aboutsummaryrefslogtreecommitdiff
path: root/src/or/microdesc.c
AgeCommit message (Collapse)Author
2016-08-16Prevents negative number of written bytes on error message.Daniel Pinto
Fixes #17758.
2016-06-11Merge branch 'bug19180_easy_squashed'Nick Mathewson
2016-06-11Add the -Wextra-semi warning from clang, and fix the cases where it triggersNick Mathewson
2016-05-30Replace nearly all XXX0vv comments with smarter onesNick Mathewson
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we had better revisit this comment and fix it!" But we have a huge pile of such comments accumulated for a large number of released versions! Not cool. So, here's what I tried to do: * 0.2.9 and 0.2.8 are retained, since those are not yet released. * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks quite important!" * The others, after one-by-one examination, are downgraded to plain old XXX. Which doesn't mean they aren't a problem -- just that they cannot possibly be a release-blocking problem.
2016-05-19Add unit tests for networkstatus_consensus_is_bootstrappingteor (Tim Wilson-Brown)
2016-03-26Fix all doxygen warnings (other than missing docs)Nick Mathewson
2016-02-27Update the copyright year.Nick Mathewson
2016-02-27Make sure that every module in src/or has a brief description.Nick Mathewson
2016-02-22fix two typos in commentsRoger Dingledine
2015-12-15Replace usage of INLINE with inlinecypherpunks
This patch was generated using; sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-08-17Fix a stupid memory leak I introduced in 8afbc154. Bug not in any released Tor.Nick Mathewson
2015-08-10Remove a 9-function strongly connected component of tor's callgraph.Nick Mathewson
microdesc_free_() called get_microdesc_cache(), which had the fun side-effect of potentially reloading the whole cache from disk. Replace it with a variant that doesn't.
2015-05-28Include ed25519 keys in microdescriptors.Nick Mathewson
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson
2014-10-31Use digest256map for computing microdescriptor downloadsNick Mathewson
2014-10-28Add another year to our copyright dates.Nick Mathewson
Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?
2014-10-13Use symbolic constants for statuses in microdescs_add_to_cache.Nick Mathewson
Suggested by Andrea in her review of 11243.
2014-10-13Treat unparseable (micro)descriptors and extrainfos as undownloadableNick Mathewson
One pain point in evolving the Tor design and implementing has been adding code that makes clients reject directory documents that they previously would have accepted, if those descriptors actually exist. When this happened, the clients would get the document, reject it, and then decide to try downloading it again, ad infinitum. This problem becomes particularly obnoxious with authorities, since if some authorities accept a descriptor that others don't, the ones that don't accept it would go crazy trying to re-fetch it over and over. (See for example ticket #9286.) This patch tries to solve this problem by tracking, if a descriptor isn't parseable, what its digest was, and whether it is invalid because of some flaw that applies to the portion containing the digest. (This excludes RSA signature problems: RSA signatures aren't included in the digest. This means that a directory authority can still put another directory authority into a loop by mentioning a descriptor, and then serving that descriptor with an invalid RSA signatures. But that would also make the misbehaving directory authority get DoSed by the server it's attacking, so it's not much of an issue.) We already have a mechanism to mark something undownloadable with downloadstatus_mark_impossible(); we use that here for microdescriptors, extrainfos, and router descriptors. Unit tests to follow in another patch. Closes ticket #11243.
2014-09-03Fix a couple of small memory leaks on failure cases.Nick Mathewson
[CID 1234702, 1234703]
2014-09-02Another clang analyzer complaint wrt HT_GENERATENick Mathewson
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro with the result of a product. But that makes any sane analyzer worry about overflow. This patch keeps HT_GENERATE having its old semantics, since we aren't the only project using ht.h. Instead, define a HT_GENERATE2 that takes a reallocarrayfn.
2014-05-06Check HT_REP_IS_BAD_() when giving a bug-7164 warning.Nick Mathewson
This may let us know if we're hitting 7164 because of an hte_hash-corruption situation proposed by "cypherpunks" in bug 11737.
2014-03-31Merge branch 'bug8787_squashed'Nick Mathewson
2014-03-31NULL out all mappings after tor_munmap_file()Nick Mathewson
2014-03-31Always check returns from tor_munmap_file() in microdesc.cAndrea Shepard
2014-03-31Fix a clang compilation warningNick Mathewson
Subtracting two time_t values was yielding something that maybe can't be fit in an int. Bugfix on 0389d4aa; bug not in any released Tor.
2014-03-27Merge branch 'bug7164_diagnose_harder_v2'Nick Mathewson
2014-03-27More logs to try to diagnose bug 7164Nick Mathewson
This time, check in microdesc_cache_clean() to see what could be going wrong with an attempt to clean a microdesc that's held by a node.
2014-03-10Don't do directory fetches before all PTs have been configured.George Kadianakis
2014-02-12Siphash-2-4 is now our hash in nearly all cases.Nick Mathewson
I've made an exception for cases where I'm sure that users can't influence the inputs. This is likely to cause a slowdown somewhere, but it's safer to siphash everything and *then* look for cases to optimize. This patch doesn't actually get us any _benefit_ from siphash yet, since we don't really randomize the key at any point.
2013-12-17Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson
2013-12-17Merge branch 'bug10423' into maint-0.2.4Nick Mathewson
2013-12-17Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson
Conflicts: src/or/microdesc.c Conflict because one change was on line adjacent to line where 01206893 got fixed.
2013-12-17Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4Nick Mathewson
2013-12-17Avoid double-free on failure to dump_descriptor() a cached mdNick Mathewson
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha. Spotted by bobnomnom.
2013-12-16Avoid free()ing from an mmap on corrupted microdesc cacheNick Mathewson
The 'body' field of a microdesc_t holds a strdup()'d value if the microdesc's saved_location field is SAVED_IN_JOURNAL or SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the microdesc is SAVED_IN_CACHE. But we weren't setting that field until a while after we parsed the microdescriptor, which left an interval where microdesc_free() would try to free() the middle of the mmap(). This patch also includes a regression test. This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-11-22Only update view of micrdescriptor pos if pos is fetchable.Nick Mathewson
It's conceivable (but probably impossible given our code) that lseek could return -1 on an error; when that happens, we don't want off to become -1. Fixes CID 1035124.
2013-09-05Merge remote-tracking branch 'public/bug9645'Nick Mathewson
2013-09-03Fix bug 9645: don't forget an md just because we can't save it.Nick Mathewson
2013-06-13Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson
2013-06-13If we write the annotation but not the microdescriptor, rewind.Nick Mathewson
This fixes bug 9047 (and some parts of 9031, 8922, 8883 that weren't fixed in 8822). Bugfix on 0.2.2.6-alpha.
2013-06-13Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson
2013-06-12Make all consumers of microdesc_t.body tolerate NULLNick Mathewson
This is another fix to try to mitigate recurrences of 8031/8822.
2013-06-12Unmap the microdescriptor cache before replacing it.Nick Mathewson
This is a reprise of the fix in bdff7e3299d78; 6905c1f6 reintroduced that bug. Briefly: windows doesn't seem to like deleting a mapped file. I tried adding the PROT_SHARED_DELETE flag to the createfile all, but that didn't actually fix this issue. Fortunately, the unit test I added in 4f4fc63fea0589a4fa03f3859dc27860cdde75af should prevent us from making this particular screw-up again. This patch also tries to limit the crash potential of a failure to write by a little bit, although it could do a better job of retaining microdescriptor bodies. Fix for bug 8822, bugfix on 0.2.4.12-alpha.
2013-05-16Lower dir fetch retry schedules in testing networks.Karsten Loesing
Also lower maximum interval without directory requests, and raise maximum download tries. Implements #6752.
2013-03-20Merge remote-tracking branch 'public/unsigned-time_t'Nick Mathewson
2013-03-19Merge remote-tracking branch 'public/bug7164_diagnostic' into maint-0.2.4Nick Mathewson
2013-03-19Merge remote-tracking branch 'public/bug8031' into maint-0.2.4Nick Mathewson
2013-03-13Log fname:lineno in log messages for #7164Nick Mathewson
This should help us track down #7164 at last.
2013-03-11Fix a bug in microdescs_add_to_cache when listed_at == -1Nick Mathewson
This bug affects hosts where time_t is unsigned, which AFAICT does not include anything we currently support. (It _does_ include OpenVMS, about a month of BSD4.2's history[1], and a lot of the 1970s.) There are probably more bugs when time_t is unsigned. This one was [1] http://mail-index.netbsd.org/tech-userlevel/1998/06/04/0000.html
2013-03-11Another possible diagnostic for 8031.Nick Mathewson
This time, I'm checking whether our calculated offset matches our real offset, in each case, as we go along. I don't think this is the bug, but it can't hurt to check.