Age | Commit message (Collapse) | Author |
|
Fixes CID 752028
|
|
Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization. But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}). To make _that_ work, we
were permitting sysctl unconditionally. That's not such a great
idea.
Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
|
|
|
|
Conflicts:
src/common/compat_libevent.h
src/or/relay.c
|
|
Conflicts:
src/or/relay.c
|
|
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks. These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation. This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.
A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
|
|
|
|
of libevent, openssl and zlib. Partially implements #6384.
|
|
This is meant to avoid conflict with the built-in log() function in
math.h. It resolves ticket 7599. First reported by dhill.
This was generated with the following perl script:
#!/usr/bin/perl -w -i -p
s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;
s/\blog\(/tor_log\(/g;
|
|
It looks like there was a compilation error for 6826 on some
platforms. Removing even more now-uncallable code to handle detecting
libevent versions before 1.3e.
Fixes bug 8012; bug not in any released Tor.
|
|
(Pull on a thread and the whole sweater unravels.)
|
|
This won't actually break them any worse than they were broken before:
it just removes a set of warnings that nobody was actually seeing, I
hope.
Closes 6826
|
|
|
|
OTOH, log the Libevent and OpenSSL versions on the first line when
we're starting Tor.
|
|
|
|
|
|
|
|
Also, try to resolve some doxygen issues. First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
|
|
This commit is completely mechanical; I used this perl script to make it:
#!/usr/bin/perl -w -i.bak -p
if (/^\s*\#/) {
s/MS_WINDOWS/_WIN32/g;
s/\bWIN32\b/_WIN32/g;
}
|
|
This re-applies f77f9bddb8bf0dd6e9c3e0d94269aa23f459a272 which got
accidentally reverted in 53f535aeb863204470379b2da4631770fa10b13f.
Thanks asn for spotting this.
|
|
This reverts commit 406ae1ba5ad529a4d0e710229dab6ed645d42b50.
|
|
This reverts commit f77f9bddb8bf0dd6e9c3e0d94269aa23f459a272.
|
|
This reverts commit 7920ea55b8d994268d2b07f27316b0f34d8f27e5.
|
|
This reverts commit 9a88c0cd32df53116a6bbb6b961650943755061c.
|
|
This reverts commit aba25a6939a5907d40dbcff7433a8c130ffd12ad.
|
|
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
|
|
|
|
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
|
|
|
|
|
|
This is a fancier bug4457 workaround for 0.2.3. In 0.2.2, we could
just tell Libevent "Don't enable locking!" so it wouldn't try to make
the event_base notifiable. But for IOCP, we need a notifiable base.
(Eventually, we'll want a notifiable base for other stuff, like
multithreaded crypto.) So the solution is to try a full-featured
initialization, and then retry with all the options turned off if that
fails.
|
|
Conflicts:
src/common/compat_libevent.c
Resolving conflict by not taking 7363eae13cb8 ("Use the
EVENT_BASE_FLAG_NOLOCK flag to prevent socketpair() invocation"): in
Tor 0.2.3.x, we _do_ sometimes use notifiable event bases.
|
|
|
|
In Tor 0.2.2, we never need the event base to be notifiable, since we
don't call it from other threads. This is a workaround for bug 4457,
which is not actually a Tor bug IMO.
|
|
Also use this new approach in the bufferevents-enabled case.
|
|
|
|
When we're doing filtering ssl bufferevents, we want the rate-limits
to apply to the lowest level of the bufferevent stack, so that we're
actually limiting bytes sent on the network. Otherwise, we'll read
from the network aggressively, and only limit stuff as we process it.
|
|
|
|
|
|
For some inexplicable reason, Coverity departs from its usual
standards of avoiding false positives here, and warns about all
sscanf usage, even when the formatting strings are totally safe.
Addresses CID # 447, 446.
|
|
Conflicts:
src/common/Makefile.am
src/or/control.c
|
|
|
|
Conflicts:
src/common/address.c
src/common/compat_libevent.c
src/common/memarea.c
src/common/util.h
src/or/buffers.c
src/or/circuitbuild.c
src/or/circuituse.c
src/or/connection.c
src/or/directory.c
src/or/networkstatus.c
src/or/or.h
src/or/routerlist.c
|
|
|
|
|
|
|
|
Trivial Conflicts in
src/common/crypto.c
src/or/main.h
src/or/or.h
|
|
About 860 doxygen-less things remain in 0.2.2
|
|
|
|
|