summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/circuitlist.c1
-rw-r--r--src/or/config.c7
-rw-r--r--src/or/dirserv.c56
-rw-r--r--src/or/main.c10
-rw-r--r--src/or/nodelist.c8
-rw-r--r--src/or/ntmain.c1
-rw-r--r--src/or/relay.c11
-rw-r--r--src/or/rendservice.c4
8 files changed, 81 insertions, 17 deletions
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 2b3c4169cb..977afca18d 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1941,6 +1941,7 @@ single_conn_free_bytes(connection_t *conn)
if (conn->outbuf) {
result += buf_allocation(conn->outbuf);
buf_clear(conn->outbuf);
+ conn->outbuf_flushlen = 0;
}
if (conn->type == CONN_TYPE_DIR) {
dir_connection_t *dir_conn = TO_DIR_CONN(conn);
diff --git a/src/or/config.c b/src/or/config.c
index 3693cdf83c..1aeff462ed 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -974,8 +974,10 @@ static const char *default_authorities[] = {
"154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
"longclaw orport=443 "
"v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
- "ipv6=[2620:13:4000:8000:60:f3ff:fea1:7cff]:443 "
- "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
+ "199.58.81.140:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
+ "bastet orport=443 "
+ "v3ident=27102BC123E7AF1D4741AE047E160C91ADC76B21 "
+ "204.13.164.118:80 24E2 F139 121D 4394 C54B 5BCC 368B 3B41 1857 C413",
NULL
};
@@ -4454,6 +4456,7 @@ options_transition_affects_workers(const or_options_t *old_options,
new_options->ServerDNSSearchDomains ||
old_options->SafeLogging_ != new_options->SafeLogging_ ||
old_options->ClientOnly != new_options->ClientOnly ||
+ server_mode(old_options) != server_mode(new_options) ||
public_server_mode(old_options) != public_server_mode(new_options) ||
!config_lines_eq(old_options->Logs, new_options->Logs) ||
old_options->LogMessageDomains != new_options->LogMessageDomains)
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 72441081c4..da34c196f4 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -658,8 +658,8 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
control_event_or_authdir_new_descriptor("REJECTED",
ri->cache_info.signed_descriptor_body,
desclen, *msg);
- routerinfo_free(ri);
- return ROUTER_AUTHDIR_REJECTS;
+ r = ROUTER_AUTHDIR_REJECTS;
+ goto fail;
}
/* Check whether this descriptor is semantically identical to the last one
@@ -679,8 +679,8 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
control_event_or_authdir_new_descriptor("DROPPED",
ri->cache_info.signed_descriptor_body,
desclen, *msg);
- routerinfo_free(ri);
- return ROUTER_IS_ALREADY_KNOWN;
+ r = ROUTER_IS_ALREADY_KNOWN;
+ goto fail;
}
/* Do keypinning again ... this time, to add the pin if appropriate */
@@ -703,8 +703,8 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
"its key did not match an older RSA/Ed25519 keypair",
router_describe(ri), source);
*msg = "Looks like your keypair does not match its older value.";
- routerinfo_free(ri);
- return ROUTER_AUTHDIR_REJECTS;
+ r = ROUTER_AUTHDIR_REJECTS;
+ goto fail;
}
/* Make a copy of desc, since router_add_to_routerlist might free
@@ -742,6 +742,20 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
tor_free(desc);
tor_free(nickname);
return r;
+ fail:
+ {
+ const char *desc_digest = ri->cache_info.signed_descriptor_digest;
+ download_status_t *dls =
+ router_get_dl_status_by_descriptor_digest(desc_digest);
+ if (dls) {
+ log_info(LD_GENERAL, "Marking router with descriptor %s as rejected, "
+ "and therefore undownloadable",
+ hex_str(desc_digest, DIGEST_LEN));
+ download_status_mark_impossible(dls);
+ }
+ routerinfo_free(ri);
+ }
+ return r;
}
/** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
@@ -750,6 +764,7 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
{
routerinfo_t *ri;
int r;
+ was_router_added_t rv;
tor_assert(msg);
*msg = NULL;
@@ -758,8 +773,8 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
ri = router_get_mutable_by_digest(ei->cache_info.identity_digest);
if (!ri) {
*msg = "No corresponding router descriptor for extra-info descriptor";
- extrainfo_free(ei);
- return ROUTER_BAD_EI;
+ rv = ROUTER_BAD_EI;
+ goto fail;
}
/* If it's too big, refuse it now. Otherwise we'll cache it all over the
@@ -771,17 +786,34 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
(int)ei->cache_info.signed_descriptor_len,
MAX_EXTRAINFO_UPLOAD_SIZE);
*msg = "Extrainfo document was too large";
- extrainfo_free(ei);
- return ROUTER_BAD_EI;
+ rv = ROUTER_BAD_EI;
+ goto fail;
}
if ((r = routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei,
&ri->cache_info, msg))) {
- extrainfo_free(ei);
- return r < 0 ? ROUTER_IS_ALREADY_KNOWN : ROUTER_BAD_EI;
+ if (r<0) {
+ extrainfo_free(ei);
+ return ROUTER_IS_ALREADY_KNOWN;
+ }
+ rv = ROUTER_BAD_EI;
+ goto fail;
}
router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
return ROUTER_ADDED_SUCCESSFULLY;
+ fail:
+ {
+ const char *d = ei->cache_info.signed_descriptor_digest;
+ signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d);
+ if (sd) {
+ log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
+ "rejected, and therefore undownloadable",
+ hex_str((char*)d,DIGEST_LEN));
+ download_status_mark_impossible(&sd->ei_dl_status);
+ }
+ extrainfo_free(ei);
+ }
+ return rv;
}
/** Remove all descriptors whose nicknames or fingerprints no longer
diff --git a/src/or/main.c b/src/or/main.c
index 66a8571901..187b255bfb 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3426,6 +3426,11 @@ tor_main(int argc, char *argv[])
int result = 0;
#ifdef _WIN32
+#ifndef HeapEnableTerminationOnCorruption
+#define HeapEnableTerminationOnCorruption 1
+#endif
+ /* On heap corruption, just give up; don't try to play along. */
+ HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
/* Call SetProcessDEPPolicy to permanently enable DEP.
The function will not resolve on earlier versions of Windows,
and failure is not dangerous. */
@@ -3434,7 +3439,10 @@ tor_main(int argc, char *argv[])
typedef BOOL (WINAPI *PSETDEP)(DWORD);
PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
"SetProcessDEPPolicy");
- if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
+ if (setdeppolicy) {
+ /* PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */
+ setdeppolicy(3);
+ }
}
#endif
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 070e2e9e0d..0e9a651818 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -1031,6 +1031,14 @@ node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
node_assert_ok(node);
tor_assert(ap_out);
+ /* Clear the address, as a safety precaution if calling functions ignore the
+ * return value */
+ tor_addr_make_null(&ap_out->addr, AF_INET);
+ ap_out->port = 0;
+
+ /* Check ri first, because rewrite_node_address_for_bridge() updates
+ * node->ri with the configured bridge address. */
+
RETURN_IPV4_AP(node->ri, or_port, ap_out);
RETURN_IPV4_AP(node->rs, or_port, ap_out);
/* Microdescriptors only have an IPv6 address */
diff --git a/src/or/ntmain.c b/src/or/ntmain.c
index 4c65805b32..0e6f296d24 100644
--- a/src/or/ntmain.c
+++ b/src/or/ntmain.c
@@ -293,6 +293,7 @@ nt_service_body(int argc, char **argv)
* event loop */
service_status.dwCurrentState = SERVICE_RUNNING;
service_fns.SetServiceStatus_fn(hStatus, &service_status);
+ set_main_thread();
do_main_loop();
tor_cleanup();
}
diff --git a/src/or/relay.c b/src/or/relay.c
index 882877ade3..e7f99fda08 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -383,6 +383,11 @@ circuit_package_relay_cell(cell_t *cell, circuit_t *circ,
{
channel_t *chan; /* where to send the cell */
+ if (circ->marked_for_close) {
+ /* Circuit is marked; send nothing. */
+ return 0;
+ }
+
if (cell_direction == CELL_DIRECTION_OUT) {
crypt_path_t *thishop; /* counter for repeated crypts */
chan = circ->n_chan;
@@ -696,6 +701,12 @@ connection_edge_send_command(edge_connection_t *fromconn,
return -1;
}
+ if (circ->marked_for_close) {
+ /* The circuit has been marked, but not freed yet. When it's freed, it
+ * will mark this connection for close. */
+ return -1;
+ }
+
return relay_send_command_from_edge(fromconn->stream_id, circ,
relay_command, payload,
payload_len, cpath_layer);
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 4d04da02aa..9c9b50445a 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3265,6 +3265,8 @@ rend_service_intro_established(origin_circuit_t *circuit,
(unsigned)circuit->base_.n_circ_id);
goto err;
}
+ base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
+ circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
/* We've just successfully established a intro circuit to one of our
* introduction point, account for it. */
intro = find_intro_point(circuit);
@@ -3281,8 +3283,6 @@ rend_service_intro_established(origin_circuit_t *circuit,
service->desc_is_dirty = time(NULL);
circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
- circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
log_info(LD_REND,
"Received INTRO_ESTABLISHED cell on circuit %u for service %s",
(unsigned)circuit->base_.n_circ_id, serviceid);
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion