Age | Commit message (Collapse) | Author |
|
|
|
This patch removes the `tor_fgets()` wrapper around `fgets(3)` since it
is no longer needed. The function was created due to inconsistency
between the returned values of `fgets(3)` on different versions of Unix
when using `fgets(3)` on non-blocking file descriptors, but with the
recent changes in bug #21654 we switch from unbuffered to direct I/O on
non-blocking file descriptors in our utility module.
We continue to use `fgets(3)` directly in the geoip and dirserv module
since this usage is considered safe.
This patch also removes the test-case that was created to detect
differences in the implementation of `fgets(3)` as well as the changes
file since these changes was not included in any releases yet.
See: https://bugs.torproject.org/21654
|
|
This patch adds the `tor_fgets()` function to our compatibility layer.
`tor_fgets()` adds an additional check for whether the error-bit have
been enabled for the given file stream, if that is the case and `errno`
is set to `EAGAIN` we make sure that we always return NULL.
Unfortunately `fgets(3)` behaves differently on different versions of
the C library.
See: https://bugs.torproject.org/21416
See: https://bugs.torproject.org/20988
|
|
These seem to have caused warnings on windows. Hmmm.
|
|
|
|
Fixes bug 19901; bugfix on 0.2.9.1-alpha.
|
|
I'm not moving our "format and parse the time" functions, since
those have been pretty volatile over the last couple of years.
|
|
There are a few places where we want to disable a warning: for
example, when it's impossible to call a legacy API without
triggering it, or when it's impossible to include an external header
without triggering it.
This pile of macros uses GCC's c99 _Pragma support, plus the usual
macro trickery, to enable and disable warnings.
|
|
|
|
|
|
|
|
Short version: clang asan hates the glibc strcmp macro in
bits/string2.h if you are passing it a constant string argument of
length two or less. (I could be off by one here, but that's the
basic idea.)
Closes issue 14821.
|
|
|
|
|
|
|
|
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
|
|
This feature allows us to bind low ports when starting as root and
switching UIDs.
Based on code by David Goulet.
Implement feature 8195
|
|
The INLINE keyword is not used anymore in favor of inline.
Windows only supports __inline so an inline preprocessor definition is
still needed.
|
|
This patch was generated using;
sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
|
|
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value. Also have crypto_seed_rng() check
RAND_status() before returning.
|
|
|
|
(even though these are nonblocking calls and EINTR shouldn't be possible).
Also, log what error we're seing if drain_fn fails.
|
|
Closes ticket 16734.
|
|
The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.
This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.
Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.
Fixes #16697
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
|
|
|
|
|
|
Fixes #16288
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
|
|
|
|
Also, fix some whitespace mishaps.
|
|
|
|
There is a bug in the overlap-checking in strlcat that can crash Tor
servers. Fixes bug 15205; this is an OSX bug, not a Tor bug.
|
|
Also, re-enable the #if'd out condition-variable code.
Work queues are going to make us hack on all of this stuff a bit more
closely, so it might not be a terrible idea to make it easier to hack.
|
|
|
|
|
|
Also, improve comments on resolve_my_address to explain what it
actually does.
|
|
This lets us avoid putting operators directly in macro arguments,
and thus will help us unconfuse coccinelle.
For ticket 13172.
|
|
Silence clang warnings under --enable-expensive-hardening, including:
+ implicit truncation of 64 bit values to 32 bit;
+ const char assignment to self;
+ tautological compare; and
+ additional parentheses around equality tests. (gcc uses these to
silence assignment, so clang warns when they're present in an
equality test. But we need to use extra parentheses in macros to
isolate them from other code).
|
|
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code. Right?
|
|
(Windows doesn't have ftruncate, and some ftruncates do not move the
file pointer to the start of the file.)
|
|
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.
This resolves tickets 9495 and 12439. It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
|
|
As far as I know, nobody has used this in ages. It would be a
pretty big surprise if it had worked.
Closes ticket 11446.
|
|
Conflicts:
src/common/include.am
|
|
In the unit tests I want to loop with a delay, but I want less than
a 1 second delay. This, sadly, requires compatibility code.
|
|
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
|
|
Conflicts:
src/or/main.c
|
|
|
|
(If we don't restrict rename, there's not much point in restricting
open, since an attacker could always use rename to make us open
whatever they want.)
|
|
|