| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* FIXES #16823: https://bugs.torproject.org/16823
If an OP were to send a CREATE_FAST cell to an OR, and that
CREATE_FAST cell had unparseable key material, then tor_free() would
be called on the create cell twice. This fix removes the second
(conditional on the key material being bad) call to tor_free(), so
that now the create cell is always freed once, regardless of the status of
the key material.
(This isn't actually a double-free bug, since tor_free() sets its
input to NULL, and has no effect when called with input NULL.)
|
|
|
|
|
|
|
|
Fixes bug 16539; bugfix on 0.2.7.2-alpha.
|
|
See ticket 16762.
|
|
This should simplify the callgraph a little more.
|
|
|
|
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
Safer, wiser, stronger!
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
When fetching a descriptor, we know test every introduction points in it
against our rend failure cache to know if we keep it or not. For this to
work, now everytime an introduction points is discareded (ex: receiving a
NACK), we note it down in our introduction cache.
See rendcache.c for a detailed explanation of the cache's behavior.
Fixes #16389
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
When we removed Running/Valid checks from Fast and Stable in 8712, I
removed them from HSDir too, which apparently wasn't a good idea.
Reverts part of a65e835800b1af2c2a4c215b. Fixes bug 16524. Bugfix
on 0.2.7.2-alpha.
|
|
microdesc_free_() called get_microdesc_cache(), which had the fun
side-effect of potentially reloading the whole cache from disk.
Replace it with a variant that doesn't.
|
|
|
|
|
|
* CHANGES `p_conn` to `p_chan` in `or_circuit_new()` docstring.
|
|
The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.
This patch makes a {crypto,util}_format.[ch], and puts more functions
there. Small modules are beautiful!
|
|
Fixes 16286; bugfix on 0.2.7.2-alpha.
|
|
The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.
This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.
Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.
Fixes #16697
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
Doing this is no longer necessary, and it leads to weird recursions in
our call graph. Closes ticket 16480.
|
|
|
|
This should make some scripts and IDEs happier.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1) We already require C99.
2) This allows us to support MSVC again (thanks to Gisle Vanem for
this part)
3) This change allows us to dump some rotten old compatibility code
from log.c
|
|
|
|
We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it:
but it's safest to stop any attempt to use it that way.
|
|
Teor found these. This is for part of #16582.
|
|
|
|
|
|
This is a brute-force fix for #16580, wherein #16530 caused some
routers to do bad things with the old keypinning journal.
|
|
Make sure that signing certs are signed by the right identity key,
to prevent a recurrence of #16530. Also make sure that the master
identity key we find on disk matches the one we have in RAM, if we
have one.
This is for #16581.
|
|
When there is a signing key and the certificate lists a key, make
sure that the certificate lists the same signing key.
When there are public key and secret key stored in separate files,
make sure they match.
Use the right file name when we load an encrypted secret key and
then find a problem with it.
This is part of 16581.
|
|
This implements feature 16582: if we get EMFILE or something when
loading our master key, we should not at that point attempt to
overwrite it.
|
|
|
|
|
|
Task #15824
|
|
(Mark them as obsolete)
Closes 16543.
|
|
|
|
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
When cleaning up extra circuits that we've opened for performance reason, we
need to count all the introduction circuit and not only the established ones
else we can end up with too many introduction points.
This also adds the check for expiring nodes when serving an INTRODUCE cell
since it's possible old clients are still using them before we have time to
close them.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
To upload a HS descriptor, this commits makes it that we wait for all
introduction point to be fully established.
Else, the HS ends up uploading a descriptor that may contain intro points
that are not yet "valid" meaning not yet established or proven to work. It
could also trigger three uploads for the *same* descriptor if every intro
points takes more than 30 seconds to establish because of desc_is_dirty
being set at each intro established.
To achieve that, n_intro_points_established varialbe is added to the
rend_service_t object that is incremented when we established introduction
point and decremented when we remove a valid intro point from our list.
The condition to upload a descriptor also changes to test if all intro
points are ready by making sure we have equal or more wanted intro points
that are ready.
The desc_id_dirty flag is kept to be able to still use the
RendInitialPostPeriod option.
This partially fixes #13483.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
There is a case where if the introduction circuit fails but the node is
still in the consensus, we clean up the intro point and choose an other one.
This commit fixes that by trying to reuse the existing intro point with a
maximum value of retry.
A retry_nodes list is added to rend_services_introduce() and when we remove
an invalid intro points that fits the use case mentionned before, we add the
node to the retry list instead of removing it. Then, we retry on them before
creating new ones.
This means that the requirement to remove an intro point changes from "if no
intro circuit" to "if no intro circuit then if no node OR we've reached our
maximum circuit creation count".
For now, the maximum retries is set to 3 which it completely arbitrary. It
should also at some point be tied to the work done on detecting if our
network is down or not.
Fixes #8239
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
