diff options
41 files changed, 582 insertions, 83 deletions
diff --git a/Makefile.am b/Makefile.am index f105464b71..67c9cc9d25 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,6 +19,7 @@ noinst_PROGRAMS= DISTCLEANFILES= bin_SCRIPTS= AM_CPPFLAGS= +AM_CFLAGS = @TOR_SYSTEMD_CFLAGS@ include src/include.am include doc/include.am include contrib/include.am diff --git a/changes/bug13111-generate-keys-on-empty-file b/changes/bug13111-generate-keys-on-empty-file new file mode 100644 index 0000000000..20c10c7443 --- /dev/null +++ b/changes/bug13111-generate-keys-on-empty-file @@ -0,0 +1,23 @@ + o Minor bugfixes (file handling): + - Stop failing when key files are zero-length. Instead, generate new + keys, and overwrite the empty key files. + Fixes bug 13111. Patch by "teor". + - Stop generating a fresh .old RSA key file when the .old file is missing. + - Avoid overwriting .old key files with empty key files. + - Stop crashing when a NULL filename is passed to file_status(). + Fixed as part of bug 13111. Patches by "teor". + + o Minor enhancements (file handling): + - Skip loading zero-length extra info store, router store, stats, state, + and key files. + - Return FN_ERROR when a zero-length filename is passed to file_status(). + Fixed as part of bug 13111. Patches by "teor". + + o Minor enhancements (testing): + - Test that tor does not fail when key files are zero-length. + Check that tor generates new keys, and overwrites the empty key files. + - Test that tor generates new keys when keys are missing (existing + behaviour). + - Test that tor does not overwrite key files that already contain data + (existing behaviour). + Tests bug 13111. Patch by "teor". diff --git a/changes/bug13401 b/changes/bug13401 new file mode 100644 index 0000000000..e2834a09d3 --- /dev/null +++ b/changes/bug13401 @@ -0,0 +1,7 @@ + o Minor features (testing networks): + - Drop the minimum RendPostPeriod on a testing network to 5 seconds, + and the default to 2 minutes. Closes ticket 13401. Patch by "nickm". + - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, + but keep the default at 30 seconds. This reduces HS bootstrap time to + around 25 seconds. Change src/test/test-network.sh default time to match. + Closes ticket 13401. Patch by "teor". diff --git a/changes/bug13805 b/changes/bug13805 new file mode 100644 index 0000000000..321cd58958 --- /dev/null +++ b/changes/bug13805 @@ -0,0 +1,3 @@ + o Minor features (systemd): + - Various improvements and modernizations in systemd hardening support. + Closes ticket 13805. Patch from Craig Andrews. diff --git a/changes/bug13806 b/changes/bug13806 new file mode 100644 index 0000000000..0a6b268c02 --- /dev/null +++ b/changes/bug13806 @@ -0,0 +1,8 @@ + o Minor features (DOS resistance): + - Count the total number of bytes used storing hidden service descriptors + against the value of MaxMemInQueues. If we're low on memory, and more + than 20% of our memory is used holding hidden service descriptors, free + them until no more than 10% of our memory holds hidden service + descriptors. Free the least recently fetched descriptors first. + Resolves ticket 13806. + diff --git a/changes/bug14001-clang-warning b/changes/bug14001-clang-warning new file mode 100644 index 0000000000..b932af6ab7 --- /dev/null +++ b/changes/bug14001-clang-warning @@ -0,0 +1,6 @@ + o Minor bugfixes: + - The address of an array in the middle of a structure will + always be non-NULL. clang recognises this and complains. + Disable the tautologous and redundant check to silence + this warning. + Fixes bug 14001. diff --git a/changes/bug14067-TestingDirAuthVoteHSDir b/changes/bug14067-TestingDirAuthVoteHSDir new file mode 100644 index 0000000000..52d2bee5e6 --- /dev/null +++ b/changes/bug14067-TestingDirAuthVoteHSDir @@ -0,0 +1,6 @@ + o Minor features (authorities, testing): + - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard. + Ensures that authorities vote the HSDir flag for the listed + relays regardless of uptime or ORPort connectivity. + Respects the value of VoteOnHidServDirectoriesV2. + Partial fix for bug 14067. Patch by "teor". diff --git a/changes/bug14129 b/changes/bug14129 new file mode 100644 index 0000000000..6153cd84fd --- /dev/null +++ b/changes/bug14129 @@ -0,0 +1,7 @@ + o Major bugfixes (exit node stability): + + - Fix an assertion failure that could occur under high DNS load. Fixes + bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed + by "cypherpunks". + + diff --git a/changes/bug14141 b/changes/bug14141 new file mode 100644 index 0000000000..75cdcd5f3a --- /dev/null +++ b/changes/bug14141 @@ -0,0 +1,11 @@ + o Minor bugfixes (systemd support): + - Fix detection and operation of systemd watchdog. Fixes part of + bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz. + + - Run correctly under systemd with the RunAsDaemon option set. + Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz + Torcz. + + o Minor featurs (systemd support): + - Inform the systemd supervisor about more changes in the Tor process + status. Implements part of ticket 14141. Patch from Tomasz Torcz.
\ No newline at end of file diff --git a/changes/bug14142-parse-virtual-addr b/changes/bug14142-parse-virtual-addr new file mode 100644 index 0000000000..f78b7c7d81 --- /dev/null +++ b/changes/bug14142-parse-virtual-addr @@ -0,0 +1,7 @@ + o Minor bugfixes (client): + - Check for a missing option value in parse_virtual_addr_network + before asserting on the NULL in tor_addr_parse_mask_ports. + This avoids crashing on torrc lines like + Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option. + Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142. + Patch by "teor". diff --git a/changes/ticket14128 b/changes/ticket14128 new file mode 100644 index 0000000000..38b25fa7dc --- /dev/null +++ b/changes/ticket14128 @@ -0,0 +1,5 @@ + o Minor features (controller): + - New "GETINFO bw-event-cache" to get information about recent bandwidth + events. Closes ticket 14128. Useful for controllers to get recent + bandwidth history after the fix for 13988. + diff --git a/configure.ac b/configure.ac index 2c92a6c409..c254725c60 100644 --- a/configure.ac +++ b/configure.ac @@ -126,13 +126,23 @@ else [libsystemd-daemon], have_systemd=yes, have_systemd=no) + if test x$have_systemd=xno; then + AC_MSG_NOTICE([Okay, checking for systemd a different way...]) + PKG_CHECK_MODULES(SYSTEMD, + [libsystemd], + have_systemd=yes, + have_systemd=no) + fi fi if test x$have_systemd = xyes; then AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd]) - CFLAGS="${CFLAGS} ${SYSTEMD_CFLAGS}" + TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}" TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}" + PKG_CHECK_MODULES(SYSTEMD209, [systemd >= 209], + [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], []) fi +AC_SUBST(TOR_SYSTEMD_CFLAGS) AC_SUBST(TOR_SYSTEMD_LIBS) if test x$enable_systemd = xyes -a x$have_systemd != xyes ; then @@ -154,10 +164,6 @@ cpu workers lock up here, so I will disable threads.]) esac fi -ifdef([HAVE_SYSTEMD], [ -AC_SEARCH_LIBS([sd_watchdog_enabled], [systemd-daemon], - [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], []) -]) case $host in *-*-solaris* ) @@ -1543,7 +1549,7 @@ fi if test "$GCC" = yes; then # Disable GCC's strict aliasing checks. They are an hours-to-debug # accident waiting to happen. - CFLAGS="$CFLAGS -Wall -fno-strict-aliasing -g -O2" + CFLAGS="$CFLAGS -Wall -fno-strict-aliasing" else # Override optimization level for non-gcc compilers CFLAGS="$CFLAGS -O" diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in index 57409a7b0a..c251158d9a 100644 --- a/contrib/dist/tor.service.in +++ b/contrib/dist/tor.service.in @@ -3,27 +3,27 @@ Description = Anonymizing overlay network for TCP After = syslog.target network.target nss-lookup.target [Service] -Type = simple +Type = notify +NotifyAccess = all ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config -# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type; -# let's explicitly override it. -ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0 +ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc ExecReload = /bin/kill -HUP ${MAINPID} KillSignal = SIGINT TimeoutSec = 30 Restart = on-failure +WatchdogSec = 1m LimitNOFILE = 32768 # Hardening PrivateTmp = yes -DeviceAllow = /dev/null rw -DeviceAllow = /dev/urandom r -InaccessibleDirectories = /home +PrivateDevices = yes +ProtectHome = yes +ProtectSystem = full ReadOnlyDirectories = / -ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor -ReadWriteDirectories = @LOCALSTATEDIR@/log/tor -ReadWriteDirectories = @LOCALSTATEDIR@/run/tor +ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor +ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor NoNewPrivileges = yes +CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE [Install] WantedBy = multi-user.target diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 7f280d105c..a6f3b6dad4 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2254,6 +2254,15 @@ The following options are used for running a testing Tor network. In order for this option to have any effect, **TestingTorNetwork** has to be set. +[[TestingDirAuthVoteHSDir]] **TestingDirAuthVoteHSDir** __node__,__node__,__...__:: + A list of identity fingerprints and country codes and + address patterns of nodes to vote HSDir for regardless of their + uptime and ORPort connectivity. See the **ExcludeNodes** option for more + information on how to specify nodes. + + + In order for this option to have any effect, **TestingTorNetwork** + and **VoteOnHidServDirectoriesV2** both have to be set. + [[TestingEnableConnBwEvent]] **TestingEnableConnBwEvent** **0**|**1**:: If this option is set, then Tor controllers may register for CONN_BW events. Changing this requires that **TestingTorNetwork** is set. diff --git a/src/common/compat.c b/src/common/compat.c index 11e2545709..6d36321193 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -823,6 +823,7 @@ replace_file(const char *from, const char *to) case FN_NOENT: break; case FN_FILE: + case FN_EMPTY: if (unlink(to)) return -1; break; case FN_ERROR: diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h index 69259e7ed6..6bbfae0056 100644 --- a/src/common/compat_libevent.h +++ b/src/common/compat_libevent.h @@ -5,6 +5,7 @@ #define TOR_COMPAT_LIBEVENT_H #include "orconfig.h" +#include "testsupport.h" struct event; struct event_base; diff --git a/src/common/tortls.c b/src/common/tortls.c index dd33b330dc..ca629135a6 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -29,6 +29,20 @@ #include <ws2tcpip.h> #endif #endif + +#ifdef __GNUC__ +#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__) +#endif + +#if __GNUC__ && GCC_VERSION >= 402 +#if GCC_VERSION >= 406 +#pragma GCC diagnostic push +#endif +/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in + * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */ +#pragma GCC diagnostic ignored "-Wredundant-decls" +#endif + #include <openssl/ssl.h> #include <openssl/ssl3.h> #include <openssl/err.h> @@ -37,6 +51,14 @@ #include <openssl/bio.h> #include <openssl/opensslv.h> +#if __GNUC__ && GCC_VERSION >= 402 +#if GCC_VERSION >= 406 +#pragma GCC diagnostic pop +#else +#pragma GCC diagnostic warning "-Wredundant-decls" +#endif +#endif + #ifdef USE_BUFFEREVENTS #include <event2/bufferevent_ssl.h> #include <event2/buffer.h> diff --git a/src/common/util.c b/src/common/util.c index e5dec99707..f7baab0791 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2018,15 +2018,24 @@ clean_name_for_stat(char *name) #endif } -/** Return FN_ERROR if filename can't be read, FN_NOENT if it doesn't - * exist, FN_FILE if it is a regular file, or FN_DIR if it's a - * directory. On FN_ERROR, sets errno. */ +/** Return: + * FN_ERROR if filename can't be read, is NULL, or is zero-length, + * FN_NOENT if it doesn't exist, + * FN_FILE if it is a non-empty regular file, or a FIFO on unix-like systems, + * FN_EMPTY for zero-byte regular files, + * FN_DIR if it's a directory, and + * FN_ERROR for any other file type. + * On FN_ERROR and FN_NOENT, sets errno. (errno is not set when FN_ERROR + * is returned due to an unhandled file type.) */ file_status_t file_status(const char *fname) { struct stat st; char *f; int r; + if (!fname || strlen(fname) == 0) { + return FN_ERROR; + } f = tor_strdup(fname); clean_name_for_stat(f); log_debug(LD_FS, "stat()ing %s", f); @@ -2038,16 +2047,23 @@ file_status(const char *fname) } return FN_ERROR; } - if (st.st_mode & S_IFDIR) + if (st.st_mode & S_IFDIR) { return FN_DIR; - else if (st.st_mode & S_IFREG) - return FN_FILE; + } else if (st.st_mode & S_IFREG) { + if (st.st_size > 0) { + return FN_FILE; + } else if (st.st_size == 0) { + return FN_EMPTY; + } else { + return FN_ERROR; + } #ifndef _WIN32 - else if (st.st_mode & S_IFIFO) + } else if (st.st_mode & S_IFIFO) { return FN_FILE; #endif - else + } else { return FN_ERROR; + } } /** Check whether <b>dirname</b> exists and is private. If yes return 0. If @@ -2966,7 +2982,7 @@ expand_filename(const char *filename) tor_free(username); rest = slash ? (slash+1) : ""; #else - log_warn(LD_CONFIG, "Couldn't expend homedir on system without pwd.h"); + log_warn(LD_CONFIG, "Couldn't expand homedir on system without pwd.h"); return tor_strdup(filename); #endif } diff --git a/src/common/util.h b/src/common/util.h index ee40949b61..1b8fc74db5 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -342,7 +342,7 @@ enum stream_status get_string_from_pipe(FILE *stream, char *buf, size_t count); /** Return values from file_status(); see that function's documentation * for details. */ -typedef enum { FN_ERROR, FN_NOENT, FN_FILE, FN_DIR } file_status_t; +typedef enum { FN_ERROR, FN_NOENT, FN_FILE, FN_DIR, FN_EMPTY } file_status_t; file_status_t file_status(const char *filename); /** Possible behaviors for check_private_dir() on encountering a nonexistent diff --git a/src/or/addressmap.c b/src/or/addressmap.c index 8ad24323b5..9d92eb7903 100644 --- a/src/or/addressmap.c +++ b/src/or/addressmap.c @@ -744,6 +744,12 @@ parse_virtual_addr_network(const char *val, sa_family_t family, const int max_bits = ipv6 ? 40 : 16; virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4; + if (!val || val[0] == '\0') { + if (msg) + tor_asprintf(msg, "Value not present (%s) after VirtualAddressNetwork%s", + val?"Empty":"NULL", ipv6?"IPv6":""); + return -1; + } if (tor_addr_parse_mask_ports(val, 0, &addr, &bits, NULL, NULL) < 0) { if (msg) tor_asprintf(msg, "Error parsing VirtualAddressNetwork%s %s", diff --git a/src/or/config.c b/src/or/config.c index 219200f799..3b82c1e064 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -55,6 +55,16 @@ #include "procmon.h" +#ifdef HAVE_SYSTEMD +# if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) +/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse + * Coverity. Here's a kludge to unconfuse it. + */ +# define __INCLUDE_LEVEL__ 2 +# endif +#include <systemd/sd-daemon.h> +#endif + /* From main.c */ extern int quiet_level; @@ -450,6 +460,7 @@ static config_var_t option_vars_[] = { V(TestingCertMaxDownloadTries, UINT, "8"), V(TestingDirAuthVoteExit, ROUTERSET, NULL), V(TestingDirAuthVoteGuard, ROUTERSET, NULL), + V(TestingDirAuthVoteHSDir, ROUTERSET, NULL), VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"), { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } @@ -498,6 +509,7 @@ static const config_var_t testing_tor_network_defaults[] = { V(TestingEnableCellStatsEvent, BOOL, "1"), V(TestingEnableTbEmptyEvent, BOOL, "1"), VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"), + V(RendPostPeriod, INTERVAL, "2 minutes"), { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } }; @@ -1018,6 +1030,11 @@ options_act_reversible(const or_options_t *old_options, char **msg) start_daemon(); } +#ifdef HAVE_SYSTEMD + /* Our PID may have changed, inform supervisor */ + sd_notifyf(0, "MAINPID=%ld\n", (long int)getpid()); +#endif + #ifndef HAVE_SYS_UN_H if (options->ControlSocket || options->ControlSocketsGroupWritable) { *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported " @@ -2508,6 +2525,7 @@ compute_publishserverdescriptor(or_options_t *options) /** Lowest allowable value for RendPostPeriod; if this is too low, hidden * services can overload the directory system. */ #define MIN_REND_POST_PERIOD (10*60) +#define MIN_REND_POST_PERIOD_TESTING (5) /** Higest allowable value for PredictedPortsRelevanceTime; if this is * too high, our selection of exits will decrease for an extended @@ -2992,10 +3010,13 @@ options_validate(or_options_t *old_options, or_options_t *options, options->MinUptimeHidServDirectoryV2 = 0; } - if (options->RendPostPeriod < MIN_REND_POST_PERIOD) { + const int min_rendpostperiod = + options->TestingTorNetwork ? + MIN_REND_POST_PERIOD_TESTING : MIN_REND_POST_PERIOD; + if (options->RendPostPeriod < min_rendpostperiod) { log_warn(LD_CONFIG, "RendPostPeriod option is too short; " - "raising to %d seconds.", MIN_REND_POST_PERIOD); - options->RendPostPeriod = MIN_REND_POST_PERIOD; + "raising to %d seconds.", min_rendpostperiod); + options->RendPostPeriod = min_rendpostperiod;; } if (options->RendPostPeriod > MAX_DIR_PERIOD) { @@ -4156,17 +4177,24 @@ find_torrc_filename(config_line_t *cmd_arg, if (*using_default_fname) { /* didn't find one, try CONFDIR */ const char *dflt = get_default_conf_file(defaults_file); - if (dflt && file_status(dflt) == FN_FILE) { + file_status_t st = file_status(dflt); + if (dflt && (st == FN_FILE || st == FN_EMPTY)) { fname = tor_strdup(dflt); } else { #ifndef _WIN32 char *fn = NULL; - if (!defaults_file) + if (!defaults_file) { fn = expand_filename("~/.torrc"); - if (fn && file_status(fn) == FN_FILE) { - fname = fn; + } + if (fn) { + file_status_t hmst = file_status(fn); + if (hmst == FN_FILE || hmst == FN_EMPTY) { + fname = fn; + } else { + tor_free(fn); + fname = tor_strdup(dflt); + } } else { - tor_free(fn); fname = tor_strdup(dflt); } #else @@ -4202,7 +4230,8 @@ load_torrc_from_disk(config_line_t *cmd_arg, int defaults_file) *fname_var = fname; /* Open config file */ - if (file_status(fname) != FN_FILE || + file_status_t st = file_status(fname); + if (!(st == FN_FILE || st == FN_EMPTY) || !(cf = read_file_to_str(fname,0,NULL))) { if (using_default_torrc == 1 || ignore_missing_torrc) { if (!defaults_file) @@ -6535,7 +6564,9 @@ write_configuration_file(const char *fname, const or_options_t *options) tor_assert(fname); switch (file_status(fname)) { + /* create backups of old config files, even if they're empty */ case FN_FILE: + case FN_EMPTY: old_val = read_file_to_str(fname, 0, NULL); if (!old_val || strcmpstart(old_val, GENERATED_FILE_PREFIX)) { rename_old = 1; diff --git a/src/or/control.c b/src/or/control.c index 3dbaa1bdf2..9ff71c9541 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1438,6 +1438,8 @@ getinfo_helper_misc(control_connection_t *conn, const char *question, (void) conn; if (!strcmp(question, "version")) { *answer = tor_strdup(get_version()); + } else if (!strcmp(question, "bw-event-cache")) { + *answer = get_bw_samples(); } else if (!strcmp(question, "config-file")) { *answer = tor_strdup(get_torrc_fname(0)); } else if (!strcmp(question, "config-defaults-file")) { @@ -2113,6 +2115,7 @@ typedef struct getinfo_item_t { * to answer them. */ static const getinfo_item_t getinfo_items[] = { ITEM("version", misc, "The current version of Tor."), + ITEM("bw-event-cache", misc, "Cached BW events for a short interval."), ITEM("config-file", misc, "Current location of the \"torrc\" file."), ITEM("config-defaults-file", misc, "Current location of the defaults file."), ITEM("config-text", misc, @@ -4155,11 +4158,29 @@ control_event_tb_empty(const char *bucket, uint32_t read_empty_time, return 0; } +/* about 5 minutes worth. */ +#define N_BW_EVENTS_TO_CACHE 300 +/* Index into cached_bw_events to next write. */ +static int next_measurement_idx = 0; +/* number of entries set in n_measurements */ +static int n_measurements = 0; +static struct cached_bw_event_s { + uint32_t n_read; + uint32_t n_written; +} cached_bw_events[N_BW_EVENTS_TO_CACHE]; + /** A second or more has elapsed: tell any interested control * connections how much bandwidth we used. */ int control_event_bandwidth_used(uint32_t n_read, uint32_t n_written) { + cached_bw_events[next_measurement_idx].n_read = n_read; + cached_bw_events[next_measurement_idx].n_written = n_written; + if (++next_measurement_idx == N_BW_EVENTS_TO_CACHE) + next_measurement_idx = 0; + if (n_measurements < N_BW_EVENTS_TO_CACHE) + ++n_measurements; + if (EVENT_IS_INTERESTING(EVENT_BANDWIDTH_USED)) { send_control_event(EVENT_BANDWIDTH_USED, ALL_FORMATS, "650 BW %lu %lu\r\n", @@ -4170,6 +4191,35 @@ control_event_bandwidth_used(uint32_t n_read, uint32_t n_written) return 0; } +STATIC char * +get_bw_samples(void) +{ + int i; + int idx = (next_measurement_idx + N_BW_EVENTS_TO_CACHE - n_measurements) + % N_BW_EVENTS_TO_CACHE; + tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE); + + smartlist_t *elements = smartlist_new(); + + for (i = 0; i < n_measurements; ++i) { + tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE); + const struct cached_bw_event_s *bwe = &cached_bw_events[idx]; + + smartlist_add_asprintf(elements, "%u,%u", + (unsigned)bwe->n_read, + (unsigned)bwe->n_written); + + idx = (idx + 1) % N_BW_EVENTS_TO_CACHE; + } + + char *result = smartlist_join_strings(elements, " ", 0, NULL); + + SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp)); + smartlist_free(elements); + + return result; +} + /** Called when we are sending a log message to the controllers: suspend * sending further log messages to the controllers until we're done. Used by * CONN_LOG_PROTECT. */ diff --git a/src/or/control.h b/src/or/control.h index 0af09ae653..8c9f7bbdc9 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -203,6 +203,7 @@ void append_cell_stats_by_command(smartlist_t *event_parts, const uint64_t *number_to_include); void format_cell_stats(char **event_string, circuit_t *circ, cell_stats_t *cell_stats); +STATIC char *get_bw_samples(void); #endif #endif diff --git a/src/or/dirserv.c b/src/or/dirserv.c index d668749c5b..8abe6cb778 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2113,9 +2113,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->ipv6_orport = ri->ipv6_orport; } - /* Iff we are in a testing network, use TestingDirAuthVoteExit to - give out Exit flags, and TestingDirAuthVoteGuard to - give out Guard flags. */ + /* Iff we are in a testing network, use TestingDirAuthVoteExit, + TestingDirAuthVoteGuard, and TestingDirAuthVoteHSDir to + give out the Exit, Guard, and HSDir flags, respectively. + But don't set the corresponding node flags. */ if (options->TestingTorNetwork) { if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit, rs, 0)) { @@ -2123,9 +2124,15 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, } if (routerset_contains_routerstatus(options->TestingDirAuthVoteGuard, - rs, 0)) { + rs, 0)) { rs->is_possible_guard = 1; } + + if (routerset_contains_routerstatus(options->TestingDirAuthVoteHSDir, + rs, 0)) { + /* TestingDirAuthVoteHSDir respects VoteOnHidServDirectoriesV2 */ + rs->is_hs_dir = vote_on_hsdirs; + } } } diff --git a/src/or/dns.c b/src/or/dns.c index 129ca395b6..cc4a169422 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -558,6 +558,8 @@ purge_expired_resolves(time_t now) /* Connections should only be pending if they have no socket. */ tor_assert(!SOCKET_OK(pend->conn->base_.s)); pendconn = pend->conn; + /* Prevent double-remove */ + pendconn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED; if (!pendconn->base_.marked_for_close) { connection_edge_end(pendconn, END_STREAM_REASON_TIMEOUT); circuit_detach_stream(circuit_get_by_edge_conn(pendconn), pendconn); @@ -1133,7 +1135,9 @@ connection_dns_remove(edge_connection_t *conn) return; /* more are pending */ } } - tor_assert(0); /* not reachable unless onlyconn not in pending list */ + log_warn(LD_BUG, "Connection (fd "TOR_SOCKET_T_FORMAT") was not waiting " + "for a resolve of %s, but we tried to remove it.", + conn->base_.s, escaped_safe_str(conn->base_.address)); } } diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9eb0efd670..968a993999 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1319,7 +1319,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg) "EntryGuardDownSince/UnlistedSince without EntryGuard"); break; } - if (parse_iso_time(line->value, &when)<0) { + if (parse_iso_time_(line->value, &when, 0)<0) { *msg = tor_strdup("Unable to parse entry nodes: " "Bad time in EntryGuardDownSince/UnlistedSince"); break; diff --git a/src/or/main.c b/src/or/main.c index 233b444791..abf3230c4c 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -76,6 +76,12 @@ #endif #ifdef HAVE_SYSTEMD +# if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) +/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse + * Coverity. Here's a kludge to unconfuse it. + */ +# define __INCLUDE_LEVEL__ 2 +# endif #include <systemd/sd-daemon.h> #endif @@ -1441,7 +1447,7 @@ run_scheduled_events(time_t now) if (time_to_clean_caches < now) { rep_history_clean(now - options->RephistTrackTime); rend_cache_clean(now); - rend_cache_clean_v2_descs_as_dir(now); + rend_cache_clean_v2_descs_as_dir(now, 0); microdesc_cache_rebuild(NULL, 0); #define CLEAN_CACHES_INTERVAL (30*60) time_to_clean_caches = now + CLEAN_CACHES_INTERVAL; @@ -1774,7 +1780,9 @@ static periodic_timer_t *systemd_watchdog_timer = NULL; static void systemd_watchdog_callback(periodic_timer_t *timer, void *arg) { - sd_notify(1, "WATCHDOG=1"); + (void)timer; + (void)arg; + sd_notify(0, "WATCHDOG=1"); } #endif @@ -2167,6 +2175,9 @@ process_signal(uintptr_t sig) tor_cleanup(); exit(0); } +#ifdef HAVE_SYSTEMD + sd_notify(0, "STOPPING=1"); +#endif hibernate_begin_shutdown(); break; #ifdef SIGPIPE @@ -2186,11 +2197,17 @@ process_signal(uintptr_t sig) control_event_signal(sig); break; case SIGHUP: +#ifdef HAVE_SYSTEMD + sd_notify(0, "RELOADING=1"); +#endif if (do_hup() < 0) { log_warn(LD_CONFIG,"Restart failed (config error?). Exiting."); tor_cleanup(); exit(1); } +#ifdef HAVE_SYSTEMD + sd_notify(0, "READY=1"); +#endif control_event_signal(sig); break; #ifdef SIGCHLD diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index fdab03d05a..59ba1e6cb7 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -876,7 +876,8 @@ update_consensus_networkstatus_fetch_time_impl(time_t now, int flav) log_debug(LD_DIR, "fresh_until: %ld start: %ld " "dl_interval: %ld valid_until: %ld ", - c->fresh_until, start, dl_interval, c->valid_until); + (long)c->fresh_until, (long)start, dl_interval, + (long)c->valid_until); /* We must not try to replace c while it's still fresh: */ tor_assert(c->fresh_until < start); /* We must download the next one before c is invalid: */ diff --git a/src/or/or.h b/src/or/or.h index 5bb5f5bf71..8a15529336 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4113,6 +4113,11 @@ typedef struct { * regardless of uptime and bandwidth. */ routerset_t *TestingDirAuthVoteGuard; + /** Relays in a testing network which should be voted HSDir + * regardless of uptime and ORPort connectivity. + * Respects VoteOnHidServDirectoriesV2. */ + routerset_t *TestingDirAuthVoteHSDir; + /** Enable CONN_BW events. Only altered on testing networks. */ int TestingEnableConnBwEvent; @@ -4958,6 +4963,8 @@ typedef struct rend_service_descriptor_t { typedef struct rend_cache_entry_t { size_t len; /**< Length of <b>desc</b> */ time_t received; /**< When was the descriptor received? */ + time_t last_served; /**< When did we last write this one to somebody? + * (HSDir only) */ char *desc; /**< Service descriptor */ rend_service_descriptor_t *parsed; /**< Parsed value of 'desc' */ } rend_cache_entry_t; diff --git a/src/or/relay.c b/src/or/relay.c index ac36e72b3b..d491e37024 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -2447,9 +2447,21 @@ cell_queues_check_size(void) size_t alloc = cell_queues_get_total_allocation(); alloc += buf_get_total_allocation(); alloc += tor_zlib_get_total_allocation(); + const size_t rend_cache_total = rend_cache_get_total_allocation(); + alloc += rend_cache_total; if (alloc >= get_options()->MaxMemInQueues_low_threshold) { last_time_under_memory_pressure = approx_time(); if (alloc >= get_options()->MaxMemInQueues) { + /* If we're spending over 20% of the memory limit on hidden service + * descriptors, free them until we're down to 10%. + */ + if (rend_cache_total > get_options()->MaxMemInQueues / 5) { + const size_t bytes_to_remove = + rend_cache_total - (size_t)(get_options()->MaxMemInQueues / 10); + rend_cache_clean_v2_descs_as_dir(time(NULL), bytes_to_remove); + alloc -= rend_cache_total; + alloc += rend_cache_get_total_allocation(); + } circuits_handle_oom(alloc); return 1; } diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 0f75118be2..88d9aaba48 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -704,6 +704,9 @@ static strmap_t *rend_cache = NULL; * directories. */ static digestmap_t *rend_cache_v2_dir = NULL; +/** DOCDOC */ +static size_t rend_cache_total_allocation = 0; + /** Initializes the service descriptor cache. */ void @@ -713,12 +716,64 @@ rend_cache_init(void) rend_cache_v2_dir = digestmap_new(); } +/** Return the approximate number of bytes needed to hold <b>e</b>. */ +static size_t +rend_cache_entry_allocation(const rend_cache_entry_t *e) +{ + if (!e) + return 0; + + /* This doesn't count intro_nodes or key size */ + return sizeof(*e) + e->len + sizeof(*e->parsed); +} + +/** DOCDOC */ +size_t +rend_cache_get_total_allocation(void) +{ + return rend_cache_total_allocation; +} + +/** Decrement the total bytes attributed to the rendezvous cache by n. */ +static void +rend_cache_decrement_allocation(size_t n) +{ + static int have_underflowed = 0; + + if (rend_cache_total_allocation >= n) { + rend_cache_total_allocation -= n; + } else { + rend_cache_total_allocation = 0; + if (! have_underflowed) { + have_underflowed = 1; + log_warn(LD_BUG, "Underflow in rend_cache_decrement_allocation"); + } + } +} + +/** Increase the total bytes attributed to the rendezvous cache by n. */ +static void +rend_cache_increment_allocation(size_t n) +{ + static int have_overflowed = 0; + if (rend_cache_total_allocation <= SIZE_MAX - n) { + rend_cache_total_allocation += n; + } else { + rend_cache_total_allocation = SIZE_MAX; + if (! have_overflowed) { + have_overflowed = 1; + log_warn(LD_BUG, "Overflow in rend_cache_increment_allocation"); + } + } +} + /** Helper: free storage held by a single service descriptor cache entry. */ static void rend_cache_entry_free(rend_cache_entry_t *e) { if (!e) return; + rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); rend_service_descriptor_free(e->parsed); tor_free(e->desc); tor_free(e); @@ -740,6 +795,7 @@ rend_cache_free_all(void) digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_); rend_cache = NULL; rend_cache_v2_dir = NULL; + rend_cache_total_allocation = 0; } /** Removes all old entries from the service descriptor cache. @@ -777,31 +833,46 @@ rend_cache_purge(void) } /** Remove all old v2 descriptors and those for which this hidden service - * directory is not responsible for any more. */ + * directory is not responsible for any more. + * + * If at all possible, remove at least <b>force_remove</b> bytes of data. + */ void -rend_cache_clean_v2_descs_as_dir(time_t now) +rend_cache_clean_v2_descs_as_dir(time_t now, size_t force_remove) { digestmap_iter_t *iter; time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW; - for (iter = digestmap_iter_init(rend_cache_v2_dir); - !digestmap_iter_done(iter); ) { - const char *key; - void *val; - rend_cache_entry_t *ent; - digestmap_iter_get(iter, &key, &val); - ent = val; - if (ent->parsed->timestamp < cutoff || - !hid_serv_responsible_for_desc_id(key)) { - char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN); - log_info(LD_REND, "Removing descriptor with ID '%s' from cache", - safe_str_client(key_base32)); - iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter); - rend_cache_entry_free(ent); - } else { - iter = digestmap_iter_next(rend_cache_v2_dir, iter); + const int LAST_SERVED_CUTOFF_STEP = 1800; + time_t last_served_cutoff = cutoff; + size_t bytes_removed = 0; + do { + for (iter = digestmap_iter_init(rend_cache_v2_dir); + !digestmap_iter_done(iter); ) { + const char *key; + void *val; + rend_cache_entry_t *ent; + digestmap_iter_get(iter, &key, &val); + ent = val; + if (ent->parsed->timestamp < cutoff || + ent->last_served < last_served_cutoff || + !hid_serv_responsible_for_desc_id(key)) { + char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; + base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN); + log_info(LD_REND, "Removing descriptor with ID '%s' from cache", + safe_str_client(key_base32)); + bytes_removed += rend_cache_entry_allocation(ent); + iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter); + rend_cache_entry_free(ent); + } else { + iter = digestmap_iter_next(rend_cache_v2_dir, iter); + } } - } + + /* In case we didn't remove enough bytes, advance the cutoff a little. */ + last_served_cutoff += LAST_SERVED_CUTOFF_STEP; + if (last_served_cutoff > now) + break; + } while (bytes_removed < force_remove); } /** Determines whether <b>a</b> is in the interval of <b>b</b> (excluded) and @@ -903,6 +974,7 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc) e = digestmap_get(rend_cache_v2_dir, desc_id_digest); if (e) { *desc = e->desc; + e->last_served = approx_time(); return 1; } return 0; @@ -993,7 +1065,13 @@ rend_cache_store_v2_desc_as_dir(const char *desc) if (!e) { e = tor_malloc_zero(sizeof(rend_cache_entry_t)); digestmap_set(rend_cache_v2_dir, desc_id, e); + /* Treat something just uploaded as having been served a little + * while ago, so that flooding with new descriptors doesn't help + * too much. + */ + e->last_served = approx_time() - 3600; } else { + rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); rend_service_descriptor_free(e->parsed); tor_free(e->desc); } @@ -1001,6 +1079,7 @@ rend_cache_store_v2_desc_as_dir(const char *desc) e->parsed = parsed; e->desc = tor_strndup(current_desc, encoded_size); e->len = encoded_size; + rend_cache_increment_allocation(rend_cache_entry_allocation(e)); log_info(LD_REND, "Successfully stored service descriptor with desc ID " "'%s' and len %d.", safe_str(desc_id_base32), (int)encoded_size); @@ -1189,6 +1268,7 @@ rend_cache_store_v2_desc_as_client(const char *desc, e = tor_malloc_zero(sizeof(rend_cache_entry_t)); strmap_set_lc(rend_cache, key, e); } else { + rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); rend_service_descriptor_free(e->parsed); tor_free(e->desc); } @@ -1197,6 +1277,7 @@ rend_cache_store_v2_desc_as_client(const char *desc, e->desc = tor_malloc_zero(encoded_size + 1); strlcpy(e->desc, desc, encoded_size + 1); e->len = encoded_size; + rend_cache_increment_allocation(rend_cache_entry_allocation(e)); log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.", safe_str_client(service_id), (int)encoded_size); return RCS_OKAY; diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h index 4b910d2729..8396cc3551 100644 --- a/src/or/rendcommon.h +++ b/src/or/rendcommon.h @@ -33,7 +33,7 @@ void rend_intro_point_free(rend_intro_point_t *intro); void rend_cache_init(void); void rend_cache_clean(time_t now); -void rend_cache_clean_v2_descs_as_dir(time_t now); +void rend_cache_clean_v2_descs_as_dir(time_t now, size_t min_to_remove); void rend_cache_purge(void); void rend_cache_free_all(void); int rend_valid_service_id(const char *query); @@ -51,7 +51,6 @@ rend_cache_store_status_t rend_cache_store_v2_desc_as_dir(const char *desc); rend_cache_store_status_t rend_cache_store_v2_desc_as_client(const char *desc, const char *desc_id_base32, const rend_data_t *rend_query); - int rend_encode_v2_descriptors(smartlist_t *descs_out, rend_service_descriptor_t *desc, time_t now, uint8_t period, rend_auth_type_t auth_type, @@ -64,6 +63,7 @@ int rend_id_is_in_interval(const char *a, const char *b, const char *c); void rend_get_descriptor_id_bytes(char *descriptor_id_out, const char *service_id, const char *secret_id_part); +size_t rend_cache_get_total_allocation(void); #endif diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 3b73674691..ca9b380d7d 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -3270,6 +3270,9 @@ rend_services_introduce(void) smartlist_free(exclude_nodes); } +#define MIN_REND_INITIAL_POST_DELAY (30) +#define MIN_REND_INITIAL_POST_DELAY_TESTING (5) + /** Regenerate and upload rendezvous service descriptors for all * services, if necessary. If the descriptor has been dirty enough * for long enough, definitely upload; else only upload when the @@ -3284,6 +3287,9 @@ rend_consider_services_upload(time_t now) int i; rend_service_t *service; int rendpostperiod = get_options()->RendPostPeriod; + int rendinitialpostdelay = (get_options()->TestingTorNetwork ? + MIN_REND_INITIAL_POST_DELAY_TESTING : + MIN_REND_INITIAL_POST_DELAY); if (!get_options()->PublishHidServDescriptors) return; @@ -3291,17 +3297,17 @@ rend_consider_services_upload(time_t now) for (i=0; i < smartlist_len(rend_service_list); ++i) { service = smartlist_get(rend_service_list, i); if (!service->next_upload_time) { /* never been uploaded yet */ - /* The fixed lower bound of 30 seconds ensures that the descriptor - * is stable before being published. See comment below. */ + /* The fixed lower bound of rendinitialpostdelay seconds ensures that + * the descriptor is stable before being published. See comment below. */ service->next_upload_time = - now + 30 + crypto_rand_int(2*rendpostperiod); + now + rendinitialpostdelay + crypto_rand_int(2*rendpostperiod); } if (service->next_upload_time < now || (service->desc_is_dirty && - service->desc_is_dirty < now-30)) { + service->desc_is_dirty < now-rendinitialpostdelay)) { /* if it's time, or if the directory servers have a wrong service - * descriptor and ours has been stable for 30 seconds, upload a - * new one of each format. */ + * descriptor and ours has been stable for rendinitialpostdelay seconds, + * upload a new one of each format. */ rend_service_update_descriptor(service); upload_service_descriptor(service); } diff --git a/src/or/router.c b/src/or/router.c index 00c365ffa5..a1feda3497 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -313,6 +313,7 @@ rotate_onion_key(void) time_t now; fname = get_datadir_fname2("keys", "secret_onion_key"); fname_prev = get_datadir_fname2("keys", "secret_onion_key.old"); + /* There isn't much point replacing an old key with an empty file */ if (file_status(fname) == FN_FILE) { if (replace_file(fname, fname_prev)) goto error; @@ -335,6 +336,7 @@ rotate_onion_key(void) fname_prev = get_datadir_fname2("keys", "secret_onion_key_ntor.old"); if (curve25519_keypair_generate(&new_curve25519_keypair, 1) < 0) goto error; + /* There isn't much point replacing an old key with an empty file */ if (file_status(fname) == FN_FILE) { if (replace_file(fname, fname_prev)) goto error; @@ -411,7 +413,11 @@ init_key_from_file(const char *fname, int generate, int severity, case FN_ERROR: tor_log(severity, LD_FS,"Can't read key from \"%s\"", fname); goto error; + /* treat empty key files as if the file doesn't exist, and, + * if generate is set, replace the empty file in + * crypto_pk_write_private_key_to_filename() */ case FN_NOENT: + case FN_EMPTY: if (generate) { if (!have_lockfile()) { if (try_locking(get_options(), 0)<0) { @@ -464,10 +470,10 @@ init_key_from_file(const char *fname, int generate, int severity, } /** Load a curve25519 keypair from the file <b>fname</b>, writing it into - * <b>keys_out</b>. If the file isn't found and <b>generate</b> is true, - * create a new keypair and write it into the file. If there are errors, log - * them at level <b>severity</b>. Generate files using <b>tag</b> in their - * ASCII wrapper. */ + * <b>keys_out</b>. If the file isn't found, or is empty, and <b>generate</b> + * is true, create a new keypair and write it into the file. If there are + * errors, log them at level <b>severity</b>. Generate files using <b>tag</b> + * in their ASCII wrapper. */ static int init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out, const char *fname, @@ -480,7 +486,10 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out, case FN_ERROR: tor_log(severity, LD_FS,"Can't read key from \"%s\"", fname); goto error; + /* treat empty key files as if the file doesn't exist, and, if generate + * is set, replace the empty file in curve25519_keypair_write_to_file() */ case FN_NOENT: + case FN_EMPTY: if (generate) { if (!have_lockfile()) { if (try_locking(get_options(), 0)<0) { @@ -880,7 +889,9 @@ init_keys(void) keydir = get_datadir_fname2("keys", "secret_onion_key.old"); if (!lastonionkey && file_status(keydir) == FN_FILE) { - prkey = init_key_from_file(keydir, 1, LOG_ERR, 0); /* XXXX Why 1? */ + /* Load keys from non-empty files only. + * Missing old keys won't be replaced with freshly generated keys. */ + prkey = init_key_from_file(keydir, 0, LOG_ERR, 0); if (prkey) lastonionkey = prkey; } @@ -901,6 +912,8 @@ init_keys(void) last_curve25519_onion_key.pubkey.public_key, CURVE25519_PUBKEY_LEN) && file_status(keydir) == FN_FILE) { + /* Load keys from non-empty files only. + * Missing old keys won't be replaced with freshly generated keys. */ init_curve25519_keypair_from_file(&last_curve25519_onion_key, keydir, 0, LOG_ERR, "onion"); } @@ -2577,8 +2590,9 @@ router_has_orport(const routerinfo_t *router, const tor_addr_port_t *orport) * <b>end_line</b>, ensure that its timestamp is not more than 25 hours in * the past or more than 1 hour in the future with respect to <b>now</b>, * and write the file contents starting with that line to *<b>out</b>. - * Return 1 for success, 0 if the file does not exist, or -1 if the file - * does not contain a line matching these criteria or other failure. */ + * Return 1 for success, 0 if the file does not exist or is empty, or -1 + * if the file does not contain a line matching these criteria or other + * failure. */ static int load_stats_file(const char *filename, const char *end_line, time_t now, char **out) @@ -2612,7 +2626,9 @@ load_stats_file(const char *filename, const char *end_line, time_t now, notfound: tor_free(contents); break; + /* treat empty stats files as if the file doesn't exist */ case FN_NOENT: + case FN_EMPTY: r = 0; break; case FN_ERROR: diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 6cb052c03e..d3734238eb 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1206,6 +1206,7 @@ router_reload_router_list_impl(desc_store_t *store) tor_free(fname); fname = get_datadir_fname_suffix(store->fname_base, ".new"); + /* don't load empty files - we wouldn't get any data, even if we tried */ if (file_status(fname) == FN_FILE) contents = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st); if (contents) { diff --git a/src/or/statefile.c b/src/or/statefile.c index c279858de6..dd1894beb7 100644 --- a/src/or/statefile.c +++ b/src/or/statefile.c @@ -323,7 +323,10 @@ or_state_load(void) goto done; } break; + /* treat empty state files as if the file doesn't exist, and generate + * a new state file, overwriting the empty file in or_state_save() */ case FN_NOENT: + case FN_EMPTY: break; case FN_ERROR: case FN_DIR: diff --git a/src/test/include.am b/src/test/include.am index 9db1587da7..b9b381fdae 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -122,9 +122,11 @@ if USEPYTHON ./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py ./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py endif + $(top_srcdir)/src/test/zero_length_keys.sh EXTRA_DIST += \ src/test/bt_test.py \ src/test/ntor_ref.py \ src/test/slownacl_curve25519.py \ - src/test/test_cmdline_args.py + src/test/test_cmdline_args.py \ + src/test/zero_length_keys.sh diff --git a/src/test/test-network.sh b/src/test/test-network.sh index d28fbde80f..be57cafb7f 100755 --- a/src/test/test-network.sh +++ b/src/test/test-network.sh @@ -45,7 +45,7 @@ PATH="$TOR_DIR/src/or:$TOR_DIR/src/tools:$PATH" # Sleep some, waiting for the network to bootstrap. # TODO: Add chutney command 'bootstrap-status' and use that instead. -BOOTSTRAP_TIME=${BOOTSTRAP_TIME:-18} +BOOTSTRAP_TIME=${BOOTSTRAP_TIME:-25} $ECHO_N "$myname: sleeping for $BOOTSTRAP_TIME seconds" n=$BOOTSTRAP_TIME; while [ $n -gt 0 ]; do sleep 1; n=$(expr $n - 1); $ECHO_N . diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c index fafb5bbbea..28c8f4e8ef 100644 --- a/src/test/test_relaycell.c +++ b/src/test/test_relaycell.c @@ -104,7 +104,7 @@ test_relaycell_resolved(void *arg) tt_int_op(srm_answer_is_set, OP_EQ, 0); \ } \ tt_int_op(srm_ttl, OP_EQ, ttl); \ - tt_int_op(srm_expires, OP_EQ, expires); \ + tt_i64_op(srm_expires, OP_EQ, expires); \ } while (0) (void)arg; diff --git a/src/test/test_util.c b/src/test/test_util.c index 4891356820..15470e8efa 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4851,7 +4851,7 @@ test_util_max_mem(void *arg) } else { /* You do not have a petabyte. */ #if SIZEOF_SIZE_T == SIZEOF_UINT64_T - tt_uint_op(memory1, OP_LT, (U64_LITERAL(1)<<50)); + tt_u64_op(memory1, OP_LT, (U64_LITERAL(1)<<50)); #endif } diff --git a/src/test/zero_length_keys.sh b/src/test/zero_length_keys.sh new file mode 100755 index 0000000000..3a99ca1f1d --- /dev/null +++ b/src/test/zero_length_keys.sh @@ -0,0 +1,115 @@ +#!/bin/sh +# Check that tor regenerates keys when key files are zero-length +# Test for bug #13111 - Tor fails to start if onion keys are zero length +# +# Usage: +# ./zero_length_keys.sh +# Run all the tests below +# ./zero_length_keys.sh -z +# Check tor will launch and regenerate zero-length keys +# ./zero_length_keys.sh -d +# Check tor regenerates deleted keys (existing behaviour) +# ./zero_length_keys.sh -e +# Check tor does not overwrite existing keys (existing behaviour) +# +# Exit Statuses: +# -2: test failed - tor did not generate the key files on first run +# -1: a command failed - the test could not be completed +# 0: test succeeded - tor regenerated/kept the files +# 1: test failed - tor did not regenerate/keep the files +# + +if [ $# -lt 1 ]; then + echo "Testing that tor correctly handles zero-length keys" + "$0" -z && "$0" -d && "$0" -e + exit $? +fi + +export DATA_DIR=`mktemp -d -t tor_zero_length_keys.XXXXXX` +# DisableNetwork means that the ORPort won't actually be opened. +# 'ExitRelay 0' suppresses a warning. +TOR="./src/or/tor --hush --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0" + +if [ -s "$DATA_DIR"/keys/secret_id_key -a -s "$DATA_DIR"/keys/secret_onion_key -a -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then + echo "Failure: Previous tor keys present in tor data directory" + exit -1 +else + echo "Generating initial tor keys" + $TOR --DataDirectory "$DATA_DIR" --PidFile "$DATA_DIR"/pid & + TOR_PID=$! + # generate SIGTERM, hopefully after the keys have been regenerated + sleep 5 + kill $TOR_PID + wait $TOR_PID + + # tor must successfully generate non-zero-length key files + if [ -s "$DATA_DIR"/keys/secret_id_key -a -s "$DATA_DIR"/keys/secret_onion_key -a -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then + true #echo "tor generated the initial key files" + else + echo "Failure: tor failed to generate the initial key files" + exit -2 + fi +fi + +#ls -lh "$DATA_DIR"/keys/ || exit -1 + +# backup and keep/delete/create zero-length files for the keys + +FILE_DESC="keeps existing" +# make a backup +cp -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old + +# delete keys for -d or -z +if [ "$1" != "-e" ]; then + FILE_DESC="regenerates deleted" + rm "$DATA_DIR"/keys/secret_id_key || exit -1 + rm "$DATA_DIR"/keys/secret_onion_key || exit -1 + rm "$DATA_DIR"/keys/secret_onion_key_ntor || exit -1 +fi + +# create empty files for -z +if [ "$1" = "-z" ]; then + FILE_DESC="regenerates zero-length" + touch "$DATA_DIR"/keys/secret_id_key || exit -1 + touch "$DATA_DIR"/keys/secret_onion_key || exit -1 + touch "$DATA_DIR"/keys/secret_onion_key_ntor || exit -1 +fi + +echo "Running tor again to check if it $FILE_DESC keys" +$TOR --DataDirectory "$DATA_DIR" --PidFile "$DATA_DIR"/pid & +TOR_PID=$! +# generate SIGTERM, hopefully after the keys have been regenerated +sleep 5 +kill $TOR_PID +wait $TOR_PID + +#ls -lh "$DATA_DIR"/keys/ || exit -1 + +# tor must always have non-zero-length key files +if [ -s "$DATA_DIR"/keys/secret_id_key -a -s "$DATA_DIR"/keys/secret_onion_key -a -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then + # check if the keys are different to the old ones + diff -q -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old > /dev/null + SAME_KEYS=$? + # if we're not testing existing keys, + # the current keys should be different to the old ones + if [ "$1" != "-e" ]; then + if [ $SAME_KEYS -ne 0 ]; then + echo "Success: test that tor $FILE_DESC key files: different keys" + exit 0 + else + echo "Failure: test that tor $FILE_DESC key files: same keys" + exit 1 + fi + else #[ "$1" == "-e" ]; then + if [ $SAME_KEYS -eq 0 ]; then + echo "Success: test that tor $FILE_DESC key files: same keys" + exit 0 + else + echo "Failure: test that tor $FILE_DESC key files: different keys" + exit 1 + fi + fi +else + echo "Failure: test that tor $FILE_DESC key files: no key files" + exit 1 +fi |