aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-03-01version bump to 0.2.9.15Nick Mathewson
2018-03-01Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-03-01Protover tests: disable some obsoleted testsNick Mathewson
These were meant to demonstrate old behavior, or old rust behavior. One of them _should_ work in Rust, but won't because of implementation details. We'll fix that up later.
2018-03-01Spec conformance on protover: always reject ranges where lo>hiNick Mathewson
2018-03-01Forbid UINT32_MAX as a protocol versionNick Mathewson
The C code and the rust code had different separate integer overflow bugs here. That suggests that we're better off just forbidding this pathological case. Also, add tests for expected behavior on receiving a bad protocol list in a consensus. Fixes another part of 25249.
2018-03-01Forbid "-0" as a protocol version.Nick Mathewson
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
2018-03-01Add more of Teor's protover tests.Nick Mathewson
These are as Teor wrote them; I've disabled the ones that don't pass yet, with XXXX comments.
2018-03-01Add some protover vote round-trip tests from Teor.Nick Mathewson
I've refactored these to be a separate function, to avoid tricky merge conflicts. Some of these are disabled with "XXXX" comments; they should get fixed moving forward.
2018-03-01Add another NULL-pointer fix for protover.c.Nick Mathewson
This one can only be exploited if you can generate a correctly signed consensus, so it's not as bad as 25074. Fixes bug 25251; also tracked as TROVE-2018-004.
2018-03-01Correctly handle NULL returns from parse_protocol_list when voting.Nick Mathewson
In some cases we had checked for it, but in others we had not. One of these cases could have been used to remotely cause denial-of-service against directory authorities while they attempted to vote. Fixes TROVE-2018-001.
2018-03-01Document how to allow partial Travis failuresTaylor Yu
Add some commented-out allow_failures clauses to make it easier to temporarily allow less-critical sub-builds to fail while still reporting success.
2018-02-21Update the .gitmodules to refer to project-level tor-rust-dependenciesNick Mathewson
Closes most of #25323.
2018-02-16Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-16Merge remote-tracking branch 'dgoulet/ticket24902_029_05' into maint-0.2.9Nick Mathewson
2018-02-16Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
"ours" merge to avoid conflicts with the cherry-picked fix for 24898.
2018-02-16stop calling channel_mark_client in response to a create_fastRoger Dingledine
since all it does is produce false positives this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even though the code in the previous commit is already present in 0.3.1. sorry for the mess. [Cherry-picked]
2018-02-16stop calling channel_mark_client in response to a create_fastRoger Dingledine
since all it does is produce false positives this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even though the code in the previous commit is already present in 0.3.1. sorry for the mess.
2018-02-16backport to make channel_is_client() accurateRoger Dingledine
This commit takes a piece of commit af8cadf3a9 and a piece of commit 46fe353f25, with the goal of making channel_is_client() be based on what sort of connection handshake the other side used, rather than seeing whether the other side ever sent a create_fast cell to us.
2018-02-13Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-13fix make check-changesTaylor Yu
2018-02-13Make check-changes happyDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13man: Document default values if not in the consensus for DoS mitigationDavid Goulet
Fixes #25236 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13Merge remote-tracking branch 'dgoulet/bug25223_029_01' into ticket24902_029_05David Goulet
2018-02-13dos: Add extra safety asserts in cc_stats_refill_bucket()David Goulet
Never allow the function to set a bucket value above the allowed circuit burst. Closes #25202 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13dos: Don't set consensus param if we aren't a public relayDavid Goulet
We had this safeguard around dos_init() but not when the consensus changes which can modify consensus parameters and possibly enable the DoS mitigation even if tor wasn't a public relay. Fixes #25223 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-13dirserv: Improve returned message when relay is rejectedDavid Goulet
Explicitly inform the operator of the rejected relay to set a valid email address in the ContactInfo field and contact bad-relays@ mailing list. Fixes #25170 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-12Have tor_addr hashes return a randomized hash for AF_UNSPEC.Nick Mathewson
We don't expect this to come up very much, but we may as well make sure that the value isn't predictable (as we do for the other addresses) in case the issue ever comes up. Spotted by teor.
2018-02-12Fix a typo in an address_set.c comment.Nick Mathewson
2018-02-12Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-12Merge branch 'bug23318-redux_029' into maint-0.2.9Nick Mathewson
2018-02-11Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-11Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9Nick Mathewson
2018-02-11Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-11Merge branch 'ticket24315_029' into maint-0.2.9Nick Mathewson
2018-02-11Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-11Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9Nick Mathewson
2018-02-10Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-10Merge branch 'bug24978_029_enable' into maint-0.2.9Nick Mathewson
2018-02-09test: DoS test to make sure we exclude known relaysDavid Goulet
Part of #25193 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-09dos: Exclude known relays from client connection countDavid Goulet
This is to avoid positively identifying Exit relays if tor client connection comes from them that is reentering the network. One thing to note is that this is done only in the DoS subsystem but we'll still add it to the geoip cache as a "client" seen. This is done that way so to avoid as much as possible changing the current behavior of the geoip client cache since this is being backported. Closes #25193 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-08Merge branch 'ticket25183_029_01' into ticket24902_029_05David Goulet
2018-02-08test: Add unit tests for addressset.cDavid Goulet
This also adds one that tests the integration with the nodelist. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-08Add an address_set to the nodelist.Nick Mathewson
This set is rebuilt whenever a consensus arrives. In between consensuses, it is add-only.
2018-02-08Function to add an ipv4 address to an address_setNick Mathewson
This is a convenience function, so callers don't need to wrap the IPv4 address.
2018-02-08Add an address-set backend using a bloom filter.Nick Mathewson
We're going to need this to make our anti-DoS code (see 24902) more robust.
2018-02-08Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-08Merge branch 'maint-0.2.5' into maint-0.2.9Nick Mathewson
2018-02-08Update geoip and geoip6 to the February 7 2018 database.Karsten Loesing
2018-02-06remove a redundant semicolonNick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion