diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuitbuild.c | 31 | ||||
| -rw-r--r-- | src/or/command.c | 19 | ||||
| -rw-r--r-- | src/or/config.c | 76 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 9 | ||||
| -rw-r--r-- | src/or/connection_or.c | 9 | ||||
| -rw-r--r-- | src/or/control.c | 4 | ||||
| -rw-r--r-- | src/or/directory.c | 3 | ||||
| -rw-r--r-- | src/or/dirserv.c | 73 | ||||
| -rw-r--r-- | src/or/hibernate.c | 2 | ||||
| -rw-r--r-- | src/or/main.c | 12 | ||||
| -rw-r--r-- | src/or/or.h | 21 | ||||
| -rw-r--r-- | src/or/relay.c | 2 | ||||
| -rw-r--r-- | src/or/rendclient.c | 27 | ||||
| -rw-r--r-- | src/or/rendservice.c | 63 | ||||
| -rw-r--r-- | src/or/rephist.c | 4 | ||||
| -rw-r--r-- | src/or/router.c | 4 | ||||
| -rw-r--r-- | src/or/routerlist.c | 10 | ||||
| -rw-r--r-- | src/or/routerparse.c | 90 | ||||
| -rw-r--r-- | src/or/routerparse.h | 1 |
19 files changed, 319 insertions, 141 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index a63e89b126..72ec9e4880 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1237,7 +1237,7 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt) if (cbt->timeout_ms >= circuit_build_times_get_initial_timeout()) { if (cbt->timeout_ms > INT32_MAX/2 || cbt->close_ms > INT32_MAX/2) { log_warn(LD_CIRC, "Insanely large circuit build timeout value. " - "(timeout = %lfmsec, close = %lfmsec)", + "(timeout = %fmsec, close = %fmsec)", cbt->timeout_ms, cbt->close_ms); } else { cbt->timeout_ms *= 2; @@ -1381,7 +1381,7 @@ circuit_build_times_set_timeout_worker(circuit_build_times_t *cbt) cbt->close_ms = MAX(cbt->close_ms, circuit_build_times_initial_timeout()); if (cbt->timeout_ms > max_time) { - log_notice(LD_CIRC, + log_info(LD_CIRC, "Circuit build timeout of %dms is beyond the maximum build " "time we have ever observed. Capping it to %dms.", (int)cbt->timeout_ms, max_time); @@ -1414,7 +1414,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) return; if (cbt->timeout_ms < circuit_build_times_min_timeout()) { - log_warn(LD_CIRC, "Set buildtimeout to low value %lfms. Setting to %dms", + log_warn(LD_CIRC, "Set buildtimeout to low value %fms. Setting to %dms", cbt->timeout_ms, circuit_build_times_min_timeout()); cbt->timeout_ms = circuit_build_times_min_timeout(); if (cbt->close_ms < cbt->timeout_ms) { @@ -1429,31 +1429,31 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) timeout_rate = circuit_build_times_timeout_rate(cbt); if (prev_timeout > tor_lround(cbt->timeout_ms/1000)) { - log_notice(LD_CIRC, + log_info(LD_CIRC, "Based on %d circuit times, it looks like we don't need to " "wait so long for circuits to finish. We will now assume a " "circuit is too slow to use after waiting %ld seconds.", cbt->total_build_times, tor_lround(cbt->timeout_ms/1000)); log_info(LD_CIRC, - "Circuit timeout data: %lfms, %lfms, Xm: %d, a: %lf, r: %lf", + "Circuit timeout data: %fms, %fms, Xm: %d, a: %f, r: %f", cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, timeout_rate); } else if (prev_timeout < tor_lround(cbt->timeout_ms/1000)) { - log_notice(LD_CIRC, + log_info(LD_CIRC, "Based on %d circuit times, it looks like we need to wait " "longer for circuits to finish. We will now assume a " "circuit is too slow to use after waiting %ld seconds.", cbt->total_build_times, tor_lround(cbt->timeout_ms/1000)); log_info(LD_CIRC, - "Circuit timeout data: %lfms, %lfms, Xm: %d, a: %lf, r: %lf", + "Circuit timeout data: %fms, %fms, Xm: %d, a: %f, r: %f", cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, timeout_rate); } else { log_info(LD_CIRC, - "Set circuit build timeout to %lds (%lfms, %lfms, Xm: %d, a: %lf," - " r: %lf) based on %d circuit times", + "Set circuit build timeout to %lds (%fms, %fms, Xm: %d, a: %f," + " r: %f) based on %d circuit times", tor_lround(cbt->timeout_ms/1000), cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, timeout_rate, cbt->total_build_times); @@ -1961,9 +1961,10 @@ should_use_create_fast_for_circuit(origin_circuit_t *circ) return 1; /* our hand is forced: only a create_fast will work. */ if (!options->FastFirstHopPK) return 0; /* we prefer to avoid create_fast */ - if (server_mode(options)) { + if (public_server_mode(options)) { /* We're a server, and we know an onion key. We can choose. - * Prefer to blend in. */ + * Prefer to blend our circuit into the other circuits we are + * creating on behalf of others. */ return 0; } @@ -4095,7 +4096,7 @@ choose_random_entry(cpath_build_state_t *state) retry: smartlist_clear(live_entry_guards); - SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry, + SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, entry) { const char *msg; r = entry_is_live(entry, need_uptime, need_capacity, 0, &msg); @@ -4131,7 +4132,8 @@ choose_random_entry(cpath_build_state_t *state) } if (smartlist_len(live_entry_guards) >= options->NumEntryGuards) break; /* we have enough */ - }); + } + SMARTLIST_FOREACH_END(entry); if (entry_list_is_constrained(options)) { /* If we prefer the entry nodes we've got, and we have at least @@ -4668,7 +4670,6 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge) DIR_PURPOSE_FETCH_SERVERDESC)) return; /* it's already on the way */ - address = tor_dup_addr(&bridge->addr); if (routerset_contains_bridge(options->ExcludeNodes, bridge)) { download_status_mark_impossible(&bridge->fetch_status); log_warn(LD_APP, "Not using bridge at %s: it is in ExcludeNodes.", @@ -4676,6 +4677,8 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge) return; } + address = tor_dup_addr(&bridge->addr); + directory_initiate_command(address, &bridge->addr, bridge->port, 0, 0, /* does not matter */ diff --git a/src/or/command.c b/src/or/command.c index 12b4c30f5c..5271a7a907 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -132,6 +132,9 @@ command_process_cell(cell_t *cell, or_connection_t *conn) #define PROCESS_CELL(tp, cl, cn) command_process_ ## tp ## _cell(cl, cn) #endif + if (conn->_base.marked_for_close) + return; + /* Reject all but VERSIONS and NETINFO when handshaking. */ if (handshaking && cell->command != CELL_VERSIONS && cell->command != CELL_NETINFO) @@ -205,6 +208,9 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn) } #endif + if (conn->_base.marked_for_close) + return; + /* reject all when not handshaking. */ if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING) return; @@ -232,6 +238,7 @@ static void command_process_create_cell(cell_t *cell, or_connection_t *conn) { or_circuit_t *circ; + or_options_t *options = get_options(); int id_is_high; if (we_are_hibernating()) { @@ -243,9 +250,11 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn) return; } - if (!server_mode(get_options())) { + if (!server_mode(options) || + (!public_server_mode(options) && conn->is_outgoing)) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Received create cell (type %d) from %s:%d, but we're a client. " + "Received create cell (type %d) from %s:%d, but we're connected " + "to it as a client. " "Sending back a destroy.", (int)cell->command, conn->_base.address, conn->_base.port); connection_or_send_destroy(cell->circ_id, conn, @@ -305,7 +314,13 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn) * a CPU worker. */ char keys[CPATH_KEY_MATERIAL_LEN]; char reply[DIGEST_LEN*2]; + tor_assert(cell->command == CELL_CREATE_FAST); + + /* Make sure we never try to use the OR connection on which we + * received this cell to satisfy an EXTEND request, */ + conn->is_connection_with_client = 1; + if (fast_server_handshake(cell->payload, (uint8_t*)reply, (uint8_t*)keys, sizeof(keys))<0) { log_warn(LD_OR,"Failed to generate key material. Closing."); diff --git a/src/or/config.c b/src/or/config.c index 8972506477..ffa763e65c 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -229,7 +229,7 @@ static config_var_t _option_vars[] = { OBSOLETE("DirRecordUsageGranularity"), OBSOLETE("DirRecordUsageRetainIPs"), OBSOLETE("DirRecordUsageSaveInterval"), - V(DirReqStatistics, BOOL, "0"), + V(DirReqStatistics, BOOL, "1"), VAR("DirServer", LINELIST, DirServers, NULL), V(DisableAllSwap, BOOL, "0"), V(DNSPort, PORT, "0"), @@ -246,7 +246,7 @@ static config_var_t _option_vars[] = { V(ExitPolicy, LINELIST, NULL), V(ExitPolicyRejectPrivate, BOOL, "1"), V(ExitPortStatistics, BOOL, "0"), - V(ExtraInfoStatistics, BOOL, "0"), + V(ExtraInfoStatistics, BOOL, "1"), #if defined (WINCE) V(FallbackNetworkstatusFile, FILENAME, "fallback-consensus"), @@ -269,6 +269,8 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif + V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, + BOOL, "0"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(AccelName, STRING, NULL), @@ -1408,44 +1410,56 @@ options_act(or_options_t *old_options) tor_free(actual_fname); } - if (options->DirReqStatistics && !geoip_is_loaded()) { - /* Check if GeoIP database could be loaded. */ - log_warn(LD_CONFIG, "Configured to measure directory request " - "statistics, but no GeoIP database found!"); - return -1; - } - - if (options->EntryStatistics) { - if (should_record_bridge_info(options)) { - /* Don't allow measuring statistics on entry guards when configured - * as bridge. */ - log_warn(LD_CONFIG, "Bridges cannot be configured to measure " - "additional GeoIP statistics as entry guards."); - return -1; - } else if (!geoip_is_loaded()) { - /* Check if GeoIP database could be loaded. */ - log_warn(LD_CONFIG, "Configured to measure entry node statistics, " - "but no GeoIP database found!"); - return -1; - } - } - if (options->CellStatistics || options->DirReqStatistics || options->EntryStatistics || options->ExitPortStatistics) { time_t now = time(NULL); + int print_notice = 0; + + /* If we aren't acting as a server, we can't collect stats anyway. */ + if (!server_mode(options)) { + options->CellStatistics = 0; + options->DirReqStatistics = 0; + options->EntryStatistics = 0; + options->ExitPortStatistics = 0; + } + if ((!old_options || !old_options->CellStatistics) && - options->CellStatistics) + options->CellStatistics) { rep_hist_buffer_stats_init(now); + print_notice = 1; + } if ((!old_options || !old_options->DirReqStatistics) && - options->DirReqStatistics) - geoip_dirreq_stats_init(now); + options->DirReqStatistics) { + if (geoip_is_loaded()) { + geoip_dirreq_stats_init(now); + print_notice = 1; + } else { + options->DirReqStatistics = 0; + log_notice(LD_CONFIG, "Configured to measure directory request " + "statistics, but no GeoIP database found! " + "Please specify a GeoIP database using the " + "GeoIPFile option!"); + } + } if ((!old_options || !old_options->EntryStatistics) && - options->EntryStatistics) - geoip_entry_stats_init(now); + options->EntryStatistics && !should_record_bridge_info(options)) { + if (geoip_is_loaded()) { + geoip_entry_stats_init(now); + print_notice = 1; + } else { + options->EntryStatistics = 0; + log_notice(LD_CONFIG, "Configured to measure entry node " + "statistics, but no GeoIP database found! " + "Please specify a GeoIP database using the " + "GeoIPFile option!"); + } + } if ((!old_options || !old_options->ExitPortStatistics) && - options->ExitPortStatistics) + options->ExitPortStatistics) { rep_hist_exit_stats_init(now); - if (!old_options) + print_notice = 1; + } + if (print_notice) log_notice(LD_CONFIG, "Configured to measure statistics. Look for " "the *-stats files that will first be written to the " "data directory in 24 hours from now."); diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 8609b023d5..4763bf59a2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -831,7 +831,10 @@ addressmap_clear_excluded_trackexithosts(or_options_t *options) char *nodename; routerinfo_t *ri; /* XXX023 Use node_t. */ - if (strcmpend(target, ".exit")) { + if (!target) { + /* DNS resolving in progress */ + continue; + } else if (strcmpend(target, ".exit")) { /* Not a .exit mapping */ continue; } else if (ent->source != ADDRMAPSRC_TRACKEXIT) { @@ -842,8 +845,8 @@ addressmap_clear_excluded_trackexithosts(or_options_t *options) if (len < 6) continue; /* malformed. */ dot = target + len - 6; /* dot now points to just before .exit */ - while(dot > target && *dot != '.') - dot--; + while (dot > target && *dot != '.') + dot--; if (*dot == '.') dot++; nodename = tor_strndup(dot, len-5-(dot-target));; ri = router_get_by_nickname(nodename, 0); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index c019f6592b..1fffba7733 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -548,6 +548,11 @@ connection_or_get_for_extend(const char *digest, tor_assert(tor_memeq(conn->identity_digest, digest, DIGEST_LEN)); if (conn->_base.marked_for_close) continue; + /* Never return a connection on which the other end appears to be + * a client. */ + if (conn->is_connection_with_client) { + continue; + } /* Never return a non-open connection. */ if (conn->_base.state != OR_CONN_STATE_OPEN) { /* If the address matches, don't launch a new connection for this @@ -808,6 +813,8 @@ connection_or_connect(const tor_addr_t *_addr, uint16_t port, conn->_base.state = OR_CONN_STATE_CONNECTING; control_event_or_conn_status(conn, OR_CONN_EVENT_LAUNCHED, 0); + conn->is_outgoing = 1; + /* use a proxy server if available */ if (options->HTTPSProxy) { using_proxy = 1; @@ -1403,7 +1410,7 @@ connection_or_send_netinfo(or_connection_t *conn) /* Their address. */ out = cell.payload + 4; - len = append_address_to_payload(out, &conn->_base.addr); + len = append_address_to_payload(out, &conn->real_addr); if (len<0) return -1; out += len; diff --git a/src/or/control.c b/src/or/control.c index de9dca0be9..1e411ec9c1 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3712,8 +3712,8 @@ control_event_buildtimeout_set(const circuit_build_times_t *cbt, send_control_event(EVENT_BUILDTIMEOUT_SET, ALL_FORMATS, "650 BUILDTIMEOUT_SET %s TOTAL_TIMES=%lu " - "TIMEOUT_MS=%lu XM=%lu ALPHA=%lf CUTOFF_QUANTILE=%lf " - "TIMEOUT_RATE=%lf CLOSE_MS=%lu CLOSE_RATE=%lf\r\n", + "TIMEOUT_MS=%lu XM=%lu ALPHA=%f CUTOFF_QUANTILE=%f " + "TIMEOUT_RATE=%f CLOSE_MS=%lu CLOSE_RATE=%f\r\n", type_string, (unsigned long)cbt->total_build_times, (unsigned long)cbt->timeout_ms, (unsigned long)cbt->Xm, cbt->alpha, qnt, diff --git a/src/or/directory.c b/src/or/directory.c index 52fec6b61a..e3cc70f91f 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -785,8 +785,7 @@ directory_command_should_use_begindir(or_options_t *options, return 0; /* We don't know an ORPort -- no chance. */ if (!anonymized_connection) if (!fascist_firewall_allows_address_or(addr, or_port) || - directory_fetches_from_authorities(options) || - (server_mode(options) && !options->Address)) + directory_fetches_from_authorities(options)) return 0; /* We're firewalled or are acting like a relay -- also no. */ if (!options->TunnelDirConns && router_purpose != ROUTER_PURPOSE_BRIDGE) diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 66079018ab..c427fe2ef3 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2251,6 +2251,74 @@ get_possible_sybil_list(const smartlist_t *routers) return omit_as_sybil; } +/** Return non-zero iff a relay running the Tor version specified in + * <b>platform</b> is suitable for use as a potential entry guard. */ +static int +is_router_version_good_for_possible_guard(const char *platform) +{ + static int parsed_versions_initialized = 0; + static tor_version_t first_good_0_2_1_guard_version; + static tor_version_t first_good_0_2_2_guard_version; + static tor_version_t first_good_later_guard_version; + + tor_version_t router_version; + + /* XXX023 This block should be extracted into its own function. */ + /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */ + { + char *s, *s2, *start; + char tmp[128]; + + tor_assert(platform); + + if (strcmpstart(platform,"Tor ")) /* nonstandard Tor; be safe and say yes */ + return 1; + + start = (char *)eat_whitespace(platform+3); + if (!*start) return 0; + s = (char *)find_whitespace(start); /* also finds '\0', which is fine */ + s2 = (char*)eat_whitespace(s); + if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-")) + s = (char*)find_whitespace(s2); + + if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */ + return 0; + strlcpy(tmp, start, s-start+1); + + if (tor_version_parse(tmp, &router_version)<0) { + log_info(LD_DIR,"Router version '%s' unparseable.",tmp); + return 1; /* be safe and say yes */ + } + } + /* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */ + + if (!parsed_versions_initialized) { + /* CVE-2011-2769 was fixed on the relay side in Tor versions + * 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */ + tor_assert(tor_version_parse("0.2.1.31", + &first_good_0_2_1_guard_version)>=0); + tor_assert(tor_version_parse("0.2.2.34", + &first_good_0_2_2_guard_version)>=0); + tor_assert(tor_version_parse("0.2.3.6-alpha", + &first_good_later_guard_version)>=0); + + /* Don't parse these constant version strings once for every relay + * for every vote. */ + parsed_versions_initialized = 1; + } + + return ((tor_version_same_series(&first_good_0_2_1_guard_version, + &router_version) && + tor_version_compare(&first_good_0_2_1_guard_version, + &router_version) <= 0) || + (tor_version_same_series(&first_good_0_2_2_guard_version, + &router_version) && + tor_version_compare(&first_good_0_2_2_guard_version, + &router_version) <= 0) || + (tor_version_compare(&first_good_later_guard_version, + &router_version) <= 0)); +} + /** Extract status information from <b>ri</b> and from other authority * functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting * the named flag in <b>rs</b>. @@ -2264,6 +2332,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, int naming, int listbadexits, int listbaddirs, int vote_on_hsdirs) { + const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); memset(rs, 0, sizeof(routerstatus_t)); @@ -2294,7 +2363,9 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD || router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, - guard_bandwidth_excluding_exits))) { + guard_bandwidth_excluding_exits)) && + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/hibernate.c b/src/or/hibernate.c index aebce4cc88..2f7170fa24 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -943,7 +943,7 @@ consider_hibernation(time_t now) if (hibernate_soft_limit_reached()) { log_notice(LD_ACCT, "Bandwidth soft limit reached; commencing hibernation. " - "No new conncetions will be accepted"); + "No new connections will be accepted"); hibernate_begin(HIBERNATE_STATE_LOWBANDWIDTH, now); } else if (accounting_enabled && now < interval_wakeup_time) { format_local_iso_time(buf,interval_wakeup_time); diff --git a/src/or/main.c b/src/or/main.c index bc639dbdd8..b1159746a2 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -940,15 +940,16 @@ run_scheduled_events(time_t now) if (options->UseBridges) fetch_bridge_descriptors(options, now); - /** 1b. Every MAX_SSL_KEY_LIFETIME seconds, we change our TLS context. */ + /** 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our + * TLS context. */ if (!last_rotated_x509_certificate) last_rotated_x509_certificate = now; - if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { + if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) { log_info(LD_GENERAL,"Rotating tls context."); if (tor_tls_context_init(public_server_mode(options), get_tlsclient_identity_key(), is_server ? get_server_identity_key() : NULL, - MAX_SSL_KEY_LIFETIME) < 0) { + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? -RD */ } @@ -1240,7 +1241,7 @@ run_scheduled_events(time_t now) /** 9. and if we're a server, check whether our DNS is telling stories to * us. */ - if (is_server && time_to_check_for_correct_dns < now) { + if (public_server_mode(options) && time_to_check_for_correct_dns < now) { if (!time_to_check_for_correct_dns) { time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120); } else { @@ -1377,7 +1378,8 @@ ip_address_changed(int at_interface) if (at_interface) { if (! server) { /* Okay, change our keys. */ - init_keys(); + if (init_keys()<0) + log_warn(LD_GENERAL, "Unable to rotate keys after IP change!"); } } else { if (server) { diff --git a/src/or/or.h b/src/or/or.h index 2e5edff36d..7d50e1f505 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -163,7 +163,9 @@ /** How often do we rotate onion keys? */ #define MIN_ONION_KEY_LIFETIME (7*24*60*60) /** How often do we rotate TLS contexts? */ -#define MAX_SSL_KEY_LIFETIME (2*60*60) +#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60) +/** What expiry time shall we place on our SSL certs? */ +#define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60) /** How old do we allow a router to get before removing it * from the router list? In seconds. */ @@ -1066,6 +1068,12 @@ typedef struct or_connection_t { * router itself has a problem. */ unsigned int is_bad_for_new_circs:1; + /** True iff we have decided that the other end of this connection + * is a client. Connections with this flag set should never be used + * to satisfy an EXTEND request. */ + unsigned int is_connection_with_client:1; + /** True iff this is an outgoing connection. */ + unsigned int is_outgoing:1; uint8_t link_proto; /**< What protocol version are we using? 0 for * "none negotiated yet." */ circid_t next_circ_id; /**< Which circ_id do we try to use next on @@ -2664,6 +2672,10 @@ typedef struct { * number of servers per IP address shared * with an authority. */ + /** Should we assign the Guard flag to relays which would allow + * exploitation of CVE-2011-2768 against their clients? */ + int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting @@ -3454,14 +3466,17 @@ typedef struct rend_encoded_v2_service_descriptor_t { char *desc_str; /**< Descriptor string. */ } rend_encoded_v2_service_descriptor_t; -/** Introduction point information. */ +/** Introduction point information. Used both in rend_service_t (on + * the service side) and in rend_service_descriptor_t (on both the + * client and service side). */ typedef struct rend_intro_point_t { extend_info_t *extend_info; /**< Extend info of this introduction point. */ crypto_pk_env_t *intro_key; /**< Introduction key that replaces the service * key, if this descriptor is V2. */ } rend_intro_point_t; -/** Information used to connect to a hidden service. */ +/** Information used to connect to a hidden service. Used on both the + * service side and the client side. */ typedef struct rend_service_descriptor_t { crypto_pk_env_t *pk; /**< This service's public key. */ int version; /**< Version of the descriptor format: 0 or 2. */ diff --git a/src/or/relay.c b/src/or/relay.c index 46e852217d..d9b9d0c486 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -2028,7 +2028,7 @@ cell_ewma_set_scale_factor(or_options_t *options, networkstatus_t *consensus) ewma_enabled = 1; log_info(LD_OR, "Enabled cell_ewma algorithm because of value in %s; " - "scale factor is %lf per %d seconds", + "scale factor is %f per %d seconds", source, ewma_scale_factor, EWMA_TICK_LEN); } } diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 533dfb8a97..f951dad611 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -80,8 +80,8 @@ rend_client_send_establish_rendezvous(origin_circuit_t *circ) /** Extend the introduction circuit <b>circ</b> to another valid * introduction point for the hidden service it is trying to connect * to, or mark it and launch a new circuit if we can't extend it. - * Return 0 on success. Return -1 and mark the introduction - * circuit on failure. + * Return 0 on success or possible success. Return -1 and mark the + * introduction circuit for close on permanent failure. * * On failure, the caller is responsible for marking the associated * rendezvous circuit for close. */ @@ -106,17 +106,11 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ) result = circuit_extend_to_new_exit(circ, extend_info); } else { log_info(LD_REND, - "Building a new introduction circuit, this time to %s.", - safe_str_client(extend_info_describe(extend_info))); + "Closing intro circ %d (out of RELAY_EARLY cells).", + circ->_base.n_circ_id); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED); - if (!circuit_launch_by_extend_info(CIRCUIT_PURPOSE_C_INTRODUCING, - extend_info, - CIRCLAUNCH_IS_INTERNAL)) { - log_warn(LD_REND, "Building introduction circuit failed."); - result = -1; - } else { - result = 0; - } + /* connection_ap_handshake_attach_circuit will launch a new intro circ. */ + result = 0; } extend_info_free(extend_info); return result; @@ -958,8 +952,13 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry, int rend_client_any_intro_points_usable(const rend_cache_entry_t *entry) { - return rend_client_get_random_intro_impl( - entry, get_options()->StrictNodes, 0) != NULL; + extend_info_t *extend_info = + rend_client_get_random_intro_impl(entry, get_options()->StrictNodes, 0); + + int rv = (extend_info != NULL); + + extend_info_free(extend_info); + return rv; } /** Client-side authorizations for hidden services; map of onion address to diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 8a0171170c..25695c5e68 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -171,14 +171,17 @@ rend_add_service(rend_service_t *service) if (service->auth_type != REND_NO_AUTH && smartlist_len(service->clients) == 0) { - log_warn(LD_CONFIG, "Hidden service with client authorization but no " - "clients; ignoring."); + log_warn(LD_CONFIG, "Hidden service (%s) with client authorization but no " + "clients; ignoring.", + esc_for_log(service->directory)); rend_service_free(service); return; } if (!smartlist_len(service->ports)) { - log_warn(LD_CONFIG, "Hidden service with no ports configured; ignoring."); + log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured; " + "ignoring.", + esc_for_log(service->directory)); rend_service_free(service); } else { int dupe = 0; @@ -409,7 +412,7 @@ rend_config_services(or_options_t *options, int validate_only) if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) { log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an " "illegal client name: '%s'. Valid " - "characters are [A-Za-z0-9+-_].", + "characters are [A-Za-z0-9+_-].", client_name); SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp)); smartlist_free(clients); @@ -956,6 +959,29 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, "PK-encrypted portion of INTRODUCE2 cell was truncated."); return -1; } + + if (!service->accepted_intros) + service->accepted_intros = digestmap_new(); + + { + char pkpart_digest[DIGEST_LEN]; + /* Check for replay of PK-encrypted portion. It is slightly naughty to + use the same digestmap to check for this and for g^x replays, but + collisions are tremendously unlikely. + */ + crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen); + access_time = digestmap_get(service->accepted_intros, pkpart_digest); + if (access_time != NULL) { + log_warn(LD_REND, "Possible replay detected! We received an " + "INTRODUCE2 cell with same PK-encrypted part %d seconds ago. " + "Dropping cell.", (int)(now-*access_time)); + return -1; + } + access_time = tor_malloc(sizeof(time_t)); + *access_time = now; + digestmap_set(service->accepted_intros, pkpart_digest, access_time); + } + /* Next N bytes is encrypted with service key */ note_crypto_pk_op(REND_SERVER); r = crypto_pk_private_hybrid_decrypt( @@ -996,7 +1022,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, v3_shift += 4; if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 || (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) { - log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", + /* This is far more likely to mean that a client's clock is + * skewed than that a replay attack is in progress. */ + log_info(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", (now - ts) < 0 ? "old" : "new"); return -1; } @@ -1098,12 +1126,16 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, /* Check whether there is a past request with the same Diffie-Hellman, * part 1. */ - if (!service->accepted_intros) - service->accepted_intros = digestmap_new(); - access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash); if (access_time != NULL) { - log_warn(LD_REND, "Possible replay detected! We received an " + /* A Tor client will send a new INTRODUCE1 cell with the same rend + * cookie and DH public key as its previous one if its intro circ + * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT . + * If we received the first INTRODUCE1 cell (the intro-point relay + * converts it into an INTRODUCE2 cell), we are already trying to + * connect to that rend point (and may have already succeeded); + * drop this cell. */ + log_info(LD_REND, "We received an " "INTRODUCE2 cell with same first part of " "Diffie-Hellman handshake %d seconds ago. Dropping " "cell.", @@ -1392,7 +1424,20 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) log_info(LD_CIRC|LD_REND, "We have just finished an introduction " "circuit, but we already have enough. Redefining purpose to " "general; leaving as internal."); + TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL; + + { + rend_data_t *rend_data = circuit->rend_data; + circuit->rend_data = NULL; + rend_data_free(rend_data); + } + { + crypto_pk_env_t *intro_key = circuit->intro_key; + circuit->intro_key = NULL; + crypto_free_pk_env(intro_key); + } + circuit_has_opened(circuit); return; } diff --git a/src/or/rephist.c b/src/or/rephist.c index 24447004ef..1dd3d94fd0 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -445,7 +445,7 @@ rep_hist_downrate_old_runs(time_t now) alpha *= STABILITY_ALPHA; } - log_info(LD_HIST, "Discounting all old stability info by a factor of %lf", + log_info(LD_HIST, "Discounting all old stability info by a factor of %f", alpha); /* Multiply every w_r_l, t_r_w pair by alpha. */ @@ -893,7 +893,7 @@ rep_hist_format_router_status(or_history_t *hist, time_t now) " weighted-uptime %lu\n" "mtbf %0.1lf\n" " weighted-run-length %lu\n" - " total-run-weights %lf\n", + " total-run-weights %f\n", up?"uptime-started ":"", up?sor_buf:"", up?" UTC\n":"", down?"downtime-started ":"", down?sod_buf:"", down?" UTC\n":"", wfu, diff --git a/src/or/router.c b/src/or/router.c index 2165e6ea90..365e888af9 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -526,7 +526,7 @@ init_keys(void) if (tor_tls_context_init(0, get_tlsclient_identity_key(), NULL, - MAX_SSL_KEY_LIFETIME) < 0) { + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_err(LD_GENERAL,"Error creating TLS context for Tor client."); return -1; } @@ -622,7 +622,7 @@ init_keys(void) if (tor_tls_context_init(public_server_mode(options), get_tlsclient_identity_key(), get_server_identity_key(), - MAX_SSL_KEY_LIFETIME) < 0) { + MAX_SSL_KEY_LIFETIME_ADVERTISED) < 0) { log_err(LD_GENERAL,"Error initializing TLS context"); return -1; } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 47a57a872d..f8df089a8f 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1815,7 +1815,7 @@ smartlist_choose_by_bandwidth_weights(smartlist_t *sl, sl_last_total_weighted_bw = weighted_bw; log_debug(LD_CIRC, "Choosing node for rule %s based on weights " - "Wg=%lf Wm=%lf We=%lf Wd=%lf with total bw %lf", + "Wg=%f Wm=%f We=%f Wd=%f with total bw %f", bandwidth_weight_rule_to_string(rule), Wg, Wm, We, Wd, weighted_bw); @@ -1824,7 +1824,7 @@ smartlist_choose_by_bandwidth_weights(smartlist_t *sl, /* Don't warn when using bridges/relays not in the consensus */ if (!have_unknown) log_warn(LD_CIRC, - "Weighted bandwidth is %lf in node selection for rule %s", + "Weighted bandwidth is %f in node selection for rule %s", weighted_bw, bandwidth_weight_rule_to_string(rule)); tor_free(bandwidths); return smartlist_choose(sl); @@ -1849,7 +1849,7 @@ smartlist_choose_by_bandwidth_weights(smartlist_t *sl, --i; log_warn(LD_BUG, "Round-off error in computing bandwidth had an effect on " " which router we chose. Please tell the developers. " - "%lf " U64_FORMAT " %lf", tmp, U64_PRINTF_ARG(rand_bw), + "%f " U64_FORMAT " %f", tmp, U64_PRINTF_ARG(rand_bw), weighted_bw); } tor_free(bandwidths); @@ -2074,10 +2074,10 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, bandwidth_weight_rule_t rule, log_debug(LD_CIRC, "Total weighted bw = "U64_FORMAT ", exit bw = "U64_FORMAT - ", nonexit bw = "U64_FORMAT", exit weight = %lf " + ", nonexit bw = "U64_FORMAT", exit weight = %f " "(for exit == %d)" ", guard bw = "U64_FORMAT - ", nonguard bw = "U64_FORMAT", guard weight = %lf " + ", nonguard bw = "U64_FORMAT", guard weight = %f " "(for guard == %d)", U64_PRINTF_ARG(total_bw), U64_PRINTF_ARG(total_exit_bw), U64_PRINTF_ARG(total_nonexit_bw), diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 42dbcacb51..322a2b5713 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -572,7 +572,6 @@ static int check_signature_token(const char *digest, int flags, const char *doctype); static crypto_pk_env_t *find_dir_signing_key(const char *str, const char *eos); -static int tor_version_same_series(tor_version_t *a, tor_version_t *b); #undef DEBUG_AREA_ALLOC @@ -2419,40 +2418,40 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // We use > 1 as the check for these because they are computed as integers. // Sometimes there are rounding errors. if (fabs(Wmm - weight_scale) > 1) { - log_warn(LD_BUG, "Wmm=%lf != "I64_FORMAT, + log_warn(LD_BUG, "Wmm=%f != "I64_FORMAT, Wmm, I64_PRINTF_ARG(weight_scale)); valid = 0; } if (fabs(Wem - Wee) > 1) { - log_warn(LD_BUG, "Wem=%lf != Wee=%lf", Wem, Wee); + log_warn(LD_BUG, "Wem=%f != Wee=%f", Wem, Wee); valid = 0; } if (fabs(Wgm - Wgg) > 1) { - log_warn(LD_BUG, "Wgm=%lf != Wgg=%lf", Wgm, Wgg); + log_warn(LD_BUG, "Wgm=%f != Wgg=%f", Wgm, Wgg); valid = 0; } if (fabs(Weg - Wed) > 1) { - log_warn(LD_BUG, "Wed=%lf != Weg=%lf", Wed, Weg); + log_warn(LD_BUG, "Wed=%f != Weg=%f", Wed, Weg); valid = 0; } if (fabs(Wgg + Wmg - weight_scale) > 0.001*weight_scale) { - log_warn(LD_BUG, "Wgg=%lf != "I64_FORMAT" - Wmg=%lf", Wgg, + log_warn(LD_BUG, "Wgg=%f != "I64_FORMAT" - Wmg=%f", Wgg, I64_PRINTF_ARG(weight_scale), Wmg); valid = 0; } if (fabs(Wee + Wme - weight_scale) > 0.001*weight_scale) { - log_warn(LD_BUG, "Wee=%lf != "I64_FORMAT" - Wme=%lf", Wee, + log_warn(LD_BUG, "Wee=%f != "I64_FORMAT" - Wme=%f", Wee, I64_PRINTF_ARG(weight_scale), Wme); valid = 0; } if (fabs(Wgd + Wmd + Wed - weight_scale) > 0.001*weight_scale) { - log_warn(LD_BUG, "Wgd=%lf + Wmd=%lf + Wed=%lf != "I64_FORMAT, + log_warn(LD_BUG, "Wgd=%f + Wmd=%f + Wed=%f != "I64_FORMAT, Wgd, Wmd, Wed, I64_PRINTF_ARG(weight_scale)); valid = 0; } @@ -2507,10 +2506,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) casename = "Case 1"; if (fabs(Etotal-Mtotal) > 0.01*MAX(Etotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Mtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Mtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Mtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2519,10 +2518,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2531,10 +2530,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } if (fabs(Gtotal-Mtotal) > 0.01*MAX(Gtotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Mtotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Mtotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Mtotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2563,10 +2562,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // Rtotal < Stotal if (Rtotal > Stotal) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Rtotal %lf > Stotal %lf. " + "Bw Weight Failure for %s: Rtotal %f > Stotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Rtotal, Stotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2576,10 +2575,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // Rtotal < T/3 if (3*Rtotal > T) { log_warn(LD_DIR, - "Bw Weight Failure for %s: 3*Rtotal %lf > T " + "Bw Weight Failure for %s: 3*Rtotal %f > T " I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT " D="I64_FORMAT" T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Rtotal*3, I64_PRINTF_ARG(T), I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2589,10 +2588,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // Stotal < T/3 if (3*Stotal > T) { log_warn(LD_DIR, - "Bw Weight Failure for %s: 3*Stotal %lf > T " + "Bw Weight Failure for %s: 3*Stotal %f > T " I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT " D="I64_FORMAT" T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Stotal*3, I64_PRINTF_ARG(T), I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2602,11 +2601,11 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // Mtotal > T/3 if (3*Mtotal < T) { log_warn(LD_DIR, - "Bw Weight Failure for %s: 3*Mtotal %lf < T " + "Bw Weight Failure for %s: 3*Mtotal %f < T " I64_FORMAT". " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Mtotal*3, I64_PRINTF_ARG(T), I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2621,10 +2620,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) casename = "Case 2b (balanced)"; if (fabs(Etotal-Mtotal) > 0.01*MAX(Etotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Mtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Mtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Mtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2633,10 +2632,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2645,10 +2644,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } if (fabs(Gtotal-Mtotal) > 0.01*MAX(Gtotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Mtotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Mtotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Mtotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2658,10 +2657,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } else { if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2688,10 +2687,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // Stotal < T/3 if (3*Stotal > T) { log_warn(LD_DIR, - "Bw Weight Failure for %s: 3*Stotal %lf > T " + "Bw Weight Failure for %s: 3*Stotal %f > T " I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT " D="I64_FORMAT" T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Stotal*3, I64_PRINTF_ARG(T), I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2701,10 +2700,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) if (NS >= M) { if (fabs(NStotal-Mtotal) > 0.01*MAX(NStotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: NStotal %lf != Mtotal %lf. " + "Bw Weight Failure for %s: NStotal %f != Mtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, NStotal, Mtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2715,10 +2714,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) // if NS < M, NStotal > T/3 because only one of G or E is scarce if (3*NStotal < T) { log_warn(LD_DIR, - "Bw Weight Failure for %s: 3*NStotal %lf < T " + "Bw Weight Failure for %s: 3*NStotal %f < T " I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT " E="I64_FORMAT" D="I64_FORMAT" T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, NStotal*3, I64_PRINTF_ARG(T), I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2730,10 +2729,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) casename = "Case 3b"; if (fabs(Etotal-Mtotal) > 0.01*MAX(Etotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Mtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Mtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Mtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2742,10 +2741,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Etotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Etotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -2754,10 +2753,10 @@ networkstatus_verify_bw_weights(networkstatus_t *ns) } if (fabs(Gtotal-Mtotal) > 0.01*MAX(Gtotal,Mtotal)) { log_warn(LD_DIR, - "Bw Weight Failure for %s: Mtotal %lf != Gtotal %lf. " + "Bw Weight Failure for %s: Mtotal %f != Gtotal %f. " "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT " T="I64_FORMAT". " - "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf", + "Wgg=%f Wgd=%f Wmg=%f Wme=%f Wmd=%f Wee=%f Wed=%f", casename, Mtotal, Gtotal, I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E), I64_PRINTF_ARG(D), I64_PRINTF_ARG(T), @@ -4556,7 +4555,7 @@ tor_version_compare(tor_version_t *a, tor_version_t *b) /** Return true iff versions <b>a</b> and <b>b</b> belong to the same series. */ -static int +int tor_version_same_series(tor_version_t *a, tor_version_t *b) { tor_assert(a); @@ -4875,6 +4874,11 @@ rend_decrypt_introduction_points(char **ipos_decrypted, crypto_cipher_env_t *cipher; char *dec; int declen; + if (ipos_encrypted_size < CIPHER_IV_LEN + 2) { + log_warn(LD_REND, "Size of encrypted introduction points is too " + "small."); + return -1; + } dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1); cipher = crypto_create_init_cipher(descriptor_cookie, 0); declen = crypto_cipher_decrypt_with_iv(cipher, dec, diff --git a/src/or/routerparse.h b/src/or/routerparse.h index 8b8cde25f6..527de5dc8b 100644 --- a/src/or/routerparse.h +++ b/src/or/routerparse.h @@ -47,6 +47,7 @@ version_status_t tor_version_is_obsolete(const char *myversion, int tor_version_parse(const char *s, tor_version_t *out); int tor_version_as_new_as(const char *platform, const char *cutoff); int tor_version_compare(tor_version_t *a, tor_version_t *b); +int tor_version_same_series(tor_version_t *a, tor_version_t *b); void sort_version_list(smartlist_t *lst, int remove_duplicates); void assert_addr_policy_ok(smartlist_t *t); void dump_distinct_digest_count(int severity); |