diff options
59 files changed, 436 insertions, 151 deletions
diff --git a/.appveyor.yml b/.appveyor.yml index 818e074a4e..461eacb4a9 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -61,7 +61,12 @@ install: # unprefixed packages are from MSYS2, which is like Cygwin. Avoid them. # # Use pacman --debug to show package downloads and install locations + # + # All installed library dlls must be copied to the test and app + # directories, before running tor's tests. (See below.) #> + Execute-Command "C:\msys64\usr\bin\pacman" -Syu --verbose --noconfirm pacman ; +- ps: >- Execute-Command "C:\msys64\usr\bin\pacman" -Sy --verbose --needed --noconfirm ${env:mingw_prefix}-libevent ${env:mingw_prefix}-openssl ${env:mingw_prefix}-pkg-config ${env:mingw_prefix}-xz ${env:mingw_prefix}-zstd ; build_script: @@ -95,7 +100,18 @@ test_script: $buildpath = @("C:\msys64\${env:compiler_path}\bin") + $oldpath $env:Path = $buildpath -join ';' Set-Location "${env:build}" - Execute-Bash "VERBOSE=1 make -k -j2 check" + <# Some compiler dlls must be copied to the test and app + # directories, before running tor's tests. + #> + Copy-Item "C:/msys64/${env:compiler_path}/bin/libssp-0.dll","C:/msys64/${env:compiler_path}/bin/zlib1.dll" -Destination "${env:build}/src/test" + Copy-Item "C:/msys64/${env:compiler_path}/bin/libssp-0.dll","C:/msys64/${env:compiler_path}/bin/zlib1.dll" -Destination "${env:build}/src/app" + <# All installed library dlls must be copied to the test and app + # directories, before running tor's tests. + # (See install command above.) + #> + Copy-Item "C:/${env:compiler_path}/bin/libcrypto*.dll","C:/${env:compiler_path}/bin/libssl*.dll","C:/${env:compiler_path}/bin/liblzma*.dll","C:/${env:compiler_path}/bin/libevent*.dll","C:/${env:compiler_path}/bin/libzstd*.dll" -Destination "${env:build}/src/test" + Copy-Item "C:/${env:compiler_path}/bin/libcrypto*.dll","C:/${env:compiler_path}/bin/libssl*.dll","C:/${env:compiler_path}/bin/liblzma*.dll","C:/${env:compiler_path}/bin/libevent*.dll","C:/${env:compiler_path}/bin/libzstd*.dll" -Destination "${env:build}/src/app" + Execute-Bash "VERBOSE=1 TOR_SKIP_TESTCASES=crypto/openssl_version make -k -j2 check" } on_finish: diff --git a/.travis.yml b/.travis.yml index 28a45788b4..8bc9898f8f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,32 +39,42 @@ env: matrix: ## include creates builds with gcc, linux, unless we override those defaults include: - ## We run basic tests on macOS + ## We run chutney on macOS, because macOS Travis has IPv6 + - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" + os: osx + + ## We also run basic tests on macOS - compiler: clang os: osx ## Turn off some newer features, turn on clang's -Wtypedef-redefinition env: C_DIALECT_OPTIONS="-std=gnu99" - ## We check NSS - ## Use -std=gnu99 to turn off some newer features, and maybe turn on some - ## extra gcc warnings? - - env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99" + ## We run chutney on Linux, because it's faster than chutney on macOS ## Chutney is a fast job, clang is slower on Linux, so we do Chutney clang - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" compiler: clang + ## We check asciidoc with distcheck, to make sure we remove doc products - ## We use Linux clang, because there are no other Linux clang jobs - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes" - compiler: clang - ## We include a single coverage build with the best options for coverage - - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" + + ## We check disable module dirauth + - env: MODULES_OPTIONS="--disable-module-dirauth" + ## We run rust on Linux, because it's faster than rust on macOS ## We check rust offline - env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true - ## We check asciidoc with distcheck, to make sure we remove doc products - - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes" - ## We check disable module dirauth - - env: MODULES_OPTIONS="--disable-module-dirauth" + + ## We check NSS + ## Use -std=gnu99 to turn off some newer features, and maybe turn on some + ## extra gcc warnings? + - env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99" + + ## We include a single coverage build with the best options for coverage + - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" + + ## We clone our stem repo and run `make test-stem` + - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes" + ## macOS builds are very slow, and we have a limited number of ## concurrent macOS jobs. We're not actively developing Rust, so it is ## the lowest priority. @@ -72,11 +82,6 @@ matrix: #- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" # compiler: clang # os: osx - ## We run chutney on macOS, because macOS Travis has IPv6 - - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" - os: osx - ## We clone our stem repo and run `make test-stem` - - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes" ## Allow the build to report success (with non-required sub-builds ## continuing to run) if all required sub-builds have succeeded. @@ -88,11 +93,17 @@ matrix: ## macOS rust and chutney are very slow, so we let the build finish before ## they are done. We'd like to fast finish, but still eventually show ## any failures in the build status. But Travis doesn't have that ability. - - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" - compiler: clang - os: osx - - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" - os: osx + + ## Since this job is disabled, there's not much point having an exception + ## for it + #- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" + # compiler: clang + # os: osx + + ## Since we're actively developing IPv6, we want to require the IPv6 + ## chutney tests + #- env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" + # os: osx ## (Linux only) Use a recent Linux image (Ubuntu Bionic) dist: bionic @@ -225,7 +236,7 @@ after_failure: ## `make distcheck` puts it somewhere different. - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi - - if [[ "$CHUTNEY" != "" ]]; then ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi + - if [[ "$CHUTNEY" != "" ]]; then "$CHUTNEY_PATH/tools/diagnostics.sh" || echo "diagnostics failed"; ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi - if [[ "$TEST_STEM" != "" ]]; then tail -1000 "$STEM_SOURCE_DIR"/test/data/tor_log || echo "tail failed"; fi - if [[ "$TEST_STEM" != "" ]]; then grep -v "SocketClosed" stem.log | tail -1000 || echo "grep | tail failed"; fi diff --git a/changes/bug32884 b/changes/bug32884 new file mode 100644 index 0000000000..9ab1d24464 --- /dev/null +++ b/changes/bug32884 @@ -0,0 +1,5 @@ + o Minor bugfixes (embedded Tor): + - When starting Tor any time after the first time in a process, register + the thread in which it is running as the main thread. Previously, we + only did this on Windows, which could lead to bugs like 23081 on + non-Windows platforms. Fixes bug 32884; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug33093_logging b/changes/bug33093_logging new file mode 100644 index 0000000000..e26e4a64af --- /dev/null +++ b/changes/bug33093_logging @@ -0,0 +1,5 @@ + o Minor bugfixes (logging): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. Previously we + would log with every occurrence, which could cause us to run out of + disk space. Fixes bug 33093; bugfix on 0.3.2.2-alpha. diff --git a/changes/bug33673 b/changes/bug33673 new file mode 100644 index 0000000000..37c00f2e6e --- /dev/null +++ b/changes/bug33673 @@ -0,0 +1,6 @@ + o Testing: + - In our Appveyor Windows CI, copy required DLLs to test and app, before + running tor's tests. This ensures that tor.exe and test*.exe use the + correct version of each DLL. This fix is not required, but we hope it + will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. diff --git a/changes/bug34078 b/changes/bug34078 new file mode 100644 index 0000000000..1015d24547 --- /dev/null +++ b/changes/bug34078 @@ -0,0 +1,5 @@ + o Minor bugfixes (compiler compatibility): + - Avoid compiler warnings from Clang 10 related to the use of + GCC-style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using now. + Fixes bug 34078; bugfix on 0.3.1.3-alpha. diff --git a/changes/ticket28992 b/changes/ticket28992 new file mode 100644 index 0000000000..3e45d73e45 --- /dev/null +++ b/changes/ticket28992 @@ -0,0 +1,3 @@ + o Minor bugfixes (onion service v3, client): + - Remove a BUG() that is causing a stacktrace for a situation that very + rarely happens but still can. Fixes bug 28992; bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket32792 b/changes/ticket32792 new file mode 100644 index 0000000000..553cf0ca81 --- /dev/null +++ b/changes/ticket32792 @@ -0,0 +1,3 @@ + o Testing: + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool + to produce detailed diagnostic output. Closes ticket 32792. diff --git a/changes/ticket33119 b/changes/ticket33119 new file mode 100644 index 0000000000..11c20bc7a2 --- /dev/null +++ b/changes/ticket33119 @@ -0,0 +1,8 @@ + o Major bugfixes (security, denial-of-service): + - Fix a denial-of-service bug that could be used by anyone to consume a + bunch of CPU on any Tor relay or authority, or by directories to + consume a bunch of CPU on clients or hidden services. Because + of the potential for CPU consumption to introduce observable + timing patterns, we are treating this as a high-severity security + issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking + this issue as TROVE-2020-002. diff --git a/changes/ticket33194 b/changes/ticket33194 new file mode 100644 index 0000000000..b87e55348e --- /dev/null +++ b/changes/ticket33194 @@ -0,0 +1,4 @@ + o Testing: + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed. Putting the slowest jobs first + takes full advantage of Travis job concurrency. Closes ticket 33194. diff --git a/changes/ticket33195 b/changes/ticket33195 new file mode 100644 index 0000000000..11abd4816e --- /dev/null +++ b/changes/ticket33195 @@ -0,0 +1,4 @@ + o Testing: + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires allow_failure), to + speed up the build. Closes ticket 33195. diff --git a/changes/ticket33491 b/changes/ticket33491 new file mode 100644 index 0000000000..595ea863ea --- /dev/null +++ b/changes/ticket33491 @@ -0,0 +1,6 @@ + o Major bugfixes (DoS defenses, bridges, pluggable transport): + - DoS subsystem was not given the transport name of the client connection + when tor is a bridge and thus failing to find the GeoIP cache entry for + that client address. This resulted in failing to apply DoS defenses on + bridges with a pluggable transport. Fixes bug 33491; bugfix on + 0.3.3.2-alpha. diff --git a/changes/ticket33643 b/changes/ticket33643 new file mode 100644 index 0000000000..7fddab74eb --- /dev/null +++ b/changes/ticket33643 @@ -0,0 +1,5 @@ + o Minor features (testing): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment variable + to specify a list of space-separated test cases that should not be + executed. We will use this to disable certain tests that are failing on + Appveyor because of mismatched OpenSSL libraries. Part of ticket 33643. diff --git a/changes/ticket33643_part2 b/changes/ticket33643_part2 new file mode 100644 index 0000000000..28193d2af5 --- /dev/null +++ b/changes/ticket33643_part2 @@ -0,0 +1,3 @@ + o Testing (CI): + - On appveyor, skip the crypto/openssl_version test, which is failing + because of a mismatched library installation. Fix for 33643. diff --git a/changes/trove_2020_003 b/changes/trove_2020_003 new file mode 100644 index 0000000000..aa1a8f1c78 --- /dev/null +++ b/changes/trove_2020_003 @@ -0,0 +1,4 @@ + o Minor bugfixes (onion services v3): + - Fix assertion failure that could result from a corrupted ADD_ONION control + port command. Found by Saibato. Fixes bug 33137; bugfix on + 0.3.3.1-alpha. This issue is also being tracked as TROVE-2020-003. diff --git a/configure.ac b/configure.ac index 834fea073a..5f66d8c37e 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.3.5.9-dev]) +AC_INIT([tor],[0.3.5.10-dev]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -356,6 +356,22 @@ if test "$tor_cv_c_c99_designated_init" != "yes"; then AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x]) fi +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_CHECK([for __attribute__((fallthrough))], + tor_cv_c_attr_fallthrough, + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([extern int x; void fn(void) ;], + [[ switch (x) { case 1: fn(); __attribute__((fallthrough)); + case 2: fn(); break; } ]])], + [tor_cv_c_attr_fallthrough=yes], + [tor_cv_c_attr_fallthrough=no] )]) +CFLAGS="$saved_CFLAGS" + +if test "$tor_cv_c_attr_fallthrough" = "yes"; then + AC_DEFINE(HAVE_ATTR_FALLTHROUGH, [1], [defined if we have the fallthrough attribute.]) +fi + TORUSER=_tor AC_ARG_WITH(tor-user, AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]), diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 9eeb328223..7252e7eb76 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.3.5.9-dev" +!define VERSION "0.3.5.10-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/app/config/confparse.c b/src/app/config/confparse.c index 729e7a4478..efa0c19fa6 100644 --- a/src/app/config/confparse.c +++ b/src/app/config/confparse.c @@ -179,7 +179,7 @@ config_assign_value(const config_format_t *fmt, void *options, *(int *)lvalue = CFG_AUTO_PORT; break; } - /* fall through */ + FALLTHROUGH; case CONFIG_TYPE_INT: case CONFIG_TYPE_UINT: i = (int)tor_parse_long(c->value, 10, @@ -577,7 +577,7 @@ config_get_assigned_option(const config_format_t *fmt, const void *options, escape_val = 0; break; } - /* fall through */ + FALLTHROUGH; case CONFIG_TYPE_CSV_INTERVAL: case CONFIG_TYPE_INTERVAL: case CONFIG_TYPE_MSEC_INTERVAL: @@ -588,7 +588,7 @@ config_get_assigned_option(const config_format_t *fmt, const void *options, tor_asprintf(&result->value, "%d", *(int*)value); escape_val = 0; /* Can't need escape. */ break; - case CONFIG_TYPE_UINT64: /* Fall through */ + case CONFIG_TYPE_UINT64: FALLTHROUGH; case CONFIG_TYPE_MEMUNIT: tor_asprintf(&result->value, "%"PRIu64, (*(uint64_t*)value)); @@ -605,7 +605,7 @@ config_get_assigned_option(const config_format_t *fmt, const void *options, escape_val = 0; break; } - /* fall through */ + FALLTHROUGH; case CONFIG_TYPE_BOOL: result->value = tor_strdup(*(int*)value ? "1" : "0"); escape_val = 0; /* Can't need escape. */ diff --git a/src/core/or/channel.c b/src/core/or/channel.c index fd7bf62789..3886906875 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan) tor_free(transport_name); /* Notify the DoS subsystem of a new client. */ if (tlschan && tlschan->conn) { - dos_new_client_conn(tlschan->conn); + dos_new_client_conn(tlschan->conn, transport_name); } } /* Otherwise the underlying transport can't tell us this, so skip it */ diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index 4db283d20e..f874e39946 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -1238,7 +1238,7 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn) /* But that should be happening any longer've disabled bufferevents. */ tor_assert_nonfatal_unreached_once(); - /* fall through */ + FALLTHROUGH; case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: if (!(command_allowed_before_handshake(var_cell->command))) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index 21369fb538..f3a5791d6c 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -2106,7 +2106,7 @@ choose_good_exit_server(origin_circuit_t *circ, /* For these three, we want to pick the exit like a middle hop, * since it should be random. */ tor_assert_nonfatal(is_internal); - /* Falls through */ + FALLTHROUGH; case CIRCUIT_PURPOSE_C_GENERAL: if (is_internal) /* pick it like a middle hop */ return router_choose_random_node(NULL, options->ExcludeNodes, flags); diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index 145004c71d..be5ac3b7f6 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -787,7 +787,7 @@ circuit_purpose_to_controller_hs_state_string(uint8_t purpose) "Unrecognized circuit purpose: %d", (int)purpose); tor_fragile_assert(); - /* fall through */ + FALLTHROUGH; case CIRCUIT_PURPOSE_OR: case CIRCUIT_PURPOSE_C_GENERAL: @@ -2738,7 +2738,7 @@ assert_cpath_layer_ok(const crypt_path_t *cp) { case CPATH_STATE_OPEN: relay_crypto_assert_ok(&cp->crypto); - /* fall through */ + FALLTHROUGH; case CPATH_STATE_CLOSED: /*XXXX Assert that there's no handshake_state either. */ tor_assert(!cp->rend_dh_handshake_state); diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index 000a7c36da..7273be3510 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -780,7 +780,7 @@ circuit_expire_building(void) TO_ORIGIN_CIRCUIT(victim)->build_state->pending_final_cpath == NULL) break; - /* fallthrough! */ + FALLTHROUGH; case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT: case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: /* If we have reached this line, we want to spare the circ for now. */ diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 90991107dc..67a772be08 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -324,7 +324,7 @@ connection_edge_process_inbuf(edge_connection_t *conn, int package_partial) } /* Fall through if the connection is on a circuit without optimistic * data support. */ - /* Falls through. */ + FALLTHROUGH; case EXIT_CONN_STATE_CONNECTING: case AP_CONN_STATE_RENDDESC_WAIT: case AP_CONN_STATE_CIRCUIT_WAIT: diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 5f9bbf90ab..d06eaa6d05 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -671,7 +671,7 @@ dos_log_heartbeat(void) /* Called when a new client connection has been established on the given * address. */ void -dos_new_client_conn(or_connection_t *or_conn) +dos_new_client_conn(or_connection_t *or_conn, const char *transport_name) { clientmap_entry_t *entry; @@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn) } /* We are only interested in client connection from the geoip cache. */ - entry = geoip_lookup_client(&or_conn->real_addr, NULL, + entry = geoip_lookup_client(&or_conn->real_addr, transport_name, GEOIP_CLIENT_CONNECT); if (BUG(entry == NULL)) { /* Should never happen because we note down the address in the geoip diff --git a/src/core/or/dos.h b/src/core/or/dos.h index 95448d0530..058b7afce6 100644 --- a/src/core/or/dos.h +++ b/src/core/or/dos.h @@ -53,7 +53,8 @@ int dos_enabled(void); void dos_log_heartbeat(void); void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent); -void dos_new_client_conn(or_connection_t *or_conn); +void dos_new_client_conn(or_connection_t *or_conn, + const char *transport_name); void dos_close_client_conn(const or_connection_t *or_conn); int dos_should_refuse_single_hop_client(void); diff --git a/src/core/or/onion.c b/src/core/or/onion.c index aa77465b96..aeddedd807 100644 --- a/src/core/or/onion.c +++ b/src/core/or/onion.c @@ -509,7 +509,7 @@ create_cell_format_impl(cell_t *cell_out, const create_cell_t *cell_in, p += 16; space -= 16; } - /* Fall through */ + FALLTHROUGH; case CELL_CREATE_FAST: tor_assert(cell_in->handshake_len <= space); memcpy(p, cell_in->onionskin, cell_in->handshake_len); diff --git a/src/core/or/reasons.c b/src/core/or/reasons.c index a7952279ba..e21bfa670a 100644 --- a/src/core/or/reasons.c +++ b/src/core/or/reasons.c @@ -489,7 +489,7 @@ end_reason_to_http_connect_response_line(int endreason) return "HTTP/1.0 502 Bad Gateway (tor protocol violation)\r\n\r\n"; case END_STREAM_REASON_ENTRYPOLICY: return "HTTP/1.0 403 Forbidden (entry policy violation)\r\n\r\n"; - case END_STREAM_REASON_NOTDIRECTORY: /* Fall Through */ + case END_STREAM_REASON_NOTDIRECTORY: FALLTHROUGH; default: tor_assert_nonfatal_unreached(); return "HTTP/1.0 500 Internal Server Error (weird end reason)\r\n\r\n"; diff --git a/src/core/or/relay.c b/src/core/or/relay.c index dc88a6f649..f5fc1cfbb3 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -866,7 +866,7 @@ connection_ap_process_end_not_open( break; /* break means it'll close, below */ /* Else fall through: expire this circuit, clear the * chosen_exit_name field, and try again. */ - /* Falls through. */ + FALLTHROUGH; case END_STREAM_REASON_RESOLVEFAILED: case END_STREAM_REASON_TIMEOUT: case END_STREAM_REASON_MISC: diff --git a/src/core/or/scheduler.c b/src/core/or/scheduler.c index f85201b7d5..9f1a27d501 100644 --- a/src/core/or/scheduler.c +++ b/src/core/or/scheduler.c @@ -192,7 +192,7 @@ get_scheduler_type_string(scheduler_types_t type) case SCHEDULER_KIST_LITE: return "KISTLite"; case SCHEDULER_NONE: - /* fallthrough */ + FALLTHROUGH; default: tor_assert_unreached(); return "(N/A)"; @@ -288,7 +288,7 @@ select_scheduler(void) scheduler_kist_set_lite_mode(); goto end; case SCHEDULER_NONE: - /* fallthrough */ + FALLTHROUGH; default: /* Our option validation should have caught this. */ tor_assert_unreached(); diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 8b78ed44c2..c7bf13b9f4 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -856,7 +856,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, case SOCKS_RESULT_TRUNCATED: if (datalen == n_pullup) return 0; - /* FALLTHRU */ + FALLTHROUGH; case SOCKS_RESULT_MORE_EXPECTED: res = 0; break; @@ -962,7 +962,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, strlcpy((char*)req->reply, SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG, MAX_SOCKS_REPLY_LEN); req->replylen = strlen((char*)req->reply)+1; - /* fall through */ + FALLTHROUGH; default: /* version is not socks4 or socks5 */ log_warn(LD_APP, "Socks version %d not recognized. (This port is not an " @@ -1067,7 +1067,10 @@ parse_socks_client(const uint8_t *data, size_t datalen, log_info(LD_NET, "SOCKS 5 client: need authentication."); *drain_out = -1; return 2; - /* fall through */ + default: + /* This wasn't supposed to be exhaustive; there are other + * authentication methods too. */ + ; } *reason = tor_strdup("server doesn't support any of our available " diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c index a6a9846db4..a65b6fcbe6 100644 --- a/src/ext/csiphash.c +++ b/src/ext/csiphash.c @@ -88,13 +88,13 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k } switch (src_sz - blocks) { - case 7: last7 |= (uint64_t)m[i + 6] << 48; /* Falls through. */ - case 6: last7 |= (uint64_t)m[i + 5] << 40; /* Falls through. */ - case 5: last7 |= (uint64_t)m[i + 4] << 32; /* Falls through. */ - case 4: last7 |= (uint64_t)m[i + 3] << 24; /* Falls through. */ - case 3: last7 |= (uint64_t)m[i + 2] << 16; /* Falls through. */ - case 2: last7 |= (uint64_t)m[i + 1] << 8; /* Falls through. */ - case 1: last7 |= (uint64_t)m[i + 0] ; /* Falls through. */ + case 7: last7 |= (uint64_t)m[i + 6] << 48; FALLTHROUGH; + case 6: last7 |= (uint64_t)m[i + 5] << 40; FALLTHROUGH; + case 5: last7 |= (uint64_t)m[i + 4] << 32; FALLTHROUGH; + case 4: last7 |= (uint64_t)m[i + 3] << 24; FALLTHROUGH; + case 3: last7 |= (uint64_t)m[i + 2] << 16; FALLTHROUGH; + case 2: last7 |= (uint64_t)m[i + 1] << 8; FALLTHROUGH; + case 1: last7 |= (uint64_t)m[i + 0] ; FALLTHROUGH; case 0: default:; } diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c index 7f5ab398d8..a5bb6f4e21 100644 --- a/src/ext/ed25519/donna/ed25519_tor.c +++ b/src/ext/ed25519/donna/ed25519_tor.c @@ -35,6 +35,9 @@ #define ED25519_FN(fn) ED25519_FN2(fn,ED25519_SUFFIX) #include "orconfig.h" + +#include "lib/cc/compat_compiler.h" + #include "ed25519-donna.h" #include "ed25519_donna_tor.h" #include "ed25519-randombytes.h" @@ -366,4 +369,3 @@ ed25519_donna_scalarmult_with_group_order(unsigned char *out, } #include "test-internals.c" - diff --git a/src/ext/ed25519/donna/modm-donna-32bit.h b/src/ext/ed25519/donna/modm-donna-32bit.h index 0ef9e58fa1..5934d9ca9d 100644 --- a/src/ext/ed25519/donna/modm-donna-32bit.h +++ b/src/ext/ed25519/donna/modm-donna-32bit.h @@ -385,14 +385,14 @@ sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm size_t i = 0; bignum256modm_element_t carry = 0; switch (limbsize) { - case 8: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 7: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 6: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 5: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 4: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ + case 8: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 7: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 6: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 5: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 4: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; case 0: default: out[i] = (a[i] - b[i]) - carry; } @@ -403,14 +403,14 @@ sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm static int lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) { switch (limbsize) { - case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; /* Falls through. */ - case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; /* Falls through. */ - case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; /* Falls through. */ - case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; /* Falls through. */ - case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; /* Falls through. */ - case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; /* Falls through. */ - case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; /* Falls through. */ - case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; /* Falls through. */ + case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; FALLTHROUGH; + case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; FALLTHROUGH; + case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; FALLTHROUGH; + case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; FALLTHROUGH; + case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; FALLTHROUGH; + case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; FALLTHROUGH; + case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; FALLTHROUGH; + case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; FALLTHROUGH; case 0: if (a[0] > b[0]) return 0; if (a[0] < b[0]) return 1; } return 0; @@ -420,14 +420,14 @@ lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) static int lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) { switch (limbsize) { - case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; /* Falls through. */ - case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; /* Falls through. */ - case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; /* Falls through. */ - case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; /* Falls through. */ - case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; /* Falls through. */ - case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; /* Falls through. */ - case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; /* Falls through. */ - case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; /* Falls through. */ + case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; FALLTHROUGH; + case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; FALLTHROUGH; + case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; FALLTHROUGH; + case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; FALLTHROUGH; + case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; FALLTHROUGH; + case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; FALLTHROUGH; + case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; FALLTHROUGH; + case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; FALLTHROUGH; case 0: if (a[0] > b[0]) return 0; if (a[0] < b[0]) return 1; } return 1; diff --git a/src/ext/ed25519/donna/modm-donna-64bit.h b/src/ext/ed25519/donna/modm-donna-64bit.h index 06c98e3039..aa361afdbc 100644 --- a/src/ext/ed25519/donna/modm-donna-64bit.h +++ b/src/ext/ed25519/donna/modm-donna-64bit.h @@ -294,10 +294,10 @@ sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm size_t i = 0; bignum256modm_element_t carry = 0; switch (limbsize) { - case 4: out[i] = (a[i] - b[i]) ; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ - case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ - case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ - case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ + case 4: out[i] = (a[i] - b[i]) ; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; + case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; + case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; + case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; case 0: default: out[i] = (a[i] - b[i]) - carry; } @@ -310,10 +310,10 @@ lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) size_t i = 0; bignum256modm_element_t t, carry = 0; switch (limbsize) { - case 4: t = (a[i] - b[i]) ; carry = (t >> 63); i++; /* Falls through. */ - case 3: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 2: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 1: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ + case 4: t = (a[i] - b[i]) ; carry = (t >> 63); i++; FALLTHROUGH; + case 3: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 2: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 1: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; case 0: t = (a[i] - b[i]) - carry; carry = (t >> 63); } return (int)carry; @@ -325,10 +325,10 @@ lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) size_t i = 0; bignum256modm_element_t t, carry = 0; switch (limbsize) { - case 4: t = (b[i] - a[i]) ; carry = (t >> 63); i++; /* Falls through. */ - case 3: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 2: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 1: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ + case 4: t = (b[i] - a[i]) ; carry = (t >> 63); i++; FALLTHROUGH; + case 3: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 2: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 1: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; case 0: t = (b[i] - a[i]) - carry; carry = (t >> 63); } return (int)!carry; diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 1bfb62538e..7c2159ce84 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -2263,7 +2263,7 @@ entry_guards_note_guard_success(guard_selection_t *gs, break; default: tor_assert_nonfatal_unreached(); - /* Fall through. */ + FALLTHROUGH; case GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD: if (guard->is_primary) { /* XXXX #20832 -- I don't actually like this logic. It seems to make diff --git a/src/feature/control/control.c b/src/feature/control/control.c index cc7ecff2ff..26ac12d307 100644 --- a/src/feature/control/control.c +++ b/src/feature/control/control.c @@ -4934,7 +4934,7 @@ handle_control_add_onion(control_connection_t *conn, case RSAE_BADAUTH: connection_printf_to_buf(conn, "512 Invalid client authorization\r\n"); break; - case RSAE_INTERNAL: /* FALLSTHROUGH */ + case RSAE_INTERNAL: FALLTHROUGH; default: connection_printf_to_buf(conn, "551 Failed to add Onion Service\r\n"); } diff --git a/src/feature/dirauth/keypin.c b/src/feature/dirauth/keypin.c index 667feb2c03..06cb9ba1ff 100644 --- a/src/feature/dirauth/keypin.c +++ b/src/feature/dirauth/keypin.c @@ -267,7 +267,7 @@ keypin_add_or_replace_entry_in_map(keypin_ent_t *ent) } tor_free(ent2); r = -1; - /* Fall through */ + /* Note lack of return here: we fall through to the next line. */ } keypin_add_entry_to_map(ent); diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c index 0fd1a47017..6725fc3369 100644 --- a/src/feature/dirclient/dirclient.c +++ b/src/feature/dirclient/dirclient.c @@ -1369,7 +1369,7 @@ directory_initiate_request,(directory_request_t *request)) case 1: /* start flushing conn */ conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING; - /* fall through */ + FALLTHROUGH; case 0: /* queue the command on the outbuf */ directory_send_command(conn, 1, request); diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c index 632f5adff0..1664a77bbe 100644 --- a/src/feature/dirparse/parsecommon.c +++ b/src/feature/dirparse/parsecommon.c @@ -222,7 +222,7 @@ token_check_object(memarea_t *area, const char *kwd, kwd, crypto_pk_num_bits(tok->key)); RET_ERR(ebuf); } - /* fall through */ + FALLTHROUGH; case NEED_KEY: /* There must be some kind of key. */ if (!tok->key) { tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd); @@ -384,12 +384,19 @@ get_next_token(memarea_t *area, RET_ERR("Couldn't parse object: missing footer or object much too big."); if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */ + if (o_syn != NEED_KEY && o_syn != NEED_KEY_1024 && o_syn != OBJ_OK) { + RET_ERR("Unexpected public key."); + } tok->key = crypto_pk_new(); if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart)) RET_ERR("Couldn't parse public key."); } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */ + if (o_syn != NEED_SKEY_1024 && o_syn != OBJ_OK) { + RET_ERR("Unexpected private key."); + } tok->key = crypto_pk_new(); - if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart)) + if (crypto_pk_read_private_key1024_from_string(tok->key, + obstart, eol-obstart)) RET_ERR("Couldn't parse private key."); } else { /* If it's something else, try to base64-decode it */ int r; diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index fd2d266453..c65f857419 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -596,9 +596,14 @@ send_introduce1(origin_circuit_t *intro_circ, /* We need to find which intro point in the descriptor we are connected to * on intro_circ. */ ip = find_desc_intro_point_by_ident(intro_circ->hs_ident, desc); - if (BUG(ip == NULL)) { - /* If we can find a descriptor from this introduction circuit ident, we - * must have a valid intro point object. Permanent error. */ + if (ip == NULL) { + /* The following is possible if the descriptor was changed while we had + * this introduction circuit open and waiting for the rendezvous circuit to + * be ready. Which results in this situation where we can't find the + * corresponding intro point within the descriptor of the service. */ + log_info(LD_REND, "Unable to find introduction point for service %s " + "while trying to send an INTRODUCE1 cell.", + safe_str_client(onion_address)); goto perm_err; } @@ -1275,7 +1280,7 @@ hs_client_decode_descriptor(const char *desc_str, uint8_t subcredential[DIGEST256_LEN]; ed25519_public_key_t blinded_pubkey; hs_client_service_authorization_t *client_auth = NULL; - curve25519_secret_key_t *client_auht_sk = NULL; + curve25519_secret_key_t *client_auth_sk = NULL; tor_assert(desc_str); tor_assert(service_identity_pk); @@ -1284,7 +1289,7 @@ hs_client_decode_descriptor(const char *desc_str, /* Check if we have a client authorization for this service in the map. */ client_auth = find_client_auth(service_identity_pk); if (client_auth) { - client_auht_sk = &client_auth->enc_seckey; + client_auth_sk = &client_auth->enc_seckey; } /* Create subcredential for this HS so that we can decrypt */ @@ -1297,7 +1302,7 @@ hs_client_decode_descriptor(const char *desc_str, /* Parse descriptor */ ret = hs_desc_decode_descriptor(desc_str, subcredential, - client_auht_sk, desc); + client_auth_sk, desc); memwipe(subcredential, 0, sizeof(subcredential)); if (ret < 0) { goto err; diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 7e150599fc..6d32cae86c 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3578,6 +3578,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, goto err; } + if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) { + log_warn(LD_CONFIG, "Bad ed25519 private key was provided"); + ret = RSAE_BADPRIVKEY; + goto err; + } + /* Make sure we have at least one port. */ if (smartlist_len(service->config.ports) == 0) { log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified " diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index cc9f4cf490..e20a39482f 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -546,9 +546,9 @@ send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type, break; } else { answer_type = RESOLVED_TYPE_ERROR; - /* fall through. */ + /* We let this fall through and treat it as an error. */ } - /* Falls through. */ + FALLTHROUGH; case RESOLVED_TYPE_ERROR_TRANSIENT: case RESOLVED_TYPE_ERROR: { diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 4ca783c7c3..cde954da95 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -819,7 +819,7 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro, log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.", failure_type); tor_fragile_assert(); - /* fall through */ + FALLTHROUGH; case INTRO_POINT_FAILURE_GENERIC: rend_cache_intro_failure_note(failure_type, (uint8_t *)failed_intro->identity_digest, diff --git a/src/lib/cc/compat_compiler.h b/src/lib/cc/compat_compiler.h index 3a0f307186..fbe6a38f1f 100644 --- a/src/lib/cc/compat_compiler.h +++ b/src/lib/cc/compat_compiler.h @@ -50,6 +50,12 @@ #define CHECK_SCANF(formatIdx, firstArg) #endif /* defined(__GNUC__) */ +#if defined(HAVE_ATTR_FALLTHROUGH) +#define FALLTHROUGH __attribute__((fallthrough)) +#else +#define FALLTHROUGH +#endif + /* What GCC do we have? */ #ifdef __GNUC__ #define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__) diff --git a/src/lib/crypt_ops/crypto_digest.c b/src/lib/crypt_ops/crypto_digest.c index 26f06c6c79..de81b87b7e 100644 --- a/src/lib/crypt_ops/crypto_digest.c +++ b/src/lib/crypt_ops/crypto_digest.c @@ -50,8 +50,8 @@ digest_alg_to_nss_oid(digest_algorithm_t alg) case DIGEST_SHA1: return SEC_OID_SHA1; case DIGEST_SHA256: return SEC_OID_SHA256; case DIGEST_SHA512: return SEC_OID_SHA512; - case DIGEST_SHA3_256: /* Fall through */ - case DIGEST_SHA3_512: /* Fall through */ + case DIGEST_SHA3_256: FALLTHROUGH; + case DIGEST_SHA3_512: FALLTHROUGH; default: return SEC_OID_UNKNOWN; } @@ -98,12 +98,12 @@ static bool library_supports_digest(digest_algorithm_t alg) { switch (alg) { - case DIGEST_SHA1: /* Fall through */ - case DIGEST_SHA256: /* Fall through */ - case DIGEST_SHA512: /* Fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; + case DIGEST_SHA512: return true; - case DIGEST_SHA3_256: /* Fall through */ - case DIGEST_SHA3_512: /* Fall through */ + case DIGEST_SHA3_256: FALLTHROUGH; + case DIGEST_SHA3_512: FALLTHROUGH; default: return false; } @@ -313,8 +313,8 @@ crypto_digest_alloc_bytes(digest_algorithm_t alg) STRUCT_FIELD_SIZE(crypto_digest_t, f)) switch (alg) { #ifdef ENABLE_NSS - case DIGEST_SHA1: /* Fall through */ - case DIGEST_SHA256: /* Fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; case DIGEST_SHA512: return END_OF_FIELD(d.ctx); #else @@ -349,8 +349,8 @@ crypto_digest_new_internal(digest_algorithm_t algorithm) switch (algorithm) { #ifdef ENABLE_NSS - case DIGEST_SHA1: /* fall through */ - case DIGEST_SHA256: /* fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; case DIGEST_SHA512: r->d.ctx = PK11_CreateDigestContext(digest_alg_to_nss_oid(algorithm)); if (BUG(!r->d.ctx)) { @@ -451,8 +451,8 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, */ switch (digest->algorithm) { #ifdef ENABLE_NSS - case DIGEST_SHA1: /* fall through */ - case DIGEST_SHA256: /* fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; case DIGEST_SHA512: tor_assert(len <= UINT_MAX); SECStatus s = PK11_DigestOp(digest->d.ctx, @@ -471,7 +471,7 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, SHA512_Update(&digest->d.sha512, (void*)data, len); break; #endif - case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len); break; @@ -540,7 +540,7 @@ crypto_digest_get_digest(crypto_digest_t *digest, SHA512_Final(r, &tmpenv.d.sha512); break; //LCOV_EXCL_START - case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: default: log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm); diff --git a/src/lib/crypt_ops/crypto_ed25519.c b/src/lib/crypt_ops/crypto_ed25519.c index 400f963898..0a442bb739 100644 --- a/src/lib/crypt_ops/crypto_ed25519.c +++ b/src/lib/crypt_ops/crypto_ed25519.c @@ -795,7 +795,7 @@ ed25519_point_is_identity_element(const uint8_t *point) int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey) { - uint8_t result[32] = {9}; + uint8_t result[32] = {0}; /* First check that we were not given the identity element */ if (ed25519_point_is_identity_element(pubkey->pubkey)) { diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c index c9189b0dfc..8fd8a8aa7b 100644 --- a/src/lib/crypt_ops/crypto_rsa.c +++ b/src/lib/crypt_ops/crypto_rsa.c @@ -490,7 +490,7 @@ crypto_pk_write_private_key_to_string(crypto_pk_t *env, static int crypto_pk_read_from_string_generic(crypto_pk_t *env, const char *src, size_t len, int severity, - bool private_key) + bool private_key, int max_bits) { if (len == (size_t)-1) // "-1" indicates "use the length of the string." len = strlen(src); @@ -510,7 +510,7 @@ crypto_pk_read_from_string_generic(crypto_pk_t *env, const char *src, } crypto_pk_t *pk = private_key - ? crypto_pk_asn1_decode_private((const char*)buf, n) + ? crypto_pk_asn1_decode_private((const char*)buf, n, max_bits) : crypto_pk_asn1_decode((const char*)buf, n); if (! pk) { log_fn(severity, LD_CRYPTO, @@ -539,7 +539,8 @@ int crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src, size_t len) { - return crypto_pk_read_from_string_generic(env, src, len, LOG_INFO, false); + return crypto_pk_read_from_string_generic(env, src, len, LOG_INFO, false, + -1); } /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>src</b> @@ -550,7 +551,21 @@ int crypto_pk_read_private_key_from_string(crypto_pk_t *env, const char *src, ssize_t len) { - return crypto_pk_read_from_string_generic(env, src, len, LOG_INFO, true); + return crypto_pk_read_from_string_generic(env, src, len, LOG_INFO, true, + -1); +} + +/** + * As crypto_pk_read_private_key_from_string(), but reject any key + * with a modulus longer than 1024 bits before doing any expensive + * validation on it. + */ +int +crypto_pk_read_private_key1024_from_string(crypto_pk_t *env, + const char *src, ssize_t len) +{ + return crypto_pk_read_from_string_generic(env, src, len, LOG_INFO, true, + 1024); } /** If a file is longer than this, we won't try to decode its private key */ @@ -578,7 +593,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_t *env, } int rv = crypto_pk_read_from_string_generic(env, buf, (ssize_t)st.st_size, - LOG_WARN, true); + LOG_WARN, true, -1); if (rv < 0) { log_warn(LD_CRYPTO, "Unable to decode private key from file %s", escaped(keyfile)); @@ -662,7 +677,7 @@ crypto_pk_base64_decode_private(const char *str, size_t len) goto out; } - pk = crypto_pk_asn1_decode_private(der, der_len); + pk = crypto_pk_asn1_decode_private(der, der_len, -1); out: memwipe(der, 0, len+1); diff --git a/src/lib/crypt_ops/crypto_rsa.h b/src/lib/crypt_ops/crypto_rsa.h index c1ea767f85..6d9cc8d30e 100644 --- a/src/lib/crypt_ops/crypto_rsa.h +++ b/src/lib/crypt_ops/crypto_rsa.h @@ -61,6 +61,8 @@ int crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src, size_t len); int crypto_pk_read_private_key_from_string(crypto_pk_t *env, const char *s, ssize_t len); +int crypto_pk_read_private_key1024_from_string(crypto_pk_t *env, + const char *src, ssize_t len); int crypto_pk_write_private_key_to_filename(crypto_pk_t *env, const char *fname); @@ -95,7 +97,8 @@ int crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len); crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len); int crypto_pk_asn1_encode_private(const crypto_pk_t *pk, char *dest, size_t dest_len); -crypto_pk_t *crypto_pk_asn1_decode_private(const char *str, size_t len); +crypto_pk_t *crypto_pk_asn1_decode_private(const char *str, size_t len, + int max_bits); int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space); int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out); void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in); diff --git a/src/lib/crypt_ops/crypto_rsa_nss.c b/src/lib/crypt_ops/crypto_rsa_nss.c index ad2ad38b66..7abf6716f0 100644 --- a/src/lib/crypt_ops/crypto_rsa_nss.c +++ b/src/lib/crypt_ops/crypto_rsa_nss.c @@ -679,9 +679,12 @@ crypto_pk_asn1_encode_private(const crypto_pk_t *pk, /** Given a buffer containing the DER representation of the * private key <b>str</b>, decode and return the result on success, or NULL * on failure. + * + * If <b>max_bits</b> is nonnegative, reject any key longer than max_bits + * without performing any expensive validation on it. */ crypto_pk_t * -crypto_pk_asn1_decode_private(const char *str, size_t len) +crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits) { tor_assert(str); tor_assert(len < INT_MAX); @@ -731,6 +734,15 @@ crypto_pk_asn1_decode_private(const char *str, size_t len) output = NULL; } + if (output) { + const int bits = SECKEY_PublicKeyStrengthInBits(output->pubkey); + if (max_bits >= 0 && bits > max_bits) { + log_info(LD_CRYPTO, "Private key longer than expected."); + crypto_pk_free(output); + output = NULL; + } + } + if (slot) PK11_FreeSlot(slot); diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c index fbdc76ccd6..17eae24cc2 100644 --- a/src/lib/crypt_ops/crypto_rsa_openssl.c +++ b/src/lib/crypt_ops/crypto_rsa_openssl.c @@ -33,6 +33,7 @@ ENABLE_GCC_WARNING(redundant-decls) #include "lib/encoding/binascii.h" #include <string.h> +#include <stdbool.h> /** Declaration for crypto_pk_t structure. */ struct crypto_pk_t @@ -564,11 +565,71 @@ crypto_pk_asn1_encode_private(const crypto_pk_t *pk, char *dest, return len; } +/** Check whether any component of a private key is too large in a way that + * seems likely to make verification too expensive. Return true if it's too + * long, and false otherwise. */ +static bool +rsa_private_key_too_long(RSA *rsa, int max_bits) +{ + const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; +#ifdef OPENSSL_1_1_API + +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) + n = RSA_get0_n(rsa); + e = RSA_get0_e(rsa); + p = RSA_get0_p(rsa); + q = RSA_get0_q(rsa); + d = RSA_get0_d(rsa); + dmp1 = RSA_get0_dmp1(rsa); + dmq1 = RSA_get0_dmq1(rsa); + iqmp = RSA_get0_iqmp(rsa); +#else + /* The accessors above did not exist in openssl 1.1.0. */ + p = q = dmp1 = dmq1 = iqmp = NULL; + RSA_get0_key(rsa, &n, &e, &d); +#endif + + if (RSA_bits(rsa) > max_bits) + return true; +#else + n = rsa->n; + e = rsa->e; + p = rsa->p; + q = rsa->q; + d = rsa->d; + dmp1 = rsa->dmp1; + dmq1 = rsa->dmq1; + iqmp = rsa->iqmp; +#endif + + if (n && BN_num_bits(n) > max_bits) + return true; + if (e && BN_num_bits(e) > max_bits) + return true; + if (p && BN_num_bits(p) > max_bits) + return true; + if (q && BN_num_bits(q) > max_bits) + return true; + if (d && BN_num_bits(d) > max_bits) + return true; + if (dmp1 && BN_num_bits(dmp1) > max_bits) + return true; + if (dmq1 && BN_num_bits(dmq1) > max_bits) + return true; + if (iqmp && BN_num_bits(iqmp) > max_bits) + return true; + + return false; +} + /** Decode an ASN.1-encoded private key from <b>str</b>; return the result on * success and NULL on failure. + * + * If <b>max_bits</b> is nonnegative, reject any key longer than max_bits + * without performing any expensive validation on it. */ crypto_pk_t * -crypto_pk_asn1_decode_private(const char *str, size_t len) +crypto_pk_asn1_decode_private(const char *str, size_t len, int max_bits) { RSA *rsa; unsigned char *buf; @@ -578,7 +639,12 @@ crypto_pk_asn1_decode_private(const char *str, size_t len) rsa = d2i_RSAPrivateKey(NULL, &cp, len); tor_free(buf); if (!rsa) { - crypto_openssl_log_errors(LOG_WARN,"decoding public key"); + crypto_openssl_log_errors(LOG_WARN,"decoding private key"); + return NULL; + } + if (max_bits >= 0 && rsa_private_key_too_long(rsa, max_bits)) { + log_info(LD_CRYPTO, "Private key longer than expected."); + RSA_free(rsa); return NULL; } crypto_pk_t *result = crypto_new_pk_from_openssl_rsa_(rsa); diff --git a/src/lib/net/address.c b/src/lib/net/address.c index a2d234b742..076ca3eb34 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -926,6 +926,7 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src) break; case AF_INET6: memcpy(dest->addr.in6_addr.s6_addr, src->addr.in6_addr.s6_addr, 16); + break; case AF_UNSPEC: break; // LCOV_EXCL_START diff --git a/src/lib/thread/compat_pthreads.c b/src/lib/thread/compat_pthreads.c index 05efe9cfd0..6f7ecd17da 100644 --- a/src/lib/thread/compat_pthreads.c +++ b/src/lib/thread/compat_pthreads.c @@ -265,6 +265,6 @@ tor_threads_init(void) pthread_attr_setdetachstate(&attr_detached, PTHREAD_CREATE_DETACHED); tor_assert(ret2 == 0); threads_initialized = 1; - set_main_thread(); } + set_main_thread(); } diff --git a/src/lib/tls/buffers_tls.c b/src/lib/tls/buffers_tls.c index e92cb9163f..b570216df0 100644 --- a/src/lib/tls/buffers_tls.c +++ b/src/lib/tls/buffers_tls.c @@ -146,10 +146,10 @@ buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen, size_t flushed = 0; ssize_t sz; tor_assert(buf_flushlen); - if (BUG(*buf_flushlen > buf->datalen)) { + IF_BUG_ONCE(*buf_flushlen > buf->datalen) { *buf_flushlen = buf->datalen; } - if (BUG(flushlen > *buf_flushlen)) { + IF_BUG_ONCE(flushlen > *buf_flushlen) { flushlen = *buf_flushlen; } sz = (ssize_t) flushlen; diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index fa79f4cc47..5af0cce130 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -1492,6 +1492,44 @@ test_crypto_pk_pem_encrypted(void *arg) } static void +test_crypto_pk_bad_size(void *arg) +{ + (void)arg; + crypto_pk_t *pk1 = pk_generate(0); + crypto_pk_t *pk2 = NULL; + char buf[2048]; + int n = crypto_pk_asn1_encode_private(pk1, buf, sizeof(buf)); + tt_int_op(n, OP_GT, 0); + + /* Set the max bit count smaller: we should refuse to decode the key.*/ + pk2 = crypto_pk_asn1_decode_private(buf, n, 1020); + tt_assert(! pk2); + + /* Set the max bit count one bit smaller: we should refuse to decode the + key.*/ + pk2 = crypto_pk_asn1_decode_private(buf, n, 1023); + tt_assert(! pk2); + + /* Correct size: should work. */ + pk2 = crypto_pk_asn1_decode_private(buf, n, 1024); + tt_assert(pk2); + crypto_pk_free(pk2); + + /* One bit larger: should work. */ + pk2 = crypto_pk_asn1_decode_private(buf, n, 1025); + tt_assert(pk2); + crypto_pk_free(pk2); + + /* Set the max bit count larger: it should decode fine. */ + pk2 = crypto_pk_asn1_decode_private(buf, n, 2048); + tt_assert(pk2); + + done: + crypto_pk_free(pk1); + crypto_pk_free(pk2); +} + +static void test_crypto_pk_invalid_private_key(void *arg) { (void)arg; @@ -3163,6 +3201,7 @@ struct testcase_t crypto_tests[] = { { "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL }, { "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL }, { "pk_pem_encrypted", test_crypto_pk_pem_encrypted, TT_FORK, NULL, NULL }, + { "pk_bad_size", test_crypto_pk_bad_size, 0, NULL, NULL }, { "pk_invalid_private_key", test_crypto_pk_invalid_private_key, 0, NULL, NULL }, CRYPTO_LEGACY(digests), diff --git a/src/test/test_dos.c b/src/test/test_dos.c index 4756c5014e..01d7cd006e 100644 --- a/src/test/test_dos.c +++ b/src/test/test_dos.c @@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg) { /* Register many conns from this client but not enough to get it blocked */ unsigned int i; for (i = 0; i < max_concurrent_conns; i++) { - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); } } @@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg) dos_conn_addr_get_defense_type(addr)); /* Register another conn and check that new conns are not allowed anymore */ - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ, dos_conn_addr_get_defense_type(addr)); @@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg) dos_conn_addr_get_defense_type(addr)); /* Register another conn and see that defense measures get reactivated */ - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ, dos_conn_addr_get_defense_type(addr)); @@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg) * circuit counting subsystem */ geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now); for (i = 0; i < min_conc_conns_for_cc ; i++) { - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); } /* Register new circuits for this client and conn, but not enough to get @@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg) /* Register this client */ geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now); - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); /* Fetch this client from the geoip cache and get its DoS structs */ clientmap_entry_t *entry = geoip_lookup_client(addr, NULL, @@ -460,11 +460,11 @@ test_known_relay(void *arg) geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &or_conn.real_addr, NULL, 0); /* Suppose we have 5 connections in rapid succession, the counter should * always be 0 because we should ignore this. */ - dos_new_client_conn(&or_conn); - dos_new_client_conn(&or_conn); - dos_new_client_conn(&or_conn); - dos_new_client_conn(&or_conn); - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); + dos_new_client_conn(&or_conn, NULL); + dos_new_client_conn(&or_conn, NULL); + dos_new_client_conn(&or_conn, NULL); + dos_new_client_conn(&or_conn, NULL); entry = geoip_lookup_client(&or_conn.real_addr, NULL, GEOIP_CLIENT_CONNECT); tt_assert(entry); /* We should have a count of 0. */ @@ -474,8 +474,8 @@ test_known_relay(void *arg) * connection and see if we do get it. */ tor_addr_parse(&or_conn.real_addr, "42.42.42.43"); geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &or_conn.real_addr, NULL, 0); - dos_new_client_conn(&or_conn); - dos_new_client_conn(&or_conn); + dos_new_client_conn(&or_conn, NULL); + dos_new_client_conn(&or_conn, NULL); entry = geoip_lookup_client(&or_conn.real_addr, NULL, GEOIP_CLIENT_CONNECT); tt_assert(entry); /* We should have a count of 2. */ diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 783f4726ee..3686e1036b 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -778,7 +778,7 @@ test_socks_truncated(void *ptr) for (i = 0; i < ARRAY_LENGTH(commands); ++i) { for (j = 0; j < commands[i].len; ++j) { switch (commands[i].setup) { - default: /* Falls through */ + default: FALLTHROUGH; case NONE: /* This test calls for no setup on the socks state. */ break; diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 62d40a42fa..2c9c4538b9 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -348,6 +348,21 @@ main(int c, const char **v) atexit(remove_directory); + /* Look for TOR_SKIP_TESTCASES: a space-separated list of tests to skip. */ + const char *skip_tests = getenv("TOR_SKIP_TESTCASES"); + if (skip_tests) { + smartlist_t *skip = smartlist_new(); + smartlist_split_string(skip, skip_tests, NULL, + SPLIT_IGNORE_BLANK, -1); + int n = 0; + SMARTLIST_FOREACH_BEGIN(skip, char *, cp) { + n += tinytest_skip(testgroups, cp); + tor_free(cp); + } SMARTLIST_FOREACH_END(cp); + printf("Skipping %d testcases.\n", n); + smartlist_free(skip); + } + int have_failed = (tinytest_main(c, v, testgroups) != 0); free_pregenerated_keys(); diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index baad733d0f..2b21abe888 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -218,7 +218,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.3.5.9-dev" +#define VERSION "0.3.5.10-dev" |