summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-02-03Bump version to 0.3.0.3-alphaNick Mathewson
2017-02-03Start on an 0.3.0.3-alpha changelogNick Mathewson
2017-02-03Merge branch 'bug21372_squashed'Nick Mathewson
2017-02-03Prevention: never die from extend_info_from_node() failure.Nick Mathewson
Bug 21242 occurred because we asserted that extend_info_from_node() had succeeded...even though we already had the code to handle such a failure. We fixed that in 93b39c51629ed0ded2bf807cb6. But there were four other cases in our code where we called extend_info_from_node() and either tor_assert()ed that it returned non-NULL, or [in one case] silently assumed that it returned non-NULL. That's not such a great idea. This patch makes those cases check for a bug of this kind instead. Fixes bug 21372; bugfix on 0.2.3.1-alpha when extend_info_from_node() was introduced.
2017-02-03further lintchanges fixesNick Mathewson
2017-02-03Merge branch 'dgoulet/bug21302_030_01_squashed'Nick Mathewson
2017-02-03hs: Remove intro point expiring node if no circuitDavid Goulet
Once a second, we go over all services and consider the validity of the intro points. Now, also try to remove expiring nodes that have no more circuit associated to them. This is possible if we moved an intro point object previously to that list and the circuit actually timed out or was closed by the introduction point itself. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03hs: Fix an underflow in rend_service_intro_has_opened()David Goulet
In rend_service_intro_has_opened(), this is subject to a possible underflow because of how the if() casts the results. In the case where the expiring nodes list length is bigger than the number of IP circuits, we end up in the following situation where the result will be cast to an unsigned int. For instance, "5 - 6" is actually a BIG number. Ultimately leading to closing IP circuits in a non stop loop. Partially fixes #21302. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03Merge remote-tracking branch 'dgoulet/bug20980_030_01'Nick Mathewson
2017-02-03Use the standard OpenBSD preprocessor definitioncypherpunks
2017-02-03Fix all warnings from lintchangesNick Mathewson
2017-02-02dirauth: Fix for calling routers unreachable for wrong ed25519Nick Mathewson
Previously the dirserv_orconn_tls_done() function would skip routers when they advertised an ed25519 key but didn't present it during the link handshake. But that covers all versions between 0.2.7.2-alpha and 0.2.9.x inclusive! Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02In dirserv_single_reachability_test, node can be const.Nick Mathewson
2017-02-02Merge remote-tracking branch 'dgoulet/bug21294_030_02'Nick Mathewson
2017-02-02test: Fix test after log message changed in #21294David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02Merge remote-tracking branch 'public/bug21356_029'Nick Mathewson
2017-02-02Merge branch 'bug21294_030_01_squashed'Nick Mathewson
2017-02-02config: Stop recommending Tor2web if in non anonymous modeDavid Goulet
Because we don't allow client functionalities in non anonymous mode, recommending Tor2web is a bad idea. If a user wants to use Tor2web as a client (losing all anonymity), it should run a second tor, not use it with a single onion service tor. Fixes #21294. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02Merge remote-tracking branch 'ahf/ahf/bugs/21266'Nick Mathewson
2017-02-01Merge remote-tracking branch 'asn/bug21052'Nick Mathewson
2017-02-01Add checks for expected log messages in test_hs_intropoint.Alexander Færøy
This patch adds checks for expected log messages for failure cases of different ill-formed ESTABLISH_INTRO cell's. See: https://bugs.torproject.org/21266
2017-02-01hs: Fix possible integer underflow with IP nodesDavid Goulet
In rend_consider_services_intro_points(), we had a possible interger underflow which could lead to creating a very large number of intro points. We had a safe guard against that *except* if the expiring_nodes list was not empty which is realistic thing. This commit removes the check on the expiring nodes length being zero. It's not because we have an empty list of expiring nodes that we don't want to open new IPs. Prior to this check, we remove invalid IP nodes from the main list of a service so it should be the only thing to look at when deciding if we need to create new IP(s) or not. Partially fixes #21302. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01Fix a memory-leak in fuzz_vrs.cNick Mathewson
2017-02-01Merge remote-tracking branch 'dgoulet/bug21290_030_01'Nick Mathewson
2017-02-01Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-01Rework 21359 changes file slightly.Nick Mathewson
2017-02-01Support LibreSSL with opaque structuresrubiate
Determining if OpenSSL structures are opaque now uses an autoconf check instead of comparing the version number. Some definitions have been moved to their own check as assumptions which were true for OpenSSL with opaque structures did not hold for LibreSSL. Closes ticket 21359.
2017-02-01Rename --enable-expensive-hardening configure optionDavid Goulet
It is renamed to --enable-fragile-hardening. TROVE-2017-001 was triggerable only through the expensive hardening which is making the tor daemon abort when the issue is detected. Thus, it makes tor more at risk of remote crashes but safer against RCE or heartbleed bug category. Fixes #21290. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01Merge branch 'teor_bug21357-v2_029'Nick Mathewson
2017-02-01Changes file for 21357: Stop rejecting all IPv6 traffic on some Exitsteor
This issue was triggered by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6 address. Bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
2017-02-01Scale IPv6 address counts in policy_summary_reject to avoid overflowteor
This disregards anything smaller than an IPv6 /64, and rejects ports that are rejected on an IPv6 /16 or larger. Adjust existing unit tests, and add more to cover exceptional cases. No IPv4 behaviour changes. Fixes bug 21357
2017-02-01Fix IPv6 support in policy_summary_reject and policy_summary_acceptteor
This interim fix results in too many IPv6 rejections. No behaviour change for IPv4 counts, except for overflow fixes that would require 4 billion redundant 0.0.0.0/0 policy entries to trigger. Part of 21357
2017-02-01Refactor policy_summary_reject to prepare for IPv6 changesteor
No behaviour change, apart from non-fatal assertions Part of 21357
2017-02-01Add unit tests for IPv6 address summaries and IPv4 netblock rejectionteor
These tests currently fail due to bug 21357
2017-02-01Fix write_short_policy usage commentteor
2017-02-01fix a wide lineNick Mathewson
2017-02-01Merge branch 'bug21150_030_01_squashed'Nick Mathewson
2017-02-01Use an internal variable for HiddenServiceStatisticsDavid Goulet
Stop modifying the value of our torrc option HiddenServiceStatistics just because we're not a bridge or relay. This bug was causing Tor Browser users to write "HiddenServiceStatistics 0" in their torrc files as if they had chosen to change the config. Fixes #21150 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01Merge branch 'bug21242'Nick Mathewson
2017-02-01Merge remote-tracking branch 'public/bug21129'Nick Mathewson
2017-02-01Merge remote-tracking branch 'public/bug21128'Nick Mathewson
2017-01-31Merge branch 'bug21108_029'Nick Mathewson
2017-01-31be explicit in clear_status_flags_on_sybil that we leave BadExit aloneRoger Dingledine
2017-01-31When marking guard state instances on a channel, don't mark NULLNick Mathewson
It's okay for guard_state to be null: we might have a fallback circuit, or we might not be using guards. Fixes bug 211228; bugfix on 0.3.0.1-alpha
2017-01-31Don't try to use confirmed_idx in remove_guard_from_...lists()Nick Mathewson
Since we can call this function more than once before we update all the confirmed_idx fields, we can't rely on all the relays having an accurate confirmed_idx. Fixes bug 21129; bugfix on 0.3.0.1-alpha
2017-01-31Do not clear is_bad_exit on sybil.Nick Mathewson
But do clear is_v2_dir. Fixes bug 21108 -- bugfix on d95e7c7d67134b9b964d49cf8c2bdbf805a in 0.2.0.13-alpha.
2017-01-31Call monotime_init() earlier.Nick Mathewson
We need to call it before nt_service_parse_options(), since nt_service_parse_options() can call back into nt_service_main(), which calls do_main_loop(). Fixes bug 21356; bugfix on 0.2.9.1-alpha.
2017-01-31changes file for bug21242Nick Mathewson
2017-01-31Don't build circuits till primary guards have descriptorsNick Mathewson
In addition to not wanting to build circuits until we can see most of the paths in the network, and in addition to not wanting to build circuits until we have a consensus ... we shouldn't build circuits till all of our (in-use) primary guards have descriptors that we can use for them. This is another bug 21242 fix.
2017-01-31Don't (usually) return any guards that are missing descriptors.Nick Mathewson
Actually, it's _fine_ to use a descriptorless guard for fetching directory info -- we just shouldn't use it when building circuits. Fortunately, we already have a "usage" flag that we can use here. Partial fix for bug 21242.