diff options
40 files changed, 150 insertions, 457 deletions
@@ -1,5 +1,90 @@ -Changes in version 0.2.6.4-?? - 2015-0?-?? +Changes in version 0.2.6.4-rc - 2015-03-09 + Tor 0.2.6.4-alpha fixes an issue in the directory code that an + attacker might be able to use in order to crash certain Tor + directories. It also resolves some minor issues left over from, or + introduced in, Tor 0.2.6.3-alpha or earlier. + + o Major bugfixes (crash, OSX, security): + - Fix a remote denial-of-service opportunity caused by a bug in + OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared + in OSX 10.9. + + o Major bugfixes (relay, stability, possible security): + - Fix a bug that could lead to a relay crashing with an assertion + failure if a buffer of exactly the wrong layout is passed to + buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on + 0.2.0.10-alpha. Patch from "cypherpunks". + - Do not assert if the 'data' pointer on a buffer is advanced to the + very end of the buffer; log a BUG message instead. Only assert if + it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. + + o Major bugfixes (FreeBSD IPFW transparent proxy): + - Fix address detection with FreeBSD transparent proxies, when + "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix + on 0.2.5.4-alpha. + + o Major bugfixes (Linux seccomp2 sandbox): + - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux + seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix + on 0.2.6.3-alpha. + - Allow AF_UNIX hidden services to be used with the seccomp2 + sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha. + - Upon receiving sighup with the seccomp2 sandbox enabled, do not + crash during attempts to call wait4. Fixes bug 15088; bugfix on + 0.2.5.1-alpha. Patch from "sanic". + o Minor features (controller): + - Messages about problems in the bootstrap process now include + information about the server we were trying to connect to when we + noticed the problem. Closes ticket 15006. + + o Minor features (geoip): + - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. + - Update geoip6 to the March 3 2015 Maxmind GeoLite2 + Country database. + + o Minor features (logs): + - Quiet some log messages in the heartbeat and at startup. Closes + ticket 14950. + + o Minor bugfixes (certificate handling): + - If an authority operator accidentally makes a signing certificate + with a future publication time, do not discard its real signing + certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha. + - Remove any old authority certificates that have been superseded + for at least two days. Previously, we would keep superseded + certificates until they expired, if they were published close in + time to the certificate that superseded them. Fixes bug 11454; + bugfix on 0.2.1.8-alpha. + + o Minor bugfixes (compilation): + - Fix a compilation warning on s390. Fixes bug 14988; bugfix + on 0.2.5.2-alpha. + - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix + on 0.2.6.2-alpha. + + o Minor bugfixes (testing): + - Fix endianness issues in unit test for resolve_my_address() to + have it pass on big endian systems. Fixes bug 14980; bugfix on + Tor 0.2.6.3-alpha. + - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug + 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt. + - When running the new 'make test-stem' target, use the configured + python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch + from "cypherpunks". + - When running the zero-length-keys tests, do not use the default + torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported + by "reezer". + + o Directory authority IP change: + - The directory authority Faravahar has a new IP address. This + closes ticket 14487. + + o Removed code: + - Remove some lingering dead code that once supported mempools. + Mempools were disabled by default in 0.2.5, and removed entirely + in 0.2.6.3-alpha. Closes more of ticket 14848; patch + by "cypherpunks". Changes in version 0.2.6.3-alpha - 2015-02-19 @@ -49,6 +134,13 @@ Changes in version 0.2.6.3-alpha - 2015-02-19 notified of updates and their correct digests. Implements proposal 227. Closes ticket 10395. + o Major features (guards): + - Introduce the Guardfraction feature to improves load balancing on + guard nodes. Specifically, it aims to reduce the traffic gap that + guard nodes experience when they first get the Guard flag. This is + a required step if we want to increase the guard lifetime to 9 + months or greater. Closes ticket 9321. + o Major features (performance): - Make the CPU worker implementation more efficient by avoiding the kernel and lengthening pipelines. The original implementation used diff --git a/Makefile.am b/Makefile.am index b1f92f5b34..03dff91b53 100644 --- a/Makefile.am +++ b/Makefile.am @@ -111,6 +111,12 @@ check-logs: ./scripts/maint/checkLogs.pl \ src/*/*.[ch] | sort -n +.PHONY: check-changes +check-changes: + @if test -d "$(top_srcdir)/changes"; then \ + $(PYTHON) $(top_srcdir)/scripts/maint/lintChanges.py $(top_srcdir)/changes/*; \ + fi + version: @echo "Tor @VERSION@" @if test -d "$(top_srcdir)/.git" && test -x "`which git 2>&1;true`"; then \ diff --git a/changes/15188 b/changes/15188 deleted file mode 100644 index 2065b3974c..0000000000 --- a/changes/15188 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug - 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt. diff --git a/changes/bug11454 b/changes/bug11454 deleted file mode 100644 index b37a7d9728..0000000000 --- a/changes/bug11454 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (certificate handling): - - Remove any old authority certificates that have been superseded - for at least two days. Previously, we would keep superseded - certificates until they expired, if they were published close - in time to the certificate that superseded them. - Fixes bug 11454; bugfix on 0.2.1.8-alpha. diff --git a/changes/bug11457 b/changes/bug11457 deleted file mode 100644 index cf64c1d10d..0000000000 --- a/changes/bug11457 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (certificate handling): - - If an authority operator accidentally makes a signing certificate with - a future publication time, do not discard its real signing - certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha. - diff --git a/changes/bug14806 b/changes/bug14806 new file mode 100644 index 0000000000..dd85e785ce --- /dev/null +++ b/changes/bug14806 @@ -0,0 +1,3 @@ + o Minor bugfixes (testing): + - Commandline argument tests moved to Stem. Fixes bug 14806. + diff --git a/changes/bug14848_redux b/changes/bug14848_redux deleted file mode 100644 index c10320fb23..0000000000 --- a/changes/bug14848_redux +++ /dev/null @@ -1,5 +0,0 @@ - o Removed code: - - Remove some lingering dead code that once supported mempools. Mempools - were disabled by default in 0.2.5, and removed entirely in - 0.2.6.3-alpha. Closes more of ticket 14848; patch by "cypherpunks". - diff --git a/changes/bug14922 b/changes/bug14922 new file mode 100644 index 0000000000..65396e4d8f --- /dev/null +++ b/changes/bug14922 @@ -0,0 +1,3 @@ + o Removed code: + - Remove the 'tor_strclear()' function; use memwipe() instead. + Closes ticket 14922.
\ No newline at end of file diff --git a/changes/bug14950 b/changes/bug14950 deleted file mode 100644 index 33cea9cb58..0000000000 --- a/changes/bug14950 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (logs): - - Quiet some log messages in the heartbeat and at startup. Closes - ticket 14950.
\ No newline at end of file diff --git a/changes/bug14980 b/changes/bug14980 deleted file mode 100644 index b873bb009c..0000000000 --- a/changes/bug14980 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix endianness issues in unit test for resolve_my_address() to - have it pass on big endian systems. Fixes bug 14980; bugfix on - Tor 0.2.6.3-alpha. diff --git a/changes/bug14987b-doc b/changes/bug14987b-doc new file mode 100644 index 0000000000..b8b239292e --- /dev/null +++ b/changes/bug14987b-doc @@ -0,0 +1,4 @@ + o Documentation: + - Standardize on the term "server descriptor" in the manual page. + Previously, we had used "router descriptor", "server descriptor", + and "relay descriptor" interchangeably. Part of ticket 14987. diff --git a/changes/bug14988 b/changes/bug14988 deleted file mode 100644 index 67dc96e443..0000000000 --- a/changes/bug14988 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning on s390. Fixes bug 14988; bugfix on - 0.2.5.2-alpha. - diff --git a/changes/bug14989 b/changes/bug14989 deleted file mode 100644 index f4432d468b..0000000000 --- a/changes/bug14989 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (Linux seccomp2 sandbox): - - Pass IPPROTO_TCP rather than 0 to socket(), so that the - Linux seccomp2 sandbox doesn't fail. Fixes bug 14989; - bugfix on 0.2.6.3-alpha. diff --git a/changes/bug15003 b/changes/bug15003 deleted file mode 100644 index 2dcce74dfe..0000000000 --- a/changes/bug15003 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (linux seccomp2 sandbox): - - Allow AF_UNIX hidden services to be used with the seccomp2 sandbox. - Fixes bug 15003; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug15033 b/changes/bug15033 deleted file mode 100644 index 953e6c3d59..0000000000 --- a/changes/bug15033 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (tests): - - When running the zero-length-keys check, do not use the default - torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported - by "reezer". diff --git a/changes/bug15037 b/changes/bug15037 deleted file mode 100644 index 587d63186e..0000000000 --- a/changes/bug15037 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - When running the new 'make test-stem' target, use the configured - python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch - from "cypherpunks". diff --git a/changes/bug15064 b/changes/bug15064 deleted file mode 100644 index e6bd747b1f..0000000000 --- a/changes/bug15064 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (FreeBSD IPFW transparent proxy): - - Fix address detection with FreeBSD transparent proxies, - when "TransProxyType ipfw" is in use. - Fixes bug 15064; bugfix on 0.2.5.4-alpha. diff --git a/changes/bug15083 b/changes/bug15083 deleted file mode 100644 index 5cc79b5ba1..0000000000 --- a/changes/bug15083 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (relay, stability, possible security): - - Fix a bug that could lead to a relay crashing with an assertion - failure if a buffer of exactly the wrong layout was passed - to buf_pullup() at exactly the wrong time. Fixes bug 15083; - bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - - - Do not assert if the 'data' pointer on a buffer is advanced to the very - end of the buffer; log a BUG message instead. Only assert if it is - past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug15088 b/changes/bug15088 deleted file mode 100644 index 95878bdb39..0000000000 --- a/changes/bug15088 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Linux seccomp2 sandbox): - - Upon receiving sighup, do not crash during attempts to call - wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from - "sanic". diff --git a/changes/bug15151 b/changes/bug15151 deleted file mode 100644 index b9c3061554..0000000000 --- a/changes/bug15151 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix on - 0.2.6.2-alpha. diff --git a/changes/bug15205 b/changes/bug15205 deleted file mode 100644 index 0cb9f3f4bc..0000000000 --- a/changes/bug15205 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (crash, OSX, security): - - Fix a remote denial-of-service opportunity caused by a bug - in OSX's _strlcat_chk() function. Fixes bug 15205; bug first - appeared in OSX 10.9. - diff --git a/changes/feature15006 b/changes/feature15006 deleted file mode 100644 index 168a440ba0..0000000000 --- a/changes/feature15006 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (controller): - - Messages about problems in the bootstrap process now include - information about the server we were trying to connect to when we - noticed the problem. Closes ticket 15006. diff --git a/changes/feature15180 b/changes/feature15180 new file mode 100644 index 0000000000..f73ab965e5 --- /dev/null +++ b/changes/feature15180 @@ -0,0 +1,3 @@ + o Minor features (testing): + - Add make rule `check-changes` to verify the format of changes files. + Closes ticket 15180. diff --git a/changes/geoip-march2015 b/changes/geoip-march2015 deleted file mode 100644 index 565781280a..0000000000 --- a/changes/geoip-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-march2015 b/changes/geoip6-march2015 deleted file mode 100644 index 9a38c65e62..0000000000 --- a/changes/geoip6-march2015 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database. - diff --git a/changes/ticket14487 b/changes/ticket14487 deleted file mode 100644 index 577337ff24..0000000000 --- a/changes/ticket14487 +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority IP change: - - The directory authority Faravahar has a new IP address. Closes - ticket 14487. diff --git a/configure.ac b/configure.ac index f04abfbb50..e5e36d5c07 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.6.4-rc-dev]) +AC_INIT([tor],[0.2.7.0-alpha-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in index c251158d9a..ae339ff844 100644 --- a/contrib/dist/tor.service.in +++ b/contrib/dist/tor.service.in @@ -1,3 +1,9 @@ +# tor.service -- this systemd configuration file for Tor sets up a +# relatively conservative, hardened Tor service. You may need to +# edit it if you are making changes to your Tor configuration that it +# does not allow. Package maintainers: this should be a starting point +# for your tor.service; it is not the last point. + [Unit] Description = Anonymizing overlay network for TCP After = syslog.target network.target nss-lookup.target diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 4a0350fd03..7729703579 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.6.4-rc-dev" +!define VERSION "0.2.7.0-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/doc/HACKING b/doc/HACKING index 5c71b74bd1..f006bb6164 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -61,9 +61,10 @@ it's a bugfix, mention what bug it fixes and when the bug was introduced. To find out which Git tag the change was introduced in, you can use "git describe --contains <sha1 of commit>". -If at all possible, try to create this file in the same commit where -you are making the change. Please give it a distinctive name that no -other branch will use for the lifetime of your change. +If at all possible, try to create this file in the same commit where you are +making the change. Please give it a distinctive name that no other branch will +use for the lifetime of your change. To verify the format of the changes file, +you can use "make check-changes". When we go to make a release, we will concatenate all the entries in changes to make a draft changelog, and clear the directory. We'll diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e136bd0f7e..a77cb9b169 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1311,7 +1311,7 @@ The following options are useful only for clients (that is, if [[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**:: If true, Tor downloads and caches "extra-info" documents. These documents contain information about servers other than the information in their - regular router descriptors. Tor does not use this information for anything + regular server descriptors. Tor does not use this information for anything itself; to save bandwidth, leave this option turned off. (Default: 0) [[WarnPlaintextPorts]] **WarnPlaintextPorts** __port__,__port__,__...__:: @@ -1490,8 +1490,8 @@ is non-zero): [[BridgeRelay]] **BridgeRelay** **0**|**1**:: Sets the relay to act as a "bridge" with respect to relaying connections from bridge users to the Tor network. It mainly causes Tor to publish a - server descriptor to the bridge database, rather than publishing a relay - descriptor to the public directory authorities. + server descriptor to the bridge database, rather than + to the public directory authorities. [[ContactInfo]] **ContactInfo** __email_address__:: Administrative contact information for this relay or bridge. This line @@ -1929,7 +1929,7 @@ on the public Tor network. [[BridgeAuthoritativeDir]] **BridgeAuthoritativeDir** **0**|**1**:: When this option is set in addition to **AuthoritativeDirectory**, Tor - accepts and serves router descriptors, but it caches and serves the main + accepts and serves server descriptors, but it caches and serves the main networkstatus documents rather than generating its own. (Default: 0) [[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: @@ -1948,9 +1948,9 @@ on the public Tor network. in the "params" line of its networkstatus vote. [[DirAllowPrivateAddresses]] **DirAllowPrivateAddresses** **0**|**1**:: - If set to 1, Tor will accept router descriptors with arbitrary "Address" + If set to 1, Tor will accept server descriptors with arbitrary "Address" elements. Otherwise, if the address is not an IP address or is a private IP - address, it will reject the router descriptor. (Default: 0) + address, it will reject the server descriptor. (Default: 0) [[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__:: Authoritative directories only. A set of address patterns for servers that @@ -2212,7 +2212,7 @@ The following options are used for running a testing Tor network. that **TestingTorNetwork** is set. (Default: 30 minutes) [[TestingEstimatedDescriptorPropagationTime]] **TestingEstimatedDescriptorPropagationTime** __N__ **minutes**|**hours**:: - Clients try downloading router descriptors from directory caches after this + Clients try downloading server descriptors from directory caches after this time. Changing this requires that **TestingTorNetwork** is set. (Default: 10 minutes) @@ -2260,7 +2260,7 @@ The following options are used for running a testing Tor network. this requires that **TestingTorNetwork** is set. (Default: 8) [[TestingDescriptorMaxDownloadTries]] **TestingDescriptorMaxDownloadTries** __NUM__:: - Try this often to download a router descriptor before giving up. + Try this often to download a server descriptor before giving up. Changing this requires that **TestingTorNetwork** is set. (Default: 8) [[TestingMicrodescMaxDownloadTries]] **TestingMicrodescMaxDownloadTries** __NUM__:: @@ -2402,7 +2402,7 @@ __DataDirectory__**/state**:: below). - When the file was last written - What version of Tor generated the state file - - A short history of bandwidth usage, as produced in the router + - A short history of bandwidth usage, as produced in the server descriptors. __DataDirectory__**/bw_accounting**:: @@ -2447,7 +2447,7 @@ __DataDirectory__**/unverified-microdesc-consensus**:: to check yet. __DataDirectory__**/unparseable-desc**:: - Onion router descriptors that Tor was unable to parse are dumped to this + Onion server descriptors that Tor was unable to parse are dumped to this file. Only used for debugging. __DataDirectory__**/router-stability**:: diff --git a/scripts/maint/lintChanges.py b/scripts/maint/lintChanges.py index 69963aea28..c2fc01d2bf 100755 --- a/scripts/maint/lintChanges.py +++ b/scripts/maint/lintChanges.py @@ -1,19 +1,22 @@ #!/usr/bin/python +from __future__ import print_function +from __future__ import with_statement import sys import re - +import os def lintfile(fname): have_warned = [] + def warn(s): if not have_warned: have_warned.append(1) - print fname,":" - print "\t",s + print("{}:".format(fname)) + print("\t{}".format(s)) - m = re.search(r'(\d{3,})', fname) + m = re.search(r'(\d{3,})', os.path.basename(fname)) if m: bugnum = m.group(1) else: @@ -23,12 +26,12 @@ def lintfile(fname): contents = f.read() if bugnum and bugnum not in contents: - warn("bug number %s does not appear"%bugnum) + warn("bug number {} does not appear".format(bugnum)) lines = contents.split("\n") isBug = ("bug" in lines[0] or "fix" in lines[0]) - if not re.match(r'^ +o (.*)', contents): + if not re.match(r'^[ ]{2}o (.*)', contents): warn("header not in format expected") contents = " ".join(contents.split()) @@ -44,11 +47,12 @@ def lintfile(fname): if re.search(r'[bB]ug (\d+)', contents): if not re.search(r'[Bb]ugfix on ', contents): warn("bugfix does not say 'bugfix on X.Y.Z'") - elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', contents): + elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', + contents): warn("bugfix incant is not semicoloned") -if __name__=='__main__': +if __name__ == '__main__': for fname in sys.argv[1:]: if fname.endswith("~"): continue diff --git a/src/common/util.c b/src/common/util.c index 442d57a2cf..2c3a1a1019 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -771,16 +771,6 @@ fast_memcmpstart(const void *mem, size_t memlen, return fast_memcmp(mem, prefix, plen); } -/** Given a nul-terminated string s, set every character before the nul - * to zero. */ -void -tor_strclear(char *s) -{ - while (*s) { - *s++ = '\0'; - } -} - /** Return a pointer to the first char of s that is not whitespace and * not a comment, or to the terminating NUL if no such character exists. */ diff --git a/src/common/util.h b/src/common/util.h index ea774bd9bd..783c2a13db 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -209,7 +209,6 @@ int strcasecmpstart(const char *s1, const char *s2) ATTR_NONNULL((1,2)); int strcmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2)); int strcasecmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2)); int fast_memcmpstart(const void *mem, size_t memlen, const char *prefix); -void tor_strclear(char *s); void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2)); long tor_parse_long(const char *s, int base, long min, diff --git a/src/or/connection.c b/src/or/connection.c index 7db0238b3d..dcf716f2fa 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -3774,7 +3774,7 @@ connection_fetch_from_buf_line(connection_t *conn, char *data, } } -/** As fetch_from_buf_http, but fetches from a conncetion's input buffer_t or +/** As fetch_from_buf_http, but fetches from a connection's input buffer_t or * its bufferevent as appropriate. */ int connection_fetch_from_buf_http(connection_t *conn, diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 6c934c8c12..036869650c 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -173,7 +173,7 @@ rend_authorized_client_free(rend_authorized_client_t *client) return; if (client->client_key) crypto_pk_free(client->client_key); - tor_strclear(client->client_name); + memwipe(client->client_name, 0, strlen(client->client_name)); tor_free(client->client_name); memwipe(client->descriptor_cookie, 0, sizeof(client->descriptor_cookie)); tor_free(client); @@ -1052,7 +1052,7 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname) abort_writing_to_file(open_hfile); done: if (client_keys_str) { - tor_strclear(client_keys_str); + memwipe(client_keys_str, 0, strlen(client_keys_str)); tor_free(client_keys_str); } strmap_free(parsed_clients, rend_authorized_client_strmap_item_free); diff --git a/src/test/include.am b/src/test/include.am index d20d2f66b9..369bc1a77a 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -156,7 +156,6 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS) check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR) if USEPYTHON - $(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}" $(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor $(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test ./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py @@ -168,5 +167,4 @@ EXTRA_DIST += \ src/test/bt_test.py \ src/test/ntor_ref.py \ src/test/slownacl_curve25519.py \ - src/test/test_cmdline_args.py \ src/test/zero_length_keys.sh diff --git a/src/test/test_cmdline_args.py b/src/test/test_cmdline_args.py deleted file mode 100755 index 57641974db..0000000000 --- a/src/test/test_cmdline_args.py +++ /dev/null @@ -1,311 +0,0 @@ -#!/usr/bin/python - -import binascii -import hashlib -import os -import re -import shutil -import subprocess -import sys -import tempfile -import unittest - -TOR = "./src/or/tor" -TOP_SRCDIR = "." - -if len(sys.argv) > 1: - TOR = sys.argv[1] - del sys.argv[1] - -if len(sys.argv) > 1: - TOP_SRCDIR = sys.argv[1] - del sys.argv[1] - -class UnexpectedSuccess(Exception): - pass - -class UnexpectedFailure(Exception): - pass - -if sys.version < '3': - def b2s(b): - return b - def s2b(s): - return s - def NamedTemporaryFile(): - return tempfile.NamedTemporaryFile(delete=False) -else: - def b2s(b): - return str(b, 'ascii') - def s2b(s): - return s.encode('ascii') - def NamedTemporaryFile(): - return tempfile.NamedTemporaryFile(mode="w",delete=False,encoding="ascii") - -def contents(fn): - f = open(fn) - try: - return f.read() - finally: - f.close() - -def run_tor(args, failure=False, stdin=None): - kwargs = {} - if stdin != None: - kwargs['stdin'] = subprocess.PIPE - p = subprocess.Popen([TOR] + args, stdout=subprocess.PIPE, **kwargs) - output, _ = p.communicate(input=stdin) - result = p.poll() - if result and not failure: - raise UnexpectedFailure() - elif not result and failure: - raise UnexpectedSuccess() - return b2s(output.replace('\r\n','\n')) - -def spaceify_fp(fp): - for i in range(0, len(fp), 4): - yield fp[i:i+4] - -def lines(s): - out = s.splitlines() - if out and out[-1] == '': - del out[-1] - return out - -def strip_log_junk(line): - m = re.match(r'([^\[]+\[[a-z]*\] *)(.*)', line) - if not m: - return ""+line - return m.group(2).strip() - -def randstring(entropy_bytes): - s = os.urandom(entropy_bytes) - return b2s(binascii.b2a_hex(s)) - -def findLineContaining(lines, s): - for ln in lines: - if s in ln: - return True - return False - -class CmdlineTests(unittest.TestCase): - - def test_version(self): - out = run_tor(["--version"]) - self.assertTrue(out.startswith("Tor version ")) - self.assertEqual(len(lines(out)), 1) - - def test_quiet(self): - out = run_tor(["--quiet", "--quumblebluffin", "1"], failure=True) - self.assertEqual(out, "") - - def test_help(self): - out = run_tor(["--help"], failure=False) - out2 = run_tor(["-h"], failure=False) - self.assertTrue(out.startswith("Copyright (c) 2001")) - self.assertTrue(out.endswith( - "tor -f <torrc> [args]\n" - "See man page for options, or https://www.torproject.org/ for documentation.\n")) - self.assertTrue(out == out2) - - def test_hush(self): - torrc = NamedTemporaryFile() - torrc.close() - try: - out = run_tor(["--hush", "-f", torrc.name, - "--quumblebluffin", "1"], failure=True) - finally: - os.unlink(torrc.name) - self.assertEqual(len(lines(out)), 2) - ln = [ strip_log_junk(l) for l in lines(out) ] - self.assertEqual(ln[0], "Failed to parse/validate config: Unknown option 'quumblebluffin'. Failing.") - self.assertEqual(ln[1], "Reading config failed--see warnings above.") - - def test_missing_argument(self): - out = run_tor(["--hush", "--hash-password"], failure=True) - self.assertEqual(len(lines(out)), 2) - ln = [ strip_log_junk(l) for l in lines(out) ] - self.assertEqual(ln[0], "Command-line option '--hash-password' with no value. Failing.") - - def test_hash_password(self): - out = run_tor(["--hash-password", "woodwose"]) - result = lines(out)[-1] - self.assertEqual(result[:3], "16:") - self.assertEqual(len(result), 61) - r = binascii.a2b_hex(result[3:]) - self.assertEqual(len(r), 29) - - salt, how, hashed = r[:8], r[8], r[9:] - self.assertEqual(len(hashed), 20) - if type(how) == type("A"): - how = ord(how) - - count = (16 + (how & 15)) << ((how >> 4) + 6) - stuff = salt + s2b("woodwose") - repetitions = count // len(stuff) + 1 - inp = stuff * repetitions - inp = inp[:count] - - self.assertEqual(hashlib.sha1(inp).digest(), hashed) - - def test_digests(self): - main_c = os.path.join(TOP_SRCDIR, "src", "or", "main.c") - - if os.stat(TOR).st_mtime < os.stat(main_c).st_mtime: - self.skipTest(TOR+" not up to date") - out = run_tor(["--digests"]) - main_line = [ l for l in lines(out) if l.endswith("/main.c") or l.endswith(" main.c") ] - digest, name = main_line[0].split() - f = open(main_c, 'rb') - actual = hashlib.sha1(f.read()).hexdigest() - f.close() - self.assertEqual(digest, actual) - - def test_dump_options(self): - default_torrc = NamedTemporaryFile() - torrc = NamedTemporaryFile() - torrc.write("SocksPort 9999") - torrc.close() - default_torrc.write("SafeLogging 0") - default_torrc.close() - out_sh = out_nb = out_fl = None - opts = [ "-f", torrc.name, - "--defaults-torrc", default_torrc.name ] - try: - out_sh = run_tor(["--dump-config", "short"]+opts) - out_nb = run_tor(["--dump-config", "non-builtin"]+opts) - out_fl = run_tor(["--dump-config", "full"]+opts) - out_nr = run_tor(["--dump-config", "bliznert"]+opts, - failure=True) - - out_verif = run_tor(["--verify-config"]+opts) - finally: - os.unlink(torrc.name) - os.unlink(default_torrc.name) - - self.assertEqual(len(lines(out_sh)), 2) - self.assertTrue(lines(out_sh)[0].startswith("DataDirectory ")) - self.assertEqual(lines(out_sh)[1:], - [ "SocksPort 9999" ]) - - self.assertEqual(len(lines(out_nb)), 2) - self.assertEqual(lines(out_nb), - [ "SafeLogging 0", - "SocksPort 9999" ]) - - out_fl = lines(out_fl) - self.assertTrue(len(out_fl) > 100) - self.assertTrue("SocksPort 9999" in out_fl) - self.assertTrue("SafeLogging 0" in out_fl) - self.assertTrue("ClientOnly 0" in out_fl) - - self.assertTrue(out_verif.endswith("Configuration was valid\n")) - - def test_list_fingerprint(self): - tmpdir = tempfile.mkdtemp(prefix='ttca_') - torrc = NamedTemporaryFile() - torrc.write("ORPort 9999\n") - torrc.write("DataDirectory %s\n"%tmpdir) - torrc.write("Nickname tippi") - torrc.close() - opts = ["-f", torrc.name] - try: - out = run_tor(["--list-fingerprint"]+opts) - fp = contents(os.path.join(tmpdir, "fingerprint")) - finally: - os.unlink(torrc.name) - shutil.rmtree(tmpdir) - - out = lines(out) - lastlog = strip_log_junk(out[-2]) - lastline = out[-1] - fp = fp.strip() - nn_fp = fp.split()[0] - space_fp = " ".join(spaceify_fp(fp.split()[1])) - self.assertEqual(lastlog, - "Your Tor server's identity key fingerprint is '%s'"%fp) - self.assertEqual(lastline, "tippi %s"%space_fp) - self.assertEqual(nn_fp, "tippi") - - def test_list_options(self): - out = lines(run_tor(["--list-torrc-options"])) - self.assertTrue(len(out)>100) - self.assertTrue(out[0] <= 'AccountingMax') - self.assertTrue("UseBridges" in out) - self.assertTrue("SocksPort" in out) - - def test_cmdline_args(self): - default_torrc = NamedTemporaryFile() - torrc = NamedTemporaryFile() - contents = ("SocksPort 9999\n" - "SocksPort 9998\n" - "ORPort 9000\n" - "ORPort 9001\n" - "Nickname eleventeen\n" - "ControlPort 9500\n") - torrc.write(contents) - default_torrc.write("") - default_torrc.close() - torrc.close() - out_sh = out_nb = out_fl = None - - opts_stdin = [ "-f", "-", - "--defaults-torrc", default_torrc.name, - "--dump-config", "short" ] - opts = [ "-f", torrc.name, - "--defaults-torrc", default_torrc.name, - "--dump-config", "short" ] - try: - out_0 = run_tor(opts_stdin,stdin=contents) - out_1 = run_tor(opts) - out_2 = run_tor(opts+["+ORPort", "9003", - "SocksPort", "9090", - "/ControlPort", - "/TransPort", - "+ExtORPort", "9005"]) - finally: - os.unlink(torrc.name) - os.unlink(default_torrc.name) - - out_0 = [ l for l in lines(out_0) if not l.startswith("DataDir") ] - out_1 = [ l for l in lines(out_1) if not l.startswith("DataDir") ] - out_2 = [ l for l in lines(out_2) if not l.startswith("DataDir") ] - - self.assertEqual(out_0, - ["ControlPort 9500", - "Nickname eleventeen", - "ORPort 9000", - "ORPort 9001", - "SocksPort 9999", - "SocksPort 9998"]) - - self.assertEqual(out_1, - ["ControlPort 9500", - "Nickname eleventeen", - "ORPort 9000", - "ORPort 9001", - "SocksPort 9999", - "SocksPort 9998"]) - - self.assertEqual(out_2, - ["ExtORPort 9005", - "Nickname eleventeen", - "ORPort 9000", - "ORPort 9001", - "ORPort 9003", - "SocksPort 9090"]) - - def test_missing_torrc(self): - fname = "nonexistent_file_"+randstring(8) - out = run_tor(["-f", fname, "--verify-config"], failure=True) - ln = [ strip_log_junk(l) for l in lines(out) ] - self.assertTrue("Unable to open configuration file" in ln[-2]) - self.assertTrue("Reading config failed" in ln[-1]) - - out = run_tor(["-f", fname, "--verify-config", "--ignore-missing-torrc"]) - ln = [ strip_log_junk(l) for l in lines(out) ] - self.assertTrue(findLineContaining(ln, ", using reasonable defaults")) - self.assertTrue("Configuration was valid" in ln[-1]) - -if __name__ == '__main__': - unittest.main() diff --git a/src/test/test_util.c b/src/test/test_util.c index 51e9e761ab..6a4c3ec072 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4111,26 +4111,6 @@ test_util_laplace(void *arg) ; } -static void -test_util_strclear(void *arg) -{ - static const char *vals[] = { "", "a", "abcdef", "abcdefgh", NULL }; - int i; - char *v = NULL; - (void)arg; - - for (i = 0; vals[i]; ++i) { - size_t n; - v = tor_strdup(vals[i]); - n = strlen(v); - tor_strclear(v); - tt_assert(tor_mem_is_zero(v, n+1)); - tor_free(v); - } - done: - tor_free(v); -} - #define UTIL_LEGACY(name) \ { #name, test_util_ ## name , 0, NULL, NULL } @@ -4348,7 +4328,6 @@ struct testcase_t util_tests[] = { UTIL_LEGACY(di_ops), UTIL_TEST(round_to_next_multiple_of, 0), UTIL_TEST(laplace, 0), - UTIL_TEST(strclear, 0), UTIL_TEST(find_str_at_start_of_line, 0), UTIL_TEST(string_is_C_identifier, 0), UTIL_TEST(asprintf, 0), diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 4d7a878d3d..6745bcc9f5 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -232,7 +232,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.6.4-rc-dev" +#define VERSION "0.2.7.0-alpha-dev" |