| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
This update is needed to make it consistent with the behavior of
node_awaiting_ipv6(), which doesn't believe in the addresses from
routerinfos unless it actually plans to use those routerinfos.
Fixes bug 25213; bugfix on b66b62fb7525cac1e1 in 0.3.3.1-alpha,
which tightened up the definition of node_awaiting_ipv6().
|
|
There was a nonfatal assertion in pathbias_should_count that would
trigger if onehop_tunnel was set, but the desired_path_length was
greater than 1. This patch fixes that. Fixes bug 24903; bugfix on
0.2.5.2-alpha.
|
|
These were breaking jenkins builds. Bugfix on 5804ccc9070dc54;
bug not in any released Tor.
|
|
Make sure we actually only report client channel to the geoip cache instead of
looking if it is a known relay. Looking if it is a known relay can be
unreliable because they come and go from the consensus.
Fixes #24904
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Because of #25306 for which we are unable to reproduce nor understand how it
is possible, this commit removes the asserts() and BUG() on the missing
descriptors instead when rotating them.
This allows us to log more data on error but also to let tor recover
gracefully instead of dying.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This patch adds some additional logging to circuits_handle_oom() to give
us more information about which specific compression backend that is
using a certain amount of memory.
See: https://bugs.torproject.org/25372
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The C code and the rust code had different separate integer overflow
bugs here. That suggests that we're better off just forbidding this
pathological case.
Also, add tests for expected behavior on receiving a bad protocol
list in a consensus.
Fixes another part of 25249.
|
|
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
|
|
This one can only be exploited if you can generate a correctly
signed consensus, so it's not as bad as 25074.
Fixes bug 25251; also tracked as TROVE-2018-004.
|
|
In some cases we had checked for it, but in others we had not. One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.
Fixes TROVE-2018-001.
|
|
|
|
|
|
|
|
since all it does is produce false positives
this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
[Cherry-picked]
|
|
since all it does is produce false positives
this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
|
|
This commit takes a piece of commit af8cadf3a9 and a piece of commit
46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.
|
|
|
|
|
|
|
|
|
|
Never allow the function to set a bucket value above the allowed circuit
burst.
Closes #25202
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.
Fixes #25223
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.
Fixes #25170
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
This is to avoid positively identifying Exit relays if tor client connection
comes from them that is reentering the network.
One thing to note is that this is done only in the DoS subsystem but we'll
still add it to the geoip cache as a "client" seen. This is done that way so
to avoid as much as possible changing the current behavior of the geoip client
cache since this is being backported.
Closes #25193
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
This also adds one that tests the integration with the nodelist.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This set is rebuilt whenever a consensus arrives. In between
consensuses, it is add-only.
|
|
Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.
Fixes #25170
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
At this commit, the SocksSocketsGroupWritable option is renamed to
UnixSocksGroupWritable. A deprecated warning is triggered if the old option is
used and tor will use it properly.
Fixes #24343
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
also be more consistent about punctuation in doxygen comments
|
|
|
|
some of these ought to have been noticed by the "misspell" tool,
so if anybody is debugging it, here are some bug reports :)
|
|
|
|
|
