| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Stop logging "Tried to establish rendezvous on non-OR circuit..." as
a warning. Instead, log it as a protocol warning, because there is
nothing that relay operators can do to fix it.
Fixes bug 29029; bugfix on 0.2.5.7-rc.
|
|
|
|
|
|
|
|
|
|
In theory it would be better to detect this bug in advance, but this
approach is much simpler, and therefore safer to backport.
This closes tor issue 28973.
|
|
|
|
|
|
|
|
Merge Phoul's two lists into teor's list.
Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
January 2018 (of which ~115 were still functional), with a list of
157 fallbacks (92 new, 65 existing, 85 removed) generated in
December 2018.
Closes ticket 24803.
|
|
Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
January 2018 (of which ~115 were still functional), with a list of
148 fallbacks (89 new, 59 existing, 91 removed) generated in
December 2018.
Closes ticket 24803.
|
|
|
|
|
|
Bug reported on tor-dev@ and here is the detail explanation of the issue:
https://lists.torproject.org/pipermail/tor-dev/2018-November/013558.html
Fixes bug #28619
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
test_entry_guard_outdated_dirserver_exclusion leaks memory, and is
missing some unmocks.
Fixes 28554; bugfix on 0.3.0.1-alpha.
|
|
|
|
|
|
Resolved conflicts with the 26269 fix in 015fcd0e1191aa6f.
|
|
|
|
|
|
|
|
Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.
Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
|
|
|
|
|
|
|
|
Failing to do on clients was causing TLS 1.3 negotiation to fail.
Fixes bug 28245; bugfix on 0.2.9.15, when we added TLS 1.3 support.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remember, you can't check to see if there are N bytes left in a
buffer by doing (buf + N < end), since the buf + N computation might
take you off the end of the buffer and result in undefined behavior.
Fixes 28202; bugfix on 0.2.0.3-alpha.
|
|
|
|
Treat backtrace test failures as expected on NetBSD, OpenBSD, and
macOS/Darwin, until we solve bug 17808.
(FreeBSD failures have been treated as expected since 18204 in 0.2.8.)
Fixes bug 27948; bugfix on 0.2.5.2-alpha.
|
|
Occasionally, key pinning doesn't catch a relay that shares an ed25519
ID with another relay. Log the identity fingerprints and the shared
ed25519 ID when this happens, instead of making a BUG() warning.
Fixes bug 27800; bugfix on 0.3.2.1-alpha.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.
If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.
In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.
Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.
Fixes #27550
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
The result of CString::into_raw() is not safe to free
with free() except under finicky and fragile circumstances
that we definitely don't meet right now.
This was missed in be583a34a3815c2c10e86094ab0610e4b7f9c869.
|
|
Fortunately with the current callers it couldn't happen in practice.
Fix on d1820c1516a31a149fc51a9e5126bf899e4c4e08.
|
|
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.
This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.
It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().
Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).
Fixees #27410.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
