| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Replace the 81 remaining fallbacks of the 100 originally introduced
in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
(123 new, 54 existing, 27 removed) generated in December 2016.
Resolves ticket 20170.
|
|
|
|
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.
This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.
Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
|
|
Makes 19926 less annoying in 0.2.9. In 0.3.0, we should actually
fix this.
|
|
The signed_descriptor_move() was not releasing memory inside the destination
object before overwriting it with the source object. This commit adds a reset
function that free that memory inside a signed descriptor object and zero it.
Closes #20715.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Attempted fix for 19960.
Also, fixes a typo.
|
|
Fixes 20875; this code is as suggested by teor on the ticket. Thanks!
|
|
Fixes #20492.
|
|
When computing old Tor protocol line version in protover, we were looking at
0.2.7.5 twice instead of the specific case for 0.2.9.1-alpha.
Fixes #20810
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
newconn->address is strdup'ed twice when new_type == CONN_TYPE_AP
and conn->socket_family == AF_UNIX. Whilst here, juggle code to
make sure newconn->port is assigned from an initialised value in
the above case.
|
|
|
|
Instead, refuse to start tor if any hidden service key has been used in
a different hidden service anonymity mode.
Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.
The original single onion service poisoning code checked poisoning state
in options_validate, and poisoned in options_act. This was problematic,
because the global array of hidden services had not been populated in
options_validate (and there were ordrering issues with hidden service
directory creation).
This patch fixes this issue in rend_service_check_dir_and_add, which:
* creates the directory, or checks permissions on an existing directory, then
* checks the poisoning state of the directory, then
* poisons the directory.
When validating, only the permissions checks and the poisoning state checks
are perfomed (the directory is not modified).
|
|
Add extra logging and extra validity checks for hidden services.
|
|
Make the function flatter, and prepare for #20559.
No behaviour change.
|
|
Put that code in rend_service_check_dir_and_add.
No behaviour change.
This is a defence in depth measure against similar bugs to 20529.
|
|
(We only create HS directories if we are acting on the config.)
Log a BUG warning if the directories aren't present immediately before they
are used, then fail.
|
|
For relays that don't know their own address, avoid attempting
a local hostname resolve for each descriptor we download. Also cut
down on the number of "Success: chose address 'x.x.x.x'" log lines.
Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
|
|
no change in behavior except fewer log entries in the case where we use
a cached result.
|
|
Single onion services and Tor2web deliberately create long-term one-hop
circuits to their intro and rend points, respectively.
These log messages are intended to diagnose issue 8387, which relates to
circuits hanging around forever for no reason.
Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
|
|
Refactoring, no behaviour change.
|
|
|
|
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.
Bugfix on 20499.
|
|
|
|
(Three _is_ a good number for anonymity!)
|
|
|
|
|
|
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."
Fixes bug 20593.
|
|
|
|
'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9
|
|
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.
Fixes bug 20534; bugfix on 0.2.9.1-alpha.
|
|
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.
If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.
Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
|
|
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.
Bugfix on 0.2.8.1-alpha.
|
|
|
|
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
|
|
|
|
Fixes bug 20587; bugfix on 35bbf2e4a4e8ccb in 0.2.8.1-alpha.
|
|
|
|
Fixup on both:
* Refactor, adding a create argument... and
* Check every hidden service directory's permissions...
|
|
Previously, we would only check the last hidden service directory.
Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
|
|
Comment changes only
|
|
|
|
check_private_dir already does this for existing directories.
|
|
It used to be rend_service_check_and_create_private_dir, which always
created the directory.
No behaviour change.
|
|
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the simplest fix possible.
This is a belt-and-suspenders fix, where the earlier fix ("Ask
event_base_loop to finish when we add a pending stream") aims to respond
to new streams as soon as they arrive, and this one aims to make sure
that we definitely respond to all of the streams.
|
|
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
|
|
no actual changes
|
