| Age | Commit message (Collapse) | Author |
|---|
|
Original message from bug3393:
check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.
The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.
(Code by lunar; changelog by nickm)
|
|
|
|
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int. The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.
On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.
This patch should fix compilation and correctness when built for
64-bit windows. Fixes bug 3270.
|
|
We'll need this for checking permissions on the directories that hold
control sockets: if somebody says "ControlSocket ~/foo", it would be
pretty rude to do a chmod 700 on their homedir.
|
|
|
|
bug3122_memcmp_022
Conflicts throughout. All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.
src/common/Makefile.am
src/or/circuitbuild.c
src/or/directory.c
src/or/dirserv.c
src/or/dirvote.c
src/or/networkstatus.c
src/or/rendclient.c
src/or/rendservice.c
src/or/router.c
src/or/routerlist.c
src/or/routerparse.c
src/or/test.c
|
|
Here I looked at the results of the automated conversion and cleaned
them up as follows:
If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
changed it to a fast_memcmp or fast_memeq.
Otherwise if there was a tor_memcmp that could turn into a
tor_memneq or tor_memeq, I converted it.
This wants close attention.
[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
|
|
|
|
It was the start of a neat idea, but it only got used in 3 places,
none of which really needed it.
|
|
Conflicts:
src/common/test.h
src/or/test.c
|
|
|
|
This function uses GetSystemDirectory() to make sure we load the version
of the library from c:\windows\system32 (or local equivalent) rather than
whatever version lives in the cwd.
|
|
|
|
|
|
Incidentally fixes bug 1042.
|
|
Conflicts:
src/common/test.h
src/or/test.c
|
|
|
|
We do this in too many places throughout the code; it's time to start
clamping down.
Also, refactor Karsten's patch to use strchr-then-strndup, rather than
malloc-then-strlcpy-then-strchr-then-clear.
|
|
|
|
The consensus documents are not signed properly, not served, and not
exchanged yet.
|
|
Also add rounding support to tv_mdiff().
|
|
When we added support for fractional units (like 1.5 MB) I broke
support for giving units with no space (like 2MB). This patch should
fix that. It also adds a propoer tor_parse_double().
Fix for bug 1076. Bugfix on 0.2.2.1-alpha.
|
|
When determining how long directory requests take or how long cells spend
in queues, we were comparing timestamps on microsecond detail only to
convert results to second or millisecond detail later on. But on 32-bit
architectures this means that 2^31 microseconds only cover time
differences of up to 36 minutes. Instead, compare timestamps on
millisecond detail.
|
|
Add two functions for round_to_next_multiple_of() for uint32_t and
uint64_t.
Avoid division in every step of the loop over all ports.
|
|
|
|
|
|
|
|
|
|
Now, when you call tor --digests, it dumps the SHA1 digest of each
source file that Tor was built with. We support both 'sha1sum' and
'openssl sha1'. If the user is building from a tarball and they
haven't edited anything, they don't need any program that calculates
SHA1. If they _have_ modified a file but they don't have a program to
calculate SHA1, we try to build so we do not output digests.
|
|
tor_sscanf() only handles %u and %s for now, which will make it
adequate to replace sscanf() for date/time/IP parsing. We want this
to prevent attackers from constructing weirdly formed descriptors,
cells, addresses, HTTP responses, etc, that validate under some
locales but not others.
svn:r18760
|
|
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed. They were not actually useful for
telling the version of Tor files in the wild.
svn:r17867
|
|
not to collide with any system headers. This tripped us up on Android.
svn:r17805
|
|
svn:r17706
|
|
per write, or once per cell with calls to a function that looks at a cached value of time. This is tricksy to benchmark, since it will only help on systems where time() is a syscall and syscalls are relatively slow.
svn:r17690
|
|
instead, use the standard convert-to-boolean hack of "svn st"
svn:r17597
|
|
svn:r17194
|
|
comparing is not nul-terminated.
svn:r17187
|
|
svn:r17161
|
|
Split out the address manipulation functions from compat and util: they were about 21% of the total of those, and spread out too much.
svn:r16208
|
|
Make generic address manipulation functions work better. Switch address policy code to use tor_addr_t, so it can handle IPv6. That is a good place to start.
svn:r16178
|
|
Apply warnings about implicit 64-to-32 conversions; some from Sebastian Hahn; some not.
svn:r13664
|
|
Patch from Sebastian Hahn: remove obsolete timeval manipulation functions.
svn:r13653
|
|
Replace the hefty tor_strpartition with a simple function to replace its only (trivial) use.
svn:r13532
|
|
svn:r13412
|
|
Another test for the increasingly bad check-spaces style checker to check: #else\n#if is almost a sure sign of a failure to use #elif. Fortunately, we only did that 3 times.
svn:r13039
|
|
Push the strdups used for parsing configuration lines into parse_line_from_string(). This will make it easier to parse more complex value formats, which in turn will help fix bug 557
svn:r13020
|
|
New, slightly esoteric function, tor_malloc_roundup(). While tor_malloc(x) allocates x bytes, tor_malloc_roundup(&x) allocates the same size of chunk it would use to store x bytes, and sets x to the usable size of that chunk.
svn:r12981
|
|
svn:r12786
|
|
Improved skew reporting: "You are 365 days in the duture" is more useful than "You are 525600 minutes in the future". Also, when we get something that proves we are at least an hour in the past, tell the controller "CLOCK_SKEW MIN_SKEW=-3600" rather than just "CLOCK_SKEW"
svn:r12283
|
|
Add some generic skew-and-tolerance functions so we can handle time more sanely.
svn:r11406
|
