diff options
121 files changed, 1046 insertions, 816 deletions
diff --git a/.appveyor.yml b/.appveyor.yml index fefc7d05e7..02241c0a5a 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -65,6 +65,8 @@ install: # All installed library dlls must be copied to the test and app # directories, before running tor's tests. (See below.) #> + Execute-Command "C:\msys64\usr\bin\pacman" -Syu --verbose --noconfirm pacman ; +- ps: >- Execute-Command "C:\msys64\usr\bin\pacman" -Sy --verbose --needed --noconfirm ${env:mingw_prefix}-libevent ${env:mingw_prefix}-openssl ${env:mingw_prefix}-pkg-config ${env:mingw_prefix}-xz ${env:mingw_prefix}-zstd ; build_script: diff --git a/.gitignore b/.gitignore index ea6b68ec5f..97b145590e 100644 --- a/.gitignore +++ b/.gitignore @@ -79,11 +79,9 @@ uptime-*.json /callgraph/ # /contrib/ -/contrib/dist/tor.sh /contrib/dist/torctl /contrib/dist/tor.service /contrib/operator-tools/tor.logrotate -/contrib/dist/suse/tor.sh # /debian/ /debian/files diff --git a/.travis.yml b/.travis.yml index 01343e65d9..cbbff2d942 100644 --- a/.travis.yml +++ b/.travis.yml @@ -210,7 +210,10 @@ install: ## If we're running chutney, install it. - if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi ## If we're running stem, install it. - - if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi + ## XXXX We are temporarily fixing the version at d1174a83 to work around + ## https://github.com/torproject/stem/issues/63 . + ## - if [[ "$TEST_STEM" != "" ]]; then git clone --no-tags --depth 1 https://github.com/torproject/stem.git; export STEM_SOURCE_DIR=`pwd`/stem; fi + - if [[ "$TEST_STEM" != "" ]]; then git clone https://github.com/torproject/stem.git && ( cd ./stem && git checkout d1174a83c2dcb7b855d8fc986be3ab8f8d88d68c) ; export STEM_SOURCE_DIR=`pwd`/stem; fi ## ## Finally, list installed package versions - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi diff --git a/ReleaseNotes b/ReleaseNotes index a9adbfe342..a241da3027 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,107 +2,6 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. -Changes in version 0.4.3.3-alpha - 2020-03-18 - Tor 0.4.3.3-alpha fixes several bugs in previous releases, including - TROVE-2020-002, a major denial-of-service vulnerability that affected - all released Tor instances since 0.2.1.5-alpha. Using this - vulnerability, an attacker could cause Tor instances to consume a huge - amount of CPU, disrupting their operations for several seconds or - minutes. This attack could be launched by anybody against a relay, or - by a directory cache against any client that had connected to it. The - attacker could launch this attack as much as they wanted, thereby - disrupting service or creating patterns that could aid in traffic - analysis. This issue was found by OSS-Fuzz, and is also tracked - as CVE-2020-10592. - - We do not have reason to believe that this attack is currently being - exploited in the wild, but nonetheless we advise everyone to upgrade - as soon as packages are available. - - o Major bugfixes (security, denial-of-service): - - Fix a denial-of-service bug that could be used by anyone to - consume a bunch of CPU on any Tor relay or authority, or by - directories to consume a bunch of CPU on clients or hidden - services. Because of the potential for CPU consumption to - introduce observable timing patterns, we are treating this as a - high-severity security issue. Fixes bug 33119; bugfix on - 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue - as TROVE-2020-002 and CVE-2020-10592. - - o Major bugfixes (circuit padding, memory leak): - - Avoid a remotely triggered memory leak in the case that a circuit - padding machine is somehow negotiated twice on the same circuit. - Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. - This is also tracked as TROVE-2020-004 and CVE-2020-10593. - - o Major bugfixes (directory authority): - - Directory authorities will now send a 503 (not enough bandwidth) - code to clients when under bandwidth pressure. Known relays and - other authorities will always be answered regardless of the - bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. - - o Minor features (diagnostic): - - Improve assertions and add some memory-poisoning code to try to - track down possible causes of a rare crash (32564) in the EWMA - code. Closes ticket 33290. - - o Minor features (directory authorities): - - Directory authorities now reject descriptors from relays running - Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is - still allowed. Resolves ticket 32672. Patch by Neel Chauhan. - - o Minor features (usability): - - Include more information when failing to parse a configuration - value. This should make it easier to tell what's going wrong when - a configuration file doesn't parse. Closes ticket 33460. - - o Minor bugfix (relay, configuration): - - Warn if the ContactInfo field is not set, and tell the relay - operator that not having a ContactInfo field set might cause their - relay to get rejected in the future. Fixes bug 33361; bugfix - on 0.1.1.10-alpha. - - o Minor bugfixes (coding best practices checks): - - Allow the "practracker" script to read unicode files when using - Python 2. We made the script use unicode literals in 0.4.3.1-alpha, - but didn't change the codec for opening files. Fixes bug 33374; - bugfix on 0.4.3.1-alpha. - - o Minor bugfixes (continuous integration): - - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix - on 0.3.2.2-alpha. - - o Minor bugfixes (onion service v3, client): - - Remove a BUG() warning that would cause a stack trace if an onion - service descriptor was freed while we were waiting for a - rendezvous circuit to complete. Fixes bug 28992; bugfix - on 0.3.2.1-alpha. - - o Minor bugfixes (onion services v3): - - Fix an assertion failure that could result from a corrupted - ADD_ONION control port command. Found by Saibato. Fixes bug 33137; - bugfix on 0.3.3.1-alpha. This issue is also tracked - as TROVE-2020-003. - - o Documentation (manpage): - - Alphabetize the Server and Directory server sections of the tor - manpage. Also split Statistics options into their own section of - the manpage. Closes ticket 33188. Work by Swati Thacker as part of - Google Season of Docs. - - Document the __OwningControllerProcess torrc option and specify - its polling interval. Resolves issue 32971. - - o Testing (Travis CI): - - Remove a redundant distcheck job. Closes ticket 33194. - - Sort the Travis jobs in order of speed: putting the slowest jobs - first takes full advantage of Travis job concurrency. Closes - ticket 33194. - - Stop allowing the Chutney IPv6 Travis job to fail. This job was - previously configured to fast_finish (which requires - allow_failure), to speed up the build. Closes ticket 33195. - - When a Travis chutney job fails, use chutney's new "diagnostics.sh" - tool to produce detailed diagnostic output. Closes ticket 32792. - Changes in version 0.4.2.7 - 2020-03-18 This is the third stable release in the 0.4.2.x series. It backports diff --git a/changes/bug31669 b/changes/bug31669 deleted file mode 100644 index 8079c98f62..0000000000 --- a/changes/bug31669 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (onion services v3): - - Relax severity of a log message that can appear naturally when decoding - onion service descriptors as a relay. Also add some diagnostics to debug - any future bugs in that area. Fixes bug 31669; bugfix on 0.3.0.1-alpha.
\ No newline at end of file diff --git a/changes/bug33032 b/changes/bug33032 deleted file mode 100644 index 0c665f25df..0000000000 --- a/changes/bug33032 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (key portability): - - When reading PEM-encoded key data, tolerate CRLF line-endings even if - we are not running on Windows. Previously, non-Windows hosts - would reject these line-endings in certain positions, making - certain key files hard to move from one host to another. - Fixes bug 33032; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug33087 b/changes/bug33087 deleted file mode 100644 index ab6df58cc6..0000000000 --- a/changes/bug33087 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (logging): - - Stop closing stderr and stdout during shutdown. Closing these file - descriptors can hide sanitiser logs. - Fixes bug 33087; bugfix on 0.4.1.6. - - Flush stderr, stdout, and file logs during shutdown, if supported by the - OS. This change helps make sure that any final logs are recorded. - Fixes bug 33087; bugfix on 0.4.1.6. diff --git a/changes/bug33545 b/changes/bug33545 deleted file mode 100644 index c051b01605..0000000000 --- a/changes/bug33545 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hidden services): - - Block a client-side assert by disallowing the registration of an x25519 - client auth key that's all zeroes. Fixes bug 33545; bugfix on - 0.4.3.1-alpha. Patch based on patch from "cypherpunks".
\ No newline at end of file diff --git a/changes/bug33608 b/changes/bug33608 deleted file mode 100644 index 0e82a8eec9..0000000000 --- a/changes/bug33608 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client IPv6): - - Stop forcing all non-SOCKSPorts to prefer IPv6 exit connections. Instead, - prefer IPv6 connections by default, but allow users to change their - configs using the "NoPreferIPv6" port flag. - Fixes bug 33608; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug33668 b/changes/bug33668 deleted file mode 100644 index 2b0830d6d8..0000000000 --- a/changes/bug33668 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (--disable-module-relay): - - Fix an assertion failure when Tor is build without the relay module, - and then invoked with the "User" option. Fixes bug 33668; bugfix on - 0.4.3.1-alpha. diff --git a/changes/bug33673 b/changes/bug33673 deleted file mode 100644 index 37c00f2e6e..0000000000 --- a/changes/bug33673 +++ /dev/null @@ -1,6 +0,0 @@ - o Testing: - - In our Appveyor Windows CI, copy required DLLs to test and app, before - running tor's tests. This ensures that tor.exe and test*.exe use the - correct version of each DLL. This fix is not required, but we hope it - will avoid DLL search issues in future. - Fixes bug 33673; bugfix on 0.3.4.2-alpha. diff --git a/changes/bug33674 b/changes/bug33674 deleted file mode 100644 index bcc3fcab03..0000000000 --- a/changes/bug33674 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (--disable-module-relay,--disable-module-dirauth): - - Set some output arguments in the relay and dirauth module stubs, to - guard against future stub argument handling bugs like 33668. - Fixes bug 33674; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug33782 b/changes/bug33782 deleted file mode 100644 index 9d4a0e7a79..0000000000 --- a/changes/bug33782 +++ /dev/null @@ -1,7 +0,0 @@ - o Testing: - - Avoid conflicts between the fake sockets in tor's unit tests, and real - file descriptors. Resolves issues running unit tests with GitHub Actions, - where the process that embeds or launches the tests has already opened a - large number of file descriptors. - Fixes bug 33782; bugfix on 0.2.8.1-alpha. - Found and fixed by Putta Khunchalee. diff --git a/changes/bug33918 b/changes/bug33918 deleted file mode 100644 index e1467b4aaf..0000000000 --- a/changes/bug33918 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (IPv6, logging): - - Stop truncating IPv6 addresses and ports in channel and connection logs. - Fixes bug 33918; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug33977 b/changes/bug33977 new file mode 100644 index 0000000000..b424a811a2 --- /dev/null +++ b/changes/bug33977 @@ -0,0 +1,4 @@ + o Minor bugfix (refactoring): + - Lift circuit_build_times_disabled out of circuit_expire_building loop to + save CPU time with many circuits open. Fixes bug 33977; bugfix on + 0.3.5.9. diff --git a/changes/bug34130 b/changes/bug34130 new file mode 100644 index 0000000000..b1e5715fdf --- /dev/null +++ b/changes/bug34130 @@ -0,0 +1,4 @@ + o Minor bugfixes (linux seccomp sandbox nss): + - Fix startup crash when tor is compiled with --enable-nss and + sandbox support is enabled. Fixes bug 34130; bugfix on + 0.3.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug34233 b/changes/bug34233 new file mode 100644 index 0000000000..24c7869783 --- /dev/null +++ b/changes/bug34233 @@ -0,0 +1,4 @@ + o Minor bugfixes (portability): + - Fix a portability error in the configure script, where we + were using "==" instead of "=". Fixes bug 34233; bugfix on + 0.4.3.5. diff --git a/changes/bug34299 b/changes/bug34299 new file mode 100644 index 0000000000..464cf0d18a --- /dev/null +++ b/changes/bug34299 @@ -0,0 +1,3 @@ + o Minor bugfixes (man page): + - Update the man page to reflect that MinUptimeHidServDirectoryV2 + defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug34303 b/changes/bug34303 new file mode 100644 index 0000000000..dce57f4646 --- /dev/null +++ b/changes/bug34303 @@ -0,0 +1,5 @@ + o Minor bugfixes (client performance): + - Resume being willing to use preemptively-built circuits when + UseEntryGuards is set to 0. We accidentally disabled this feature + with that config setting, leading to slower load times. Fixes bug + 34303; bugfix on 0.3.3.2-alpha. diff --git a/changes/doc34133 b/changes/doc34133 new file mode 100644 index 0000000000..abe9db6148 --- /dev/null +++ b/changes/doc34133 @@ -0,0 +1,6 @@ + o Documentation: + - Correctly document that we search for a system torrc file before + Document the limitations of using %include on config files with + seccomp sandbox enabled. No new files can be added to the + %included directories. Fixes documentation bug 34133; bugfix + on 0.3.1.1-alpha. Patch by Daniel Pinto. diff --git a/changes/ticket24844 b/changes/ticket24844 new file mode 100644 index 0000000000..da55b4cf67 --- /dev/null +++ b/changes/ticket24844 @@ -0,0 +1,4 @@ + o Minor features (v3 onion servies): + - Add v3 onion service status to the dumpstats() call which is + triggered by a SIGUSR1 signal. Previously, we only did v2 + onion services. Closes ticket 24844. Patch by Neel Chauhan. diff --git a/changes/ticket32873 b/changes/ticket32873 new file mode 100644 index 0000000000..65ea1f64ad --- /dev/null +++ b/changes/ticket32873 @@ -0,0 +1,6 @@ + o Minor features (control port): + - Return a descriptive error message from the 'GETINFO + status/fresh-relay-descs' command on the control port. + Previously, we returned a generic error of "Error + generating descriptor". Closes ticket 32873. Patch by + Neel Chauhan. diff --git a/changes/ticket32888 b/changes/ticket32888 new file mode 100644 index 0000000000..ce7fb40b30 --- /dev/null +++ b/changes/ticket32888 @@ -0,0 +1,4 @@ + o Minor features (logging): + - When trying to find our own address, add debug-level logging + to report the sources of candidate addresses. Closes ticket + 32888. diff --git a/changes/ticket33491 b/changes/ticket33491 deleted file mode 100644 index 595ea863ea..0000000000 --- a/changes/ticket33491 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (DoS defenses, bridges, pluggable transport): - - DoS subsystem was not given the transport name of the client connection - when tor is a bridge and thus failing to find the GeoIP cache entry for - that client address. This resulted in failing to apply DoS defenses on - bridges with a pluggable transport. Fixes bug 33491; bugfix on - 0.3.3.2-alpha. diff --git a/changes/ticket33643 b/changes/ticket33643 deleted file mode 100644 index 7fddab74eb..0000000000 --- a/changes/ticket33643 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (testing): - - The unit tests now support a "TOR_SKIP_TESTCASES" environment variable - to specify a list of space-separated test cases that should not be - executed. We will use this to disable certain tests that are failing on - Appveyor because of mismatched OpenSSL libraries. Part of ticket 33643. diff --git a/changes/ticket33643_part2 b/changes/ticket33643_part2 deleted file mode 100644 index 28193d2af5..0000000000 --- a/changes/ticket33643_part2 +++ /dev/null @@ -1,3 +0,0 @@ - o Testing (CI): - - On appveyor, skip the crypto/openssl_version test, which is failing - because of a mismatched library installation. Fix for 33643. diff --git a/changes/ticket33646 b/changes/ticket33646 deleted file mode 100644 index 751c5d5bf2..0000000000 --- a/changes/ticket33646 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (build system): - - Correctly output the enabled module in the configure summary. Before that, - the list shown was just plain wrong. Fixes bug 33646; bugfix on - 0.4.3.2-alpha. diff --git a/changes/ticket33778 b/changes/ticket33778 new file mode 100644 index 0000000000..a33c647a6e --- /dev/null +++ b/changes/ticket33778 @@ -0,0 +1,3 @@ + o Documentation (manpage): + - Updated the options set by TestingTorNetwork in the man page. + Closes ticket 33778. diff --git a/changes/ticket33788 b/changes/ticket33788 new file mode 100644 index 0000000000..236c056623 --- /dev/null +++ b/changes/ticket33788 @@ -0,0 +1,4 @@ + o Minor features (code safety): + - Check for failures of tor_inet_ntop() and tor_inet_ntoa() functions in + DNS and IP address processing code and adjust codepaths to make them + less likely to crash entire Tor instance. Resolves issue 33788. diff --git a/changes/ticket33789 b/changes/ticket33789 new file mode 100644 index 0000000000..a7e69793e6 --- /dev/null +++ b/changes/ticket33789 @@ -0,0 +1,4 @@ + o Code simplification and refactoring (relay address): + - Move a series of functions related to address resolving into their own + files. Closes ticket 33789. + diff --git a/changes/ticket34211 b/changes/ticket34211 new file mode 100644 index 0000000000..b454873abf --- /dev/null +++ b/changes/ticket34211 @@ -0,0 +1,3 @@ + o Minor features (windows): + - Add support for console control signals like Ctrl+C in Windows + Closes ticket 34211. Patch from Damon Harris (TheDcoder). diff --git a/changes/ticket34255_043 b/changes/ticket34255_043 new file mode 100644 index 0000000000..5cfec1d48d --- /dev/null +++ b/changes/ticket34255_043 @@ -0,0 +1,3 @@ + o Documentation: + - Fix several doxygen warnings related to imbalanced groups. + Closes ticket 34255. diff --git a/configure.ac b/configure.ac index 7e2645a11e..dcd1ce7e7a 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.4.4.0-alpha-dev]) +AC_INIT([tor],[0.4.5.0-alpha-dev]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -16,7 +16,7 @@ configure_flags="$*" # version number changes. Tor uses it to make sure that it # only shuts down for missing "required protocols" when those protocols # are listed as required by a consensus after this date. -AC_DEFINE(APPROX_RELEASE_DATE, ["2020-02-11"], # for 0.4.4.0-alpha-dev +AC_DEFINE(APPROX_RELEASE_DATE, ["2020-06-09"], # for 0.4.5.0-alpha-dev [Approximate date when this software was released. (Updated when the version changes.)]) # "foreign" means we don't follow GNU package layout standards @@ -434,6 +434,22 @@ if test "$tor_cv_c_c99_designated_init" != "yes"; then AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x]) fi +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_CHECK([for __attribute__((fallthrough))], + tor_cv_c_attr_fallthrough, + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([extern int x; void fn(void) ;], + [[ switch (x) { case 1: fn(); __attribute__((fallthrough)); + case 2: fn(); break; } ]])], + [tor_cv_c_attr_fallthrough=yes], + [tor_cv_c_attr_fallthrough=no] )]) +CFLAGS="$saved_CFLAGS" + +if test "$tor_cv_c_attr_fallthrough" = "yes"; then + AC_DEFINE(HAVE_ATTR_FALLTHROUGH, [1], [defined if we have the fallthrough attribute.]) +fi + TORUSER=_tor AC_ARG_WITH(tor-user, AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]), diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index fb13a2eb36..8ca918b15b 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.4.4.0-alpha-dev" +!define VERSION "0.4.5.0-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/doc/HACKING/CodingStandards.md b/doc/HACKING/CodingStandards.md index a181759d60..99bc3e5022 100644 --- a/doc/HACKING/CodingStandards.md +++ b/doc/HACKING/CodingStandards.md @@ -193,8 +193,9 @@ Why use changes files instead of entries in the ChangeLog? ## Whitespace and C conformance -Invoke `make check-spaces` from time to time, so it can tell you about -deviations from our C whitespace style. Generally, we use: +Tor's C code is written in accordance with the C99 standard. Invoke `make +check-spaces` from time to time, so it can tell you about deviations from our C +whitespace style. Generally, we use: - Unix-style line endings - K&R-style indentation @@ -213,6 +214,8 @@ deviations from our C whitespace style. Generally, we use: - Use `void foo(void)` to declare a function with no arguments. Saying `void foo()` is C++ syntax. - Use `const` for new APIs. + - Variables should be initialized when declared, rather than declared at the + top of a scope. If you use an editor that has plugins for editorconfig.org, the file `.editorconfig` will help you to conform this coding style. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e83178a4d6..f9e3812652 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -211,6 +211,8 @@ file will be parsed as if they were written where the %include option is. If the path is a folder, all files on that folder will be parsed following lexical order. Files starting with a dot are ignored. Files on subfolders are ignored. The %include option can be used recursively. +New configuration files or directories cannot be added to already running Tor +instance if **Sandbox** is enabled. By default, an option on the command line overrides an option found in the configuration file, and an option in a configuration file overrides one in @@ -855,6 +857,10 @@ forward slash (/) in the configuration file and on the command line. and **ORPort** are not allowed). Currently, if **Sandbox** is 1, **ControlPort** command "GETINFO address" will not work. + + + When using %include in the tor configuration files, reloading the tor + configuration is not supported after adding new configuration files or + directories. + + + (Default: 0) [[Schedulers]] **Schedulers** **KIST**|**KISTLite**|**Vanilla**:: @@ -3031,8 +3037,8 @@ on the public Tor network. unreliable. (Default: 500) [[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: - Minimum uptime of a v2 hidden service directory to be accepted as such by - authoritative directories. (Default: 25 hours) + Minimum uptime of a relay to be accepted as a hidden service directory + by directory authorities. (Default: 96 hours) [[RecommendedClientVersions]] **RecommendedClientVersions** __STRING__:: STRING is a comma-separated list of Tor versions currently believed to be @@ -3055,7 +3061,7 @@ on the public Tor network. multiple times: the values from multiple lines are spliced together. When this is set then **VersioningAuthoritativeDirectory** should be set too. -[[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **minutes**|**hours**:: +[[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **seconds**|**minutes**|**hours**:: V3 authoritative directories only. Configures the server's preferred delay between publishing its consensus and signature and assuming it has all the signatures from all the other authorities. Note that the actual time used @@ -3076,7 +3082,7 @@ on the public Tor network. different identity. This feature is used to migrate directory authority keys in the event of a compromise. (Default: 0) -[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **minutes**|**hours**:: +[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **seconds**|**minutes**|**hours**:: V3 authoritative directories only. Configures the server's preferred delay between publishing its vote and assuming it has all the votes from all the other authorities. Note that the actual time used is not the server's @@ -3351,12 +3357,10 @@ The following options are used for running a testing Tor network. running. (Default: 0) + - ServerDNSAllowBrokenConfig 1 DirAllowPrivateAddresses 1 EnforceDistinctSubnets 0 AssumeReachable 1 AuthDirMaxServersPerAddr 0 - AuthDirMaxServersPerAuthAddr 0 ClientBootstrapConsensusAuthorityDownloadInitialDelay 0 ClientBootstrapConsensusFallbackDownloadInitialDelay 0 ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay 0 @@ -3368,11 +3372,11 @@ The following options are used for running a testing Tor network. V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds V3AuthDistDelay 20 seconds - MinUptimeHidServDirectoryV2 0 seconds - TestingV3AuthInitialVotingInterval 5 minutes + TestingV3AuthInitialVotingInterval 150 seconds TestingV3AuthInitialVoteDelay 20 seconds TestingV3AuthInitialDistDelay 20 seconds TestingAuthDirTimeToLearnReachability 0 minutes + MinUptimeHidServDirectoryV2 0 minutes TestingServerDownloadInitialDelay 0 TestingClientDownloadInitialDelay 0 TestingServerConsensusDownloadInitialDelay 0 @@ -3383,8 +3387,9 @@ The following options are used for running a testing Tor network. TestingDirConnectionMaxStall 30 seconds TestingEnableConnBwEvent 1 TestingEnableCellStatsEvent 1 + RendPostPeriod 2 minutes -[[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **minutes**|**hours**:: +[[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **seconds**|**minutes**|**hours**:: After starting as an authority, do not make claims about whether routers are Running until this much time has passed. Changing this requires that **TestingTorNetwork** is set. (Default: 30 minutes) @@ -3514,17 +3519,17 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) -[[TestingV3AuthInitialDistDelay]] **TestingV3AuthInitialDistDelay** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialDistDelay]] **TestingV3AuthInitialDistDelay** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthDistDelay, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 5 minutes) -[[TestingV3AuthInitialVoteDelay]] **TestingV3AuthInitialVoteDelay** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialVoteDelay]] **TestingV3AuthInitialVoteDelay** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthVoteDelay, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 5 minutes) -[[TestingV3AuthInitialVotingInterval]] **TestingV3AuthInitialVotingInterval** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialVotingInterval]] **TestingV3AuthInitialVotingInterval** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthVotingInterval, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 30 minutes) diff --git a/scripts/git/git-list-tor-branches.sh b/scripts/git/git-list-tor-branches.sh index d6b30f064f..b0c30d2e8b 100755 --- a/scripts/git/git-list-tor-branches.sh +++ b/scripts/git/git-list-tor-branches.sh @@ -139,15 +139,15 @@ finish() { branch maint-0.3.5 branch release-0.3.5 -branch maint-0.4.1 -branch release-0.4.1 - branch maint-0.4.2 branch release-0.4.2 branch maint-0.4.3 branch release-0.4.3 +branch maint-0.4.4 +branch release-0.4.4 + branch master finish diff --git a/scripts/maint/checkShellScripts.sh b/scripts/maint/checkShellScripts.sh index 4c872c7ee0..0a423be29e 100755 --- a/scripts/maint/checkShellScripts.sh +++ b/scripts/maint/checkShellScripts.sh @@ -34,6 +34,9 @@ if [ ! -d "$TOPLEVEL/src" ]; then exit 1 fi +# Remove obsolete scripts generated from older versions of Tor +rm -f "$TOPLEVEL/contrib/dist/suse/tor.sh" "$TOPLEVEL/contrib/dist/tor.sh" + # Check *.sh scripts, but ignore the ones that we can't fix find "$TOPLEVEL/contrib" "$TOPLEVEL/doc" "$TOPLEVEL/scripts" "$TOPLEVEL/src" \ -name "*.sh" \ diff --git a/scripts/maint/format_changelog.py b/scripts/maint/format_changelog.py index 7cf55a0d96..b37ece04c0 100755 --- a/scripts/maint/format_changelog.py +++ b/scripts/maint/format_changelog.py @@ -291,7 +291,7 @@ class ChangeLog(object): self.curgraf.append(line) else: - assert "This" is "unreachable" # noqa: F632 + assert False # This should be unreachable. def lint_head(self, line, head): m = re.match(r'^ *o ([^\(]+)((?:\([^\)]+\))?):', head) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index 8a62c260b5..9444dbdb66 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -36,7 +36,6 @@ problem file-size /src/app/config/config.c 7525 problem include-count /src/app/config/config.c 80 problem function-size /src/app/config/config.c:options_act() 381 -problem function-size /src/app/config/config.c:resolve_my_address() 191 problem function-size /src/app/config/config.c:options_validate_cb() 794 problem function-size /src/app/config/config.c:options_init_from_torrc() 192 problem function-size /src/app/config/config.c:options_init_from_string() 103 @@ -47,6 +46,7 @@ problem function-size /src/app/config/config.c:parse_dir_authority_line() 150 problem function-size /src/app/config/config.c:parse_dir_fallback_line() 101 problem function-size /src/app/config/config.c:port_parse_config() 435 problem function-size /src/app/config/config.c:parse_ports() 132 +problem function-size /src/app/config/resolve_addr.c:resolve_my_address() 191 problem file-size /src/app/config/or_options_st.h 1050 problem include-count /src/app/main/main.c 68 problem function-size /src/app/main/main.c:dumpstats() 102 diff --git a/src/app/config/config.c b/src/app/config/config.c index 0ae650eb08..71f8c18ca2 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -2722,23 +2722,6 @@ list_enabled_modules(void) // test variants in test_parseconf.sh to no useful purpose. } -/** Last value actually set by resolve_my_address. */ -static uint32_t last_resolved_addr = 0; - -/** Accessor for last_resolved_addr from outside this file. */ -uint32_t -get_last_resolved_addr(void) -{ - return last_resolved_addr; -} - -/** Reset last_resolved_addr from outside this file. */ -void -reset_last_resolved_addr(void) -{ - last_resolved_addr = 0; -} - /* Return true if <b>options</b> is using the default authorities, and false * if any authority-related option has been overridden. */ int @@ -2747,278 +2730,6 @@ using_default_dir_authorities(const or_options_t *options) return (!options->DirAuthorities && !options->AlternateDirAuthority); } -/** - * Attempt getting our non-local (as judged by tor_addr_is_internal() - * function) IP address using following techniques, listed in - * order from best (most desirable, try first) to worst (least - * desirable, try if everything else fails). - * - * First, attempt using <b>options-\>Address</b> to get our - * non-local IP address. - * - * If <b>options-\>Address</b> represents a non-local IP address, - * consider it ours. - * - * If <b>options-\>Address</b> is a DNS name that resolves to - * a non-local IP address, consider this IP address ours. - * - * If <b>options-\>Address</b> is NULL, fall back to getting local - * hostname and using it in above-described ways to try and - * get our IP address. - * - * In case local hostname cannot be resolved to a non-local IP - * address, try getting an IP address of network interface - * in hopes it will be non-local one. - * - * Fail if one or more of the following is true: - * - DNS name in <b>options-\>Address</b> cannot be resolved. - * - <b>options-\>Address</b> is a local host address. - * - Attempt at getting local hostname fails. - * - Attempt at getting network interface address fails. - * - * Return 0 if all is well, or -1 if we can't find a suitable - * public IP address. - * - * If we are returning 0: - * - Put our public IP address (in host order) into *<b>addr_out</b>. - * - If <b>method_out</b> is non-NULL, set *<b>method_out</b> to a static - * string describing how we arrived at our answer. - * - "CONFIGURED" - parsed from IP address string in - * <b>options-\>Address</b> - * - "RESOLVED" - resolved from DNS name in <b>options-\>Address</b> - * - "GETHOSTNAME" - resolved from a local hostname. - * - "INTERFACE" - retrieved from a network interface. - * - If <b>hostname_out</b> is non-NULL, and we resolved a hostname to - * get our address, set *<b>hostname_out</b> to a newly allocated string - * holding that hostname. (If we didn't get our address by resolving a - * hostname, set *<b>hostname_out</b> to NULL.) - * - * XXXX ipv6 - */ -int -resolve_my_address(int warn_severity, const or_options_t *options, - uint32_t *addr_out, - const char **method_out, char **hostname_out) -{ - struct in_addr in; - uint32_t addr; /* host order */ - char hostname[256]; - const char *method_used; - const char *hostname_used; - int explicit_ip=1; - int explicit_hostname=1; - int from_interface=0; - char *addr_string = NULL; - const char *address = options->Address; - int notice_severity = warn_severity <= LOG_NOTICE ? - LOG_NOTICE : warn_severity; - - tor_addr_t myaddr; - tor_assert(addr_out); - - /* - * Step one: Fill in 'hostname' to be our best guess. - */ - - if (address && *address) { - strlcpy(hostname, address, sizeof(hostname)); - } else { /* then we need to guess our address */ - explicit_ip = 0; /* it's implicit */ - explicit_hostname = 0; /* it's implicit */ - - if (tor_gethostname(hostname, sizeof(hostname)) < 0) { - log_fn(warn_severity, LD_NET,"Error obtaining local hostname"); - return -1; - } - log_debug(LD_CONFIG, "Guessed local host name as '%s'", hostname); - } - - /* - * Step two: Now that we know 'hostname', parse it or resolve it. If - * it doesn't parse or resolve, look at the interface address. Set 'addr' - * to be our (host-order) 32-bit answer. - */ - - if (tor_inet_aton(hostname, &in) == 0) { - /* then we have to resolve it */ - explicit_ip = 0; - if (tor_lookup_hostname(hostname, &addr)) { /* failed to resolve */ - uint32_t interface_ip; /* host order */ - - if (explicit_hostname) { - log_fn(warn_severity, LD_CONFIG, - "Could not resolve local Address '%s'. Failing.", hostname); - return -1; - } - log_fn(notice_severity, LD_CONFIG, - "Could not resolve guessed local hostname '%s'. " - "Trying something else.", hostname); - if (get_interface_address(warn_severity, &interface_ip)) { - log_fn(warn_severity, LD_CONFIG, - "Could not get local interface IP address. Failing."); - return -1; - } - from_interface = 1; - addr = interface_ip; - log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for " - "local interface. Using that.", fmt_addr32(addr)); - strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname)); - } else { /* resolved hostname into addr */ - tor_addr_from_ipv4h(&myaddr, addr); - - if (!explicit_hostname && - tor_addr_is_internal(&myaddr, 0)) { - tor_addr_t interface_ip; - - log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' " - "resolves to a private IP address (%s). Trying something " - "else.", hostname, fmt_addr32(addr)); - - if (get_interface_address6(warn_severity, AF_INET, &interface_ip)<0) { - log_fn(warn_severity, LD_CONFIG, - "Could not get local interface IP address. Too bad."); - } else if (tor_addr_is_internal(&interface_ip, 0)) { - log_fn(notice_severity, LD_CONFIG, - "Interface IP address '%s' is a private address too. " - "Ignoring.", fmt_addr(&interface_ip)); - } else { - from_interface = 1; - addr = tor_addr_to_ipv4h(&interface_ip); - log_fn(notice_severity, LD_CONFIG, - "Learned IP address '%s' for local interface." - " Using that.", fmt_addr32(addr)); - strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname)); - } - } - } - } else { - addr = ntohl(in.s_addr); /* set addr so that addr_string is not - * illformed */ - } - - /* - * Step three: Check whether 'addr' is an internal IP address, and error - * out if it is and we don't want that. - */ - - tor_addr_from_ipv4h(&myaddr,addr); - - addr_string = tor_dup_ip(addr); - if (tor_addr_is_internal(&myaddr, 0)) { - /* make sure we're ok with publishing an internal IP */ - if (using_default_dir_authorities(options)) { - /* if they are using the default authorities, disallow internal IPs - * always. For IPv6 ORPorts, this check is done in - * router_get_advertised_ipv6_or_ap(). See #33681. */ - log_fn(warn_severity, LD_CONFIG, - "Address '%s' resolves to private IP address '%s'. " - "Tor servers that use the default DirAuthorities must have " - "public IP addresses.", hostname, addr_string); - tor_free(addr_string); - return -1; - } - if (!explicit_ip) { - /* even if they've set their own authorities, require an explicit IP if - * they're using an internal address. */ - log_fn(warn_severity, LD_CONFIG, "Address '%s' resolves to private " - "IP address '%s'. Please set the Address config option to be " - "the IP address you want to use.", hostname, addr_string); - tor_free(addr_string); - return -1; - } - } - - /* - * Step four: We have a winner! 'addr' is our answer for sure, and - * 'addr_string' is its string form. Fill out the various fields to - * say how we decided it. - */ - - log_debug(LD_CONFIG, "Resolved Address to '%s'.", addr_string); - - if (explicit_ip) { - method_used = "CONFIGURED"; - hostname_used = NULL; - } else if (explicit_hostname) { - method_used = "RESOLVED"; - hostname_used = hostname; - } else if (from_interface) { - method_used = "INTERFACE"; - hostname_used = NULL; - } else { - method_used = "GETHOSTNAME"; - hostname_used = hostname; - } - - *addr_out = addr; - if (method_out) - *method_out = method_used; - if (hostname_out) - *hostname_out = hostname_used ? tor_strdup(hostname_used) : NULL; - - /* - * Step five: Check if the answer has changed since last time (or if - * there was no last time), and if so call various functions to keep - * us up-to-date. - */ - - if (last_resolved_addr && last_resolved_addr != *addr_out) { - /* Leave this as a notice, regardless of the requested severity, - * at least until dynamic IP address support becomes bulletproof. */ - log_notice(LD_NET, - "Your IP address seems to have changed to %s " - "(METHOD=%s%s%s). Updating.", - addr_string, method_used, - hostname_used ? " HOSTNAME=" : "", - hostname_used ? hostname_used : ""); - ip_address_changed(0); - } - - if (last_resolved_addr != *addr_out) { - control_event_server_status(LOG_NOTICE, - "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s%s%s", - addr_string, method_used, - hostname_used ? " HOSTNAME=" : "", - hostname_used ? hostname_used : ""); - } - last_resolved_addr = *addr_out; - - /* - * And finally, clean up and return success. - */ - - tor_free(addr_string); - return 0; -} - -/** Return true iff <b>addr</b> is judged to be on the same network as us, or - * on a private network. - */ -MOCK_IMPL(int, -is_local_addr, (const tor_addr_t *addr)) -{ - if (tor_addr_is_internal(addr, 0)) - return 1; - /* Check whether ip is on the same /24 as we are. */ - if (get_options()->EnforceDistinctSubnets == 0) - return 0; - if (tor_addr_family(addr) == AF_INET) { - uint32_t ip = tor_addr_to_ipv4h(addr); - - /* It's possible that this next check will hit before the first time - * resolve_my_address actually succeeds. (For clients, it is likely that - * resolve_my_address will never be called at all). In those cases, - * last_resolved_addr will be 0, and so checking to see whether ip is on - * the same /24 as last_resolved_addr will be the same as checking whether - * it was on net 0, which is already done by tor_addr_is_internal. - */ - if ((last_resolved_addr & (uint32_t)0xffffff00ul) - == (ip & (uint32_t)0xffffff00ul)) - return 1; - } - return 0; -} - /** Return a new empty or_options_t. Used for testing. */ or_options_t * options_new(void) @@ -6448,7 +6159,7 @@ port_parse_config(smartlist_t *out, portname); goto err; } - if ( has_used_unix_socket_only_option && ! unix_socket_path) { + if (has_used_unix_socket_only_option && !unix_socket_path) { log_warn(LD_CONFIG, "You have a %sPort entry with GroupWritable, " "WorldWritable, or RelaxDirModeCheck, but it is not a " "unix socket.", portname); diff --git a/src/app/config/config.h b/src/app/config/config.h index 460b5ef0ee..17caa0e3ff 100644 --- a/src/app/config/config.h +++ b/src/app/config/config.h @@ -55,12 +55,6 @@ typedef enum setopt_err_t { setopt_err_t options_trial_assign(struct config_line_t *list, unsigned flags, char **msg); -uint32_t get_last_resolved_addr(void); -void reset_last_resolved_addr(void); -int resolve_my_address(int warn_severity, const or_options_t *options, - uint32_t *addr_out, - const char **method_out, char **hostname_out); -MOCK_DECL(int, is_local_addr, (const tor_addr_t *addr)); void options_init(or_options_t *options); #define OPTIONS_DUMP_MINIMAL 1 diff --git a/src/app/config/include.am b/src/app/config/include.am index 5d625efecf..14320a6b11 100644 --- a/src/app/config/include.am +++ b/src/app/config/include.am @@ -3,6 +3,7 @@ LIBTOR_APP_A_SOURCES += \ src/app/config/config.c \ src/app/config/quiet_level.c \ + src/app/config/resolve_addr.c \ src/app/config/statefile.c # ADD_C_FILE: INSERT HEADERS HERE. @@ -11,6 +12,7 @@ noinst_HEADERS += \ src/app/config/or_options_st.h \ src/app/config/or_state_st.h \ src/app/config/quiet_level.h \ + src/app/config/resolve_addr.h \ src/app/config/statefile.h \ src/app/config/tor_cmdline_mode.h diff --git a/src/app/config/quiet_level.c b/src/app/config/quiet_level.c index 4e17978228..e04faaef3a 100644 --- a/src/app/config/quiet_level.c +++ b/src/app/config/quiet_level.c @@ -31,7 +31,7 @@ add_default_log_for_quiet_level(quiet_level_t quiet) /* --hush: log at warning or higher. */ add_default_log(LOG_WARN); break; - case QUIET_NONE: /* fall through */ + case QUIET_NONE: FALLTHROUGH; default: add_default_log(LOG_NOTICE); } diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c new file mode 100644 index 0000000000..9d1a8e0260 --- /dev/null +++ b/src/app/config/resolve_addr.c @@ -0,0 +1,314 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file resolve_addr.c + * \brief Implement resolving address functions + **/ + +#define RESOLVE_ADDR_PRIVATE + +#include "app/config/config.h" +#include "app/config/resolve_addr.h" + +#include "core/mainloop/mainloop.h" + +#include "feature/control/control_events.h" + +#include "lib/net/gethostname.h" +#include "lib/net/resolve.h" + +/** Last value actually set by resolve_my_address. */ +static uint32_t last_resolved_addr = 0; + +/** Accessor for last_resolved_addr from outside this file. */ +uint32_t +get_last_resolved_addr(void) +{ + return last_resolved_addr; +} + +/** Reset last_resolved_addr from outside this file. */ +void +reset_last_resolved_addr(void) +{ + last_resolved_addr = 0; +} + +/** + * Attempt getting our non-local (as judged by tor_addr_is_internal() + * function) IP address using following techniques, listed in + * order from best (most desirable, try first) to worst (least + * desirable, try if everything else fails). + * + * First, attempt using <b>options-\>Address</b> to get our + * non-local IP address. + * + * If <b>options-\>Address</b> represents a non-local IP address, + * consider it ours. + * + * If <b>options-\>Address</b> is a DNS name that resolves to + * a non-local IP address, consider this IP address ours. + * + * If <b>options-\>Address</b> is NULL, fall back to getting local + * hostname and using it in above-described ways to try and + * get our IP address. + * + * In case local hostname cannot be resolved to a non-local IP + * address, try getting an IP address of network interface + * in hopes it will be non-local one. + * + * Fail if one or more of the following is true: + * - DNS name in <b>options-\>Address</b> cannot be resolved. + * - <b>options-\>Address</b> is a local host address. + * - Attempt at getting local hostname fails. + * - Attempt at getting network interface address fails. + * + * Return 0 if all is well, or -1 if we can't find a suitable + * public IP address. + * + * If we are returning 0: + * - Put our public IP address (in host order) into *<b>addr_out</b>. + * - If <b>method_out</b> is non-NULL, set *<b>method_out</b> to a static + * string describing how we arrived at our answer. + * - "CONFIGURED" - parsed from IP address string in + * <b>options-\>Address</b> + * - "RESOLVED" - resolved from DNS name in <b>options-\>Address</b> + * - "GETHOSTNAME" - resolved from a local hostname. + * - "INTERFACE" - retrieved from a network interface. + * - If <b>hostname_out</b> is non-NULL, and we resolved a hostname to + * get our address, set *<b>hostname_out</b> to a newly allocated string + * holding that hostname. (If we didn't get our address by resolving a + * hostname, set *<b>hostname_out</b> to NULL.) + * + * XXXX ipv6 + */ +int +resolve_my_address(int warn_severity, const or_options_t *options, + uint32_t *addr_out, + const char **method_out, char **hostname_out) +{ + struct in_addr in; + uint32_t addr; /* host order */ + char hostname[256]; + const char *method_used; + const char *hostname_used; + int explicit_ip=1; + int explicit_hostname=1; + int from_interface=0; + char *addr_string = NULL; + const char *address = options->Address; + int notice_severity = warn_severity <= LOG_NOTICE ? + LOG_NOTICE : warn_severity; + + tor_addr_t myaddr; + tor_assert(addr_out); + + /* + * Step one: Fill in 'hostname' to be our best guess. + */ + + if (address && *address) { + strlcpy(hostname, address, sizeof(hostname)); + log_debug(LD_CONFIG, "Trying configured Address '%s' as local hostname", + hostname); + } else { /* then we need to guess our address */ + explicit_ip = 0; /* it's implicit */ + explicit_hostname = 0; /* it's implicit */ + + if (tor_gethostname(hostname, sizeof(hostname)) < 0) { + log_fn(warn_severity, LD_NET,"Error obtaining local hostname"); + return -1; + } + log_debug(LD_CONFIG, "Guessed local host name as '%s'", hostname); + } + + /* + * Step two: Now that we know 'hostname', parse it or resolve it. If + * it doesn't parse or resolve, look at the interface address. Set 'addr' + * to be our (host-order) 32-bit answer. + */ + + if (tor_inet_aton(hostname, &in) == 0) { + /* then we have to resolve it */ + log_debug(LD_CONFIG, "Local hostname '%s' is DNS address. " + "Trying to resolve to IP address.", hostname); + explicit_ip = 0; + if (tor_lookup_hostname(hostname, &addr)) { /* failed to resolve */ + uint32_t interface_ip; /* host order */ + + if (explicit_hostname) { + log_fn(warn_severity, LD_CONFIG, + "Could not resolve local Address '%s'. Failing.", hostname); + return -1; + } + log_fn(notice_severity, LD_CONFIG, + "Could not resolve guessed local hostname '%s'. " + "Trying something else.", hostname); + if (get_interface_address(warn_severity, &interface_ip)) { + log_fn(warn_severity, LD_CONFIG, + "Could not get local interface IP address. Failing."); + return -1; + } + from_interface = 1; + addr = interface_ip; + log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for " + "local interface. Using that.", fmt_addr32(addr)); + strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname)); + } else { /* resolved hostname into addr */ + tor_addr_from_ipv4h(&myaddr, addr); + + if (!explicit_hostname && + tor_addr_is_internal(&myaddr, 0)) { + tor_addr_t interface_ip; + + log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' " + "resolves to a private IP address (%s). Trying something " + "else.", hostname, fmt_addr32(addr)); + + if (get_interface_address6(warn_severity, AF_INET, &interface_ip)<0) { + log_fn(warn_severity, LD_CONFIG, + "Could not get local interface IP address. Too bad."); + } else if (tor_addr_is_internal(&interface_ip, 0)) { + log_fn(notice_severity, LD_CONFIG, + "Interface IP address '%s' is a private address too. " + "Ignoring.", fmt_addr(&interface_ip)); + } else { + from_interface = 1; + addr = tor_addr_to_ipv4h(&interface_ip); + log_fn(notice_severity, LD_CONFIG, + "Learned IP address '%s' for local interface." + " Using that.", fmt_addr32(addr)); + strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname)); + } + } + } + } else { + log_debug(LD_CONFIG, "Local hostname '%s' is already IP address, " + "skipping DNS resolution", hostname); + addr = ntohl(in.s_addr); /* set addr so that addr_string is not + * illformed */ + } + + /* + * Step three: Check whether 'addr' is an internal IP address, and error + * out if it is and we don't want that. + */ + + tor_addr_from_ipv4h(&myaddr,addr); + + addr_string = tor_dup_ip(addr); + if (addr_string && tor_addr_is_internal(&myaddr, 0)) { + /* make sure we're ok with publishing an internal IP */ + if (using_default_dir_authorities(options)) { + /* if they are using the default authorities, disallow internal IPs + * always. For IPv6 ORPorts, this check is done in + * router_get_advertised_ipv6_or_ap(). See #33681. */ + log_fn(warn_severity, LD_CONFIG, + "Address '%s' resolves to private IP address '%s'. " + "Tor servers that use the default DirAuthorities must have " + "public IP addresses.", hostname, addr_string); + tor_free(addr_string); + return -1; + } + if (!explicit_ip) { + /* even if they've set their own authorities, require an explicit IP if + * they're using an internal address. */ + log_fn(warn_severity, LD_CONFIG, "Address '%s' resolves to private " + "IP address '%s'. Please set the Address config option to be " + "the IP address you want to use.", hostname, addr_string); + tor_free(addr_string); + return -1; + } + } + + /* + * Step four: We have a winner! 'addr' is our answer for sure, and + * 'addr_string' is its string form. Fill out the various fields to + * say how we decided it. + */ + + log_debug(LD_CONFIG, "Resolved Address to '%s'.", addr_string); + + if (explicit_ip) { + method_used = "CONFIGURED"; + hostname_used = NULL; + } else if (explicit_hostname) { + method_used = "RESOLVED"; + hostname_used = hostname; + } else if (from_interface) { + method_used = "INTERFACE"; + hostname_used = NULL; + } else { + method_used = "GETHOSTNAME"; + hostname_used = hostname; + } + + *addr_out = addr; + if (method_out) + *method_out = method_used; + if (hostname_out) + *hostname_out = hostname_used ? tor_strdup(hostname_used) : NULL; + + /* + * Step five: Check if the answer has changed since last time (or if + * there was no last time), and if so call various functions to keep + * us up-to-date. + */ + + if (last_resolved_addr && last_resolved_addr != *addr_out) { + /* Leave this as a notice, regardless of the requested severity, + * at least until dynamic IP address support becomes bulletproof. */ + log_notice(LD_NET, + "Your IP address seems to have changed to %s " + "(METHOD=%s%s%s). Updating.", + addr_string, method_used, + hostname_used ? " HOSTNAME=" : "", + hostname_used ? hostname_used : ""); + ip_address_changed(0); + } + + if (last_resolved_addr != *addr_out) { + control_event_server_status(LOG_NOTICE, + "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s%s%s", + addr_string, method_used, + hostname_used ? " HOSTNAME=" : "", + hostname_used ? hostname_used : ""); + } + last_resolved_addr = *addr_out; + + /* + * And finally, clean up and return success. + */ + + tor_free(addr_string); + return 0; +} + +/** Return true iff <b>addr</b> is judged to be on the same network as us, or + * on a private network. + */ +MOCK_IMPL(int, +is_local_addr, (const tor_addr_t *addr)) +{ + if (tor_addr_is_internal(addr, 0)) + return 1; + /* Check whether ip is on the same /24 as we are. */ + if (get_options()->EnforceDistinctSubnets == 0) + return 0; + if (tor_addr_family(addr) == AF_INET) { + uint32_t ip = tor_addr_to_ipv4h(addr); + + /* It's possible that this next check will hit before the first time + * resolve_my_address actually succeeds. (For clients, it is likely that + * resolve_my_address will never be called at all). In those cases, + * last_resolved_addr will be 0, and so checking to see whether ip is on + * the same /24 as last_resolved_addr will be the same as checking whether + * it was on net 0, which is already done by tor_addr_is_internal. + */ + if ((last_resolved_addr & (uint32_t)0xffffff00ul) + == (ip & (uint32_t)0xffffff00ul)) + return 1; + } + return 0; +} diff --git a/src/app/config/resolve_addr.h b/src/app/config/resolve_addr.h new file mode 100644 index 0000000000..3747546402 --- /dev/null +++ b/src/app/config/resolve_addr.h @@ -0,0 +1,28 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file resolve_addr.h + * \brief Header file for resolve_addr.c. + **/ + +#ifndef TOR_CONFIG_RESOLVE_ADDR_H +#define TOR_CONFIG_RESOLVE_ADDR_H + +#include "app/config/or_options_st.h" + +int resolve_my_address(int warn_severity, const or_options_t *options, + uint32_t *addr_out, + const char **method_out, char **hostname_out); + +uint32_t get_last_resolved_addr(void); +void reset_last_resolved_addr(void); + +MOCK_DECL(int, is_local_addr, (const tor_addr_t *addr)); + +#ifdef RESOLVE_ADDR_PRIVATE + +#endif /* RESOLVE_ADDR_PRIVATE */ + +#endif /* TOR_CONFIG_RESOLVE_ADDR_H */ + diff --git a/src/app/config/testnet.inc b/src/app/config/testnet.inc index f146a03cd1..907c35f97c 100644 --- a/src/app/config/testnet.inc +++ b/src/app/config/testnet.inc @@ -1,3 +1,5 @@ +// When modifying, don't forget to update the defaults +// for 'TestingTorNetwork' in 'doc/tor.1.txt' { "DirAllowPrivateAddresses", "1" }, { "EnforceDistinctSubnets", "0" }, { "AssumeReachable", "1" }, diff --git a/src/app/main/main.c b/src/app/main/main.c index 689bc526ab..dc39611f98 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -294,6 +294,19 @@ process_signal(int sig) } } +#ifdef _WIN32 +/** Activate SIGINT on reciving a control signal in console */ +static BOOL WINAPI +process_win32_console_ctrl(DWORD ctrl_type) +{ + /* Ignore type of the ctrl signal */ + (void) ctrl_type; + + activate_signal(SIGINT); + return TRUE; +} +#endif + /** * Write current memory usage information to the log. */ @@ -414,6 +427,7 @@ dumpstats(int severity) rep_hist_dump_stats(now,severity); rend_service_dump_stats(severity); + hs_service_dump_stats(severity); } #ifdef _WIN32 @@ -496,6 +510,13 @@ handle_signals(void) &signal_handlers[i].signal_value); } } + +#ifdef _WIN32 + /* Windows lacks traditional POSIX signals but WinAPI provides a function + * to handle control signals like Ctrl+C in the console, we can use this to + * simulate the SIGINT signal */ + if (enabled) SetConsoleCtrlHandler(process_win32_console_ctrl, TRUE); +#endif } /* Cause the signal handler for signal_num to be called in the event loop. */ diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index db59e6b28d..a8417e46d9 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -67,6 +67,7 @@ */ #define CHANNEL_OBJECT_PRIVATE #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "core/mainloop/connection.h" #include "core/mainloop/mainloop.h" #include "core/mainloop/netstatus.h" diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index 484727268c..395fbf3455 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -45,6 +45,7 @@ #include "core/or/circuitmux_ewma.h" #include "core/or/command.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "core/mainloop/connection.h" #include "core/or/connection_or.h" #include "feature/relay/relay_handshake.h" @@ -1238,7 +1239,7 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn) /* But that should be happening any longer've disabled bufferevents. */ tor_assert_nonfatal_unreached_once(); - /* fall through */ + FALLTHROUGH; case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: if (!(command_allowed_before_handshake(var_cell->command))) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index 233ea9bd08..be8ec6f3cb 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -1867,7 +1867,7 @@ choose_good_exit_server(origin_circuit_t *circ, /* For these three, we want to pick the exit like a middle hop, * since it should be random. */ tor_assert_nonfatal(is_internal); - /* Falls through */ + FALLTHROUGH; case CIRCUIT_PURPOSE_C_GENERAL: if (is_internal) /* pick it like a middle hop */ return router_choose_random_node(NULL, options->ExcludeNodes, flags); diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index bfee4104ee..a69b7cbbe5 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -846,7 +846,7 @@ circuit_purpose_to_controller_hs_state_string(uint8_t purpose) "Unrecognized circuit purpose: %d", (int)purpose); tor_fragile_assert(); - /* fall through */ + FALLTHROUGH; case CIRCUIT_PURPOSE_OR: case CIRCUIT_PURPOSE_C_GENERAL: diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index 71063dc729..7358817531 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -548,9 +548,10 @@ circuit_expire_building(void) MAX(get_circuit_build_close_time_ms()*2 + 1000, options->SocksTimeout * 1000)); + bool fixed_time = circuit_build_times_disabled(get_options()); + SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *,victim) { struct timeval cutoff; - bool fixed_time = circuit_build_times_disabled(get_options()); if (!CIRCUIT_IS_ORIGIN(victim) || /* didn't originate here */ victim->marked_for_close) /* don't mess with marked circs */ @@ -780,7 +781,7 @@ circuit_expire_building(void) if (!hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) { break; } - /* fallthrough! */ + FALLTHROUGH; case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT: case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: /* If we have reached this line, we want to spare the circ for now. */ diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 803bd82fc8..fc77db8334 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -307,7 +307,7 @@ connection_edge_process_inbuf(edge_connection_t *conn, int package_partial) note_user_activity(approx_time()); } - /* falls through. */ + FALLTHROUGH; case EXIT_CONN_STATE_OPEN: if (connection_edge_package_raw_inbuf(conn, package_partial, NULL) < 0) { /* (We already sent an end cell if possible) */ @@ -332,7 +332,7 @@ connection_edge_process_inbuf(edge_connection_t *conn, int package_partial) } /* Fall through if the connection is on a circuit without optimistic * data support. */ - /* Falls through. */ + FALLTHROUGH; case EXIT_CONN_STATE_CONNECTING: case AP_CONN_STATE_RENDDESC_WAIT: case AP_CONN_STATE_CIRCUIT_WAIT: @@ -781,7 +781,7 @@ connection_edge_flushed_some(edge_connection_t *conn) note_user_activity(approx_time()); } - /* falls through. */ + FALLTHROUGH; case EXIT_CONN_STATE_OPEN: sendme_connection_edge_consider_sending(conn); break; @@ -1658,9 +1658,11 @@ parse_extended_hostname(char *address, hostname_type_t *type_out) failed: /* otherwise, return to previous state and return 0 */ *s = '.'; + const bool is_onion = (*type_out == ONION_V2_HOSTNAME) || + (*type_out == ONION_V3_HOSTNAME); log_warn(LD_APP, "Invalid %shostname %s; rejecting", - (*type_out == (ONION_V2_HOSTNAME || ONION_V3_HOSTNAME) ? "onion " : ""), - safe_str_client(address)); + is_onion ? "onion " : "", + safe_str_client(address)); return false; } @@ -3457,8 +3459,9 @@ tell_controller_about_resolved_result(entry_connection_t *conn, expires = time(NULL) + ttl; if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) { char *cp = tor_dup_ip(ntohl(get_uint32(answer))); - control_event_address_mapped(conn->socks_request->address, - cp, expires, NULL, 0); + if (cp) + control_event_address_mapped(conn->socks_request->address, + cp, expires, NULL, 0); tor_free(cp); } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) { char *cp = tor_strndup(answer, answer_len); diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index 53a093e138..5d71b363f8 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -661,6 +661,7 @@ connection_or_finished_flushing(or_connection_t *conn) } break; } + break; case OR_CONN_STATE_OPEN: case OR_CONN_STATE_OR_HANDSHAKING_V2: case OR_CONN_STATE_OR_HANDSHAKING_V3: diff --git a/src/core/or/crypt_path.c b/src/core/or/crypt_path.c index 9296b00208..8f41540848 100644 --- a/src/core/or/crypt_path.c +++ b/src/core/or/crypt_path.c @@ -113,7 +113,7 @@ cpath_assert_layer_ok(const crypt_path_t *cp) { case CPATH_STATE_OPEN: relay_crypto_assert_ok(&cp->pvt_crypto); - /* fall through */ + FALLTHROUGH; case CPATH_STATE_CLOSED: /*XXXX Assert that there's no handshake_state either. */ tor_assert(!cp->rend_dh_handshake_state); diff --git a/src/core/or/onion.c b/src/core/or/onion.c index 7b8f3c61fc..a3b5c6922d 100644 --- a/src/core/or/onion.c +++ b/src/core/or/onion.c @@ -526,7 +526,7 @@ create_cell_format_impl(cell_t *cell_out, const create_cell_t *cell_in, p += 16; space -= 16; } - /* Fall through */ + FALLTHROUGH; case CELL_CREATE_FAST: tor_assert(cell_in->handshake_len <= space); memcpy(p, cell_in->onionskin, cell_in->handshake_len); diff --git a/src/core/or/policies.c b/src/core/or/policies.c index ea803f393d..2bf2dc7005 100644 --- a/src/core/or/policies.c +++ b/src/core/or/policies.c @@ -2775,7 +2775,7 @@ parse_short_policy(const char *summary) switch (*next) { case ',': ++next; - /* fall through */ + FALLTHROUGH; case '\0': high = low; break; diff --git a/src/core/or/reasons.c b/src/core/or/reasons.c index b60dfdf275..7da7843cab 100644 --- a/src/core/or/reasons.c +++ b/src/core/or/reasons.c @@ -489,7 +489,7 @@ end_reason_to_http_connect_response_line(int endreason) return "HTTP/1.0 502 Bad Gateway (tor protocol violation)\r\n\r\n"; case END_STREAM_REASON_ENTRYPOLICY: return "HTTP/1.0 403 Forbidden (entry policy violation)\r\n\r\n"; - case END_STREAM_REASON_NOTDIRECTORY: /* Fall Through */ + case END_STREAM_REASON_NOTDIRECTORY: FALLTHROUGH; default: tor_assert_nonfatal_unreached(); return "HTTP/1.0 500 Internal Server Error (weird end reason)\r\n\r\n"; diff --git a/src/core/or/relay.c b/src/core/or/relay.c index b831af0ac3..75d2d479e7 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -941,7 +941,7 @@ connection_ap_process_end_not_open( break; /* break means it'll close, below */ /* Else fall through: expire this circuit, clear the * chosen_exit_name field, and try again. */ - /* Falls through. */ + FALLTHROUGH; case END_STREAM_REASON_RESOLVEFAILED: case END_STREAM_REASON_TIMEOUT: case END_STREAM_REASON_MISC: diff --git a/src/core/or/scheduler.c b/src/core/or/scheduler.c index 6633ccfe1f..ff58f9ca5b 100644 --- a/src/core/or/scheduler.c +++ b/src/core/or/scheduler.c @@ -191,7 +191,7 @@ get_scheduler_type_string(scheduler_types_t type) case SCHEDULER_KIST_LITE: return "KISTLite"; case SCHEDULER_NONE: - /* fallthrough */ + FALLTHROUGH; default: tor_assert_unreached(); return "(N/A)"; @@ -287,7 +287,7 @@ select_scheduler(void) scheduler_kist_set_lite_mode(); goto end; case SCHEDULER_NONE: - /* fallthrough */ + FALLTHROUGH; default: /* Our option validation should have caught this. */ tor_assert_unreached(); diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c index db3e2e94fd..788f56088c 100644 --- a/src/core/or/sendme.c +++ b/src/core/or/sendme.c @@ -293,7 +293,7 @@ send_circuit_level_sendme(circuit_t *circ, crypt_path_t *layer_hint, log_debug(LD_PROTOCOL, "Emitting SENDME version 1 cell."); break; case 0x00: - /* Fallthrough because default is to use v0. */ + FALLTHROUGH; default: /* Unknown version, fallback to version 0 meaning no payload. */ payload_len = 0; diff --git a/src/core/or/versions.c b/src/core/or/versions.c index 11e2504e19..2f8cbac0e9 100644 --- a/src/core/or/versions.c +++ b/src/core/or/versions.c @@ -296,7 +296,7 @@ tor_version_parse(const char *s, tor_version_t *out) return -1; hexlen = (int)(close_paren-cp); memwipe(digest, 0, sizeof(digest)); - if ( hexlen == 0 || (hexlen % 2) == 1) + if (hexlen == 0 || (hexlen % 2) == 1) return -1; if (base16_decode(digest, hexlen/2, cp, hexlen) != hexlen/2) return -1; diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index c7d2af3d97..198195c0ae 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -860,7 +860,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, case SOCKS_RESULT_TRUNCATED: if (datalen == n_pullup) return 0; - /* FALLTHRU */ + FALLTHROUGH; case SOCKS_RESULT_MORE_EXPECTED: res = 0; break; @@ -966,7 +966,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, strlcpy((char*)req->reply, SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG, MAX_SOCKS_REPLY_LEN); req->replylen = strlen((char*)req->reply)+1; - /* fall through */ + FALLTHROUGH; default: /* version is not socks4 or socks5 */ log_warn(LD_APP, "Socks version %d not recognized. (This port is not an " @@ -1071,7 +1071,10 @@ parse_socks_client(const uint8_t *data, size_t datalen, log_info(LD_NET, "SOCKS 5 client: need authentication."); *drain_out = -1; return 2; - /* fall through */ + default: + /* This wasn't supposed to be exhaustive; there are other + * authentication methods too. */ + ; } *reason = tor_strdup("server doesn't support any of our available " diff --git a/src/core/stA1RajU b/src/core/stA1RajU new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/src/core/stA1RajU diff --git a/src/core/stiysZND b/src/core/stiysZND Binary files differnew file mode 100644 index 0000000000..faa365b769 --- /dev/null +++ b/src/core/stiysZND diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c index faa52ae4e1..e0f5b2e5c9 100644 --- a/src/ext/csiphash.c +++ b/src/ext/csiphash.c @@ -95,13 +95,13 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k } #else switch (src_sz - blocks) { - case 7: last7 |= (uint64_t)m[i + 6] << 48; /* Falls through. */ - case 6: last7 |= (uint64_t)m[i + 5] << 40; /* Falls through. */ - case 5: last7 |= (uint64_t)m[i + 4] << 32; /* Falls through. */ - case 4: last7 |= (uint64_t)m[i + 3] << 24; /* Falls through. */ - case 3: last7 |= (uint64_t)m[i + 2] << 16; /* Falls through. */ - case 2: last7 |= (uint64_t)m[i + 1] << 8; /* Falls through. */ - case 1: last7 |= (uint64_t)m[i + 0] ; /* Falls through. */ + case 7: last7 |= (uint64_t)m[i + 6] << 48; FALLTHROUGH; + case 6: last7 |= (uint64_t)m[i + 5] << 40; FALLTHROUGH; + case 5: last7 |= (uint64_t)m[i + 4] << 32; FALLTHROUGH; + case 4: last7 |= (uint64_t)m[i + 3] << 24; FALLTHROUGH; + case 3: last7 |= (uint64_t)m[i + 2] << 16; FALLTHROUGH; + case 2: last7 |= (uint64_t)m[i + 1] << 8; FALLTHROUGH; + case 1: last7 |= (uint64_t)m[i + 0] ; FALLTHROUGH; case 0: default:; } diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c index 7f5ab398d8..a5bb6f4e21 100644 --- a/src/ext/ed25519/donna/ed25519_tor.c +++ b/src/ext/ed25519/donna/ed25519_tor.c @@ -35,6 +35,9 @@ #define ED25519_FN(fn) ED25519_FN2(fn,ED25519_SUFFIX) #include "orconfig.h" + +#include "lib/cc/compat_compiler.h" + #include "ed25519-donna.h" #include "ed25519_donna_tor.h" #include "ed25519-randombytes.h" @@ -366,4 +369,3 @@ ed25519_donna_scalarmult_with_group_order(unsigned char *out, } #include "test-internals.c" - diff --git a/src/ext/ed25519/donna/modm-donna-32bit.h b/src/ext/ed25519/donna/modm-donna-32bit.h index 0ef9e58fa1..5934d9ca9d 100644 --- a/src/ext/ed25519/donna/modm-donna-32bit.h +++ b/src/ext/ed25519/donna/modm-donna-32bit.h @@ -385,14 +385,14 @@ sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm size_t i = 0; bignum256modm_element_t carry = 0; switch (limbsize) { - case 8: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 7: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 6: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 5: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 4: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ - case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; /* Falls through. */ + case 8: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 7: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 6: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 5: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 4: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; + case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++; FALLTHROUGH; case 0: default: out[i] = (a[i] - b[i]) - carry; } @@ -403,14 +403,14 @@ sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm static int lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) { switch (limbsize) { - case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; /* Falls through. */ - case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; /* Falls through. */ - case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; /* Falls through. */ - case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; /* Falls through. */ - case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; /* Falls through. */ - case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; /* Falls through. */ - case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; /* Falls through. */ - case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; /* Falls through. */ + case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; FALLTHROUGH; + case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; FALLTHROUGH; + case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; FALLTHROUGH; + case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; FALLTHROUGH; + case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; FALLTHROUGH; + case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; FALLTHROUGH; + case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; FALLTHROUGH; + case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; FALLTHROUGH; case 0: if (a[0] > b[0]) return 0; if (a[0] < b[0]) return 1; } return 0; @@ -420,14 +420,14 @@ lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) static int lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) { switch (limbsize) { - case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; /* Falls through. */ - case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; /* Falls through. */ - case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; /* Falls through. */ - case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; /* Falls through. */ - case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; /* Falls through. */ - case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; /* Falls through. */ - case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; /* Falls through. */ - case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; /* Falls through. */ + case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1; FALLTHROUGH; + case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1; FALLTHROUGH; + case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1; FALLTHROUGH; + case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1; FALLTHROUGH; + case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1; FALLTHROUGH; + case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1; FALLTHROUGH; + case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1; FALLTHROUGH; + case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1; FALLTHROUGH; case 0: if (a[0] > b[0]) return 0; if (a[0] < b[0]) return 1; } return 1; diff --git a/src/ext/ed25519/donna/modm-donna-64bit.h b/src/ext/ed25519/donna/modm-donna-64bit.h index 06c98e3039..aa361afdbc 100644 --- a/src/ext/ed25519/donna/modm-donna-64bit.h +++ b/src/ext/ed25519/donna/modm-donna-64bit.h @@ -294,10 +294,10 @@ sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm size_t i = 0; bignum256modm_element_t carry = 0; switch (limbsize) { - case 4: out[i] = (a[i] - b[i]) ; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ - case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ - case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ - case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; /* Falls through. */ + case 4: out[i] = (a[i] - b[i]) ; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; + case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; + case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; + case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++; FALLTHROUGH; case 0: default: out[i] = (a[i] - b[i]) - carry; } @@ -310,10 +310,10 @@ lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) size_t i = 0; bignum256modm_element_t t, carry = 0; switch (limbsize) { - case 4: t = (a[i] - b[i]) ; carry = (t >> 63); i++; /* Falls through. */ - case 3: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 2: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 1: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ + case 4: t = (a[i] - b[i]) ; carry = (t >> 63); i++; FALLTHROUGH; + case 3: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 2: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 1: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; case 0: t = (a[i] - b[i]) - carry; carry = (t >> 63); } return (int)carry; @@ -325,10 +325,10 @@ lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) size_t i = 0; bignum256modm_element_t t, carry = 0; switch (limbsize) { - case 4: t = (b[i] - a[i]) ; carry = (t >> 63); i++; /* Falls through. */ - case 3: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 2: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ - case 1: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; /* Falls through. */ + case 4: t = (b[i] - a[i]) ; carry = (t >> 63); i++; FALLTHROUGH; + case 3: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 2: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; + case 1: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++; FALLTHROUGH; case 0: t = (b[i] - a[i]) - carry; carry = (t >> 63); } return (int)!carry; diff --git a/src/feature/client/circpathbias.c b/src/feature/client/circpathbias.c index 4ac5cb8fc9..74260171fe 100644 --- a/src/feature/client/circpathbias.c +++ b/src/feature/client/circpathbias.c @@ -826,6 +826,11 @@ pathbias_send_usable_probe(circuit_t *circ) ocirc->pathbias_probe_nonce &= 0x00ffffff; probe_nonce = tor_dup_ip(ocirc->pathbias_probe_nonce); + if (!probe_nonce) { + log_err(LD_BUG, "Failed to generate nonce"); + return -1; + } + tor_snprintf(payload,RELAY_PAYLOAD_SIZE, "%s:25", probe_nonce); payload_len = (int)strlen(payload)+1; diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 2843558e93..ded7db969a 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -2265,7 +2265,7 @@ entry_guards_note_guard_success(guard_selection_t *gs, break; default: tor_assert_nonfatal_unreached(); - /* Fall through. */ + FALLTHROUGH; case GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD: if (guard->is_primary) { /* XXXX #20832 -- I don't actually like this logic. It seems to make @@ -3454,10 +3454,16 @@ entry_guards_update_state(or_state_t *state) entry_guards_dirty = 0; } -/** Return true iff the circuit's guard can succeed that is can be used. */ +/** Return true iff the circuit's guard can succeed, that is, can be used. */ int entry_guard_could_succeed(const circuit_guard_state_t *guard_state) { + if (get_options()->UseEntryGuards == 0) { + /* we're fine with this circuit's first hop, because we're not + * configured to use entry guards. */ + return 1; + } + if (!guard_state) { return 0; } diff --git a/src/feature/client/transports.c b/src/feature/client/transports.c index 55069bb60a..2bdc0ae151 100644 --- a/src/feature/client/transports.c +++ b/src/feature/client/transports.c @@ -97,6 +97,7 @@ #include "core/or/circuitbuild.h" #include "feature/client/transports.h" #include "feature/relay/router.h" +#include "feature/relay/relay_find_addr.h" /* 31851: split the server transport code out of the client module */ #include "feature/relay/transport_config.h" #include "app/config/statefile.h" diff --git a/src/feature/control/btrack_orconn_cevent.c b/src/feature/control/btrack_orconn_cevent.c index c5de473d0f..d11be59280 100644 --- a/src/feature/control/btrack_orconn_cevent.c +++ b/src/feature/control/btrack_orconn_cevent.c @@ -147,6 +147,7 @@ bto_cevent_apconn(const bt_orconn_t *bto) break; case OR_CONN_STATE_OPEN: control_event_bootstrap(BOOTSTRAP_STATUS_AP_HANDSHAKE_DONE, 0); + break; default: break; } diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c index cdefef97e1..d9a38011de 100644 --- a/src/feature/control/control_cmd.c +++ b/src/feature/control/control_cmd.c @@ -1904,7 +1904,7 @@ handle_control_add_onion(control_connection_t *conn, case RSAE_BADAUTH: control_write_endreply(conn, 512, "Invalid client authorization"); break; - case RSAE_INTERNAL: /* FALLSTHROUGH */ + case RSAE_INTERNAL: FALLTHROUGH; default: control_write_endreply(conn, 551, "Failed to add Onion Service"); } diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index 39113b5712..c2557e164c 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -44,6 +44,7 @@ #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerinfo.h" #include "feature/nodelist/routerlist.h" +#include "feature/relay/relay_find_addr.h" #include "feature/relay/router.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" @@ -136,6 +137,7 @@ getinfo_helper_misc(control_connection_t *conn, const char *question, return -1; } *answer = tor_dup_ip(addr); + tor_assert_nonfatal(*answer); } else if (!strcmp(question, "traffic/read")) { tor_asprintf(answer, "%"PRIu64, (get_bytes_read())); } else if (!strcmp(question, "traffic/written")) { @@ -1334,8 +1336,22 @@ getinfo_helper_events(control_connection_t *control_conn, } routerinfo_t *r; extrainfo_t *e; - if (router_build_fresh_descriptor(&r, &e) < 0) { - *errmsg = "Error generating descriptor"; + int result; + if ((result = router_build_fresh_descriptor(&r, &e)) < 0) { + switch (result) { + case TOR_ROUTERINFO_ERROR_NO_EXT_ADDR: + *errmsg = "Cannot get relay address while generating descriptor"; + break; + case TOR_ROUTERINFO_ERROR_DIGEST_FAILED: + *errmsg = "Key digest failed"; + break; + case TOR_ROUTERINFO_ERROR_CANNOT_GENERATE: + *errmsg = "Cannot generate router descriptor"; + break; + default: + *errmsg = "Error generating descriptor"; + break; + } return -1; } size_t size = r->cache_info.signed_descriptor_len + 1; diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index 38d2a8bc5a..a0b6de7eca 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -20,6 +20,7 @@ /* Required for dirinfo_type_t in or_options_t */ #include "core/or/or.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "feature/dirauth/voting_schedule.h" #include "feature/stats/rephist.h" diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 7eb2b720a6..85a23a12f6 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -6,6 +6,7 @@ #define DIRVOTE_PRIVATE #include "core/or/or.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "core/or/policies.h" #include "core/or/protover.h" #include "core/or/tor_version_st.h" @@ -321,43 +322,47 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, tor_free(digest_algo_b64_digest_bw_file); } - smartlist_add_asprintf(chunks, - "network-status-version 3\n" - "vote-status %s\n" - "consensus-methods %s\n" - "published %s\n" - "valid-after %s\n" - "fresh-until %s\n" - "valid-until %s\n" - "voting-delay %d %d\n" - "%s%s" /* versions */ - "%s" /* protocols */ - "known-flags %s\n" - "flag-thresholds %s\n" - "params %s\n" - "%s" /* bandwidth file headers */ - "%s" /* bandwidth file digest */ - "dir-source %s %s %s %s %d %d\n" - "contact %s\n" - "%s" /* shared randomness information */ - , - v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", - methods, - published, va, fu, vu, - v3_ns->vote_seconds, v3_ns->dist_seconds, - client_versions_line, - server_versions_line, - protocols_lines, - flags, - flag_thresholds, - params, - bw_headers_line ? bw_headers_line : "", - bw_file_digest ? bw_file_digest: "", - voter->nickname, fingerprint, voter->address, - fmt_addr32(addr), voter->dir_port, voter->or_port, - voter->contact, - shared_random_vote_str ? - shared_random_vote_str : ""); + const char *ip_str = fmt_addr32(addr); + + if (ip_str[0]) { + smartlist_add_asprintf(chunks, + "network-status-version 3\n" + "vote-status %s\n" + "consensus-methods %s\n" + "published %s\n" + "valid-after %s\n" + "fresh-until %s\n" + "valid-until %s\n" + "voting-delay %d %d\n" + "%s%s" /* versions */ + "%s" /* protocols */ + "known-flags %s\n" + "flag-thresholds %s\n" + "params %s\n" + "%s" /* bandwidth file headers */ + "%s" /* bandwidth file digest */ + "dir-source %s %s %s %s %d %d\n" + "contact %s\n" + "%s" /* shared randomness information */ + , + v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", + methods, + published, va, fu, vu, + v3_ns->vote_seconds, v3_ns->dist_seconds, + client_versions_line, + server_versions_line, + protocols_lines, + flags, + flag_thresholds, + params, + bw_headers_line ? bw_headers_line : "", + bw_file_digest ? bw_file_digest: "", + voter->nickname, fingerprint, voter->address, + ip_str, voter->dir_port, voter->or_port, + voter->contact, + shared_random_vote_str ? + shared_random_vote_str : ""); + } tor_free(params); tor_free(flags); @@ -367,6 +372,9 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, tor_free(bw_headers_line); tor_free(bw_file_digest); + if (ip_str[0] == '\0') + goto err; + if (!tor_digest_is_zero(voter->legacy_id_digest)) { char fpbuf[HEX_DIGEST_LEN+1]; base16_encode(fpbuf, sizeof(fpbuf), voter->legacy_id_digest, DIGEST_LEN); @@ -4493,6 +4501,11 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, hostname = tor_dup_ip(addr); } + if (!hostname) { + log_err(LD_BUG, "Failed to determine hostname AND duplicate address"); + return NULL; + } + if (d_options->VersioningAuthoritativeDirectory) { client_versions = format_recommended_version_list(d_options->RecommendedClientVersions, 0); diff --git a/src/feature/dirauth/keypin.c b/src/feature/dirauth/keypin.c index 98584a7d42..5072a58573 100644 --- a/src/feature/dirauth/keypin.c +++ b/src/feature/dirauth/keypin.c @@ -265,7 +265,7 @@ keypin_add_or_replace_entry_in_map(keypin_ent_t *ent) } tor_free(ent2); r = -1; - /* Fall through */ + /* Note lack of return here: we fall through to the next line. */ } keypin_add_entry_to_map(ent); diff --git a/src/feature/dirauth/shared_random_state.c b/src/feature/dirauth/shared_random_state.c index 598d781557..07bc757506 100644 --- a/src/feature/dirauth/shared_random_state.c +++ b/src/feature/dirauth/shared_random_state.c @@ -1041,8 +1041,9 @@ sr_state_set_valid_after(time_t valid_after) sr_phase_t sr_state_get_phase(void) { - void *ptr; + void *ptr=NULL; state_query(SR_STATE_ACTION_GET, SR_STATE_OBJ_PHASE, NULL, &ptr); + tor_assert(ptr); return *(sr_phase_t *) ptr; } diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c index 4f7f209207..ca127720f2 100644 --- a/src/feature/dircache/dircache.c +++ b/src/feature/dircache/dircache.c @@ -13,6 +13,7 @@ #include "core/or/or.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "core/mainloop/connection.h" #include "core/or/relay.h" #include "feature/dirauth/dirvote.h" diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c index 2072dddadd..ae1e018df2 100644 --- a/src/feature/dirclient/dirclient.c +++ b/src/feature/dirclient/dirclient.c @@ -44,6 +44,7 @@ #include "feature/nodelist/routerinfo.h" #include "feature/nodelist/routerlist.h" #include "feature/nodelist/routerset.h" +#include "feature/relay/relay_find_addr.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" #include "feature/rend/rendcache.h" @@ -1367,7 +1368,7 @@ directory_initiate_request,(directory_request_t *request)) case 1: /* start flushing conn */ conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING; - /* fall through */ + FALLTHROUGH; case 0: /* queue the command on the outbuf */ directory_send_command(conn, 1, request); diff --git a/src/feature/dirclient/dirclient_modes.c b/src/feature/dirclient/dirclient_modes.c index 23fd1a2f6e..31a3f8af58 100644 --- a/src/feature/dirclient/dirclient_modes.c +++ b/src/feature/dirclient/dirclient_modes.c @@ -16,6 +16,7 @@ #include "feature/dirclient/dirclient_modes.h" #include "feature/dircache/dirserv.h" +#include "feature/relay/relay_find_addr.h" #include "feature/relay/router.h" #include "feature/relay/routermode.h" #include "feature/stats/predict_ports.h" diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c index 0c63cd4846..ab465c4d7f 100644 --- a/src/feature/dirparse/parsecommon.c +++ b/src/feature/dirparse/parsecommon.c @@ -222,7 +222,7 @@ token_check_object(memarea_t *area, const char *kwd, kwd, crypto_pk_num_bits(tok->key)); RET_ERR(ebuf); } - /* fall through */ + FALLTHROUGH; case NEED_KEY: /* There must be some kind of key. */ if (!tok->key) { tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd); diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 4140dee8d2..c3697d0c1d 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1435,7 +1435,7 @@ client_desc_missing_bad_client_auth(const smartlist_t *entry_conns, /* We should not be called with another type of status. Recover by * sending a generic error. */ tor_assert_nonfatal_unreached(); - code = HS_DESC_DECODE_GENERIC_ERROR; + code = SOCKS5_GENERAL_ERROR; } entry_conn->socks_request->socks_extended_error_code = code; connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_MISC); diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index b64ab0a1c3..1f7415a280 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -196,7 +196,9 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ) goto allow; } - /* Fallthrough is to disallow since this means the bucket has reached 0. */ + /* If we reach this point, then it means the bucket has reached zero, and + we're going to disallow. */ + disallow: /* Increment stats counter, we are rejecting the INTRO2 cell. */ intro2_rejected_count++; diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 5b8f661832..a42879a48f 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3115,7 +3115,7 @@ log_cant_upload_desc(const hs_service_t *service, * control that value in the code flow but will be apparent during * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not * updated. */ - if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX || reason < 0)) { + if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX)) { return; } @@ -4103,6 +4103,50 @@ hs_service_load_all_keys(void) return -1; } +/** Log the status of introduction points for all version 3 onion services + * at log severity <b>severity</b>. + */ +void +hs_service_dump_stats(int severity) +{ + origin_circuit_t *circ; + + FOR_EACH_SERVICE_BEGIN(hs) { + + tor_log(severity, LD_GENERAL, "Service configured in %s:", + service_escaped_dir(hs)); + FOR_EACH_DESCRIPTOR_BEGIN(hs, desc) { + + DIGEST256MAP_FOREACH(desc->intro_points.map, key, + hs_service_intro_point_t *, ip) { + const node_t *intro_node; + const char *nickname; + + intro_node = get_node_from_intro_point(ip); + if (!intro_node) { + tor_log(severity, LD_GENERAL, " Couldn't find intro point, " + "skipping"); + continue; + } + nickname = node_get_nickname(intro_node); + if (!nickname) { + continue; + } + + circ = hs_circ_service_get_intro_circ(ip); + if (!circ) { + tor_log(severity, LD_GENERAL, " Intro point at %s: no circuit", + nickname); + continue; + } + tor_log(severity, LD_GENERAL, " Intro point %s: circuit is %s", + nickname, circuit_state_to_string(circ->base_.state)); + } DIGEST256MAP_FOREACH_END; + + } FOR_EACH_DESCRIPTOR_END; + } FOR_EACH_SERVICE_END; +} + /** Put all service object in the given service list. After this, the caller * looses ownership of every elements in the list and responsible to free the * list pointer. */ diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h index 0f6a2c2358..b5bff5bee5 100644 --- a/src/feature/hs/hs_service.h +++ b/src/feature/hs/hs_service.h @@ -373,6 +373,8 @@ void hs_service_upload_desc_to_dir(const char *encoded_desc, hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk); +void hs_service_dump_stats(int severity); + #ifdef HS_SERVICE_PRIVATE #ifdef TOR_UNIT_TESTS diff --git a/src/feature/nodelist/authcert.c b/src/feature/nodelist/authcert.c index 9c7525b6e2..97e44d53e3 100644 --- a/src/feature/nodelist/authcert.c +++ b/src/feature/nodelist/authcert.c @@ -464,11 +464,13 @@ trusted_dirs_load_certs_from_string(const char *contents, int source, (ds->addr != cert->addr || ds->dir_port != cert->dir_port)) { char *a = tor_dup_ip(cert->addr); - log_notice(LD_DIR, "Updating address for directory authority %s " - "from %s:%d to %s:%d based on certificate.", - ds->nickname, ds->address, (int)ds->dir_port, - a, cert->dir_port); - tor_free(a); + if (a) { + log_notice(LD_DIR, "Updating address for directory authority %s " + "from %s:%d to %s:%d based on certificate.", + ds->nickname, ds->address, (int)ds->dir_port, + a, cert->dir_port); + tor_free(a); + } ds->addr = cert->addr; ds->dir_port = cert->dir_port; } diff --git a/src/feature/nodelist/dirlist.c b/src/feature/nodelist/dirlist.c index ad3af0a143..33d1bfc4d0 100644 --- a/src/feature/nodelist/dirlist.c +++ b/src/feature/nodelist/dirlist.c @@ -27,6 +27,7 @@ #include "core/or/or.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "core/or/policies.h" #include "feature/control/control_events.h" #include "feature/dirauth/authmode.h" @@ -357,6 +358,9 @@ trusted_dir_server_new(const char *nickname, const char *address, } if (!hostname) hostname = tor_dup_ip(a); + + if (!hostname) + return NULL; } else { if (tor_lookup_hostname(address, &a)) { log_warn(LD_CONFIG, diff --git a/src/feature/nodelist/fmt_routerstatus.c b/src/feature/nodelist/fmt_routerstatus.c index 0cf4a6eeab..ca4a312639 100644 --- a/src/feature/nodelist/fmt_routerstatus.c +++ b/src/feature/nodelist/fmt_routerstatus.c @@ -53,6 +53,10 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, char digest64[BASE64_DIGEST_LEN+1]; smartlist_t *chunks = smartlist_new(); + const char *ip_str = fmt_addr32(rs->addr); + if (ip_str[0] == '\0') + goto err; + format_iso_time(published, rs->published_on); digest_to_base64(identity64, rs->identity_digest); digest_to_base64(digest64, rs->descriptor_digest); @@ -64,7 +68,7 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, (format==NS_V3_CONSENSUS_MICRODESC)?"":digest64, (format==NS_V3_CONSENSUS_MICRODESC)?"":" ", published, - fmt_addr32(rs->addr), + ip_str, (int)rs->or_port, (int)rs->dir_port); diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index 5f868a9020..b83bd9b758 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -530,9 +530,9 @@ send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type, break; } else { answer_type = RESOLVED_TYPE_ERROR; - /* fall through. */ + /* We let this fall through and treat it as an error. */ } - /* Falls through. */ + FALLTHROUGH; case RESOLVED_TYPE_ERROR_TRANSIENT: case RESOLVED_TYPE_ERROR: { @@ -1591,12 +1591,17 @@ evdns_callback(int result, char type, int count, int ttl, void *addresses, } else if (type == DNS_IPv6_AAAA && count) { char answer_buf[TOR_ADDR_BUF_LEN]; char *escaped_address; + const char *ip_str; struct in6_addr *addrs = addresses; tor_addr_from_in6(&addr, &addrs[0]); - tor_inet_ntop(AF_INET6, &addrs[0], answer_buf, sizeof(answer_buf)); + ip_str = tor_inet_ntop(AF_INET6, &addrs[0], answer_buf, + sizeof(answer_buf)); escaped_address = esc_for_log(string_address); - if (answer_is_wildcarded(answer_buf)) { + if (BUG(ip_str == NULL)) { + log_warn(LD_EXIT, "tor_inet_ntop() failed!"); + result = DNS_ERR_NOTEXIST; + } else if (answer_is_wildcarded(answer_buf)) { log_debug(LD_EXIT, "eventdns said that %s resolves to ISP-hijacked " "address %s; treating as a failure.", safe_str(escaped_address), @@ -1863,6 +1868,7 @@ evdns_wildcard_check_callback(int result, char type, int count, int ttl, void *addresses, void *arg) { (void)ttl; + const char *ip_str; ++n_wildcard_requests; if (result == DNS_ERR_NONE && count) { char *string_address = arg; @@ -1872,16 +1878,22 @@ evdns_wildcard_check_callback(int result, char type, int count, int ttl, for (i = 0; i < count; ++i) { char answer_buf[INET_NTOA_BUF_LEN+1]; struct in_addr in; + int ntoa_res; in.s_addr = addrs[i]; - tor_inet_ntoa(&in, answer_buf, sizeof(answer_buf)); - wildcard_increment_answer(answer_buf); + ntoa_res = tor_inet_ntoa(&in, answer_buf, sizeof(answer_buf)); + tor_assert_nonfatal(ntoa_res >= 0); + if (ntoa_res > 0) + wildcard_increment_answer(answer_buf); } } else if (type == DNS_IPv6_AAAA) { const struct in6_addr *addrs = addresses; for (i = 0; i < count; ++i) { char answer_buf[TOR_ADDR_BUF_LEN+1]; - tor_inet_ntop(AF_INET6, &addrs[i], answer_buf, sizeof(answer_buf)); - wildcard_increment_answer(answer_buf); + ip_str = tor_inet_ntop(AF_INET6, &addrs[i], answer_buf, + sizeof(answer_buf)); + tor_assert_nonfatal(ip_str); + if (ip_str) + wildcard_increment_answer(answer_buf); } } diff --git a/src/feature/relay/include.am b/src/feature/relay/include.am index 654432c34b..84bb1ff35e 100644 --- a/src/feature/relay/include.am +++ b/src/feature/relay/include.am @@ -2,6 +2,7 @@ # Legacy shared relay code: migrate to the relay module over time LIBTOR_APP_A_SOURCES += \ src/feature/relay/onion_queue.c \ + src/feature/relay/relay_find_addr.c \ src/feature/relay/router.c # The Relay module. @@ -31,6 +32,7 @@ noinst_HEADERS += \ src/feature/relay/relay_handshake.h \ src/feature/relay/relay_periodic.h \ src/feature/relay/relay_sys.h \ + src/feature/relay/relay_find_addr.h \ src/feature/relay/router.h \ src/feature/relay/routerkeys.h \ src/feature/relay/routermode.h \ diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c new file mode 100644 index 0000000000..86cd799d42 --- /dev/null +++ b/src/feature/relay/relay_find_addr.c @@ -0,0 +1,133 @@ +/* Copyright (c) 2001-2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file relay_find_addr.c + * \brief Implement mechanism for a relay to find its address. + **/ + +#include "core/or/or.h" + +#include "app/config/config.h" +#include "app/config/resolve_addr.h" + +#include "core/mainloop/mainloop.h" + +#include "feature/control/control_events.h" +#include "feature/dircommon/dir_connection_st.h" +#include "feature/relay/relay_find_addr.h" +#include "feature/relay/router.h" +#include "feature/relay/routermode.h" + +/** The most recently guessed value of our IP address, based on directory + * headers. */ +static tor_addr_t last_guessed_ip = TOR_ADDR_NULL; + +/** We failed to resolve our address locally, but we'd like to build + * a descriptor and publish / test reachability. If we have a guess + * about our address based on directory headers, answer it and return + * 0; else return -1. */ +static int +router_guess_address_from_dir_headers(uint32_t *guess) +{ + if (!tor_addr_is_null(&last_guessed_ip)) { + *guess = tor_addr_to_ipv4h(&last_guessed_ip); + return 0; + } + return -1; +} + +/** A directory server <b>d_conn</b> told us our IP address is + * <b>suggestion</b>. + * If this address is different from the one we think we are now, and + * if our computer doesn't actually know its IP address, then switch. */ +void +router_new_address_suggestion(const char *suggestion, + const dir_connection_t *d_conn) +{ + tor_addr_t addr; + uint32_t cur = 0; /* Current IPv4 address. */ + const or_options_t *options = get_options(); + + /* first, learn what the IP address actually is */ + if (tor_addr_parse(&addr, suggestion) == -1) { + log_debug(LD_DIR, "Malformed X-Your-Address-Is header %s. Ignoring.", + escaped(suggestion)); + return; + } + + log_debug(LD_DIR, "Got X-Your-Address-Is: %s.", suggestion); + + if (!server_mode(options)) { + tor_addr_copy(&last_guessed_ip, &addr); + return; + } + + /* XXXX ipv6 */ + cur = get_last_resolved_addr(); + if (cur || + resolve_my_address(LOG_INFO, options, &cur, NULL, NULL) >= 0) { + /* We're all set -- we already know our address. Great. */ + tor_addr_from_ipv4h(&last_guessed_ip, cur); /* store it in case we + need it later */ + return; + } + if (tor_addr_is_internal(&addr, 0)) { + /* Don't believe anybody who says our IP is, say, 127.0.0.1. */ + return; + } + if (tor_addr_eq(&d_conn->base_.addr, &addr)) { + /* Don't believe anybody who says our IP is their IP. */ + log_debug(LD_DIR, "A directory server told us our IP address is %s, " + "but they are just reporting their own IP address. Ignoring.", + suggestion); + return; + } + + /* Okay. We can't resolve our own address, and X-Your-Address-Is is giving + * us an answer different from what we had the last time we managed to + * resolve it. */ + if (!tor_addr_eq(&last_guessed_ip, &addr)) { + control_event_server_status(LOG_NOTICE, + "EXTERNAL_ADDRESS ADDRESS=%s METHOD=DIRSERV", + suggestion); + log_addr_has_changed(LOG_NOTICE, &last_guessed_ip, &addr, + d_conn->base_.address); + ip_address_changed(0); + tor_addr_copy(&last_guessed_ip, &addr); /* router_rebuild_descriptor() + will fetch it */ + } +} + +/** Make a current best guess at our address, either because + * it's configured in torrc, or because we've learned it from + * dirserver headers. Place the answer in *<b>addr</b> and return + * 0 on success, else return -1 if we have no guess. + * + * If <b>cache_only</b> is true, just return any cached answers, and + * don't try to get any new answers. + */ +MOCK_IMPL(int, +router_pick_published_address, (const or_options_t *options, uint32_t *addr, + int cache_only)) +{ + /* First, check the cached output from resolve_my_address(). */ + *addr = get_last_resolved_addr(); + if (*addr) + return 0; + + /* Second, consider doing a resolve attempt right here. */ + if (!cache_only) { + if (resolve_my_address(LOG_INFO, options, addr, NULL, NULL) >= 0) { + log_info(LD_CONFIG,"Success: chose address '%s'.", fmt_addr32(*addr)); + return 0; + } + } + + /* Third, check the cached output from router_new_address_suggestion(). */ + if (router_guess_address_from_dir_headers(addr) >= 0) + return 0; + + /* We have no useful cached answers. Return failure. */ + return -1; +} diff --git a/src/feature/relay/relay_find_addr.h b/src/feature/relay/relay_find_addr.h new file mode 100644 index 0000000000..ac51a977e6 --- /dev/null +++ b/src/feature/relay/relay_find_addr.h @@ -0,0 +1,23 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file relay_find_addr.h + * \brief Header file for relay_find_addr.c. + **/ + +#ifndef TOR_RELAY_FIND_ADDR_H +#define TOR_RELAY_FIND_ADDR_H + +MOCK_DECL(int, router_pick_published_address, + (const or_options_t *options, uint32_t *addr, int cache_only)); + +void router_new_address_suggestion(const char *suggestion, + const dir_connection_t *d_conn); + +#ifdef RELAY_FIND_ADDR_PRIVATE + +#endif /* RELAY_FIND_ADDR_PRIVATE */ + +#endif /* TOR_RELAY_FIND_ADDR_H */ + diff --git a/src/feature/relay/relay_periodic.c b/src/feature/relay/relay_periodic.c index 2b6be1ce1d..6a92f49d2e 100644 --- a/src/feature/relay/relay_periodic.c +++ b/src/feature/relay/relay_periodic.c @@ -203,29 +203,34 @@ reachability_warnings_callback(time_t now, const or_options_t *options) const routerinfo_t *me = router_get_my_routerinfo(); if (me && !router_should_skip_orport_reachability_check(options)) { char *address = tor_dup_ip(me->addr); - log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that " - "its ORPort is reachable. Relays do not publish descriptors " - "until their ORPort and DirPort are reachable. Please check " - "your firewalls, ports, address, /etc/hosts file, etc.", - address, me->or_port); - control_event_server_status(LOG_WARN, - "REACHABILITY_FAILED ORADDRESS=%s:%d", - address, me->or_port); - tor_free(address); + if (address) { + log_warn(LD_CONFIG, + "Your server (%s:%d) has not managed to confirm that " + "its ORPort is reachable. Relays do not publish descriptors " + "until their ORPort and DirPort are reachable. Please check " + "your firewalls, ports, address, /etc/hosts file, etc.", + address, me->or_port); + control_event_server_status(LOG_WARN, + "REACHABILITY_FAILED ORADDRESS=%s:%d", + address, me->or_port); + tor_free(address); + } } if (me && !router_should_skip_dirport_reachability_check(options)) { char *address = tor_dup_ip(me->addr); - log_warn(LD_CONFIG, - "Your server (%s:%d) has not managed to confirm that its " - "DirPort is reachable. Relays do not publish descriptors " - "until their ORPort and DirPort are reachable. Please check " - "your firewalls, ports, address, /etc/hosts file, etc.", - address, me->dir_port); - control_event_server_status(LOG_WARN, - "REACHABILITY_FAILED DIRADDRESS=%s:%d", - address, me->dir_port); - tor_free(address); + if (address) { + log_warn(LD_CONFIG, + "Your server (%s:%d) has not managed to confirm that its " + "DirPort is reachable. Relays do not publish descriptors " + "until their ORPort and DirPort are reachable. Please check " + "your firewalls, ports, address, /etc/hosts file, etc.", + address, me->dir_port); + control_event_server_status(LOG_WARN, + "REACHABILITY_FAILED DIRADDRESS=%s:%d", + address, me->dir_port); + tor_free(address); + } } } diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index 85788c07ea..6914946729 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -8,6 +8,7 @@ #include "core/or/or.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "app/config/statefile.h" #include "app/main/main.h" #include "core/mainloop/connection.h" @@ -36,6 +37,7 @@ #include "feature/nodelist/torcert.h" #include "feature/relay/dns.h" #include "feature/relay/relay_config.h" +#include "feature/relay/relay_find_addr.h" #include "feature/relay/router.h" #include "feature/relay/routerkeys.h" #include "feature/relay/routermode.h" @@ -1778,41 +1780,6 @@ router_get_descriptor_gen_reason(void) return desc_gen_reason; } -static int router_guess_address_from_dir_headers(uint32_t *guess); - -/** Make a current best guess at our address, either because - * it's configured in torrc, or because we've learned it from - * dirserver headers. Place the answer in *<b>addr</b> and return - * 0 on success, else return -1 if we have no guess. - * - * If <b>cache_only</b> is true, just return any cached answers, and - * don't try to get any new answers. - */ -MOCK_IMPL(int, -router_pick_published_address,(const or_options_t *options, uint32_t *addr, - int cache_only)) -{ - /* First, check the cached output from resolve_my_address(). */ - *addr = get_last_resolved_addr(); - if (*addr) - return 0; - - /* Second, consider doing a resolve attempt right here. */ - if (!cache_only) { - if (resolve_my_address(LOG_INFO, options, addr, NULL, NULL) >= 0) { - log_info(LD_CONFIG,"Success: chose address '%s'.", fmt_addr32(*addr)); - return 0; - } - } - - /* Third, check the cached output from router_new_address_suggestion(). */ - if (router_guess_address_from_dir_headers(addr) >= 0) - return 0; - - /* We have no useful cached answers. Return failure. */ - return -1; -} - /* Like router_check_descriptor_address_consistency, but specifically for the * ORPort or DirPort. * listener_type is either CONN_TYPE_OR_LISTENER or CONN_TYPE_DIR_LISTENER. */ @@ -2538,7 +2505,7 @@ check_descriptor_bandwidth_changed(time_t now) /** Note at log level severity that our best guess of address has changed from * <b>prev</b> to <b>cur</b>. */ -static void +void log_addr_has_changed(int severity, const tor_addr_t *prev, const tor_addr_t *cur, @@ -2610,86 +2577,6 @@ check_descriptor_ipaddress_changed(time_t now) tor_free(hostname); } -/** The most recently guessed value of our IP address, based on directory - * headers. */ -static tor_addr_t last_guessed_ip = TOR_ADDR_NULL; - -/** A directory server <b>d_conn</b> told us our IP address is - * <b>suggestion</b>. - * If this address is different from the one we think we are now, and - * if our computer doesn't actually know its IP address, then switch. */ -void -router_new_address_suggestion(const char *suggestion, - const dir_connection_t *d_conn) -{ - tor_addr_t addr; - uint32_t cur = 0; /* Current IPv4 address. */ - const or_options_t *options = get_options(); - - /* first, learn what the IP address actually is */ - if (tor_addr_parse(&addr, suggestion) == -1) { - log_debug(LD_DIR, "Malformed X-Your-Address-Is header %s. Ignoring.", - escaped(suggestion)); - return; - } - - log_debug(LD_DIR, "Got X-Your-Address-Is: %s.", suggestion); - - if (!server_mode(options)) { - tor_addr_copy(&last_guessed_ip, &addr); - return; - } - - /* XXXX ipv6 */ - cur = get_last_resolved_addr(); - if (cur || - resolve_my_address(LOG_INFO, options, &cur, NULL, NULL) >= 0) { - /* We're all set -- we already know our address. Great. */ - tor_addr_from_ipv4h(&last_guessed_ip, cur); /* store it in case we - need it later */ - return; - } - if (tor_addr_is_internal(&addr, 0)) { - /* Don't believe anybody who says our IP is, say, 127.0.0.1. */ - return; - } - if (tor_addr_eq(&d_conn->base_.addr, &addr)) { - /* Don't believe anybody who says our IP is their IP. */ - log_debug(LD_DIR, "A directory server told us our IP address is %s, " - "but they are just reporting their own IP address. Ignoring.", - suggestion); - return; - } - - /* Okay. We can't resolve our own address, and X-Your-Address-Is is giving - * us an answer different from what we had the last time we managed to - * resolve it. */ - if (!tor_addr_eq(&last_guessed_ip, &addr)) { - control_event_server_status(LOG_NOTICE, - "EXTERNAL_ADDRESS ADDRESS=%s METHOD=DIRSERV", - suggestion); - log_addr_has_changed(LOG_NOTICE, &last_guessed_ip, &addr, - d_conn->base_.address); - ip_address_changed(0); - tor_addr_copy(&last_guessed_ip, &addr); /* router_rebuild_descriptor() - will fetch it */ - } -} - -/** We failed to resolve our address locally, but we'd like to build - * a descriptor and publish / test reachability. If we have a guess - * about our address based on directory headers, answer it and return - * 0; else return -1. */ -static int -router_guess_address_from_dir_headers(uint32_t *guess) -{ - if (!tor_addr_is_null(&last_guessed_ip)) { - *guess = tor_addr_to_ipv4h(&last_guessed_ip); - return 0; - } - return -1; -} - /** Set <b>platform</b> (max length <b>len</b>) to a NUL-terminated short * string describing the version of Tor and the operating system we're * currently running on. @@ -2912,6 +2799,9 @@ router_dump_router_to_string(routerinfo_t *router, } address = tor_dup_ip(router->addr); + if (!address) + goto err; + chunks = smartlist_new(); /* Generate the easy portion of the router descriptor. */ diff --git a/src/feature/relay/router.h b/src/feature/relay/router.h index 39c550dd25..50790a73dd 100644 --- a/src/feature/relay/router.h +++ b/src/feature/relay/router.h @@ -87,8 +87,6 @@ void mark_my_descriptor_dirty(const char *reason); void check_descriptor_bandwidth_changed(time_t now); void check_descriptor_ipaddress_changed(time_t now); int router_has_bandwidth_to_be_dirserver(const or_options_t *options); -void router_new_address_suggestion(const char *suggestion, - const dir_connection_t *d_conn); int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port); MOCK_DECL(int, router_my_exit_policy_is_reject_star,(void)); MOCK_DECL(const routerinfo_t *, router_get_my_routerinfo, (void)); @@ -100,9 +98,6 @@ int router_digest_is_me(const char *digest); const uint8_t *router_get_my_id_digest(void); int router_extrainfo_digest_is_me(const char *digest); int router_is_me(const routerinfo_t *router); -MOCK_DECL(int,router_pick_published_address,(const or_options_t *options, - uint32_t *addr, - int cache_only)); int router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e); int router_rebuild_descriptor(int force); char *router_dump_router_to_string(routerinfo_t *router, @@ -120,6 +115,9 @@ int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo, const char *routerinfo_err_to_string(int err); int routerinfo_err_is_transient(int err); +void log_addr_has_changed(int severity, const tor_addr_t *prev, + const tor_addr_t *cur, const char *source); + void router_reset_warnings(void); void router_free_all(void); diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c index ae5633bfbb..2b0fc951b7 100644 --- a/src/feature/relay/selftest.c +++ b/src/feature/relay/selftest.c @@ -303,6 +303,7 @@ inform_testing_reachability(void) const routerinfo_t *me = router_get_my_routerinfo(); if (!me) return 0; + /* IPv4 ORPort */ strlcpy(ipv4_or_buf, fmt_addr32_port(me->addr, me->or_port), sizeof(ipv4_or_buf)); @@ -348,6 +349,10 @@ router_orport_found_reachable(void) const or_options_t *options = get_options(); if (!can_reach_or_port && me) { char *address = tor_dup_ip(me->addr); + + if (!address) + return; + log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from " "the outside. Excellent.%s", options->PublishServerDescriptor_ != NO_DIRINFO @@ -376,6 +381,10 @@ router_dirport_found_reachable(void) const or_options_t *options = get_options(); if (!can_reach_dir_port && me) { char *address = tor_dup_ip(me->addr); + + if (!address) + return; + log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable " "from the outside. Excellent.%s", options->PublishServerDescriptor_ != NO_DIRINFO diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index cc55065fdd..09db7045fa 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -831,7 +831,7 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro, log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.", failure_type); tor_fragile_assert(); - /* fall through */ + FALLTHROUGH; case INTRO_POINT_FAILURE_GENERIC: rend_cache_intro_failure_note(failure_type, (uint8_t *)failed_intro->identity_digest, diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c index 10a3403166..a88c2080fd 100644 --- a/src/feature/rend/rendservice.c +++ b/src/feature/rend/rendservice.c @@ -3715,20 +3715,23 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, base32_encode(desc_id_base32, sizeof(desc_id_base32), desc->desc_id, DIGEST_LEN); hs_dir_ip = tor_dup_ip(hs_dir->addr); - log_info(LD_REND, "Launching upload for v2 descriptor for " - "service '%s' with descriptor ID '%s' with validity " - "of %d seconds to hidden service directory '%s' on " - "%s:%d.", - safe_str_client(service_id), - safe_str_client(desc_id_base32), - seconds_valid, - hs_dir->nickname, - hs_dir_ip, - hs_dir->or_port); + if (hs_dir_ip) { + log_info(LD_REND, "Launching upload for v2 descriptor for " + "service '%s' with descriptor ID '%s' with validity " + "of %d seconds to hidden service directory '%s' on " + "%s:%d.", + safe_str_client(service_id), + safe_str_client(desc_id_base32), + seconds_valid, + hs_dir->nickname, + hs_dir_ip, + hs_dir->or_port); + tor_free(hs_dir_ip); + } + control_event_hs_descriptor_upload(service_id, hs_dir->identity_digest, desc_id_base32, NULL); - tor_free(hs_dir_ip); /* Remember successful upload to this router for next time. */ if (!smartlist_contains_digest(successful_uploads, hs_dir->identity_digest)) @@ -4351,17 +4354,16 @@ rend_consider_descriptor_republication(void) void rend_service_dump_stats(int severity) { - int i,j; rend_service_t *service; rend_intro_point_t *intro; const char *safe_name; origin_circuit_t *circ; - for (i=0; i < smartlist_len(rend_service_list); ++i) { + for (int i = 0; i < smartlist_len(rend_service_list); ++i) { service = smartlist_get(rend_service_list, i); tor_log(severity, LD_GENERAL, "Service configured in %s:", rend_service_escaped_dir(service)); - for (j=0; j < smartlist_len(service->intro_nodes); ++j) { + for (int j = 0; j < smartlist_len(service->intro_nodes); ++j) { intro = smartlist_get(service->intro_nodes, j); safe_name = safe_str_client(intro->extend_info->nickname); diff --git a/src/lib/cc/compat_compiler.h b/src/lib/cc/compat_compiler.h index e4b0ea61ca..96aa912652 100644 --- a/src/lib/cc/compat_compiler.h +++ b/src/lib/cc/compat_compiler.h @@ -50,6 +50,12 @@ #define CHECK_SCANF(formatIdx, firstArg) #endif /* defined(__GNUC__) */ +#if defined(HAVE_ATTR_FALLTHROUGH) +#define FALLTHROUGH __attribute__((fallthrough)) +#else +#define FALLTHROUGH +#endif + /* What GCC do we have? */ #ifdef __GNUC__ #define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__) diff --git a/src/lib/conf/confdecl.h b/src/lib/conf/confdecl.h index f7e79bb2b1..c2d3fb335d 100644 --- a/src/lib/conf/confdecl.h +++ b/src/lib/conf/confdecl.h @@ -136,11 +136,11 @@ }, /**@}*/ -/* @defgroup STUB_TABLE_MACROS Internal macros: stub table declarations, +/** @defgroup STUB_TABLE_MACROS Internal macros: stub table declarations, * for use when a module is disabled. * Implementation helpers: the regular confdecl macros expand to these * when CONF_CONTEXT is defined to LL_TABLE. Don't use them directly. - * @{*/ + * @{ */ #define BEGIN_CONF_STRUCT__STUB_TABLE(structname) \ static const config_var_t structname##_vars[] = { #define END_CONF_STRUCT__STUB_TABLE(structname) \ @@ -166,7 +166,7 @@ * when the macro sees us declare a configuration option "foo" of type STRING, * it can emit `config_decl_STRING foo;`, which is an alias for `char *foo`. */ -/**{*/ +/**@{*/ typedef char *config_decl_STRING; typedef char *config_decl_FILENAME; /* Yes, "POSINT" is really an int, and not an unsigned int. For diff --git a/src/lib/container/smartlist.c b/src/lib/container/smartlist.c index eeb3bce95c..7784f83957 100644 --- a/src/lib/container/smartlist.c +++ b/src/lib/container/smartlist.c @@ -652,7 +652,7 @@ smartlist_sort_pointers(smartlist_t *sl) #define LEFT_CHILD(i) ( 2*(i) + 1 ) #define RIGHT_CHILD(i) ( 2*(i) + 2 ) #define PARENT(i) ( ((i)-1) / 2 ) -/** }@ */ +/** @} */ /** @{ */ /** Helper macros for heaps: Given a local variable <b>idx_field_offset</b> diff --git a/src/lib/crypt_ops/certs.md b/src/lib/crypt_ops/certs.md index 2768548b2a..f3bd8c2c96 100644 --- a/src/lib/crypt_ops/certs.md +++ b/src/lib/crypt_ops/certs.md @@ -1,5 +1,5 @@ -@page certificates Certificates in Tor. +@page certificates Certificates in Tor We have, alas, several certificate types in Tor. @@ -27,4 +27,3 @@ their associated keys. documents that include keys and which are signed by keys. You can consider these documents to be an additional kind of certificate if you want.) - diff --git a/src/lib/crypt_ops/crypto_digest_nss.c b/src/lib/crypt_ops/crypto_digest_nss.c index 7e7464273e..92c20fe9e8 100644 --- a/src/lib/crypt_ops/crypto_digest_nss.c +++ b/src/lib/crypt_ops/crypto_digest_nss.c @@ -37,8 +37,8 @@ digest_alg_to_nss_oid(digest_algorithm_t alg) case DIGEST_SHA1: return SEC_OID_SHA1; case DIGEST_SHA256: return SEC_OID_SHA256; case DIGEST_SHA512: return SEC_OID_SHA512; - case DIGEST_SHA3_256: /* Fall through */ - case DIGEST_SHA3_512: /* Fall through */ + case DIGEST_SHA3_256: FALLTHROUGH; + case DIGEST_SHA3_512: FALLTHROUGH; default: return SEC_OID_UNKNOWN; } @@ -89,12 +89,12 @@ static bool library_supports_digest(digest_algorithm_t alg) { switch (alg) { - case DIGEST_SHA1: /* Fall through */ - case DIGEST_SHA256: /* Fall through */ - case DIGEST_SHA512: /* Fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; + case DIGEST_SHA512: return true; - case DIGEST_SHA3_256: /* Fall through */ - case DIGEST_SHA3_512: /* Fall through */ + case DIGEST_SHA3_256: FALLTHROUGH; + case DIGEST_SHA3_512: FALLTHROUGH; default: return false; } @@ -201,8 +201,8 @@ crypto_digest_alloc_bytes(digest_algorithm_t alg) #define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \ STRUCT_FIELD_SIZE(crypto_digest_t, f)) switch (alg) { - case DIGEST_SHA1: /* Fall through */ - case DIGEST_SHA256: /* Fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; case DIGEST_SHA512: return END_OF_FIELD(d.ctx); case DIGEST_SHA3_256: @@ -228,8 +228,8 @@ crypto_digest_new_internal(digest_algorithm_t algorithm) switch (algorithm) { - case DIGEST_SHA1: /* fall through */ - case DIGEST_SHA256: /* fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; case DIGEST_SHA512: r->d.ctx = PK11_CreateDigestContext(digest_alg_to_nss_oid(algorithm)); if (BUG(!r->d.ctx)) { @@ -316,8 +316,8 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, * just doing it ourselves. Hashes are fast. */ switch (digest->algorithm) { - case DIGEST_SHA1: /* fall through */ - case DIGEST_SHA256: /* fall through */ + case DIGEST_SHA1: FALLTHROUGH; + case DIGEST_SHA256: FALLTHROUGH; case DIGEST_SHA512: tor_assert(len <= UINT_MAX); SECStatus s = PK11_DigestOp(digest->d.ctx, @@ -325,7 +325,7 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, (unsigned int)len); tor_assert(s == SECSuccess); break; - case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len); break; diff --git a/src/lib/crypt_ops/crypto_digest_openssl.c b/src/lib/crypt_ops/crypto_digest_openssl.c index bc076df619..11189c7fb2 100644 --- a/src/lib/crypt_ops/crypto_digest_openssl.c +++ b/src/lib/crypt_ops/crypto_digest_openssl.c @@ -160,11 +160,11 @@ crypto_digest_alloc_bytes(digest_algorithm_t alg) case DIGEST_SHA512: return END_OF_FIELD(d.sha512); #ifdef OPENSSL_HAS_SHA3 - case DIGEST_SHA3_256: /* Fall through */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: return END_OF_FIELD(d.md); #else - case DIGEST_SHA3_256: /* Fall through */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: return END_OF_FIELD(d.sha3); #endif /* defined(OPENSSL_HAS_SHA3) */ @@ -304,14 +304,14 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, SHA512_Update(&digest->d.sha512, (void*)data, len); break; #ifdef OPENSSL_HAS_SHA3 - case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: { int r = EVP_DigestUpdate(digest->d.md, data, len); tor_assert(r); } break; #else /* !defined(OPENSSL_HAS_SHA3) */ - case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len); break; @@ -377,7 +377,7 @@ crypto_digest_get_digest(crypto_digest_t *digest, SHA512_Final(r, &tmpenv.d.sha512); break; //LCOV_EXCL_START - case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: FALLTHROUGH; case DIGEST_SHA3_512: default: log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm); diff --git a/src/lib/encoding/confline.c b/src/lib/encoding/confline.c index eb1a4e30f0..613e4a00c6 100644 --- a/src/lib/encoding/confline.c +++ b/src/lib/encoding/confline.c @@ -151,6 +151,8 @@ config_get_lines_aux(const char *string, config_line_t **result, int extended, if (allow_include && !strcmp(k, "%include") && handle_include) { tor_free(k); include_used = 1; + log_notice(LD_CONFIG, "Processing configuration path \"%s\" at " + "recursion level %d.", v, recursion_level); config_line_t *include_list; if (handle_include(v, recursion_level, extended, &include_list, @@ -161,9 +163,6 @@ config_get_lines_aux(const char *string, config_line_t **result, int extended, tor_free(v); return -1; } - log_notice(LD_CONFIG, "Included configuration file or " - "directory at recursion level %d: \"%s\".", - recursion_level, v); *next = include_list; if (list_last) next = &list_last->next; diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c index 392b2f4541..9583093c12 100644 --- a/src/lib/fs/conffile.c +++ b/src/lib/fs/conffile.c @@ -152,6 +152,7 @@ config_process_include(const char *path, int recursion_level, int extended, int rv = -1; SMARTLIST_FOREACH_BEGIN(config_files, const char *, config_file) { + log_notice(LD_CONFIG, "Including configuration file \"%s\".", config_file); config_line_t *included_config = NULL; config_line_t *included_config_last = NULL; if (config_get_included_config(config_file, recursion_level, extended, diff --git a/src/lib/net/address.c b/src/lib/net/address.c index 76c7aadd22..b51fc7cb13 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -949,6 +949,7 @@ tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src) break; case AF_INET6: memcpy(dest->addr.in6_addr.s6_addr, src->addr.in6_addr.s6_addr, 16); + break; case AF_UNSPEC: break; // LCOV_EXCL_START @@ -1195,14 +1196,24 @@ fmt_addrport(const tor_addr_t *addr, uint16_t port) /** Like fmt_addr(), but takes <b>addr</b> as a host-order IPv4 * addresses. Also not thread-safe, also clobbers its return buffer on - * repeated calls. */ + * repeated calls. Clean internal buffer and return empty string on failure. */ const char * fmt_addr32(uint32_t addr) { static char buf[INET_NTOA_BUF_LEN]; struct in_addr in; + int success; + in.s_addr = htonl(addr); - tor_inet_ntoa(&in, buf, sizeof(buf)); + + success = tor_inet_ntoa(&in, buf, sizeof(buf)); + tor_assertf_nonfatal(success >= 0, + "Failed to convert IP 0x%08X (HBO) to string", addr); + + IF_BUG_ONCE(success < 0) { + memset(buf, 0, INET_NTOA_BUF_LEN); + } + return buf; } @@ -1715,11 +1726,15 @@ get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr)) * Ideally, we want the default route, see #12377 for details */ SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) { tor_addr_copy(addr, a); + const bool is_internal = tor_addr_is_internal(a, 0); rv = 0; + log_debug(LD_NET, "Found %s interface address '%s'", + (is_internal ? "internal" : "external"), fmt_addr(addr)); + /* If we found a non-internal address, declare success. Otherwise, * keep looking. */ - if (!tor_addr_is_internal(a, 0)) + if (!is_internal) break; } SMARTLIST_FOREACH_END(a); @@ -2016,17 +2031,24 @@ parse_port_range(const char *port, uint16_t *port_min_out, } /** Given a host-order <b>addr</b>, call tor_inet_ntop() on it - * and return a strdup of the resulting address. + * and return a strdup of the resulting address. Return NULL if + * tor_inet_ntop() fails. */ char * tor_dup_ip(uint32_t addr) { + const char *ip_str; char buf[TOR_ADDR_BUF_LEN]; struct in_addr in; in.s_addr = htonl(addr); - tor_inet_ntop(AF_INET, &in, buf, sizeof(buf)); - return tor_strdup(buf); + ip_str = tor_inet_ntop(AF_INET, &in, buf, sizeof(buf)); + + tor_assertf_nonfatal(ip_str, "Failed to duplicate IP %08X", addr); + if (ip_str) + return tor_strdup(buf); + + return NULL; } /** diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 626a4dc5a5..b917912f4d 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -266,6 +266,11 @@ static int filter_nopar_gen[] = { SCMP_SYS(listen), SCMP_SYS(connect), SCMP_SYS(getsockname), +#ifdef ENABLE_NSS +#ifdef __NR_getpeername + SCMP_SYS(getpeername), +#endif +#endif SCMP_SYS(recvmsg), SCMP_SYS(recvfrom), SCMP_SYS(sendto), @@ -649,6 +654,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } } +#ifdef ENABLE_NSS + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), + SCMP_CMP(0, SCMP_CMP_EQ, PF_INET), + SCMP_CMP(1, SCMP_CMP_EQ, SOCK_STREAM), + SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP)); + if (rc) + return rc; +#endif + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), diff --git a/src/lib/string/compat_ctype.c b/src/lib/string/compat_ctype.c index 2357605021..a7668bfbfb 100644 --- a/src/lib/string/compat_ctype.c +++ b/src/lib/string/compat_ctype.c @@ -29,6 +29,7 @@ const uint32_t TOR_ISPRINT_TABLE[8] = { 0, 0xffffffff, 0xffffffff, 0x7fffffff, 0, 0, 0, 0x0 }; const uint32_t TOR_ISUPPER_TABLE[8] = { 0, 0, 0x7fffffe, 0, 0, 0, 0, 0 }; const uint32_t TOR_ISLOWER_TABLE[8] = { 0, 0, 0, 0x7fffffe, 0, 0, 0, 0 }; +/**@}*/ /** Upper-casing and lowercasing tables to map characters to upper/lowercase * equivalents. Used by tor_toupper() and tor_tolower(). */ diff --git a/src/lib/wallclock/time_to_tm.c b/src/lib/wallclock/time_to_tm.c index dcd3c59c53..8c747b4c7b 100644 --- a/src/lib/wallclock/time_to_tm.c +++ b/src/lib/wallclock/time_to_tm.c @@ -198,3 +198,4 @@ tor_gmtime_r_msg(const time_t *timep, struct tm *result, char **err_out) return correct_tm(0, timep, result, r, err_out); } #endif /* defined(HAVE_GMTIME_R) || ... */ +/**@}*/ diff --git a/src/mainpage.md b/src/mainpage.md index 8a73578819..2c4c494354 100644 --- a/src/mainpage.md +++ b/src/mainpage.md @@ -4,6 +4,9 @@ @section welcome Welcome to Tor +(For an up-to-date rendered copy of this documentation, see +https://src-ref.docs.torproject.org/tor/index.html .) + This documentation describes the general structure of the Tor codebase, how it fits together, what functionality is available for extending Tor, and gives some notes on how Tor got that way. It also includes a reference for diff --git a/src/test/conf_examples/empty_3/expected_log b/src/test/conf_examples/empty_3/expected_log index a42514f37f..e3f2365893 100644 --- a/src/test/conf_examples/empty_3/expected_log +++ b/src/test/conf_examples/empty_3/expected_log @@ -1 +1 @@ -Included configuration .*directory at recursion level 1.*included +Processing configuration path \".*included\" at recursion level 1\. diff --git a/src/test/conf_examples/include_1/expected_log b/src/test/conf_examples/include_1/expected_log index f95cad040d..0791a494d2 100644 --- a/src/test/conf_examples/include_1/expected_log +++ b/src/test/conf_examples/include_1/expected_log @@ -1 +1 @@ -Included configuration file .*at recursion level 2.*nested\.inc +Processing configuration path \".*nested\.inc\" at recursion level 2\. diff --git a/src/test/conf_examples/include_bug_31408/expected_log b/src/test/conf_examples/include_bug_31408/expected_log index a42514f37f..e3f2365893 100644 --- a/src/test/conf_examples/include_bug_31408/expected_log +++ b/src/test/conf_examples/include_bug_31408/expected_log @@ -1 +1 @@ -Included configuration .*directory at recursion level 1.*included +Processing configuration path \".*included\" at recursion level 1\. diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c index 94ce56f2be..f4f5cb447e 100644 --- a/src/test/test_channeltls.c +++ b/src/test/test_channeltls.c @@ -14,6 +14,7 @@ #include "core/mainloop/connection.h" #include "core/or/connection_or.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" /* For init/free stuff */ #include "core/or/scheduler.h" #include "lib/tls/tortls.h" diff --git a/src/test/test_config.c b/src/test/test_config.c index 9ccdbc72c0..095eb24c49 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -18,6 +18,7 @@ #include "core/or/circuitmux_ewma.h" #include "core/or/circuitbuild.h" #include "app/config/config.h" +#include "app/config/resolve_addr.h" #include "feature/relay/relay_config.h" #include "feature/relay/transport_config.h" #include "lib/confmgt/confmgt.h" @@ -42,6 +43,7 @@ #include "core/or/policies.h" #include "feature/rend/rendclient.h" #include "feature/rend/rendservice.h" +#include "feature/relay/relay_find_addr.h" #include "feature/relay/router.h" #include "feature/relay/routermode.h" #include "feature/nodelist/dirlist.h" diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 40fb0481c6..4a465c7361 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -815,7 +815,7 @@ test_socks_truncated(void *ptr) for (i = 0; i < ARRAY_LENGTH(commands); ++i) { for (j = 0; j < commands[i].len; ++j) { switch (commands[i].setup) { - default: /* Falls through */ + default: FALLTHROUGH; case NONE: /* This test calls for no setup on the socks state. */ break; diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 3c8f91d53b..3c7b2ab5fc 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -217,7 +217,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.4.4.0-alpha-dev" +#define VERSION "0.4.5.0-alpha-dev" #define HAVE_STRUCT_SOCKADDR_IN6 #define HAVE_STRUCT_IN6_ADDR |