exploited in the wild, but nonetheless we advise everyone to upgrade - as soon as packages are available. - - o Major bugfixes (security, denial-of-service): - - Fix a denial-of-service bug that could be used by anyone to - consume a bunch of CPU on any Tor relay or authority, or by - directories to consume a bunch of CPU on clients or hidden - services. Because of the potential for CPU consumption to - introduce observable timing patterns, we are treating this as a - high-severity security issue. Fixes bug 33119; bugfix on - 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue - as TROVE-2020-002 and CVE-2020-10592. - - o Major bugfixes (circuit padding, memory leak): - - Avoid a remotely triggered memory leak in the case that a circuit - padding machine is somehow negotiated twice on the same circuit. - Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. - This is also tracked as TROVE-2020-004 and CVE-2020-10593. - - o Major bugfixes (directory authority): - - Directory authorities will now send a 503 (not enough bandwidth) - code to clients when under bandwidth pressure. Known relays and - other authorities will always be answered regardless of the - bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. - - o Minor features (diagnostic): - - Improve assertions and add some memory-poisoning code to try to - track down possible causes of a rare crash (32564) in the EWMA - code. Closes ticket 33290. - - o Minor features (directory authorities): - - Directory authorities now reject descriptors from relays running - Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is - still allowed. Resolves ticket 32672. Patch by Neel Chauhan. - - o Minor features (usability): - - Include more information when failing to parse a configuration - value. This should make it easier to tell what's going wrong when - a configuration file doesn't parse. Closes ticket 33460. - - o Minor bugfix (relay, configuration): - - Warn if the ContactInfo field is not set, and tell the relay - operator that not having a ContactInfo field set might cause their - relay to get rejected in the future. Fixes bug 33361; bugfix - on 0.1.1.10-alpha. - - o Minor bugfixes (coding best practices checks): - - Allow the "practracker" script to read unicode files when using - Python 2. We made the script use unicode literals in 0.4.3.1-alpha, - but didn't change the codec for opening files. Fixes bug 33374; - bugfix on 0.4.3.1-alpha. - - o Minor bugfixes (continuous integration): - - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix - on 0.3.2.2-alpha. - - o Minor bugfixes (onion service v3, client): - - Remove a BUG() warning that would cause a stack trace if an onion - service descriptor was freed while we were waiting for a - rendezvous circuit to complete. Fixes bug 28992; bugfix - on 0.3.2.1-alpha. - - o Minor bugfixes (onion services v3): - - Fix an assertion failure that could result from a corrupted - ADD_ONION control port command. Found by Saibato. Fixes bug 33137; - bugfix on 0.3.3.1-alpha. This issue is also tracked - as TROVE-2020-003. - - o Documentation (manpage): - - Alphabetize the Server and Directory server sections of the tor - manpage. Also split Statistics options into their own section of - the manpage. Closes ticket 33188. Work by Swati Thacker as part of - Google Season of Docs. - - Document the __OwningControllerProcess torrc option and specify - its polling interval. Resolves issue 32971. - - o Testing (Travis CI): - - Remove a redundant distcheck job. Closes ticket 33194. - - Sort the Travis jobs in order of speed: putting the slowest jobs - first takes full advantage of Travis job concurrency. Closes - ticket 33194. - - Stop allowing the Chutney IPv6 Travis job to fail. This job was - previously configured to fast_finish (which requires - allow_failure), to speed up the build. Closes ticket 33195. - - When a Travis chutney job fails, use chutney's new "diagnostics.sh" - tool to produce detailed diagnostic output. Closes ticket 32792. - Changes in version 0.4.2.7 - 2020-03-18 This is the third stable release in the 0.4.2.x series. It backports diff --git a/changes/bug31669 b/changes/bug31669 deleted file mode 100644 index 8079c98f62..0000000000 --- a/changes/bug31669 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services v3): - - Relax severity of a log message that can appear naturally when decoding - onion service descriptors as a relay. Also add some diagnostics to debug - any future bugs in that area. Fixes bug 31669; bugfix on 0.3.0.1-alpha.
\ No newline at end of file diff --git a/changes/bug33032 b/changes/bug33032 deleted file mode 100644 index 0c665f25df..0000000000 --- a/changes/bug33032 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (key portability): - - When reading PEM-encoded key data, tolerate CRLF line-endings even if - we are not running on Windows. Previously, non-Windows hosts - would reject these line-endings in certain positions, making - certain key files hard to move from one host to another. - Fixes bug 33032; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug33087 b/changes/bug33087 deleted file mode 100644 index ab6df58cc6..0000000000 --- a/changes/bug33087 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (logging): - - Stop closing stderr and stdout during shutdown. Closing these file - descriptors can hide sanitiser logs. - Fixes bug 33087; bugfix on 0.4.1.6. - - Flush stderr, stdout, and file logs during shutdown, if supported by the - OS. This change helps make sure that any final logs are recorded. - Fixes bug 33087; bugfix on 0.4.1.6. diff --git a/changes/bug33545 b/changes/bug33545 deleted file mode 100644 index c051b01605..0000000000 --- a/changes/bug33545 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - Block a client-side assert by disallowing the registration of an x25519 - client auth key that's all zeroes. Fixes bug 33545; bugfix on - 0.4.3.1-alpha. Patch based on patch from "cypherpunks".
\ No newline at end of file diff --git a/changes/bug33608 b/changes/bug33608 deleted file mode 100644 index 0e82a8eec9..0000000000 --- a/changes/bug33608 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client IPv6): - - Stop forcing all non-SOCKSPorts to prefer IPv6 exit connections. Instead, - prefer IPv6 connections by default, but allow users to change their - configs using the "NoPreferIPv6" port flag. - Fixes bug 33608; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug33668 b/changes/bug33668 deleted file mode 100644 index 2b0830d6d8..0000000000 --- a/changes/bug33668 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (--disable-module-relay): - - Fix an assertion failure when Tor is build without the relay module, - and then invoked with the "User" option. Fixes bug 33668; bugfix on - 0.4.3.1-alpha. diff --git a/changes/bug33673 b/changes/bug33673 deleted file mode 100644 index 37c00f2e6e..0000000000 --- a/changes/bug33673 +++ /dev/null @@ -1,6 +0,0 @@ - o Testing: - - In our Appveyor Windows CI, copy required DLLs to test and app, before - running tor's tests. This ensures that tor.exe and test*.exe use the - correct version of each DLL. This fix is not required, but we hope it - will avoid DLL search issues in future. - Fixes bug 33673; bugfix on 0.3.4.2-alpha. diff --git a/changes/bug33674 b/changes/bug33674 deleted file mode 100644 index bcc3fcab03..0000000000 --- a/changes/bug33674 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (--disable-module-relay,--disable-module-dirauth): - - Set some output arguments in the relay and dirauth module stubs, to - guard against future stub argument handling bugs like 33668. - Fixes bug 33674; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug33782 b/changes/bug33782 deleted file mode 100644 index 9d4a0e7a79..0000000000 --- a/changes/bug33782 +++ /dev/null @@ -1,7 +0,0 @@ - o Testing: - - Avoid conflicts between the fake sockets in tor's unit tests, and real - file descriptors. Resolves issues running unit tests with GitHub Actions, - where the process that embeds or launches the tests has already opened a - large number of file descriptors. - Fixes bug 33782; bugfix on 0.2.8.1-alpha. - Found and fixed by Putta Khunchalee. diff --git a/changes/bug33918 b/changes/bug33918 deleted file mode 100644 index e1467b4aaf..0000000000 --- a/changes/bug33918 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (IPv6, logging): - - Stop truncating IPv6 addresses and ports in channel and connection logs. - Fixes bug 33918; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug34077 b/changes/bug34077 deleted file mode 100644 index 29458bd9de..0000000000 --- a/changes/bug34077 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix on - 0.4.0.3-alpha. diff --git a/changes/bug34078 b/changes/bug34078 deleted file mode 100644 index 1015d24547..0000000000 --- a/changes/bug34078 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compiler compatibility): - - Avoid compiler warnings from Clang 10 related to the use of - GCC-style "/* falls through */" comments. Both Clang and GCC allow - __attribute__((fallthrough)) instead, so that's what we're using now. - Fixes bug 34078; bugfix on 0.3.1.3-alpha. diff --git a/changes/bug34130 b/changes/bug34130 new file mode 100644 index 0000000000..b1e5715fdf --- /dev/null +++ b/changes/bug34130 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp sandbox nss): + - Fix startup crash when tor is compiled with --enable-nss and + sandbox support is enabled. Fixes bug 34130; bugfix on + 0.3.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug34131 b/changes/bug34131 deleted file mode 100644 index eb3a3feba2..0000000000 --- a/changes/bug34131 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging): - - Fix a logic error in a log message about whether an address was - invalid. Previously, the code would never report that onion addresses - were onion addresses. Fixes bug 34131; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug34233 b/changes/bug34233 new file mode 100644 index 0000000000..24c7869783 --- /dev/null +++ b/changes/bug34233 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Fix a portability error in the configure script, where we + were using "==" instead of "=". Fixes bug 34233; bugfix on + 0.4.3.5. diff --git a/changes/doc34133 b/changes/doc34133 new file mode 100644 index 0000000000..abe9db6148 --- /dev/null +++ b/changes/doc34133 @@ -0,0 +1,6 @@ + o Documentation: + - Correctly document that we search for a system torrc file before + Document the limitations of using %include on config files with + seccomp sandbox enabled. No new files can be added to the + %included directories. Fixes documentation bug 34133; bugfix + on 0.3.1.1-alpha. Patch by Daniel Pinto. diff --git a/changes/ticket32873 b/changes/ticket32873 new file mode 100644 index 0000000000..65ea1f64ad --- /dev/null +++ b/changes/ticket32873 @@ -0,0 +1,6 @@ + o Minor features (control port): + - Return a descriptive error message from the 'GETINFO + status/fresh-relay-descs' command on the control port. + Previously, we returned a generic error of "Error + generating descriptor". Closes ticket 32873. Patch by + Neel Chauhan. diff --git a/changes/ticket33491 b/changes/ticket33491 deleted file mode 100644 index 595ea863ea..0000000000 --- a/changes/ticket33491 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (DoS defenses, bridges, pluggable transport): - - DoS subsystem was not given the transport name of the client connection - when tor is a bridge and thus failing to find the GeoIP cache entry for - that client address. This resulted in failing to apply DoS defenses on - bridges with a pluggable transport. Fixes bug 33491; bugfix on - 0.3.3.2-alpha. diff --git a/changes/ticket33643 b/changes/ticket33643 deleted file mode 100644 index 7fddab74eb..0000000000 --- a/changes/ticket33643 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - The unit tests now support a "TOR_SKIP_TESTCASES" environment variable - to specify a list of space-separated test cases that should not be - executed. We will use this to disable certain tests that are failing on - Appveyor because of mismatched OpenSSL libraries. Part of ticket 33643. diff --git a/changes/ticket33643_part2 b/changes/ticket33643_part2 deleted file mode 100644 index 28193d2af5..0000000000 --- a/changes/ticket33643_part2 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing (CI): - - On appveyor, skip the crypto/openssl_version test, which is failing - because of a mismatched library installation. Fix for 33643. diff --git a/changes/ticket33646 b/changes/ticket33646 deleted file mode 100644 index 751c5d5bf2..0000000000 --- a/changes/ticket33646 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (build system): - - Correctly output the enabled module in the configure summary. Before that, - the list shown was just plain wrong. Fixes bug 33646; bugfix on - 0.4.3.2-alpha. diff --git a/changes/ticket33778 b/changes/ticket33778 new file mode 100644 index 0000000000..a33c647a6e --- /dev/null +++ b/changes/ticket33778 @@ -0,0 +1,3 @@ + o Documentation (manpage): + - Updated the options set by TestingTorNetwork in the man page. + Closes ticket 33778. diff --git a/changes/ticket34255_043 b/changes/ticket34255_043 new file mode 100644 index 0000000000..5cfec1d48d --- /dev/null +++ b/changes/ticket34255_043 @@ -0,0 +1,3 @@ + o Documentation: + - Fix several doxygen warnings related to imbalanced groups. + Closes ticket 34255. diff --git a/configure.ac b/configure.ac index 4cb64f6230..6942db159f 100644 --- a/configure.ac +++ b/configure.ac @@ -446,7 +446,7 @@ AC_CACHE_CHECK([for __attribute__((fallthrough))], [tor_cv_c_attr_fallthrough=no] )]) CFLAGS="$saved_CFLAGS" -if test "$tor_cv_c_attr_fallthrough" == "yes"; then +if test "$tor_cv_c_attr_fallthrough" = "yes"; then AC_DEFINE(HAVE_ATTR_FALLTHROUGH, [1], [defined if we have the fallthrough attribute.]) fi diff --git a/doc/tor.1.txt b/doc/tor.1.txt index fbe2915cf3..3dd7f5a64a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -211,6 +211,8 @@ file will be parsed as if they were written where the %include option is. If the path is a folder, all files on that folder will be parsed following lexical order. Files starting with a dot are ignored. Files on subfolders are ignored. The %include option can be used recursively. +New configuration files or directories cannot be added to already running Tor +instance if **Sandbox** is enabled. By default, an option on the command line overrides an option found in the configuration file, and an option in a configuration file overrides one in @@ -855,6 +857,10 @@ forward slash (/) in the configuration file and on the command line. and **ORPort** are not allowed). Currently, if **Sandbox** is 1, **ControlPort** command "GETINFO address" will not work. + + + When using %include in the tor configuration files, reloading the tor + configuration is not supported after adding new configuration files or + directories. + + + (Default: 0) [[Schedulers]] **Schedulers** **KIST**|**KISTLite**|**Vanilla**:: @@ -3055,7 +3061,7 @@ on the public Tor network. multiple times: the values from multiple lines are spliced together. When this is set then **VersioningAuthoritativeDirectory** should be set too. -[[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **minutes**|**hours**:: +[[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **seconds**|**minutes**|**hours**:: V3 authoritative directories only. Configures the server's preferred delay between publishing its consensus and signature and assuming it has all the signatures from all the other authorities. Note that the actual time used @@ -3076,7 +3082,7 @@ on the public Tor network. different identity. This feature is used to migrate directory authority keys in the event of a compromise. (Default: 0) -[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **minutes**|**hours**:: +[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **seconds**|**minutes**|**hours**:: V3 authoritative directories only. Configures the server's preferred delay between publishing its vote and assuming it has all the votes from all the other authorities. Note that the actual time used is not the server's @@ -3351,12 +3357,10 @@ The following options are used for running a testing Tor network. running. (Default: 0) + - ServerDNSAllowBrokenConfig 1 DirAllowPrivateAddresses 1 EnforceDistinctSubnets 0 AssumeReachable 1 AuthDirMaxServersPerAddr 0 - AuthDirMaxServersPerAuthAddr 0 ClientBootstrapConsensusAuthorityDownloadInitialDelay 0 ClientBootstrapConsensusFallbackDownloadInitialDelay 0 ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay 0 @@ -3368,11 +3372,11 @@ The following options are used for running a testing Tor network. V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds V3AuthDistDelay 20 seconds - MinUptimeHidServDirectoryV2 0 seconds - TestingV3AuthInitialVotingInterval 5 minutes + TestingV3AuthInitialVotingInterval 150 seconds TestingV3AuthInitialVoteDelay 20 seconds TestingV3AuthInitialDistDelay 20 seconds TestingAuthDirTimeToLearnReachability 0 minutes + MinUptimeHidServDirectoryV2 0 minutes TestingServerDownloadInitialDelay 0 TestingClientDownloadInitialDelay 0 TestingServerConsensusDownloadInitialDelay 0 @@ -3383,8 +3387,9 @@ The following options are used for running a testing Tor network. TestingDirConnectionMaxStall 30 seconds TestingEnableConnBwEvent 1 TestingEnableCellStatsEvent 1 + RendPostPeriod 2 minutes -[[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **minutes**|**hours**:: +[[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **seconds**|**minutes**|**hours**:: After starting as an authority, do not make claims about whether routers are Running until this much time has passed. Changing this requires that **TestingTorNetwork** is set. (Default: 30 minutes) @@ -3514,17 +3519,17 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) -[[TestingV3AuthInitialDistDelay]] **TestingV3AuthInitialDistDelay** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialDistDelay]] **TestingV3AuthInitialDistDelay** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthDistDelay, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 5 minutes) -[[TestingV3AuthInitialVoteDelay]] **TestingV3AuthInitialVoteDelay** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialVoteDelay]] **TestingV3AuthInitialVoteDelay** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthVoteDelay, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 5 minutes) -[[TestingV3AuthInitialVotingInterval]] **TestingV3AuthInitialVotingInterval** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialVotingInterval]] **TestingV3AuthInitialVotingInterval** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthVotingInterval, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 30 minutes) diff --git a/scripts/maint/format_changelog.py b/scripts/maint/format_changelog.py index 7cf55a0d96..b37ece04c0 100755 --- a/scripts/maint/format_changelog.py +++ b/scripts/maint/format_changelog.py @@ -291,7 +291,7 @@ class ChangeLog(object): self.curgraf.append(line) else: - assert "This" is "unreachable" # noqa: F632 + assert False # This should be unreachable. def lint_head(self, line, head): m = re.match(r'^ *o ([^\(]+)((?:\([^\)]+\))?):', head) diff --git a/src/app/config/config.c b/src/app/config/config.c index 7ed373c548..71f8c18ca2 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -6159,7 +6159,7 @@ port_parse_config(smartlist_t *out, portname); goto err; } - if ( has_used_unix_socket_only_option && ! unix_socket_path) { + if (has_used_unix_socket_only_option && !unix_socket_path) { log_warn(LD_CONFIG, "You have a %sPort entry with GroupWritable, " "WorldWritable, or RelaxDirModeCheck, but it is not a " "unix socket.", portname); diff --git a/src/app/config/testnet.inc b/src/app/config/testnet.inc index f146a03cd1..907c35f97c 100644 --- a/src/app/config/testnet.inc +++ b/src/app/config/testnet.inc @@ -1,3 +1,5 @@ +// When modifying, don't forget to update the defaults +// for 'TestingTorNetwork' in 'doc/tor.1.txt' { "DirAllowPrivateAddresses", "1" }, { "EnforceDistinctSubnets", "0" }, { "AssumeReachable", "1" }, diff --git a/src/core/or/versions.c b/src/core/or/versions.c index a9a960d66e..31f1f5b997 100644 --- a/src/core/or/versions.c +++ b/src/core/or/versions.c @@ -296,7 +296,7 @@ tor_version_parse(const char *s, tor_version_t *out) return -1; hexlen = (int)(close_paren-cp); memwipe(digest, 0, sizeof(digest)); - if ( hexlen == 0 || (hexlen % 2) == 1) + if (hexlen == 0 || (hexlen % 2) == 1) return -1; if (base16_decode(digest, hexlen/2, cp, hexlen) != hexlen/2) return -1; diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index 685deb8ecc..b2d0c9680d 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -1332,8 +1332,22 @@ getinfo_helper_events(control_connection_t *control_conn, } routerinfo_t *r; extrainfo_t *e; - if (router_build_fresh_descriptor(&r, &e) < 0) { - *errmsg = "Error generating descriptor"; + int result; + if ((result = router_build_fresh_descriptor(&r, &e)) < 0) { + switch (result) { + case TOR_ROUTERINFO_ERROR_NO_EXT_ADDR: + *errmsg = "Cannot get relay address while generating descriptor"; + break; + case TOR_ROUTERINFO_ERROR_DIGEST_FAILED: + *errmsg = "Key digest failed"; + break; + case TOR_ROUTERINFO_ERROR_CANNOT_GENERATE: + *errmsg = "Cannot generate router descriptor"; + break; + default: + *errmsg = "Error generating descriptor"; + break; + } return -1; } size_t size = r->cache_info.signed_descriptor_len + 1; diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c index 10a3403166..9d7ff2d17f 100644 --- a/src/feature/rend/rendservice.c +++ b/src/feature/rend/rendservice.c @@ -4351,17 +4351,16 @@ rend_consider_descriptor_republication(void) void rend_service_dump_stats(int severity) { - int i,j; rend_service_t *service; rend_intro_point_t *intro; const char *safe_name; origin_circuit_t *circ; - for (i=0; i < smartlist_len(rend_service_list); ++i) { + for (int i = 0; i < smartlist_len(rend_service_list); ++i) { service = smartlist_get(rend_service_list, i); tor_log(severity, LD_GENERAL, "Service configured in %s:", rend_service_escaped_dir(service)); - for (j=0; j < smartlist_len(service->intro_nodes); ++j) { + for (int j = 0; j < smartlist_len(service->intro_nodes); ++j) { intro = smartlist_get(service->intro_nodes, j); safe_name = safe_str_client(intro->extend_info->nickname); diff --git a/src/lib/conf/confdecl.h b/src/lib/conf/confdecl.h index f7e79bb2b1..c2d3fb335d 100644 --- a/src/lib/conf/confdecl.h +++ b/src/lib/conf/confdecl.h @@ -136,11 +136,11 @@ }, /**@}*/ -/* @defgroup STUB_TABLE_MACROS Internal macros: stub table declarations, +/** @defgroup STUB_TABLE_MACROS Internal macros: stub table declarations, * for use when a module is disabled. * Implementation helpers: the regular confdecl macros expand to these * when CONF_CONTEXT is defined to LL_TABLE. Don't use them directly. - * @{*/ + * @{ */ #define BEGIN_CONF_STRUCT__STUB_TABLE(structname) \ static const config_var_t structname##_vars[] = { #define END_CONF_STRUCT__STUB_TABLE(structname) \ @@ -166,7 +166,7 @@ * when the macro sees us declare a configuration option "foo" of type STRING, * it can emit `config_decl_STRING foo;`, which is an alias for `char *foo`. */ -/**{*/ +/**@{*/ typedef char *config_decl_STRING; typedef char *config_decl_FILENAME; /* Yes, "POSINT" is really an int, and not an unsigned int. For diff --git a/src/lib/container/smartlist.c b/src/lib/container/smartlist.c index eeb3bce95c..7784f83957 100644 --- a/src/lib/container/smartlist.c +++ b/src/lib/container/smartlist.c @@ -652,7 +652,7 @@ smartlist_sort_pointers(smartlist_t *sl) #define LEFT_CHILD(i) ( 2*(i) + 1 ) #define RIGHT_CHILD(i) ( 2*(i) + 2 ) #define PARENT(i) ( ((i)-1) / 2 ) -/** }@ */ +/** @} */ /** @{ */ /** Helper macros for heaps: Given a local variable <b>idx_field_offset</b> diff --git a/src/lib/encoding/confline.c b/src/lib/encoding/confline.c index eb1a4e30f0..613e4a00c6 100644 --- a/src/lib/encoding/confline.c +++ b/src/lib/encoding/confline.c @@ -151,6 +151,8 @@ config_get_lines_aux(const char *string, config_line_t **result, int extended, if (allow_include && !strcmp(k, "%include") && handle_include) { tor_free(k); include_used = 1; + log_notice(LD_CONFIG, "Processing configuration path \"%s\" at " + "recursion level %d.", v, recursion_level); config_line_t *include_list; if (handle_include(v, recursion_level, extended, &include_list, @@ -161,9 +163,6 @@ config_get_lines_aux(const char *string, config_line_t **result, int extended, tor_free(v); return -1; } - log_notice(LD_CONFIG, "Included configuration file or " - "directory at recursion level %d: \"%s\".", - recursion_level, v); *next = include_list; if (list_last) next = &list_last->next; diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c index 392b2f4541..9583093c12 100644 --- a/src/lib/fs/conffile.c +++ b/src/lib/fs/conffile.c @@ -152,6 +152,7 @@ config_process_include(const char *path, int recursion_level, int extended, int rv = -1; SMARTLIST_FOREACH_BEGIN(config_files, const char *, config_file) { + log_notice(LD_CONFIG, "Including configuration file \"%s\".", config_file); config_line_t *included_config = NULL; config_line_t *included_config_last = NULL; if (config_get_included_config(config_file, recursion_level, extended, diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 626a4dc5a5..b917912f4d 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -266,6 +266,11 @@ static int filter_nopar_gen[] = { SCMP_SYS(listen), SCMP_SYS(connect), SCMP_SYS(getsockname), +#ifdef ENABLE_NSS +#ifdef __NR_getpeername + SCMP_SYS(getpeername), +#endif +#endif SCMP_SYS(recvmsg), SCMP_SYS(recvfrom), SCMP_SYS(sendto), @@ -649,6 +654,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } } +#ifdef ENABLE_NSS + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), + SCMP_CMP(0, SCMP_CMP_EQ, PF_INET), + SCMP_CMP(1, SCMP_CMP_EQ, SOCK_STREAM), + SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP)); + if (rc) + return rc; +#endif + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), diff --git a/src/lib/string/compat_ctype.c b/src/lib/string/compat_ctype.c index 2357605021..a7668bfbfb 100644 --- a/src/lib/string/compat_ctype.c +++ b/src/lib/string/compat_ctype.c @@ -29,6 +29,7 @@ const uint32_t TOR_ISPRINT_TABLE[8] = { 0, 0xffffffff, 0xffffffff, 0x7fffffff, 0, 0, 0, 0x0 }; const uint32_t TOR_ISUPPER_TABLE[8] = { 0, 0, 0x7fffffe, 0, 0, 0, 0, 0 }; const uint32_t TOR_ISLOWER_TABLE[8] = { 0, 0, 0, 0x7fffffe, 0, 0, 0, 0 }; +/**@}*/ /** Upper-casing and lowercasing tables to map characters to upper/lowercase * equivalents. Used by tor_toupper() and tor_tolower(). */ diff --git a/src/lib/wallclock/time_to_tm.c b/src/lib/wallclock/time_to_tm.c index dcd3c59c53..8c747b4c7b 100644 --- a/src/lib/wallclock/time_to_tm.c +++ b/src/lib/wallclock/time_to_tm.c @@ -198,3 +198,4 @@ tor_gmtime_r_msg(const time_t *timep, struct tm *result, char **err_out) return correct_tm(0, timep, result, r, err_out); } #endif /* defined(HAVE_GMTIME_R) || ... */ +/**@}*/ diff --git a/src/mainpage.md b/src/mainpage.md index 8a73578819..2c4c494354 100644 --- a/src/mainpage.md +++ b/src/mainpage.md @@ -4,6 +4,9 @@ @section welcome Welcome to Tor +(For an up-to-date rendered copy of this documentation, see +https://src-ref.docs.torproject.org/tor/index.html .) + This documentation describes the general structure of the Tor codebase, how it fits together, what functionality is available for extending Tor, and gives some notes on how Tor got that way. It also includes a reference for diff --git a/src/test/conf_examples/empty_3/expected_log b/src/test/conf_examples/empty_3/expected_log index a42514f37f..e3f2365893 100644 --- a/src/test/conf_examples/empty_3/expected_log +++ b/src/test/conf_examples/empty_3/expected_log @@ -1 +1 @@ -Included configuration .*directory at recursion level 1.*included +Processing configuration path \".*included\" at recursion level 1\. diff --git a/src/test/conf_examples/include_1/expected_log b/src/test/conf_examples/include_1/expected_log index f95cad040d..0791a494d2 100644 --- a/src/test/conf_examples/include_1/expected_log +++ b/src/test/conf_examples/include_1/expected_log @@ -1 +1 @@ -Included configuration file .*at recursion level 2.*nested\.inc +Processing configuration path \".*nested\.inc\" at recursion level 2\. diff --git a/src/test/conf_examples/include_bug_31408/expected_log b/src/test/conf_examples/include_bug_31408/expected_log index a42514f37f..e3f2365893 100644 --- a/src/test/conf_examples/include_bug_31408/expected_log +++ b/src/test/conf_examples/include_bug_31408/expected_log @@ -1 +1 @@ -Included configuration .*directory at recursion level 1.*included +Processing configuration path \".*included\" at recursion level 1\. |